URL: https://bi.booking.pathlab.com.my/
Submission: On February 07 via automatic, source certstream-suspicious — Scanned from DE

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 19 HTTP transactions. The main IP is 220.158.208.60, located in Cyberjaya, Malaysia and belongs to NETONBOARD-MY Net Onboard Sdn Bhd - Quality & Reliable Cloud Hosting Provider, MY. The main domain is bi.booking.pathlab.com.my.
TLS certificate: Issued by R3 on February 7th 2023. Valid for: 3 months.
This is the only time bi.booking.pathlab.com.my was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
12 220.158.208.60 45144 (NETONBOAR...)
3 2a00:1450:400... 15169 (GOOGLE)
4 35.165.73.141 16509 (AMAZON-02)
19 3
Apex Domain
Subdomains
Transfer
12 pathlab.com.my
bi.booking.pathlab.com.my
2 MB
4 metabase.com
sp.metabase.com — Cisco Umbrella Rank: 493480
475 B
3 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 21
20 KB
19 3
Domain Requested by
12 bi.booking.pathlab.com.my bi.booking.pathlab.com.my
4 sp.metabase.com bi.booking.pathlab.com.my
3 www.google-analytics.com bi.booking.pathlab.com.my
www.google-analytics.com
19 3

This site contains no links.

Subject Issuer Validity Valid
bi.booking.pathlab.com.my
R3
2023-02-07 -
2023-05-08
3 months crt.sh
*.google-analytics.com
GTS CA 1C3
2023-01-09 -
2023-04-03
3 months crt.sh
sp.metabase.com
Amazon RSA 2048 M02
2023-01-22 -
2024-02-20
a year crt.sh

This page contains 1 frames:

Primary Page: https://bi.booking.pathlab.com.my/
Frame ID: B599DCBAF4ED908F1E0C9C42979176FD
Requests: 17 HTTP requests in this frame

Screenshot

Page Title

Login ยท Metabase

Detected technologies

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Page Statistics

19
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

2504 kB
Transfer

10137 kB
Size

4
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
bi.booking.pathlab.com.my/
73 KB
12 KB
Document
General
Full URL
https://bi.booking.pathlab.com.my/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
220.158.208.60 Cyberjaya, Malaysia, ASN45144 (NETONBOARD-MY Net Onboard Sdn Bhd - Quality & Reliable Cloud Hosting Provider, MY),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
81aa108044a792fb8e8aacfa4da2d2e6ebddc9a118879caa6413a9ad06929a78
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-eval' https://maps.google.com https://apis.google.com https://*.googleapis.com *.gstatic.com https://www.google-analytics.com 'sha256-lMAh4yjVuDkQ9NqkK4H+YHUga+anpFs5JAuj/uZh0Rs=' 'sha256-ib2/2v5zC6gGM6Ety7iYgBUvpy/caRX9xV/pzzV7hf0=' 'sha256-f7ecPCfcHKAHzzzadoxo9mBuAXrhlkwJgeP9HSj9dzU='; child-src 'self' https://accounts.google.com; style-src 'self' 'unsafe-inline'; font-src 'self' ; img-src * 'self' data:; connect-src 'self' metabase.us10.list-manage.com www.google-analytics.com https://sp.metabase.com ; manifest-src 'self'; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
max-age=0, no-cache, must-revalidate, proxy-revalidate
Connection
keep-alive
Content-Encoding
gzip
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-eval' https://maps.google.com https://apis.google.com https://*.googleapis.com *.gstatic.com https://www.google-analytics.com 'sha256-lMAh4yjVuDkQ9NqkK4H+YHUga+anpFs5JAuj/uZh0Rs=' 'sha256-ib2/2v5zC6gGM6Ety7iYgBUvpy/caRX9xV/pzzV7hf0=' 'sha256-f7ecPCfcHKAHzzzadoxo9mBuAXrhlkwJgeP9HSj9dzU='; child-src 'self' https://accounts.google.com; style-src 'self' 'unsafe-inline'; font-src 'self' ; img-src * 'self' data:; connect-src 'self' metabase.us10.list-manage.com www.google-analytics.com https://sp.metabase.com ; manifest-src 'self'; frame-ancestors 'none';
Content-Type
text/html;charset=utf-8
Date
Tue, 07 Feb 2023 16:02:52 GMT
Expires
Tue, 03 Jul 2001 06:00:00 GMT
Last-Modified
Tue, 7 Feb 2023 15:53:59 GMT
Server
nginx/1.18.0 (Ubuntu)
Strict-Transport-Security
max-age=31536000
Transfer-Encoding
chunked
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
X-Permitted-Cross-Domain-Policies
none
X-XSS-Protection
1; mode=block
styles.css
bi.booking.pathlab.com.my/app/dist/
99 KB
22 KB
Stylesheet
General
Full URL
https://bi.booking.pathlab.com.my/app/dist/styles.css?7f9dfaae955ab6a28a88
Requested by
Host: bi.booking.pathlab.com.my
URL: https://bi.booking.pathlab.com.my/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
220.158.208.60 Cyberjaya, Malaysia, ASN45144 (NETONBOARD-MY Net Onboard Sdn Bhd - Quality & Reliable Cloud Hosting Provider, MY),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
326d4d8afdf9eb680f3a1b2ed461f5a2b3e19d9505645cc8e05304d279f9ee40
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-eval' https://maps.google.com https://apis.google.com https://*.googleapis.com *.gstatic.com https://www.google-analytics.com 'sha256-lMAh4yjVuDkQ9NqkK4H+YHUga+anpFs5JAuj/uZh0Rs=' 'sha256-ib2/2v5zC6gGM6Ety7iYgBUvpy/caRX9xV/pzzV7hf0=' 'sha256-f7ecPCfcHKAHzzzadoxo9mBuAXrhlkwJgeP9HSj9dzU='; child-src 'self' https://accounts.google.com; style-src 'self' 'unsafe-inline'; font-src 'self' ; img-src * 'self' data:; connect-src 'self' metabase.us10.list-manage.com www.google-analytics.com https://sp.metabase.com ; manifest-src 'self'; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bi.booking.pathlab.com.my/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date
Tue, 07 Feb 2023 16:02:53 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-eval' https://maps.google.com https://apis.google.com https://*.googleapis.com *.gstatic.com https://www.google-analytics.com 'sha256-lMAh4yjVuDkQ9NqkK4H+YHUga+anpFs5JAuj/uZh0Rs=' 'sha256-ib2/2v5zC6gGM6Ety7iYgBUvpy/caRX9xV/pzzV7hf0=' 'sha256-f7ecPCfcHKAHzzzadoxo9mBuAXrhlkwJgeP9HSj9dzU='; child-src 'self' https://accounts.google.com; style-src 'self' 'unsafe-inline'; font-src 'self' ; img-src * 'self' data:; connect-src 'self' metabase.us10.list-manage.com www.google-analytics.com https://sp.metabase.com ; manifest-src 'self'; frame-ancestors 'none';
Last-Modified
Wed, 01 Jun 2022 01:14:10 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Permitted-Cross-Domain-Policies
none
Content-Encoding
gzip
Transfer-Encoding
chunked
X-Frame-Options
DENY
Content-Type
text/css
Cache-Control
public, max-age=31536000
Connection
keep-alive
X-XSS-Protection
1; mode=block
app-main.css
bi.booking.pathlab.com.my/app/dist/
107 KB
24 KB
Stylesheet
General
Full URL
https://bi.booking.pathlab.com.my/app/dist/app-main.css?b6c52b8f3ef3b0f27223
Requested by
Host: bi.booking.pathlab.com.my
URL: https://bi.booking.pathlab.com.my/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
220.158.208.60 Cyberjaya, Malaysia, ASN45144 (NETONBOARD-MY Net Onboard Sdn Bhd - Quality & Reliable Cloud Hosting Provider, MY),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
cad8500fe636f33cbcc27ff1e0889b87dd79145aea46e0eace8a3d6cd7465860
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-eval' https://maps.google.com https://apis.google.com https://*.googleapis.com *.gstatic.com https://www.google-analytics.com 'sha256-lMAh4yjVuDkQ9NqkK4H+YHUga+anpFs5JAuj/uZh0Rs=' 'sha256-ib2/2v5zC6gGM6Ety7iYgBUvpy/caRX9xV/pzzV7hf0=' 'sha256-f7ecPCfcHKAHzzzadoxo9mBuAXrhlkwJgeP9HSj9dzU='; child-src 'self' https://accounts.google.com; style-src 'self' 'unsafe-inline'; font-src 'self' ; img-src * 'self' data:; connect-src 'self' metabase.us10.list-manage.com www.google-analytics.com https://sp.metabase.com ; manifest-src 'self'; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bi.booking.pathlab.com.my/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date
Tue, 07 Feb 2023 16:02:53 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-eval' https://maps.google.com https://apis.google.com https://*.googleapis.com *.gstatic.com https://www.google-analytics.com 'sha256-lMAh4yjVuDkQ9NqkK4H+YHUga+anpFs5JAuj/uZh0Rs=' 'sha256-ib2/2v5zC6gGM6Ety7iYgBUvpy/caRX9xV/pzzV7hf0=' 'sha256-f7ecPCfcHKAHzzzadoxo9mBuAXrhlkwJgeP9HSj9dzU='; child-src 'self' https://accounts.google.com; style-src 'self' 'unsafe-inline'; font-src 'self' ; img-src * 'self' data:; connect-src 'self' metabase.us10.list-manage.com www.google-analytics.com https://sp.metabase.com ; manifest-src 'self'; frame-ancestors 'none';
Last-Modified
Wed, 01 Jun 2022 01:14:10 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Permitted-Cross-Domain-Policies
none
Content-Encoding
gzip
Transfer-Encoding
chunked
X-Frame-Options
DENY
Content-Type
text/css
Cache-Control
public, max-age=31536000
Connection
keep-alive
X-XSS-Protection
1; mode=block
styles.bundle.js
bi.booking.pathlab.com.my/app/dist/
99 B
1 KB
Script
General
Full URL
https://bi.booking.pathlab.com.my/app/dist/styles.bundle.js?05df397ac924a2aff278
Requested by
Host: bi.booking.pathlab.com.my
URL: https://bi.booking.pathlab.com.my/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
220.158.208.60 Cyberjaya, Malaysia, ASN45144 (NETONBOARD-MY Net Onboard Sdn Bhd - Quality & Reliable Cloud Hosting Provider, MY),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
a65adeb0aec22e1e02c0456f21bd9736a4e8a159075061baeda7098af5f37618
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-eval' https://maps.google.com https://apis.google.com https://*.googleapis.com *.gstatic.com https://www.google-analytics.com 'sha256-lMAh4yjVuDkQ9NqkK4H+YHUga+anpFs5JAuj/uZh0Rs=' 'sha256-ib2/2v5zC6gGM6Ety7iYgBUvpy/caRX9xV/pzzV7hf0=' 'sha256-f7ecPCfcHKAHzzzadoxo9mBuAXrhlkwJgeP9HSj9dzU='; child-src 'self' https://accounts.google.com; style-src 'self' 'unsafe-inline'; font-src 'self' ; img-src * 'self' data:; connect-src 'self' metabase.us10.list-manage.com www.google-analytics.com https://sp.metabase.com ; manifest-src 'self'; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bi.booking.pathlab.com.my/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date
Tue, 07 Feb 2023 16:02:53 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-eval' https://maps.google.com https://apis.google.com https://*.googleapis.com *.gstatic.com https://www.google-analytics.com 'sha256-lMAh4yjVuDkQ9NqkK4H+YHUga+anpFs5JAuj/uZh0Rs=' 'sha256-ib2/2v5zC6gGM6Ety7iYgBUvpy/caRX9xV/pzzV7hf0=' 'sha256-f7ecPCfcHKAHzzzadoxo9mBuAXrhlkwJgeP9HSj9dzU='; child-src 'self' https://accounts.google.com; style-src 'self' 'unsafe-inline'; font-src 'self' ; img-src * 'self' data:; connect-src 'self' metabase.us10.list-manage.com www.google-analytics.com https://sp.metabase.com ; manifest-src 'self'; frame-ancestors 'none';
Last-Modified
Wed, 01 Jun 2022 01:14:10 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Permitted-Cross-Domain-Policies
none
Content-Encoding
gzip
Transfer-Encoding
chunked
X-Frame-Options
DENY
Content-Type
text/javascript
Cache-Control
public, max-age=31536000
Connection
keep-alive
X-XSS-Protection
1; mode=block
vendor.bundle.js
bi.booking.pathlab.com.my/app/dist/
5 MB
1 MB
Script
General
Full URL
https://bi.booking.pathlab.com.my/app/dist/vendor.bundle.js?28e91fd2a40fb38c3d09
Requested by
Host: bi.booking.pathlab.com.my
URL: https://bi.booking.pathlab.com.my/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
220.158.208.60 Cyberjaya, Malaysia, ASN45144 (NETONBOARD-MY Net Onboard Sdn Bhd - Quality & Reliable Cloud Hosting Provider, MY),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
98f266e8ef21c44c4d22885690d8dc4b9b3da9edc8fc5df772a8cff29289674f
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-eval' https://maps.google.com https://apis.google.com https://*.googleapis.com *.gstatic.com https://www.google-analytics.com 'sha256-lMAh4yjVuDkQ9NqkK4H+YHUga+anpFs5JAuj/uZh0Rs=' 'sha256-ib2/2v5zC6gGM6Ety7iYgBUvpy/caRX9xV/pzzV7hf0=' 'sha256-f7ecPCfcHKAHzzzadoxo9mBuAXrhlkwJgeP9HSj9dzU='; child-src 'self' https://accounts.google.com; style-src 'self' 'unsafe-inline'; font-src 'self' ; img-src * 'self' data:; connect-src 'self' metabase.us10.list-manage.com www.google-analytics.com https://sp.metabase.com ; manifest-src 'self'; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bi.booking.pathlab.com.my/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date
Tue, 07 Feb 2023 16:02:53 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-eval' https://maps.google.com https://apis.google.com https://*.googleapis.com *.gstatic.com https://www.google-analytics.com 'sha256-lMAh4yjVuDkQ9NqkK4H+YHUga+anpFs5JAuj/uZh0Rs=' 'sha256-ib2/2v5zC6gGM6Ety7iYgBUvpy/caRX9xV/pzzV7hf0=' 'sha256-f7ecPCfcHKAHzzzadoxo9mBuAXrhlkwJgeP9HSj9dzU='; child-src 'self' https://accounts.google.com; style-src 'self' 'unsafe-inline'; font-src 'self' ; img-src * 'self' data:; connect-src 'self' metabase.us10.list-manage.com www.google-analytics.com https://sp.metabase.com ; manifest-src 'self'; frame-ancestors 'none';
Last-Modified
Wed, 01 Jun 2022 01:14:10 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Permitted-Cross-Domain-Policies
none
Content-Encoding
gzip
Transfer-Encoding
chunked
X-Frame-Options
DENY
Content-Type
text/javascript
Cache-Control
public, max-age=31536000
Connection
keep-alive
X-XSS-Protection
1; mode=block
app-main.bundle.js
bi.booking.pathlab.com.my/app/dist/
4 MB
959 KB
Script
General
Full URL
https://bi.booking.pathlab.com.my/app/dist/app-main.bundle.js?b0194ceb3d161a9e0abc
Requested by
Host: bi.booking.pathlab.com.my
URL: https://bi.booking.pathlab.com.my/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
220.158.208.60 Cyberjaya, Malaysia, ASN45144 (NETONBOARD-MY Net Onboard Sdn Bhd - Quality & Reliable Cloud Hosting Provider, MY),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
5453f8a4954d2316d3553c19a6b7cb142ba5028aee497c2d6a20acdd1e1ba727
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-eval' https://maps.google.com https://apis.google.com https://*.googleapis.com *.gstatic.com https://www.google-analytics.com 'sha256-lMAh4yjVuDkQ9NqkK4H+YHUga+anpFs5JAuj/uZh0Rs=' 'sha256-ib2/2v5zC6gGM6Ety7iYgBUvpy/caRX9xV/pzzV7hf0=' 'sha256-f7ecPCfcHKAHzzzadoxo9mBuAXrhlkwJgeP9HSj9dzU='; child-src 'self' https://accounts.google.com; style-src 'self' 'unsafe-inline'; font-src 'self' ; img-src * 'self' data:; connect-src 'self' metabase.us10.list-manage.com www.google-analytics.com https://sp.metabase.com ; manifest-src 'self'; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bi.booking.pathlab.com.my/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date
Tue, 07 Feb 2023 16:02:53 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-eval' https://maps.google.com https://apis.google.com https://*.googleapis.com *.gstatic.com https://www.google-analytics.com 'sha256-lMAh4yjVuDkQ9NqkK4H+YHUga+anpFs5JAuj/uZh0Rs=' 'sha256-ib2/2v5zC6gGM6Ety7iYgBUvpy/caRX9xV/pzzV7hf0=' 'sha256-f7ecPCfcHKAHzzzadoxo9mBuAXrhlkwJgeP9HSj9dzU='; child-src 'self' https://accounts.google.com; style-src 'self' 'unsafe-inline'; font-src 'self' ; img-src * 'self' data:; connect-src 'self' metabase.us10.list-manage.com www.google-analytics.com https://sp.metabase.com ; manifest-src 'self'; frame-ancestors 'none';
Last-Modified
Wed, 01 Jun 2022 01:14:10 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Permitted-Cross-Domain-Policies
none
Content-Encoding
gzip
Transfer-Encoding
chunked
X-Frame-Options
DENY
Content-Type
text/javascript
Cache-Control
public, max-age=31536000
Connection
keep-alive
X-XSS-Protection
1; mode=block
analytics.js
www.google-analytics.com/
49 KB
20 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: bi.booking.pathlab.com.my
URL: https://bi.booking.pathlab.com.my/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:806::200e , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bi.booking.pathlab.com.my/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Tue, 07 Feb 2023 15:12:08 GMT
last-modified
Tue, 10 Jan 2023 21:29:14 GMT
server
Golfe2
age
3049
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20085
expires
Tue, 07 Feb 2023 17:12:08 GMT
current
bi.booking.pathlab.com.my/api/user/
15 B
1 KB
XHR
General
Full URL
https://bi.booking.pathlab.com.my/api/user/current
Requested by
Host: bi.booking.pathlab.com.my
URL: https://bi.booking.pathlab.com.my/app/dist/app-main.bundle.js?b0194ceb3d161a9e0abc
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
220.158.208.60 Cyberjaya, Malaysia, ASN45144 (NETONBOARD-MY Net Onboard Sdn Bhd - Quality & Reliable Cloud Hosting Provider, MY),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
76f4e015467e2ad3550fc408bcf4f7d2a391d363e9993df7b0d95e4859ed5c53
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-eval' https://maps.google.com https://apis.google.com https://*.googleapis.com *.gstatic.com https://www.google-analytics.com 'sha256-lMAh4yjVuDkQ9NqkK4H+YHUga+anpFs5JAuj/uZh0Rs=' 'sha256-ib2/2v5zC6gGM6Ety7iYgBUvpy/caRX9xV/pzzV7hf0=' 'sha256-f7ecPCfcHKAHzzzadoxo9mBuAXrhlkwJgeP9HSj9dzU='; child-src 'self' https://accounts.google.com; style-src 'self' 'unsafe-inline'; font-src 'self' ; img-src * 'self' data:; connect-src 'self' metabase.us10.list-manage.com www.google-analytics.com https://sp.metabase.com ; manifest-src 'self'; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json
Referer
https://bi.booking.pathlab.com.my/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type
application/json

Response headers

Date
Tue, 07 Feb 2023 16:02:57 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-eval' https://maps.google.com https://apis.google.com https://*.googleapis.com *.gstatic.com https://www.google-analytics.com 'sha256-lMAh4yjVuDkQ9NqkK4H+YHUga+anpFs5JAuj/uZh0Rs=' 'sha256-ib2/2v5zC6gGM6Ety7iYgBUvpy/caRX9xV/pzzV7hf0=' 'sha256-f7ecPCfcHKAHzzzadoxo9mBuAXrhlkwJgeP9HSj9dzU='; child-src 'self' https://accounts.google.com; style-src 'self' 'unsafe-inline'; font-src 'self' ; img-src * 'self' data:; connect-src 'self' metabase.us10.list-manage.com www.google-analytics.com https://sp.metabase.com ; manifest-src 'self'; frame-ancestors 'none';
Last-Modified
Tue, 7 Feb 2023 15:54:04 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Permitted-Cross-Domain-Policies
none
X-Frame-Options
DENY
Content-Type
text/plain
Cache-Control
max-age=0, no-cache, must-revalidate, proxy-revalidate
Connection
keep-alive
Content-Length
15
X-XSS-Protection
1; mode=block
Expires
Tue, 03 Jul 2001 06:00:00 GMT
properties
bi.booking.pathlab.com.my/api/session/
69 KB
10 KB
XHR
General
Full URL
https://bi.booking.pathlab.com.my/api/session/properties
Requested by
Host: bi.booking.pathlab.com.my
URL: https://bi.booking.pathlab.com.my/app/dist/app-main.bundle.js?b0194ceb3d161a9e0abc
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
220.158.208.60 Cyberjaya, Malaysia, ASN45144 (NETONBOARD-MY Net Onboard Sdn Bhd - Quality & Reliable Cloud Hosting Provider, MY),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
fa9beb78e7f9af9c982df8d9905de377cd46b46b574b8f266d2027a80fcc2c76
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-eval' https://maps.google.com https://apis.google.com https://*.googleapis.com *.gstatic.com https://www.google-analytics.com 'sha256-lMAh4yjVuDkQ9NqkK4H+YHUga+anpFs5JAuj/uZh0Rs=' 'sha256-ib2/2v5zC6gGM6Ety7iYgBUvpy/caRX9xV/pzzV7hf0=' 'sha256-f7ecPCfcHKAHzzzadoxo9mBuAXrhlkwJgeP9HSj9dzU='; child-src 'self' https://accounts.google.com; style-src 'self' 'unsafe-inline'; font-src 'self' ; img-src * 'self' data:; connect-src 'self' metabase.us10.list-manage.com www.google-analytics.com https://sp.metabase.com ; manifest-src 'self'; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json
Referer
https://bi.booking.pathlab.com.my/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type
application/json

Response headers

Date
Tue, 07 Feb 2023 16:02:57 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-eval' https://maps.google.com https://apis.google.com https://*.googleapis.com *.gstatic.com https://www.google-analytics.com 'sha256-lMAh4yjVuDkQ9NqkK4H+YHUga+anpFs5JAuj/uZh0Rs=' 'sha256-ib2/2v5zC6gGM6Ety7iYgBUvpy/caRX9xV/pzzV7hf0=' 'sha256-f7ecPCfcHKAHzzzadoxo9mBuAXrhlkwJgeP9HSj9dzU='; child-src 'self' https://accounts.google.com; style-src 'self' 'unsafe-inline'; font-src 'self' ; img-src * 'self' data:; connect-src 'self' metabase.us10.list-manage.com www.google-analytics.com https://sp.metabase.com ; manifest-src 'self'; frame-ancestors 'none';
Last-Modified
Tue, 7 Feb 2023 15:54:04 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Permitted-Cross-Domain-Policies
none
Content-Encoding
gzip
Transfer-Encoding
chunked
X-Frame-Options
DENY
Content-Type
application/json;charset=utf-8
Cache-Control
max-age=0, no-cache, must-revalidate, proxy-revalidate
Connection
keep-alive
X-XSS-Protection
1; mode=block
Expires
Tue, 03 Jul 2001 06:00:00 GMT
tp2
sp.metabase.com/com.snowplowanalytics.snowplow/
0
0
Preflight
General
Full URL
https://sp.metabase.com/com.snowplowanalytics.snowplow/tp2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.165.73.141 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-165-73-141.us-west-2.compute.amazonaws.com
Software
akka-http/10.1.12 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,sp-anonymous
Access-Control-Request-Method
POST
Origin
https://bi.booking.pathlab.com.my
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type, SP-Anonymous
access-control-allow-origin
https://bi.booking.pathlab.com.my
access-control-max-age
5
content-length
0
date
Tue, 07 Feb 2023 16:02:58 GMT
server
akka-http/10.1.12
collect
www.google-analytics.com/j/
2 B
214 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j99&a=318147985&t=pageview&_s=1&dl=https%3A%2F%2Fbi.booking.pathlab.com.my%2F&dp=https%3A%2F%2Fsp.metabase.com%2F&ul=en-us&de=UTF-8&dt=Metabase&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEBAAEABAAAAACAAI~&jid=532322669&gjid=1239431049&cid=1867037819.1675785778&tid=UA-60817802-1&_gid=889833574.1675785778&_r=1&_slc=1&cd1=v0.43.2&z=469193249
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:806::200e , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://bi.booking.pathlab.com.my/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 07 Feb 2023 16:02:57 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://bi.booking.pathlab.com.my
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
tp2
sp.metabase.com/com.snowplowanalytics.snowplow/
2 B
238 B
XHR
General
Full URL
https://sp.metabase.com/com.snowplowanalytics.snowplow/tp2
Requested by
Host: bi.booking.pathlab.com.my
URL: https://bi.booking.pathlab.com.my/app/dist/vendor.bundle.js?28e91fd2a40fb38c3d09
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.165.73.141 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-165-73-141.us-west-2.compute.amazonaws.com
Software
akka-http/10.1.12 /
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

SP-Anonymous
*
Referer
https://bi.booking.pathlab.com.my/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type
application/json; charset=UTF-8

Response headers

access-control-allow-origin
https://bi.booking.pathlab.com.my
date
Tue, 07 Feb 2023 16:02:58 GMT
access-control-allow-credentials
true
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
server
akka-http/10.1.12
content-length
2
content-type
text/plain; charset=UTF-8
bridge.svg
bi.booking.pathlab.com.my/app/img/
76 KB
7 KB
Image
General
Full URL
https://bi.booking.pathlab.com.my/app/img/bridge.svg
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
220.158.208.60 Cyberjaya, Malaysia, ASN45144 (NETONBOARD-MY Net Onboard Sdn Bhd - Quality & Reliable Cloud Hosting Provider, MY),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
ab1015574cd05f56b991db47e0a8f655b9bd6afed5c88329ba74e43386f9baaa
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-eval' https://maps.google.com https://apis.google.com https://*.googleapis.com *.gstatic.com https://www.google-analytics.com 'sha256-lMAh4yjVuDkQ9NqkK4H+YHUga+anpFs5JAuj/uZh0Rs=' 'sha256-ib2/2v5zC6gGM6Ety7iYgBUvpy/caRX9xV/pzzV7hf0=' 'sha256-f7ecPCfcHKAHzzzadoxo9mBuAXrhlkwJgeP9HSj9dzU='; child-src 'self' https://accounts.google.com; style-src 'self' 'unsafe-inline'; font-src 'self' ; img-src * 'self' data:; connect-src 'self' metabase.us10.list-manage.com www.google-analytics.com https://sp.metabase.com ; manifest-src 'self'; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bi.booking.pathlab.com.my/auth/login?redirect=%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date
Tue, 07 Feb 2023 16:02:57 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-eval' https://maps.google.com https://apis.google.com https://*.googleapis.com *.gstatic.com https://www.google-analytics.com 'sha256-lMAh4yjVuDkQ9NqkK4H+YHUga+anpFs5JAuj/uZh0Rs=' 'sha256-ib2/2v5zC6gGM6Ety7iYgBUvpy/caRX9xV/pzzV7hf0=' 'sha256-f7ecPCfcHKAHzzzadoxo9mBuAXrhlkwJgeP9HSj9dzU='; child-src 'self' https://accounts.google.com; style-src 'self' 'unsafe-inline'; font-src 'self' ; img-src * 'self' data:; connect-src 'self' metabase.us10.list-manage.com www.google-analytics.com https://sp.metabase.com ; manifest-src 'self'; frame-ancestors 'none';
Last-Modified
Tue, 7 Feb 2023 15:54:04 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Permitted-Cross-Domain-Policies
none
Content-Encoding
gzip
Transfer-Encoding
chunked
X-Frame-Options
DENY
Content-Type
image/svg+xml
Cache-Control
max-age=0, no-cache, must-revalidate, proxy-revalidate
Connection
keep-alive
X-XSS-Protection
1; mode=block
Expires
Tue, 03 Jul 2001 06:00:00 GMT
f1405bd8a987c2ea8a67.woff2
bi.booking.pathlab.com.my/app/dist/
22 KB
24 KB
Font
General
Full URL
https://bi.booking.pathlab.com.my/app/dist/f1405bd8a987c2ea8a67.woff2
Requested by
Host: bi.booking.pathlab.com.my
URL: https://bi.booking.pathlab.com.my/app/dist/styles.css?7f9dfaae955ab6a28a88
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
220.158.208.60 Cyberjaya, Malaysia, ASN45144 (NETONBOARD-MY Net Onboard Sdn Bhd - Quality & Reliable Cloud Hosting Provider, MY),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-eval' https://maps.google.com https://apis.google.com https://*.googleapis.com *.gstatic.com https://www.google-analytics.com 'sha256-lMAh4yjVuDkQ9NqkK4H+YHUga+anpFs5JAuj/uZh0Rs=' 'sha256-ib2/2v5zC6gGM6Ety7iYgBUvpy/caRX9xV/pzzV7hf0=' 'sha256-f7ecPCfcHKAHzzzadoxo9mBuAXrhlkwJgeP9HSj9dzU='; child-src 'self' https://accounts.google.com; style-src 'self' 'unsafe-inline'; font-src 'self' ; img-src * 'self' data:; connect-src 'self' metabase.us10.list-manage.com www.google-analytics.com https://sp.metabase.com ; manifest-src 'self'; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://bi.booking.pathlab.com.my/app/dist/styles.css?7f9dfaae955ab6a28a88
Origin
https://bi.booking.pathlab.com.my
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date
Tue, 07 Feb 2023 16:02:57 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-eval' https://maps.google.com https://apis.google.com https://*.googleapis.com *.gstatic.com https://www.google-analytics.com 'sha256-lMAh4yjVuDkQ9NqkK4H+YHUga+anpFs5JAuj/uZh0Rs=' 'sha256-ib2/2v5zC6gGM6Ety7iYgBUvpy/caRX9xV/pzzV7hf0=' 'sha256-f7ecPCfcHKAHzzzadoxo9mBuAXrhlkwJgeP9HSj9dzU='; child-src 'self' https://accounts.google.com; style-src 'self' 'unsafe-inline'; font-src 'self' ; img-src * 'self' data:; connect-src 'self' metabase.us10.list-manage.com www.google-analytics.com https://sp.metabase.com ; manifest-src 'self'; frame-ancestors 'none';
Last-Modified
Wed, 01 Jun 2022 01:14:10 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Permitted-Cross-Domain-Policies
none
Content-Encoding
gzip
Transfer-Encoding
chunked
X-Frame-Options
DENY
Content-Type
font/woff2
Cache-Control
public, max-age=31536000
Connection
keep-alive
X-XSS-Protection
1; mode=block
f33015cf2124b2046860.woff2
bi.booking.pathlab.com.my/app/dist/
22 KB
23 KB
Font
General
Full URL
https://bi.booking.pathlab.com.my/app/dist/f33015cf2124b2046860.woff2
Requested by
Host: bi.booking.pathlab.com.my
URL: https://bi.booking.pathlab.com.my/app/dist/styles.css?7f9dfaae955ab6a28a88
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
220.158.208.60 Cyberjaya, Malaysia, ASN45144 (NETONBOARD-MY Net Onboard Sdn Bhd - Quality & Reliable Cloud Hosting Provider, MY),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
7d4243c8e973ec0cfc707904891ae4e3efc03dbc8923acb9755f9a35c92269a6
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-eval' https://maps.google.com https://apis.google.com https://*.googleapis.com *.gstatic.com https://www.google-analytics.com 'sha256-lMAh4yjVuDkQ9NqkK4H+YHUga+anpFs5JAuj/uZh0Rs=' 'sha256-ib2/2v5zC6gGM6Ety7iYgBUvpy/caRX9xV/pzzV7hf0=' 'sha256-f7ecPCfcHKAHzzzadoxo9mBuAXrhlkwJgeP9HSj9dzU='; child-src 'self' https://accounts.google.com; style-src 'self' 'unsafe-inline'; font-src 'self' ; img-src * 'self' data:; connect-src 'self' metabase.us10.list-manage.com www.google-analytics.com https://sp.metabase.com ; manifest-src 'self'; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://bi.booking.pathlab.com.my/app/dist/styles.css?7f9dfaae955ab6a28a88
Origin
https://bi.booking.pathlab.com.my
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date
Tue, 07 Feb 2023 16:02:57 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-eval' https://maps.google.com https://apis.google.com https://*.googleapis.com *.gstatic.com https://www.google-analytics.com 'sha256-lMAh4yjVuDkQ9NqkK4H+YHUga+anpFs5JAuj/uZh0Rs=' 'sha256-ib2/2v5zC6gGM6Ety7iYgBUvpy/caRX9xV/pzzV7hf0=' 'sha256-f7ecPCfcHKAHzzzadoxo9mBuAXrhlkwJgeP9HSj9dzU='; child-src 'self' https://accounts.google.com; style-src 'self' 'unsafe-inline'; font-src 'self' ; img-src * 'self' data:; connect-src 'self' metabase.us10.list-manage.com www.google-analytics.com https://sp.metabase.com ; manifest-src 'self'; frame-ancestors 'none';
Last-Modified
Wed, 01 Jun 2022 01:14:10 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Permitted-Cross-Domain-Policies
none
Content-Encoding
gzip
Transfer-Encoding
chunked
X-Frame-Options
DENY
Content-Type
font/woff2
Cache-Control
public, max-age=31536000
Connection
keep-alive
X-XSS-Protection
1; mode=block
65e877e527022735c1a1.woff2
bi.booking.pathlab.com.my/app/dist/
23 KB
24 KB
Font
General
Full URL
https://bi.booking.pathlab.com.my/app/dist/65e877e527022735c1a1.woff2
Requested by
Host: bi.booking.pathlab.com.my
URL: https://bi.booking.pathlab.com.my/app/dist/styles.css?7f9dfaae955ab6a28a88
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
220.158.208.60 Cyberjaya, Malaysia, ASN45144 (NETONBOARD-MY Net Onboard Sdn Bhd - Quality & Reliable Cloud Hosting Provider, MY),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-eval' https://maps.google.com https://apis.google.com https://*.googleapis.com *.gstatic.com https://www.google-analytics.com 'sha256-lMAh4yjVuDkQ9NqkK4H+YHUga+anpFs5JAuj/uZh0Rs=' 'sha256-ib2/2v5zC6gGM6Ety7iYgBUvpy/caRX9xV/pzzV7hf0=' 'sha256-f7ecPCfcHKAHzzzadoxo9mBuAXrhlkwJgeP9HSj9dzU='; child-src 'self' https://accounts.google.com; style-src 'self' 'unsafe-inline'; font-src 'self' ; img-src * 'self' data:; connect-src 'self' metabase.us10.list-manage.com www.google-analytics.com https://sp.metabase.com ; manifest-src 'self'; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://bi.booking.pathlab.com.my/app/dist/styles.css?7f9dfaae955ab6a28a88
Origin
https://bi.booking.pathlab.com.my
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date
Tue, 07 Feb 2023 16:02:57 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'none'; script-src 'self' 'unsafe-eval' https://maps.google.com https://apis.google.com https://*.googleapis.com *.gstatic.com https://www.google-analytics.com 'sha256-lMAh4yjVuDkQ9NqkK4H+YHUga+anpFs5JAuj/uZh0Rs=' 'sha256-ib2/2v5zC6gGM6Ety7iYgBUvpy/caRX9xV/pzzV7hf0=' 'sha256-f7ecPCfcHKAHzzzadoxo9mBuAXrhlkwJgeP9HSj9dzU='; child-src 'self' https://accounts.google.com; style-src 'self' 'unsafe-inline'; font-src 'self' ; img-src * 'self' data:; connect-src 'self' metabase.us10.list-manage.com www.google-analytics.com https://sp.metabase.com ; manifest-src 'self'; frame-ancestors 'none';
Last-Modified
Wed, 01 Jun 2022 01:14:10 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Permitted-Cross-Domain-Policies
none
Content-Encoding
gzip
Transfer-Encoding
chunked
X-Frame-Options
DENY
Content-Type
font/woff2
Cache-Control
public, max-age=31536000
Connection
keep-alive
X-XSS-Protection
1; mode=block
collect
www.google-analytics.com/
35 B
55 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j99&a=318147985&t=pageview&_s=2&dl=https%3A%2F%2Fbi.booking.pathlab.com.my%2F&dp=https%3A%2F%2Fsp.metabase.com%2Fauth%2Flogin&ul=en-us&de=UTF-8&dt=Metabase&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEBAAEABAAAAACAAI~&jid=&gjid=&cid=1867037819.1675785778&tid=UA-60817802-1&_gid=889833574.1675785778&cd1=v0.43.2&z=1506507734
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:806::200e , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bi.booking.pathlab.com.my/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 07 Feb 2023 02:05:56 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
50221
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
tp2
sp.metabase.com/com.snowplowanalytics.snowplow/
2 B
237 B
XHR
General
Full URL
https://sp.metabase.com/com.snowplowanalytics.snowplow/tp2
Requested by
Host: bi.booking.pathlab.com.my
URL: https://bi.booking.pathlab.com.my/app/dist/vendor.bundle.js?28e91fd2a40fb38c3d09
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.165.73.141 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-165-73-141.us-west-2.compute.amazonaws.com
Software
akka-http/10.1.12 /
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

SP-Anonymous
*
Referer
https://bi.booking.pathlab.com.my/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type
application/json; charset=UTF-8

Response headers

access-control-allow-origin
https://bi.booking.pathlab.com.my
date
Tue, 07 Feb 2023 16:02:59 GMT
access-control-allow-credentials
true
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
server
akka-http/10.1.12
content-length
2
content-type
text/plain; charset=UTF-8
tp2
sp.metabase.com/com.snowplowanalytics.snowplow/
0
0
Preflight
General
Full URL
https://sp.metabase.com/com.snowplowanalytics.snowplow/tp2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.165.73.141 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-165-73-141.us-west-2.compute.amazonaws.com
Software
akka-http/10.1.12 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,sp-anonymous
Access-Control-Request-Method
POST
Origin
https://bi.booking.pathlab.com.my
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type, SP-Anonymous
access-control-allow-origin
https://bi.booking.pathlab.com.my
access-control-max-age
5
content-length
0
date
Tue, 07 Feb 2023 16:02:58 GMT
server
akka-http/10.1.12

Verdicts & Comments Add Verdict or Comment

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange object| MetabaseBootstrap object| MetabaseLocalization string| MetabaseRoot object| webpackChunk function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| METABASE object| d3 object| ace function| _ object| L function| simpleheat string| k object| Metabase string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData

4 Cookies

Domain/Path Name / Value
bi.booking.pathlab.com.my/ Name: metabase.DEVICE
Value: ff0d87f5-72fd-4399-b82b-db48e7f08025
.pathlab.com.my/ Name: _ga
Value: GA1.3.1867037819.1675785778
.pathlab.com.my/ Name: _gid
Value: GA1.3.889833574.1675785778
.pathlab.com.my/ Name: _gat
Value: 1

1 Console Messages

Source Level URL
Text
network error URL: https://bi.booking.pathlab.com.my/api/user/current
Message:
Failed to load resource: the server responded with a status of 401 (Unauthorized)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'none'; script-src 'self' 'unsafe-eval' https://maps.google.com https://apis.google.com https://*.googleapis.com *.gstatic.com https://www.google-analytics.com 'sha256-lMAh4yjVuDkQ9NqkK4H+YHUga+anpFs5JAuj/uZh0Rs=' 'sha256-ib2/2v5zC6gGM6Ety7iYgBUvpy/caRX9xV/pzzV7hf0=' 'sha256-f7ecPCfcHKAHzzzadoxo9mBuAXrhlkwJgeP9HSj9dzU='; child-src 'self' https://accounts.google.com; style-src 'self' 'unsafe-inline'; font-src 'self' ; img-src * 'self' data:; connect-src 'self' metabase.us10.list-manage.com www.google-analytics.com https://sp.metabase.com ; manifest-src 'self'; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block