urlscan.io logo urlscan.io
SecurityTrails logo

nacservice.americanexpress.com Open in urlscan Pro
139.71.9.150  Public Scan

Go To Rescan Add Verdict Report
URL: https://nacservice.americanexpress.com/nacservices/home
Submission: On March 13 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 18 HTTP transactions. The main IP is 139.71.9.150, located in United States and belongs to AMERICAN-EXPRESS, US. The main domain is nacservice.americanexpress.com.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on July 14th 2023. Valid for: a year.
This is the only time nacservice.americanexpress.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
8 139.71.9.150 6307 (AMERICAN-...)
6 23.212.203.180 16625 (AKAMAI-AS)
4 139.71.55.230 6307 (AMERICAN-...)
18 3
Apex Domain
Subdomains		 Transfer
12 americanexpress.com
nacservice.americanexpress.com
functions.americanexpress.com — Cisco Umbrella Rank: 20009
595 KB
6 aexp-static.com
www.aexp-static.com — Cisco Umbrella Rank: 13251
186 KB
18 2
Domain Requested by
8 nacservice.americanexpress.com nacservice.americanexpress.com
6 www.aexp-static.com nacservice.americanexpress.com
www.aexp-static.com
4 functions.americanexpress.com www.aexp-static.com
18 3

This site contains no links.

Subject Issuer Validity Valid
nacservice-r1.americanexpress.com
DigiCert SHA2 Extended Validation Server CA		 2023-07-14 -
2024-07-13		 a year crt.sh
m.americanexpress.com
DigiCert EV RSA CA G2		 2023-04-05 -
2024-04-04		 a year crt.sh
functions.americanexpress.com
DigiCert SHA2 Extended Validation Server CA		 2023-08-28 -
2024-08-26		 a year crt.sh

This page contains 1 frames:

Primary Page: https://nacservice.americanexpress.com/nacservices/home
Frame ID: 018520B47F38C23AA4263D8BF34914E5
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

American Express Insurance Service Portal

Detected technologies

Overall confidence: 100%
Detected patterns
  • aexp-static\.com
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery-ui[.-]([\d.]*\d)[^/]*\.js
  • jquery-ui.*\.js

Page Statistics

18
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

3
IPs

2
Countries

781 kB
Transfer

1317 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request home
nacservice.americanexpress.com/nacservices/ 		12 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://nacservice.americanexpress.com/nacservices/home
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.9.150 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
nacservice-r1-vip.americanexpress.com
Software
/
Resource Hash
ab9e44fe3f36412b13a7d7d9fb3ef431456c219f96e59849404ace0b48e83a75
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.aexp.com *.aexp-static.com *.americanexpress.com; script-src 'self' *.aexp.com aexp-static.com *.aexp-static.com *.americanexpress.com 'unsafe-inline'; font-src 'self' *.aexp-static.com *.americanexpress.com; connect-src 'self' *.aexp-static.com *.americanexpress.com; img-src 'self' *.aexp-static.com *.americanexpress.com; frame-src 'self' *.aexp-static.com *.americanexpress.com;
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Language
en-
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.aexp.com *.aexp-static.com *.americanexpress.com; script-src 'self' *.aexp.com aexp-static.com *.aexp-static.com *.americanexpress.com 'unsafe-inline'; font-src 'self' *.aexp-static.com *.americanexpress.com; connect-src 'self' *.aexp-static.com *.americanexpress.com; img-src 'self' *.aexp-static.com *.americanexpress.com; frame-src 'self' *.aexp-static.com *.americanexpress.com;
Content-Type
text/html;charset=UTF-8
Date
Wed, 13 Mar 2024 06:43:21 GMT
Transfer-Encoding
chunked
X-Content-Type-Options
nosniff
portal-styles.css
nacservice.americanexpress.com/nacservices/resources/styles/ 		6 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://nacservice.americanexpress.com/nacservices/resources/styles/portal-styles.css
Requested by
Host: nacservice.americanexpress.com
URL: https://nacservice.americanexpress.com/nacservices/home
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.9.150 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
nacservice-r1-vip.americanexpress.com
Software
/
Resource Hash
a9ddafbe5cfd1f93d473e94fe23d42666ca010ad64697d7cf9f089b4a30c053a
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.aexp.com *.aexp-static.com *.americanexpress.com; script-src 'self' *.aexp.com aexp-static.com *.aexp-static.com *.americanexpress.com 'unsafe-inline'; font-src 'self' *.aexp-static.com *.americanexpress.com; connect-src 'self' *.aexp-static.com *.americanexpress.com; img-src 'self' *.aexp-static.com *.americanexpress.com; frame-src 'self' *.aexp-static.com *.americanexpress.com;
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://nacservice.americanexpress.com/nacservices/home
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.aexp.com *.aexp-static.com *.americanexpress.com; script-src 'self' *.aexp.com aexp-static.com *.aexp-static.com *.americanexpress.com 'unsafe-inline'; font-src 'self' *.aexp-static.com *.americanexpress.com; connect-src 'self' *.aexp-static.com *.americanexpress.com; img-src 'self' *.aexp-static.com *.americanexpress.com; frame-src 'self' *.aexp-static.com *.americanexpress.com;
Date
Wed, 13 Mar 2024 06:43:21 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 25 Jan 2024 07:33:24 GMT
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type
text/css; charset=ISO-8859-1
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
6462
login-styles.css
nacservice.americanexpress.com/nacservices/resources/styles/ 		4 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://nacservice.americanexpress.com/nacservices/resources/styles/login-styles.css
Requested by
Host: nacservice.americanexpress.com
URL: https://nacservice.americanexpress.com/nacservices/home
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.9.150 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
nacservice-r1-vip.americanexpress.com
Software
/
Resource Hash
0466368f211711cf73db447ff052b56158377713461f44cc849d339125e314a2
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.aexp.com *.aexp-static.com *.americanexpress.com; script-src 'self' *.aexp.com aexp-static.com *.aexp-static.com *.americanexpress.com 'unsafe-inline'; font-src 'self' *.aexp-static.com *.americanexpress.com; connect-src 'self' *.aexp-static.com *.americanexpress.com; img-src 'self' *.aexp-static.com *.americanexpress.com; frame-src 'self' *.aexp-static.com *.americanexpress.com;
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://nacservice.americanexpress.com/nacservices/home
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.aexp.com *.aexp-static.com *.americanexpress.com; script-src 'self' *.aexp.com aexp-static.com *.aexp-static.com *.americanexpress.com 'unsafe-inline'; font-src 'self' *.aexp-static.com *.americanexpress.com; connect-src 'self' *.aexp-static.com *.americanexpress.com; img-src 'self' *.aexp-static.com *.americanexpress.com; frame-src 'self' *.aexp-static.com *.americanexpress.com;
Date
Wed, 13 Mar 2024 06:43:21 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 25 Jan 2024 07:33:24 GMT
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type
text/css; charset=ISO-8859-1
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
4543
jquery-ui-1.10.4.custom.css
nacservice.americanexpress.com/nacservices/resources/styles/ 		21 KB
22 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://nacservice.americanexpress.com/nacservices/resources/styles/jquery-ui-1.10.4.custom.css
Requested by
Host: nacservice.americanexpress.com
URL: https://nacservice.americanexpress.com/nacservices/home
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.9.150 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
nacservice-r1-vip.americanexpress.com
Software
/
Resource Hash
2ac006889ff3e4e5c6ead341dc9e873d43e3f9dc06fcbab55225fbc347e590ff
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.aexp.com *.aexp-static.com *.americanexpress.com; script-src 'self' *.aexp.com aexp-static.com *.aexp-static.com *.americanexpress.com 'unsafe-inline'; font-src 'self' *.aexp-static.com *.americanexpress.com; connect-src 'self' *.aexp-static.com *.americanexpress.com; img-src 'self' *.aexp-static.com *.americanexpress.com; frame-src 'self' *.aexp-static.com *.americanexpress.com;
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://nacservice.americanexpress.com/nacservices/home
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.aexp.com *.aexp-static.com *.americanexpress.com; script-src 'self' *.aexp.com aexp-static.com *.aexp-static.com *.americanexpress.com 'unsafe-inline'; font-src 'self' *.aexp-static.com *.americanexpress.com; connect-src 'self' *.aexp-static.com *.americanexpress.com; img-src 'self' *.aexp-static.com *.americanexpress.com; frame-src 'self' *.aexp-static.com *.americanexpress.com;
Date
Wed, 13 Mar 2024 06:43:21 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 25 Jan 2024 07:33:24 GMT
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type
text/css; charset=ISO-8859-1
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
21876
dls.min.css
www.aexp-static.com/cdaas/one/statics/@americanexpress/dls/6.23.0/package/dist/6.23.0/styles/ 		343 KB
46 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.aexp-static.com/cdaas/one/statics/@americanexpress/dls/6.23.0/package/dist/6.23.0/styles/dls.min.css
Requested by
Host: nacservice.americanexpress.com
URL: https://nacservice.americanexpress.com/nacservices/home
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.203.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-212-203-180.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
74015fccf87ad143f1285f9f7aee8f5199d88822239e1315f3f25cd131b47afc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://nacservice.americanexpress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Wed, 13 Mar 2024 06:43:21 GMT
content-encoding
gzip
last-modified
Fri, 14 Oct 2022 15:56:14 GMT
etag
W/"6349869e-55b53"
vary
Origin, Accept-Encoding
content-type
text/css
access-control-allow-origin
https://nacservice.americanexpress.com
cache-control
max-age=31536000, must-revalidate
timing-allow-origin
*
content-length
46837
new-portal-styles.css
nacservice.americanexpress.com/nacservices/resources/styles/ 		9 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://nacservice.americanexpress.com/nacservices/resources/styles/new-portal-styles.css
Requested by
Host: nacservice.americanexpress.com
URL: https://nacservice.americanexpress.com/nacservices/home
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.9.150 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
nacservice-r1-vip.americanexpress.com
Software
/
Resource Hash
69affa11595531ca912f8be8ae2f3dee4c85e2fa31bd22235408edd1844f5074
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.aexp.com *.aexp-static.com *.americanexpress.com; script-src 'self' *.aexp.com aexp-static.com *.aexp-static.com *.americanexpress.com 'unsafe-inline'; font-src 'self' *.aexp-static.com *.americanexpress.com; connect-src 'self' *.aexp-static.com *.americanexpress.com; img-src 'self' *.aexp-static.com *.americanexpress.com; frame-src 'self' *.aexp-static.com *.americanexpress.com;
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://nacservice.americanexpress.com/nacservices/home
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.aexp.com *.aexp-static.com *.americanexpress.com; script-src 'self' *.aexp.com aexp-static.com *.aexp-static.com *.americanexpress.com 'unsafe-inline'; font-src 'self' *.aexp-static.com *.americanexpress.com; connect-src 'self' *.aexp-static.com *.americanexpress.com; img-src 'self' *.aexp-static.com *.americanexpress.com; frame-src 'self' *.aexp-static.com *.americanexpress.com;
Date
Wed, 13 Mar 2024 06:43:21 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 25 Jan 2024 07:33:24 GMT
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type
text/css; charset=ISO-8859-1
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
9097
dls-logo-line.svg
nacservice.americanexpress.com/nacservices/resources/images/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nacservice.americanexpress.com/nacservices/resources/images/dls-logo-line.svg
Requested by
Host: nacservice.americanexpress.com
URL: https://nacservice.americanexpress.com/nacservices/home
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.9.150 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
nacservice-r1-vip.americanexpress.com
Software
/
Resource Hash
2996ed3e0c89a7c50ae11dc3555d18491fe37cbd17e196bd2014d1368e167491
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.aexp.com *.aexp-static.com *.americanexpress.com; script-src 'self' *.aexp.com aexp-static.com *.aexp-static.com *.americanexpress.com 'unsafe-inline'; font-src 'self' *.aexp-static.com *.americanexpress.com; connect-src 'self' *.aexp-static.com *.americanexpress.com; img-src 'self' *.aexp-static.com *.americanexpress.com; frame-src 'self' *.aexp-static.com *.americanexpress.com;
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://nacservice.americanexpress.com/nacservices/home
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.aexp.com *.aexp-static.com *.americanexpress.com; script-src 'self' *.aexp.com aexp-static.com *.aexp-static.com *.americanexpress.com 'unsafe-inline'; font-src 'self' *.aexp-static.com *.americanexpress.com; connect-src 'self' *.aexp-static.com *.americanexpress.com; img-src 'self' *.aexp-static.com *.americanexpress.com; frame-src 'self' *.aexp-static.com *.americanexpress.com;
Date
Wed, 13 Mar 2024 06:43:21 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 25 Jan 2024 07:33:24 GMT
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type
image/svg+xml; charset=ISO-8859-1
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2943
jquery-3.6.0.js
nacservice.americanexpress.com/nacservices/resources/scripts/ 		282 KB
283 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nacservice.americanexpress.com/nacservices/resources/scripts/jquery-3.6.0.js
Requested by
Host: nacservice.americanexpress.com
URL: https://nacservice.americanexpress.com/nacservices/home
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.9.150 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
nacservice-r1-vip.americanexpress.com
Software
/
Resource Hash
1fe2bb5390a75e5d61e72c107cab528fc3c29a837d69aab7d200e1dbb5dcd239
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.aexp.com *.aexp-static.com *.americanexpress.com; script-src 'self' *.aexp.com aexp-static.com *.aexp-static.com *.americanexpress.com 'unsafe-inline'; font-src 'self' *.aexp-static.com *.americanexpress.com; connect-src 'self' *.aexp-static.com *.americanexpress.com; img-src 'self' *.aexp-static.com *.americanexpress.com; frame-src 'self' *.aexp-static.com *.americanexpress.com;
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://nacservice.americanexpress.com/nacservices/home
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.aexp.com *.aexp-static.com *.americanexpress.com; script-src 'self' *.aexp.com aexp-static.com *.aexp-static.com *.americanexpress.com 'unsafe-inline'; font-src 'self' *.aexp-static.com *.americanexpress.com; connect-src 'self' *.aexp-static.com *.americanexpress.com; img-src 'self' *.aexp-static.com *.americanexpress.com; frame-src 'self' *.aexp-static.com *.americanexpress.com;
Date
Wed, 13 Mar 2024 06:43:21 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 25 Jan 2024 07:33:24 GMT
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type
application/javascript; charset=ISO-8859-1
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
288580
jquery-ui-1.13.2.min.js
nacservice.americanexpress.com/nacservices/resources/scripts/ 		249 KB
250 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nacservice.americanexpress.com/nacservices/resources/scripts/jquery-ui-1.13.2.min.js
Requested by
Host: nacservice.americanexpress.com
URL: https://nacservice.americanexpress.com/nacservices/home
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.9.150 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
nacservice-r1-vip.americanexpress.com
Software
/
Resource Hash
997a62271f2d6ccb362b11820a5163b2f7e4ec58ba0878ea5071d63f116d43b5
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.aexp.com *.aexp-static.com *.americanexpress.com; script-src 'self' *.aexp.com aexp-static.com *.aexp-static.com *.americanexpress.com 'unsafe-inline'; font-src 'self' *.aexp-static.com *.americanexpress.com; connect-src 'self' *.aexp-static.com *.americanexpress.com; img-src 'self' *.aexp-static.com *.americanexpress.com; frame-src 'self' *.aexp-static.com *.americanexpress.com;
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://nacservice.americanexpress.com/nacservices/home
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.aexp.com *.aexp-static.com *.americanexpress.com; script-src 'self' *.aexp.com aexp-static.com *.aexp-static.com *.americanexpress.com 'unsafe-inline'; font-src 'self' *.aexp-static.com *.americanexpress.com; connect-src 'self' *.aexp-static.com *.americanexpress.com; img-src 'self' *.aexp-static.com *.americanexpress.com; frame-src 'self' *.aexp-static.com *.americanexpress.com;
Date
Wed, 13 Mar 2024 06:43:21 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 25 Jan 2024 07:33:24 GMT
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Content-Type
application/javascript; charset=ISO-8859-1
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
255084
3be50273-0b2e-4aef-ae68-882eacd611f9-3.woff
www.aexp-static.com/cdaas/one/statics/@americanexpress/static-assets/2.27.0/package/dist/fonts/ 		36 KB
37 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.aexp-static.com/cdaas/one/statics/@americanexpress/static-assets/2.27.0/package/dist/fonts/3be50273-0b2e-4aef-ae68-882eacd611f9-3.woff
Requested by
Host: www.aexp-static.com
URL: https://www.aexp-static.com/cdaas/one/statics/@americanexpress/dls/6.23.0/package/dist/6.23.0/styles/dls.min.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.203.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-212-203-180.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
48050d8eeb740bb31aaad9eb82bcd4a493b474c9385eeda5fc2ca2ea279cffad

Request headers

Referer
https://www.aexp-static.com/cdaas/one/statics/@americanexpress/dls/6.23.0/package/dist/6.23.0/styles/dls.min.css
Origin
https://nacservice.americanexpress.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Wed, 13 Mar 2024 06:43:22 GMT
last-modified
Mon, 01 Aug 2022 18:53:00 GMT
etag
"62e8210c-9121"
vary
Origin, Accept-Encoding
access-control-allow-methods
GET
content-type
font/woff
access-control-allow-origin
https://nacservice.americanexpress.com
cache-control
max-age=31536000, must-revalidate
accept-ranges
bytes
timing-allow-origin
*
content-length
37153
script-supplier.js
www.aexp-static.com/cdaas/one/axp-script-supplier/5.1.2/ 		80 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.aexp-static.com/cdaas/one/axp-script-supplier/5.1.2/script-supplier.js
Requested by
Host: nacservice.americanexpress.com
URL: https://nacservice.americanexpress.com/nacservices/home
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.203.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-212-203-180.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
9ad6508c3b1ec50fb822906413eef4ce884138325c780efa68eb945a255b43de

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://nacservice.americanexpress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Wed, 13 Mar 2024 06:43:22 GMT
content-encoding
gzip
last-modified
Mon, 08 Aug 2022 10:52:18 GMT
etag
W/"62f0eae2-13f4b"
vary
Origin, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
https://nacservice.americanexpress.com
cache-control
max-age=31536000, must-revalidate
timing-allow-origin
*
content-length
26660
ReadScriptRegistry.v1
functions.americanexpress.com/ 		448 B
411 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://functions.americanexpress.com/ReadScriptRegistry.v1?name=user-consent-management&version=*&environment=e3&cache=1710312
Requested by
Host: www.aexp-static.com
URL: https://www.aexp-static.com/cdaas/one/axp-script-supplier/5.1.2/script-supplier.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.55.230 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
functions-r2a.americanexpress.com
Software
/
Resource Hash
7d13ec00003249c7b2841aabf29897413cd24ac2e6bf0365e7f8c6ea4af83a29
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://nacservice.americanexpress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 13 Mar 2024 06:43:22 GMT
access-control-max-age
86400
vary
origin
access-control-allow-origin
https://nacservice.americanexpress.com
access-control-allow-credentials
true
http_status_code
200
content-length
320
ReadScriptRegistry.v1
functions.americanexpress.com/ 		445 B
528 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://functions.americanexpress.com/ReadScriptRegistry.v1?name=one-identity-session&version=%5E1.1.1&environment=e3&cache=1710312
Requested by
Host: www.aexp-static.com
URL: https://www.aexp-static.com/cdaas/one/axp-script-supplier/5.1.2/script-supplier.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.55.230 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
functions-r2a.americanexpress.com
Software
/
Resource Hash
681f344e35b05931120d0292dd053c7cc5d6281dad17de6384e9031390466a0d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://nacservice.americanexpress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 13 Mar 2024 06:43:22 GMT
access-control-max-age
86400
vary
origin
access-control-allow-origin
https://nacservice.americanexpress.com
access-control-allow-credentials
true
http_status_code
200
content-length
315
timeout.js
www.aexp-static.com/cdaas/one/one-identity-session/1.37.0/ 		36 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.aexp-static.com/cdaas/one/one-identity-session/1.37.0/timeout.js
Requested by
Host: www.aexp-static.com
URL: https://www.aexp-static.com/cdaas/one/axp-script-supplier/5.1.2/script-supplier.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.203.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-212-203-180.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
8bbc656c3c99c9c8a736de85c3efff1bb39393f059e26783f50b4bf60de3a04f

Request headers

Referer
https://nacservice.americanexpress.com/
Origin
https://nacservice.americanexpress.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Wed, 13 Mar 2024 06:43:22 GMT
content-encoding
gzip
last-modified
Tue, 06 Feb 2024 17:17:15 GMT
etag
W/"65c2699b-91d0"
vary
Origin, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
https://nacservice.americanexpress.com
cache-control
max-age=31536000, must-revalidate
timing-allow-origin
*
content-length
11627
UCM.js
www.aexp-static.com/cdaas/user-consent-management/ucm/v1.12.5/ 		234 KB
66 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.aexp-static.com/cdaas/user-consent-management/ucm/v1.12.5/UCM.js
Requested by
Host: www.aexp-static.com
URL: https://www.aexp-static.com/cdaas/one/axp-script-supplier/5.1.2/script-supplier.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.203.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-212-203-180.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
7491413e3d0ca6c84317c81eb79d4ab6095013dc395191545c6614e13189a004

Request headers

Referer
https://nacservice.americanexpress.com/
Origin
https://nacservice.americanexpress.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Wed, 13 Mar 2024 06:43:22 GMT
content-encoding
gzip
last-modified
Wed, 28 Feb 2024 03:13:27 GMT
etag
W/"65dea4d7-3a8e9"
vary
Origin, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
https://nacservice.americanexpress.com
cache-control
max-age=31536000, must-revalidate
timing-allow-origin
*
content-length
66964
UpdateUserSession.v1
functions.americanexpress.com/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://functions.americanexpress.com/UpdateUserSession.v1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.55.230 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
functions-r2a.americanexpress.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,one-data-correlation-id
Access-Control-Request-Method
POST
Origin
https://nacservice.americanexpress.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
ax-operation-mode,x-mitigator-finger-print,x-mitigator-recommended-action,access-control-max-age,sub-event-type,access-control-expose-headers,ax-event-type,user-agent,ax-rtf-filter,x-b3-spanid,x-requested-with,blueboxpublic,access-control-allow-headers,x-b3-parentspanid,content-encoding,origin,agent-id,access-control-request-headers,ax-correlation-id,ax-rtf-dynamic-uri-override,x-mitigator-status,accept,ce-source,one-data-correlation-id,one-data-risk-assessment-token,content-type,event-type,content-length,baggage-one-data-correlation-id,ce-type,x-one-data-forward-address,x-b3-sampled,access-control-allow-origin,x-one-data-host,access-control-allow-credentials,credentials,x-b3-traceid,authorization,one-data-context,vary
access-control-allow-methods
GET,DELETE,PUT,OPTIONS,POST
access-control-allow-origin
https://nacservice.americanexpress.com
access-control-max-age
86400
content-length
0
date
Wed, 13 Mar 2024 06:43:22 GMT
UpdateUserSession.v1
functions.americanexpress.com/ 		228 B
377 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://functions.americanexpress.com/UpdateUserSession.v1
Requested by
Host: www.aexp-static.com
URL: https://www.aexp-static.com/cdaas/one/one-identity-session/1.37.0/timeout.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
139.71.55.230 , United States, ASN6307 (AMERICAN-EXPRESS, US),
Reverse DNS
functions-r2a.americanexpress.com
Software
/
Resource Hash
40a91b0413e3680ee73fe6ecb6c52d2e509d11d57a584e873f73dc3ef059750b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

one-data-correlation-id
ada5b949-5d61-4428-95c9-a36e82a9146c
Referer
https://nacservice.americanexpress.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
Content-Type
application/json

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 13 Mar 2024 06:43:23 GMT
vary
origin
access-control-allow-origin
https://nacservice.americanexpress.com
access-control-allow-credentials
true
content-length
199
info.filled.svg
www.aexp-static.com/one/universal-session-manager-assets/ 		361 B
416 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.aexp-static.com/one/universal-session-manager-assets/info.filled.svg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.212.203.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-212-203-180.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
7066a1bd1fc62016f82e111b3a3253bb0306d9e5f69bcbbcfbdfc20bddadb640

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://nacservice.americanexpress.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

date
Wed, 13 Mar 2024 06:43:22 GMT
content-encoding
gzip
last-modified
Wed, 17 May 2023 04:57:13 GMT
etag
W/"64645ea9-169"
vary
Origin, Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=31536000, must-revalidate
timing-allow-origin
*
content-length
235

Verdicts & Comments Add Verdict or Comment

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| handleForgotPassword function| handleTempPassword function| handleLoginRadio function| handleSignupRadio function| responseHandler function| handleCPWCResponse string| scriptSupplierPageLocale object| scriptSupplierPreset object| scriptSupplierPrivacySingleton object| EuCookieConsentHandlers string| UCMPageLocale object| axpScriptSupplier object| scriptSupplier object| AmexSession object| timeout object| regeneratorRuntime object| UserConsentManagementConsentChecking

3 Cookies

Domain/Path Name / Value
nacservice.americanexpress.com/nacservices/ Name: SESSION
Value: 4e4a9e46-cc9d-4a1b-8e6b-1f535fa0c3b9
nacservice.americanexpress.com/nacservices/ Name: TS01cc0e88
Value: 0152a806c14d169da2e1449344656dd3a7bbbaa4883db2b226cb3b9f76b9dfaf2ae0e5c37f00c29df13440e5e0944911302f085786
nacservice.americanexpress.com/ Name: TS0139a03f
Value: 0152a806c14d169da2e1449344656dd3a7bbbaa4883db2b226cb3b9f76b9dfaf2ae0e5c37f00c29df13440e5e0944911302f085786

1 Console Messages

Source Level URL
Text
network error URL: https://functions.americanexpress.com/UpdateUserSession.v1
Message:
Failed to load resource: the server responded with a status of 401 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.aexp.com *.aexp-static.com *.americanexpress.com; script-src 'self' *.aexp.com aexp-static.com *.aexp-static.com *.americanexpress.com 'unsafe-inline'; font-src 'self' *.aexp-static.com *.americanexpress.com; connect-src 'self' *.aexp-static.com *.americanexpress.com; img-src 'self' *.aexp-static.com *.americanexpress.com; frame-src 'self' *.aexp-static.com *.americanexpress.com;
X-Content-Type-Options nosniff