Submitted URL: http://l.h1.hilton.com/rts/go2.aspx?h=2155146&tp=i-1NGB-Ak-TNk-9E0xXi-2H-22V7BI-1c-9DB46y-l6pHyVoToi-Wx7C2&x=586051524%...
Effective URL: https://apply.americanexpress.com/hilton-cobrand/?page_url=288
Submission: On December 03 via api from SE — Scanned from DE

Summary

This website contacted 13 IPs in 4 countries across 12 domains to perform 64 HTTP transactions. The main IP is 104.130.70.25, located in United States and belongs to RACKSPACE, US. The main domain is apply.americanexpress.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on March 5th 2021. Valid for: a year.
This is the only time apply.americanexpress.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 173.213.4.175 53316 (ASN-CHEET...)
2 2 18.66.122.102 16509 (AMAZON-02)
1 1 13.225.87.45 16509 (AMAZON-02)
33 104.130.70.25 19994 (RACKSPACE)
2 2 104.89.27.168 16625 (AKAMAI-AS)
2 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
5 104.89.34.51 16625 (AKAMAI-AS)
1 3 54.228.253.216 16509 (AMAZON-02)
7 34.96.102.137 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 4 13.36.218.177 16509 (AMAZON-02)
4 3.124.119.57 16509 (AMAZON-02)
1 139.71.50.190 ()
64 13
Domain Requested by
33 apply.americanexpress.com l.h1.hilton.com
apply.americanexpress.com
7 dev.visualwebsiteoptimizer.com apply.americanexpress.com
dev.visualwebsiteoptimizer.com
4 tms.americanexpress.com www.americanexpress.com
3 icm.aexp-static.com tms.americanexpress.com
www.americanexpress.com
3 dpm.demdex.net 1 redirects apply.americanexpress.com
www.americanexpress.com
2 smetric.hilton.com 1 redirects apply.americanexpress.com
2 omns.americanexpress.com www.americanexpress.com
assets.adobedtm.com
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 www.aexp-static.com apply.americanexpress.com
www.americanexpress.com
2 assets.adobedtm.com apply.americanexpress.com
www.americanexpress.com
2 www.americanexpress.com 2 redirects
2 www.movable-ink-6437.com 2 redirects
1 gct.americanexpress.com www.aexp-static.com
1 cdnjs.cloudflare.com apply.americanexpress.com
1 www.googletagmanager.com apply.americanexpress.com
1 ajax.googleapis.com apply.americanexpress.com
1 prvsz4pe.micpn.com 1 redirects
1 s.h1.hilton.com l.h1.hilton.com
1 l.h1.hilton.com
64 19

This site contains links to these domains. Also see Links.

Domain
www.americanexpress.com
hiltonhonors3.hilton.com
info.evidon.com
Subject Issuer Validity Valid
h1.hilton.com
DigiCert TLS RSA SHA256 2020 CA1
2021-02-17 -
2022-02-21
a year crt.sh
apply.americanexpress.com
Sectigo RSA Domain Validation Secure Server CA
2021-03-05 -
2022-03-05
a year crt.sh
upload.video.google.com
GTS CA 1C3
2021-11-01 -
2022-01-24
3 months crt.sh
*.google-analytics.com
GTS CA 1C3
2021-11-01 -
2022-01-24
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2021-09-21 -
2022-09-20
a year crt.sh
assets.adobedtm.com
DigiCert TLS RSA SHA256 2020 CA1
2021-09-10 -
2022-09-10
a year crt.sh
*.visualwebsiteoptimizer.com
Starfield Secure Certificate Authority - G2
2020-06-19 -
2022-07-06
2 years crt.sh
omns.americanexpress.com
DigiCert SHA2 Secure Server CA
2020-02-06 -
2022-02-10
2 years crt.sh
*.demdex.net
DigiCert TLS RSA SHA256 2020 CA1
2021-10-19 -
2022-11-19
a year crt.sh
tms.americanexpress.com
DigiCert SHA2 Extended Validation Server CA
2021-04-01 -
2022-04-06
a year crt.sh
m.americanexpress.com
DigiCert SHA2 Extended Validation Server CA
2021-06-08 -
2022-07-09
a year crt.sh
gctv4-r2.americanexpress.com
DigiCert SHA2 Extended Validation Server CA
2021-02-15 -
2022-03-17
a year crt.sh

This page contains 1 frames:

Primary Page: https://apply.americanexpress.com/hilton-cobrand/?page_url=288
Frame ID: BA992F458294AD85A14D3EC770983BB1
Requests: 64 HTTP requests in this frame

Screenshot

Page Title

Hilton Honors American Express CardsStyle / Icons & Glyphs / Icons / Actions / Thumbs Up / FilledStyle / Icons & Glyphs / Icons / Membership / Rewards / FilledStyle / Icons & Glyphs / Icons / Business / Business / FilledStyle / Icons & Glyphs / Icons / Actions / Thumbs Up / FilledStyle / Icons & Glyphs / Icons / Membership / Rewards / FilledStyle / Icons & Glyphs / Icons / Business / Business / Filled

Page URL History Show full URLs

  1. http://l.h1.hilton.com/rts/go2.aspx?h=2155146&tp=i-1NGB-Ak-TNk-9E0xXi-2H-22V7BI-1c-9DB46y-l6pHyVoTo... Page URL
  2. https://www.movable-ink-6437.com/p/cp/e271971615e2cdc8/c?mi_u=586051524&mi_ign=8452293078&mi_cellcode=AHTSTSU... HTTP 302
    https://prvsz4pe.micpn.com/p/cp/e271971615e2cdc8/r?mi_u=586051524&mi_ign=8452293078&mi_cellcode=AHTSTSU... HTTP 302
    https://www.movable-ink-6437.com/p/rp/617e501e6a574919/url?mi_u=586051524&mi_ign=8452293078&mi_cellcode=AHTST... HTTP 302
    https://apply.americanexpress.com/hilton-cobrand/?page_url=288 Page URL

Page Statistics

64
Requests

92 %
HTTPS

31 %
IPv6

12
Domains

19
Subdomains

13
IPs

4
Countries

4744 kB
Transfer

6245 kB
Size

29
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://l.h1.hilton.com/rts/go2.aspx?h=2155146&tp=i-1NGB-Ak-TNk-9E0xXi-2H-22V7BI-1c-9DB46y-l6pHyVoToi-Wx7C2&x=586051524%7c8452293078%7cAHTSTSUR%7c4320794740586051524%7c1243371521%7c586051524%7c8452293078%7c112948 Page URL
  2. https://www.movable-ink-6437.com/p/cp/e271971615e2cdc8/c?mi_u=586051524&mi_ign=8452293078&mi_cellcode=AHTSTSUR&mi_comm_hist_id=4320794740586051524&mi_hh_num=1243371521&customerid=586051524&url=https%3A%2F%2Fwww.movable-ink-6437.com%2Fp%2Frp%2F617e501e6a574919%2Furl&om_rid=8452293078&om_mid=112948 HTTP 302
    https://prvsz4pe.micpn.com/p/cp/e271971615e2cdc8/r?mi_u=586051524&mi_ign=8452293078&mi_cellcode=AHTSTSUR&mi_comm_hist_id=4320794740586051524&mi_hh_num=1243371521&customerid=586051524&url=https%3A%2F%2Fwww.movable-ink-6437.com%2Fp%2Frp%2F617e501e6a574919%2Furl&om_rid=8452293078&om_mid=112948 HTTP 302
    https://www.movable-ink-6437.com/p/rp/617e501e6a574919/url?mi_u=586051524&mi_ign=8452293078&mi_cellcode=AHTSTSUR&mi_comm_hist_id=4320794740586051524&mi_hh_num=1243371521&customerid=586051524&om_rid=8452293078&om_mid=112948 HTTP 302
    https://apply.americanexpress.com/hilton-cobrand/?page_url=288 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2
  • https://www.americanexpress.com/adobedtm-acq HTTP 301
  • https://assets.adobedtm.com/98caf8fccc463fd7e47088b35e73b27720bb5cc1/satelliteLib-f424e4c1e880782914108fb45b503d9aae8fe034.js
Request Chain 33
  • https://www.americanexpress.com/adobetracking HTTP 301
  • https://www.aexp-static.com/cdaas/api/axpi/ensighten/amex/Bootstrap.js
Request Chain 34
  • https://dpm.demdex.net/id?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5C36123F5245AF470A490D45%40AdobeOrg&d_nsid=15&ts=1638549856732 HTTP 302
  • https://dpm.demdex.net/id/rd?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5C36123F5245AF470A490D45%40AdobeOrg&d_nsid=15&ts=1638549856732
Request Chain 57
  • https://smetric.hilton.com/b/ss/hiltonglobalprod/1/pixel/s496901591.2809187?ce=UTF-8&pageName=LandingPage&c.aex.appstatus=AmexMCLP&g=https%3A%2F%2Fapply.americanexpress.com%2Fhilton-cobrand%2F%3Fpage_url%3D288 HTTP 302
  • https://smetric.hilton.com/b/ss/hiltonglobalprod/1/pixel/s496901591.2809187?AQB=1&pccr=true&vidn=30D524B0C3211B7E-4000071A43878093&ce=UTF-8&pageName=LandingPage&c.aex.appstatus=AmexMCLP&g=https%3A%2F%2Fapply.americanexpress.com%2Fhilton-cobrand%2F%3Fpage_url%3D288&AQE=1

64 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
go2.aspx
l.h1.hilton.com/rts/
1 KB
2 KB
Document
General
Full URL
http://l.h1.hilton.com/rts/go2.aspx?h=2155146&tp=i-1NGB-Ak-TNk-9E0xXi-2H-22V7BI-1c-9DB46y-l6pHyVoToi-Wx7C2&x=586051524%7c8452293078%7cAHTSTSUR%7c4320794740586051524%7c1243371521%7c586051524%7c8452293078%7c112948
Protocol
HTTP/1.1
Server
173.213.4.175 , United States, ASN53316 (ASN-CHEETA-MAIL, US),
Reverse DNS
Software
/
Resource Hash
2c37faf71b6e8635f7efa78150647a665aa26844f032899245a76028188f33e5

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Cache-Control
private
Transfer-Encoding
chunked
Content-Type
text/html; charset=utf-8
Server
X-Powered-By
Date
Fri, 03 Dec 2021 16:44:14 GMT
SetCookie.gif
s.h1.hilton.com/wts/WebEvent/
807 B
2 KB
Image
General
Full URL
https://s.h1.hilton.com/wts/WebEvent/SetCookie.gif?tp=i-1NGB-Ak-TNk-9E0xXi-2H-22V7BI-1c-9DB46y-l6pHyVoToi-Wx7C2
Requested by
Host: l.h1.hilton.com
URL: http://l.h1.hilton.com/rts/go2.aspx?h=2155146&tp=i-1NGB-Ak-TNk-9E0xXi-2H-22V7BI-1c-9DB46y-l6pHyVoToi-Wx7C2&x=586051524%7c8452293078%7cAHTSTSUR%7c4320794740586051524%7c1243371521%7c586051524%7c8452293078%7c112948
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
173.213.4.175 , United States, ASN53316 (ASN-CHEETA-MAIL, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://l.h1.hilton.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 03 Dec 2021 16:44:14 GMT
X-AspNetMvc-Version
3.0
Server
X-Powered-By
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
no-cache, max-age=0
Content-Length
807
Expires
0
Primary Request /
apply.americanexpress.com/hilton-cobrand/
Redirect Chain
  • https://www.movable-ink-6437.com/p/cp/e271971615e2cdc8/c?mi_u=586051524&mi_ign=8452293078&mi_cellcode=AHTSTSUR&mi_comm_hist_id=4320794740586051524&mi_hh_num=1243371521&customerid=586051524&url=http...
  • https://prvsz4pe.micpn.com/p/cp/e271971615e2cdc8/r?mi_u=586051524&mi_ign=8452293078&mi_cellcode=AHTSTSUR&mi_comm_hist_id=4320794740586051524&mi_hh_num=1243371521&customerid=586051524&url=https%3A%2...
  • https://www.movable-ink-6437.com/p/rp/617e501e6a574919/url?mi_u=586051524&mi_ign=8452293078&mi_cellcode=AHTSTSUR&mi_comm_hist_id=4320794740586051524&mi_hh_num=1243371521&customerid=586051524&om_rid...
  • https://apply.americanexpress.com/hilton-cobrand/?page_url=288
176 KB
24 KB
Document
General
Full URL
https://apply.americanexpress.com/hilton-cobrand/?page_url=288
Requested by
Host: l.h1.hilton.com
URL: http://l.h1.hilton.com/rts/go2.aspx?h=2155146&tp=i-1NGB-Ak-TNk-9E0xXi-2H-22V7BI-1c-9DB46y-l6pHyVoToi-Wx7C2&x=586051524%7c8452293078%7cAHTSTSUR%7c4320794740586051524%7c1243371521%7c586051524%7c8452293078%7c112948
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
104.130.70.25 , United States, ASN19994 (RACKSPACE, US),
Reverse DNS
Software
Apache /
Resource Hash
8a58fd45b1bb5bfc59d8bd1caa631db68ed31e84c0bc0daa6fb59df1446ff263
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://www.hilton.com/en/
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
http://l.h1.hilton.com/rts/go2.aspx?h=2155146&tp=i-1NGB-Ak-TNk-9E0xXi-2H-22V7BI-1c-9DB46y-l6pHyVoToi-Wx7C2&x=586051524%7c8452293078%7cAHTSTSUR%7c4320794740586051524%7c1243371521%7c586051524%7c8452293078%7c112948

Response headers

link
<https://apply.americanexpress.com/wp-json/>; rel="https://api.w.org/", <https://apply.americanexpress.com/wp-json/wp/v2/pages/3501>; rel="alternate"; type="application/json", <https://apply.americanexpress.com/?p=3501>; rel=shortlink
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
cache-control
max-age=600
expires
Fri, 03 Dec 2021 16:54:16 GMT
vary
Accept-Encoding
content-encoding
gzip
x-xss-protection
1; mode=block
x-content-type-options
nosniff
x-frame-options
ALLOW-FROM https://www.hilton.com/en/
content-length
23934
content-type
text/html; charset=UTF-8
date
Fri, 03 Dec 2021 16:44:16 GMT
server
Apache

Redirect headers

content-length
0
location
https://apply.americanexpress.com/hilton-cobrand/?page_url=288
x-uuid
5081a5a0-baf3-4b94-ad73-f876b8d04cd2
cache-control
no-cache max-age=0
expires
Thu, 01 Dec 1994 16:00:00 GMT
p3p
policyref="https://movableink.com/w3c/p3p.xml", CP="DEVa PSAa PSDa IVAa IVDa OUR IND DSP NON COR NAV UNI"
date
Fri, 03 Dec 2021 16:44:15 GMT
x-cache
Miss from cloudfront
via
1.1 2f72de1f504b6784c7adb04e7fe314f2.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P2
x-amz-cf-id
KRTCrspNUT2SMVH-4TOWiCqJo_eEiIOdypjOgO1xrpe5QhC24v8VrA==
satelliteLib-f424e4c1e880782914108fb45b503d9aae8fe034.js
assets.adobedtm.com/98caf8fccc463fd7e47088b35e73b27720bb5cc1/
Redirect Chain
  • https://www.americanexpress.com/adobedtm-acq
  • https://assets.adobedtm.com/98caf8fccc463fd7e47088b35e73b27720bb5cc1/satelliteLib-f424e4c1e880782914108fb45b503d9aae8fe034.js
302 KB
63 KB
Script
General
Full URL
https://assets.adobedtm.com/98caf8fccc463fd7e47088b35e73b27720bb5cc1/satelliteLib-f424e4c1e880782914108fb45b503d9aae8fe034.js
Requested by
Host: apply.americanexpress.com
URL: https://apply.americanexpress.com/hilton-cobrand/?page_url=288
Protocol
H2
Server
2a02:26f0:6c00:299::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
3bbed854e109af25d52885777b5237605d6fe94adbb3b6065a8a3ed57c815fd5

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://apply.americanexpress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 16:44:16 GMT
content-encoding
gzip
last-modified
Thu, 11 Nov 2021 08:10:26 GMT
server
AkamaiNetStorage
etag
"57ebb8b3a76d781475738ae9b94d4a06:1636618226.449093"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://apply.americanexpress.com
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
63943
expires
Fri, 03 Dec 2021 17:44:16 GMT

Redirect headers

location
https://assets.adobedtm.com/98caf8fccc463fd7e47088b35e73b27720bb5cc1/satelliteLib-f424e4c1e880782914108fb45b503d9aae8fe034.js
date
Fri, 03 Dec 2021 16:44:16 GMT
server
AkamaiGHost
content-length
0
x-frame-options
SAMEORIGIN
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.5.1/
87 KB
31 KB
Script
General
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
Requested by
Host: apply.americanexpress.com
URL: https://apply.americanexpress.com/hilton-cobrand/?page_url=288
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://apply.americanexpress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Sat, 27 Nov 2021 19:22:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
508902
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
31021
x-xss-protection
0
last-modified
Fri, 08 May 2020 07:05:03 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 27 Nov 2022 19:22:34 GMT
bootstrap.min.css
apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/css/
141 KB
20 KB
Stylesheet
General
Full URL
https://apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/css/bootstrap.min.css
Requested by
Host: apply.americanexpress.com
URL: https://apply.americanexpress.com/hilton-cobrand/?page_url=288
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
104.130.70.25 , United States, ASN19994 (RACKSPACE, US),
Reverse DNS
Software
Apache /
Resource Hash
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://apply.americanexpress.com/hilton-cobrand/?page_url=288
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 20 Aug 2020 10:26:06 GMT
server
Apache
date
Fri, 03 Dec 2021 16:44:16 GMT
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=2592000
content-security-policy
default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
accept-ranges
bytes
content-length
20560
x-xss-protection
1; mode=block
expires
Sun, 02 Jan 2022 16:44:16 GMT
style.css
apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/css/
37 KB
7 KB
Stylesheet
General
Full URL
https://apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/css/style.css
Requested by
Host: apply.americanexpress.com
URL: https://apply.americanexpress.com/hilton-cobrand/?page_url=288
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
104.130.70.25 , United States, ASN19994 (RACKSPACE, US),
Reverse DNS
Software
Apache /
Resource Hash
d3da0faf4a52acadf94726b683c85137d5ba3dd68c8d4376f61c821b546964ae
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://apply.americanexpress.com/hilton-cobrand/?page_url=288
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 27 Sep 2021 11:51:37 GMT
server
Apache
date
Fri, 03 Dec 2021 16:44:16 GMT
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=2592000
content-security-policy
default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
accept-ranges
bytes
content-length
7132
x-xss-protection
1; mode=block
expires
Sun, 02 Jan 2022 16:44:16 GMT
hilton_logo.svg
apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/images/
18 KB
18 KB
Image
General
Full URL
https://apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/images/hilton_logo.svg
Requested by
Host: apply.americanexpress.com
URL: https://apply.americanexpress.com/hilton-cobrand/?page_url=288
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
104.130.70.25 , United States, ASN19994 (RACKSPACE, US),
Reverse DNS
Software
Apache /
Resource Hash
d68811483aa86757a75b80f7ae6f54de65c3649572ad29e530242e431eef84bf
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://apply.americanexpress.com/hilton-cobrand/?page_url=288
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Thu, 20 Aug 2020 10:26:06 GMT
server
Apache
date
Fri, 03 Dec 2021 16:44:16 GMT
content-type
image/svg+xml
cache-control
max-age=2592000
content-security-policy
default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
accept-ranges
bytes
content-length
17943
x-xss-protection
1; mode=block
expires
Sun, 02 Jan 2022 16:44:16 GMT
status.svg
apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/images/
5 KB
5 KB
Image
General
Full URL
https://apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/images/status.svg
Requested by
Host: apply.americanexpress.com
URL: https://apply.americanexpress.com/hilton-cobrand/?page_url=288
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
104.130.70.25 , United States, ASN19994 (RACKSPACE, US),
Reverse DNS
Software
Apache /
Resource Hash
da5e17cc68add2975a40df41257a9155c7ba55ff537fe86d8a461f820d6dbe89
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://apply.americanexpress.com/hilton-cobrand/?page_url=288
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Thu, 20 Aug 2020 10:26:06 GMT
server
Apache
date
Fri, 03 Dec 2021 16:44:16 GMT
content-type
image/svg+xml
cache-control
max-age=2592000
content-security-policy
default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
accept-ranges
bytes
content-length
5331
x-xss-protection
1; mode=block
expires
Sun, 02 Jan 2022 16:44:16 GMT
noForeign.svg
apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/images/
6 KB
6 KB
Image
General
Full URL
https://apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/images/noForeign.svg
Requested by
Host: apply.americanexpress.com
URL: https://apply.americanexpress.com/hilton-cobrand/?page_url=288
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
104.130.70.25 , United States, ASN19994 (RACKSPACE, US),
Reverse DNS
Software
Apache /
Resource Hash
e73ac8b308d348235c402fdf2eb840ea9d5d3f8b3eae30470ba586fa4775c4a9
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://apply.americanexpress.com/hilton-cobrand/?page_url=288
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Thu, 20 Aug 2020 10:26:06 GMT
server
Apache
date
Fri, 03 Dec 2021 16:44:16 GMT
content-type
image/svg+xml
cache-control
max-age=2592000
content-security-policy
default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
accept-ranges
bytes
content-length
5963
x-xss-protection
1; mode=block
expires
Sun, 02 Jan 2022 16:44:16 GMT
travel.svg
apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/images/
6 KB
6 KB
Image
General
Full URL
https://apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/images/travel.svg
Requested by
Host: apply.americanexpress.com
URL: https://apply.americanexpress.com/hilton-cobrand/?page_url=288
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
104.130.70.25 , United States, ASN19994 (RACKSPACE, US),
Reverse DNS
Software
Apache /
Resource Hash
0ffabf384e03e66888bb7e2867acf9b2f5a6bd03be7d2fc7b0f24fa06589190e
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://apply.americanexpress.com/hilton-cobrand/?page_url=288
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Thu, 20 Aug 2020 10:26:06 GMT
server
Apache
date
Fri, 03 Dec 2021 16:44:16 GMT
content-type
image/svg+xml
cache-control
max-age=2592000
content-security-policy
default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
accept-ranges
bytes
content-length
6105
x-xss-protection
1; mode=block
expires
Sun, 02 Jan 2022 16:44:16 GMT
points.svg
apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/images/
7 KB
7 KB
Image
General
Full URL
https://apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/images/points.svg
Requested by
Host: apply.americanexpress.com
URL: https://apply.americanexpress.com/hilton-cobrand/?page_url=288
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
104.130.70.25 , United States, ASN19994 (RACKSPACE, US),
Reverse DNS
Software
Apache /
Resource Hash
bf1b846aaf0fdeb8d165eaf532818e02de80780ceb6b3ea404fe5064de37fe49
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://apply.americanexpress.com/hilton-cobrand/?page_url=288
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Thu, 20 Aug 2020 10:26:06 GMT
server
Apache
date
Fri, 03 Dec 2021 16:44:16 GMT
content-type
image/svg+xml
cache-control
max-age=2592000
content-security-policy
default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
accept-ranges
bytes
content-length
7519
x-xss-protection
1; mode=block
expires
Sun, 02 Jan 2022 16:44:16 GMT
hilton_base_di_1920x1216.png
apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/images/
89 KB
89 KB
Image
General
Full URL
https://apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/images/hilton_base_di_1920x1216.png
Requested by
Host: apply.americanexpress.com
URL: https://apply.americanexpress.com/hilton-cobrand/?page_url=288
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
104.130.70.25 , United States, ASN19994 (RACKSPACE, US),
Reverse DNS
Software
Apache /
Resource Hash
b26813d74c96c7110bccdb24c3409418ee4414a8baa199548656c73ae3bf11a6
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://apply.americanexpress.com/hilton-cobrand/?page_url=288
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Wed, 23 Sep 2020 10:09:09 GMT
server
Apache
date
Fri, 03 Dec 2021 16:44:16 GMT
content-type
image/png
cache-control
max-age=31536000
content-security-policy
default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
accept-ranges
bytes
content-length
90736
x-xss-protection
1; mode=block
expires
Sat, 03 Dec 2022 16:44:16 GMT
hilton_surpass_di_1920x1216.png
apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/images/
98 KB
98 KB
Image
General
Full URL
https://apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/images/hilton_surpass_di_1920x1216.png
Requested by
Host: apply.americanexpress.com
URL: https://apply.americanexpress.com/hilton-cobrand/?page_url=288
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
104.130.70.25 , United States, ASN19994 (RACKSPACE, US),
Reverse DNS
Software
Apache /
Resource Hash
694daffab463c64a1b7105850a9f2332cb17ce534bfd3cfe54efa47495ff6bf5
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://apply.americanexpress.com/hilton-cobrand/?page_url=288
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Wed, 23 Sep 2020 10:09:09 GMT
server
Apache
date
Fri, 03 Dec 2021 16:44:16 GMT
content-type
image/png
cache-control
max-age=31536000
content-security-policy
default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
accept-ranges
bytes
content-length
100048
x-xss-protection
1; mode=block
expires
Sat, 03 Dec 2022 16:44:16 GMT
hilton_aspire_di_1920x1216.png
apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/images/
108 KB
109 KB
Image
General
Full URL
https://apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/images/hilton_aspire_di_1920x1216.png
Requested by
Host: apply.americanexpress.com
URL: https://apply.americanexpress.com/hilton-cobrand/?page_url=288
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
104.130.70.25 , United States, ASN19994 (RACKSPACE, US),
Reverse DNS
Software
Apache /
Resource Hash
6bee013ad600a622c70686cc35250487923d994db2bf32c0ac5b393049ff0a89
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://apply.americanexpress.com/hilton-cobrand/?page_url=288
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Wed, 23 Sep 2020 10:09:09 GMT
server
Apache
date
Fri, 03 Dec 2021 16:44:16 GMT
content-type
image/png
cache-control
max-age=31536000
content-security-policy
default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
accept-ranges
bytes
content-length
110802
x-xss-protection
1; mode=block
expires
Sat, 03 Dec 2022 16:44:16 GMT
hilton_business_di_1920x1216.png
apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/images/
100 KB
100 KB
Image
General
Full URL
https://apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/images/hilton_business_di_1920x1216.png
Requested by
Host: apply.americanexpress.com
URL: https://apply.americanexpress.com/hilton-cobrand/?page_url=288
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
104.130.70.25 , United States, ASN19994 (RACKSPACE, US),
Reverse DNS
Software
Apache /
Resource Hash
f167a1b822a57e70e2de8660d27eadfb9246b130c53592d7ec22cb1d4f2deab2
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://apply.americanexpress.com/hilton-cobrand/?page_url=288
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Wed, 23 Sep 2020 10:09:09 GMT
server
Apache
date
Fri, 03 Dec 2021 16:44:16 GMT
content-type
image/png
cache-control
max-age=31536000
content-security-policy
default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
accept-ranges
bytes
content-length
101982
x-xss-protection
1; mode=block
expires
Sat, 03 Dec 2022 16:44:16 GMT
properties.svg
apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/images/
17 KB
17 KB
Image
General
Full URL
https://apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/images/properties.svg
Requested by
Host: apply.americanexpress.com
URL: https://apply.americanexpress.com/hilton-cobrand/?page_url=288
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
104.130.70.25 , United States, ASN19994 (RACKSPACE, US),
Reverse DNS
Software
Apache /
Resource Hash
4bde68201bed19cd0ae007924a7ed572d14ed30546ee7610f3f0dfdea00aafe3
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://apply.americanexpress.com/hilton-cobrand/?page_url=288
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Thu, 24 Sep 2020 17:40:06 GMT
server
Apache
date
Fri, 03 Dec 2021 16:44:16 GMT
content-type
image/svg+xml
cache-control
max-age=2592000
content-security-policy
default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
accept-ranges
bytes
content-length
17365
x-xss-protection
1; mode=block
expires
Sun, 02 Jan 2022 16:44:16 GMT
Stacked_surpass.svg
apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/images/
50 KB
50 KB
Image
General
Full URL
https://apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/images/Stacked_surpass.svg
Requested by
Host: apply.americanexpress.com
URL: https://apply.americanexpress.com/hilton-cobrand/?page_url=288
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
104.130.70.25 , United States, ASN19994 (RACKSPACE, US),
Reverse DNS
Software
Apache /
Resource Hash
9ab48c4e4df429098fd51b4b5dfc13daa62e139d21fe2a6d5537d5298b9ab156
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://apply.americanexpress.com/hilton-cobrand/?page_url=288
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Fri, 21 Aug 2020 05:04:57 GMT
server
Apache
date
Fri, 03 Dec 2021 16:44:16 GMT
content-type
image/svg+xml
cache-control
max-age=2592000
content-security-policy
default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
accept-ranges
bytes
content-length
50769
x-xss-protection
1; mode=block
expires
Sun, 02 Jan 2022 16:44:16 GMT
StackedAspire.svg
apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/images/
433 KB
436 KB
Image
General
Full URL
https://apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/images/StackedAspire.svg
Requested by
Host: apply.americanexpress.com
URL: https://apply.americanexpress.com/hilton-cobrand/?page_url=288
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
104.130.70.25 , United States, ASN19994 (RACKSPACE, US),
Reverse DNS
Software
Apache /
Resource Hash
37b003dc444736366f3c377810d740bf80b4f97ca03ec49d53f3271fc5bdd848
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://apply.americanexpress.com/hilton-cobrand/?page_url=288
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Fri, 21 Aug 2020 05:04:57 GMT
server
Apache
date
Fri, 03 Dec 2021 16:44:16 GMT
content-type
image/svg+xml
cache-control
max-age=2592000
content-security-policy
default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
accept-ranges
bytes
content-length
443853
x-xss-protection
1; mode=block
expires
Sun, 02 Jan 2022 16:44:16 GMT
StackedBusiness.svg
apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/images/
40 KB
40 KB
Image
General
Full URL
https://apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/images/StackedBusiness.svg
Requested by
Host: apply.americanexpress.com
URL: https://apply.americanexpress.com/hilton-cobrand/?page_url=288
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
104.130.70.25 , United States, ASN19994 (RACKSPACE, US),
Reverse DNS
Software
Apache /
Resource Hash
1efcdc16beaa5776bb06e27201284bde0a1390d88f776d87fed57b4d4dea8bea
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://apply.americanexpress.com/hilton-cobrand/?page_url=288
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Fri, 15 Jan 2021 15:47:19 GMT
server
Apache
date
Fri, 03 Dec 2021 16:44:16 GMT
content-type
image/svg+xml
cache-control
max-age=2592000
content-security-policy
default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
accept-ranges
bytes
content-length
41208
x-xss-protection
1; mode=block
expires
Sun, 02 Jan 2022 16:44:16 GMT
gtm.js
www.googletagmanager.com/
121 KB
41 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-NRTR5RB
Requested by
Host: apply.americanexpress.com
URL: https://apply.americanexpress.com/hilton-cobrand/?page_url=288
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
8446c2c893fb32f134a974ec9f259f30f5fcb4cd487e87c24bc8aa0aaa962c82
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://apply.americanexpress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 16:44:16 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
41078
x-xss-protection
0
last-modified
Fri, 03 Dec 2021 15:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 03 Dec 2021 16:44:16 GMT
Tick_marks.png
apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/images/
121 B
179 B
Image
General
Full URL
https://apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/images/Tick_marks.png
Requested by
Host: apply.americanexpress.com
URL: https://apply.americanexpress.com/hilton-cobrand/?page_url=288
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
104.130.70.25 , United States, ASN19994 (RACKSPACE, US),
Reverse DNS
Software
Apache /
Resource Hash
5db6a88b4ca22f53977974f68c09244cfe7b4e978b13b67de77874641f01d02a
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://apply.americanexpress.com/hilton-cobrand/?page_url=288
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Mon, 24 Aug 2020 12:04:55 GMT
server
Apache
date
Fri, 03 Dec 2021 16:44:16 GMT
content-type
image/png
cache-control
max-age=31536000
content-security-policy
default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
accept-ranges
bytes
content-length
121
x-xss-protection
1; mode=block
expires
Sat, 03 Dec 2022 16:44:16 GMT
honors_logos.svg
apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/images/
488 KB
488 KB
Image
General
Full URL
https://apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/images/honors_logos.svg
Requested by
Host: apply.americanexpress.com
URL: https://apply.americanexpress.com/hilton-cobrand/?page_url=288
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
104.130.70.25 , United States, ASN19994 (RACKSPACE, US),
Reverse DNS
Software
Apache /
Resource Hash
9c15c9f80a5caab8b2503ea62c142c4161ff3fd8ff4ed555f5b4ef801ad22b26
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://apply.americanexpress.com/hilton-cobrand/?page_url=288
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Fri, 15 Jan 2021 15:47:19 GMT
server
Apache
date
Fri, 03 Dec 2021 16:44:16 GMT
content-type
image/svg+xml
cache-control
max-age=2592000
content-security-policy
default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
accept-ranges
bytes
content-length
499261
x-xss-protection
1; mode=block
expires
Sun, 02 Jan 2022 16:44:16 GMT
honors_logos_tab.svg
apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/images/
587 KB
587 KB
Image
General
Full URL
https://apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/images/honors_logos_tab.svg
Requested by
Host: apply.americanexpress.com
URL: https://apply.americanexpress.com/hilton-cobrand/?page_url=288
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
104.130.70.25 , United States, ASN19994 (RACKSPACE, US),
Reverse DNS
Software
Apache /
Resource Hash
cfc14e8728ed5849dc37700aa84b33db49f30c267b17921b6b7d35a9f5b266e1
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://apply.americanexpress.com/hilton-cobrand/?page_url=288
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Fri, 15 Jan 2021 15:47:19 GMT
server
Apache
date
Fri, 03 Dec 2021 16:44:16 GMT
content-type
image/svg+xml
cache-control
max-age=2592000
content-security-policy
default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
accept-ranges
bytes
content-length
601146
x-xss-protection
1; mode=block
expires
Sun, 02 Jan 2022 16:44:16 GMT
Price.svg
apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/images/
4 KB
4 KB
Image
General
Full URL
https://apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/images/Price.svg
Requested by
Host: apply.americanexpress.com
URL: https://apply.americanexpress.com/hilton-cobrand/?page_url=288
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
104.130.70.25 , United States, ASN19994 (RACKSPACE, US),
Reverse DNS
Software
Apache /
Resource Hash
293f9005a0f1c26463cfd1363cda4a47fff776b11618f53f684c6f746b0fd820
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://apply.americanexpress.com/hilton-cobrand/?page_url=288
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Thu, 20 Aug 2020 10:26:06 GMT
server
Apache
date
Fri, 03 Dec 2021 16:44:16 GMT
content-type
image/svg+xml
cache-control
max-age=2592000
content-security-policy
default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
accept-ranges
bytes
content-length
4559
x-xss-protection
1; mode=block
expires
Sun, 02 Jan 2022 16:44:16 GMT
App.svg
apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/images/
2 KB
2 KB
Image
General
Full URL
https://apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/images/App.svg
Requested by
Host: apply.americanexpress.com
URL: https://apply.americanexpress.com/hilton-cobrand/?page_url=288
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
104.130.70.25 , United States, ASN19994 (RACKSPACE, US),
Reverse DNS
Software
Apache /
Resource Hash
49c47b9059af505736532d0d5ff6c6a5d5ff75eea62f44f4bf4b51eb2ca4e93f
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://apply.americanexpress.com/hilton-cobrand/?page_url=288
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Thu, 20 Aug 2020 10:26:06 GMT
server
Apache
date
Fri, 03 Dec 2021 16:44:16 GMT
content-type
image/svg+xml
cache-control
max-age=2592000
content-security-policy
default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
accept-ranges
bytes
content-length
2457
x-xss-protection
1; mode=block
expires
Sun, 02 Jan 2022 16:44:16 GMT
Access.svg
apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/images/
7 KB
7 KB
Image
General
Full URL
https://apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/images/Access.svg
Requested by
Host: apply.americanexpress.com
URL: https://apply.americanexpress.com/hilton-cobrand/?page_url=288
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
104.130.70.25 , United States, ASN19994 (RACKSPACE, US),
Reverse DNS
Software
Apache /
Resource Hash
5033da011e08a092e03a4d7093ef5479988eb2c865ba24b712d5f9323d30eee5
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://apply.americanexpress.com/hilton-cobrand/?page_url=288
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Thu, 20 Aug 2020 10:26:06 GMT
server
Apache
date
Fri, 03 Dec 2021 16:44:16 GMT
content-type
image/svg+xml
cache-control
max-age=2592000
content-security-policy
default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
accept-ranges
bytes
content-length
7033
x-xss-protection
1; mode=block
expires
Sun, 02 Jan 2022 16:44:16 GMT
footer_logos.svg
apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/images/
378 KB
378 KB
Image
General
Full URL
https://apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/images/footer_logos.svg
Requested by
Host: apply.americanexpress.com
URL: https://apply.americanexpress.com/hilton-cobrand/?page_url=288
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
104.130.70.25 , United States, ASN19994 (RACKSPACE, US),
Reverse DNS
Software
Apache /
Resource Hash
89d654bdc87c81950f97406f01dbb301091615368cbd43e9c5dc9eca6d31db6d
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://apply.americanexpress.com/hilton-cobrand/?page_url=288
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Wed, 27 Jan 2021 05:45:20 GMT
server
Apache
date
Fri, 03 Dec 2021 16:44:16 GMT
content-type
image/svg+xml
cache-control
max-age=2592000
content-security-policy
default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
accept-ranges
bytes
content-length
386918
x-xss-protection
1; mode=block
expires
Sun, 02 Jan 2022 16:44:16 GMT
tab_footer.svg
apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/images/
527 KB
528 KB
Image
General
Full URL
https://apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/images/tab_footer.svg
Requested by
Host: apply.americanexpress.com
URL: https://apply.americanexpress.com/hilton-cobrand/?page_url=288
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
104.130.70.25 , United States, ASN19994 (RACKSPACE, US),
Reverse DNS
Software
Apache /
Resource Hash
ffe87a9ed2eb1bed208ae9d0139d7e6e48d25623f15c38e500146bf430e9d00a
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://apply.americanexpress.com/hilton-cobrand/?page_url=288
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Wed, 27 Jan 2021 05:45:20 GMT
server
Apache
date
Fri, 03 Dec 2021 16:44:16 GMT
content-type
image/svg+xml
cache-control
max-age=2592000
content-security-policy
default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
accept-ranges
bytes
content-length
539858
x-xss-protection
1; mode=block
expires
Sun, 02 Jan 2022 16:44:16 GMT
mobile_footer.svg
apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/images/
548 KB
549 KB
Image
General
Full URL
https://apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/images/mobile_footer.svg
Requested by
Host: apply.americanexpress.com
URL: https://apply.americanexpress.com/hilton-cobrand/?page_url=288
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
104.130.70.25 , United States, ASN19994 (RACKSPACE, US),
Reverse DNS
Software
Apache /
Resource Hash
24135161df6baf262a63ce2fde80b68e660bf33d917703732ab2b9e40f8c30d9
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://apply.americanexpress.com/hilton-cobrand/?page_url=288
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Wed, 27 Jan 2021 05:45:20 GMT
server
Apache
date
Fri, 03 Dec 2021 16:44:16 GMT
content-type
image/svg+xml
cache-control
max-age=2592000
content-security-policy
default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
accept-ranges
bytes
content-length
561390
x-xss-protection
1; mode=block
expires
Sun, 02 Jan 2022 16:44:16 GMT
popper.min.js
cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/
19 KB
7 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Requested by
Host: apply.americanexpress.com
URL: https://apply.americanexpress.com/hilton-cobrand/?page_url=288
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://apply.americanexpress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 16:44:16 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
939419
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
6157
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:15:37 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03fa9-4af4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=geewBWNOkkg%2FwQOTglFsLHOBEoERCwaKKmYQQYEJOXtMuWBBhK5UnO4pD%2FVNQg0Azr1SMEh50tt%2Fnl8Gves81%2FkZvHResiqF75PBkqjsuQRZKGBDdKjEuW5gbpWrf0cI%2BiPSvFrVr0aoG2JY7Be3xVLz"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6b7e423cccbbd6b1-FRA
expires
Wed, 23 Nov 2022 16:44:16 GMT
bootstrap.min.js
apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/js/
48 KB
13 KB
Script
General
Full URL
https://apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/js/bootstrap.min.js
Requested by
Host: apply.americanexpress.com
URL: https://apply.americanexpress.com/hilton-cobrand/?page_url=288
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
104.130.70.25 , United States, ASN19994 (RACKSPACE, US),
Reverse DNS
Software
Apache /
Resource Hash
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://apply.americanexpress.com/hilton-cobrand/?page_url=288
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 20 Aug 2020 10:26:08 GMT
server
Apache
date
Fri, 03 Dec 2021 16:44:16 GMT
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000
content-security-policy
default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
accept-ranges
bytes
content-length
13105
x-xss-protection
1; mode=block
expires
Sun, 02 Jan 2022 16:44:16 GMT
hilton-cobrand.js
apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/js/
31 KB
5 KB
Script
General
Full URL
https://apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/js/hilton-cobrand.js
Requested by
Host: apply.americanexpress.com
URL: https://apply.americanexpress.com/hilton-cobrand/?page_url=288
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
104.130.70.25 , United States, ASN19994 (RACKSPACE, US),
Reverse DNS
Software
Apache /
Resource Hash
5e3c004792928f9e9a87005987a4514a23082776908356b20b96709f1d2f048e
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://apply.americanexpress.com/hilton-cobrand/?page_url=288
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 24 Nov 2021 09:46:26 GMT
server
Apache
date
Fri, 03 Dec 2021 16:44:16 GMT
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000
content-security-policy
default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
accept-ranges
bytes
content-length
5312
x-xss-protection
1; mode=block
expires
Sun, 02 Jan 2022 16:44:16 GMT
adobe-tags.js
apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/js/
44 KB
2 KB
Script
General
Full URL
https://apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/js/adobe-tags.js
Requested by
Host: apply.americanexpress.com
URL: https://apply.americanexpress.com/hilton-cobrand/?page_url=288
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
104.130.70.25 , United States, ASN19994 (RACKSPACE, US),
Reverse DNS
Software
Apache /
Resource Hash
044ca0954e671546a515d6d74ecd5a7261e332e672c854a5da42d4e6184f7630
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://apply.americanexpress.com/hilton-cobrand/?page_url=288
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 24 Sep 2020 11:47:00 GMT
server
Apache
date
Fri, 03 Dec 2021 16:44:16 GMT
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000
content-security-policy
default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
accept-ranges
bytes
content-length
1626
x-xss-protection
1; mode=block
expires
Sun, 02 Jan 2022 16:44:16 GMT
Bootstrap.js
www.aexp-static.com/cdaas/api/axpi/ensighten/amex/
Redirect Chain
  • https://www.americanexpress.com/adobetracking
  • https://www.aexp-static.com/cdaas/api/axpi/ensighten/amex/Bootstrap.js
74 KB
21 KB
Script
General
Full URL
https://www.aexp-static.com/cdaas/api/axpi/ensighten/amex/Bootstrap.js
Requested by
Host: apply.americanexpress.com
URL: https://apply.americanexpress.com/hilton-cobrand/?page_url=288
Protocol
H2
Server
104.89.34.51 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-34-51.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
8c83c596abf7096d4ac19854d8297883a6a6172a665485efcd0d7e52618d3c0b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://apply.americanexpress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 16:44:17 GMT
content-encoding
gzip
last-modified
Tue, 20 Jul 2021 08:06:00 GMT
etag
W/"60f683e8-1274f"
vary
Origin, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
https://apply.americanexpress.com
cache-control
max-age=31536000, must-revalidate
timing-allow-origin
*
content-length
21672

Redirect headers

location
https://www.aexp-static.com/cdaas/api/axpi/ensighten/amex/Bootstrap.js
date
Fri, 03 Dec 2021 16:44:16 GMT
server
AkamaiGHost
content-length
0
x-frame-options
SAMEORIGIN
rd
dpm.demdex.net/id/
Redirect Chain
  • https://dpm.demdex.net/id?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5C36123F5245AF470A490D45%40AdobeOrg&d_nsid=15&ts=1638549856732
  • https://dpm.demdex.net/id/rd?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5C36123F5245AF470A490D45%40AdobeOrg&d_nsid=15&ts=1638549856732
4 KB
2 KB
XHR
General
Full URL
https://dpm.demdex.net/id/rd?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5C36123F5245AF470A490D45%40AdobeOrg&d_nsid=15&ts=1638549856732
Requested by
Host: apply.americanexpress.com
URL: https://apply.americanexpress.com/hilton-cobrand/?page_url=288
Protocol
HTTP/1.1
Server
54.228.253.216 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-228-253-216.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
c56a7eae18805c1e1d168ae6fbcee455155906c7b7a060e797d7526a5d4beafa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://apply.americanexpress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

DCS
dcs-prod-irl1-2-v020-07fdb7361.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-TID
HuanCON+Shk=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://apply.americanexpress.com
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json;charset=utf-8
Content-Length
1381
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS
dcs-prod-irl1-2-v020-00cec5b4b.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
Access-Control-Allow-Origin
https://apply.americanexpress.com
X-TID
xbd5yktdRB8=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location
https://dpm.demdex.net/id/rd?d_visid_ver=5.0.1&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=5C36123F5245AF470A490D45%40AdobeOrg&d_nsid=15&ts=1638549856732
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 UTC
EXdb2f07c0a5d542769ae26413df85f17c-libraryCode_source.min.js
assets.adobedtm.com/dcb19cbd6cbf/8fe231718838/277280658df1/
88 KB
30 KB
Script
General
Full URL
https://assets.adobedtm.com/dcb19cbd6cbf/8fe231718838/277280658df1/EXdb2f07c0a5d542769ae26413df85f17c-libraryCode_source.min.js
Requested by
Host: www.americanexpress.com
URL: https://www.americanexpress.com/adobedtm-acq
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:299::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
0e3edf23f4bd6459b6187e39f175ec8d84f7f17a14e9d878dae281bb021673b8

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://apply.americanexpress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 16:44:16 GMT
content-encoding
gzip
last-modified
Thu, 11 Nov 2021 08:10:27 GMT
server
AkamaiNetStorage
etag
"0ff9d3b3d51ea325d18544c5bbc62b21:1636618227.652877"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://apply.americanexpress.com
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
29974
expires
Fri, 03 Dec 2021 17:44:16 GMT
j.php
dev.visualwebsiteoptimizer.com/
7 KB
3 KB
Script
General
Full URL
https://dev.visualwebsiteoptimizer.com/j.php?a=407476&u=https%3A%2F%2Fapply.americanexpress.com%2Fhilton-cobrand%2F%3Fpage_url%3D288&f=1&r=0.14894722646596592
Requested by
Host: apply.americanexpress.com
URL: https://apply.americanexpress.com/hilton-cobrand/?page_url=288
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gfra1 /
Resource Hash
742ad3a3fdc706946e2da36fe1698a2a19a6ac4da635f5724a90a9e702493acc

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://apply.americanexpress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 03 Dec 2021 16:44:16 GMT
via
1.1 google
server
gfra1
content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type
application/javascript; charset=UTF-8
unsplash.jpg
apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/images/
316 KB
316 KB
Image
General
Full URL
https://apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/images/unsplash.jpg
Requested by
Host: apply.americanexpress.com
URL: https://apply.americanexpress.com/hilton-cobrand/?page_url=288
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
104.130.70.25 , United States, ASN19994 (RACKSPACE, US),
Reverse DNS
Software
Apache /
Resource Hash
6add06028e37af0c93ba3ad4d8ce9216c2cd6ae413bd5e5ccfe95a7ff48cd111
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://apply.americanexpress.com/hilton-cobrand/?page_url=288
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Thu, 27 Aug 2020 14:32:45 GMT
server
Apache
date
Fri, 03 Dec 2021 16:44:16 GMT
content-type
image/jpeg
cache-control
max-age=31536000
content-security-policy
default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
accept-ranges
bytes
content-length
323237
x-xss-protection
1; mode=block
expires
Sat, 03 Dec 2022 16:44:16 GMT
HiltonHonors.png
apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/images/
359 KB
359 KB
Image
General
Full URL
https://apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/images/HiltonHonors.png
Requested by
Host: apply.americanexpress.com
URL: https://apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/css/style.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
104.130.70.25 , United States, ASN19994 (RACKSPACE, US),
Reverse DNS
Software
Apache /
Resource Hash
5947ad2e0151c6b3810da57499488d4a67845a592044851510f97f8ba96f51e9
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/css/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Thu, 10 Sep 2020 07:58:55 GMT
server
Apache
date
Fri, 03 Dec 2021 16:44:16 GMT
content-type
image/png
cache-control
max-age=31536000
content-security-policy
default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
accept-ranges
bytes
content-length
367653
x-xss-protection
1; mode=block
expires
Sat, 03 Dec 2022 16:44:16 GMT
cc85d073-4dcf-4ecd-9804-40c34e631e2b.woff2
apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/css/fonts/
28 KB
28 KB
Font
General
Full URL
https://apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/css/fonts/cc85d073-4dcf-4ecd-9804-40c34e631e2b.woff2
Requested by
Host: apply.americanexpress.com
URL: https://apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/css/style.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
104.130.70.25 , United States, ASN19994 (RACKSPACE, US),
Reverse DNS
Software
Apache /
Resource Hash
bb4fdaff53e7e5f447bd76bca23ecf8c4fba03413cbf27011f9eb0ee3fc9f29c
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/css/style.css
Origin
https://apply.americanexpress.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Thu, 20 Aug 2020 10:26:07 GMT
server
Apache
date
Fri, 03 Dec 2021 16:44:16 GMT
cache-control
max-age=2592000
content-security-policy
default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
accept-ranges
bytes
content-length
28200
x-xss-protection
1; mode=block
expires
Sun, 02 Jan 2022 16:44:16 GMT
c8e0146f-ebf2-4e86-bd3d-047c9a5e5dac.woff2
apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/css/fonts/
28 KB
28 KB
Font
General
Full URL
https://apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/css/fonts/c8e0146f-ebf2-4e86-bd3d-047c9a5e5dac.woff2
Requested by
Host: apply.americanexpress.com
URL: https://apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/css/style.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
104.130.70.25 , United States, ASN19994 (RACKSPACE, US),
Reverse DNS
Software
Apache /
Resource Hash
6d78e2b672db4841cbc0379dc1b4770e2c935b0ec6c677a13e8f271f77783cef
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/css/style.css
Origin
https://apply.americanexpress.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Thu, 20 Aug 2020 10:26:07 GMT
server
Apache
date
Fri, 03 Dec 2021 16:44:16 GMT
cache-control
max-age=2592000
content-security-policy
default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
accept-ranges
bytes
content-length
28612
x-xss-protection
1; mode=block
expires
Sun, 02 Jan 2022 16:44:16 GMT
b38b8bd9-d96f-4bf9-add1-adbd2b08b802.woff2
apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/css/fonts/
27 KB
27 KB
Font
General
Full URL
https://apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/css/fonts/b38b8bd9-d96f-4bf9-add1-adbd2b08b802.woff2
Requested by
Host: apply.americanexpress.com
URL: https://apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/css/style.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
104.130.70.25 , United States, ASN19994 (RACKSPACE, US),
Reverse DNS
Software
Apache /
Resource Hash
48b4bf7343fb15c32d6c81b46a621f1eb165d15fc2a47d79f19a9026bbaedfc7
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://apply.americanexpress.com/wp-content/themes/openforum/hilton_cobrand_mclp/css/style.css
Origin
https://apply.americanexpress.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Thu, 20 Aug 2020 10:26:07 GMT
server
Apache
date
Fri, 03 Dec 2021 16:44:16 GMT
cache-control
max-age=2592000
content-security-policy
default-src * 'unsafe-inline' ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * 'unsafe-inline' data: https:; style-src * 'unsafe-inline'; font-src * 'unsafe-inline' 'unsafe-eval'
accept-ranges
bytes
content-length
27592
x-xss-protection
1; mode=block
expires
Sun, 02 Jan 2022 16:44:16 GMT
va-9d6ac57dbcbba3321dd904e6ee78b647.js
dev.visualwebsiteoptimizer.com/7.0/
218 KB
62 KB
Script
General
Full URL
https://dev.visualwebsiteoptimizer.com/7.0/va-9d6ac57dbcbba3321dd904e6ee78b647.js
Requested by
Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/j.php?a=407476&u=https%3A%2F%2Fapply.americanexpress.com%2Fhilton-cobrand%2F%3Fpage_url%3D288&f=1&r=0.14894722646596592
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gfra1 /
Resource Hash
a3f23882af078056246b6773a358d1d244b163ca8cb8c4016edc9e5a627c0cd7

Request headers

Referer
https://apply.americanexpress.com/
Origin
https://apply.americanexpress.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 16:44:16 GMT
content-encoding
br
last-modified
Wed, 01 Dec 2021 11:27:16 GMT
server
gfra1
etag
"61a75c14-f7f3"
vary
Accept-Encoding, User-Agent
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
63475
via
1.1 google
track-9d6ac57dbcbba3321dd904e6ee78b647.js
dev.visualwebsiteoptimizer.com/7.0/
11 KB
3 KB
Script
General
Full URL
https://dev.visualwebsiteoptimizer.com/7.0/track-9d6ac57dbcbba3321dd904e6ee78b647.js
Requested by
Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/j.php?a=407476&u=https%3A%2F%2Fapply.americanexpress.com%2Fhilton-cobrand%2F%3Fpage_url%3D288&f=1&r=0.14894722646596592
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gfra1 /
Resource Hash
95ada0091793729d590197fc35db6fa2b91cc926117cbf58332b442870beb92c

Request headers

Referer
https://apply.americanexpress.com/
Origin
https://apply.americanexpress.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 16:44:16 GMT
content-encoding
br
last-modified
Wed, 01 Dec 2021 11:27:16 GMT
server
gfra1
etag
"61a75c14-dd6"
vary
Accept-Encoding, User-Agent
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3542
via
1.1 google
opa-3d1a80cbbc4fdc4472eae80c14d918ad.js
dev.visualwebsiteoptimizer.com/analysis/4.0/
101 KB
26 KB
Script
General
Full URL
https://dev.visualwebsiteoptimizer.com/analysis/4.0/opa-3d1a80cbbc4fdc4472eae80c14d918ad.js
Requested by
Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/j.php?a=407476&u=https%3A%2F%2Fapply.americanexpress.com%2Fhilton-cobrand%2F%3Fpage_url%3D288&f=1&r=0.14894722646596592
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gfra1 /
Resource Hash
a3e23aca2380656d730fe1d949c443d02caaa08d46d2ce0159420d1491bdf5fc

Request headers

Referer
https://apply.americanexpress.com/
Origin
https://apply.americanexpress.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 16:44:16 GMT
content-encoding
br
last-modified
Wed, 01 Dec 2021 11:27:12 GMT
server
gfra1
etag
"61a75c10-6844"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
26692
via
1.1 google
v.gif
dev.visualwebsiteoptimizer.com/
35 B
214 B
Image
General
Full URL
https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=407476&d=apply.americanexpress.com&u=D74994EE6334B541B559A74024945FA8F&h=878c7032ff2393047aa606c48583d77a&t=false&r=0.6625794336445985
Requested by
Host: apply.americanexpress.com
URL: https://apply.americanexpress.com/hilton-cobrand/?page_url=288
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gnv3c /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://apply.americanexpress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 03 Dec 2021 16:44:16 GMT
via
1.1 google
x-content-type-options
nosniff
server
gnv3c
content-type
image/gif
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 10 Jan 2005 00:00:01 GMT
analytics.js
www.google-analytics.com/
49 KB
20 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NRTR5RB
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://apply.americanexpress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
6189
date
Fri, 03 Dec 2021 15:01:07 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Fri, 03 Dec 2021 17:01:07 GMT
settings.js
dev.visualwebsiteoptimizer.com/
896 B
541 B
Script
General
Full URL
https://dev.visualwebsiteoptimizer.com/settings.js?a=407476&settings_type=1&vn=7.0&r=0.14619811450278353&exc=6|129
Requested by
Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/7.0/va-9d6ac57dbcbba3321dd904e6ee78b647.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gfra1 /
Resource Hash
c47290044616320e6c3e345ce17e14acfd4624fe6c5661a760111b1c99911d99

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://apply.americanexpress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 16:44:16 GMT
via
1.1 google
server
gfra1
content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-type
application/javascript; charset=UTF-8
id
omns.americanexpress.com/
89 B
698 B
XHR
General
Full URL
https://omns.americanexpress.com/id?d_visid_ver=5.0.1&d_fieldgroup=A&mcorgid=5C36123F5245AF470A490D45%40AdobeOrg&mid=24590415967371270844474381304719165478&ts=1638549856908
Requested by
Host: www.americanexpress.com
URL: https://www.americanexpress.com/adobedtm-acq
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.36.218.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-36-218-177.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
3c4aff5787f8a65531b86fccbec55dd7ecd58dc8d3ab6c15cff834ec517c3eeb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://apply.americanexpress.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Fri, 03 Dec 2021 16:44:17 GMT
x-content-type-options
nosniff
server
jag
xserver
anedge-6988cccb6f-rbc9v
vary
Origin
x-c
main-1542.If2e2aa.M0-523
p3p
CP="This is not a P3P policy"
access-control-allow-origin
https://apply.americanexpress.com
cache-control
no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/x-javascript;charset=utf-8
content-length
89
x-xss-protection
1; mode=block
collect
www.google-analytics.com/j/
1 B
21 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1205125050&t=pageview&_s=1&dl=https%3A%2F%2Fapply.americanexpress.com%2Fhilton-cobrand%2F%3Fpage_url%3D288&dr=http%3A%2F%2Fl.h1.hilton.com%2F&ul=en-us&de=UTF-8&dt=Hilton%20Honors%20American%20Express%20Cards&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAAABAAAAAC~&jid=2000365925&gjid=811717889&cid=286097815.1638549857&tid=UA-129815576-1&_gid=195424926.1638549857&_r=1&gtm=2wgc10NRTR5RB&z=1536551922
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://apply.americanexpress.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 03 Dec 2021 16:44:16 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://apply.americanexpress.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
worker-70faafffa0475802f5ee03ca5ff74179.js
dev.visualwebsiteoptimizer.com/analysis/
47 KB
13 KB
XHR
General
Full URL
https://dev.visualwebsiteoptimizer.com/analysis/worker-70faafffa0475802f5ee03ca5ff74179.js
Requested by
Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/analysis/4.0/opa-3d1a80cbbc4fdc4472eae80c14d918ad.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.96.102.137 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gfra1 /
Resource Hash
e916478d94814b1a0c2680424c323db0514f4a022d16835cd7bcc754722308f4

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://apply.americanexpress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 16:44:16 GMT
content-encoding
br
last-modified
Wed, 01 Dec 2021 11:27:12 GMT
server
gfra1
etag
"61a75c10-351f"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13599
via
1.1 google
id
dpm.demdex.net/
4 KB
2 KB
XHR
General
Full URL
https://dpm.demdex.net/id?d_visid_ver=5.0.1&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=5C36123F5245AF470A490D45%40AdobeOrg&d_nsid=15&d_mid=24590415967371270844474381304719165478&d_blob=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&d_cid_ic=AVID%0130D524B0EF99397A-40001E45A22665E6&ts=1638549857111
Requested by
Host: www.americanexpress.com
URL: https://www.americanexpress.com/adobedtm-acq
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.228.253.216 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-228-253-216.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
862341b6b5575d870f96b8be0060ce3f0809d282d97d519fab3a1cbad80d4e63
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://apply.americanexpress.com/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

DCS
dcs-prod-irl1-2-v020-0430ae788.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-TID
CeCiRnQyQkA=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://apply.americanexpress.com
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json;charset=utf-8
Content-Length
1380
Expires
Thu, 01 Jan 1970 00:00:00 UTC
s72925991822489
omns.americanexpress.com/b/ss/amexpressprod,amexpressenterpriseprod/10/JS-2.17.0-LBWB/
4 KB
5 KB
Script
General
Full URL
https://omns.americanexpress.com/b/ss/amexpressprod,amexpressenterpriseprod/10/JS-2.17.0-LBWB/s72925991822489?AQB=1&ndh=1&pf=1&callback=s_c_il[1].doPostbacks&et=1&t=3%2F11%2F2021%2016%3A44%3A17%205%200&d.&nsid=15&jsonv=1&.d&mid=24590415967371270844474381304719165478&aid=30D524B0EF99397A-40001E45A22665E6&aamlh=6&ce=UTF-8&ns=1americanexpress&pageName=US%7CAcq%7CLandingPage&g=https%3A%2F%2Fapply.americanexpress.com%2Fhilton-cobrand%2F%3Fpage_url%3D288&r=http%3A%2F%2Fl.h1.hilton.com%2F&c.&visitorCheck=VisitorAPI%20Present&gvs=1&.c&cc=USD&server=apply.americanexpress.com&v0=r%7CUS%3Al.h1.hilton.com&events=event45&aamb=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&h1=US%7CAcq&c3=en&c4=US&v6=r%7CUS%3Al.h1.hilton.com&c10=prospect&c19=US%7CAcq&v21=r%7CUS%3Al.h1.hilton.com&v22=D%3Dgctrac&c24=US%7CAcq&v27=US&c30=US%7CAcq&c31=US%7CAcq&c38=US%7CAcq&v45=prospect&c48=D%3Dgctrac&c49=Launch-Acq%3Av1.0-AM%3A2.17.0-VISID%3A5.0.1-DIL%3A9.3-Mbox%3ANA-CSVisID%3Afalse-msuite%3Atrue&v60=1600&v61=landscape&v65=D%3Domnmycademo&c67=D%3Dmrcards&v67=D%3Dmrcards&v71=US%7CAcq%7CLandingPage&v72=n%2Fa&v74=US%7CAcq%7CLandingPage&c75=Launch&v75=24590415967371270844474381304719165478&v94=D%3Dagent-id&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=5C36123F5245AF470A490D45%40AdobeOrg&AQE=1
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/dcb19cbd6cbf/8fe231718838/277280658df1/EXdb2f07c0a5d542769ae26413df85f17c-libraryCode_source.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.36.218.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-36-218-177.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
1d820465aab3492ad9a95342f5ab0c148005369b69f84cae42d4ca47e38e68de
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://apply.americanexpress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

x-aam-tid
w/l+5QUYRz4=
date
Fri, 03 Dec 2021 16:44:17 GMT
x-content-type-options
nosniff
x-c
main-1542.If2e2aa.M0-523
p3p
CP="This is not a P3P policy"
vary
*
content-length
4138
x-xss-protection
1; mode=block
dcs
dcs-prod-irl1-1-v020-0e4677cb4.edge-irl1.demdex.com UNKNOWN
pragma
no-cache
last-modified
Sat, 04 Dec 2021 16:44:17 GMT
server
jag
xserver
anedge-6988cccb6f-trhj7
etag
3518759026177605632-4619879557101176601
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/x-javascript;charset=utf-8
access-control-allow-origin
*
cache-control
no-cache, no-store, max-age=0, no-transform, private
expires
Thu, 02 Dec 2021 16:44:17 GMT
serverComponent.php
tms.americanexpress.com/amex/
508 B
455 B
Script
General
Full URL
https://tms.americanexpress.com/amex/serverComponent.php?clientID=218&PageID=https%3A%2F%2Fapply.americanexpress.com%2Fhilton-cobrand%2F%3Fpage_url%3D288%26ensMarket%3DUS%26ens_env%3D3%26deviceType%3Dlarge
Requested by
Host: www.americanexpress.com
URL: https://www.americanexpress.com/adobetracking
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.124.119.57 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-124-119-57.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
7c0a79b3aaaf119ef881387e31762ba8865b619cfb120a4dff7b785a60dfbfde

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://apply.americanexpress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 16:44:17 GMT
cache-control
no-cache, no-store
content-type
text/javascript
server
nginx
content-encoding
gzip
vary
Accept-Encoding
expires
Fri, 03 Dec 2021 16:44:16 GMT
a1286f6da764170383069583cf445384.js
tms.americanexpress.com/amex/prod/code/
73 KB
11 KB
Script
General
Full URL
https://tms.americanexpress.com/amex/prod/code/a1286f6da764170383069583cf445384.js?conditionId0=209423
Requested by
Host: www.americanexpress.com
URL: https://www.americanexpress.com/adobetracking
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.124.119.57 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-124-119-57.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
919d904a5f297cdb85266e034b12bedfc60139d28da581e1d109a264e423b978

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://apply.americanexpress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 16:44:17 GMT
content-encoding
gzip
last-modified
Mon, 15 Mar 2021 07:19:07 GMT
server
nginx
etag
W/"604f0a6b-1255f"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=315360000
5de7fec980e7fdca362ebfb950c8ecb7.js
tms.americanexpress.com/amex/prod/code/
2 KB
772 B
Script
General
Full URL
https://tms.americanexpress.com/amex/prod/code/5de7fec980e7fdca362ebfb950c8ecb7.js?conditionId0=4908767
Requested by
Host: www.americanexpress.com
URL: https://www.americanexpress.com/adobetracking
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.124.119.57 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-124-119-57.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
ccdc63e759a80a7d75a7ba9177e3406c9208a496c238bf132fa4a3c33fbc600e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://apply.americanexpress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 16:44:17 GMT
content-encoding
gzip
last-modified
Mon, 29 Nov 2021 06:09:52 GMT
server
nginx
etag
W/"61a46eb0-6b0"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=315360000
d9d11a89d20ecba185c3544ef5e0ccd0.js
tms.americanexpress.com/amex/prod/code/
9 KB
2 KB
Script
General
Full URL
https://tms.americanexpress.com/amex/prod/code/d9d11a89d20ecba185c3544ef5e0ccd0.js?conditionId0=181208
Requested by
Host: www.americanexpress.com
URL: https://www.americanexpress.com/adobetracking
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.124.119.57 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-124-119-57.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
b657944e9fc80e8dd22fb31b7e50d71c71c61f4fcdca17b7c8b026e7d22e9bad

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://apply.americanexpress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 16:44:17 GMT
content-encoding
gzip
last-modified
Wed, 30 Jun 2021 07:47:55 GMT
server
nginx
etag
W/"60dc21ab-2565"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=315360000
s496901591.2809187
smetric.hilton.com/b/ss/hiltonglobalprod/1/pixel/
Redirect Chain
  • https://smetric.hilton.com/b/ss/hiltonglobalprod/1/pixel/s496901591.2809187?ce=UTF-8&pageName=LandingPage&c.aex.appstatus=AmexMCLP&g=https%3A%2F%2Fapply.americanexpress.com%2Fhilton-cobrand%2F%3Fpa...
  • https://smetric.hilton.com/b/ss/hiltonglobalprod/1/pixel/s496901591.2809187?AQB=1&pccr=true&vidn=30D524B0C3211B7E-4000071A43878093&ce=UTF-8&pageName=LandingPage&c.aex.appstatus=AmexMCLP&g=https%3A%...
43 B
284 B
Image
General
Full URL
https://smetric.hilton.com/b/ss/hiltonglobalprod/1/pixel/s496901591.2809187?AQB=1&pccr=true&vidn=30D524B0C3211B7E-4000071A43878093&ce=UTF-8&pageName=LandingPage&c.aex.appstatus=AmexMCLP&g=https%3A%2F%2Fapply.americanexpress.com%2Fhilton-cobrand%2F%3Fpage_url%3D288&AQE=1
Requested by
Host: apply.americanexpress.com
URL: https://apply.americanexpress.com/hilton-cobrand/?page_url=288
Protocol
H2
Server
13.36.218.177 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-36-218-177.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://apply.americanexpress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 16:44:17 GMT
x-content-type-options
nosniff
x-c
main-1542.If2e2aa.M0-523
p3p
CP="This is not a P3P policy"
vary
*
content-length
43
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Sat, 04 Dec 2021 16:44:17 GMT
server
jag
xserver
anedge-6988cccb6f-9vql7
etag
3518759025720033280-4619634817004420863
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif;charset=utf-8
access-control-allow-origin
*
cache-control
no-cache, no-store, max-age=0, no-transform, private
expires
Thu, 02 Dec 2021 16:44:17 GMT

Redirect headers

date
Fri, 03 Dec 2021 16:44:17 GMT
x-content-type-options
nosniff
x-c
main-1542.If2e2aa.M0-523
p3p
CP="This is not a P3P policy"
content-length
0
x-xss-protection
1; mode=block
pragma
no-cache
location
https://smetric.hilton.com/b/ss/hiltonglobalprod/1/pixel/s496901591.2809187?AQB=1&pccr=true&vidn=30D524B0C3211B7E-4000071A43878093&ce=UTF-8&pageName=LandingPage&c.aex.appstatus=AmexMCLP&g=https%3A%2F%2Fapply.americanexpress.com%2Fhilton-cobrand%2F%3Fpage_url%3D288&AQE=1
last-modified
Sat, 04 Dec 2021 16:44:17 GMT
server
jag
xserver
anedge-6988cccb6f-9mpjw
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/plain;charset=utf-8
access-control-allow-origin
*
cache-control
no-cache, no-store, max-age=0, no-transform, private
expires
Thu, 02 Dec 2021 16:44:17 GMT
aaLauncher.css
icm.aexp-static.com/content/dam/search/ioa/launcher/
144 KB
17 KB
Stylesheet
General
Full URL
https://icm.aexp-static.com/content/dam/search/ioa/launcher/aaLauncher.css?70
Requested by
Host: tms.americanexpress.com
URL: https://tms.americanexpress.com/amex/prod/code/a1286f6da764170383069583cf445384.js?conditionId0=209423
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.34.51 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-34-51.deploy.static.akamaitechnologies.com
Software
Akamai Resource Optimizer /
Resource Hash
359ced204cb91b41bbb874139e4a3ce36f40c3852b681cfc7389ecf104d96562
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://apply.americanexpress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 16:44:17 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Mon, 29 Nov 2021 21:26:15 GMT
server
Akamai Resource Optimizer
etag
"24174-56633e9d21eb7-gzip"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public, must-revalidate, max-age=7541
accept-ranges
bytes
content-length
17422
aaLauncher.js
icm.aexp-static.com/content/dam/search/ioa/launcher/
78 KB
12 KB
Script
General
Full URL
https://icm.aexp-static.com/content/dam/search/ioa/launcher/aaLauncher.js?70
Requested by
Host: tms.americanexpress.com
URL: https://tms.americanexpress.com/amex/prod/code/a1286f6da764170383069583cf445384.js?conditionId0=209423
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.34.51 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-34-51.deploy.static.akamaitechnologies.com
Software
Akamai Resource Optimizer /
Resource Hash
1647f383ee2cc2427e86ce4a778a4e3f9a1e375e50530d6ff0d2be84ec308364
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://apply.americanexpress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 16:44:17 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Sun, 07 Nov 2021 23:45:40 GMT
server
Akamai Resource Optimizer
etag
"139dd-5aa7930e3f913-gzip"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, must-revalidate, max-age=7541
accept-ranges
bytes
content-length
11957
gct_us.js
www.aexp-static.com/cdaas/api/axpi/gct/1.0.0/
19 KB
4 KB
Script
General
Full URL
https://www.aexp-static.com/cdaas/api/axpi/gct/1.0.0/gct_us.js?gct=us
Requested by
Host: www.americanexpress.com
URL: https://www.americanexpress.com/adobetracking
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.34.51 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-34-51.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
9f6d96a58c1ab300055657627bebec43d480f6a9238b5524bbc0e81dbac336d0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://apply.americanexpress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 16:44:17 GMT
content-encoding
gzip
last-modified
Mon, 11 Oct 2021 13:04:05 GMT
etag
W/"61643645-4a58"
vary
Origin, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
https://apply.americanexpress.com
cache-control
max-age=31536000, must-revalidate
timing-allow-origin
*
content-length
3905
pzncs.min.js
icm.aexp-static.com/Internet/PZN/js/cs/v106/
29 KB
5 KB
Script
General
Full URL
https://icm.aexp-static.com/Internet/PZN/js/cs/v106/pzncs.min.js
Requested by
Host: www.americanexpress.com
URL: https://www.americanexpress.com/adobetracking
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.89.34.51 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-34-51.deploy.static.akamaitechnologies.com
Software
Akamai Resource Optimizer /
Resource Hash
a1936fb48818573068db5842198dc8f4997379c05c06b3b52f3b935954e3f640
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://apply.americanexpress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 03 Dec 2021 16:44:17 GMT
content-encoding
br
x-content-type-options
nosniff
last-modified
Mon, 08 Nov 2021 09:45:10 GMT
server
Akamai Resource Optimizer
etag
"74da-5d0402cb255a8-gzip"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, must-revalidate, max-age=7541
accept-ranges
bytes
content-length
4447
captureevents.do
gct.americanexpress.com/gct/
0
1 KB
Script
General
Full URL
https://gct.americanexpress.com/gct/captureevents.do?&page_name=LandingPage&RefURL=http%3A%2F%2Fl.h1.hilton.com%2F&reftype=external&fullurl=https%3A%2F%2Fapply.americanexpress.com%2Fhilton-cobrand%2F%3Fpage_url%3D288&js_source=cdaas_gctUS
Requested by
Host: www.aexp-static.com
URL: https://www.aexp-static.com/cdaas/api/axpi/gct/1.0.0/gct_us.js?gct=us
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.50.190 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://apply.americanexpress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Fri, 03 Dec 2021 16:44:18 GMT
Access-Control-Max-Age
3600
Access-Control-Allow-Methods
POST, GET,OPTIONS, DELETE, HEAD, PUT
Content-Type
application/javascript
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method,Access-Control-Request-Headers
Content-Length
0

Verdicts & Comments Add Verdict or Comment

263 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler object| dataLayer object| _satellite boolean| __satelliteLoaded object| adobe function| Visitor boolean| excludeOmniture object| s_c_il number| s_c_in object| visitor object| digitalData function| $ function| jQuery number| settings_timer number| _vwo_settings_timer object| _vwo_code string| imagePath string| imagePaths function| Popper number| _vwo_acc_id object| vwoCode object| _vwo_style string| _vwo_css string| _vwo_cookieDomain string| _vwo_uuid string| _vis_opt_file number| _vwo_library_timer string| _vis_opt_lib undefined| b number| _vwo_j_e string| _vwo_mt string| _vwo_tm object| VWO object| vwo_iehack_queue object| _vwo_exp_ids object| _vwo_exp object| _vwo_pa string| _vwo_opa_cb string| _vwo_worker_cb function| s_doPlugins function| s_cleanQS function| clickTaleGetUID_PID function| AppMeasurement_Module_Integrate function| AppMeasurement_Module_AudienceManagement function| AppMeasurement function| s_gi function| s_pgicq object| s string| s_account object| s_rmvars string| s_rmact number| s_rmi number| omn_temp boolean| cookieCombiningUtility function| removeExpiredCookies function| cookieRead function| cookieWrite function| cookieDelete function| DIL number| s_objectID number| s_giq object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga function| vwo_$ string| _vwo_server_url object| _vis_opt_queue object| _vis_opt_check_segment object| _vwo_evq function| _vwo_ev boolean| DISABLE_NATIVE_CONSTANTS object| _vwo_t object| _vwo_editorOperationTracker function| _vwo_handleMutations object| _vwo_api_section_callback object| _vis_opt_comb_name function| _vwo_s object| _vwo_campaignData function| _vis_opt_top_initialize function| _vis_opt_bottom_initialize function| _vis_opt_goal_conversion function| _vis_opt_revenue_conversion function| _vis_opt_pause function| _vis_opt_readCookie function| _vis_opt_createCookie function| _vis_opt_element_loaded function| _vis_opt_GA_track function| _vis_opt_register_conversion function| _vis_opt_get_campaign_xPath number| _vis_opt_experiment_id boolean| _vwo_settings_timed_out object| bootstrap undefined| text function| nativeWebShare object| backgroundDiv string| k10 string| k25 string| k50 string| k80 string| k130 function| rangeFun undefined| mobileSticky object| gaplugins object| gaGlobal object| gaData object| __nls number| ___vwo string| s_tnt object| scgct object| s_i_amexpressprod_amexpressenterpriseprod object| ensBootstraps object| Bootstrapper function| initGCT string| k object| o boolean| stCallComplete string| adobeParams function| iTagRuleCheckTimer function| loadNGAMUTracking boolean| isPagebdaasSupported boolean| loadlecode number| glbver boolean| fromgem boolean| slFlag boolean| iscorppage object| IOA object| icats_obj_us string| iOAIconHolder string| first string| second string| third string| iOAsearchBar string| ioaNewiNavSrchBtn string| ioaNewiNavHelpBtn string| ioaNewiNavSearch string| summerNavHTML object| chatEligibleApps string| targetScore undefined| xhr object| overLayMaster object| faqMaster object| qLinksMaster object| parentImg object| SERVER_URL object| ONE_AMEX_SERVER_URL object| HOME_PAGE_SERVER_URL boolean| isTestPage boolean| searchBarHasFocus boolean| onlineTabLoaded string| AAVer number| result_n boolean| frominPageFaqLink object| IOASSIST function| loadIOA function| paintIOAToolBar function| getiNavVersion function| hasClassAA function| paintOldToolBar function| paintHybridToolBar function| appendChildNodes function| controlIconDisplay function| isFAQIconPresent function| hideFAQIcon function| hideHybridFAQIcon function| paintNewToolBar function| paintSearchButton function| paintQuestionMarkButton function| searchButtonClicked function| addSearchImg function| isSearchBarOpened function| closeSearchBar function| addAnimation function| focusSrchInput function| openSearchBar function| sbCloseButtonClicked function| sbClearButtonClicked function| ioascroll function| isSameAsPreviousResult function| aachatreadCookie function| hidePlaceHolder function| showPlaceHolderAA function| loadInlineChat function| wasInlineScriptLoaded function| isChatEligibleApp function| chatCookieExists function| downLoadCSS function| downLoadInlineJS function| loadCoBrowseScript function| isCoBrowseStarted function| wasCoBrowseLoaded function| adjustOverLayMasterZIndex function| openAA function| removeFromBody function| getItFromAAServer function| setCSSProperties function| getActualHeight function| getActualWidth function| wasAAScriptAdded function| downLoadAAScripts function| downLoadAAJS function| getQLinks function| predictiveAccs function| getRowCount function| isSearchBarClosed function| goToSeachPage function| wasQLinkScriptAdded function| downloadQSearchScripts function| downLoadQLinksJS function| getENV function| getFromHiddenVar function| getHomePageServerURL function| getOneAmexURL function| getServerURL function| createCORSRequest function| showIOAToolTip function| hideIOAToolTip function| checkOnline function| shownavTooltip function| hidenavTooltips function| findPos function| setSmartRespClasses function| closePredLayer function| hideNewiOAPSDiv function| clickSearchIcon function| getOAsearch function| getQueryParamValueByName function| setCookie function| getCookie_AA function| delCookie function| iOAcheckPhoneDesk function| isAAMobile function| adjustaaLoader function| hideHelpPopUp function| showHelpPopUp function| toggleHelpPopup function| openSearchBox function| closeSearchBox function| summerNavInputBlur function| foucsPHInput function| newiNavPredLayerTouchHandler function| addNewiNavPredLayerTouchHandler function| addAAScrollerFunc function| hideSummerNavPlaceHolder undefined| guid undefined| tgtCookie function| openCobrowseOnline undefined| bdaasFrameNL undefined| bdaasFrameNLLoaded undefined| sendMessageTobdaasNL undefined| getbdaasFrameObjNL undefined| getTargetForbdaasFrameNL object| ClickStreamService string| country string| language string| businessUnit string| primaryCategory string| subCategory1 string| subCategory2 string| subCategory3

29 Cookies

Domain/Path Name / Value
l.h1.hilton.com/ Name: ASP.NET_SessionId
Value: 4sqsgqhkfljqsbnxxga0xumj
.hilton.com/ Name: xyz_cr_666_et_141
Value: ak_guid=36bca219-acc2-403e-971a-954cd66bee3b&tp=i-1NGB-Ak-TNk-9E0xXi-2H-22V7BI-1c-9DB46y-l6pHyVoToi-Wx7C2
l.h1.hilton.com/ Name: BIGipServercnv_ats_pool
Value: !xfZeJV4mRu9wfP5Z4oVQDEKIKoEeNg94MguTkHUfryss0hl+2z8s4ExuyDR+t0KdP9DH0AWEjkFhK0M=
.hilton.com/ Name: xyz_trk_cr_666
Value: tp=i-1NGB-Ak-TNk-9E0xXi-2H-22V7BI-1c-9DB46y-l6pHyVoToi-Wx7C2
.hilton.com/ Name: xyz_trk_we_grp_group_hilton_hotels
Value: tp=i-1NGB-Ak-TNk-9E0xXi-2H-22V7BI-1c-9DB46y-l6pHyVoToi-Wx7C2
www.movable-ink-6437.com/ Name: _micpn
Value: esp:e271971615e2cdc8::1638549855120
www.movable-ink-6437.com/ Name: _mibhv
Value: 586051524_4740
prvsz4pe.micpn.com/ Name: _micpn
Value: esp:e271971615e2cdc8::1638549855290
prvsz4pe.micpn.com/ Name: _mibhv
Value: 586051524_4740
.americanexpress.com/ Name: agent-id
Value: fa5e00e2-afa2-4b7f-86c7-0dfef4627b79
.apply.americanexpress.com/ Name: _vwo_uuid_v2
Value: D74994EE6334B541B559A74024945FA8F|878c7032ff2393047aa606c48583d77a
.demdex.net/ Name: demdex
Value: 24794562930488950124490294462987832494
.americanexpress.com/ Name: _vis_opt_s
Value: 1%7C
.americanexpress.com/ Name: _vis_opt_test_cookie
Value: 1
.americanexpress.com/ Name: _vwo_uuid
Value: D74994EE6334B541B559A74024945FA8F
.americanexpress.com/ Name: _vwo_sn
Value: 0%3A1
.americanexpress.com/ Name: AMCVS_5C36123F5245AF470A490D45%40AdobeOrg
Value: 1
.apply.americanexpress.com/ Name: _ga
Value: GA1.3.286097815.1638549857
.apply.americanexpress.com/ Name: _gid
Value: GA1.3.195424926.1638549857
.apply.americanexpress.com/ Name: _gat_UA-129815576-1
Value: 1
.americanexpress.com/ Name: _vwo_ds
Value: 3%3At_0%2Ca_0%3A0%241638549856%3A5.56310792%3A%3A%3A129_0%2C6_0%3A0
.americanexpress.com/ Name: s_vi
Value: [CS]v1|30D524B0EF99397A-40001E45A22665E6[CE]
.americanexpress.com/ Name: s_ecid
Value: MCMID%7C24590415967371270844474381304719165478
.americanexpress.com/ Name: AMCV_5C36123F5245AF470A490D45%40AdobeOrg
Value: 359503849%7CMCMID%7C24590415967371270844474381304719165478%7CMCAAMLH-1639154657%7C6%7CMCAAMB-1639154657%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1638557057s%7CNONE%7CMCAID%7C30D524B0EF99397A-40001E45A22665E6%7CvVersion%7C5.0.1
.americanexpress.com/ Name: s_pers
Value: %20gpv_v41%3DUS%257CAcq%257CLandingPage%7C1638551657166%3B%20s_tbm%3Dtrue%7C1638551657169%3B%20s_campStack%3D%255B%255B%2522r%25257CUS%25253Al.h1.hilton.com%2522%252C%25221638549857175%2522%255D%255D%7C1641141857175%3B
.apply.americanexpress.com/ Name: aampros
Value: SBO%3D1
.apply.americanexpress.com/ Name: aam_id
Value: 24794562930488950124490294462987832494
.hilton.com/ Name: s_vi
Value: [CS]v1|30D524B0C3211B7E-4000071A43878093[CE]
.americanexpress.com/ Name: s_sess
Value: %20s_visit%3D1%3B%20s_dedupeCM%3Dr%257CUS%253Al.h1.hilton.comr%257CUS%253Al.h1.hilton.coml.h1.hilton.comn%252Fa%3B%20s_cpc%3D1%3B%20s_cc%3Dtrue%3B%20%2520s_ips%3D1200%3B%20s_tp%3D6981%3B%20s_ppv%3DUS%25257CAcq%25257CLandingPage%252C17%252C0%252C1200%252C1%252C5%3B

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
apply.americanexpress.com
assets.adobedtm.com
cdnjs.cloudflare.com
dev.visualwebsiteoptimizer.com
dpm.demdex.net
gct.americanexpress.com
icm.aexp-static.com
l.h1.hilton.com
omns.americanexpress.com
prvsz4pe.micpn.com
s.h1.hilton.com
smetric.hilton.com
tms.americanexpress.com
www.aexp-static.com
www.americanexpress.com
www.google-analytics.com
www.googletagmanager.com
www.movable-ink-6437.com
104.130.70.25
104.89.27.168
104.89.34.51
13.225.87.45
13.36.218.177
139.71.50.190
173.213.4.175
18.66.122.102
2606:4700::6810:125e
2a00:1450:4001:809::200a
2a00:1450:4001:80f::2008
2a00:1450:4001:827::200e
2a02:26f0:6c00:299::1e80
3.124.119.57
34.96.102.137
54.228.253.216
044ca0954e671546a515d6d74ecd5a7261e332e672c854a5da42d4e6184f7630
0e3edf23f4bd6459b6187e39f175ec8d84f7f17a14e9d878dae281bb021673b8
0ffabf384e03e66888bb7e2867acf9b2f5a6bd03be7d2fc7b0f24fa06589190e
1647f383ee2cc2427e86ce4a778a4e3f9a1e375e50530d6ff0d2be84ec308364
1d820465aab3492ad9a95342f5ab0c148005369b69f84cae42d4ca47e38e68de
1efcdc16beaa5776bb06e27201284bde0a1390d88f776d87fed57b4d4dea8bea
24135161df6baf262a63ce2fde80b68e660bf33d917703732ab2b9e40f8c30d9
293f9005a0f1c26463cfd1363cda4a47fff776b11618f53f684c6f746b0fd820
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
2c37faf71b6e8635f7efa78150647a665aa26844f032899245a76028188f33e5
359ced204cb91b41bbb874139e4a3ce36f40c3852b681cfc7389ecf104d96562
37b003dc444736366f3c377810d740bf80b4f97ca03ec49d53f3271fc5bdd848
3bbed854e109af25d52885777b5237605d6fe94adbb3b6065a8a3ed57c815fd5
3c4aff5787f8a65531b86fccbec55dd7ecd58dc8d3ab6c15cff834ec517c3eeb
48b4bf7343fb15c32d6c81b46a621f1eb165d15fc2a47d79f19a9026bbaedfc7
49c47b9059af505736532d0d5ff6c6a5d5ff75eea62f44f4bf4b51eb2ca4e93f
4bde68201bed19cd0ae007924a7ed572d14ed30546ee7610f3f0dfdea00aafe3
5033da011e08a092e03a4d7093ef5479988eb2c865ba24b712d5f9323d30eee5
5947ad2e0151c6b3810da57499488d4a67845a592044851510f97f8ba96f51e9
5db6a88b4ca22f53977974f68c09244cfe7b4e978b13b67de77874641f01d02a
5e3c004792928f9e9a87005987a4514a23082776908356b20b96709f1d2f048e
694daffab463c64a1b7105850a9f2332cb17ce534bfd3cfe54efa47495ff6bf5
6add06028e37af0c93ba3ad4d8ce9216c2cd6ae413bd5e5ccfe95a7ff48cd111
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6bee013ad600a622c70686cc35250487923d994db2bf32c0ac5b393049ff0a89
6d78e2b672db4841cbc0379dc1b4770e2c935b0ec6c677a13e8f271f77783cef
742ad3a3fdc706946e2da36fe1698a2a19a6ac4da635f5724a90a9e702493acc
7c0a79b3aaaf119ef881387e31762ba8865b619cfb120a4dff7b785a60dfbfde
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8446c2c893fb32f134a974ec9f259f30f5fcb4cd487e87c24bc8aa0aaa962c82
862341b6b5575d870f96b8be0060ce3f0809d282d97d519fab3a1cbad80d4e63
89d654bdc87c81950f97406f01dbb301091615368cbd43e9c5dc9eca6d31db6d
8a58fd45b1bb5bfc59d8bd1caa631db68ed31e84c0bc0daa6fb59df1446ff263
8c83c596abf7096d4ac19854d8297883a6a6172a665485efcd0d7e52618d3c0b
919d904a5f297cdb85266e034b12bedfc60139d28da581e1d109a264e423b978
95ada0091793729d590197fc35db6fa2b91cc926117cbf58332b442870beb92c
9ab48c4e4df429098fd51b4b5dfc13daa62e139d21fe2a6d5537d5298b9ab156
9c15c9f80a5caab8b2503ea62c142c4161ff3fd8ff4ed555f5b4ef801ad22b26
9f6d96a58c1ab300055657627bebec43d480f6a9238b5524bbc0e81dbac336d0
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a1936fb48818573068db5842198dc8f4997379c05c06b3b52f3b935954e3f640
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a3e23aca2380656d730fe1d949c443d02caaa08d46d2ce0159420d1491bdf5fc
a3f23882af078056246b6773a358d1d244b163ca8cb8c4016edc9e5a627c0cd7
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
b26813d74c96c7110bccdb24c3409418ee4414a8baa199548656c73ae3bf11a6
b657944e9fc80e8dd22fb31b7e50d71c71c61f4fcdca17b7c8b026e7d22e9bad
bb4fdaff53e7e5f447bd76bca23ecf8c4fba03413cbf27011f9eb0ee3fc9f29c
bf1b846aaf0fdeb8d165eaf532818e02de80780ceb6b3ea404fe5064de37fe49
c47290044616320e6c3e345ce17e14acfd4624fe6c5661a760111b1c99911d99
c56a7eae18805c1e1d168ae6fbcee455155906c7b7a060e797d7526a5d4beafa
ccdc63e759a80a7d75a7ba9177e3406c9208a496c238bf132fa4a3c33fbc600e
cfc14e8728ed5849dc37700aa84b33db49f30c267b17921b6b7d35a9f5b266e1
d3da0faf4a52acadf94726b683c85137d5ba3dd68c8d4376f61c821b546964ae
d68811483aa86757a75b80f7ae6f54de65c3649572ad29e530242e431eef84bf
da5e17cc68add2975a40df41257a9155c7ba55ff537fe86d8a461f820d6dbe89
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e73ac8b308d348235c402fdf2eb840ea9d5d3f8b3eae30470ba586fa4775c4a9
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
e916478d94814b1a0c2680424c323db0514f4a022d16835cd7bcc754722308f4
f167a1b822a57e70e2de8660d27eadfb9246b130c53592d7ec22cb1d4f2deab2
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
ffe87a9ed2eb1bed208ae9d0139d7e6e48d25623f15c38e500146bf430e9d00a