HTTP Headers Analysis for https://developer.americanexpress.com

Detected Technologies from Headers

See all in URL Inspect 5

Adobe Audience Manager

Adobe Dynamic Tag Management

Akamai Active incidents

Cloudflare CDNJS

Qualtrics

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=63072000; includeSubDomains, max-age=31536000; includeSubDomains

Content-Security-Policy

Good

default-src; script-src; img-src; +6 more Analyze

Content-Security-Policy-Report-Only

Missing

Not configured Analyze

X-Frame-Options

Missing

Not configured

X-Content-Type-Options

Present

nosniff, nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Strengthen CSP by removing 'unsafe-eval'
• Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close

Vary

Performance

origin

connection: close
vary: origin

Caching Headers

Cache-Control

Caching

max-age=0, no-cache, no-store

Etag

Caching

W/"6ae-19db68b9430"

Expires

Caching

Fri, 01 May 2026 08:56:17 GMT

Last-Modified

Caching

Wed, 22 Apr 2026 18:54:54 GMT

Pragma

Caching

no-cache

cache-control: max-age=0, no-cache, no-store
etag: W/"6ae-19db68b9430"
expires: Fri, 01 May 2026 08:56:17 GMT
last-modified: Wed, 22 Apr 2026 18:54:54 GMT
pragma: no-cache

Content Headers

Content-Length

Content

1870

Content-Type

Content

text/html; charset=UTF-8

content-length: 1870
content-type: text/html; charset=UTF-8

Server Headers

No server headers found

CORS Headers

Access-Control-Allow-Credentials

Cors

true

access-control-allow-credentials: true

Cookies Headers

Set-Cookie

Cookies

set-cookie: TS01a91ed4=01368b5431e99bc70163eb9f065e94d05f7cf1615cc2b009eeca0f43057176e4d71ff92e6b2b6562b08b2a8a9902135f75c82b7c1a; Path=/; Domain=.americanexpress.com
_abck=6761C35CDC6C80E16EE0B18208E9AD3B~-1~YAAQ8MgwFwT7lN+dAQAA5MXA4g8RpPLqb7B8nKQlmE92HyJKSUlijyBnzoUxmLzMSk9kCAcs+xV6DCwoGZcH3EJ0tJxGLw+sURKi0EjyRHpG8/bBwZa7dsBF5gWZwWCX5ACe7LdAjq61GtV60kiXB7EqeLrQLDA7aoohlXmu+60oeLADiNtMTeWUT6/mM2Uvimpb2P8+s4ez1TkY2ZkZeO4pgJJHTGiEqr7VMA68SrWLnxavJ7M+iWN5MxoqBBoscewprTN3xoh072/6+vgsah6PMM9bQBnQ0hmuCjmDOQ26Ey1mRx5w4dKmvYkCF8BtK2zWKnVnoyy5t16zG/GoHba/zQqzB7EbV/3pKrb9MoizVzMM9z3Ki/WkFoWj75lLLcqSmfgNF9ZKaHqKV0/KQvmgzH0bxWIhn2sWprhRSWhlpH3+zX1vhUfvBYmn+FwCid+kbzmD3Hnhk64jYjs=~-1~-1~-1~-1~-1; Domain=.americanexpress.com; Path=/; Expires=Sat, 01 May 2027 08:56:17 GMT; Max-Age=31536000; SameSite=None; Secure
bm_sz=F7A00430D1D7C2927827943C7C1B7CB6~YAAQ8MgwFwX7lN+dAQAA5MXA4h84XT/XCouruaARxrSwYsSSbu3/uZIxnAtzwtHy5JvHW09bmJhX/JITLbYx99jJbs8WrnHvVVeY1BV/xaTHcApA7ZSH2hjOVE2Hth5F5oB26botiTTvU3bYh76gus/KxGeStT0wifMMRlu8tiiLORyeg7nzpNSja51SAw23c2ywNzSKVf7YtEd3j5EOJ8F+hlVcFdH2AsbHKdJ4YwjYGGU51I/uMsD1ZtCna/Q0ju82bPBPfRNbLOzhNWCr4G0HWghRTS/a/viu1xiu/93l3argJc9gGXcmbznK0Ny5wtXH/Up6qnLHZprpq4qXXM2x3V3LwEXIcL5fJb8SeniH2Z59pSqR~4538936~3556163; Domain=.americanexpress.com; Path=/; Expires=Fri, 01 May 2026 12:56:17 GMT; Max-Age=14400; SameSite=None; Secure

Other Headers

Date

Other

Fri, 01 May 2026 08:56:17 GMT

X-Akamai-Transformed

Other

0 - 0 -

date: Fri, 01 May 2026 08:56:17 GMT
x-akamai-transformed: 0 - 0 -

Recommendations

Enable compression (gzip/brotli) to improve performance