secure.americanexpress.com.bh Open in urlscan Pro
45.60.47.115 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://secure.americanexpress.com.bh/en-bh/fraud-protection-center/security-tips/
Submission Tags: @ecarlesi threat phishing Search All
Submission: On April 23 via api (April 23rd 2024, 6:11:07 am UTC) from IT — Scanned from IT

Summary HTTP 45 Redirects Links 14 Behaviour Indicators

Summary

This website contacted 6 IPs in 3 countries across 5 domains to perform 45 HTTP transactions. The main IP is 45.60.47.115, located in United States and belongs to INCAPSULA, US. The main domain is secure.americanexpress.com.bh.
TLS certificate: Issued by DigiCert EV RSA CA G2 on September 4th 2023. Valid for: a year.

This is the only time secure.americanexpress.com.bh was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
26	45.60.47.115 45.60.47.115	19551 (INCAPSULA) (INCAPSULA)
2	216.58.206.72 216.58.206.72	15169 (GOOGLE) (GOOGLE)
12	104.73.183.75 104.73.183.75	16625 (AKAMAI-AS) (AKAMAI-AS)
2	216.239.34.36 216.239.34.36	15169 (GOOGLE) (GOOGLE)
2	104.18.41.126 104.18.41.126	13335 (CLOUDFLAR...) (CLOUDFLARENET)
45	6

26 45.60.47.115 (United States)

ASN19551 (INCAPSULA, US)

secure.americanexpress.com.bh	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.58.206.72 (United States)

ASN15169 (GOOGLE, US)
PTR: tzfraa-aa-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 104.73.183.75 (Dublin, Ireland)

ASN16625 (AKAMAI-AS, US)
PTR: a104-73-183-75.deploy.static.akamaitechnologies.com

www.aexp-static.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.239.34.36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.41.126 (None, )

ASN13335 (CLOUDFLARENET, US)

www.datocms-assets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
26	americanexpress.com.bh secure.americanexpress.com.bh	577 KB
12	aexp-static.com www.aexp-static.com — Cisco Umbrella Rank: 13163	243 KB
2	datocms-assets.com www.datocms-assets.com — Cisco Umbrella Rank: 26819	1 KB
2	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 2404	317 B
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	172 KB
45	5

	Domain	Requested by
26	secure.americanexpress.com.bh	secure.americanexpress.com.bh www.googletagmanager.com
12	www.aexp-static.com	secure.americanexpress.com.bh
2	www.datocms-assets.com
2	region1.google-analytics.com	www.googletagmanager.com
2	www.googletagmanager.com	secure.americanexpress.com.bh www.googletagmanager.com
45	5

This site contains links to these domains. Also see Links.

Domain
www.datocms-assets.com
www.membershiprewards.com.bh
www.americanexpress.ae
app.adjust.com
play.google.com
www.linkedin.com
www.facebook.com
www.instagram.com

Subject Issuer	Validity	Valid
secure.americanexpress.com.bh DigiCert EV RSA CA G2	`2023-09-04` - `2024-10-04`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-03-18` - `2024-06-10`	3 months	crt.sh
m.americanexpress.com DigiCert SHA2 Extended Validation Server CA	`2024-03-06` - `2025-03-06`	a year	crt.sh
datocms-assets.com GTS CA 1P5	`2024-04-04` - `2024-07-03`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://secure.americanexpress.com.bh/en-bh/fraud-protection-center/security-tips/
Frame ID: 57D622CD2BBE1D92B302EC20CE272145
Requests: 45 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

SECURITY TIPS | American Express Bahrain

Detected technologies

DatoCMS (CMS) Expand

Overall confidence: 100%
Detected patterns

<[^>]+https://www\.datocms-assets\.com

Amex Express Checkout (Payment processors) Expand

Overall confidence: 100%
Detected patterns

aexp-static\.com

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Page Statistics

45
Requests

98 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

6
IPs

3
Countries

994 kB
Transfer

2594 kB
Size

7
Cookies

14 Outgoing links

These are links going to different origins than the main page.

URL: https://www.datocms-assets.com/93849/1680264429-32565_amex_knowyourcardmember-formpersonalization_v16_2.pdf
Title: Update your information

Search URL Search Domain Scan URL

URL: https://www.membershiprewards.com.bh/
Title: Membership Rewards®

Search URL Search Domain Scan URL

URL: https://www.americanexpress.ae/online/offers
Title: Amex Offers

Search URL Search Domain Scan URL

URL: https://app.adjust.com/zh4jbp7

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.AmexApp

Search URL Search Domain Scan URL

URL: https://www.datocms-assets.com/93849/1680204503-fatca-communication_bahrain.pdf
Title: FATCA Notice

Search URL Search Domain Scan URL

URL: https://www.datocms-assets.com/93849/1680204970-amex_kyc-form-v11-27feb2018.pdf
Title: Update Your Information

Search URL Search Domain Scan URL

URL: https://www.datocms-assets.com/93849/1680205056-app-cm-3_credit-reference-code-of-practice_arab_june-2016.pdf
Title: Al Etihad Credit Bureau

Search URL Search Domain Scan URL

URL: https://www.datocms-assets.com/93849/1680205149-cardmemberdisputeform2019.pdf
Title: Cardmember Dispute Form

Search URL Search Domain Scan URL

URL: https://www.datocms-assets.com/93849/1695201801-amex-bahrain-vat-certificate-23-july2023.pdf
Title: VAT Notification

Search URL Search Domain Scan URL

URL: https://www.datocms-assets.com/93849/1680267419-en-bh.pdf
Title: Data Privacy Notice

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/americanexpressme

Search URL Search Domain Scan URL

URL: https://www.facebook.com/AmericanExpressME

Search URL Search Domain Scan URL

URL: https://www.instagram.com/amexmena/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

45 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
secure.americanexpress.com.bh/en-bh/fraud-protection-center/security-tips/ 84 KB
19 KB 1596ms
1554ms Document
text/html 45.60.47.115
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.americanexpress.com.bh/en-bh/fraud-protection-center/security-tips/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.47.115 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

deb48f1218a827a08540d0b02e842e15692d9131ee6a2c6fb9e9e21f409b1e45

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://secure.americanexpress.com.bh https://www.americanexpress.ae http://image.message.americanexpress.com.bh;
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: it-IT,it;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ranges: bytes
content-encoding: gzip
content-security-policy: frame-ancestors 'self' https://secure.americanexpress.com.bh https://www.americanexpress.ae http://image.message.americanexpress.com.bh;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.aexp-static.com *.snapchat.com *.googleapis.com *.doubleclick.net use.typekit.net www.google.com www.google-analytics.com pro.ip-api.com www.googletagmanager.com *.gstatic.com www.datocms-assets.com maps.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report
content-type: text/html
date: Tue, 23 Apr 2024 06:10:58 GMT
etag: "14fad-61649390d1eff"
last-modified: Wed, 17 Apr 2024 11:33:25 GMT
strict-transport-security: max-age=31536000
x-cdn: Imperva
x-frame-options: SAMEORIGIN
x-iinfo: 15-77589917-77589923 NNYN CT(509 519 0) RT(1713852656848 18) q(0 0 10 0) r(16 16) U12

GET
H2 200 ead-agains-be-with-your-Cawdor-heare-at-noth-Len Show response
secure.americanexpress.com.bh/ 228 KB
74 KB 85ms
84ms Script
text/javascript 45.60.47.115
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.americanexpress.com.bh/ead-agains-be-with-your-Cawdor-heare-at-noth-Len

Requested by

Host: secure.americanexpress.com.bh
URL: https://secure.americanexpress.com.bh/en-bh/fraud-protection-center/security-tips/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.47.115 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

bon /

Resource Hash

069c868a68bfe94ad716293f9ccbd447178d6ad6f390ccf923eaba4254b2899e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://secure.americanexpress.com.bh/en-bh/fraud-protection-center/security-tips/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 06:10:58 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
server: bon
x-cdn: Imperva
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.aexp-static.com *.snapchat.com *.googleapis.com *.doubleclick.net use.typekit.net www.google.com www.google-analytics.com pro.ip-api.com www.googletagmanager.com *.gstatic.com www.datocms-assets.com maps.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report
content-type: text/javascript
access-control-allow-origin: *
x-iinfo: 15-77589917-77590070 NNNN CT(12 12 0) RT(1713852656848 1589) q(0 0 0 -1) r(0 1)
cache-control: max-age=60
server-timing: bon, total;dur=13.33657
content-length: 75452

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 208 KB
75 KB 101ms
41ms Script
application/javascript 216.58.206.72
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=GTM-P4KXRH5

Requested by

Host: secure.americanexpress.com.bh
URL: https://secure.americanexpress.com.bh/en-bh/fraud-protection-center/security-tips/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.72 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

tzfraa-aa-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

f7b3c19d1183ebdba1166089fe006d8556b049860be29015a002ccf65bcaaa49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://secure.americanexpress.com.bh/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 06:10:58 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 76264
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 23 Apr 2024 06:10:58 GMT

GET
H2 200 cbb36990cd57a078.css
secure.americanexpress.com.bh/_next/static/css/ 366 KB
51 KB 19ms
19ms Stylesheet
text/css 45.60.47.115
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.americanexpress.com.bh/_next/static/css/cbb36990cd57a078.css

Requested by

Host: secure.americanexpress.com.bh
URL: https://secure.americanexpress.com.bh/en-bh/fraud-protection-center/security-tips/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.47.115 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

2e7a7c658e75d61644247177e9e03fc8b5da45dfccc04837d8ac32d49387f1ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://secure.americanexpress.com.bh/en-bh/fraud-protection-center/security-tips/
Origin: https://secure.americanexpress.com.bh
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 06:10:58 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Wed, 17 Apr 2024 11:29:52 GMT
x-cdn: Imperva
etag: "5b9b3-616492c53a788"
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.aexp-static.com *.snapchat.com *.googleapis.com *.doubleclick.net use.typekit.net www.google.com www.google-analytics.com pro.ip-api.com www.googletagmanager.com *.gstatic.com www.datocms-assets.com maps.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report
content-type: text/css
x-iinfo: 15-77589917-0 0CNN RT(1713852656848 1586) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=14563, public
x-incap-sess-cookie-hdr: O0ToWcez+1G3qg7YLGvUFfJQJ2YAAAAAlGtqX69vlFNGMHJwsUMbIg==
content-length: 52012
expires: Tue, 23 Apr 2024 10:13:41 GMT

GET
H2 200 webpack-e81585bb9a6b8f4d.js Show response
secure.americanexpress.com.bh/_next/static/chunks/ 2 KB
1 KB 44ms
42ms Script
application/x-javascript 45.60.47.115
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.americanexpress.com.bh/_next/static/chunks/webpack-e81585bb9a6b8f4d.js

Requested by

Host: secure.americanexpress.com.bh
URL: https://secure.americanexpress.com.bh/en-bh/fraud-protection-center/security-tips/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.47.115 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

82c1f4a7cb54d4960c31bcd0da743f06882042827366f973b1799b07163646f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://secure.americanexpress.com.bh/en-bh/fraud-protection-center/security-tips/
Origin: https://secure.americanexpress.com.bh
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 06:10:58 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Wed, 17 Apr 2024 11:29:52 GMT
x-cdn: Imperva
etag: "835-616492c547e62"
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.aexp-static.com *.snapchat.com *.googleapis.com *.doubleclick.net use.typekit.net www.google.com www.google-analytics.com pro.ip-api.com www.googletagmanager.com *.gstatic.com www.datocms-assets.com maps.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report
content-type: application/x-javascript
x-iinfo: 15-77589917-0 0CNN RT(1713852656848 1590) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=14560, public
x-incap-sess-cookie-hdr: U2q7V353FxK3qg7YLGvUFfJQJ2YAAAAAEBOqEyHC8OeK514N0dknZA==
content-length: 1000
expires: Tue, 23 Apr 2024 10:13:38 GMT

GET
H2 200 framework-92a422f151f77ddb.js Show response
secure.americanexpress.com.bh/_next/static/chunks/ 138 KB
44 KB 45ms
44ms Script
application/x-javascript 45.60.47.115
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.americanexpress.com.bh/_next/static/chunks/framework-92a422f151f77ddb.js

Requested by

Host: secure.americanexpress.com.bh
URL: https://secure.americanexpress.com.bh/en-bh/fraud-protection-center/security-tips/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.47.115 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

c085969288e366f115fd6ba1c93ce5c3ffecb65f6298a770385e192872f96252

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://secure.americanexpress.com.bh/en-bh/fraud-protection-center/security-tips/
Origin: https://secure.americanexpress.com.bh
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 06:10:58 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Wed, 17 Apr 2024 11:29:52 GMT
x-cdn: Imperva
etag: "226b9-616492c548a1a"
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.aexp-static.com *.snapchat.com *.googleapis.com *.doubleclick.net use.typekit.net www.google.com www.google-analytics.com pro.ip-api.com www.googletagmanager.com *.gstatic.com www.datocms-assets.com maps.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report
content-type: application/x-javascript
x-iinfo: 15-77589917-0 0CNN RT(1713852656848 1592) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=14561, public
x-incap-sess-cookie-hdr: 2p65c/oL+hy3qg7YLGvUFfJQJ2YAAAAAAyXiv5QP8pf0KplzQMT/Kw==
content-length: 45299
expires: Tue, 23 Apr 2024 10:13:39 GMT

GET
H2 200 main-0c06a0d3c5bc7313.js Show response
secure.americanexpress.com.bh/_next/static/chunks/ 107 KB
31 KB 56ms
55ms Script
application/x-javascript 45.60.47.115
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.americanexpress.com.bh/_next/static/chunks/main-0c06a0d3c5bc7313.js

Requested by

Host: secure.americanexpress.com.bh
URL: https://secure.americanexpress.com.bh/en-bh/fraud-protection-center/security-tips/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.47.115 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

479796d84456ee2fca7659fffb62bd02aea72bdc60e5b17f314f26e34b002b08

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://secure.americanexpress.com.bh/en-bh/fraud-protection-center/security-tips/
Origin: https://secure.americanexpress.com.bh
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 06:10:58 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Wed, 17 Apr 2024 11:29:52 GMT
x-cdn: Imperva
etag: "1aad1-616492c5397e6"
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.aexp-static.com *.snapchat.com *.googleapis.com *.doubleclick.net use.typekit.net www.google.com www.google-analytics.com pro.ip-api.com www.googletagmanager.com *.gstatic.com www.datocms-assets.com maps.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report
content-type: application/x-javascript
x-iinfo: 15-77589917-0 0CNN RT(1713852656848 1594) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=14561, public
x-incap-sess-cookie-hdr: cP96QKA77wS3qg7YLGvUFfJQJ2YAAAAAAOiusvG+eWQ2Y/ercsYL4A==
content-length: 31776
expires: Tue, 23 Apr 2024 10:13:39 GMT

GET
H2 200 _app-8292e56c102461c5.js Show response
secure.americanexpress.com.bh/_next/static/chunks/pages/ 131 KB
34 KB 63ms
62ms Script
application/x-javascript 45.60.47.115
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.americanexpress.com.bh/_next/static/chunks/pages/_app-8292e56c102461c5.js

Requested by

Host: secure.americanexpress.com.bh
URL: https://secure.americanexpress.com.bh/en-bh/fraud-protection-center/security-tips/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.47.115 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

e3d87dba37948cfb9e7af66d4463d41b6fe25f0842e179dd4bddd4d0ec038cd3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://secure.americanexpress.com.bh/en-bh/fraud-protection-center/security-tips/
Origin: https://secure.americanexpress.com.bh
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 06:10:58 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Wed, 17 Apr 2024 11:29:52 GMT
x-cdn: Imperva
etag: "20ac3-616492c53a39c"
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.aexp-static.com *.snapchat.com *.googleapis.com *.doubleclick.net use.typekit.net www.google.com www.google-analytics.com pro.ip-api.com www.googletagmanager.com *.gstatic.com www.datocms-assets.com maps.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report
content-type: application/x-javascript
x-iinfo: 15-77589917-0 0CNN RT(1713852656848 1596) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=14560, public
x-incap-sess-cookie-hdr: 8IPBWXFhgki3qg7YLGvUFfJQJ2YAAAAA/twupguRyT6nNcnGMuLJkg==
content-length: 34138
expires: Tue, 23 Apr 2024 10:13:38 GMT

GET
H2 200 755-7b36580efd0a327c.js Show response
secure.americanexpress.com.bh/_next/static/chunks/ 13 KB
5 KB 68ms
67ms Script
application/x-javascript 45.60.47.115
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.americanexpress.com.bh/_next/static/chunks/755-7b36580efd0a327c.js

Requested by

Host: secure.americanexpress.com.bh
URL: https://secure.americanexpress.com.bh/en-bh/fraud-protection-center/security-tips/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.47.115 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

fd0940e851d3ee71185f321172086a86a6f7e2d8a6e2dd8488849b047da4d735

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://secure.americanexpress.com.bh/en-bh/fraud-protection-center/security-tips/
Origin: https://secure.americanexpress.com.bh
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 06:10:58 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Wed, 17 Apr 2024 11:29:52 GMT
x-cdn: Imperva
etag: "358c-616492c549da1"
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.aexp-static.com *.snapchat.com *.googleapis.com *.doubleclick.net use.typekit.net www.google.com www.google-analytics.com pro.ip-api.com www.googletagmanager.com *.gstatic.com www.datocms-assets.com maps.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report
content-type: application/x-javascript
x-iinfo: 15-77589917-0 0CNN RT(1713852656848 1598) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=14561, public
x-incap-sess-cookie-hdr: uqYkLdBFsnm3qg7YLGvUFfJQJ2YAAAAAZKeO8NZ2XmpkEyFMbdb5HQ==
content-length: 5009
expires: Tue, 23 Apr 2024 10:13:39 GMT

GET
H2 200 %5Bslug%5D-cb79953d1a2c1385.js Show response
secure.americanexpress.com.bh/_next/static/chunks/pages/%5Blanguage_country%5D/fraud-protection-center/ 13 KB
4 KB 72ms
71ms Script
application/x-javascript 45.60.47.115
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.americanexpress.com.bh/_next/static/chunks/pages/%5Blanguage_country%5D/fraud-protection-center/%5Bslug%5D-cb79953d1a2c1385.js

Requested by

Host: secure.americanexpress.com.bh
URL: https://secure.americanexpress.com.bh/en-bh/fraud-protection-center/security-tips/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.47.115 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

a31072d1a1c8496b8e0c885688909ffe54414effa1c4a36e4d6317beb59ed471

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://secure.americanexpress.com.bh/en-bh/fraud-protection-center/security-tips/
Origin: https://secure.americanexpress.com.bh
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 06:10:58 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Wed, 17 Apr 2024 11:29:52 GMT
x-cdn: Imperva
etag: "32db-616492c541100"
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.aexp-static.com *.snapchat.com *.googleapis.com *.doubleclick.net use.typekit.net www.google.com www.google-analytics.com pro.ip-api.com www.googletagmanager.com *.gstatic.com www.datocms-assets.com maps.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report
content-type: application/x-javascript
x-iinfo: 15-77589917-77562144 2CNN RT(1713852656848 1599) q(0 0 0 -1) r(0 0)
cache-control: max-age=17066, public
x-incap-sess-cookie-hdr: 0mu/O+rzUk63qg7YLGvUFfJQJ2YAAAAAJeLmn0x4MAjiQhHjxD9CEQ==
content-length: 4015
expires: Tue, 23 Apr 2024 10:55:24 GMT

GET
H2 200 _buildManifest.js Show response
secure.americanexpress.com.bh/_next/static/eE-5lM3RSnJKJjQ8IhTui/ 8 KB
2 KB 70ms
69ms Script
application/x-javascript 45.60.47.115
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.americanexpress.com.bh/_next/static/eE-5lM3RSnJKJjQ8IhTui/_buildManifest.js

Requested by

Host: secure.americanexpress.com.bh
URL: https://secure.americanexpress.com.bh/en-bh/fraud-protection-center/security-tips/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.47.115 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

87778ab8d0a0af3787f055b4ceaa5d41c12056bafbea6e73c48b448d37cba248

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://secure.americanexpress.com.bh/en-bh/fraud-protection-center/security-tips/
Origin: https://secure.americanexpress.com.bh
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 06:10:58 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Wed, 17 Apr 2024 11:29:52 GMT
x-cdn: Imperva
etag: "1f92-616492c539bce"
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.aexp-static.com *.snapchat.com *.googleapis.com *.doubleclick.net use.typekit.net www.google.com www.google-analytics.com pro.ip-api.com www.googletagmanager.com *.gstatic.com www.datocms-assets.com maps.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report
content-type: application/x-javascript
x-iinfo: 15-77589917-0 0CNN RT(1713852656848 1600) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=14561, public
x-incap-sess-cookie-hdr: mTK8N62d6223qg7YLGvUFfJQJ2YAAAAAWRXiQoQOXhiI5MQqzexZhw==
content-length: 1713
expires: Tue, 23 Apr 2024 10:13:39 GMT

GET
H2 200 _ssgManifest.js Show response
secure.americanexpress.com.bh/_next/static/eE-5lM3RSnJKJjQ8IhTui/ 2 KB
655 B 71ms
70ms Script
application/x-javascript 45.60.47.115
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.americanexpress.com.bh/_next/static/eE-5lM3RSnJKJjQ8IhTui/_ssgManifest.js

Requested by

Host: secure.americanexpress.com.bh
URL: https://secure.americanexpress.com.bh/en-bh/fraud-protection-center/security-tips/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.47.115 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

8167adb1f8881fa5c5e5ef3a743d4da2ea607838a87d36acf51d84cff08df826

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://secure.americanexpress.com.bh/en-bh/fraud-protection-center/security-tips/
Origin: https://secure.americanexpress.com.bh
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 06:10:58 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Wed, 17 Apr 2024 11:38:03 GMT
x-cdn: Imperva
etag: "969-616494997d122"
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.aexp-static.com *.snapchat.com *.googleapis.com *.doubleclick.net use.typekit.net www.google.com www.google-analytics.com pro.ip-api.com www.googletagmanager.com *.gstatic.com www.datocms-assets.com maps.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report
content-type: application/x-javascript
x-iinfo: 15-77589917-0 0CNN RT(1713852656848 1601) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=14561, public
x-incap-sess-cookie-hdr: BnkrC0Qm4le3qg7YLGvUFfJQJ2YAAAAA1oqXP/fgQ2KC92EMBHx7ew==
content-length: 480
expires: Tue, 23 Apr 2024 10:13:39 GMT

GET
H2 200 dls-logo-bluebox-solid.svg
www.aexp-static.com/cdaas/one/statics/axp-static-assets/2.24.1/package/dist/img/logos/ 2 KB
1 KB 200ms
66ms Image
image/svg+xml 104.73.183.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.aexp-static.com/cdaas/one/statics/axp-static-assets/2.24.1/package/dist/img/logos/dls-logo-bluebox-solid.svg
Requested by: Host: secure.americanexpress.com.bh
URL: https://secure.americanexpress.com.bh/en-bh/fraud-protection-center/security-tips/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.73.183.75 Dublin, Ireland, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-73-183-75.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 028f643755987211bf2f3add6c62ae1870a888cf2f4fe3040a4fac7dce2543ab

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://secure.americanexpress.com.bh/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 06:10:58 GMT
content-encoding: gzip
last-modified: Thu, 01 Jul 2021 15:34:07 GMT
etag: W/"60dde06f-962"
vary: Origin, Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=31536000, must-revalidate
timing-allow-origin: *
content-length: 989

GET
H2 200 dls-logo-stack.svg
www.aexp-static.com/cdaas/one/statics/@americanexpress/static-assets/2.28.0/package/dist/img/logos/ 2 KB
922 B 200ms
67ms Image
image/svg+xml 104.73.183.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.aexp-static.com/cdaas/one/statics/@americanexpress/static-assets/2.28.0/package/dist/img/logos/dls-logo-stack.svg
Requested by: Host: secure.americanexpress.com.bh
URL: https://secure.americanexpress.com.bh/en-bh/fraud-protection-center/security-tips/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.73.183.75 Dublin, Ireland, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-73-183-75.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fc69234936c0df004440641a5df9ee1e3c3532df5780984f0f636e85e8788519

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://secure.americanexpress.com.bh/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 06:10:58 GMT
content-encoding: gzip
last-modified: Mon, 20 Feb 2023 16:52:20 GMT
etag: W/"63f3a544-66e"
vary: Origin, Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=31536000, must-revalidate
timing-allow-origin: *
content-length: 743

GET
DATA 200
OK truncated
/ 271 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aeee4bd51e2feb43c539f27fb60f427134033aa7f8a6bec0b66c5aa4bfe391fe

Request headers

Accept-Language: it-IT,it;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 290 KB
97 KB 43ms
42ms Script
application/javascript 216.58.206.72
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-TJLPBXF5GF&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=GTM-P4KXRH5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.72 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

tzfraa-aa-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

01607e7ead106aaf35df28d29460d320080e8f01134e7ca3c6c7df1e8b3656c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://secure.americanexpress.com.bh/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 06:10:58 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 99603
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 23 Apr 2024 06:10:58 GMT

POST
H2 200 csp_report
secure.americanexpress.com.bh/ 0
66 B 23ms
23ms Other
text/plain 45.60.47.115
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.americanexpress.com.bh/csp_report

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-TJLPBXF5GF&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.47.115 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://secure.americanexpress.com.bh/en-bh/fraud-protection-center/security-tips/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: application/csp-report

Response headers

strict-transport-security: max-age=31536000
cache-control: no-cache, no-store
x-robots-tag: noindex
content-length: 0
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.aexp-static.com *.snapchat.com *.googleapis.com *.doubleclick.net use.typekit.net www.google.com www.google-analytics.com pro.ip-api.com www.googletagmanager.com *.gstatic.com www.datocms-assets.com maps.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report
content-type: text/plain

POST
H2 204 collect
region1.google-analytics.com/g/ 0
263 B 82ms
33ms Ping
text/plain 216.239.34.36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-TJLPBXF5GF&gtm=45je44h0v894394971z8847218526za200&_p=1713852658793&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1140647126.1713852659&ul=it-it&sr=1600x1200&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_s=1&sid=1713852659&sct=1&seg=0&dl=https%3A%2F%2Fsecure.americanexpress.com.bh%2Fen-bh%2Ffraud-protection-center%2Fsecurity-tips%2F&dt=SECURITY%20TIPS%20%7C%20American%20Express%20Bahrain&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page=%2F&tfd=1849
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-TJLPBXF5GF&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.34.36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://secure.americanexpress.com.bh/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Tue, 23 Apr 2024 06:10:59 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://secure.americanexpress.com.bh
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dls-icons.woff
www.aexp-static.com/cdaas/one/statics/@americanexpress/static-assets/2.27.0/package/dist/iconfont/ 55 KB
56 KB 212ms
113ms Font
font/woff 104.73.183.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.aexp-static.com/cdaas/one/statics/@americanexpress/static-assets/2.27.0/package/dist/iconfont/dls-icons.woff?v=2.27.0
Requested by: Host: secure.americanexpress.com.bh
URL: https://secure.americanexpress.com.bh/_next/static/css/cbb36990cd57a078.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.73.183.75 Dublin, Ireland, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-73-183-75.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 3530f9432334e47cf7e84f8e0ce64f80d45d7329f44f691a3eb30977a4bbf052

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://secure.americanexpress.com.bh/
Origin: https://secure.americanexpress.com.bh
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 06:10:59 GMT
last-modified: Mon, 01 Aug 2022 18:53:07 GMT
etag: "62e82113-ddf8"
vary: Origin, Accept-Encoding
access-control-allow-methods: GET
content-type: font/woff
access-control-allow-origin: https://secure.americanexpress.com.bh
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
timing-allow-origin: *
content-length: 56824

GET
H2 200 3be50273-0b2e-4aef-ae68-882eacd611f9-3.woff
www.aexp-static.com/cdaas/one/statics/@americanexpress/static-assets/2.27.0/package/dist/fonts/ 36 KB
37 KB 163ms
64ms Font
font/woff 104.73.183.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.aexp-static.com/cdaas/one/statics/@americanexpress/static-assets/2.27.0/package/dist/fonts/3be50273-0b2e-4aef-ae68-882eacd611f9-3.woff
Requested by: Host: secure.americanexpress.com.bh
URL: https://secure.americanexpress.com.bh/_next/static/css/cbb36990cd57a078.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.73.183.75 Dublin, Ireland, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-73-183-75.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 48050d8eeb740bb31aaad9eb82bcd4a493b474c9385eeda5fc2ca2ea279cffad

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://secure.americanexpress.com.bh/
Origin: https://secure.americanexpress.com.bh
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 06:10:59 GMT
last-modified: Mon, 01 Aug 2022 18:53:00 GMT
etag: "62e8210c-9121"
vary: Origin, Accept-Encoding
access-control-allow-methods: GET
content-type: font/woff
access-control-allow-origin: https://secure.americanexpress.com.bh
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
timing-allow-origin: *
content-length: 37153

GET
H2 200 badge-apple-app-store-md.svg
www.aexp-static.com/cdaas/one/statics/axp-static-assets/2.24.1/package/dist/img/badges/ 7 KB
3 KB 95ms
94ms Image
image/svg+xml 104.73.183.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.aexp-static.com/cdaas/one/statics/axp-static-assets/2.24.1/package/dist/img/badges/badge-apple-app-store-md.svg
Requested by: Host: secure.americanexpress.com.bh
URL: https://secure.americanexpress.com.bh/en-bh/fraud-protection-center/security-tips/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.73.183.75 Dublin, Ireland, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-73-183-75.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: cc37c9792d18b6792110c1402cc4c06dc10dd49047e0e74cb422ce8828a2316d

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://secure.americanexpress.com.bh/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 06:10:59 GMT
content-encoding: gzip
last-modified: Thu, 01 Jul 2021 15:34:07 GMT
etag: W/"60dde06f-1c00"
vary: Origin, Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=31536000, must-revalidate
timing-allow-origin: *
content-length: 3003

GET
H2 200 badge-google-play-md.svg
www.aexp-static.com/cdaas/one/statics/axp-static-assets/2.24.1/package/dist/img/badges/ 6 KB
3 KB 96ms
95ms Image
image/svg+xml 104.73.183.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.aexp-static.com/cdaas/one/statics/axp-static-assets/2.24.1/package/dist/img/badges/badge-google-play-md.svg
Requested by: Host: secure.americanexpress.com.bh
URL: https://secure.americanexpress.com.bh/en-bh/fraud-protection-center/security-tips/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.73.183.75 Dublin, Ireland, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-73-183-75.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: f7a1235fb36cb2f91ecb2899041002cba9c2877d31f0e2a7df002184e86dec4d

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://secure.americanexpress.com.bh/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 06:10:59 GMT
content-encoding: gzip
last-modified: Thu, 01 Jul 2021 15:34:07 GMT
etag: W/"60dde06f-1854"
vary: Origin, Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=31536000, must-revalidate
timing-allow-origin: *
content-length: 2543

GET
H2 200 dls-logo-line.svg
www.aexp-static.com/cdaas/one/statics/axp-static-assets/2.24.1/package/dist/img/logos/ 2 KB
890 B 97ms
97ms Image
image/svg+xml 104.73.183.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.aexp-static.com/cdaas/one/statics/axp-static-assets/2.24.1/package/dist/img/logos/dls-logo-line.svg
Requested by: Host: secure.americanexpress.com.bh
URL: https://secure.americanexpress.com.bh/en-bh/fraud-protection-center/security-tips/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.73.183.75 Dublin, Ireland, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-73-183-75.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: c39e8554624a4b74e596d2bfa96bdd4d30dbc395532ab32e67591c0e929080e9

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://secure.americanexpress.com.bh/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 06:10:59 GMT
content-encoding: gzip
last-modified: Thu, 01 Jul 2021 15:34:07 GMT
etag: W/"60dde06f-693"
vary: Origin, Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=31536000, must-revalidate
timing-allow-origin: *
content-length: 712

GET
H2 200 social-network-instagram.svg
www.aexp-static.com/cdaas/one/statics/axp-static-assets/2.24.1/package/dist/img/social/ 7 KB
3 KB 98ms
98ms Image
image/svg+xml 104.73.183.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.aexp-static.com/cdaas/one/statics/axp-static-assets/2.24.1/package/dist/img/social/social-network-instagram.svg
Requested by: Host: secure.americanexpress.com.bh
URL: https://secure.americanexpress.com.bh/en-bh/fraud-protection-center/security-tips/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.73.183.75 Dublin, Ireland, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-73-183-75.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: adafbb8ec7a3eea7e9969761ea780bc9ed807d73522bdfddfe22bc110b783b4d

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://secure.americanexpress.com.bh/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 06:10:59 GMT
content-encoding: gzip
last-modified: Thu, 01 Jul 2021 15:34:07 GMT
etag: W/"60dde06f-1dfb"
vary: Origin, Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=31536000, must-revalidate
timing-allow-origin: *
content-length: 2733

GET
H2 200 1676357551-bh.svg
www.datocms-assets.com/93849/ 252 B
376 B 144ms
104ms Image
image/svg+xml 104.18.41.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.datocms-assets.com/93849/1676357551-bh.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.41.126 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a519f58c9007731d70a975a48cc81fcf516ab52ab972f9739eace370431e0c2

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'unsafe-inline'; form-action 'none'; sandbox
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://secure.americanexpress.com.bh/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-version: 2
date: Tue, 23 Apr 2024 06:11:01 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; form-action 'none'; sandbox
age: 558592
x-cache: MISS, MISS
cross-origin-resource-policy: cross-origin
x-imgix-id: 982a58b4a51a5d9826fd8305a4f2260f6a08ab81
x-status: HIT
x-xss-protection: 1; mode=block
x-served-by: cache-sjc10047-SJC, cache-iad-kiad7000085-IAD
last-modified: Wed, 06 Mar 2024 01:32:14 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 878bb19ebc1a0d5d-MXP
timing-allow-origin: *
expires: Wed, 23 Apr 2025 06:11:01 GMT

GET
H2 200 social-network-linkedin.svg
www.aexp-static.com/cdaas/one/statics/axp-static-assets/2.24.1/package/dist/img/social/ 622 B
556 B 64ms
63ms Image
image/svg+xml 104.73.183.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.aexp-static.com/cdaas/one/statics/axp-static-assets/2.24.1/package/dist/img/social/social-network-linkedin.svg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.73.183.75 Dublin, Ireland, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-73-183-75.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 3e7efce56ad0cd36b986feff7c85d6d1badf2a056fa7bcd8d12281a2c90358a2

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://secure.americanexpress.com.bh/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 06:11:01 GMT
content-encoding: gzip
last-modified: Thu, 01 Jul 2021 15:34:07 GMT
etag: W/"60dde06f-26e"
vary: Origin, Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=31536000, must-revalidate
timing-allow-origin: *
content-length: 377

GET
H2 200 social-network-facebook.svg
www.aexp-static.com/cdaas/one/statics/axp-static-assets/2.24.1/package/dist/img/social/ 361 B
443 B 62ms
62ms Image
image/svg+xml 104.73.183.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.aexp-static.com/cdaas/one/statics/axp-static-assets/2.24.1/package/dist/img/social/social-network-facebook.svg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.73.183.75 Dublin, Ireland, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-73-183-75.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: a41dafedd64e315cbb0d4f101b1cc473a4656a4322bfba4b9b214b48bb430e3d

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://secure.americanexpress.com.bh/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 06:11:01 GMT
content-encoding: gzip
last-modified: Thu, 01 Jul 2021 15:34:07 GMT
etag: W/"60dde06f-169"
vary: Origin, Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=31536000, must-revalidate
timing-allow-origin: *
content-length: 264

GET
H2 200 1678195648-dls-logo-bluebox-alt.svg
www.datocms-assets.com/93849/ 597 B
943 B 137ms
98ms Other
image/svg+xml 104.18.41.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.datocms-assets.com/93849/1678195648-dls-logo-bluebox-alt.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.41.126 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

29653cf655df984eee259080f3070a84e439e90366e8fd3c151ee86160061747

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'unsafe-inline'; form-action 'none'; sandbox
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://secure.americanexpress.com.bh/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-version: 2
date: Tue, 23 Apr 2024 06:11:01 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; form-action 'none'; sandbox
age: 243343
x-cache: MISS, HIT
cross-origin-resource-policy: cross-origin
x-imgix-id: 4f23c5e41be8c8130b9e88130cd3d445fee50776
x-status: HIT
x-xss-protection: 1; mode=block
x-served-by: cache-sjc10061-SJC, cache-iad-kiad7000104-IAD
last-modified: Sun, 25 Feb 2024 10:20:32 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 878bb19ebc190d5d-MXP
timing-allow-origin: *
expires: Wed, 23 Apr 2025 06:11:01 GMT

GET
H2 200 0fababca-4914-46dd-9b0f-efbd51f67ae8-3.woff
www.aexp-static.com/cdaas/one/statics/@americanexpress/static-assets/2.27.0/package/dist/fonts/ 37 KB
37 KB 62ms
62ms Font
font/woff 104.73.183.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.aexp-static.com/cdaas/one/statics/@americanexpress/static-assets/2.27.0/package/dist/fonts/0fababca-4914-46dd-9b0f-efbd51f67ae8-3.woff
Requested by: Host: secure.americanexpress.com.bh
URL: https://secure.americanexpress.com.bh/_next/static/css/cbb36990cd57a078.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.73.183.75 Dublin, Ireland, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-73-183-75.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 568d1bad8ef5d3ee9e14e5bdc304985d4d9a8d791bfe4fdb689fc2bef638466c

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://secure.americanexpress.com.bh/
Origin: https://secure.americanexpress.com.bh
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 06:11:01 GMT
last-modified: Mon, 01 Aug 2022 18:53:00 GMT
etag: "62e8210c-943d"
vary: Origin, Accept-Encoding
access-control-allow-methods: GET
content-type: font/woff
access-control-allow-origin: https://secure.americanexpress.com.bh
cache-control: max-age=31536000, must-revalidate
accept-ranges: bytes
timing-allow-origin: *
content-length: 37949

GET
H2 200 en-bh.json Show response
secure.americanexpress.com.bh/_next/data/eE-5lM3RSnJKJjQ8IhTui/ 25 KB
25 KB 509ms
509ms Fetch 45.60.47.115
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.americanexpress.com.bh/_next/data/eE-5lM3RSnJKJjQ8IhTui/en-bh.json?language_country=en-bh

Requested by

Host: secure.americanexpress.com.bh
URL: https://secure.americanexpress.com.bh/_next/static/chunks/main-0c06a0d3c5bc7313.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.47.115 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

19c119967fa968e808c0769238077685eb9e824b6bf36ad740cc0a73ea1b57e8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://secure.americanexpress.com.bh https://www.americanexpress.ae http://image.message.americanexpress.com.bh;
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
purpose: prefetch
x-nextjs-data: 1
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Referer: https://secure.americanexpress.com.bh/en-bh/fraud-protection-center/security-tips/
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 06:11:01 GMT
content-security-policy: frame-ancestors 'self' https://secure.americanexpress.com.bh https://www.americanexpress.ae http://image.message.americanexpress.com.bh;
strict-transport-security: max-age=31536000
last-modified: Wed, 17 Apr 2024 11:34:56 GMT
x-cdn: Imperva
etag: "62b1-616493e7b4ac9"
x-frame-options: SAMEORIGIN
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.aexp-static.com *.snapchat.com *.googleapis.com *.doubleclick.net use.typekit.net www.google.com www.google-analytics.com pro.ip-api.com www.googletagmanager.com *.gstatic.com www.datocms-assets.com maps.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 15-77589917-77589923 PNNN RT(1713852656848 4317) q(0 0 0 -1) r(5 5) U12
accept-ranges: bytes
content-length: 25265

GET
H2 200 5383-d3a83d3575cec79b.js
secure.americanexpress.com.bh/_next/static/chunks/ 0
28 KB 24ms
24ms Other
application/x-javascript 45.60.47.115
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.americanexpress.com.bh/_next/static/chunks/5383-d3a83d3575cec79b.js

Requested by

Host: secure.americanexpress.com.bh
URL: https://secure.americanexpress.com.bh/_next/static/chunks/main-0c06a0d3c5bc7313.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.47.115 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://secure.americanexpress.com.bh/en-bh/fraud-protection-center/security-tips/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 06:11:01 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Wed, 17 Apr 2024 11:29:52 GMT
x-cdn: Imperva
etag: "176bd-616492c549da1"
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.aexp-static.com *.snapchat.com *.googleapis.com *.doubleclick.net use.typekit.net www.google.com www.google-analytics.com pro.ip-api.com www.googletagmanager.com *.gstatic.com www.datocms-assets.com maps.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report
content-type: application/x-javascript
x-iinfo: 15-77589917-0 0CNN RT(1713852656848 4322) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=14561, public
content-length: 28070
expires: Tue, 23 Apr 2024 10:13:42 GMT

GET
H2 200 %5Blanguage_country%5D-fa070bb96b1c4728.js
secure.americanexpress.com.bh/_next/static/chunks/pages/ 0
4 KB 28ms
28ms Other
application/x-javascript 45.60.47.115
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.americanexpress.com.bh/_next/static/chunks/pages/%5Blanguage_country%5D-fa070bb96b1c4728.js

Requested by

Host: secure.americanexpress.com.bh
URL: https://secure.americanexpress.com.bh/_next/static/chunks/main-0c06a0d3c5bc7313.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.47.115 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://secure.americanexpress.com.bh/en-bh/fraud-protection-center/security-tips/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 06:11:01 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Wed, 17 Apr 2024 11:29:52 GMT
x-cdn: Imperva
etag: "3215-616492c542870"
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.aexp-static.com *.snapchat.com *.googleapis.com *.doubleclick.net use.typekit.net www.google.com www.google-analytics.com pro.ip-api.com www.googletagmanager.com *.gstatic.com www.datocms-assets.com maps.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report
content-type: application/x-javascript
x-iinfo: 15-77589917-0 0CNN RT(1713852656848 4325) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=14561, public
content-length: 3849
expires: Tue, 23 Apr 2024 10:13:42 GMT

GET
H2 200 compromised-cards.json Show response
secure.americanexpress.com.bh/_next/data/eE-5lM3RSnJKJjQ8IhTui/en-bh/fraud-protection-center/ 65 KB
65 KB 542ms
541ms Fetch 45.60.47.115
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.americanexpress.com.bh/_next/data/eE-5lM3RSnJKJjQ8IhTui/en-bh/fraud-protection-center/compromised-cards.json?language_country=en-bh&slug=compromised-cards

Requested by

Host: secure.americanexpress.com.bh
URL: https://secure.americanexpress.com.bh/_next/static/chunks/main-0c06a0d3c5bc7313.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.47.115 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

ff42ed627ea48da5ad0c85f77357a30740853a9636d7083a9e9ae89862e40eaf

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://secure.americanexpress.com.bh https://www.americanexpress.ae http://image.message.americanexpress.com.bh;
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
purpose: prefetch
x-nextjs-data: 1
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Referer: https://secure.americanexpress.com.bh/en-bh/fraud-protection-center/security-tips/
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 06:11:01 GMT
content-security-policy: frame-ancestors 'self' https://secure.americanexpress.com.bh https://www.americanexpress.ae http://image.message.americanexpress.com.bh;
strict-transport-security: max-age=31536000
last-modified: Wed, 17 Apr 2024 11:33:23 GMT
x-cdn: Imperva
etag: "102b1-6164938e6318d"
x-frame-options: SAMEORIGIN
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.aexp-static.com *.snapchat.com *.googleapis.com *.doubleclick.net use.typekit.net www.google.com www.google-analytics.com pro.ip-api.com www.googletagmanager.com *.gstatic.com www.datocms-assets.com maps.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 15-77589917-77590339 NNNY CT(477 496 0) RT(1713852656848 4320) q(0 0 0 -1) r(5 5) U12
accept-ranges: bytes
content-length: 66225

GET
H2 200 security-tips.json Show response
secure.americanexpress.com.bh/_next/data/eE-5lM3RSnJKJjQ8IhTui/en-bh/fraud-protection-center/ 49 KB
49 KB 559ms
558ms Fetch 45.60.47.115
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.americanexpress.com.bh/_next/data/eE-5lM3RSnJKJjQ8IhTui/en-bh/fraud-protection-center/security-tips.json?language_country=en-bh&slug=security-tips

Requested by

Host: secure.americanexpress.com.bh
URL: https://secure.americanexpress.com.bh/_next/static/chunks/main-0c06a0d3c5bc7313.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.47.115 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

6ef87c1684a9fba4db8cbeb1f65b0627ffded06fed332ff8a50a1493d40bbe89

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://secure.americanexpress.com.bh https://www.americanexpress.ae http://image.message.americanexpress.com.bh;
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
purpose: prefetch
x-nextjs-data: 1
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Referer: https://secure.americanexpress.com.bh/en-bh/fraud-protection-center/security-tips/
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 06:11:02 GMT
content-security-policy: frame-ancestors 'self' https://secure.americanexpress.com.bh https://www.americanexpress.ae http://image.message.americanexpress.com.bh;
strict-transport-security: max-age=31536000
last-modified: Wed, 17 Apr 2024 11:33:25 GMT
x-cdn: Imperva
etag: "c268-61649390d0f5e"
x-frame-options: SAMEORIGIN
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.aexp-static.com *.snapchat.com *.googleapis.com *.doubleclick.net use.typekit.net www.google.com www.google-analytics.com pro.ip-api.com www.googletagmanager.com *.gstatic.com www.datocms-assets.com maps.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 15-77589917-77590343 NNNY CT(448 465 0) RT(1713852656848 4328) q(0 0 0 -1) r(6 6) U12
accept-ranges: bytes
content-length: 49768

GET
H2 200 fraud-protection.json Show response
secure.americanexpress.com.bh/_next/data/eE-5lM3RSnJKJjQ8IhTui/en-bh/fraud-protection-center/ 37 KB
37 KB 541ms
540ms Fetch 45.60.47.115
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.americanexpress.com.bh/_next/data/eE-5lM3RSnJKJjQ8IhTui/en-bh/fraud-protection-center/fraud-protection.json?language_country=en-bh&slug=fraud-protection

Requested by

Host: secure.americanexpress.com.bh
URL: https://secure.americanexpress.com.bh/_next/static/chunks/main-0c06a0d3c5bc7313.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.47.115 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

c7a6647dbf836d65f70d82e16fc73a48ea6946326a7fa5ba7efe95d5c6f6d0d1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://secure.americanexpress.com.bh https://www.americanexpress.ae http://image.message.americanexpress.com.bh;
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
purpose: prefetch
x-nextjs-data: 1
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Referer: https://secure.americanexpress.com.bh/en-bh/fraud-protection-center/security-tips/
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 06:11:01 GMT
content-security-policy: frame-ancestors 'self' https://secure.americanexpress.com.bh https://www.americanexpress.ae http://image.message.americanexpress.com.bh;
strict-transport-security: max-age=31536000
last-modified: Wed, 17 Apr 2024 11:33:22 GMT
x-cdn: Imperva
etag: "92fc-6164938dfbd1d"
x-frame-options: SAMEORIGIN
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.aexp-static.com *.snapchat.com *.googleapis.com *.doubleclick.net use.typekit.net www.google.com www.google-analytics.com pro.ip-api.com www.googletagmanager.com *.gstatic.com www.datocms-assets.com maps.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 15-77589917-77590345 NNNY CT(439 456 0) RT(1713852656848 4332) q(0 0 0 -1) r(5 5) U12
accept-ranges: bytes
content-length: 37628

GET
H2 200 keeping-you-safe.json Show response
secure.americanexpress.com.bh/_next/data/eE-5lM3RSnJKJjQ8IhTui/en-bh/fraud-protection-center/ 37 KB
38 KB 357ms
356ms Fetch 45.60.47.115
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.americanexpress.com.bh/_next/data/eE-5lM3RSnJKJjQ8IhTui/en-bh/fraud-protection-center/keeping-you-safe.json?language_country=en-bh&slug=keeping-you-safe

Requested by

Host: secure.americanexpress.com.bh
URL: https://secure.americanexpress.com.bh/_next/static/chunks/main-0c06a0d3c5bc7313.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.47.115 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

02454128b5e468b25bde477c590593c7c562b64ddfe22e1759457193b165b450

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://secure.americanexpress.com.bh https://www.americanexpress.ae http://image.message.americanexpress.com.bh;
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
purpose: prefetch
x-nextjs-data: 1
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Referer: https://secure.americanexpress.com.bh/en-bh/fraud-protection-center/security-tips/
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 06:11:01 GMT
content-security-policy: frame-ancestors 'self' https://secure.americanexpress.com.bh https://www.americanexpress.ae http://image.message.americanexpress.com.bh;
strict-transport-security: max-age=31536000
last-modified: Wed, 17 Apr 2024 11:33:22 GMT
x-cdn: Imperva
etag: "95d7-6164938d98344"
x-frame-options: SAMEORIGIN
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.aexp-static.com *.snapchat.com *.googleapis.com *.doubleclick.net use.typekit.net www.google.com www.google-analytics.com pro.ip-api.com www.googletagmanager.com *.gstatic.com www.datocms-assets.com maps.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 15-77589917-77590347 NNNY CT(276 302 0) RT(1713852656848 4334) q(0 0 0 -1) r(4 4) U12
accept-ranges: bytes
content-length: 38359

GET
H2 200 reporting-fraud.json Show response
secure.americanexpress.com.bh/_next/data/eE-5lM3RSnJKJjQ8IhTui/en-bh/fraud-protection-center/ 36 KB
36 KB 1588ms
1588ms Fetch 45.60.47.115
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.americanexpress.com.bh/_next/data/eE-5lM3RSnJKJjQ8IhTui/en-bh/fraud-protection-center/reporting-fraud.json?language_country=en-bh&slug=reporting-fraud

Requested by

Host: secure.americanexpress.com.bh
URL: https://secure.americanexpress.com.bh/_next/static/chunks/main-0c06a0d3c5bc7313.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.47.115 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

cae81a27357db9a753663d09d9784fc781863a35999d04509e2520bf4d6a21a4

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://secure.americanexpress.com.bh https://www.americanexpress.ae http://image.message.americanexpress.com.bh;
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
purpose: prefetch
x-nextjs-data: 1
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Referer: https://secure.americanexpress.com.bh/en-bh/fraud-protection-center/security-tips/
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 06:11:03 GMT
content-security-policy: frame-ancestors 'self' https://secure.americanexpress.com.bh https://www.americanexpress.ae http://image.message.americanexpress.com.bh;
strict-transport-security: max-age=31536000
last-modified: Wed, 17 Apr 2024 11:33:22 GMT
x-cdn: Imperva
etag: "9140-6164938d2d824"
x-frame-options: SAMEORIGIN
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.aexp-static.com *.snapchat.com *.googleapis.com *.doubleclick.net use.typekit.net www.google.com www.google-analytics.com pro.ip-api.com www.googletagmanager.com *.gstatic.com www.datocms-assets.com maps.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 15-77589917-77590349 NNNN CT(504 524 0) RT(1713852656848 4338) q(0 0 11 -1) r(16 16) U12
accept-ranges: bytes
content-length: 37184

GET
H2 200 dls.min.js Show response
secure.americanexpress.com.bh/website-assets/assets/scripts/ 118 KB
25 KB 21ms
20ms Script
application/x-javascript 45.60.47.115
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.americanexpress.com.bh/website-assets/assets/scripts/dls.min.js

Requested by

Host: secure.americanexpress.com.bh
URL: https://secure.americanexpress.com.bh/_next/static/chunks/main-0c06a0d3c5bc7313.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.47.115 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

c6d599b4d42b301dd108089b7afe793a6a277c0271b060df225d99a5f6a72eaf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://secure.americanexpress.com.bh/en-bh/fraud-protection-center/security-tips/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 06:11:01 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Wed, 17 Apr 2024 11:28:21 GMT
x-cdn: Imperva
etag: "1d655-6164926e48d64"
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.aexp-static.com *.snapchat.com *.googleapis.com *.doubleclick.net use.typekit.net www.google.com www.google-analytics.com pro.ip-api.com www.googletagmanager.com *.gstatic.com www.datocms-assets.com maps.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report
content-type: application/x-javascript
x-iinfo: 15-77589917-0 0CNN RT(1713852656848 4341) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=14562, public
content-length: 25443
expires: Tue, 23 Apr 2024 10:13:43 GMT

GET
H2 200 dls-icons.min.js Show response
www.aexp-static.com/akamai/one/statics/@americanexpress/dls-icons/0.5.0/package/dist/browser/ 362 KB
101 KB 361ms
361ms Script
application/javascript 104.73.183.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.aexp-static.com/akamai/one/statics/@americanexpress/dls-icons/0.5.0/package/dist/browser/dls-icons.min.js
Requested by: Host: secure.americanexpress.com.bh
URL: https://secure.americanexpress.com.bh/_next/static/chunks/main-0c06a0d3c5bc7313.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.73.183.75 Dublin, Ireland, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-73-183-75.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: b991d6bcc69567051213e46c772a8910437445ab997abd75a73181fc65ce25aa

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://secure.americanexpress.com.bh/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 06:11:01 GMT
content-encoding: gzip
last-modified: Thu, 24 Nov 2022 17:28:19 GMT
etag: W/"637fa9b3-5a842"
vary: Origin, Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000, must-revalidate
timing-allow-origin: *

GET
H2 200 5383-d3a83d3575cec79b.js Show response
secure.americanexpress.com.bh/_next/static/chunks/ 94 KB
0 0ms
0ms Script
application/x-javascript 45.60.47.115
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.americanexpress.com.bh/_next/static/chunks/5383-d3a83d3575cec79b.js
Requested by: Host: secure.americanexpress.com.bh
URL: https://secure.americanexpress.com.bh/_next/static/chunks/main-0c06a0d3c5bc7313.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.47.115 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 8c2c3b598d640fa8277365b29cedde1ac1aed47cd110265468892f5df43e50eb

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://secure.americanexpress.com.bh/en-bh/fraud-protection-center/security-tips/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 06:11:01 GMT
content-encoding: gzip
last-modified: Wed, 17 Apr 2024 11:29:52 GMT
x-cdn: Imperva
etag: "176bd-616492c549da1"
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.aexp-static.com *.snapchat.com *.googleapis.com *.doubleclick.net use.typekit.net www.google.com www.google-analytics.com pro.ip-api.com www.googletagmanager.com *.gstatic.com www.datocms-assets.com maps.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report
content-type: application/x-javascript
x-iinfo: 15-77589917-0 0CNN RT(1713852656848 4322) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=14561, public
content-length: 28070
expires: Tue, 23 Apr 2024 10:13:42 GMT

GET
H2 200 %5Blanguage_country%5D-fa070bb96b1c4728.js Show response
secure.americanexpress.com.bh/_next/static/chunks/pages/ 13 KB
0 1ms
1ms Script
application/x-javascript 45.60.47.115
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.americanexpress.com.bh/_next/static/chunks/pages/%5Blanguage_country%5D-fa070bb96b1c4728.js
Requested by: Host: secure.americanexpress.com.bh
URL: https://secure.americanexpress.com.bh/_next/static/chunks/main-0c06a0d3c5bc7313.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.47.115 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 11728e94591e12763691ea2b86e3decf4c70f6ae878b28e84a370bb84af572ce

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://secure.americanexpress.com.bh/en-bh/fraud-protection-center/security-tips/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 06:11:01 GMT
content-encoding: gzip
last-modified: Wed, 17 Apr 2024 11:29:52 GMT
x-cdn: Imperva
etag: "3215-616492c542870"
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.aexp-static.com *.snapchat.com *.googleapis.com *.doubleclick.net use.typekit.net www.google.com www.google-analytics.com pro.ip-api.com www.googletagmanager.com *.gstatic.com www.datocms-assets.com maps.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report
content-type: application/x-javascript
x-iinfo: 15-77589917-0 0CNN RT(1713852656848 4325) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=14561, public
content-length: 3849
expires: Tue, 23 Apr 2024 10:13:42 GMT

GET
H2 200 858a1d804d05f2c8.css Show response
secure.americanexpress.com.bh/_next/static/css/ 12 KB
4 KB 22ms
19ms Fetch
text/css 45.60.47.115
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.americanexpress.com.bh/_next/static/css/858a1d804d05f2c8.css

Requested by

Host: secure.americanexpress.com.bh
URL: https://secure.americanexpress.com.bh/_next/static/chunks/main-0c06a0d3c5bc7313.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.47.115 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

ebbf4dd9a30f7bd59c6f77fc3bf50052ddf8ef7c70817cc31e54df3ceebb1d6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://secure.americanexpress.com.bh/en-bh/fraud-protection-center/security-tips/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 06:11:01 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Wed, 17 Apr 2024 11:29:52 GMT
x-cdn: Imperva
etag: "2e59-616492c5418d1"
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.aexp-static.com *.snapchat.com *.googleapis.com *.doubleclick.net use.typekit.net www.google.com www.google-analytics.com pro.ip-api.com www.googletagmanager.com *.gstatic.com www.datocms-assets.com maps.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report
content-type: text/css
x-iinfo: 15-77589917-0 0CNN RT(1713852656848 4375) q(0 -1 -1 -1) r(0 -1)
cache-control: max-age=14562, public
content-length: 3659
expires: Tue, 23 Apr 2024 10:13:43 GMT

POST
H2 200 ead-agains-be-with-your-Cawdor-heare-at-noth-Len Show response
secure.americanexpress.com.bh/ 749 B
851 B 816ms
816ms Fetch
application/json 45.60.47.115
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.americanexpress.com.bh/ead-agains-be-with-your-Cawdor-heare-at-noth-Len?d=secure.americanexpress.com.bh

Requested by

Host: secure.americanexpress.com.bh
URL: https://secure.americanexpress.com.bh/ead-agains-be-with-your-Cawdor-heare-at-noth-Len

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.47.115 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

bon /

Resource Hash

71af86f4af79c5ce24ae5de9262e0368fc6dd51735c6e96713d2f4c2ecb06dd5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: text/plain; charset=utf-8
Accept: application/json; charset=utf-8
Referer: https://secure.americanexpress.com.bh/en-bh/fraud-protection-center/security-tips/
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 23 Apr 2024 06:11:01 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
server: bon
x-cdn: Imperva
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.aexp-static.com *.snapchat.com *.googleapis.com *.doubleclick.net use.typekit.net www.google.com www.google-analytics.com pro.ip-api.com www.googletagmanager.com *.gstatic.com www.datocms-assets.com maps.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report
content-type: application/json
access-control-allow-origin: *
x-iinfo: 15-77589917-77590070 PNYN RT(1713852656848 4495) q(0 8 8 -1) r(8 8) U6
cache-control: no-cache, no-store
server-timing: bon, total;dur=14.089314

POST
H2 200 csp_report
secure.americanexpress.com.bh/ 0
28 B 17ms
16ms Other
text/plain 45.60.47.115
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.americanexpress.com.bh/csp_report

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-TJLPBXF5GF&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

45.60.47.115 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform: "Win32"
Referer: https://secure.americanexpress.com.bh/en-bh/fraud-protection-center/security-tips/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type: application/csp-report

Response headers

strict-transport-security: max-age=31536000
cache-control: no-cache, no-store
x-robots-tag: noindex
content-length: 0
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.aexp-static.com *.snapchat.com *.googleapis.com *.doubleclick.net use.typekit.net www.google.com www.google-analytics.com pro.ip-api.com www.googletagmanager.com *.gstatic.com www.datocms-assets.com maps.google.com ; form-action 'none' ; frame-ancestors 'self' ; report-uri /csp_report
content-type: text/plain

POST
H2 204 collect
region1.google-analytics.com/g/ 0
54 B 35ms
34ms Ping
text/plain 216.239.34.36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-TJLPBXF5GF&gtm=45je44h0v894394971za200&_p=1713852658793&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1140647126.1713852659&ul=it-it&sr=1600x1200&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_eu=AEA&_s=2&sid=1713852659&sct=1&seg=0&dl=https%3A%2F%2Fsecure.americanexpress.com.bh%2Fen-bh%2Ffraud-protection-center%2Fsecurity-tips%2F&dt=SECURITY%20TIPS%20%7C%20American%20Express%20Bahrain&en=scroll&ep.page=%2F&epn.percent_scrolled=90&_et=3&tfd=6854
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-TJLPBXF5GF&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.34.36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://secure.americanexpress.com.bh/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Tue, 23 Apr 2024 06:11:04 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://secure.americanexpress.com.bh
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

25 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.americanexpress.com.bh/	1970-01-21 04:49:42	Name: visid_incap_1589144 Value: sw0BEvQTSfOb27kbwmj4EfBQJ2YAAAAAQUIPAAAAAACo+mqq4P17JKKqYW0EMSbQ
.americanexpress.com.bh/	1969-12-31 23:59:59	Name: nlbi_1589144 Value: qk45E1o+gRPYAPTgXj0dcwAAAADOxQsRByxG9IAYR5ASrRSI
.americanexpress.com.bh/	1969-12-31 23:59:59	Name: incap_ses_1573_1589144 Value: 752ffQE1cH63qg7YLGvUFfJQJ2YAAAAATDgv5rkwK2Bs1iGD/O0oTA==
.americanexpress.com.bh/	1970-01-21 05:40:12	Name: _ga Value: GA1.1.1140647126.1713852659
.americanexpress.com.bh/	1970-01-21 05:40:12	Name: _ga_TJLPBXF5GF Value: GS1.1.1713852659.1.0.1713852659.0.0.0
.americanexpress.com.bh/	1969-12-31 23:59:59	Name: nlbi_1589144_2147483392 Value: 5aSjOxDZpQMzrS6OXj0dcwAAAAAovqPGBxAHymHc8Kg2t3hb
.secure.americanexpress.com.bh/	1970-01-20 20:47:24	Name: reese84 Value: 3:fO0SPsxyrtbMzi4IXiYQug==:ju3bDmptXe0SCffF2AccqOxCDJdX8oo4DU6WD48EaWO3nL++GUCCbzfWCvJ+AN+ejFz8CbFkipuKvUJNlNPiprbZ6EI6ayUFdDEVWMEQ9K8/iesEYZCerysDt6RJoeVow/Wv+hjAyKIcPPFA+Ix5ItS793L9OI/E6o4953l7FhbSnhNvDAwvnH+3WsfWusfd2S9i2bqLNtYYQ0hzpj3xcFQ2KBekV0tuHwNyHdKPtjcHVj6bq96RkiP4JU7l2e2vDQwXP3xsEvNuzsVmT6p81QxOi/cNBY631Tsm4jtDr9pfMcmmT0LV5eZ90ryc9n/Qxmu9pmm2i4xl88ROxR9Pw/f+uyd8nVM8dpkZplK2oDBsvgWAKZxyPStOQHonXd+vTdUeQwnyuk1R8bndD0KeKPnCfAbcBOTBvo5QcVC8MIjP2ZRXV9VUtWKE9++XJI80ltfJiKZoPG84hnhZp4Rsmxt2rQUrLfaHhSeY9qreVRXOAx2Wg04QT2ZG/QCkgSGoylKHRCo2RGJEmUikyxYsjqbMFLCPeJkAuM1j8Hq/AzDsnCAIlnRTNh+LF8Yr2S8fQQAlFtjQe6B4meotHhnyyg==:Mx9KSer4bzMrxi1gzF1sDCVlV4NrnV1c0ST7syJNg/Q=

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://www.googletagmanager.com/gtag/js?id=G-TJLPBXF5GF&l=dataLayer&cx=c(Line 201) Message: [Report Only] Refused to connect to 'https://region1.google-analytics.com/g/collect?v=2&tid=G-TJLPBXF5GF&gtm=45je44h0v894394971z8847218526za200&_p=1713852658793&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1140647126.1713852659&ul=it-it&sr=1600x1200&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_s=1&sid=1713852659&sct=1&seg=0&dl=https%3A%2F%2Fsecure.americanexpress.com.bh%2Fen-bh%2Ffraud-protection-center%2Fsecurity-tips%2F&dt=SECURITY%20TIPS%20%7C%20American%20Express%20Bahrain&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page=%2F&tfd=1849' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.aexp-static.com .snapchat.com .googleapis.com .doubleclick.net use.typekit.net www.google.com www.google-analytics.com pro.ip-api.com www.googletagmanager.com .gstatic.com www.datocms-assets.com maps.google.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://www.googletagmanager.com/gtag/js?id=G-TJLPBXF5GF&l=dataLayer&cx=c(Line 201) Message: [Report Only] Refused to connect to 'https://region1.google-analytics.com/g/collect?v=2&tid=G-TJLPBXF5GF&gtm=45je44h0v894394971z8847218526za200&_p=1713852658793&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1140647126.1713852659&ul=it-it&sr=1600x1200&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_s=1&sid=1713852659&sct=1&seg=0&dl=https%3A%2F%2Fsecure.americanexpress.com.bh%2Fen-bh%2Ffraud-protection-center%2Fsecurity-tips%2F&dt=SECURITY%20TIPS%20%7C%20American%20Express%20Bahrain&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page=%2F&tfd=1849' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.aexp-static.com .snapchat.com .googleapis.com .doubleclick.net use.typekit.net www.google.com www.google-analytics.com pro.ip-api.com www.googletagmanager.com .gstatic.com www.datocms-assets.com maps.google.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://www.googletagmanager.com/gtag/js?id=G-TJLPBXF5GF&l=dataLayer&cx=c(Line 201) Message: [Report Only] Refused to connect to 'https://region1.google-analytics.com/g/collect?v=2&tid=G-TJLPBXF5GF&gtm=45je44h0v894394971za200&_p=1713852658793&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1140647126.1713852659&ul=it-it&sr=1600x1200&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_eu=AEA&_s=2&sid=1713852659&sct=1&seg=0&dl=https%3A%2F%2Fsecure.americanexpress.com.bh%2Fen-bh%2Ffraud-protection-center%2Fsecurity-tips%2F&dt=SECURITY%20TIPS%20%7C%20American%20Express%20Bahrain&en=scroll&ep.page=%2F&epn.percent_scrolled=90&_et=3&tfd=6854' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.aexp-static.com .snapchat.com .googleapis.com .doubleclick.net use.typekit.net www.google.com www.google-analytics.com pro.ip-api.com www.googletagmanager.com .gstatic.com www.datocms-assets.com maps.google.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://www.googletagmanager.com/gtag/js?id=G-TJLPBXF5GF&l=dataLayer&cx=c(Line 201) Message: [Report Only] Refused to connect to 'https://region1.google-analytics.com/g/collect?v=2&tid=G-TJLPBXF5GF&gtm=45je44h0v894394971za200&_p=1713852658793&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1140647126.1713852659&ul=it-it&sr=1600x1200&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_eu=AEA&_s=2&sid=1713852659&sct=1&seg=0&dl=https%3A%2F%2Fsecure.americanexpress.com.bh%2Fen-bh%2Ffraud-protection-center%2Fsecurity-tips%2F&dt=SECURITY%20TIPS%20%7C%20American%20Express%20Bahrain&en=scroll&ep.page=%2F&epn.percent_scrolled=90&_et=3&tfd=6854' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.aexp-static.com .snapchat.com .googleapis.com .doubleclick.net use.typekit.net www.google.com www.google-analytics.com pro.ip-api.com www.googletagmanager.com .gstatic.com www.datocms-assets.com maps.google.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://www.googletagmanager.com/gtag/js?id=G-TJLPBXF5GF&l=dataLayer&cx=c(Line 201) Message: [Report Only] Refused to connect to 'https://region1.google-analytics.com/g/collect?v=2&tid=G-TJLPBXF5GF&gtm=45je44h0v894394971za200&_p=1713852658793&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1140647126.1713852659&ul=it-it&sr=1600x1200&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_s=3&sid=1713852659&sct=1&seg=0&dl=https%3A%2F%2Fsecure.americanexpress.com.bh%2Fen-bh%2Ffraud-protection-center%2Fsecurity-tips%2F&dt=SECURITY%20TIPS%20%7C%20American%20Express%20Bahrain&en=user_engagement&ep.page=%2F&_et=7978&tfd=9834' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.aexp-static.com .snapchat.com .googleapis.com .doubleclick.net use.typekit.net www.google.com www.google-analytics.com pro.ip-api.com www.googletagmanager.com .gstatic.com www.datocms-assets.com maps.google.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://www.googletagmanager.com/gtag/js?id=G-TJLPBXF5GF&l=dataLayer&cx=c(Line 201) Message: [Report Only] Refused to connect to 'https://region1.google-analytics.com/g/collect?v=2&tid=G-TJLPBXF5GF&gtm=45je44h0v894394971za200&_p=1713852658793&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1140647126.1713852659&ul=it-it&sr=1600x1200&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.60%7CGoogle%2520Chrome%3B124.0.6367.60%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_s=3&sid=1713852659&sct=1&seg=0&dl=https%3A%2F%2Fsecure.americanexpress.com.bh%2Fen-bh%2Ffraud-protection-center%2Fsecurity-tips%2F&dt=SECURITY%20TIPS%20%7C%20American%20Express%20Bahrain&en=user_engagement&ep.page=%2F&_et=7978&tfd=9834' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.aexp-static.com .snapchat.com .googleapis.com .doubleclick.net use.typekit.net www.google.com www.google-analytics.com pro.ip-api.com www.googletagmanager.com .gstatic.com www.datocms-assets.com maps.google.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' https://secure.americanexpress.com.bh https://www.americanexpress.ae http://image.message.americanexpress.com.bh;
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

region1.google-analytics.com
secure.americanexpress.com.bh
www.aexp-static.com
www.datocms-assets.com
www.googletagmanager.com
104.18.41.126
104.73.183.75
216.239.34.36
216.58.206.72
45.60.47.115
01607e7ead106aaf35df28d29460d320080e8f01134e7ca3c6c7df1e8b3656c1
02454128b5e468b25bde477c590593c7c562b64ddfe22e1759457193b165b450
028f643755987211bf2f3add6c62ae1870a888cf2f4fe3040a4fac7dce2543ab
069c868a68bfe94ad716293f9ccbd447178d6ad6f390ccf923eaba4254b2899e
11728e94591e12763691ea2b86e3decf4c70f6ae878b28e84a370bb84af572ce
19c119967fa968e808c0769238077685eb9e824b6bf36ad740cc0a73ea1b57e8
29653cf655df984eee259080f3070a84e439e90366e8fd3c151ee86160061747
2e7a7c658e75d61644247177e9e03fc8b5da45dfccc04837d8ac32d49387f1ca
3530f9432334e47cf7e84f8e0ce64f80d45d7329f44f691a3eb30977a4bbf052
3e7efce56ad0cd36b986feff7c85d6d1badf2a056fa7bcd8d12281a2c90358a2
479796d84456ee2fca7659fffb62bd02aea72bdc60e5b17f314f26e34b002b08
48050d8eeb740bb31aaad9eb82bcd4a493b474c9385eeda5fc2ca2ea279cffad
568d1bad8ef5d3ee9e14e5bdc304985d4d9a8d791bfe4fdb689fc2bef638466c
6ef87c1684a9fba4db8cbeb1f65b0627ffded06fed332ff8a50a1493d40bbe89
71af86f4af79c5ce24ae5de9262e0368fc6dd51735c6e96713d2f4c2ecb06dd5
7a519f58c9007731d70a975a48cc81fcf516ab52ab972f9739eace370431e0c2
8167adb1f8881fa5c5e5ef3a743d4da2ea607838a87d36acf51d84cff08df826
82c1f4a7cb54d4960c31bcd0da743f06882042827366f973b1799b07163646f5
87778ab8d0a0af3787f055b4ceaa5d41c12056bafbea6e73c48b448d37cba248
8c2c3b598d640fa8277365b29cedde1ac1aed47cd110265468892f5df43e50eb
a31072d1a1c8496b8e0c885688909ffe54414effa1c4a36e4d6317beb59ed471
a41dafedd64e315cbb0d4f101b1cc473a4656a4322bfba4b9b214b48bb430e3d
adafbb8ec7a3eea7e9969761ea780bc9ed807d73522bdfddfe22bc110b783b4d
aeee4bd51e2feb43c539f27fb60f427134033aa7f8a6bec0b66c5aa4bfe391fe
b991d6bcc69567051213e46c772a8910437445ab997abd75a73181fc65ce25aa
c085969288e366f115fd6ba1c93ce5c3ffecb65f6298a770385e192872f96252
c39e8554624a4b74e596d2bfa96bdd4d30dbc395532ab32e67591c0e929080e9
c6d599b4d42b301dd108089b7afe793a6a277c0271b060df225d99a5f6a72eaf
c7a6647dbf836d65f70d82e16fc73a48ea6946326a7fa5ba7efe95d5c6f6d0d1
cae81a27357db9a753663d09d9784fc781863a35999d04509e2520bf4d6a21a4
cc37c9792d18b6792110c1402cc4c06dc10dd49047e0e74cb422ce8828a2316d
deb48f1218a827a08540d0b02e842e15692d9131ee6a2c6fb9e9e21f409b1e45
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3d87dba37948cfb9e7af66d4463d41b6fe25f0842e179dd4bddd4d0ec038cd3
ebbf4dd9a30f7bd59c6f77fc3bf50052ddf8ef7c70817cc31e54df3ceebb1d6e
f7a1235fb36cb2f91ecb2899041002cba9c2877d31f0e2a7df002184e86dec4d
f7b3c19d1183ebdba1166089fe006d8556b049860be29015a002ccf65bcaaa49
fc69234936c0df004440641a5df9ee1e3c3532df5780984f0f636e85e8788519
fd0940e851d3ee71185f321172086a86a6f7e2d8a6e2dd8488849b047da4d735
ff42ed627ea48da5ad0c85f77357a30740853a9636d7083a9e9ae89862e40eaf

secure.americanexpress.com.bh Open in urlscan Pro 45.60.47.115 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

45 Requests

98 %HTTPS

0 %IPv6

5 Domains

5 Subdomains

6 IPs

3 Countries

994 kBTransfer

2594 kBSize

7 Cookies

14 Outgoing links

Redirected requests

45 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

secure.americanexpress.com.bh Open in urlscan Pro
45.60.47.115 Public Scan

Screenshot
Live screenshot

Full Image

45
Requests

98 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

6
IPs

3
Countries

994 kB
Transfer

2594 kB
Size

7
Cookies

45 HTTP transactions
0 data transactions