SSL Report:
www.americanexpress.com
(23.53.148.101)
Assessed on: Thu, 11 Sep 2025 09:29:04 UTC
| Clear cache
Summary
0
20
40
60
80
100
Certificate
Protocol Support
Key Exchange
Cipher Strength
Visit our documentation page
for more information, configuration guides, and books. Known issues are documented
here.
Server sent invalid/disabled HSTS policy. See below for further information. MORE INFO »
This server supports TLS 1.3. MORE INFO »
Certificate #1: RSA 2048 bits (SHA256withRSA)
|
Server Key and Certificate #1
|
|
| Subject |
www.americanexpress.com
Fingerprint SHA256: c5581e4e7ab340c3ce11578a6005e6369c19fc20d80a85042d929cdd56350ce6 Pin SHA256: D1s84gsxVsQYVaXbcqnFfUDy7qglsKjhOZh57AoAtpg= |
| Common names | www.americanexpress.com |
| Alternative names | www.americanexpress.com amexsavings.com www.personalsavings.americanexpress.com www.personalsavings.com personalsavings.com amexmobile.com americanexpress.com |
| Serial Number | 0cc6fb6e2128b0c12b853b23df85fade |
| Valid from | Tue, 29 Oct 2024 00:00:00 UTC |
| Valid until | Tue, 28 Oct 2025 23:59:59 UTC (expires in 1 month and 17 days) |
| Key | RSA 2048 bits (e 65537) |
| Weak key (Debian) | No |
| Issuer | DigiCert SHA2 Extended Validation Server CA
AIA: http://cacerts.digicert.com/DigiCertSHA2ExtendedValidationServerCA.crt |
| Signature algorithm | SHA256withRSA |
| Extended Validation | Yes |
| Certificate Transparency | Yes (certificate) |
| OCSP Must Staple | No |
| Revocation information |
CRL, OCSP CRL: http://crl3.digicert.com/sha2-ev-server-g3.crl OCSP: http://ocsp.digicert.com |
| Revocation status | Good (not revoked) |
| DNS CAA | No (more info) |
| Trusted | Yes
Mozilla Apple Android Java Windows |
Certification Paths |
Configuration
| Protocols | |
| TLS 1.3 | Yes |
| TLS 1.2 | Yes |
| TLS 1.1 | No |
| TLS 1.0 | No |
| SSL 3 | No |
| SSL 2 | No |
| Cipher Suites | ||
|
# TLS 1.3 (suites in server-preferred order)
|
||
TLS_AES_256_GCM_SHA384 (0x1302)
ECDH x25519 (eq. 3072 bits RSA) FS
|
256 | |
TLS_CHACHA20_POLY1305_SHA256 (0x1303)
ECDH x25519 (eq. 3072 bits RSA) FS
|
256P | |
TLS_AES_128_GCM_SHA256 (0x1301)
ECDH x25519 (eq. 3072 bits RSA) FS
|
128 | |
|
# TLS 1.2 (suites in server-preferred order)
|
||
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
ECDH secp256r1 (eq. 3072 bits RSA) FS
|
256 | |
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
ECDH secp256r1 (eq. 3072 bits RSA) FS
|
128 | |
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)
ECDH secp256r1 (eq. 3072 bits RSA) FS
|
256P | |
| (P) This server prefers ChaCha20 suites with clients that don't have AES-NI (e.g., Android devices) | ||
| Handshake Simulation | |||
| Android 4.4.2 | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Android 5.0.0 | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
| Android 6.0 | RSA 2048 (SHA256) | TLS 1.2 > http/1.1 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
| Android 7.0 | RSA 2048 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ECDH secp256r1 FS |
| Android 8.0 | RSA 2048 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ECDH secp256r1 FS |
| Android 8.1 | - | TLS 1.3 | TLS_CHACHA20_POLY1305_SHA256 ECDH x25519 FS |
| Android 9.0 | - | TLS 1.3 | TLS_CHACHA20_POLY1305_SHA256 ECDH x25519 FS |
| BingPreview Jan 2015 | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Chrome 49 / XP SP3 | RSA 2048 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
| Chrome 69 / Win 7 R | RSA 2048 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Chrome 70 / Win 10 | - | TLS 1.3 | TLS_AES_256_GCM_SHA384 ECDH x25519 FS |
| Chrome 80 / Win 10 R | - | TLS 1.3 | TLS_AES_256_GCM_SHA384 ECDH x25519 FS |
| Firefox 31.3.0 ESR / Win 7 | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
| Firefox 47 / Win 7 R | RSA 2048 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDH secp256r1 FS |
| Firefox 49 / XP SP3 | RSA 2048 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Firefox 62 / Win 7 R | RSA 2048 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Firefox 73 / Win 10 R | - | TLS 1.3 | TLS_AES_256_GCM_SHA384 ECDH x25519 FS |
| Googlebot Feb 2018 | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| IE 11 / Win 7 R |
Server sent fatal alert: handshake_failure |
||
| IE 11 / Win 8.1 R |
Server sent fatal alert: handshake_failure |
||
| IE 11 / Win Phone 8.1 R |
Server sent fatal alert: handshake_failure |
||
| IE 11 / Win Phone 8.1 Update R |
Server sent fatal alert: handshake_failure |
||
| IE 11 / Win 10 R | RSA 2048 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Edge 15 / Win 10 R | RSA 2048 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Edge 16 / Win 10 R | RSA 2048 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Edge 18 / Win 10 R | RSA 2048 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Edge 13 / Win Phone 10 R | RSA 2048 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Java 8u161 | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Java 11.0.3 | - | TLS 1.3 | TLS_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Java 12.0.1 | - | TLS 1.3 | TLS_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| OpenSSL 1.0.1l R | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| OpenSSL 1.0.2s R | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| OpenSSL 1.1.0k R | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| OpenSSL 1.1.1c R | - | TLS 1.3 | TLS_AES_256_GCM_SHA384 ECDH x25519 FS |
| Safari 6 / iOS 6.0.1 |
Server sent fatal alert: handshake_failure |
||
| Safari 7 / iOS 7.1 R |
Server sent fatal alert: handshake_failure |
||
| Safari 7 / OS X 10.9 R |
Server sent fatal alert: handshake_failure |
||
| Safari 8 / iOS 8.4 R |
Server sent fatal alert: handshake_failure |
||
| Safari 8 / OS X 10.10 R |
Server sent fatal alert: handshake_failure |
||
| Safari 9 / iOS 9 R | RSA 2048 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Safari 9 / OS X 10.11 R | RSA 2048 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Safari 10 / iOS 10 R | RSA 2048 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Safari 10 / OS X 10.12 R | RSA 2048 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Safari 12.1.2 / MacOS 10.14.6 Beta R | - | TLS 1.3 | TLS_CHACHA20_POLY1305_SHA256 ECDH x25519 FS |
| Safari 12.1.1 / iOS 12.3.1 R | - | TLS 1.3 | TLS_CHACHA20_POLY1305_SHA256 ECDH x25519 FS |
| Apple ATS 9 / iOS 9 R | RSA 2048 (SHA256) | TLS 1.2 > h2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| Yahoo Slurp Jan 2015 | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
| YandexBot Jan 2015 | RSA 2048 (SHA256) | TLS 1.2 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS |
|
# Not simulated clients (Protocol mismatch)
|
|||
| Android 2.3.7 No SNI 2 |
Protocol mismatch (not simulated) |
||
| Android 4.0.4 |
Protocol mismatch (not simulated) |
||
| Android 4.1.1 |
Protocol mismatch (not simulated) |
||
| Android 4.2.2 |
Protocol mismatch (not simulated) |
||
| Android 4.3 |
Protocol mismatch (not simulated) |
||
| Baidu Jan 2015 |
Protocol mismatch (not simulated) |
||
| IE 6 / XP No FS 1 No SNI 2 |
Protocol mismatch (not simulated) |
||
| IE 7 / Vista |
Protocol mismatch (not simulated) |
||
| IE 8 / XP No FS 1 No SNI 2 |
Protocol mismatch (not simulated) |
||
| IE 8-10 / Win 7 R |
Protocol mismatch (not simulated) |
||
| IE 10 / Win Phone 8.0 |
Protocol mismatch (not simulated) |
||
| Java 6u45 No SNI 2 |
Protocol mismatch (not simulated) |
||
| Java 7u25 |
Protocol mismatch (not simulated) |
||
| OpenSSL 0.9.8y |
Protocol mismatch (not simulated) |
||
| Safari 5.1.9 / OS X 10.6.8 |
Protocol mismatch (not simulated) |
||
| Safari 6.0.4 / OS X 10.8.4 R |
Protocol mismatch (not simulated) |
||
| (1) Clients that do not support Forward Secrecy (FS) are excluded when determining support for it. | |||
| (2) No support for virtual SSL hosting (SNI). Connects to the default site if the server uses SNI. | |||
| (3) Only first connection attempt simulated. Browsers sometimes retry with a lower protocol version. | |||
| (R) Denotes a reference browser or client, with which we expect better effective security. | |||
| (All) We use defaults, but some platforms do not use their best protocols and features (e.g., Java 6 & 7, older IE). | |||
| (All) Certificate trust is not checked in handshake simulation, we only perform TLS handshake. | |||
| Protocol Details | |
| Secure Renegotiation | Supported |
| Secure Client-Initiated Renegotiation | No |
| Insecure Client-Initiated Renegotiation | No |
| BEAST attack | Mitigated server-side (more info) |
| POODLE (SSLv3) | No, SSL 3 not supported (more info) |
| POODLE (TLS) | No (more info) |
| Zombie POODLE | No (more info) |
| GOLDENDOODLE | No (more info) |
| OpenSSL 0-Length | No (more info) |
| Sleeping POODLE | No (more info) |
| Downgrade attack prevention | Yes, TLS_FALLBACK_SCSV supported (more info) |
| SSL/TLS compression | No |
| RC4 | No |
| Heartbeat (extension) | No |
| Heartbleed (vulnerability) | No (more info) |
| Ticketbleed (vulnerability) | No (more info) |
| OpenSSL CCS vuln. (CVE-2014-0224) | No (more info) |
| OpenSSL Padding Oracle vuln. (CVE-2016-2107) |
No (more info) |
| ROBOT (vulnerability) | No (more info) |
| Forward Secrecy | Yes (with most browsers) ROBUST (more info) |
| ALPN | Yes h2 h2-14 http/1.1 |
| NPN | Yes h2 h2-14 http/1.1 http/1.0 |
| Session resumption (caching) | Yes |
| Session resumption (tickets) | Yes |
| OCSP stapling | Yes |
| Strict Transport Security (HSTS) | Invalid
Server provided more than one HSTS header
|
| HSTS Preloading | Not in: Chrome Edge Firefox IE |
| Public Key Pinning (HPKP) | No (more info) |
| Public Key Pinning Report-Only | No |
| Public Key Pinning (Static) | No (more info) |
| Long handshake intolerance | No |
| TLS extension intolerance | No |
| TLS version intolerance | No |
| Incorrect SNI alerts | No |
| Uses common DH primes | No, DHE suites not supported |
| DH public server param (Ys) reuse | No, DHE suites not supported |
| ECDH public server param reuse | No |
| Supported Named Groups | secp256r1, x25519 (server preferred order) |
| SSL 2 handshake compatibility | No |
| 0-RTT enabled | No |
|
HTTP Requests
|
|
1 https://www.americanexpress.com/
(HTTP/1.1 200 OK)
| 1 | |
| Content-Type | text/html; charset=utf-8 | |
| referrer-policy | no-referrer | |
| strict-transport-security | max-age=63072000; includeSubDomains | |
| x-content-type-options | nosniff | |
| x-dns-prefetch-control | off | |
| x-download-options | noopen | |
| x-frame-options | SAMEORIGIN | |
| x-permitted-cross-domain-policies | none | |
| x-xss-protection | 0 | |
| one-app-version | 6.15.1-a742bedc | |
| Cache-Control | no-store | |
| Pragma | no-cache | |
| Content-Security-Policy | report-uri https://homepage1uplifthydra.americanexpress.com/_/report/security/csp-violation; block-all-mixed-content; default-src 'nonce-6fc55a621eb6c0dc955e822051abf0fb' *.aexp.com 'self' wss://*.americanexpress.com *.americanexpress.com *.aexp-static.com nexus.ensighten.com omn.americanexpress.com assets.adobedtm.com aexp.demdex.net stage.sp100500b5.guided.ss-omtrdc.net sp100500b5.guided.ss-omtrdc.net service.maxymiser.net api.maxymiser.net wss://*.liveperson.net *.liveperson.net *.liveperson.com *.lpsnmedia.net *.liveengage.net *.liveengage.com *.liveper.sn maps.googleapis.com maps.gstatic.com fonts.googleapis.com fonts.gstatic.com csi.gstatic.com ads.yahoo.com cdn.optimizely.com aeopdevvip.acxiom.com aeopprodvip.acxiom.com api.rlcdn.com/api/identity/idl zndhztugwqhlulqht-aexpfeedback.siteintercept.qualtrics.com siteintercept.qualtrics.com aexpfeedback.siteintercept.qualtrics.com aexpfeedback.com ca1.qualtrics.com yul1.qualtrics.com; script-src 'nonce-6fc55a621eb6c0dc955e822051abf0fb' 'nonce-e30782f2-7f2d-4fe8-9c75-40043d140a94' *.aexp.com c.evidon.com 'self' *.americanexpress.com *.aexp-static.com nexus.ensighten.com service.maxymiser.net api.maxymiser.net *.liveperson.net *.lpsnmedia.net www.googletagmanager.com doubleclick.net googleads.g.doubleclick.net ad.doubleclick.net googleadservices.com track.sv.rkdms.com api.securedvisit.com omn.americanexpress.com aexp.demdex.net assets.adobedtm.com s.ntv.io ct.contentsquare.net contentsquare.com app.contentsquare.com staging.cdn-net.com www.cdn-net.com utt.impactcdn.com ojrq.net; img-src *.aexp.com data: c.evidon.com 'self' blob: *.americanexpress.com *.aexp-static.com amex.sv.rkdms.com images.securedvisit.com stags.bluekai.com p.adsymptotic.com www.facebook.com www.googleadservices.com/pagead/conversion/ googleads.g.doubleclick.net ad.doubleclick.net ad-emea.doubleclick.net aax-eu.amazon-adsystem.com aax-fe.amazon-adsystem.com private-orm-open-receipt-match.s3.amazonaws.com s.amazon-adsystem.com b92.yahoo.co.jp sp.analytics.yahoo.com alb.reddit.com adservice.google.com www.google.com/ads/user-lists/ www.google.com/pagead/1p-user-list/ www.gstatic.com/recaptcha/ www.google.com/recaptcha/ https://ad.soicos.com https://lot.neatpowr.com pixel.sojern.com tag.yieldoptimizer.com dc.ads.linkedin.com px.ads.linkedin.com www.bizographics.com www.linkedin.com/px/ *.doublemax.net t.teads.tv track.adform.net jadserve.postrelease.com affleads.latamtracking.com pubads.g.doubleclick.net bat.bing.com/action/ prf.hn c.contentsquare.net r.contentsquare.net l.contentsquare.net wr-us.contentsquare.net pixel.quantserve.com insight.adsrvr.org track.securedvisit.com track.sv.rkdms.com ct.pinterest.com/v3/ *.liveperson.net rtb.adgrx.com tags.w55c.net ping.pdst.fm ib.adnxs.com/pixie pmldigital.go2cloud.org/aff_l pixel.efike.co/pixel.php px.sunmedia.tv/tr pixel.loganmedia.mobi/ traffic.kickadsit.com/ tags.srv.stackadapt.com a.tribalfusion.com px.adentifi.com secure.adnxs.com/ amplify.outbrain.com/ tr.outbrain.com/ dr.outbrain.com/ analytics.twitter.com t.co logs-01.loggly.com pixel.cdn.tagular.com; style-src *.aexp.com 'unsafe-inline' *.aexp-static.com *.liveperson.net *.americanexpress.com content.securedvisit.com; connect-src 'self' *.aexp.com *.aexp-static.com c.evidon.com l.evidon.com optoutapi.evidon.com *.americanexpress.com assets.adobedtm.com aexp.demdex.net dpm.demdex.net zndhztugwqhlulqht-aexpfeedback.siteintercept.qualtrics.com siteintercept.qualtrics.com aexpfeedback.siteintercept.qualtrics.com aexpfeedback.com ca1.qualtrics.com c.contentsquare.net r.contentsquare.net l.contentsquare.net wr-us.contentsquare.net q-aus1.contentsquare.net k-aus1.contentsquare.net *.liveperson.net aeopdevvip.acxiom.com aeopprodvip.acxiom.com track.securedvisit.com amex.sv.rkdms.com track.sv.rkdms.com; manifest-src 'self' *.aexp.com *.americanexpress.com *.aexp-static.com; worker-src 'self' *.aexp.com *.americanexpress.com *.aexp-static.com blob:; frame-ancestors 'none'; frame-src blob: aexp.demdex.net *.idfy.io *.idfy.no *.americanexpress.com *.liveperson.net service.maxymiser.net *.aexp-static.com staging.cdn-net.com www.cdn-net.com api.securedvisit.com; child-src blob: | |
| strict-transport-security | max-age=31536000; includeSubDomains | |
| x-content-type-options | nosniff | |
| X-Akamai-Transformed | 0 - 0 - | |
| Vary | origin | |
| Date | Thu, 11 Sep 2025 09:28:27 GMT | |
| Transfer-Encoding | chunked | |
| Connection | close | |
| Connection | Transfer-Encoding | |
| Set-Cookie | TS01a91ed4=0184e46168ef373eb79c982ff408437a8540f67bc053039c2d014614f3b2af0d0cbc99cc8db92f84f3724ef2127a43e25847f41129; Path=/; Domain=.americanexpress.com; | |
| Set-Cookie | agent-id=8e99fd6e-2979-4dad-afeb-f39f9da370b1; expires=Fri, 11-Sep-2026 09:28:27 GMT; path=/; domain=.americanexpress.com; secure; HttpOnly | |
| Akamai-Request-BC | [a=23.219.207.112,b=310299435,c=g,n=US_AZ_TEMPE,o=20940],[c=c,n=US_VA_STERLING,o=20940],[a=114,c=o] | |
| Set-Cookie | akaalb_www_homepageus_v18=1757583207~op=www_homepage_enus_LBM:homepagehydraorigin|~rv=14~m=homepagehydraorigin:0|~os=9184cb63cc50160c7345890467a4f9a2~id=d01396599bc2f011a1ade4c75a036df5; path=/; Expires=Thu, 11 Sep 2025 09:33:27 GMT; HttpOnly; Secure; SameSite=None | |
| Set-Cookie | akaalb_www_homepageus_v18=1757583207~op=www_homepage_enus_LBM:homepagehydraorigin|~rv=14~m=homepagehydraorigin:0|~os=9184cb63cc50160c7345890467a4f9a2~id=d01396599bc2f011a1ade4c75a036df5; path=/; Expires=Thu, 11 Sep 2025 09:33:27 GMT; HttpOnly; Secure; SameSite=None | |
| Set-Cookie | _abck=43B3D9A36CC03C5669BCEF6225F690D7~-1~YAAQcM/bF7ydpiuZAQAAKNcaOA4TbenZZNegFV0VLv8/k9F4PzxcJG0dDrHtkehWdvBVZyAXINEMwBdRd61PkrUfRZNV8ej1iE/gXXcDLuZEJPV/rg5U4dWBZ1/LXLtAmlD9Q+SDSrrTewoZCcFUk0JBAyTRGJmE5an98MmEVoQ8/qTYoWnPnBGk+6C3gM+1fW+urxybaQ6NboJBCvF/TVnSFzPEP9TYaBBYJAnaR+QDL5s9ah+TcbJUkKt464d1lwd1eE+avnGkF4jvWpssEGZltiyCweBxlcDNVZ2hynqpR/NIt3Fd3nPS7qxCLuOKDS4NnPYwzCZUqfHbtuxZi7qengMd30cwhTkw7u7zNLpwP+RWx33bL5Ld77FLu6a4Jaa6pH5zqDHfJW2r3WuGYLHwgTZ7YNcX1P6fFep8LGp9mER2OKV2gFtLHDmtjDIvPJSC//FMIM8l3lll5zvEyL+xsTF8ZPuNRg67~-1~-1~-1~-1~-1; Domain=.americanexpress.com; Path=/; Expires=Fri, 11 Sep 2026 09:28:27 GMT; Max-Age=31536000; SameSite=None; Secure | |
| Set-Cookie | bm_sz=9DADB95F60127E96916713C944915D53~YAAQcM/bF72dpiuZAQAAKNcaOB0YY4PW4TR5nN6DGIJ7GeZGL9rF+MewgRkzhsmvzGpHKGbdSSg4AVigzHQL3fKj2MudYG7YTRAmmO1UZ/Z+YR+zPrPlmBksOEfvfVZO9+Ksm0VwSnS1Suofl9dkVj6Xt/FZSfIcI83Yf9q8J8B1S7V5b0AFd1rhgXU1433IDQAeBSDRu9+w3TTSl9KtRRTquAgiUpBB1GKvCvBV+KYapxxG6bGr6a4CWxtTVxoXFGALtOTURG6lj1yJXN5So62/cwJ29UeUfSA6tttjgZTCRy9bDMcBBgFKUfAJBQTBbvXNGLDHdATwjNGHzFFHlcj9nc3NiptpUeUj83lCojWwYfMfURE=~3162694~4471097; Domain=.americanexpress.com; Path=/; Expires=Thu, 11 Sep 2025 13:28:26 GMT; Max-Age=14399; SameSite=None; Secure | |
| Miscellaneous | |
| Test date | Thu, 11 Sep 2025 09:28:19 UTC |
| Test duration | 45.377 seconds |
| HTTP status code | 200 |
| HTTP server signature | - |
| Server hostname | a23-53-148-101.deploy.static.akamaitechnologies.com |
SSL Report v2.4.1