urlscan.io logo urlscan.io
SecurityTrails logo

reconciliation.americanexpress.com Open in urlscan Pro
139.71.16.195  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://webrecon.americanexpress.com/
Effective URL: https://reconciliation.americanexpress.com/
Submission: On May 03 via manual from IN — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 2 countries across 3 domains to perform 52 HTTP transactions. The main IP is 139.71.16.195, located in United States and belongs to AMERICAN-EXPRESS, US. The main domain is reconciliation.americanexpress.com. The Cisco Umbrella rank of the primary domain is 195463.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on October 16th 2023. Valid for: a year.
This is the only time reconciliation.americanexpress.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 10 139.71.18.116 6307 (AMERICAN-...)
26 104.90.70.102 16625 (AKAMAI-AS)
5 139.71.19.132 6307 (AMERICAN-...)
1 8 139.71.16.195 6307 (AMERICAN-...)
1 2a00:1450:400... 15169 (GOOGLE)
52 6
10    139.71.18.116 (United States)

ASN6307 (AMERICAN-EXPRESS, US)
PTR: webrecon-r1-vip.americanexpress.com
webrecon.americanexpress.com
26    104.90.70.102 (Philadelphia, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a104-90-70-102.deploy.static.akamaitechnologies.com
www.aexp-static.com
icm.aexp-static.com
5    139.71.19.132 (United States)

ASN6307 (AMERICAN-EXPRESS, US)
PTR: one-functions2.americanexpress.com
functions.americanexpress.com
8    139.71.16.195 (United States)

ASN6307 (AMERICAN-EXPRESS, US)
PTR: reconportal2.americanexpress.com
reconciliation.americanexpress.com
1    2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
Apex Domain
Subdomains		 Transfer
26 aexp-static.com
www.aexp-static.com — Cisco Umbrella Rank: 12649
icm.aexp-static.com — Cisco Umbrella Rank: 15386
318 KB
23 americanexpress.com
webrecon.americanexpress.com — Cisco Umbrella Rank: 205062
functions.americanexpress.com — Cisco Umbrella Rank: 20092
reconciliation.americanexpress.com — Cisco Umbrella Rank: 195463
2 MB
1 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 380
30 KB
52 3
Domain Requested by
22 www.aexp-static.com webrecon.americanexpress.com
www.aexp-static.com
reconciliation.americanexpress.com
10 webrecon.americanexpress.com 1 redirects webrecon.americanexpress.com
8 reconciliation.americanexpress.com 1 redirects webrecon.americanexpress.com
reconciliation.americanexpress.com
5 functions.americanexpress.com www.aexp-static.com
4 icm.aexp-static.com webrecon.americanexpress.com
reconciliation.americanexpress.com
1 ajax.googleapis.com reconciliation.americanexpress.com
52 6

This site contains no links.

Subject Issuer Validity Valid
webrecon-r1.americanexpress.com
DigiCert SHA2 Extended Validation Server CA		 2023-10-27 -
2024-10-24		 a year crt.sh
m.americanexpress.com
DigiCert SHA2 Extended Validation Server CA		 2024-03-06 -
2025-03-06		 a year crt.sh
functions.americanexpress.com
DigiCert SHA2 Extended Validation Server CA		 2023-08-28 -
2024-08-26		 a year crt.sh
reconportal.americanexpress.com
DigiCert SHA2 Extended Validation Server CA		 2023-10-16 -
2024-10-15		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2024-04-16 -
2024-07-09		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://reconciliation.americanexpress.com/
Frame ID: E1CFC7A7D625C5D2C6E53EADB20E1AA0
Requests: 58 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://webrecon.americanexpress.com/ HTTP 307
    https://webrecon.americanexpress.com/ HTTP 302
    https://webrecon.americanexpress.com/login Page URL
  2. https://reconciliation.americanexpress.com/ HTTP 302
    https://reconciliation.americanexpress.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • aexp-static\.com
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

52
Requests

92 %
HTTPS

20 %
IPv6

3
Domains

6
Subdomains

6
IPs

2
Countries

2101 kB
Transfer

7926 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://webrecon.americanexpress.com/ HTTP 307
    https://webrecon.americanexpress.com/ HTTP 302
    https://webrecon.americanexpress.com/login Page URL
  2. https://reconciliation.americanexpress.com/ HTTP 302
    https://reconciliation.americanexpress.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://webrecon.americanexpress.com/ HTTP 307
  • https://webrecon.americanexpress.com/ HTTP 302
  • https://webrecon.americanexpress.com/login

52 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
login
webrecon.americanexpress.com/
Redirect Chain
  • http://webrecon.americanexpress.com/
  • https://webrecon.americanexpress.com/
  • https://webrecon.americanexpress.com/login
481 KB
50 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://webrecon.americanexpress.com/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.18.116 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
webrecon-r1-vip.americanexpress.com
Software
/
Resource Hash
f9359fe89d9c432b092e1eec61848c11c2fc01b9b28794fcd0bef697e4ca93a9
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'; block-all-mixed-content; img-src 'self' data: https:; object-src 'none'; worker-src 'none'; media-src 'none'; base-uri 'self'; form-action 'self' https://*.americanexpress.com/; frame-src https://aexp.demdex.net/ https://*.americanexpress.com/; connect-src 'self' https://*.americanexpress.com/ https://dpm.demdex.net/ https://*.evidon.com/; font-src 'self' https://www.aexp-static.com/ https://fonts.gstatic.com/; script-src https://c.evidon.com/ https://*.aexp-static.com/ https://*.americanexpress.com/ 'unsafe-inline' 'self' 'unsafe-eval'
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Connection
keep-alive
Content-Encoding
gzip
Content-Language
de-DE
Content-Security-Policy
frame-ancestors 'none'; block-all-mixed-content; img-src 'self' data: https:; object-src 'none'; worker-src 'none'; media-src 'none'; base-uri 'self'; form-action 'self' https://*.americanexpress.com/; frame-src https://aexp.demdex.net/ https://*.americanexpress.com/; connect-src 'self' https://*.americanexpress.com/ https://dpm.demdex.net/ https://*.evidon.com/; font-src 'self' https://www.aexp-static.com/ https://fonts.gstatic.com/; script-src https://c.evidon.com/ https://*.aexp-static.com/ https://*.americanexpress.com/ 'unsafe-inline' 'self' 'unsafe-eval'
Content-Type
text/html;charset=UTF-8
Date
Fri, 03 May 2024 22:58:31 GMT
Expires
0
Pragma
no-cache
Strict-Transport-Security
max-age=31536000 ; includeSubDomains
Transfer-Encoding
chunked
X-Application-Context
application:e3_ipc2_ePaas:8443
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
X-UA-Compatible
IE=edge
X-XSS-Protection
1; mode=block
x-permitted-cross-domain-policies
all

Redirect headers

Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Connection
keep-alive
Content-Length
0
Content-Security-Policy
frame-ancestors 'none'; block-all-mixed-content; img-src 'self' data: https:; object-src 'none'; worker-src 'none'; media-src 'none'; base-uri 'self'; form-action 'self' https://*.americanexpress.com/; frame-src https://aexp.demdex.net/ https://*.americanexpress.com/; connect-src 'self' https://*.americanexpress.com/ https://dpm.demdex.net/ https://*.evidon.com/; font-src 'self' https://www.aexp-static.com/ https://fonts.gstatic.com/; script-src https://c.evidon.com/ https://*.aexp-static.com/ https://*.americanexpress.com/ 'unsafe-inline' 'self' 'unsafe-eval'
Date
Fri, 03 May 2024 22:58:31 GMT
Expires
0
Location
https://webrecon.americanexpress.com/login
Pragma
no-cache
Strict-Transport-Security
max-age=31536000 ; includeSubDomains
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
X-UA-Compatible
IE=edge
X-XSS-Protection
1; mode=block
x-permitted-cross-domain-policies
all
vendor.css
webrecon.americanexpress.com/assets/ 		195 KB
34 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://webrecon.americanexpress.com/assets/vendor.css
Requested by
Host: webrecon.americanexpress.com
URL: https://webrecon.americanexpress.com/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.18.116 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
webrecon-r1-vip.americanexpress.com
Software
/
Resource Hash
bf0b09ce89a5c3bde142b5bf68fbce4f6bc724ee71c6d61748e0619e0d0a1060
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'; block-all-mixed-content; img-src 'self' data: https:; object-src 'none'; worker-src 'none'; media-src 'none'; base-uri 'self'; form-action 'self' https://*.americanexpress.com/; frame-src https://aexp.demdex.net/ https://*.americanexpress.com/; connect-src 'self' https://*.americanexpress.com/ https://dpm.demdex.net/ https://*.evidon.com/; font-src 'self' https://www.aexp-static.com/ https://fonts.gstatic.com/; script-src https://c.evidon.com/ https://*.aexp-static.com/ https://*.americanexpress.com/ 'unsafe-inline' 'self' 'unsafe-eval'
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://webrecon.americanexpress.com/login
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Content-Security-Policy
frame-ancestors 'none'; block-all-mixed-content; img-src 'self' data: https:; object-src 'none'; worker-src 'none'; media-src 'none'; base-uri 'self'; form-action 'self' https://*.americanexpress.com/; frame-src https://aexp.demdex.net/ https://*.americanexpress.com/; connect-src 'self' https://*.americanexpress.com/ https://dpm.demdex.net/ https://*.evidon.com/; font-src 'self' https://www.aexp-static.com/ https://fonts.gstatic.com/; script-src https://c.evidon.com/ https://*.aexp-static.com/ https://*.americanexpress.com/ 'unsafe-inline' 'self' 'unsafe-eval'
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Date
Fri, 03 May 2024 22:58:31 GMT
x-permitted-cross-domain-policies
all
Strict-Transport-Security
max-age=31536000 ; includeSubDomains
Transfer-Encoding
chunked
Connection
keep-alive
X-XSS-Protection
1; mode=block
X-Application-Context
application:e3_ipc2_ePaas:8443
X-UA-Compatible
IE=edge
Last-Modified
Thu, 25 Apr 2024 12:28:20 GMT
X-Frame-Options
DENY
Content-Type
text/css
Cache-Control
max-age=28800, must-revalidate, public
Accept-Ranges
bytes
bundle.css
webrecon.americanexpress.com/assets/ 		64 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://webrecon.americanexpress.com/assets/bundle.css
Requested by
Host: webrecon.americanexpress.com
URL: https://webrecon.americanexpress.com/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.18.116 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
webrecon-r1-vip.americanexpress.com
Software
/
Resource Hash
32513477c37769bb76ddd2618b79c04e31a3a10a4f5d4a9110450807db390ab8
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'; block-all-mixed-content; img-src 'self' data: https:; object-src 'none'; worker-src 'none'; media-src 'none'; base-uri 'self'; form-action 'self' https://*.americanexpress.com/; frame-src https://aexp.demdex.net/ https://*.americanexpress.com/; connect-src 'self' https://*.americanexpress.com/ https://dpm.demdex.net/ https://*.evidon.com/; font-src 'self' https://www.aexp-static.com/ https://fonts.gstatic.com/; script-src https://c.evidon.com/ https://*.aexp-static.com/ https://*.americanexpress.com/ 'unsafe-inline' 'self' 'unsafe-eval'
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://webrecon.americanexpress.com/login
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Content-Security-Policy
frame-ancestors 'none'; block-all-mixed-content; img-src 'self' data: https:; object-src 'none'; worker-src 'none'; media-src 'none'; base-uri 'self'; form-action 'self' https://*.americanexpress.com/; frame-src https://aexp.demdex.net/ https://*.americanexpress.com/; connect-src 'self' https://*.americanexpress.com/ https://dpm.demdex.net/ https://*.evidon.com/; font-src 'self' https://www.aexp-static.com/ https://fonts.gstatic.com/; script-src https://c.evidon.com/ https://*.aexp-static.com/ https://*.americanexpress.com/ 'unsafe-inline' 'self' 'unsafe-eval'
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Date
Fri, 03 May 2024 22:58:31 GMT
x-permitted-cross-domain-policies
all
Strict-Transport-Security
max-age=31536000 ; includeSubDomains
Transfer-Encoding
chunked
Connection
keep-alive
X-XSS-Protection
1; mode=block
X-Application-Context
application:e3_ipc2_ePaas:8443
X-UA-Compatible
IE=edge
Last-Modified
Thu, 25 Apr 2024 12:28:20 GMT
X-Frame-Options
DENY
Content-Type
text/css
Cache-Control
max-age=28800, must-revalidate, public
Accept-Ranges
bytes
dls-logo-bluebox-solid.svg
www.aexp-static.com/cdaas/one/statics/axp-static-assets/1.8.0/package/dist/img/logos/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.aexp-static.com/cdaas/one/statics/axp-static-assets/1.8.0/package/dist/img/logos/dls-logo-bluebox-solid.svg
Requested by
Host: webrecon.americanexpress.com
URL: https://webrecon.americanexpress.com/login
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.90.70.102 Philadelphia, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-90-70-102.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
028f643755987211bf2f3add6c62ae1870a888cf2f4fe3040a4fac7dce2543ab

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://webrecon.americanexpress.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 03 May 2024 22:58:31 GMT
content-encoding
gzip
last-modified
Thu, 31 Oct 2019 17:37:19 GMT
etag
W/"5dbb1bcf-962"
vary
Origin, Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
https://webrecon.americanexpress.com
cache-control
max-age=31536000, must-revalidate
timing-allow-origin
*
content-length
989
dls-logo-stack.svg
www.aexp-static.com/cdaas/one/statics/axp-static-assets/1.8.0/package/dist/img/logos/ 		2 KB
964 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.aexp-static.com/cdaas/one/statics/axp-static-assets/1.8.0/package/dist/img/logos/dls-logo-stack.svg
Requested by
Host: webrecon.americanexpress.com
URL: https://webrecon.americanexpress.com/login
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.90.70.102 Philadelphia, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-90-70-102.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
fc69234936c0df004440641a5df9ee1e3c3532df5780984f0f636e85e8788519

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://webrecon.americanexpress.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 03 May 2024 22:58:31 GMT
content-encoding
gzip
last-modified
Thu, 31 Oct 2019 17:37:19 GMT
etag
W/"5dbb1bcf-66e"
vary
Origin, Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
https://webrecon.americanexpress.com
cache-control
max-age=15552000
timing-allow-origin
*
content-length
743
expires
Sat, 16 May 2020 15:03:23 GMT
dls-logo-stack-white.svg
www.aexp-static.com/cdaas/one/statics/axp-static-assets/1.8.0/package/dist/img/logos/ 		2 KB
963 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.aexp-static.com/cdaas/one/statics/axp-static-assets/1.8.0/package/dist/img/logos/dls-logo-stack-white.svg
Requested by
Host: webrecon.americanexpress.com
URL: https://webrecon.americanexpress.com/login
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.90.70.102 Philadelphia, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-90-70-102.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
56b8e90244c34621e294d3357edfef9a1467e501773ed21b25dc6367ab3d7803

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://webrecon.americanexpress.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 03 May 2024 22:58:31 GMT
content-encoding
gzip
last-modified
Thu, 31 Oct 2019 17:37:19 GMT
etag
W/"5dbb1bcf-66b"
vary
Origin, Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
https://webrecon.americanexpress.com
cache-control
max-age=15552000
timing-allow-origin
*
content-length
742
expires
Sat, 16 May 2020 15:03:26 GMT
dls-flag-us.svg
www.aexp-static.com/cdaas/one/statics/axp-static-assets/2.14.2/package/dist/img/flags/ 		5 KB
796 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.aexp-static.com/cdaas/one/statics/axp-static-assets/2.14.2/package/dist/img/flags/dls-flag-us.svg
Requested by
Host: webrecon.americanexpress.com
URL: https://webrecon.americanexpress.com/login
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.90.70.102 Philadelphia, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-90-70-102.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
5e60a20da0f769a6260d4ed755d615da930b87c62436f807a6ff32d000017d18

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://webrecon.americanexpress.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 03 May 2024 22:58:31 GMT
content-encoding
gzip
last-modified
Fri, 04 Sep 2020 17:15:25 GMT
etag
W/"5f52762d-15f8"
vary
Origin, Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
https://webrecon.americanexpress.com
cache-control
max-age=31536000, must-revalidate
timing-allow-origin
*
content-length
587
navScript.js
icm.aexp-static.com/content/Navigation/NavScript/Header/ 		7 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://icm.aexp-static.com/content/Navigation/NavScript/Header/navScript.js
Requested by
Host: webrecon.americanexpress.com
URL: https://webrecon.americanexpress.com/login
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.90.70.102 Philadelphia, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-90-70-102.deploy.static.akamaitechnologies.com
Software
Akamai Resource Optimizer /
Resource Hash
dd8097df5e6d9d9428e88ef2f291c15f49e0bb44633256aa6df4646f840db22b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://webrecon.americanexpress.com/
Origin
https://webrecon.americanexpress.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
content-encoding
br
x-content-type-options
nosniff
date
Fri, 03 May 2024 22:58:31 GMT
last-modified
Mon, 29 Apr 2024 20:40:43 GMT
server
Akamai Resource Optimizer
etag
"1ad8-61742382aca88-gzip"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, must-revalidate, max-age=6706
accept-ranges
bytes
content-length
1709
footerScript.js
icm.aexp-static.com/content/Navigation/NavScript/ 		499 B
460 B 		Script
General
Check archive.org
Download Go to
Full URL
https://icm.aexp-static.com/content/Navigation/NavScript/footerScript.js
Requested by
Host: webrecon.americanexpress.com
URL: https://webrecon.americanexpress.com/login
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.90.70.102 Philadelphia, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-90-70-102.deploy.static.akamaitechnologies.com
Software
Akamai Resource Optimizer /
Resource Hash
ac150423e8c4855e82149cb6159f48bd6ec2f040940c829f5e39282074355916
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://webrecon.americanexpress.com/
Origin
https://webrecon.americanexpress.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
content-encoding
br
x-content-type-options
nosniff
date
Fri, 03 May 2024 22:58:31 GMT
last-modified
Fri, 03 May 2024 03:10:03 GMT
server
Akamai Resource Optimizer
etag
"1f3-60f07810fa733-gzip"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, must-revalidate, max-age=2675
accept-ranges
bytes
content-length
209
navscript.js
www.aexp-static.com/cdaas/user-consent-management/navscript/v1.0.1/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.aexp-static.com/cdaas/user-consent-management/navscript/v1.0.1/navscript.js
Requested by
Host: webrecon.americanexpress.com
URL: https://webrecon.americanexpress.com/login
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.90.70.102 Philadelphia, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-90-70-102.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
eaed4f52b8ea307e4ee27be3aa82190943c46cb3f231ad2dadcafedf57e336ab

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://webrecon.americanexpress.com/
Origin
https://webrecon.americanexpress.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 03 May 2024 22:58:31 GMT
content-encoding
gzip
last-modified
Wed, 10 Jan 2024 03:17:30 GMT
etag
W/"659e0c4a-fee"
vary
Origin, Accept-Encoding
access-control-allow-methods
GET, OPTIONS, HEAD
content-type
application/javascript
access-control-allow-origin
https://webrecon.americanexpress.com
cache-control
max-age=31536000, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
access-control-allow-headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
content-length
1861
dls-logo-line.svg
www.aexp-static.com/cdaas/one/statics/axp-static-assets/1.7.1/package/dist/img/logos/ 		2 KB
919 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.aexp-static.com/cdaas/one/statics/axp-static-assets/1.7.1/package/dist/img/logos/dls-logo-line.svg
Requested by
Host: webrecon.americanexpress.com
URL: https://webrecon.americanexpress.com/login
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.90.70.102 Philadelphia, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-90-70-102.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
c39e8554624a4b74e596d2bfa96bdd4d30dbc395532ab32e67591c0e929080e9

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://webrecon.americanexpress.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 03 May 2024 22:58:31 GMT
content-encoding
gzip
last-modified
Fri, 18 Oct 2019 19:50:49 GMT
etag
W/"5daa1799-693"
vary
Origin, Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
https://webrecon.americanexpress.com
cache-control
max-age=31536000, must-revalidate
timing-allow-origin
*
content-length
712
dls-flag-us.svg
www.aexp-static.com/cdaas/one/statics/axp-static-assets/2.24.1/package/dist/img/flags/ 		5 KB
796 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.aexp-static.com/cdaas/one/statics/axp-static-assets/2.24.1/package/dist/img/flags/dls-flag-us.svg
Requested by
Host: webrecon.americanexpress.com
URL: https://webrecon.americanexpress.com/login
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.90.70.102 Philadelphia, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-90-70-102.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
5e60a20da0f769a6260d4ed755d615da930b87c62436f807a6ff32d000017d18

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://webrecon.americanexpress.com/
Origin
https://webrecon.americanexpress.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 03 May 2024 22:58:31 GMT
content-encoding
gzip
last-modified
Thu, 01 Jul 2021 15:34:07 GMT
etag
W/"60dde06f-15f8"
vary
Origin, Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
https://webrecon.americanexpress.com
cache-control
max-age=31536000, must-revalidate
timing-allow-origin
*
content-length
587
application.js
webrecon.americanexpress.com/scripts/ 		445 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://webrecon.americanexpress.com/scripts/application.js
Requested by
Host: webrecon.americanexpress.com
URL: https://webrecon.americanexpress.com/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.18.116 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
webrecon-r1-vip.americanexpress.com
Software
/
Resource Hash
ff7daf2447b4e817c0c4c9900a2444617f36583aaa3c43ac98ac695ae3337fb0
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'; block-all-mixed-content; img-src 'self' data: https:; object-src 'none'; worker-src 'none'; media-src 'none'; base-uri 'self'; form-action 'self' https://*.americanexpress.com/; frame-src https://aexp.demdex.net/ https://*.americanexpress.com/; connect-src 'self' https://*.americanexpress.com/ https://dpm.demdex.net/ https://*.evidon.com/; font-src 'self' https://www.aexp-static.com/ https://fonts.gstatic.com/; script-src https://c.evidon.com/ https://*.aexp-static.com/ https://*.americanexpress.com/ 'unsafe-inline' 'self' 'unsafe-eval'
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://webrecon.americanexpress.com/login
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Content-Security-Policy
frame-ancestors 'none'; block-all-mixed-content; img-src 'self' data: https:; object-src 'none'; worker-src 'none'; media-src 'none'; base-uri 'self'; form-action 'self' https://*.americanexpress.com/; frame-src https://aexp.demdex.net/ https://*.americanexpress.com/; connect-src 'self' https://*.americanexpress.com/ https://dpm.demdex.net/ https://*.evidon.com/; font-src 'self' https://www.aexp-static.com/ https://fonts.gstatic.com/; script-src https://c.evidon.com/ https://*.aexp-static.com/ https://*.americanexpress.com/ 'unsafe-inline' 'self' 'unsafe-eval'
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Date
Fri, 03 May 2024 22:58:31 GMT
x-permitted-cross-domain-policies
all
Strict-Transport-Security
max-age=31536000 ; includeSubDomains
Transfer-Encoding
chunked
Connection
keep-alive
X-XSS-Protection
1; mode=block
X-Application-Context
application:e3_ipc2_ePaas:8443
X-UA-Compatible
IE=edge
Pragma
no-cache
Last-Modified
Thu, 25 Apr 2024 12:26:02 GMT
X-Frame-Options
DENY
Content-Type
application/javascript
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Accept-Ranges
bytes
Expires
0
vendor.js
webrecon.americanexpress.com/scripts/ 		4 MB
969 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://webrecon.americanexpress.com/scripts/vendor.js
Requested by
Host: webrecon.americanexpress.com
URL: https://webrecon.americanexpress.com/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.18.116 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
webrecon-r1-vip.americanexpress.com
Software
/
Resource Hash
6d909190239ba41e777e74d05840cc54fa8b26a5881b1f574eb710a028080d2c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'; block-all-mixed-content; img-src 'self' data: https:; object-src 'none'; worker-src 'none'; media-src 'none'; base-uri 'self'; form-action 'self' https://*.americanexpress.com/; frame-src https://aexp.demdex.net/ https://*.americanexpress.com/; connect-src 'self' https://*.americanexpress.com/ https://dpm.demdex.net/ https://*.evidon.com/; font-src 'self' https://www.aexp-static.com/ https://fonts.gstatic.com/; script-src https://c.evidon.com/ https://*.aexp-static.com/ https://*.americanexpress.com/ 'unsafe-inline' 'self' 'unsafe-eval'
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://webrecon.americanexpress.com/login
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Content-Security-Policy
frame-ancestors 'none'; block-all-mixed-content; img-src 'self' data: https:; object-src 'none'; worker-src 'none'; media-src 'none'; base-uri 'self'; form-action 'self' https://*.americanexpress.com/; frame-src https://aexp.demdex.net/ https://*.americanexpress.com/; connect-src 'self' https://*.americanexpress.com/ https://dpm.demdex.net/ https://*.evidon.com/; font-src 'self' https://www.aexp-static.com/ https://fonts.gstatic.com/; script-src https://c.evidon.com/ https://*.aexp-static.com/ https://*.americanexpress.com/ 'unsafe-inline' 'self' 'unsafe-eval'
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Date
Fri, 03 May 2024 22:58:31 GMT
x-permitted-cross-domain-policies
all
Strict-Transport-Security
max-age=31536000 ; includeSubDomains
Transfer-Encoding
chunked
Connection
keep-alive
X-XSS-Protection
1; mode=block
X-Application-Context
application:e3_ipc2_ePaas:8443
X-UA-Compatible
IE=edge
Pragma
no-cache
Last-Modified
Thu, 25 Apr 2024 12:28:20 GMT
X-Frame-Options
DENY
Content-Type
application/javascript
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Accept-Ranges
bytes
Expires
0
bundle.js
webrecon.americanexpress.com/scripts/ 		1004 KB
159 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://webrecon.americanexpress.com/scripts/bundle.js
Requested by
Host: webrecon.americanexpress.com
URL: https://webrecon.americanexpress.com/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.18.116 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
webrecon-r1-vip.americanexpress.com
Software
/
Resource Hash
c95beca47d217062d781b87d9ec5678c497869335545e848385874e3158bb8cc
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'; block-all-mixed-content; img-src 'self' data: https:; object-src 'none'; worker-src 'none'; media-src 'none'; base-uri 'self'; form-action 'self' https://*.americanexpress.com/; frame-src https://aexp.demdex.net/ https://*.americanexpress.com/; connect-src 'self' https://*.americanexpress.com/ https://dpm.demdex.net/ https://*.evidon.com/; font-src 'self' https://www.aexp-static.com/ https://fonts.gstatic.com/; script-src https://c.evidon.com/ https://*.aexp-static.com/ https://*.americanexpress.com/ 'unsafe-inline' 'self' 'unsafe-eval'
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://webrecon.americanexpress.com/login
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Content-Security-Policy
frame-ancestors 'none'; block-all-mixed-content; img-src 'self' data: https:; object-src 'none'; worker-src 'none'; media-src 'none'; base-uri 'self'; form-action 'self' https://*.americanexpress.com/; frame-src https://aexp.demdex.net/ https://*.americanexpress.com/; connect-src 'self' https://*.americanexpress.com/ https://dpm.demdex.net/ https://*.evidon.com/; font-src 'self' https://www.aexp-static.com/ https://fonts.gstatic.com/; script-src https://c.evidon.com/ https://*.aexp-static.com/ https://*.americanexpress.com/ 'unsafe-inline' 'self' 'unsafe-eval'
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Date
Fri, 03 May 2024 22:58:31 GMT
x-permitted-cross-domain-policies
all
Strict-Transport-Security
max-age=31536000 ; includeSubDomains
Transfer-Encoding
chunked
Connection
keep-alive
X-XSS-Protection
1; mode=block
X-Application-Context
application:e3_ipc2_ePaas:8443
X-UA-Compatible
IE=edge
Pragma
no-cache
Last-Modified
Thu, 25 Apr 2024 12:28:20 GMT
X-Frame-Options
DENY
Content-Type
application/javascript
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Accept-Ranges
bytes
Expires
0
script-supplier.js
www.aexp-static.com/cdaas/one/axp-script-supplier/6.0.0/ 		116 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.aexp-static.com/cdaas/one/axp-script-supplier/6.0.0/script-supplier.js
Requested by
Host: webrecon.americanexpress.com
URL: https://webrecon.americanexpress.com/login
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.90.70.102 Philadelphia, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-90-70-102.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
1ca8b41ca97fb8ca618c9a90179e3df21e3c7513d3105d6940457f7fdd97f903

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://webrecon.americanexpress.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 03 May 2024 22:58:31 GMT
content-encoding
gzip
last-modified
Wed, 30 Aug 2023 03:18:33 GMT
etag
W/"64eeb509-1d164"
vary
Origin, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
https://webrecon.americanexpress.com
cache-control
max-age=31536000, must-revalidate
timing-allow-origin
*
content-length
42822
BentonSansBook.otf
webrecon.americanexpress.com/fonts/ 		24 KB
25 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://webrecon.americanexpress.com/fonts/BentonSansBook.otf
Requested by
Host: webrecon.americanexpress.com
URL: https://webrecon.americanexpress.com/assets/bundle.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.18.116 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
webrecon-r1-vip.americanexpress.com
Software
/
Resource Hash
a2305ddd49cceb3ce4e7dfc7b22e5e137dc994a59b72da9883dd49d479c7d2a7
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'; block-all-mixed-content; img-src 'self' data: https:; object-src 'none'; worker-src 'none'; media-src 'none'; base-uri 'self'; form-action 'self' https://*.americanexpress.com/; frame-src https://aexp.demdex.net/ https://*.americanexpress.com/; connect-src 'self' https://*.americanexpress.com/ https://dpm.demdex.net/ https://*.evidon.com/; font-src 'self' https://www.aexp-static.com/ https://fonts.gstatic.com/; script-src https://c.evidon.com/ https://*.aexp-static.com/ https://*.americanexpress.com/ 'unsafe-inline' 'self' 'unsafe-eval'
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://webrecon.americanexpress.com/assets/bundle.css
Origin
https://webrecon.americanexpress.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Content-Security-Policy
frame-ancestors 'none'; block-all-mixed-content; img-src 'self' data: https:; object-src 'none'; worker-src 'none'; media-src 'none'; base-uri 'self'; form-action 'self' https://*.americanexpress.com/; frame-src https://aexp.demdex.net/ https://*.americanexpress.com/; connect-src 'self' https://*.americanexpress.com/ https://dpm.demdex.net/ https://*.evidon.com/; font-src 'self' https://www.aexp-static.com/ https://fonts.gstatic.com/; script-src https://c.evidon.com/ https://*.aexp-static.com/ https://*.americanexpress.com/ 'unsafe-inline' 'self' 'unsafe-eval'
Date
Fri, 03 May 2024 22:58:31 GMT
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000 ; includeSubDomains
Last-Modified
Thu, 25 Apr 2024 12:26:02 GMT
x-permitted-cross-domain-policies
all
X-Frame-Options
DENY
Content-Type
application/x-font-opentype
Cache-Control
max-age=31536000, public
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
24936
X-XSS-Protection
1; mode=block
X-Application-Context
application:e3_ipc2_ePaas:8443
X-UA-Compatible
IE=edge
truncated
/ 		644 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
428a13dcd90b9a52dac690a578092e1b24e6121952668d4bcf001a6287c880dd

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		942 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1985974bb54604254090ce6ac2267c7650f4cf9354edafcaaebd14ade3ce4d52

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		8 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c000ce3efd67b43d573f0270ec30bb3854908f0672a8e08a6809a3680b7b8542

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		764 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5c5381a437e62da458e251201a5c46af59e750b8f40470b77d00ce9fcf08fc6b

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		984 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5cb5e693ba5e56c274a113f77c50becb662d18324b2ed681432f60ee4761de3d

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
BentonSansBold.otf
webrecon.americanexpress.com/fonts/ 		25 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://webrecon.americanexpress.com/fonts/BentonSansBold.otf
Requested by
Host: webrecon.americanexpress.com
URL: https://webrecon.americanexpress.com/assets/bundle.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.18.116 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
webrecon-r1-vip.americanexpress.com
Software
/
Resource Hash
bb962726f48ddca920808b52c0b988396102a3a9da0899067bf6dab3402e930e
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'; block-all-mixed-content; img-src 'self' data: https:; object-src 'none'; worker-src 'none'; media-src 'none'; base-uri 'self'; form-action 'self' https://*.americanexpress.com/; frame-src https://aexp.demdex.net/ https://*.americanexpress.com/; connect-src 'self' https://*.americanexpress.com/ https://dpm.demdex.net/ https://*.evidon.com/; font-src 'self' https://www.aexp-static.com/ https://fonts.gstatic.com/; script-src https://c.evidon.com/ https://*.aexp-static.com/ https://*.americanexpress.com/ 'unsafe-inline' 'self' 'unsafe-eval'
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://webrecon.americanexpress.com/assets/bundle.css
Origin
https://webrecon.americanexpress.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Content-Security-Policy
frame-ancestors 'none'; block-all-mixed-content; img-src 'self' data: https:; object-src 'none'; worker-src 'none'; media-src 'none'; base-uri 'self'; form-action 'self' https://*.americanexpress.com/; frame-src https://aexp.demdex.net/ https://*.americanexpress.com/; connect-src 'self' https://*.americanexpress.com/ https://dpm.demdex.net/ https://*.evidon.com/; font-src 'self' https://www.aexp-static.com/ https://fonts.gstatic.com/; script-src https://c.evidon.com/ https://*.aexp-static.com/ https://*.americanexpress.com/ 'unsafe-inline' 'self' 'unsafe-eval'
Date
Fri, 03 May 2024 22:58:32 GMT
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000 ; includeSubDomains
Last-Modified
Thu, 25 Apr 2024 12:26:02 GMT
x-permitted-cross-domain-policies
all
X-Frame-Options
DENY
Content-Type
application/x-font-opentype
Cache-Control
max-age=31536000, public
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
25432
X-XSS-Protection
1; mode=block
X-Application-Context
application:e3_ipc2_ePaas:8443
X-UA-Compatible
IE=edge
ReadScriptRegistry.v1
functions.americanexpress.com/ 		448 B
530 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://functions.americanexpress.com/ReadScriptRegistry.v1?name=user-consent-management&version=%5E1.0.0&environment=e3&cache=1714777
Requested by
Host: www.aexp-static.com
URL: https://www.aexp-static.com/cdaas/one/axp-script-supplier/6.0.0/script-supplier.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.19.132 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
one-functions2.americanexpress.com
Software
/
Resource Hash
40ed13e02ba025d1293a29a08a785179ff0b4a21f6802cb39711023ff6b915e8
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://webrecon.americanexpress.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 03 May 2024 22:58:32 GMT
access-control-max-age
86400
vary
origin
access-control-allow-origin
https://webrecon.americanexpress.com
access-control-allow-credentials
true
http_status_code
200
content-length
318
ReadScriptRegistry.v1
functions.americanexpress.com/ 		474 B
406 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://functions.americanexpress.com/ReadScriptRegistry.v1?name=dxt-script-supplier-helper&version=%5E1.0.0&environment=e3&cache=1714777
Requested by
Host: www.aexp-static.com
URL: https://www.aexp-static.com/cdaas/one/axp-script-supplier/6.0.0/script-supplier.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.19.132 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
one-functions2.americanexpress.com
Software
/
Resource Hash
ddbe6a3d2794e31bbb8d7f118dca9c6f8e6770dae7f4c9ac9fae08b1ec6bdfc0
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://webrecon.americanexpress.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 03 May 2024 22:58:32 GMT
access-control-max-age
86400
vary
origin
access-control-allow-origin
https://webrecon.americanexpress.com
access-control-allow-credentials
true
http_status_code
200
content-length
315
favicon.ico
webrecon.americanexpress.com/ 		894 B
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://webrecon.americanexpress.com/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.18.116 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
webrecon-r1-vip.americanexpress.com
Software
/
Resource Hash
520e6de8485ee5539e3cf2ef8f03638c32ca4ff4ced65228c1a6d37d4a42e456
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'; block-all-mixed-content; img-src 'self' data: https:; object-src 'none'; worker-src 'none'; media-src 'none'; base-uri 'self'; form-action 'self' https://*.americanexpress.com/; frame-src https://aexp.demdex.net/ https://*.americanexpress.com/; connect-src 'self' https://*.americanexpress.com/ https://dpm.demdex.net/ https://*.evidon.com/; font-src 'self' https://www.aexp-static.com/ https://fonts.gstatic.com/; script-src https://c.evidon.com/ https://*.aexp-static.com/ https://*.americanexpress.com/ 'unsafe-inline' 'self' 'unsafe-eval'
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://webrecon.americanexpress.com/login
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Content-Security-Policy
frame-ancestors 'none'; block-all-mixed-content; img-src 'self' data: https:; object-src 'none'; worker-src 'none'; media-src 'none'; base-uri 'self'; form-action 'self' https://*.americanexpress.com/; frame-src https://aexp.demdex.net/ https://*.americanexpress.com/; connect-src 'self' https://*.americanexpress.com/ https://dpm.demdex.net/ https://*.evidon.com/; font-src 'self' https://www.aexp-static.com/ https://fonts.gstatic.com/; script-src https://c.evidon.com/ https://*.aexp-static.com/ https://*.americanexpress.com/ 'unsafe-inline' 'self' 'unsafe-eval'
Date
Fri, 03 May 2024 22:58:32 GMT
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000 ; includeSubDomains
x-permitted-cross-domain-policies
all
Connection
keep-alive
Content-Length
894
X-XSS-Protection
1; mode=block
X-Application-Context
application:e3_ipc2_ePaas:8443
X-UA-Compatible
IE=edge
Pragma
no-cache
Last-Modified
Thu, 25 Apr 2024 12:26:02 GMT
X-Frame-Options
DENY
Content-Type
image/x-icon
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Accept-Ranges
bytes
Expires
0
UCM.js
www.aexp-static.com/cdaas/user-consent-management/ucm/v1.13.0/ 		234 KB
66 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.aexp-static.com/cdaas/user-consent-management/ucm/v1.13.0/UCM.js
Requested by
Host: www.aexp-static.com
URL: https://www.aexp-static.com/cdaas/one/axp-script-supplier/6.0.0/script-supplier.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.90.70.102 Philadelphia, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-90-70-102.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
9e132670e82b75096193aa981f828376b85b3f9002f2ed24ec2cf0109743b182

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://webrecon.americanexpress.com/
Origin
https://webrecon.americanexpress.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 03 May 2024 22:58:32 GMT
content-encoding
gzip
last-modified
Tue, 19 Mar 2024 16:23:39 GMT
etag
W/"65f9bc0b-3a9d8"
vary
Origin, Accept-Encoding
access-control-allow-methods
GET, OPTIONS, HEAD
content-type
application/javascript
access-control-allow-origin
https://webrecon.americanexpress.com
cache-control
max-age=31536000, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
access-control-allow-headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
content-length
67050
dxt-script-supplier-helper.js
www.aexp-static.com/cdaas/one/dxt-script-supplier-helper/1.2.0/ 		66 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.aexp-static.com/cdaas/one/dxt-script-supplier-helper/1.2.0/dxt-script-supplier-helper.js
Requested by
Host: www.aexp-static.com
URL: https://www.aexp-static.com/cdaas/one/axp-script-supplier/6.0.0/script-supplier.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.90.70.102 Philadelphia, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-90-70-102.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
4136a35e827bb847feeb39e2141bb4139249a4774ce39882a40bec733a1ab307

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://webrecon.americanexpress.com/
Origin
https://webrecon.americanexpress.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 03 May 2024 22:58:32 GMT
content-encoding
gzip
last-modified
Tue, 19 Mar 2024 16:59:51 GMT
etag
W/"65f9c487-1071d"
vary
Origin, Accept-Encoding
access-control-allow-methods
GET, OPTIONS, HEAD
content-type
application/javascript
access-control-allow-origin
https://webrecon.americanexpress.com
cache-control
max-age=31536000, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
access-control-allow-headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
content-length
26174
ReadScriptRegistry.v1
functions.americanexpress.com/ 		445 B
406 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://functions.americanexpress.com/ReadScriptRegistry.v1?name=one-identity-session&version=%5E1.0.0&environment=e3&cache=1714777
Requested by
Host: www.aexp-static.com
URL: https://www.aexp-static.com/cdaas/one/dxt-script-supplier-helper/1.2.0/dxt-script-supplier-helper.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.19.132 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
one-functions2.americanexpress.com
Software
/
Resource Hash
6b6547c3d2bcc0be2bc211c334a40dec4014b2ed1fbfd37aadcbff99548f901b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://webrecon.americanexpress.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 03 May 2024 22:58:32 GMT
access-control-max-age
86400
vary
origin
access-control-allow-origin
https://webrecon.americanexpress.com
access-control-allow-credentials
true
http_status_code
200
content-length
315
timeout.js
www.aexp-static.com/cdaas/one/one-identity-session/1.38.3/ 		36 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.aexp-static.com/cdaas/one/one-identity-session/1.38.3/timeout.js
Requested by
Host: www.aexp-static.com
URL: https://www.aexp-static.com/cdaas/one/dxt-script-supplier-helper/1.2.0/dxt-script-supplier-helper.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.90.70.102 Philadelphia, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-90-70-102.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
fc1074a620037ac3a3a8dfc1d42856938b371d4e63e9b8ecd783cecbb3213b9b

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://webrecon.americanexpress.com/
Origin
https://webrecon.americanexpress.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 03 May 2024 22:58:33 GMT
content-encoding
gzip
last-modified
Tue, 02 Apr 2024 19:49:55 GMT
etag
W/"660c6163-91cb"
vary
Origin, Accept-Encoding
access-control-allow-methods
GET, OPTIONS, HEAD
content-type
application/javascript
access-control-allow-origin
https://webrecon.americanexpress.com
cache-control
max-age=31536000, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
access-control-allow-headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
content-length
11642
UpdateUserSession.v1
functions.americanexpress.com/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://functions.americanexpress.com/UpdateUserSession.v1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.19.132 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
one-functions2.americanexpress.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,one-data-correlation-id
Access-Control-Request-Method
POST
Origin
https://webrecon.americanexpress.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
user-agent,ax-event-type,access-control-expose-headers,sub-event-type,access-control-max-age,x-mitigator-recommended-action,x-mitigator-finger-print,ax-operation-mode,vary,one-data-context,authorization,x-b3-traceid,credentials,access-control-allow-credentials,x-one-data-host,access-control-allow-origin,x-b3-sampled,x-one-data-forward-address,ce-type,baggage-one-data-correlation-id,content-length,event-type,content-type,one-data-risk-assessment-token,one-data-correlation-id,ce-source,accept,x-mitigator-status,ax-rtf-dynamic-uri-override,ax-correlation-id,access-control-request-headers,agent-id,origin,content-encoding,x-b3-parentspanid,access-control-allow-headers,blueboxpublic,x-requested-with,x-b3-spanid,ax-rtf-filter
access-control-allow-methods
PUT,OPTIONS,DELETE,GET,POST
access-control-allow-origin
https://webrecon.americanexpress.com
access-control-max-age
86400
content-length
0
date
Fri, 03 May 2024 22:58:32 GMT
UpdateUserSession.v1
functions.americanexpress.com/ 		228 B
376 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://functions.americanexpress.com/UpdateUserSession.v1
Requested by
Host: www.aexp-static.com
URL: https://www.aexp-static.com/cdaas/one/one-identity-session/1.38.3/timeout.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.19.132 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
one-functions2.americanexpress.com
Software
/
Resource Hash
40a91b0413e3680ee73fe6ecb6c52d2e509d11d57a584e873f73dc3ef059750b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/json
one-data-correlation-id
6d602fb8-34dc-49b8-8c47-4dbc924dced8
Referer
https://webrecon.americanexpress.com/
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 03 May 2024 22:58:33 GMT
vary
origin
access-control-allow-origin
https://webrecon.americanexpress.com
access-control-allow-credentials
true
content-length
199
info.filled.svg
www.aexp-static.com/one/universal-session-manager-assets/ 		361 B
416 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.aexp-static.com/one/universal-session-manager-assets/info.filled.svg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.90.70.102 Philadelphia, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-90-70-102.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
7066a1bd1fc62016f82e111b3a3253bb0306d9e5f69bcbbcfbdfc20bddadb640

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://webrecon.americanexpress.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 03 May 2024 22:58:33 GMT
content-encoding
gzip
last-modified
Wed, 17 May 2023 04:57:13 GMT
etag
W/"64645ea9-169"
vary
Origin, Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=31536000, must-revalidate
timing-allow-origin
*
content-length
235
Primary Request /
reconciliation.americanexpress.com/
Redirect Chain
  • https://reconciliation.americanexpress.com/
  • https://reconciliation.americanexpress.com/
451 KB
452 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://reconciliation.americanexpress.com/
Requested by
Host: webrecon.americanexpress.com
URL: https://webrecon.americanexpress.com/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.16.195 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
reconportal2.americanexpress.com
Software
/
Resource Hash
609fe53405f27c4c656f87c8f0e7d6fd7a3d2ad50c29ed234539001ef60d8856
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'; block-all-mixed-content; img-src 'self' data: https:; object-src 'none'; worker-src 'none'; media-src 'none'; base-uri 'self'; form-action 'self' https://*.americanexpress.com/; frame-src https://aexp.demdex.net/ https://*.americanexpress.com/; connect-src https://*.americanexpress.com/ 'self' https://dpm.demdex.net/ https://*.evidon.com/; font-src 'self' https://www.aexp-static.com/ https://fonts.gstatic.com/;
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://webrecon.americanexpress.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Cache-Control
no-Store, no-cache
Connection
keep-alive
Content-Type
text/html;charset=UTF-8
Date
Fri, 03 May 2024 22:58:35 GMT
Expires
0
Strict-Transport-Security
max-age=31536000 ; includeSubDomains
Transfer-Encoding
chunked
X-Content-Type-Options
nosniff
X-FRAME-OPTIONS
DENY
X-UA-Compatible
IE=EDGE
X-XSS-Protection
1; mode=block
content-security-policy
frame-ancestors 'none'; block-all-mixed-content; img-src 'self' data: https:; object-src 'none'; worker-src 'none'; media-src 'none'; base-uri 'self'; form-action 'self' https://*.americanexpress.com/; frame-src https://aexp.demdex.net/ https://*.americanexpress.com/; connect-src https://*.americanexpress.com/ 'self' https://dpm.demdex.net/ https://*.evidon.com/; font-src 'self' https://www.aexp-static.com/ https://fonts.gstatic.com/;
pragma
no-cache
x-permitted-cross-domain-policies
all

Redirect headers

Cache-Control
no-Store, no-cache
Connection
keep-alive
Content-Length
0
Content-Type
text/html;charset=UTF-8
Date
Fri, 03 May 2024 22:58:35 GMT
Expires
0
Location
https://reconciliation.americanexpress.com/
Strict-Transport-Security
max-age=31536000 ; includeSubDomains
X-Content-Type-Options
nosniff
X-FRAME-OPTIONS
DENY
X-UA-Compatible
IE=EDGE
X-XSS-Protection
1; mode=block
content-security-policy
frame-ancestors 'none'; block-all-mixed-content; img-src 'self' data: https:; object-src 'none'; worker-src 'none'; media-src 'none'; base-uri 'self'; form-action 'self' https://*.americanexpress.com/; frame-src https://aexp.demdex.net/ https://*.americanexpress.com/; connect-src https://*.americanexpress.com/ 'self' https://dpm.demdex.net/ https://*.evidon.com/; font-src 'self' https://www.aexp-static.com/ https://fonts.gstatic.com/;
pragma
no-cache
x-permitted-cross-domain-policies
all
UpdateUserSession.v1
functions.americanexpress.com/ 		0
0
launch-539dbf94216ab.min.js
www.aexp-static.com/cdaas/api/axpi/omniture/adobe/launch/myca/1.4.1/ 		238 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.aexp-static.com/cdaas/api/axpi/omniture/adobe/launch/myca/1.4.1/launch-539dbf94216ab.min.js
Requested by
Host: reconciliation.americanexpress.com
URL: https://reconciliation.americanexpress.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.90.70.102 Philadelphia, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-90-70-102.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
60a6e23f001b11a2bc934546db0777093d62368c588422b27ed3ea674fb0f55c

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://reconciliation.americanexpress.com/
Origin
https://reconciliation.americanexpress.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 03 May 2024 22:58:36 GMT
content-encoding
gzip
last-modified
Tue, 26 Mar 2024 10:57:25 GMT
etag
W/"6602aa15-3b98b"
vary
Origin, Accept-Encoding
access-control-allow-methods
GET, OPTIONS, HEAD
content-type
application/javascript
access-control-allow-origin
https://reconciliation.americanexpress.com
cache-control
max-age=31536000, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
access-control-allow-headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
content-length
56578
atWork_CAR_v1.css
reconciliation.americanexpress.com/styles/ 		8 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://reconciliation.americanexpress.com/styles/atWork_CAR_v1.css
Requested by
Host: reconciliation.americanexpress.com
URL: https://reconciliation.americanexpress.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.16.195 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
reconportal2.americanexpress.com
Software
/
Resource Hash
e9067fca4d9096024d677831e88054f96eb8fd662ec1a01c17764b9e8a8d371b
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'; block-all-mixed-content; img-src 'self' data: https:; object-src 'none'; worker-src 'none'; media-src 'none'; base-uri 'self'; form-action 'self' https://*.americanexpress.com/; frame-src https://aexp.demdex.net/ https://*.americanexpress.com/; connect-src https://*.americanexpress.com/ 'self' https://dpm.demdex.net/ https://*.evidon.com/; font-src 'self' https://www.aexp-static.com/ https://fonts.gstatic.com/;
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://reconciliation.americanexpress.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
frame-ancestors 'none'; block-all-mixed-content; img-src 'self' data: https:; object-src 'none'; worker-src 'none'; media-src 'none'; base-uri 'self'; form-action 'self' https://*.americanexpress.com/; frame-src https://aexp.demdex.net/ https://*.americanexpress.com/; connect-src https://*.americanexpress.com/ 'self' https://dpm.demdex.net/ https://*.evidon.com/; font-src 'self' https://www.aexp-static.com/ https://fonts.gstatic.com/;
Date
Fri, 03 May 2024 22:58:36 GMT
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000 ; includeSubDomains
Last-Modified
Tue, 30 Apr 2024 20:35:02 GMT
x-permitted-cross-domain-policies
all
X-FRAME-OPTIONS
DENY
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
8176
X-XSS-Protection
1; mode=block
X-UA-Compatible
IE=EDGE
recon-cya.css
reconciliation.americanexpress.com/styles/ 		2 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://reconciliation.americanexpress.com/styles/recon-cya.css
Requested by
Host: reconciliation.americanexpress.com
URL: https://reconciliation.americanexpress.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.16.195 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
reconportal2.americanexpress.com
Software
/
Resource Hash
d8f0ef0fd8f6f323702fb6bb8078a0563f2c59d57c473181df7ad59e052ba1d3
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'; block-all-mixed-content; img-src 'self' data: https:; object-src 'none'; worker-src 'none'; media-src 'none'; base-uri 'self'; form-action 'self' https://*.americanexpress.com/; frame-src https://aexp.demdex.net/ https://*.americanexpress.com/; connect-src https://*.americanexpress.com/ 'self' https://dpm.demdex.net/ https://*.evidon.com/; font-src 'self' https://www.aexp-static.com/ https://fonts.gstatic.com/;
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://reconciliation.americanexpress.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
frame-ancestors 'none'; block-all-mixed-content; img-src 'self' data: https:; object-src 'none'; worker-src 'none'; media-src 'none'; base-uri 'self'; form-action 'self' https://*.americanexpress.com/; frame-src https://aexp.demdex.net/ https://*.americanexpress.com/; connect-src https://*.americanexpress.com/ 'self' https://dpm.demdex.net/ https://*.evidon.com/; font-src 'self' https://www.aexp-static.com/ https://fonts.gstatic.com/;
Date
Fri, 03 May 2024 22:58:36 GMT
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000 ; includeSubDomains
Last-Modified
Tue, 30 Apr 2024 20:35:02 GMT
x-permitted-cross-domain-policies
all
X-FRAME-OPTIONS
DENY
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1995
X-XSS-Protection
1; mode=block
X-UA-Compatible
IE=EDGE
dls.min.css
www.aexp-static.com/cdaas/one/statics/@americanexpress/dls/6.25.3/package/dist/6.25.3/styles/ 		363 KB
48 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.aexp-static.com/cdaas/one/statics/@americanexpress/dls/6.25.3/package/dist/6.25.3/styles/dls.min.css
Requested by
Host: reconciliation.americanexpress.com
URL: https://reconciliation.americanexpress.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.90.70.102 Philadelphia, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-90-70-102.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
c02e7dc45d4d8ae62bd47302a994f9ed2cb140e7a70db4d7ff7d5d7d6aef2884

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://reconciliation.americanexpress.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 03 May 2024 22:58:36 GMT
content-encoding
gzip
last-modified
Mon, 07 Aug 2023 18:17:31 GMT
etag
W/"64d1353b-5aa51"
vary
Origin, Accept-Encoding
content-type
text/css
access-control-allow-origin
https://reconciliation.americanexpress.com
cache-control
max-age=31536000, must-revalidate
timing-allow-origin
*
content-length
48788
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.1.1/ 		82 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js
Requested by
Host: reconciliation.americanexpress.com
URL: https://reconciliation.americanexpress.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://reconciliation.americanexpress.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 03 May 2024 12:16:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
38549
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
29671
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 03 May 2025 12:16:07 GMT
jquery.placeholder-enhanced.min.js
reconciliation.americanexpress.com/scripts/ 		2 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://reconciliation.americanexpress.com/scripts/jquery.placeholder-enhanced.min.js
Requested by
Host: reconciliation.americanexpress.com
URL: https://reconciliation.americanexpress.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.16.195 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
reconportal2.americanexpress.com
Software
/
Resource Hash
4234446c3b8a1d51ab7a8a89af926fafdcbbbabcb05f24eaaaf5110e1bbe49ea
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'; block-all-mixed-content; img-src 'self' data: https:; object-src 'none'; worker-src 'none'; media-src 'none'; base-uri 'self'; form-action 'self' https://*.americanexpress.com/; frame-src https://aexp.demdex.net/ https://*.americanexpress.com/; connect-src https://*.americanexpress.com/ 'self' https://dpm.demdex.net/ https://*.evidon.com/; font-src 'self' https://www.aexp-static.com/ https://fonts.gstatic.com/;
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://reconciliation.americanexpress.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
frame-ancestors 'none'; block-all-mixed-content; img-src 'self' data: https:; object-src 'none'; worker-src 'none'; media-src 'none'; base-uri 'self'; form-action 'self' https://*.americanexpress.com/; frame-src https://aexp.demdex.net/ https://*.americanexpress.com/; connect-src https://*.americanexpress.com/ 'self' https://dpm.demdex.net/ https://*.evidon.com/; font-src 'self' https://www.aexp-static.com/ https://fonts.gstatic.com/;
Date
Fri, 03 May 2024 22:58:36 GMT
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000 ; includeSubDomains
Last-Modified
Tue, 30 Apr 2024 20:35:02 GMT
x-permitted-cross-domain-policies
all
X-FRAME-OPTIONS
DENY
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1820
X-XSS-Protection
1; mode=block
X-UA-Compatible
IE=EDGE
adobe.js
reconciliation.americanexpress.com/scripts/ 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://reconciliation.americanexpress.com/scripts/adobe.js
Requested by
Host: reconciliation.americanexpress.com
URL: https://reconciliation.americanexpress.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.16.195 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
reconportal2.americanexpress.com
Software
/
Resource Hash
bd7d3b356386294b30288a30845e3b18e8c126636fb2204a1f30c76cc8eeaba4
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'; block-all-mixed-content; img-src 'self' data: https:; object-src 'none'; worker-src 'none'; media-src 'none'; base-uri 'self'; form-action 'self' https://*.americanexpress.com/; frame-src https://aexp.demdex.net/ https://*.americanexpress.com/; connect-src https://*.americanexpress.com/ 'self' https://dpm.demdex.net/ https://*.evidon.com/; font-src 'self' https://www.aexp-static.com/ https://fonts.gstatic.com/;
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://reconciliation.americanexpress.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
frame-ancestors 'none'; block-all-mixed-content; img-src 'self' data: https:; object-src 'none'; worker-src 'none'; media-src 'none'; base-uri 'self'; form-action 'self' https://*.americanexpress.com/; frame-src https://aexp.demdex.net/ https://*.americanexpress.com/; connect-src https://*.americanexpress.com/ 'self' https://dpm.demdex.net/ https://*.evidon.com/; font-src 'self' https://www.aexp-static.com/ https://fonts.gstatic.com/;
Date
Fri, 03 May 2024 22:58:36 GMT
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000 ; includeSubDomains
Last-Modified
Tue, 30 Apr 2024 20:35:02 GMT
x-permitted-cross-domain-policies
all
X-FRAME-OPTIONS
DENY
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1075
X-XSS-Protection
1; mode=block
X-UA-Compatible
IE=EDGE
common.js
reconciliation.americanexpress.com/scripts/ 		697 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://reconciliation.americanexpress.com/scripts/common.js
Requested by
Host: reconciliation.americanexpress.com
URL: https://reconciliation.americanexpress.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.16.195 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
reconportal2.americanexpress.com
Software
/
Resource Hash
c1593e3ea6662bf76e2d970e23eb332df7e9464f7660e47dba1e6771013ad6a5
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'; block-all-mixed-content; img-src 'self' data: https:; object-src 'none'; worker-src 'none'; media-src 'none'; base-uri 'self'; form-action 'self' https://*.americanexpress.com/; frame-src https://aexp.demdex.net/ https://*.americanexpress.com/; connect-src https://*.americanexpress.com/ 'self' https://dpm.demdex.net/ https://*.evidon.com/; font-src 'self' https://www.aexp-static.com/ https://fonts.gstatic.com/;
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://reconciliation.americanexpress.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
frame-ancestors 'none'; block-all-mixed-content; img-src 'self' data: https:; object-src 'none'; worker-src 'none'; media-src 'none'; base-uri 'self'; form-action 'self' https://*.americanexpress.com/; frame-src https://aexp.demdex.net/ https://*.americanexpress.com/; connect-src https://*.americanexpress.com/ 'self' https://dpm.demdex.net/ https://*.evidon.com/; font-src 'self' https://www.aexp-static.com/ https://fonts.gstatic.com/;
Date
Fri, 03 May 2024 22:58:36 GMT
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000 ; includeSubDomains
Last-Modified
Tue, 30 Apr 2024 20:35:02 GMT
x-permitted-cross-domain-policies
all
X-FRAME-OPTIONS
DENY
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
697
X-XSS-Protection
1; mode=block
X-UA-Compatible
IE=EDGE
iNav.js
reconciliation.americanexpress.com/scripts/ 		593 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://reconciliation.americanexpress.com/scripts/iNav.js
Requested by
Host: reconciliation.americanexpress.com
URL: https://reconciliation.americanexpress.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.16.195 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
reconportal2.americanexpress.com
Software
/
Resource Hash
595d80679305f6c7f839b6479700d1e14cc36add616b8d1154505569af489a53
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'; block-all-mixed-content; img-src 'self' data: https:; object-src 'none'; worker-src 'none'; media-src 'none'; base-uri 'self'; form-action 'self' https://*.americanexpress.com/; frame-src https://aexp.demdex.net/ https://*.americanexpress.com/; connect-src https://*.americanexpress.com/ 'self' https://dpm.demdex.net/ https://*.evidon.com/; font-src 'self' https://www.aexp-static.com/ https://fonts.gstatic.com/;
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://reconciliation.americanexpress.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
frame-ancestors 'none'; block-all-mixed-content; img-src 'self' data: https:; object-src 'none'; worker-src 'none'; media-src 'none'; base-uri 'self'; form-action 'self' https://*.americanexpress.com/; frame-src https://aexp.demdex.net/ https://*.americanexpress.com/; connect-src https://*.americanexpress.com/ 'self' https://dpm.demdex.net/ https://*.evidon.com/; font-src 'self' https://www.aexp-static.com/ https://fonts.gstatic.com/;
Date
Fri, 03 May 2024 22:58:36 GMT
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000 ; includeSubDomains
Last-Modified
Tue, 30 Apr 2024 20:35:02 GMT
x-permitted-cross-domain-policies
all
X-FRAME-OPTIONS
DENY
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
593
X-XSS-Protection
1; mode=block
X-UA-Compatible
IE=EDGE
EX781685ee42bc47aead070e977b2c6511-libraryCode_source.min.js
www.aexp-static.com/cdaas/api/axpi/omniture/adobe/launch/myca/1.4.1/dcb19cbd6cbf/66bfa1f1c370/1ffa2d7bca62/ 		61 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.aexp-static.com/cdaas/api/axpi/omniture/adobe/launch/myca/1.4.1/dcb19cbd6cbf/66bfa1f1c370/1ffa2d7bca62/EX781685ee42bc47aead070e977b2c6511-libraryCode_source.min.js
Requested by
Host: www.aexp-static.com
URL: https://www.aexp-static.com/cdaas/api/axpi/omniture/adobe/launch/myca/1.4.1/launch-539dbf94216ab.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.90.70.102 Philadelphia, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-90-70-102.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
4cf4a9f7df233b62d0cf8bf24b088e8fc5d6ccfdfef52a9707a5304e636b0d72

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://reconciliation.americanexpress.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 03 May 2024 22:58:36 GMT
content-encoding
gzip
last-modified
Tue, 26 Mar 2024 10:55:34 GMT
etag
W/"6602a9a6-f410"
vary
Origin, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
https://reconciliation.americanexpress.com
cache-control
max-age=31536000, must-revalidate
timing-allow-origin
*
content-length
21460
dls-logo-bluebox-solid.svg
www.aexp-static.com/cdaas/one/statics/axp-static-assets/1.8.0/package/dist/img/logos/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.aexp-static.com/cdaas/one/statics/axp-static-assets/1.8.0/package/dist/img/logos/dls-logo-bluebox-solid.svg
Requested by
Host: reconciliation.americanexpress.com
URL: https://reconciliation.americanexpress.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.90.70.102 Philadelphia, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-90-70-102.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
028f643755987211bf2f3add6c62ae1870a888cf2f4fe3040a4fac7dce2543ab

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://reconciliation.americanexpress.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 03 May 2024 22:58:31 GMT
content-encoding
gzip
last-modified
Thu, 31 Oct 2019 17:37:19 GMT
etag
W/"5dbb1bcf-962"
vary
Origin, Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
https://webrecon.americanexpress.com
cache-control
max-age=31536000, must-revalidate
timing-allow-origin
*
content-length
989
dls-logo-stack.svg
www.aexp-static.com/cdaas/one/statics/axp-static-assets/1.8.0/package/dist/img/logos/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.aexp-static.com/cdaas/one/statics/axp-static-assets/1.8.0/package/dist/img/logos/dls-logo-stack.svg
Requested by
Host: reconciliation.americanexpress.com
URL: https://reconciliation.americanexpress.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.90.70.102 Philadelphia, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-90-70-102.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
fc69234936c0df004440641a5df9ee1e3c3532df5780984f0f636e85e8788519

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://reconciliation.americanexpress.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 03 May 2024 22:58:31 GMT
content-encoding
gzip
last-modified
Thu, 31 Oct 2019 17:37:19 GMT
etag
W/"5dbb1bcf-66e"
vary
Origin, Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
https://webrecon.americanexpress.com
cache-control
max-age=15552000
timing-allow-origin
*
content-length
743
expires
Sat, 16 May 2020 15:03:23 GMT
dls-logo-stack-white.svg
www.aexp-static.com/cdaas/one/statics/axp-static-assets/1.8.0/package/dist/img/logos/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.aexp-static.com/cdaas/one/statics/axp-static-assets/1.8.0/package/dist/img/logos/dls-logo-stack-white.svg
Requested by
Host: reconciliation.americanexpress.com
URL: https://reconciliation.americanexpress.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.90.70.102 Philadelphia, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-90-70-102.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
56b8e90244c34621e294d3357edfef9a1467e501773ed21b25dc6367ab3d7803

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://reconciliation.americanexpress.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 03 May 2024 22:58:31 GMT
content-encoding
gzip
last-modified
Thu, 31 Oct 2019 17:37:19 GMT
etag
W/"5dbb1bcf-66b"
vary
Origin, Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
https://webrecon.americanexpress.com
cache-control
max-age=15552000
timing-allow-origin
*
content-length
742
expires
Sat, 16 May 2020 15:03:26 GMT
dls-flag-de.svg
www.aexp-static.com/cdaas/one/statics/axp-static-assets/2.14.2/package/dist/img/flags/ 		245 B
400 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.aexp-static.com/cdaas/one/statics/axp-static-assets/2.14.2/package/dist/img/flags/dls-flag-de.svg
Requested by
Host: reconciliation.americanexpress.com
URL: https://reconciliation.americanexpress.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.90.70.102 Philadelphia, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-90-70-102.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
642a1277cc3f927e1ed84e5f499096e5192b16efd6371429cd2ff0dcc89f1deb

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://reconciliation.americanexpress.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 03 May 2024 22:58:36 GMT
content-encoding
gzip
last-modified
Fri, 04 Sep 2020 17:15:25 GMT
etag
"5f52762d-f5"
vary
Origin, Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
https://reconciliation.americanexpress.com
cache-control
max-age=15552000
accept-ranges
bytes
timing-allow-origin
*
content-length
172
expires
Sun, 18 Apr 2021 08:22:09 GMT
navScript.js
icm.aexp-static.com/content/Navigation/NavScript/Header/ 		7 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://icm.aexp-static.com/content/Navigation/NavScript/Header/navScript.js
Requested by
Host: reconciliation.americanexpress.com
URL: https://reconciliation.americanexpress.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.90.70.102 Philadelphia, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-90-70-102.deploy.static.akamaitechnologies.com
Software
Akamai Resource Optimizer /
Resource Hash
dd8097df5e6d9d9428e88ef2f291c15f49e0bb44633256aa6df4646f840db22b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://reconciliation.americanexpress.com/
Origin
https://reconciliation.americanexpress.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 03 May 2024 22:58:31 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Mon, 29 Apr 2024 20:40:43 GMT
server
Akamai Resource Optimizer
etag
"1ad8-61742382aca88-gzip"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, must-revalidate, max-age=6706
accept-ranges
bytes
content-length
1709
footerScript.js
icm.aexp-static.com/content/Navigation/NavScript/ 		499 B
0 		Script
General
Check archive.org
Download Go to
Full URL
https://icm.aexp-static.com/content/Navigation/NavScript/footerScript.js
Requested by
Host: reconciliation.americanexpress.com
URL: https://reconciliation.americanexpress.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.90.70.102 Philadelphia, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-90-70-102.deploy.static.akamaitechnologies.com
Software
Akamai Resource Optimizer /
Resource Hash
ac150423e8c4855e82149cb6159f48bd6ec2f040940c829f5e39282074355916
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://reconciliation.americanexpress.com/
Origin
https://reconciliation.americanexpress.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 03 May 2024 22:58:31 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Fri, 03 May 2024 03:10:03 GMT
server
Akamai Resource Optimizer
etag
"1f3-60f07810fa733-gzip"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, must-revalidate, max-age=2675
accept-ranges
bytes
content-length
209
dls-logo-line.svg
www.aexp-static.com/cdaas/one/statics/axp-static-assets/1.7.1/package/dist/img/logos/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.aexp-static.com/cdaas/one/statics/axp-static-assets/1.7.1/package/dist/img/logos/dls-logo-line.svg
Requested by
Host: reconciliation.americanexpress.com
URL: https://reconciliation.americanexpress.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.90.70.102 Philadelphia, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-90-70-102.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
c39e8554624a4b74e596d2bfa96bdd4d30dbc395532ab32e67591c0e929080e9

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://reconciliation.americanexpress.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 03 May 2024 22:58:31 GMT
content-encoding
gzip
last-modified
Fri, 18 Oct 2019 19:50:49 GMT
etag
W/"5daa1799-693"
vary
Origin, Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
https://webrecon.americanexpress.com
cache-control
max-age=31536000, must-revalidate
timing-allow-origin
*
content-length
712
truncated
/ 		644 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
428a13dcd90b9a52dac690a578092e1b24e6121952668d4bcf001a6287c880dd

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		8 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c000ce3efd67b43d573f0270ec30bb3854908f0672a8e08a6809a3680b7b8542

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
dls-flag-de.svg
www.aexp-static.com/cdaas/one/statics/axp-static-assets/2.24.1/package/dist/img/flags/ 		245 B
387 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.aexp-static.com/cdaas/one/statics/axp-static-assets/2.24.1/package/dist/img/flags/dls-flag-de.svg
Requested by
Host: reconciliation.americanexpress.com
URL: https://reconciliation.americanexpress.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.90.70.102 Philadelphia, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-90-70-102.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
642a1277cc3f927e1ed84e5f499096e5192b16efd6371429cd2ff0dcc89f1deb

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://reconciliation.americanexpress.com/
Origin
https://reconciliation.americanexpress.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 03 May 2024 22:58:36 GMT
content-encoding
gzip
last-modified
Thu, 01 Jul 2021 15:34:07 GMT
etag
"60dde06f-f5"
vary
Origin, Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
https://reconciliation.americanexpress.com
cache-control
max-age=31536000, must-revalidate
accept-ranges
bytes
timing-allow-origin
*
content-length
172
3be50273-0b2e-4aef-ae68-882eacd611f9-3.woff
www.aexp-static.com/cdaas/one/statics/@americanexpress/static-assets/2.29.1/package/dist/fonts/ 		36 KB
37 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.aexp-static.com/cdaas/one/statics/@americanexpress/static-assets/2.29.1/package/dist/fonts/3be50273-0b2e-4aef-ae68-882eacd611f9-3.woff
Requested by
Host: www.aexp-static.com
URL: https://www.aexp-static.com/cdaas/one/statics/@americanexpress/dls/6.25.3/package/dist/6.25.3/styles/dls.min.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.90.70.102 Philadelphia, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-90-70-102.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
48050d8eeb740bb31aaad9eb82bcd4a493b474c9385eeda5fc2ca2ea279cffad

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.aexp-static.com/cdaas/one/statics/@americanexpress/dls/6.25.3/package/dist/6.25.3/styles/dls.min.css
Origin
https://reconciliation.americanexpress.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 03 May 2024 22:58:36 GMT
last-modified
Fri, 10 Mar 2023 19:27:22 GMT
etag
"640b849a-9121"
vary
Origin, Accept-Encoding
access-control-allow-methods
GET
content-type
font/woff
access-control-allow-origin
https://reconciliation.americanexpress.com
cache-control
max-age=31536000, must-revalidate
accept-ranges
bytes
timing-allow-origin
*
content-length
37153
RC23d7b9529bb1407abc6432638a9baafd-source.min.js
www.aexp-static.com/cdaas/api/axpi/omniture/adobe/launch/myca/1.4.1/dcb19cbd6cbf/66bfa1f1c370/817e00de8d88/ 		0
0
RCd7e49ac8c6544753af94107581f1a5a8-source.min.js
www.aexp-static.com/cdaas/api/axpi/omniture/adobe/launch/myca/1.4.1/dcb19cbd6cbf/66bfa1f1c370/817e00de8d88/ 		0
0
favicon.ico
reconciliation.americanexpress.com/images/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
functions.americanexpress.com
URL
https://functions.americanexpress.com/UpdateUserSession.v1
Domain
www.aexp-static.com
URL
https://www.aexp-static.com/cdaas/api/axpi/omniture/adobe/launch/myca/1.4.1/dcb19cbd6cbf/66bfa1f1c370/817e00de8d88/RC23d7b9529bb1407abc6432638a9baafd-source.min.js
Domain
www.aexp-static.com
URL
https://www.aexp-static.com/cdaas/api/axpi/omniture/adobe/launch/myca/1.4.1/dcb19cbd6cbf/66bfa1f1c370/817e00de8d88/RCd7e49ac8c6544753af94107581f1a5a8-source.min.js
Domain
reconciliation.americanexpress.com
URL
https://reconciliation.americanexpress.com/images/favicon.ico

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| _satellite boolean| __satelliteLoaded object| adobe function| Visitor object| s_c_il number| s_c_in boolean| excludeOmniture

7 Cookies

Domain/Path Name / Value
webrecon.americanexpress.com/ Name: SESSION
Value: d5faae04-fbce-4426-ab4b-3543d2befccd
webrecon.americanexpress.com/ Name: XSRF-TOKEN
Value: a7d603b1-c09f-4ac2-b2d1-a035ec107fe2
webrecon.americanexpress.com/ Name: TS0139a03f
Value: 0152a806c1170b23a2e628c21db042225018cc8a615767793a1ab83afcf180cd40197b9f515f67cca351efd7f344dcd3fc4482f324
reconciliation.americanexpress.com/ Name: SESSION
Value: ac1fedaa-c8a8-41de-8e8f-d143ef6157ca
reconciliation.americanexpress.com/ Name: defaultLang
Value: de_DE
reconciliation.americanexpress.com/ Name: TS0139a03f
Value: 0152a806c1636ef181dec5a1d126b8b4acc2608f107dac4cfb24a30105adcbfae61d25ae90964792c952e92c9405119919b0945e8e
reconciliation.americanexpress.com/ Name: TS01cbb0ee
Value: 0152a806c1636ef181dec5a1d126b8b4acc2608f107dac4cfb24a30105adcbfae61d25ae90964792c952e92c9405119919b0945e8e

1 Console Messages

Source Level URL
Text
network error URL: https://functions.americanexpress.com/UpdateUserSession.v1
Message:
Failed to load resource: the server responded with a status of 401 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'none'; block-all-mixed-content; img-src 'self' data: https:; object-src 'none'; worker-src 'none'; media-src 'none'; base-uri 'self'; form-action 'self' https://*.americanexpress.com/; frame-src https://aexp.demdex.net/ https://*.americanexpress.com/; connect-src 'self' https://*.americanexpress.com/ https://dpm.demdex.net/ https://*.evidon.com/; font-src 'self' https://www.aexp-static.com/ https://fonts.gstatic.com/; script-src https://c.evidon.com/ https://*.aexp-static.com/ https://*.americanexpress.com/ 'unsafe-inline' 'self' 'unsafe-eval'
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
functions.americanexpress.com
icm.aexp-static.com
reconciliation.americanexpress.com
webrecon.americanexpress.com
www.aexp-static.com
functions.americanexpress.com
reconciliation.americanexpress.com
www.aexp-static.com
104.90.70.102
139.71.16.195
139.71.18.116
139.71.19.132
2a00:1450:4001:82b::200a
028f643755987211bf2f3add6c62ae1870a888cf2f4fe3040a4fac7dce2543ab
1985974bb54604254090ce6ac2267c7650f4cf9354edafcaaebd14ade3ce4d52
1ca8b41ca97fb8ca618c9a90179e3df21e3c7513d3105d6940457f7fdd97f903
32513477c37769bb76ddd2618b79c04e31a3a10a4f5d4a9110450807db390ab8
40a91b0413e3680ee73fe6ecb6c52d2e509d11d57a584e873f73dc3ef059750b
40ed13e02ba025d1293a29a08a785179ff0b4a21f6802cb39711023ff6b915e8
4136a35e827bb847feeb39e2141bb4139249a4774ce39882a40bec733a1ab307
4234446c3b8a1d51ab7a8a89af926fafdcbbbabcb05f24eaaaf5110e1bbe49ea
428a13dcd90b9a52dac690a578092e1b24e6121952668d4bcf001a6287c880dd
48050d8eeb740bb31aaad9eb82bcd4a493b474c9385eeda5fc2ca2ea279cffad
4cf4a9f7df233b62d0cf8bf24b088e8fc5d6ccfdfef52a9707a5304e636b0d72
520e6de8485ee5539e3cf2ef8f03638c32ca4ff4ced65228c1a6d37d4a42e456
56b8e90244c34621e294d3357edfef9a1467e501773ed21b25dc6367ab3d7803
595d80679305f6c7f839b6479700d1e14cc36add616b8d1154505569af489a53
5c5381a437e62da458e251201a5c46af59e750b8f40470b77d00ce9fcf08fc6b
5cb5e693ba5e56c274a113f77c50becb662d18324b2ed681432f60ee4761de3d
5e60a20da0f769a6260d4ed755d615da930b87c62436f807a6ff32d000017d18
609fe53405f27c4c656f87c8f0e7d6fd7a3d2ad50c29ed234539001ef60d8856
60a6e23f001b11a2bc934546db0777093d62368c588422b27ed3ea674fb0f55c
642a1277cc3f927e1ed84e5f499096e5192b16efd6371429cd2ff0dcc89f1deb
6b6547c3d2bcc0be2bc211c334a40dec4014b2ed1fbfd37aadcbff99548f901b
6d909190239ba41e777e74d05840cc54fa8b26a5881b1f574eb710a028080d2c
7066a1bd1fc62016f82e111b3a3253bb0306d9e5f69bcbbcfbdfc20bddadb640
874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4
9e132670e82b75096193aa981f828376b85b3f9002f2ed24ec2cf0109743b182
a2305ddd49cceb3ce4e7dfc7b22e5e137dc994a59b72da9883dd49d479c7d2a7
ac150423e8c4855e82149cb6159f48bd6ec2f040940c829f5e39282074355916
bb962726f48ddca920808b52c0b988396102a3a9da0899067bf6dab3402e930e
bd7d3b356386294b30288a30845e3b18e8c126636fb2204a1f30c76cc8eeaba4
bf0b09ce89a5c3bde142b5bf68fbce4f6bc724ee71c6d61748e0619e0d0a1060
c000ce3efd67b43d573f0270ec30bb3854908f0672a8e08a6809a3680b7b8542
c02e7dc45d4d8ae62bd47302a994f9ed2cb140e7a70db4d7ff7d5d7d6aef2884
c1593e3ea6662bf76e2d970e23eb332df7e9464f7660e47dba1e6771013ad6a5
c39e8554624a4b74e596d2bfa96bdd4d30dbc395532ab32e67591c0e929080e9
c95beca47d217062d781b87d9ec5678c497869335545e848385874e3158bb8cc
d8f0ef0fd8f6f323702fb6bb8078a0563f2c59d57c473181df7ad59e052ba1d3
dd8097df5e6d9d9428e88ef2f291c15f49e0bb44633256aa6df4646f840db22b
ddbe6a3d2794e31bbb8d7f118dca9c6f8e6770dae7f4c9ac9fae08b1ec6bdfc0
e9067fca4d9096024d677831e88054f96eb8fd662ec1a01c17764b9e8a8d371b
eaed4f52b8ea307e4ee27be3aa82190943c46cb3f231ad2dadcafedf57e336ab
f9359fe89d9c432b092e1eec61848c11c2fc01b9b28794fcd0bef697e4ca93a9
fc1074a620037ac3a3a8dfc1d42856938b371d4e63e9b8ecd783cecbb3213b9b
fc69234936c0df004440641a5df9ee1e3c3532df5780984f0f636e85e8788519
ff7daf2447b4e817c0c4c9900a2444617f36583aaa3c43ac98ac695ae3337fb0