HTTP Headers Analysis for https://network.americanexpress.com

Detected Technologies from Headers

See all in URL Inspect 8

Akamai Active incidents

Google DoubleClick

Google Fonts

Google Maps

Google Search

Google Static File Front End

YouTube

Google Cloud

HTTP Security Headers

Status

Strict-Transport-Security

Good

max-age=31536000; includeSubDomains

Content-Security-Policy

Weak

frame-ancestors Analyze

Content-Security-Policy-Report-Only

Basic

style-src; block-all-mixed-content; script-src; +10 more Analyze

X-Frame-Options

Excellent

DENY

X-Content-Type-Options

Good

nosniff

Referrer-Policy

Missing

Not configured

Permissions-Policy

Missing

Not configured

Recommendations

• Consider adding 'preload' to HSTS for maximum security
• Significantly strengthen CSP directives
• Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
• Consider adding Permissions-Policy to control browser features

Performance Headers

Connection

Performance

close, Transfer-Encoding

Transfer-Encoding

Performance

chunked

Vary

Performance

Origin, Accept-Encoding

connection: close, Transfer-Encoding
transfer-encoding: chunked
vary: Origin, Accept-Encoding

Caching Headers

Cache-Control

Caching

max-age=0, no-cache, no-store

Etag

Caching

W/"1777490124:dtagent103112503131439558pkc:dtagent103112503131439558pkc"

Expires

Caching

Wed, 29 Apr 2026 20:21:01 GMT

Last-Modified

Caching

Wed, 29 Apr 2026 19:15:22 GMT

Pragma

Caching

no-cache

cache-control: max-age=0, no-cache, no-store
etag: W/"1777490124:dtagent103112503131439558pkc:dtagent103112503131439558pkc"
expires: Wed, 29 Apr 2026 20:21:01 GMT
last-modified: Wed, 29 Apr 2026 19:15:22 GMT
pragma: no-cache

Content Headers

Content-Type

Content

text/html;charset=UTF-8

content-type: text/html;charset=UTF-8

Server Headers

No server headers found

CORS Headers

No CORS headers found

Cookies Headers

Set-Cookie

Cookies

set-cookie: csrf=P3cJb36HE-48giieMmFkTwEQ6ZGK-XRlhAsjXj1Q9XZ7IpBUGC70H4LGMp4_hWoxSGRGOssmVflww5kHz_xpEg:AAABndrm8LM:7xCObM6hQmnyIqJy-fWiGg; Path=/globalnetwork; SameSite=Strict; Secure; HttpOnly
dtCookiee4jp20gt=v_4_srv_13_sn_B653EBDBDA287FAC1FD5CF9162D740A2_perc_100000_ol_0_mul_1_app-3A0ddc76d3d0d3352e_1_rcs-3Acss_0; Path=/; Domain=.americanexpress.com
BIGipServerglobalnetworkpublic2-443=!Uyb6i2EkWLf1IaCt0tsPap5tgfBWvwO8Skq2E3a50O+D1Z5K/qIyoffXJcw6Ft3Umusgeb/XBG5msZQ=; path=/; Httponly; Secure
TS0139a03f=018378d52a6ffd86ea804d32522f255e6476ba0e4e8c4bb037d44fa8ce076ab9b965cdf642d5965b3aa164ae8d13a46550fdca152c; Path=/; Secure; HttpOnly
TS014ebf43=018378d52a6ffd86ea804d32522f255e6476ba0e4e8c4bb037d44fa8ce076ab9b965cdf642d5965b3aa164ae8d13a46550fdca152c; path=/globalnetwork; HttpOnly; Secure
TS0114bdae=018378d52a6ffd86ea804d32522f255e6476ba0e4e8c4bb037d44fa8ce076ab9b965cdf642d5965b3aa164ae8d13a46550fdca152c; path=/; domain=.americanexpress.com; HttpOnly; Secure
_abck=111FC70B1376EEA2AFA4254FB7F61595~-1~YAAQ6sgwFwU0+dmdAQAAl/Hm2g85EwA4s7fNnd+pYf0ecyF48ax14blV+PUBUn2XEhvk0oGNqvqSoFbZuoEpp91UXbISdwluSkPF9/s8yFxlNlwHJBMzyYZP82rsvIgUkI5baifFXQkCYW5VWME6vbqqbILBr6lhBU4U/Jjy0FQZIXyWwDfcv9P7HtDRmlBeAAcMx1nJ02fzYEm2ClPhFpF9LsA6Aq0m5iz9cY6y3BEta08kltV1E6KsKKWGcTugoy1jd/rDiS5dzlvMCrTwj/tUxeFlquljkRqXJw8dve4yscyabfIJVPNiCgqDwTcJxAtjVaTBWrJH0cT2FVehfvy06E8Olc2cbUiUjRSdmCY/g28XKwDs56vZrqr/MtS5oqsWCvyoApvPYtcbJLnnqskZUAnGSYZbfWvrzMwlOdnF52rHwlMnXCvG3hHtrCPZ1poMG+q/tQ8p+z09x3I=~-1~-1~-1~-1~-1; Domain=.americanexpress.com; Path=/; Expires=Thu, 29 Apr 2027 20:21:01 GMT; Max-Age=31536000; SameSite=None; Secure
bm_sz=22C48092906516502A08C9558B9364B9~YAAQ6sgwFwY0+dmdAQAAl/Hm2h/lqGBG6LMUrrBjzQP0D1U3jAU9CoWJ3qe/rGZ2z4e/SnqCoGh+/e3MXRipcF2/WObWo9gUfdl/21Ftx8ZyxqI/N4yRAMSy1EEsKcuwc8M04mBK+mf+X1e68AFgc05nfaQ6s2VbxeUhapzjeMo4e+CqjdyyOhRPe9s0QbbytWavbHDe3X9EhtWNzFWhx2OHdf5WMeJz0kVe39EyoqOEUcNoiooGUUqPd0lBRGaakF+9g6UD1+J2/Q8p3wIbWc2yXays9wIIgmVVFnQUH2XkQqMujnDGnYs/l4pdmRcEuE5N95kf1KY8FKeYLANociTIJVUYyeaTxOIDXHPkdwllxdw3ymg=~3359280~3749186; Domain=.americanexpress.com; Path=/; Expires=Thu, 30 Apr 2026 00:21:01 GMT; Max-Age=14400; SameSite=None; Secure

Other Headers

Date

Other

Wed, 29 Apr 2026 20:21:01 GMT

Server-Timing

Other

dtSInfo;desc="0", dtRpid;desc="458887264"

User-Agent

Other

Chrome

X-Akamai-Transformed

Other

0 - 0 -

X-Magnolia-Registration

Other

Registered

X-Oneagent-Js-Injection

Other

true

X-Permitted-Cross-Domain-Policies

Other

none

date: Wed, 29 Apr 2026 20:21:01 GMT
server-timing: dtSInfo;desc="0", dtRpid;desc="458887264"
user-agent: Chrome
x-akamai-transformed: 0 - 0 -
x-magnolia-registration: Registered
x-oneagent-js-injection: true
x-permitted-cross-domain-policies: none

Recommendations

Enable compression (gzip/brotli) to improve performance