SSL Report:
www.americanexpress.com
(23.53.148.101)
Assessed on: Wed, 24 Dec 2025 10:42:52 UTC
| Clear cache
Summary
0
20
40
60
80
100
Certificate
Protocol Support
Key Exchange
Cipher Strength
Visit our documentation page
for more information, configuration guides, and books. Known issues are documented
here.
Server sent invalid/disabled HSTS policy. See below for further information. MORE INFO »
This server supports TLS 1.3. MORE INFO »
Certificate #1: RSA 2048 bits (SHA256withRSA)
|
Server Key and Certificate #1
|
|
| Subject |
www.americanexpress.com
Fingerprint SHA256: eb647500ad2846c484634b1e709ed7b0c70b2975b2961f967ea53dd39f48c8b5 Pin SHA256: MpWNIb2HTJhPaNFErvjB7qEDfMHR5zrheNWn5UdtKyY= |
| Common names | www.americanexpress.com |
| Alternative names | www.americanexpress.com amexsavings.com americanexpress.com amexmobile.com personalsavings.com www.personalsavings.americanexpress.com www.personalsavings.com |
| Serial Number | 075cb11f7f78922dbb4c846a4ed35dc4 |
| Valid from | Tue, 30 Sep 2025 00:00:00 UTC |
| Valid until | Tue, 29 Sep 2026 23:59:59 UTC (expires in 9 months and 5 days) |
| Key | RSA 2048 bits (e 65537) |
| Weak key (Debian) | No |
| Issuer | DigiCert Global G2 TLS RSA SHA256 2020 CA1
AIA: http://cacerts.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crt |
| Signature algorithm | SHA256withRSA |
| Extended Validation | No |
| Certificate Transparency | Yes (certificate) |
| OCSP Must Staple | No |
| Revocation information |
CRL, OCSP CRL: http://crl3.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl OCSP: http://ocsp.digicert.com |
| Revocation status | Good (not revoked) |
| DNS CAA | No (more info) |
| Trusted | Yes
Mozilla Apple Android Java Windows |
Certification Paths |
Configuration
| Protocols | |
| TLS 1.3 | Yes |
| TLS 1.2 | Yes |
| TLS 1.1 | No |
| TLS 1.0 | No |
| SSL 3 | No |
| SSL 2 | No |
| Cipher Suites | ||
|
# TLS 1.3 (suites in server-preferred order)
|
||
TLS_AES_256_GCM_SHA384 (0x1302)
ECDH x25519 (eq. 3072 bits RSA) FS
|
256 | |
TLS_CHACHA20_POLY1305_SHA256 (0x1303)
ECDH x25519 (eq. 3072 bits RSA) FS
|
256P | |
TLS_AES_128_GCM_SHA256 (0x1301)
ECDH x25519 (eq. 3072 bits RSA) FS
|
128 | |
|
# TLS 1.2 (suites in server-preferred order)
|
||
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
ECDH secp256r1 (eq. 3072 bits RSA) FS
|
256 | |
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
ECDH secp256r1 (eq. 3072 bits RSA) FS
|
128 | |
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)
ECDH secp256r1 (eq. 3072 bits RSA) FS
|
256P | |
| (P) This server prefers ChaCha20 suites with clients that don't have AES-NI (e.g., Android devices) | ||
| Handshake Simulation | |||
| Android 4.4.2 | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Android 5.0.0 | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
| Android 6.0 | RSA 2048 (SHA256) | TLS 1.2 > http/1.1 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
| Android 7.0 | RSA 2048 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ECDH secp256r1 FS |
| Android 8.0 | RSA 2048 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ECDH secp256r1 FS |
| Android 8.1 | - | TLS 1.3 | TLS_CHACHA20_POLY1305_SHA256 ECDH x25519 FS |
| Android 9.0 | - | TLS 1.3 | TLS_CHACHA20_POLY1305_SHA256 ECDH x25519 FS |
| BingPreview Jan 2015 | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Chrome 49 / XP SP3 | RSA 2048 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
| Chrome 69 / Win 7 R | RSA 2048 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Chrome 70 / Win 10 | - | TLS 1.3 | TLS_AES_256_GCM_SHA384 ECDH x25519 FS |
| Chrome 80 / Win 10 R | - | TLS 1.3 | TLS_AES_256_GCM_SHA384 ECDH x25519 FS |
| Firefox 31.3.0 ESR / Win 7 | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
| Firefox 47 / Win 7 R | RSA 2048 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
| Firefox 49 / XP SP3 | RSA 2048 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Firefox 62 / Win 7 R | RSA 2048 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Firefox 73 / Win 10 R | - | TLS 1.3 | TLS_AES_256_GCM_SHA384 ECDH x25519 FS |
| Googlebot Feb 2018 | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| IE 11 / Win 7 R |
Server sent fatal alert: handshake_failure |
||
| IE 11 / Win 8.1 R |
Server sent fatal alert: handshake_failure |
||
| IE 11 / Win Phone 8.1 R |
Server sent fatal alert: handshake_failure |
||
| IE 11 / Win Phone 8.1 Update R |
Server sent fatal alert: handshake_failure |
||
| IE 11 / Win 10 R | RSA 2048 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Edge 15 / Win 10 R | RSA 2048 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Edge 16 / Win 10 R | RSA 2048 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Edge 18 / Win 10 R | RSA 2048 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Edge 13 / Win Phone 10 R | RSA 2048 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Java 8u161 | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Java 11.0.3 | - | TLS 1.3 | TLS_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Java 12.0.1 | - | TLS 1.3 | TLS_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| OpenSSL 1.0.1l R | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| OpenSSL 1.0.2s R | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| OpenSSL 1.1.0k R | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| OpenSSL 1.1.1c R | - | TLS 1.3 | TLS_AES_256_GCM_SHA384 ECDH x25519 FS |
| Safari 6 / iOS 6.0.1 |
Server sent fatal alert: handshake_failure |
||
| Safari 7 / iOS 7.1 R |
Server sent fatal alert: handshake_failure |
||
| Safari 7 / OS X 10.9 R |
Server sent fatal alert: handshake_failure |
||
| Safari 8 / iOS 8.4 R |
Server sent fatal alert: handshake_failure |
||
| Safari 8 / OS X 10.10 R |
Server sent fatal alert: handshake_failure |
||
| Safari 9 / iOS 9 R | RSA 2048 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Safari 9 / OS X 10.11 R | RSA 2048 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Safari 10 / iOS 10 R | RSA 2048 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Safari 10 / OS X 10.12 R | RSA 2048 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Safari 12.1.2 / MacOS 10.14.6 Beta R | - | TLS 1.3 | TLS_CHACHA20_POLY1305_SHA256 ECDH x25519 FS |
| Safari 12.1.1 / iOS 12.3.1 R | - | TLS 1.3 | TLS_CHACHA20_POLY1305_SHA256 ECDH x25519 FS |
| Apple ATS 9 / iOS 9 R | RSA 2048 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Yahoo Slurp Jan 2015 | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| YandexBot Jan 2015 | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
|
# Not simulated clients (Protocol mismatch)
|
|||
| Android 2.3.7 No SNI 2 |
Protocol mismatch (not simulated) |
||
| Android 4.0.4 |
Protocol mismatch (not simulated) |
||
| Android 4.1.1 |
Protocol mismatch (not simulated) |
||
| Android 4.2.2 |
Protocol mismatch (not simulated) |
||
| Android 4.3 |
Protocol mismatch (not simulated) |
||
| Baidu Jan 2015 |
Protocol mismatch (not simulated) |
||
| IE 6 / XP No FS 1 No SNI 2 |
Protocol mismatch (not simulated) |
||
| IE 7 / Vista |
Protocol mismatch (not simulated) |
||
| IE 8 / XP No FS 1 No SNI 2 |
Protocol mismatch (not simulated) |
||
| IE 8-10 / Win 7 R |
Protocol mismatch (not simulated) |
||
| IE 10 / Win Phone 8.0 |
Protocol mismatch (not simulated) |
||
| Java 6u45 No SNI 2 |
Protocol mismatch (not simulated) |
||
| Java 7u25 |
Protocol mismatch (not simulated) |
||
| OpenSSL 0.9.8y |
Protocol mismatch (not simulated) |
||
| Safari 5.1.9 / OS X 10.6.8 |
Protocol mismatch (not simulated) |
||
| Safari 6.0.4 / OS X 10.8.4 R |
Protocol mismatch (not simulated) |
||
| (1) Clients that do not support Forward Secrecy (FS) are excluded when determining support for it. | |||
| (2) No support for virtual SSL hosting (SNI). Connects to the default site if the server uses SNI. | |||
| (3) Only first connection attempt simulated. Browsers sometimes retry with a lower protocol version. | |||
| (R) Denotes a reference browser or client, with which we expect better effective security. | |||
| (All) We use defaults, but some platforms do not use their best protocols and features (e.g., Java 6 & 7, older IE). | |||
| (All) Certificate trust is not checked in handshake simulation, we only perform TLS handshake. | |||
| Protocol Details | |
| Secure Renegotiation | Supported |
| Secure Client-Initiated Renegotiation | Yes |
| Insecure Client-Initiated Renegotiation | No |
| BEAST attack | Mitigated server-side (more info) |
| POODLE (SSLv3) | No, SSL 3 not supported (more info) |
| POODLE (TLS) | No (more info) |
| Zombie POODLE | No (more info) |
| GOLDENDOODLE | No (more info) |
| OpenSSL 0-Length | No (more info) |
| Sleeping POODLE | No (more info) |
| Downgrade attack prevention | Yes, TLS_FALLBACK_SCSV supported (more info) |
| SSL/TLS compression | No |
| RC4 | No |
| Heartbeat (extension) | No |
| Heartbleed (vulnerability) | No (more info) |
| Ticketbleed (vulnerability) | No (more info) |
| OpenSSL CCS vuln. (CVE-2014-0224) | No (more info) |
| OpenSSL Padding Oracle vuln. (CVE-2016-2107) |
No (more info) |
| ROBOT (vulnerability) | No (more info) |
| Forward Secrecy | Yes (with most browsers) ROBUST (more info) |
| ALPN | Yes h2 h2-14 http/1.1 |
| NPN | Yes h2 h2-14 http/1.1 http/1.0 |
| Session resumption (caching) | Yes |
| Session resumption (tickets) | Yes |
| OCSP stapling | Yes |
| Strict Transport Security (HSTS) | Invalid
Server provided more than one HSTS header
|
| HSTS Preloading | Not in: Chrome Edge Firefox IE |
| Public Key Pinning (HPKP) | No (more info) |
| Public Key Pinning Report-Only | No |
| Public Key Pinning (Static) | No (more info) |
| Long handshake intolerance | No |
| TLS extension intolerance | No |
| TLS version intolerance | No |
| Incorrect SNI alerts | No |
| Uses common DH primes | No, DHE suites not supported |
| DH public server param (Ys) reuse | No, DHE suites not supported |
| ECDH public server param reuse | No |
| Supported Named Groups | secp256r1, x25519 (server preferred order) |
| SSL 2 handshake compatibility | No |
| 0-RTT enabled | No |
|
HTTP Requests
|
|
1 https://www.americanexpress.com/
(HTTP/1.1 200 OK)
| 1 | |
| Content-Type | text/html; charset=utf-8 | |
| referrer-policy | no-referrer | |
| strict-transport-security | max-age=63072000; includeSubDomains | |
| x-content-type-options | nosniff | |
| x-dns-prefetch-control | off | |
| x-download-options | noopen | |
| x-frame-options | SAMEORIGIN | |
| x-permitted-cross-domain-policies | none | |
| x-xss-protection | 0 | |
| one-app-version | 6.23.0-c07fbeaa | |
| Cache-Control | no-store | |
| Pragma | no-cache | |
| Content-Security-Policy | report-uri https://homepage1uplifthydra.americanexpress.com/_/report/security/csp-violation; block-all-mixed-content; default-src 'nonce-d25543750a69582b33646d7ab9be1f0e' *.aexp.com 'self' wss://*.americanexpress.com *.americanexpress.com *.aexp-static.com nexus.ensighten.com omn.americanexpress.com assets.adobedtm.com aexp.demdex.net stage.sp100500b5.guided.ss-omtrdc.net sp100500b5.guided.ss-omtrdc.net service.maxymiser.net api.maxymiser.net wss://*.liveperson.net *.liveperson.net *.liveperson.com *.lpsnmedia.net *.liveengage.net *.liveengage.com *.liveper.sn https://addressvalidation.googleapis.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com fonts.gstatic.com csi.gstatic.com ads.yahoo.com cdn.optimizely.com aeopdevvip.acxiom.com aeopprodvip.acxiom.com api.rlcdn.com/api/identity/idl zndhztugwqhlulqht-aexpfeedback.siteintercept.qualtrics.com siteintercept.qualtrics.com aexpfeedback.siteintercept.qualtrics.com aexpfeedback.com ca1.qualtrics.com yul1.qualtrics.com; script-src 'nonce-d25543750a69582b33646d7ab9be1f0e' 'nonce-70303fc2-a504-4164-b647-a51542135874' *.aexp.com c.evidon.com 'self' *.americanexpress.com *.aexp-static.com nexus.ensighten.com service.maxymiser.net api.maxymiser.net *.liveperson.net *.lpsnmedia.net track.sv.rkdms.com api.securedvisit.com omn.americanexpress.com aexp.demdex.net assets.adobedtm.com s.ntv.io ct.contentsquare.net contentsquare.com app.contentsquare.com staging.cdn-net.com www.cdn-net.com utt.impactcdn.com ojrq.net doubleclick.net googleads.g.doubleclick.net ad.doubleclick.net https://www.googletagmanager.com https://pagead2.googlesyndication.com https://doubleclick.net www.googleads.g.doubleclick.net https://ad.doubleclick.net/activity https://googleads.g.doubleclick.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ securepubads.g.doubleclick.net https://www.google.com/gmp/ https://www.google.com/ccm/ https://www.google.com/pagead/ https://www.googleadservices.com; img-src *.aexp.com data: c.evidon.com 'self' blob: *.americanexpress.com *.aexp-static.com amex.sv.rkdms.com images.securedvisit.com stags.bluekai.com p.adsymptotic.com www.facebook.com aax-eu.amazon-adsystem.com aax-fe.amazon-adsystem.com private-orm-open-receipt-match.s3.amazonaws.com s.amazon-adsystem.com b92.yahoo.co.jp sp.analytics.yahoo.com alb.reddit.com https://ad.soicos.com https://lot.neatpowr.com pixel.sojern.com tag.yieldoptimizer.com dc.ads.linkedin.com px.ads.linkedin.com www.bizographics.com www.linkedin.com/px/ *.doublemax.net t.teads.tv track.adform.net jadserve.postrelease.com affleads.latamtracking.com pubads.g.doubleclick.net bat.bing.com/action/ prf.hn c.contentsquare.net r.contentsquare.net l.contentsquare.net wr-us.contentsquare.net pixel.quantserve.com insight.adsrvr.org track.securedvisit.com track.sv.rkdms.com ct.pinterest.com/v3/ *.liveperson.net rtb.adgrx.com tags.w55c.net ping.pdst.fm ib.adnxs.com/pixie pmldigital.go2cloud.org/aff_l pixel.efike.co/pixel.php px.sunmedia.tv/tr pixel.loganmedia.mobi/ traffic.kickadsit.com/ tags.srv.stackadapt.com a.tribalfusion.com px.adentifi.com secure.adnxs.com/ amplify.outbrain.com/ tr.outbrain.com/ dr.outbrain.com/ analytics.twitter.com t.co logs-01.loggly.com pixel.cdn.tagular.com www.google.com/ads/user-lists/ www.google.com/pagead/1p-user-list/ www.gstatic.com/recaptcha/ www.google.com/recaptcha/ ad.doubleclick.net ad-emea.doubleclick.net www.google.com/pagead/1p-conversion/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net https://www.googletagmanager.com ad.au.doubleclick.net/activity https://pagead2.googlesyndication.com https://www.google.com https://ade.googlesyndication.com https://adservice.google.com https://ad.doubleclick.net/activity https://www.google.com/gmp/conversion https://www.google.com/ccm/collect https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat https://www.googleadservices.com https://google.com https://ad.doubleclick.net https://fonts.gstatic.com; style-src *.aexp.com 'unsafe-inline' *.aexp-static.com *.liveperson.net *.americanexpress.com fonts.googleapis.com fonts.gstatic.com csi.gstatic.com content.securedvisit.com; connect-src 'self' *.aexp.com *.aexp-static.com c.evidon.com l.evidon.com optoutapi.evidon.com *.americanexpress.com assets.adobedtm.com aexp.demdex.net dpm.demdex.net zndhztugwqhlulqht-aexpfeedback.siteintercept.qualtrics.com siteintercept.qualtrics.com aexpfeedback.siteintercept.qualtrics.com aexpfeedback.com ca1.qualtrics.com c.contentsquare.net r.contentsquare.net l.contentsquare.net wr-us.contentsquare.net q-aus1.contentsquare.net k-aus1.contentsquare.net *.liveperson.net aeopdevvip.acxiom.com aeopprodvip.acxiom.com track.securedvisit.com amex.sv.rkdms.com track.sv.rkdms.com https://pagead2.googlesyndication.com securepubads.g.doubleclick.net https://www.google.com/gmp/conversion https://www.google.com/ccm/collect https://googleads.g.doubleclick.net https://www.googleadservices.com https://ad.doubleclick.net https://google.com https://www.google.com; manifest-src 'self' *.aexp.com *.americanexpress.com *.aexp-static.com; worker-src 'self' *.aexp.com *.americanexpress.com *.aexp-static.com blob:; frame-ancestors 'none'; frame-src blob: aexp.demdex.net *.idfy.io *.idfy.no *.americanexpress.com *.liveperson.net service.maxymiser.net *.aexp-static.com staging.cdn-net.com www.cdn-net.com api.securedvisit.com https://8627703.fls.doubleclick.net https://189445.fls.doubleclick.net https://14859086.fls.doubleclick.net https://5059743.fls.doubleclick.net https://15058099.fls.doubleclick.net https://8538740.fls.doubleclick.net https://14245440.fls.doubleclick.net https://9145004.fls.doubleclick.net https://15014717.fls.doubleclick.net https://www.goole.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.br https://www.google.com.bo https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat https://td.doubleclick.net https://www.googletagmanager.com; child-src blob: | |
| x-b3-traceid | 6e043ba38def932425c425aa312d13f7 | |
| x-b3-spanid | 17d9fdff8cf59c06 | |
| x-b3-sampled | 1 | |
| traceparent | 00-6e043ba38def932425c425aa312d13f7-17d9fdff8cf59c06-01 | |
| tracestate | c603d647-5eda1a12@dt=fw4;9;d99b05ca;50b2345c;3;0;9;a4a;68e8;2h01;3hd99b05ca;4h50b2345c;5h01;7hef078582adce2139 | |
| strict-transport-security | max-age=31536000; includeSubDomains | |
| x-content-type-options | nosniff | |
| X-Akamai-Transformed | 0 - 0 - | |
| Vary | origin | |
| Date | Wed, 24 Dec 2025 10:42:13 GMT | |
| Transfer-Encoding | chunked | |
| Connection | close | |
| Connection | Transfer-Encoding | |
| Set-Cookie | TS01a91ed4=01368fc6dfe4b33bf5ab55dd9418e3fc0dfa1490b86e566b95677b1789e2041b95472a0b46c9a3f8c26130b9b9ac8c5343674ca229; Path=/; Domain=.americanexpress.com | |
| Set-Cookie | agent-id=a1323542-1beb-4db5-a3b6-72670384a431; expires=Thu, 24-Dec-2026 10:42:13 GMT; path=/; domain=.americanexpress.com; secure; HttpOnly | |
| Akamai-Request-BC | [a=23.219.207.112,b=708966615,c=g,n=US_AZ_TEMPE,o=20940],[c=c,n=US_GA_ATLANTA,o=20940],[a=113,c=o] | |
| Set-Cookie | akaalb_www_homepageus_v18=1766573233~op=www_homepage_enus_LBM:homepagehydraorigin|~rv=85~m=homepagehydraorigin:0|~os=9184cb63cc50160c7345890467a4f9a2~id=d8dbd0bedcca33622fd724a154012f8c; path=/; Expires=Wed, 24 Dec 2025 10:47:13 GMT; HttpOnly; Secure; SameSite=None | |
| Set-Cookie | akaalb_www_homepageus_v18=1766573233~op=www_homepage_enus_LBM:homepagehydraorigin|~rv=85~m=homepagehydraorigin:0|~os=9184cb63cc50160c7345890467a4f9a2~id=d8dbd0bedcca33622fd724a154012f8c; path=/; Expires=Wed, 24 Dec 2025 10:47:13 GMT; HttpOnly; Secure; SameSite=None | |
| Set-Cookie | _abck=B3009DE60AF2D015CB1A30E41BCCADE9~-1~YAAQcM/bF4ajByybAQAAKMLzTw+nfgV3fxUfnAuma1HJfmk5OnxgcMGyTF4t8Na6lUfUQyA8MfmYv5ylLSqcN5lVoRP7fSQ4UVNetgHXA05pFy+7Ck4xHT2RMi7uHBJO0sBEI2lLjq+QTs6UzUhrTJOct6nP1J0syhv+60mQCaorZ+NzmXhnooEz+NizRS5eug102UaQwNWtI+g3ue4UavEKFeDxu59XWLE+wXlHMAwqCc3AczMRClQz+Tgzcbw3jhgyuGNiLLhVKeBaJ5jzol2PIcOpeaDjlCCkxoDaHDFDbrbRhq+lPPcski7zIGUeDJNHZEtkWx7rvE0vAV2DohUukQMRlSF+zHzC/1jo4+nOClCI39U9cljGJNw+GSxxZ4UTCKUPMcK5bBWGhdXxlWisf+E4YvcL4IRaOJ0bea1FUp0WdIX1geLz5DPRGy/8CTRn1e8QwQxnSa/cmcQcYh3qpPEh+V370rt/~-1~-1~-1~-1~-1; Domain=.americanexpress.com; Path=/; Expires=Thu, 24 Dec 2026 10:42:13 GMT; Max-Age=31536000; SameSite=None; Secure | |
| Set-Cookie | bm_sz=3E56CDE42D114039A8563D8FE1B2D9DE~YAAQcM/bF4ejByybAQAAKMLzTx5GBgQWx0pM8B2tVxpHs1vNzPLNBoBy0FyAl6qrWfWwyoH5ZCkKUxkNGQOwjSsG9kSJMRRttfEIFfcMOc6cUnBU9zSTixk/fMYBYL1VlYhZgtCWhQ2TMekPvPOw4z0kLO/PExojwMN/NkVucDNm6otspl7SDy9GN3nmocBs9DkIEmL2Q8Hd4oewxspbxz6B+byBZ478OO99Q31I4hkkrXynf94S8mrrLfrG0YRd3p+qClPKHdN2jtGCLMIjJ8OhWX/b4uYwDKl8WQw+6uxxLea8LuXhcT64MRhmSXEYYq3DmGiOOPkRMzBHfB0KK6dobBcUvkH4SQSt1KXaSGuDelU8B8c=~4474436~3749426; Domain=.americanexpress.com; Path=/; Expires=Wed, 24 Dec 2025 14:42:13 GMT; Max-Age=14400; SameSite=None; Secure | |
| Miscellaneous | |
| Test date | Wed, 24 Dec 2025 10:42:06 UTC |
| Test duration | 46.32 seconds |
| HTTP status code | 200 |
| HTTP server signature | - |
| Server hostname | a23-53-148-101.deploy.static.akamaitechnologies.com |
SSL Report v2.4.1