Website Security Test of www.americanexpress.com

Executive Summary for www.americanexpress.com

• Web Software Security Test
  2 third-party web software dependancies were identified, including one outdated dependancy. No known vulnerabilities were detected. One identified third-party web software dependancy has an unknown version. No Content Management System (CMS) was identified. The following CMS components, JS-libraries or frameworks were identified: core-js, jquery. Show details.
• GDPR Compliance Test
  No obvious GDPR-related compliance issues were detected across Privacy Policy, Website Security, TLS Encryption, Cookie Protection, Cookie Disclaimer. Show details.
• PCI DSS Compliance Test
  No obvious PCI DSS compliance issues were detected for Requirements 6.3 and 6.4. Show details.
• HTTP Headers Security Test
  Issues were identified with key security header missing Content-Security-Policy. No optional HTTP headers were detected. Deprecated HTTP headers detected: X-XSS-Protection. Show details.
• Content Security Policy (CSP) Test
  Content-Security-Policy headers are not present. Show details.
• Cookies Privacy and Security Test
  3 cookies detected; agent-id, _abck, bm_sz have security or privacy-related configuration issues. Show details.
• External Content Security Test
  111 external requests detected; all requests completed successfully. SRI is implemented for 20 out of 31 third-party JavaScript and CSS files. Show details.
• Protection from Data Scraping Test
  No significant anti-scraping protections were detected. Show details.
• DNSSEC Configuration Test
  DNS CNAME record detected; DNSSEC signatures are not present. Show details.