urlscan.io logo urlscan.io
SecurityTrails logo

login-patient.labcorp.com Open in urlscan Pro
52.223.49.115  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://patient.labcorp.com/90f7a532-07e2-4aea-a588-7791c437abf6
Effective URL: https://login-patient.labcorp.com/oauth2/default/v1/authorize?client_id=0oaympyx2kMM41A140x7&code_challenge=NJAeykWG_3-SbrDVzjLkan...
Submission: On October 17 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 12 IPs in 3 countries across 10 domains to perform 55 HTTP transactions. The main IP is 52.223.49.115, located in United States and belongs to AMAZON-02, US. The main domain is login-patient.labcorp.com. The Cisco Umbrella rank of the primary domain is 125995.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on July 31st 2024. Valid for: 7 months.
This is the only time login-patient.labcorp.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
15 13.249.205.104 16509 (AMAZON-02)
12 2606:4700::68... 13335 (CLOUDFLAR...)
3 192.229.221.25 15133 (EDGECAST)
1 34.111.138.51 396982 (GOOGLE-CL...)
2 107.21.107.230 14618 (AMAZON-AES)
2 2a02:26f0:350... 20940 (AKAMAI-ASN1)
5 52.223.49.115 16509 (AMAZON-02)
2 34.248.198.130 16509 (AMAZON-02)
1 1 52.18.168.199 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
9 18.245.86.116 16509 (AMAZON-02)
1 108.138.7.126 16509 (AMAZON-02)
55 12
15    13.249.205.104 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-249-205-104.dfw56.r.cloudfront.net
patient.labcorp.com
12    2606:4700::6812:572a (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.cookielaw.org
3    192.229.221.25 (United States)

ASN15133 (EDGECAST, US)
js.braintreegateway.com
1    34.111.138.51 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 51.138.111.34.bc.googleusercontent.com
content.patient.pendo.cws.labcorp.com
2    107.21.107.230 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-107-21-107-230.compute-1.amazonaws.com
portal-api.patient.cws.labcorp.com
2    2a02:26f0:3500:587::1e80 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
assets.adobedtm.com
5    52.223.49.115 (United States)

ASN16509 (AMAZON-02, US)
PTR: ad3225ce0e27ecc67.awsglobalaccelerator.com
login-patient.labcorp.com
2    34.248.198.130 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-248-198-130.eu-west-1.compute.amazonaws.com
dpm.demdex.net
1    52.18.168.199 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-18-168-199.eu-west-1.compute.amazonaws.com
cm.everesttech.net
1    2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
9    18.245.86.116 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-86-116.fra60.r.cloudfront.net
ok2static.oktacdn.com
1    108.138.7.126 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-7-126.fra56.r.cloudfront.net
login.okta.com
Apex Domain
Subdomains		 Transfer
23 labcorp.com
patient.labcorp.com — Cisco Umbrella Rank: 110090
content.patient.pendo.cws.labcorp.com — Cisco Umbrella Rank: 116676
portal-api.patient.cws.labcorp.com — Cisco Umbrella Rank: 116735
login-patient.labcorp.com — Cisco Umbrella Rank: 125995
1 MB
12 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 326
204 KB
9 oktacdn.com
ok2static.oktacdn.com — Cisco Umbrella Rank: 14764
792 KB
3 braintreegateway.com
js.braintreegateway.com — Cisco Umbrella Rank: 9069
34 KB
2 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 243
labcorp.demdex.net Failed
2 KB
2 adobedtm.com
assets.adobedtm.com — Cisco Umbrella Rank: 430
53 KB
1 okta.com
login.okta.com — Cisco Umbrella Rank: 3822
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 30
1 KB
1 everesttech.net
cm.everesttech.net — Cisco Umbrella Rank: 1371
503 B
0 onetrust.com Failed
geolocation.onetrust.com Failed
55 10
Domain Requested by
15 patient.labcorp.com patient.labcorp.com
login-patient.labcorp.com
12 cdn.cookielaw.org patient.labcorp.com
cdn.cookielaw.org
9 ok2static.oktacdn.com login-patient.labcorp.com
ok2static.oktacdn.com
5 login-patient.labcorp.com patient.labcorp.com
ok2static.oktacdn.com
3 js.braintreegateway.com patient.labcorp.com
2 dpm.demdex.net patient.labcorp.com
2 assets.adobedtm.com patient.labcorp.com
assets.adobedtm.com
2 portal-api.patient.cws.labcorp.com patient.labcorp.com
1 login.okta.com ok2static.oktacdn.com
1 fonts.googleapis.com login-patient.labcorp.com
1 cm.everesttech.net 1 redirects
1 content.patient.pendo.cws.labcorp.com patient.labcorp.com
0 labcorp.demdex.net Failed assets.adobedtm.com
0 geolocation.onetrust.com Failed cdn.cookielaw.org
55 14

This site contains no links.

Subject Issuer Validity Valid
patient.labcorp.com
Amazon RSA 2048 M03		 2024-08-26 -
2025-09-24		 a year crt.sh
cookielaw.org
WE1		 2024-10-11 -
2025-01-09		 3 months crt.sh
www.paypal.com
DigiCert SHA2 Extended Validation Server CA		 2024-06-13 -
2025-06-12		 a year crt.sh
content.patient.pendo.cws.labcorp.com
WR3		 2024-10-14 -
2025-01-12		 3 months crt.sh
portal-api.patient.cws.labcorp.com
Amazon RSA 2048 M03		 2024-08-08 -
2025-09-06		 a year crt.sh
assets.adobedtm.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-07-09 -
2025-08-09		 a year crt.sh
login-patient.labcorp.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-07-31 -
2025-03-11		 7 months crt.sh
*.demdex.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-09-25 -
2025-10-26		 a year crt.sh
upload.video.google.com
WR2		 2024-09-30 -
2024-12-23		 3 months crt.sh
*.oktacdn.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-12-15 -
2025-01-02		 a year crt.sh
accounts.okta.com
Amazon RSA 2048 M02		 2024-07-17 -
2025-08-15		 a year crt.sh

This page contains 3 frames:

Primary Page: https://login-patient.labcorp.com/oauth2/default/v1/authorize?client_id=0oaympyx2kMM41A140x7&code_challenge=NJAeykWG_3-SbrDVzjLkanVB-Uq5xYx__119ijmjm4A&code_challenge_method=S256&nonce=ae9g0SFy1q9WxrURBY1zZKRgdF81Kb7yV9EUwTfxeX4duMU8utNRkRj4BvDLnNik&redirect_uri=https%3A%2F%2Fpatient.labcorp.com%2Fcallback&response_type=code&state=GUTtEHjaYnPgQRVKTAOyHqfokxEB0XlLyfG1LSKjkGDykWdVVprHA88eGoPuik90&scope=openid%20email%20profile
Frame ID: 79FCFD42DB9C64F9401DEAA20F22B26A
Requests: 51 HTTP requests in this frame

Frame: https://labcorp.demdex.net/dest5.html?d_nsid=0
Frame ID: 27998591625F5453C14C9AA65E836194
Requests: 1 HTTP requests in this frame

Frame: https://login.okta.com/discovery/iframe.html
Frame ID: 7088959F3514D63491F11317A73FE1C0
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Labcorp Patient - Anmelden

Page URL History Show full URLs

  1. https://patient.labcorp.com/90f7a532-07e2-4aea-a588-7791c437abf6 Page URL
  2. https://login-patient.labcorp.com/oauth2/default/v1/authorize?client_id=0oaympyx2kMM41A140x7&code_challenge=NJ... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • js\.braintreegateway\.com
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js

Page Statistics

55
Requests

95 %
HTTPS

25 %
IPv6

10
Domains

14
Subdomains

12
IPs

3
Countries

2316 kB
Transfer

7337 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://patient.labcorp.com/90f7a532-07e2-4aea-a588-7791c437abf6 Page URL
  2. https://login-patient.labcorp.com/oauth2/default/v1/authorize?client_id=0oaympyx2kMM41A140x7&code_challenge=NJAeykWG_3-SbrDVzjLkanVB-Uq5xYx__119ijmjm4A&code_challenge_method=S256&nonce=ae9g0SFy1q9WxrURBY1zZKRgdF81Kb7yV9EUwTfxeX4duMU8utNRkRj4BvDLnNik&redirect_uri=https%3A%2F%2Fpatient.labcorp.com%2Fcallback&response_type=code&state=GUTtEHjaYnPgQRVKTAOyHqfokxEB0XlLyfG1LSKjkGDykWdVVprHA88eGoPuik90&scope=openid%20email%20profile Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 39
  • https://cm.everesttech.net/cm/dd?d_uuid=21632240710800709371490323054813795077 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZxEaGAAAAL_OMwO-

55 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
90f7a532-07e2-4aea-a588-7791c437abf6
patient.labcorp.com/ 		2 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://patient.labcorp.com/90f7a532-07e2-4aea-a588-7791c437abf6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.249.205.104 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-205-104.dfw56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
078bc5f70c163ed66f8ffbf347b129dfe79944374b326145d5ee5edd47d98d7a
Security Headers
Name Value
Content-Security-Policy default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

content-encoding
gzip
content-security-policy
default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
content-type
text/html; charset=utf-8
date
Thu, 17 Oct 2024 14:07:19 GMT
etag
W/"a4ab8e0ab4f0237a1ebaa0dc77349fd2"
expect-ct
max-age=0
last-modified
Wed, 16 Oct 2024 01:08:32 GMT
permissions-policy
payment=(*)
referrer-policy
strict-origin
server
AmazonS3
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
via
1.1 905564ca9c1aa8178ba9f0bf77d23d96.cloudfront.net (CloudFront)
x-amz-cf-id
sMOVecMZxHBkzGYUOoiSj060S66iYq4NK7LCeMp2J5P1QecHfRuW8g==
x-amz-cf-pop
DFW56-P10
x-amz-server-side-encryption
AES256
x-amz-version-id
TpSxGVhUH2XmW.jFcyBfxZmiy667aYGj
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-xss-protection
1; mode=block
OtAutoBlock.js
cdn.cookielaw.org/consent/fdd7992d-1560-4718-962c-a5ede771f2a3/ 		107 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/fdd7992d-1560-4718-962c-a5ede771f2a3/OtAutoBlock.js
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/90f7a532-07e2-4aea-a588-7791c437abf6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e426698cad245f1ee6b3a251500b07c9cc5322c050fbf149861e15c09603852c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://patient.labcorp.com/

Response headers

content-md5
rXZowSOqyVHiKtzdDp4uag==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
cf-cache-status
HIT
etag
0x8DCB25ADA96FF1E
age
36552
x-ms-lease-status
unlocked
x-content-type-options
nosniff
x-ms-version
2009-09-19
expires
Fri, 18 Oct 2024 14:07:18 GMT
date
Thu, 17 Oct 2024 14:07:18 GMT
content-type
application/javascript
last-modified
Thu, 01 Aug 2024 18:50:46 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin, cross-origin
x-ms-request-id
7ae3beeb-001e-00ad-7b43-e4b3e0000000
cf-ray
8d40daaf38dad390-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
14759
x-ms-blob-type
BlockBlob
server
cloudflare
otSDKStub.js
cdn.cookielaw.org/scripttemplates/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/90f7a532-07e2-4aea-a588-7791c437abf6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
91b0809d8b9dc57eaa09cb0e13c210b24edfaeadb94a8cff0fee02751c1b0b5f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://patient.labcorp.com/

Response headers

content-md5
jwlUUXc1HMPClYXMpY+NPQ==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DCECBD439DB9BF
x-ms-lease-status
unlocked
age
72179
cf-cache-status
HIT
x-content-type-options
nosniff
expires
Thu, 17 Oct 2024 18:04:19 GMT
date
Thu, 17 Oct 2024 14:07:18 GMT
content-type
application/javascript
last-modified
Tue, 15 Oct 2024 02:01:20 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
8f7ade6b-901e-0064-2ea7-1e232a000000
cf-ray
8d40daaf38d8d390-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
6881
x-ms-blob-type
BlockBlob
server
cloudflare
client.min.js
js.braintreegateway.com/web/3.87.0/js/ 		42 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.braintreegateway.com/web/3.87.0/js/client.min.js
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/90f7a532-07e2-4aea-a588-7791c437abf6
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4CDC) /
Resource Hash
bbdb499ada9a9b54877bce6e362d9dc0745374dcc39ed49ba2ee210b1429255f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://patient.labcorp.com/

Response headers

paypal-debug-id
95e19d73bc0fd
content-encoding
gzip
etag
W/"631acce0-a80d"
x-content-type-options
nosniff
traceparent
00-000000000000000000095e19d73bc0fd-4bb7ccd17b71a64f-01
dc
ccg11-origin-www-1.paypal.com
x-cache
HIT
date
Thu, 17 Oct 2024 14:07:19 GMT
content-type
application/javascript
last-modified
Fri, 09 Sep 2022 05:19:28 GMT
vary
Accept-Encoding
strict-transport-security
max-age=63072000; includeSubDomains; preload
cache-control
s-maxage=31536000, public,max-age=3600
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
accept-ranges
bytes
access-control-allow-origin
*
content-length
12839
server
ECAcc (frc/4CDC)
apple-pay.min.js
js.braintreegateway.com/web/3.87.0/js/ 		22 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.braintreegateway.com/web/3.87.0/js/apple-pay.min.js
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/90f7a532-07e2-4aea-a588-7791c437abf6
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4CEB) /
Resource Hash
10a8fbaa0884f4deedfb149d83b3345d7489f9995d0737d35b3282132cd04452
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://patient.labcorp.com/

Response headers

paypal-debug-id
3414a969c9f97
content-encoding
gzip
etag
W/"631acce0-561d"
x-content-type-options
nosniff
traceparent
00-00000000000000000003414a969c9f97-671ed0780ed40274-01
dc
ccg11-origin-www-1.paypal.com
x-cache
HIT
date
Thu, 17 Oct 2024 14:07:19 GMT
content-type
application/javascript
last-modified
Fri, 09 Sep 2022 05:19:28 GMT
vary
Accept-Encoding
strict-transport-security
max-age=63072000; includeSubDomains; preload
cache-control
s-maxage=31536000, public,max-age=3600
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
accept-ranges
bytes
access-control-allow-origin
*
content-length
6563
server
ECAcc (frc/4CEB)
paypal-checkout.min.js
js.braintreegateway.com/web/3.87.0/js/ 		54 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.braintreegateway.com/web/3.87.0/js/paypal-checkout.min.js
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/90f7a532-07e2-4aea-a588-7791c437abf6
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4CF9) /
Resource Hash
3d9ef05bcd150166c1f5163efaa04d78e47390892439d4f9bcb4d22a6b579762
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://patient.labcorp.com/

Response headers

paypal-debug-id
b0e07c475754c
content-encoding
gzip
etag
W/"631acce0-d9dd"
x-content-type-options
nosniff
traceparent
00-0000000000000000000b0e07c475754c-be324e80e881aa4b-01
dc
ccg11-origin-www-1.paypal.com
x-cache
HIT
date
Thu, 17 Oct 2024 14:07:19 GMT
content-type
application/javascript
last-modified
Fri, 09 Sep 2022 05:19:28 GMT
vary
Accept-Encoding
strict-transport-security
max-age=63072000; includeSubDomains; preload
cache-control
s-maxage=31536000, public,max-age=3600
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
accept-ranges
bytes
access-control-allow-origin
*
content-length
15122
server
ECAcc (frc/4CF9)
styles.9b1cf7eda88b17ccaf8e.css
patient.labcorp.com/ 		253 KB
41 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://patient.labcorp.com/styles.9b1cf7eda88b17ccaf8e.css
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/90f7a532-07e2-4aea-a588-7791c437abf6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.249.205.104 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-205-104.dfw56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
0afaa8243a885ae98499c05dba6fd60983bc9f9a583987894c0534999dae45d1
Security Headers
Name Value
Content-Security-Policy default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://patient.labcorp.com/

Response headers

content-encoding
gzip
x-amz-version-id
bQpkt3l83Ya5RhTFAVEqNJeg_Vqk0i6u
etag
W/"a3fd981fb6b053693c015c66b189dff7"
age
2190
expect-ct
max-age=0
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
ej8OXN2VP0NXSx8_9Xs507TdAf0Lek-mJQQ2YP8GVQB9qxmZhsB8ng==
date
Thu, 17 Oct 2024 13:30:49 GMT
content-type
text/css; charset=utf-8
last-modified
Fri, 08 Mar 2024 03:09:36 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
x-dns-prefetch-control
off
referrer-policy
strict-origin
x-download-options
noopen
via
1.1 905564ca9c1aa8178ba9f0bf77d23d96.cloudfront.net (CloudFront)
permissions-policy
payment=(*)
x-xss-protection
1; mode=block
x-amz-cf-pop
DFW56-P10
server
AmazonS3
x-amz-server-side-encryption
AES256
runtime-es2015.1aabea4a9c8aee2846e1.js
patient.labcorp.com/ 		3 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://patient.labcorp.com/runtime-es2015.1aabea4a9c8aee2846e1.js
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/90f7a532-07e2-4aea-a588-7791c437abf6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.249.205.104 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-205-104.dfw56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
20d323a44df8c3d203d800a48ead4d181f8d01efeda62c7ce240314a2f356ad5
Security Headers
Name Value
Content-Security-Policy default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://patient.labcorp.com
Referer
https://patient.labcorp.com/

Response headers

content-encoding
gzip
x-amz-version-id
gWZ2hf11u7_L9C0LnqSbGb27MERW8cZA
etag
W/"b0ddd5a95316548436cb1c862a87677d"
age
3437
expect-ct
max-age=0
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
961IiEfq9sjUsrebsMUq-C-oPt7cobQSxQqxBDaQfb0o91GvNSRilQ==
date
Thu, 17 Oct 2024 13:10:02 GMT
content-type
application/javascript
last-modified
Wed, 16 Oct 2024 01:08:32 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
x-dns-prefetch-control
off
referrer-policy
strict-origin
x-download-options
noopen
via
1.1 905564ca9c1aa8178ba9f0bf77d23d96.cloudfront.net (CloudFront)
permissions-policy
payment=(*)
x-xss-protection
1; mode=block
x-amz-cf-pop
DFW56-P10
server
AmazonS3
x-amz-server-side-encryption
AES256
polyfills-es2015.b87f0519b1574d0b1ba0.js
patient.labcorp.com/ 		68 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://patient.labcorp.com/polyfills-es2015.b87f0519b1574d0b1ba0.js
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/90f7a532-07e2-4aea-a588-7791c437abf6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.249.205.104 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-205-104.dfw56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d4ebab34a6deec0d1ab70ca05c47cf7db2709d7a087ef4ed78b5a22b2e2b7b29
Security Headers
Name Value
Content-Security-Policy default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://patient.labcorp.com
Referer
https://patient.labcorp.com/

Response headers

content-encoding
gzip
x-amz-version-id
ahaZefA_vjBIyrKsuIg0U1GEeiPzcvsu
etag
W/"9741467ace38fb565d84ba2ef492b871"
age
1727
expect-ct
max-age=0
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
uco9oNfKAkdnh-ZOIruJyrdh7PUDRO_du652be32lbEOVdl2YfLHrw==
date
Thu, 17 Oct 2024 13:38:32 GMT
content-type
application/javascript
last-modified
Tue, 25 Jun 2024 20:10:51 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
x-dns-prefetch-control
off
referrer-policy
strict-origin
x-download-options
noopen
via
1.1 905564ca9c1aa8178ba9f0bf77d23d96.cloudfront.net (CloudFront)
permissions-policy
payment=(*)
x-xss-protection
1; mode=block
x-amz-cf-pop
DFW56-P10
server
AmazonS3
x-amz-server-side-encryption
AES256
main-es2015.a2a211c50a5078f60693.js
patient.labcorp.com/ 		3 MB
650 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://patient.labcorp.com/main-es2015.a2a211c50a5078f60693.js
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/90f7a532-07e2-4aea-a588-7791c437abf6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.249.205.104 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-205-104.dfw56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d56ee9404c66feb249a5297f40bb59c6b1b32ec92c0943479a31ca1403a3ab63
Security Headers
Name Value
Content-Security-Policy default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://patient.labcorp.com
Referer
https://patient.labcorp.com/

Response headers

content-encoding
gzip
x-amz-version-id
hOQumS87xsP6BJer0ilbmx.taQyzcMiI
etag
W/"acb137acb139e92e01575555597b02ca"
age
3439
expect-ct
max-age=0
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
CkmrzIT9n1-z5NNLvz5QAOhq9kvmm8GpV60zS0jDfc7vmDQZV3p7vA==
date
Thu, 17 Oct 2024 13:10:00 GMT
content-type
application/javascript
last-modified
Wed, 16 Oct 2024 01:08:32 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
x-dns-prefetch-control
off
referrer-policy
strict-origin
x-download-options
noopen
via
1.1 905564ca9c1aa8178ba9f0bf77d23d96.cloudfront.net (CloudFront)
permissions-policy
payment=(*)
x-xss-protection
1; mode=block
x-amz-cf-pop
DFW56-P10
server
AmazonS3
x-amz-server-side-encryption
AES256
fdd7992d-1560-4718-962c-a5ede771f2a3.json
cdn.cookielaw.org/consent/fdd7992d-1560-4718-962c-a5ede771f2a3/ 		5 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/fdd7992d-1560-4718-962c-a5ede771f2a3/fdd7992d-1560-4718-962c-a5ede771f2a3.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c18ad0dc68e29a72aa5f98140af88610a0a2a40b19029c78346514f9803b39d6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://patient.labcorp.com/

Response headers

content-md5
0wX1xW7b/xz8rmXKW0LLWw==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
cf-cache-status
HIT
etag
0x8DCB25ADAC83835
age
58284
x-ms-lease-status
unlocked
x-content-type-options
nosniff
x-ms-version
2009-09-19
expires
Fri, 18 Oct 2024 14:07:19 GMT
date
Thu, 17 Oct 2024 14:07:19 GMT
content-type
application/json
last-modified
Thu, 01 Aug 2024 18:50:46 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin, cross-origin
x-ms-request-id
d4b4576e-401e-0044-2543-e44fe6000000
cf-ray
8d40daafa96a4d7c-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
1755
x-ms-blob-type
BlockBlob
server
cloudflare
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 		0
0
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/202407.1.0/ 		451 KB
110 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202407.1.0/otBannerSdk.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
51c8dc48fb49d5df075bf32d6655815cce9440a80bef0458f72a5bb85fa96d4f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://patient.labcorp.com/

Response headers

content-md5
OB5ZPaM1F+xqSvW4fnjknQ==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DCAB84B4C53B13
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
56322
x-content-type-options
nosniff
date
Thu, 17 Oct 2024 14:07:19 GMT
content-type
application/javascript
last-modified
Wed, 24 Jul 2024 02:02:43 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
b4ee5c9a-d01e-00a4-8015-20a96e000000
cf-ray
8d40dab00b0cd390-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
112090
x-ms-blob-type
BlockBlob
server
cloudflare
pendo.js
content.patient.pendo.cws.labcorp.com/agent/static/c12c67fa-39b9-4f2b-576b-b1a7e9686dae/ 		478 KB
156 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://content.patient.pendo.cws.labcorp.com/agent/static/c12c67fa-39b9-4f2b-576b-b1a7e9686dae/pendo.js
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/90f7a532-07e2-4aea-a588-7791c437abf6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.138.51 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
51.138.111.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
ea450999d89d09a09767b77765a87a9d051dfa7c24ce5c382de148bef506ab0b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://patient.labcorp.com/

Response headers

x-goog-metageneration
1
access-control-expose-headers
*
content-encoding
gzip
x-goog-hash
crc32c=XdRkVg==, md5=ko3uQf1gXFa/SVnZZGkBQw==
etag
"928dee41fd605c56bf4959d964690143"
age
59
x-goog-stored-content-encoding
gzip
expires
Thu, 17 Oct 2024 14:13:50 GMT
alt-svc
clear
x-goog-stored-content-length
159005
date
Thu, 17 Oct 2024 14:06:20 GMT
last-modified
Thu, 10 Oct 2024 18:09:24 GMT
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
x-guploader-uploadid
AHmUCY03lEuexms70UGDnEPQzLblpiMVW4oEbVtCMOzFW6UifuzRCWHkIrdxLSL4UdsY9BmQAVQ
strict-transport-security
max-age=63072000
cache-control
max-age=450
x-goog-storage-class
STANDARD
x-envoy-upstream-service-time
35
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1728583764463845
content-length
159005
server
istio-envoy
en.json
cdn.cookielaw.org/consent/fdd7992d-1560-4718-962c-a5ede771f2a3/f7decf9b-3f6d-4798-990c-5f247f56f9ae/ 		103 KB
22 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/fdd7992d-1560-4718-962c-a5ede771f2a3/f7decf9b-3f6d-4798-990c-5f247f56f9ae/en.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202407.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
81b220f5ce6b003b014cc6ec49c228f25a69692981943b520bd2675e133665f7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://patient.labcorp.com/

Response headers

content-md5
Gt7mGk6j4Iuyp3aX2RnJpQ==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
cf-cache-status
HIT
etag
0x8DCB25ADC92DFCC
age
80566
x-ms-lease-status
unlocked
x-content-type-options
nosniff
x-ms-version
2009-09-19
expires
Fri, 18 Oct 2024 14:07:19 GMT
date
Thu, 17 Oct 2024 14:07:19 GMT
content-type
application/json
last-modified
Thu, 01 Aug 2024 18:50:49 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin, cross-origin
x-ms-request-id
611834bd-601e-003e-6743-e425ab000000
cf-ray
8d40dab04a434d7c-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
21960
x-ms-blob-type
BlockBlob
server
cloudflare
source-sans-pro-latin-400-normal.c0d191aa7fb798623030.woff2
patient.labcorp.com/ 		13 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://patient.labcorp.com/source-sans-pro-latin-400-normal.c0d191aa7fb798623030.woff2
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/styles.9b1cf7eda88b17ccaf8e.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.249.205.104 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-205-104.dfw56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0
Security Headers
Name Value
Content-Security-Policy default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://patient.labcorp.com
Referer
https://patient.labcorp.com/

Response headers

x-amz-version-id
_n1VIuZTIa13xHOZlZlt9w7a5N_IBzGQ
etag
"0ad032b3d07aaf33b160ac4799dda40f"
age
3510
expect-ct
max-age=0
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
hzsRdnAqXY5hr_8KpQPZWfZl2xquxNAlD6cORxGx9Po7NAfgisDijw==
date
Thu, 17 Oct 2024 13:08:50 GMT
content-type
font/woff2
last-modified
Thu, 12 Oct 2023 14:23:06 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
x-dns-prefetch-control
off
referrer-policy
strict-origin
x-download-options
noopen
via
1.1 905564ca9c1aa8178ba9f0bf77d23d96.cloudfront.net (CloudFront)
permissions-policy
payment=(*)
accept-ranges
bytes
content-length
13036
x-xss-protection
1; mode=block
x-amz-cf-pop
DFW56-P10
server
AmazonS3
x-amz-server-side-encryption
AES256
otFlat.json
cdn.cookielaw.org/scripttemplates/202407.1.0/assets/ 		13 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202407.1.0/assets/otFlat.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202407.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d890abf66010907c7a0a61236d25c3c98bcb7edec34b13dc887f5be122bfef7e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://patient.labcorp.com/

Response headers

content-md5
Jby9k1ulZUoqHRoLPkzJJA==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DCAB84B133BB3A
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
68805
x-content-type-options
nosniff
date
Thu, 17 Oct 2024 14:07:19 GMT
content-type
application/json
last-modified
Wed, 24 Jul 2024 02:02:37 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
559d1f85-301e-0040-1b06-deba64000000
cf-ray
8d40dab0aae24d7c-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
3003
x-ms-blob-type
BlockBlob
server
cloudflare
otPcCenter.json
cdn.cookielaw.org/scripttemplates/202407.1.0/assets/v2/ 		62 KB
13 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202407.1.0/assets/v2/otPcCenter.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202407.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7dbc72c3f0511495fdf45d42283a246613db44b0906199cef195a773068d822f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://patient.labcorp.com/

Response headers

content-md5
5c9cLQBQ5NMMvDEvN8aWeQ==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DCAB84B285737D
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
40887
x-content-type-options
nosniff
date
Thu, 17 Oct 2024 14:07:19 GMT
content-type
application/json
last-modified
Wed, 24 Jul 2024 02:02:39 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
1984ef37-e01e-00a7-6e06-deaa69000000
cf-ray
8d40dab0aae64d7c-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
12723
x-ms-blob-type
BlockBlob
server
cloudflare
otCommonStyles.css
cdn.cookielaw.org/scripttemplates/202407.1.0/assets/ 		24 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202407.1.0/assets/otCommonStyles.css
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202407.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7c2092048f21074425f3e025db78fb6505f75d6fcf2e121ced055c8d53bcb1b3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://patient.labcorp.com/

Response headers

content-md5
HyPJ72TNHxdfOI82cqKVqA==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
80031
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 17 Oct 2024 14:07:19 GMT
content-type
text/css
last-modified
Wed, 24 Jul 2024 02:02:48 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
9ad56a07-601e-0017-0f06-f453e9000000
cf-ray
8d40dab0aae74d7c-FRA
access-control-allow-origin
*
x-ms-blob-type
BlockBlob
server
cloudflare
ot_close.svg
cdn.cookielaw.org/logos/static/ 		651 B
601 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/static/ot_close.svg
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/90f7a532-07e2-4aea-a588-7791c437abf6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://patient.labcorp.com/

Response headers

content-md5
pcXWFGpuVeSg/jVnYCseRg==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
56697
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 17 Oct 2024 14:07:19 GMT
content-type
image/svg+xml
last-modified
Wed, 16 Oct 2024 06:37:42 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
7b5cf61b-201e-001b-0ce1-1fbd18000000
cf-ray
8d40dab11e49d390-FRA
access-control-allow-origin
*
x-ms-blob-type
BlockBlob
server
cloudflare
source-sans-pro-latin-600-normal.ba0db8c652c563d236e1.woff2
patient.labcorp.com/ 		13 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://patient.labcorp.com/source-sans-pro-latin-600-normal.ba0db8c652c563d236e1.woff2
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/styles.9b1cf7eda88b17ccaf8e.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.249.205.104 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-205-104.dfw56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
bc9a16cd945457ad9463cdaed95129b01c589466978dfee3d019d9c604b2171a
Security Headers
Name Value
Content-Security-Policy default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://patient.labcorp.com
Referer
https://patient.labcorp.com/

Response headers

x-amz-version-id
9p0xht6SuRJaeJkm4wTVQS8rSA56VfrA
etag
"7cf79fbd1df848510d7352274efc2401"
age
3433
expect-ct
max-age=0
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
3g9RyQ9LhgMA9e580uk4ZNE7SW9CUyv0I5JCLbr2IdKUNgADPSGsWw==
date
Thu, 17 Oct 2024 13:10:07 GMT
content-type
font/woff2
last-modified
Thu, 12 Oct 2023 14:23:12 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
x-dns-prefetch-control
off
referrer-policy
strict-origin
x-download-options
noopen
via
1.1 905564ca9c1aa8178ba9f0bf77d23d96.cloudfront.net (CloudFront)
permissions-policy
payment=(*)
accept-ranges
bytes
content-length
13052
x-xss-protection
1; mode=block
x-amz-cf-pop
DFW56-P10
server
AmazonS3
x-amz-server-side-encryption
AES256
source-sans-pro-latin-700-normal.a10519031679e736153a.woff2
patient.labcorp.com/ 		13 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://patient.labcorp.com/source-sans-pro-latin-700-normal.a10519031679e736153a.woff2
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/styles.9b1cf7eda88b17ccaf8e.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.249.205.104 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-205-104.dfw56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7348a2eb48c9a681d6178433394c7037144d85b57ee33a11339d3a33fa1001a4
Security Headers
Name Value
Content-Security-Policy default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://patient.labcorp.com
Referer
https://patient.labcorp.com/

Response headers

x-amz-version-id
kKVVKHrH00gUpnokVF57243qUJBIoex.
etag
"4610010f425c140b99c88b6819ce1c02"
age
1828
expect-ct
max-age=0
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
jkF7BStp_t-7teSZBio1-CihJYWMgMyNpw9QjVuzwdEs-PesdMG6Eg==
date
Thu, 17 Oct 2024 13:36:52 GMT
content-type
font/woff2
last-modified
Thu, 12 Oct 2023 14:23:13 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
x-dns-prefetch-control
off
referrer-policy
strict-origin
x-download-options
noopen
via
1.1 905564ca9c1aa8178ba9f0bf77d23d96.cloudfront.net (CloudFront)
permissions-policy
payment=(*)
accept-ranges
bytes
content-length
12924
x-xss-protection
1; mode=block
x-amz-cf-pop
DFW56-P10
server
AmazonS3
x-amz-server-side-encryption
AES256
ot_guard_logo.svg
cdn.cookielaw.org/logos/static/ 		497 B
495 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/polyfills-es2015.b87f0519b1574d0b1ba0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://patient.labcorp.com/

Response headers

content-md5
tXyZydHjxQshFMbbBT1/8A==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
79622
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 17 Oct 2024 14:07:19 GMT
content-type
image/svg+xml
last-modified
Tue, 15 Oct 2024 02:01:22 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
2088c6ed-901e-006f-2a3f-1f3b5e000000
cf-ray
8d40dab13b7d4d7c-FRA
access-control-allow-origin
*
x-ms-blob-type
BlockBlob
server
cloudflare
LabCorp_logo.PNG
cdn.cookielaw.org/logos/e5fd349f-96f4-4dd6-b798-f27dc03d9f1e/fdd7992d-1560-4718-962c-a5ede771f2a3/9ded174d-efac-4d0f-b391-d9fae174aae0/ 		25 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/e5fd349f-96f4-4dd6-b798-f27dc03d9f1e/fdd7992d-1560-4718-962c-a5ede771f2a3/9ded174d-efac-4d0f-b391-d9fae174aae0/LabCorp_logo.PNG
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/90f7a532-07e2-4aea-a588-7791c437abf6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9a4e0af6397a30500067cf1e08dc26ec4aa597d427a6010777bb74b92675d3f6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://patient.labcorp.com/

Response headers

content-md5
Pp4SvPrkXdiv4L87l3FURA==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
etag
0x8D96E4C3CF7C813
age
18694
cf-cache-status
HIT
x-content-type-options
nosniff
date
Thu, 17 Oct 2024 14:07:19 GMT
content-type
image/png
last-modified
Thu, 02 Sep 2021 19:59:56 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
x-ms-request-id
136c076d-901e-002d-40d5-128af0000000
cf-ray
8d40dab14eb6d390-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
25294
x-ms-blob-type
BlockBlob
server
cloudflare
powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/static/powered_by_logo.svg
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/90f7a532-07e2-4aea-a588-7791c437abf6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://patient.labcorp.com/

Response headers

content-md5
Y+c301RBZNK39PvKQWrIBw==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
60560
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 17 Oct 2024 14:07:19 GMT
content-type
image/svg+xml
last-modified
Wed, 16 Oct 2024 06:37:43 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
324d4739-a01e-00a0-6e98-1f5cec000000
cf-ray
8d40dab14ebbd390-FRA
access-control-allow-origin
*
x-ms-blob-type
BlockBlob
server
cloudflare
environment.json
patient.labcorp.com/assets/ 		1 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://patient.labcorp.com/assets/environment.json
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/polyfills-es2015.b87f0519b1574d0b1ba0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.249.205.104 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-205-104.dfw56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3382eb61d5ed9187fa12fc5c174283070153ba7504352aede417c7c36bc4c910
Security Headers
Name Value
Content-Security-Policy default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://patient.labcorp.com/

Response headers

content-encoding
gzip
x-amz-version-id
G_6W7cUz9FY296g1.9gDfTkgjPCe7fu1
etag
W/"2f9223c66990e09fb74694ebabddf726"
age
1828
expect-ct
max-age=0
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
3keiF6xWQ2Zx3jDftBNoTVO3pmQHZEu943yhQVDPUoLmlz6krBJJCw==
date
Thu, 17 Oct 2024 13:36:52 GMT
content-type
application/json
last-modified
Fri, 08 Mar 2024 03:09:36 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
x-dns-prefetch-control
off
referrer-policy
strict-origin
x-download-options
noopen
via
1.1 905564ca9c1aa8178ba9f0bf77d23d96.cloudfront.net (CloudFront)
permissions-policy
payment=(*)
x-xss-protection
1; mode=block
x-amz-cf-pop
DFW56-P10
server
AmazonS3
x-amz-server-side-encryption
AES256
version.json
patient.labcorp.com/assets/ 		20 B
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://patient.labcorp.com/assets/version.json
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/polyfills-es2015.b87f0519b1574d0b1ba0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.249.205.104 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-205-104.dfw56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
da983c5cc16eef0aeebf15cd3c0de165efe84261b280c708e7375b552defae7f
Security Headers
Name Value
Content-Security-Policy default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://patient.labcorp.com/

Response headers

x-amz-version-id
FMPAfLOCtyTMpZThBD_jPFKbiyvY7TX2
etag
"71544c4a5b9b0e380a2ccad0c66664aa"
age
3032
expect-ct
max-age=0
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
-O62hBOe2dmDJfL85Tb64HrzKdV_wqPpLD8mkVXvNjsKm8eIDGBMHA==
date
Thu, 17 Oct 2024 13:16:48 GMT
content-type
application/json
last-modified
Thu, 12 Oct 2023 14:23:12 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
x-dns-prefetch-control
off
referrer-policy
strict-origin
x-download-options
noopen
via
1.1 905564ca9c1aa8178ba9f0bf77d23d96.cloudfront.net (CloudFront)
permissions-policy
payment=(*)
accept-ranges
bytes
content-length
20
x-xss-protection
1; mode=block
x-amz-cf-pop
DFW56-P10
server
AmazonS3
x-amz-server-side-encryption
AES256
favicon.ico
patient.labcorp.com/ 		104 KB
107 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://patient.labcorp.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.249.205.104 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-205-104.dfw56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d5f5e3a11b1241426353d5a508c948379146e5d2ac6257f3c48f9a13fdd372d1
Security Headers
Name Value
Content-Security-Policy default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://patient.labcorp.com/

Response headers

x-amz-version-id
Y2awls1D8Svzqz692GP9DLUgSsFfrdm2
etag
"4081f691bc6ae15008f13647fb7e2c73"
age
644
expect-ct
max-age=0
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
APVuttjIA9EtbosvXyy6U8ocDGtUpM3ods80GTiwR2tllltf7yxCKA==
date
Thu, 17 Oct 2024 13:56:36 GMT
content-type
image/vnd.microsoft.icon
last-modified
Thu, 12 Oct 2023 14:23:14 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
x-dns-prefetch-control
off
referrer-policy
strict-origin
x-download-options
noopen
via
1.1 905564ca9c1aa8178ba9f0bf77d23d96.cloudfront.net (CloudFront)
permissions-policy
payment=(*)
accept-ranges
bytes
content-length
106614
x-xss-protection
1; mode=block
x-amz-cf-pop
DFW56-P10
server
AmazonS3
x-amz-server-side-encryption
AES256
environment.json
patient.labcorp.com/assets/ 		1 KB
0 		XHR
General
Check archive.org
Download Go to
Full URL
https://patient.labcorp.com/assets/environment.json
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/polyfills-es2015.b87f0519b1574d0b1ba0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.249.205.104 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-205-104.dfw56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3382eb61d5ed9187fa12fc5c174283070153ba7504352aede417c7c36bc4c910
Security Headers
Name Value
Content-Security-Policy default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
application/json, text/plain, */*
Referer
https://patient.labcorp.com/

Response headers

content-encoding
gzip
x-amz-version-id
G_6W7cUz9FY296g1.9gDfTkgjPCe7fu1
etag
W/"2f9223c66990e09fb74694ebabddf726"
age
1828
expect-ct
max-age=0
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
3keiF6xWQ2Zx3jDftBNoTVO3pmQHZEu943yhQVDPUoLmlz6krBJJCw==
date
Thu, 17 Oct 2024 13:36:52 GMT
content-type
application/json
last-modified
Fri, 08 Mar 2024 03:09:36 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-security-policy
default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
x-dns-prefetch-control
off
referrer-policy
strict-origin
x-download-options
noopen
via
1.1 905564ca9c1aa8178ba9f0bf77d23d96.cloudfront.net (CloudFront)
permissions-policy
payment=(*)
x-xss-protection
1; mode=block
x-amz-cf-pop
DFW56-P10
server
AmazonS3
x-amz-server-side-encryption
AES256
version.json
patient.labcorp.com/assets/ 		20 B
0 		XHR
General
Check archive.org
Download Go to
Full URL
https://patient.labcorp.com/assets/version.json
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/polyfills-es2015.b87f0519b1574d0b1ba0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.249.205.104 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-205-104.dfw56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
da983c5cc16eef0aeebf15cd3c0de165efe84261b280c708e7375b552defae7f
Security Headers
Name Value
Content-Security-Policy default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
application/json, text/plain, */*
Referer
https://patient.labcorp.com/

Response headers

x-amz-version-id
FMPAfLOCtyTMpZThBD_jPFKbiyvY7TX2
etag
"71544c4a5b9b0e380a2ccad0c66664aa"
age
3032
expect-ct
max-age=0
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
-O62hBOe2dmDJfL85Tb64HrzKdV_wqPpLD8mkVXvNjsKm8eIDGBMHA==
date
Thu, 17 Oct 2024 13:16:48 GMT
content-type
application/json
last-modified
Thu, 12 Oct 2023 14:23:12 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-security-policy
default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
x-dns-prefetch-control
off
referrer-policy
strict-origin
x-download-options
noopen
via
1.1 905564ca9c1aa8178ba9f0bf77d23d96.cloudfront.net (CloudFront)
permissions-policy
payment=(*)
accept-ranges
bytes
content-length
20
x-xss-protection
1; mode=block
x-amz-cf-pop
DFW56-P10
server
AmazonS3
x-amz-server-side-encryption
AES256
metric
portal-api.patient.cws.labcorp.com/guest/guest/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://portal-api.patient.cws.labcorp.com/guest/guest/metric
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
107.21.107.230 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-107-21-107-230.compute-1.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-browser-type,x-client-type,x-referrer
Access-Control-Request-Method
POST
Origin
https://patient.labcorp.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Client-Type,X-Browser-Type,X-Referrer,x-aws-waf-token,SOURCE
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
https://patient.labcorp.com
access-control-max-age
86400
apigw-requestid
fzED0hEQIAMEPmA=
cache-control
public, max-age=86400
content-length
0
date
Thu, 17 Oct 2024 14:07:20 GMT
vary
origin
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
0
launch-1e5a6d56184f.min.js
assets.adobedtm.com/387d64faac89/5521db81ea87/ 		156 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/387d64faac89/5521db81ea87/launch-1e5a6d56184f.min.js
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/main-es2015.a2a211c50a5078f60693.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
bd81627dee6ce12ff27097a365d990c3e6d231c80c973794d340aa0dcf081ea6

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://patient.labcorp.com/

Response headers

cache-control
max-age=3600
timing-allow-origin
*
content-encoding
gzip
etag
"49019c870597f980fb366e39c8ea49b9:1683838938.872681"
expires
Thu, 17 Oct 2024 15:07:19 GMT
accept-ranges
bytes
access-control-allow-origin
https://patient.labcorp.com
content-length
41460
date
Thu, 17 Oct 2024 14:07:19 GMT
content-type
application/x-javascript
last-modified
Thu, 11 May 2023 21:02:18 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
metric
portal-api.patient.cws.labcorp.com/guest/guest/ 		0
258 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://portal-api.patient.cws.labcorp.com/guest/guest/metric
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/polyfills-es2015.b87f0519b1574d0b1ba0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
107.21.107.230 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-107-21-107-230.compute-1.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

X-Referrer
Labcorp
Referer
https://patient.labcorp.com/
X-Browser-Type
Chrome
X-Client-Type
Web
Accept
application/json, text/plain, */*
Content-Type
application/json
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
access-control-allow-credentials
true
x-content-type-options
nosniff
expires
0
apigw-requestid
fzED2jbKIAMEQFg=
access-control-allow-origin
https://patient.labcorp.com
date
Thu, 17 Oct 2024 14:07:20 GMT
x-xss-protection
0
x-frame-options
DENY
material-icons.0c35d18bf06992036b69.woff2
patient.labcorp.com/ 		125 KB
128 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://patient.labcorp.com/material-icons.0c35d18bf06992036b69.woff2
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/styles.9b1cf7eda88b17ccaf8e.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.249.205.104 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-205-104.dfw56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1
Security Headers
Name Value
Content-Security-Policy default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://patient.labcorp.com
Referer
https://patient.labcorp.com/

Response headers

x-amz-version-id
i0o6HPgcSnLygXHi.HNI1hSD4rJOW23D
etag
"53436aca8627a49f4deaaa44dc9e3c05"
age
1175
expect-ct
max-age=0
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
ama-63blzItLKn-BN4AcF2T1viRTz8JwOziRoAZU9uuIwdNTI5mJlA==
date
Thu, 17 Oct 2024 13:47:45 GMT
content-type
font/woff2
last-modified
Thu, 12 Oct 2023 14:23:14 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
x-dns-prefetch-control
off
referrer-policy
strict-origin
x-download-options
noopen
via
1.1 905564ca9c1aa8178ba9f0bf77d23d96.cloudfront.net (CloudFront)
permissions-policy
payment=(*)
accept-ranges
bytes
content-length
128352
x-xss-protection
1; mode=block
x-amz-cf-pop
DFW56-P10
server
AmazonS3
x-amz-server-side-encryption
AES256
openid-configuration
login-patient.labcorp.com/oauth2/default/.well-known/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://login-patient.labcorp.com/oauth2/default/.well-known/openid-configuration
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.49.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ad3225ce0e27ecc67.awsglobalaccelerator.com
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-okta-user-agent-extended
Access-Control-Request-Method
GET
Origin
https://patient.labcorp.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
content-type,x-okta-user-agent-extended
Access-Control-Allow-Methods
GET, OPTIONS
Access-Control-Allow-Origin
https://patient.labcorp.com
Access-Control-Max-Age
3600
Connection
Keep-Alive
Content-Length
0
Content-Type
application/octet-stream
Date
Thu, 17 Oct 2024 14:07:20 GMT
Keep-Alive
timeout=5, max=100
Server
nginx
Strict-Transport-Security
max-age=315360000; includeSubDomains
Vary
Origin
X-Okta-Request-Id
ZxEaGAOl0WENVCkZxfJyogAABVQ
openid-configuration
login-patient.labcorp.com/oauth2/default/.well-known/ 		3 KB
6 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://login-patient.labcorp.com/oauth2/default/.well-known/openid-configuration
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/polyfills-es2015.b87f0519b1574d0b1ba0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.49.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ad3225ce0e27ecc67.awsglobalaccelerator.com
Software
nginx /
Resource Hash
e63c3fa1b2c3ebaea1683722714f25b7c98cf4dff2906307f00c8a6398be5345
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

X-Okta-User-Agent-Extended
okta-auth-js/7.5.0 @okta/okta-angular/5.3.0 Angular/11.2.8
Referer
https://patient.labcorp.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
application/json
Content-Type
application/json

Response headers

x-content-type-options
nosniff
expires
Fri, 18 Oct 2024 14:06:48 GMT
p3p
CP="HONK"
Keep-Alive
timeout=5, max=99
Date
Thu, 17 Oct 2024 14:07:20 GMT
Content-Type
application/json
vary
Origin
X-Okta-Request-Id
ZxEaGAOl0WENVCkZxfJypQAABVQ
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=315360000; includeSubDomains
cache-control
max-age=86400, must-revalidate
accept-ch
Sec-CH-UA-Platform-Version
Connection
Keep-Alive
Access-Control-Allow-Credentials
true
referrer-policy
strict-origin-when-cross-origin
content-security-policy-report-only
default-src 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com; connect-src 'self' labcorp.okta.com labcorp-admin.okta.com login-patient.labcorp.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com labcorp.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com; style-src 'unsafe-inline' 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com; frame-src 'self' labcorp.okta.com labcorp-admin.okta.com login-patient.labcorp.com login.okta.com *.vidyard.com https://patient.labcorp.com com-okta-authenticator:; img-src 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' labcorp.okta.com login-patient.labcorp.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self'
Access-Control-Allow-Origin
https://patient.labcorp.com
x-xss-protection
0
Server
nginx
id
dpm.demdex.net/ 		366 B
914 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=B2CC6D25615AB18E0A495EA4%40AdobeOrg&d_nsid=0&ts=1729174039944
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/polyfills-es2015.b87f0519b1574d0b1ba0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.248.198.130 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-248-198-130.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
cfd7432d2d616acb643cc4642158660f3d5727d9289ef4b5aced989c8108aff1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Referer
https://patient.labcorp.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
dcs
dcs-prod-irl1-1-v067-0199020e5.edge-irl1.demdex.com 3 ms
content-encoding
gzip
pragma
no-cache
access-control-allow-credentials
true
x-tid
J40Nk1coSts=
expires
Thu, 01 Jan 1970 00:00:00 UTC
access-control-allow-origin
https://patient.labcorp.com
content-length
309
p3p
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
date
Thu, 17 Oct 2024 14:07:20 GMT
content-type
application/json;charset=utf-8
vary
Origin
AppMeasurement.min.js
assets.adobedtm.com/extensions/EPbf7b42aa08bc4f10879b1484195e80d1/ 		34 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/extensions/EPbf7b42aa08bc4f10879b1484195e80d1/AppMeasurement.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/387d64faac89/5521db81ea87/launch-1e5a6d56184f.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
d6d01246a30e9d483531c27721f73f266fa4af35effdb21683ac02a620ab8aaf

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://patient.labcorp.com/

Response headers

cache-control
no-cache
timing-allow-origin
*
content-encoding
gzip
etag
"dfdd9e1f988805f0c2fbb10cd6b8f034:1663863409.614694"
expires
Thu, 17 Oct 2024 15:07:19 GMT
accept-ranges
bytes
access-control-allow-origin
https://patient.labcorp.com
content-length
12384
date
Thu, 17 Oct 2024 14:07:19 GMT
content-type
application/x-javascript
last-modified
Thu, 22 Sep 2022 16:16:49 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
dest5.html
labcorp.demdex.net/ Frame 2799 		0
0
ibs:dpid=411&dpuuid=ZxEaGAAAAL_OMwO-
dpm.demdex.net/
Redirect Chain
  • https://cm.everesttech.net/cm/dd?d_uuid=21632240710800709371490323054813795077
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZxEaGAAAAL_OMwO-
42 B
715 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZxEaGAAAAL_OMwO-
Protocol
H2
Server
34.248.198.130 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-248-198-130.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://patient.labcorp.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
dcs
dcs-prod-irl1-1-v067-0c6074d7b.edge-irl1.demdex.com 2 ms
content-encoding
gzip
pragma
no-cache
x-content-type-options
nosniff
x-tid
ceA3PPyBSfM=
expires
Thu, 01 Jan 1970 00:00:00 UTC
content-length
59
p3p
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
date
Thu, 17 Oct 2024 14:07:20 GMT
content-type
image/gif

Redirect headers

Cache-Control
no-cache
Location
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZxEaGAAAAL_OMwO-
P3P
CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Content-Length
0
Date
Thu, 17 Oct 2024 14:07:20 GMT
Connection
keep-alive
Server
AMO-cookiemap/1.1
Primary Request authorize
login-patient.labcorp.com/oauth2/default/v1/ 		57 KB
20 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://login-patient.labcorp.com/oauth2/default/v1/authorize?client_id=0oaympyx2kMM41A140x7&code_challenge=NJAeykWG_3-SbrDVzjLkanVB-Uq5xYx__119ijmjm4A&code_challenge_method=S256&nonce=ae9g0SFy1q9WxrURBY1zZKRgdF81Kb7yV9EUwTfxeX4duMU8utNRkRj4BvDLnNik&redirect_uri=https%3A%2F%2Fpatient.labcorp.com%2Fcallback&response_type=code&state=GUTtEHjaYnPgQRVKTAOyHqfokxEB0XlLyfG1LSKjkGDykWdVVprHA88eGoPuik90&scope=openid%20email%20profile
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/main-es2015.a2a211c50a5078f60693.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.49.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ad3225ce0e27ecc67.awsglobalaccelerator.com
Software
nginx /
Resource Hash
ff714428e58a764745f4bd722d82ebf1f15a9c41490386f6b8a4a646a56570ee
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://patient.labcorp.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Connection
Keep-Alive
Content-Encoding
gzip
Content-Type
text/html;charset=utf-8
Date
Thu, 17 Oct 2024 14:07:20 GMT
Keep-Alive
timeout=5, max=100
Server
nginx
Strict-Transport-Security
max-age=315360000; includeSubDomains
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Robots-Tag
noindex,nofollow
accept-ch
Sec-CH-UA-Platform-Version
cache-control
no-cache, no-store
content-language
de
content-security-policy-report-only
default-src 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com; connect-src 'self' labcorp.okta.com labcorp-admin.okta.com login-patient.labcorp.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com labcorp.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com; style-src 'unsafe-inline' 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com; frame-src 'self' labcorp.okta.com labcorp-admin.okta.com login-patient.labcorp.com login.okta.com *.vidyard.com https://patient.labcorp.com com-okta-authenticator:; img-src 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' labcorp.okta.com login-patient.labcorp.com data: *.oktacdn.com fonts.gstatic.com
expires
0
p3p
CP="HONK"
pragma
no-cache
referrer-policy
no-referrer
x-content-type-options
nosniff
x-okta-request-id
ZxEaGOICkdtFGDeMG3defAAACKQ
x-rate-limit-limit
1200
x-rate-limit-remaining
877
x-rate-limit-reset
1729174064
x-ua-compatible
IE=edge
x-xss-protection
0
css2
fonts.googleapis.com/ 		15 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Source+Code+Pro:wght@400;500;600;700;800;900&display=swap
Requested by
Host: login-patient.labcorp.com
URL: https://login-patient.labcorp.com/oauth2/default/v1/authorize?client_id=0oaympyx2kMM41A140x7&code_challenge=NJAeykWG_3-SbrDVzjLkanVB-Uq5xYx__119ijmjm4A&code_challenge_method=S256&nonce=ae9g0SFy1q9WxrURBY1zZKRgdF81Kb7yV9EUwTfxeX4duMU8utNRkRj4BvDLnNik&redirect_uri=https%3A%2F%2Fpatient.labcorp.com%2Fcallback&response_type=code&state=GUTtEHjaYnPgQRVKTAOyHqfokxEB0XlLyfG1LSKjkGDykWdVVprHA88eGoPuik90&scope=openid%20email%20profile
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e5be456a4f8da7c69876e73d36d4d3f59af5ccf1b735cb25be7353ab7c725d59
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Thu, 17 Oct 2024 14:07:21 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 17 Oct 2024 14:07:21 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Thu, 17 Oct 2024 14:07:21 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
okta-sign-in.min.js
ok2static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.23.2/js/ 		2 MB
496 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ok2static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.23.2/js/okta-sign-in.min.js
Requested by
Host: login-patient.labcorp.com
URL: https://login-patient.labcorp.com/oauth2/default/v1/authorize?client_id=0oaympyx2kMM41A140x7&code_challenge=NJAeykWG_3-SbrDVzjLkanVB-Uq5xYx__119ijmjm4A&code_challenge_method=S256&nonce=ae9g0SFy1q9WxrURBY1zZKRgdF81Kb7yV9EUwTfxeX4duMU8utNRkRj4BvDLnNik&redirect_uri=https%3A%2F%2Fpatient.labcorp.com%2Fcallback&response_type=code&state=GUTtEHjaYnPgQRVKTAOyHqfokxEB0XlLyfG1LSKjkGDykWdVVprHA88eGoPuik90&scope=openid%20email%20profile
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.116 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-116.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
f60800d5114eb72b305133a3ccb5a441b12daffb5f166dfbcc5cf028283d0b97
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://login-patient.labcorp.com
Referer

Response headers

content-encoding
gzip
etag
W/"f42fd819be9c8ce10ec67481a1ef6cfc"
age
746819
expires
Wed, 08 Oct 2025 22:40:22 GMT
x-cache
Hit from cloudfront
x-amz-cf-id
CczouNNWxa36qcrJscRt87tp92y9HdOYQcLFY8qagLITiGJA1V9nVQ==
date
Tue, 08 Oct 2024 22:40:22 GMT
content-type
application/javascript
last-modified
Tue, 08 Oct 2024 21:41:23 GMT
vary
Accept-Encoding
strict-transport-security
max-age=315360000; includeSubDomains
cache-control
max-age=31536000, public,max-age=31536000,s-maxage=1814400
via
1.1 218c6128df18321f9758e53ccc351448.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-amz-meta-sha1sum
9b68a71f87f8d9c537f39e668840507d13d87435
x-amz-cf-pop
FRA60-P6
server
nginx
okta-sign-in.min.css
ok2static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.23.2/css/ 		218 KB
37 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ok2static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.23.2/css/okta-sign-in.min.css
Requested by
Host: login-patient.labcorp.com
URL: https://login-patient.labcorp.com/oauth2/default/v1/authorize?client_id=0oaympyx2kMM41A140x7&code_challenge=NJAeykWG_3-SbrDVzjLkanVB-Uq5xYx__119ijmjm4A&code_challenge_method=S256&nonce=ae9g0SFy1q9WxrURBY1zZKRgdF81Kb7yV9EUwTfxeX4duMU8utNRkRj4BvDLnNik&redirect_uri=https%3A%2F%2Fpatient.labcorp.com%2Fcallback&response_type=code&state=GUTtEHjaYnPgQRVKTAOyHqfokxEB0XlLyfG1LSKjkGDykWdVVprHA88eGoPuik90&scope=openid%20email%20profile
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.116 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-116.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
e35e1d03fb9b7417fc605b85e7a9ef1baa9822bc6e6191e9e28f95e80ecbaf13
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://login-patient.labcorp.com
Referer

Response headers

content-encoding
gzip
etag
W/"cc9b6afb7dec5ab168ad8d9335378d66"
age
746819
expires
Wed, 08 Oct 2025 22:40:22 GMT
x-cache
Hit from cloudfront
x-amz-cf-id
xCylnfBLLbD5slC4VGvTgoGSwByUBtYq-Bp-7-RpekWy6fcZ3yBbwQ==
date
Tue, 08 Oct 2024 22:40:22 GMT
content-type
text/css
last-modified
Tue, 08 Oct 2024 21:40:16 GMT
vary
Accept-Encoding
strict-transport-security
max-age=315360000; includeSubDomains
cache-control
max-age=31536000, public,max-age=31536000,s-maxage=1814400
via
1.1 218c6128df18321f9758e53ccc351448.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-amz-meta-sha1sum
42552ed2802032ae710ebd409ad23207be6c3929
x-amz-cf-pop
FRA60-P6
server
nginx
custom-signin.a91af2abfd04662e499bd3e151150dbf.css
ok2static.oktacdn.com/assets/loginpage/css/ 		6 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ok2static.oktacdn.com/assets/loginpage/css/custom-signin.a91af2abfd04662e499bd3e151150dbf.css
Requested by
Host: login-patient.labcorp.com
URL: https://login-patient.labcorp.com/oauth2/default/v1/authorize?client_id=0oaympyx2kMM41A140x7&code_challenge=NJAeykWG_3-SbrDVzjLkanVB-Uq5xYx__119ijmjm4A&code_challenge_method=S256&nonce=ae9g0SFy1q9WxrURBY1zZKRgdF81Kb7yV9EUwTfxeX4duMU8utNRkRj4BvDLnNik&redirect_uri=https%3A%2F%2Fpatient.labcorp.com%2Fcallback&response_type=code&state=GUTtEHjaYnPgQRVKTAOyHqfokxEB0XlLyfG1LSKjkGDykWdVVprHA88eGoPuik90&scope=openid%20email%20profile
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.116 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-116.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
a1566688dd7e6e7cdce8dd2634ac42a7d939f0f9ee471a8d79b9a9e7f956e4d0
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://login-patient.labcorp.com
Referer

Response headers

content-encoding
gzip
etag
W/"a91af2abfd04662e499bd3e151150dbf"
age
822696
expires
Wed, 08 Oct 2025 01:35:45 GMT
x-cache
Hit from cloudfront
x-amz-cf-id
PS0hk2P8ohBCGP2Z-mTLNtQqHAGcbdvlGq7Dc5J5I3VWpEkusSDyTw==
date
Tue, 08 Oct 2024 01:35:45 GMT
content-type
text/css
last-modified
Tue, 06 Aug 2024 22:53:46 GMT
vary
Accept-Encoding
strict-transport-security
max-age=315360000; includeSubDomains
cache-control
max-age=31536000, public,max-age=31536000,s-maxage=1814400
via
1.1 218c6128df18321f9758e53ccc351448.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-amz-meta-sha1sum
411f2a1669354e6e50ec0fe8def6481fd6ca8daf
x-amz-cf-pop
FRA60-P6
server
nginx
fs0103mwup3iatbnT0x8
ok2static.oktacdn.com/fs/bco/1/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ok2static.oktacdn.com/fs/bco/1/fs0103mwup3iatbnT0x8
Requested by
Host: login-patient.labcorp.com
URL: https://login-patient.labcorp.com/oauth2/default/v1/authorize?client_id=0oaympyx2kMM41A140x7&code_challenge=NJAeykWG_3-SbrDVzjLkanVB-Uq5xYx__119ijmjm4A&code_challenge_method=S256&nonce=ae9g0SFy1q9WxrURBY1zZKRgdF81Kb7yV9EUwTfxeX4duMU8utNRkRj4BvDLnNik&redirect_uri=https%3A%2F%2Fpatient.labcorp.com%2Fcallback&response_type=code&state=GUTtEHjaYnPgQRVKTAOyHqfokxEB0XlLyfG1LSKjkGDykWdVVprHA88eGoPuik90&scope=openid%20email%20profile
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.116 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-116.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
4993f870aca3106a39c8d70a32ac0ecdc4ad8370dbbfa0bafaf61f2a7f9024ed
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

etag
"c861e01afba3dfefc5bcc04de6a1a796"
age
789541
expires
Wed, 08 Oct 2025 10:48:19 GMT
x-cache
Hit from cloudfront
x-amz-cf-id
CrpNJ9bQcEYaE5Le97UuLU9p8wQqOcxqVBxZSetRgK4cpVyxyMEa_Q==
date
Tue, 08 Oct 2024 10:48:19 GMT
content-type
image/png
last-modified
Thu, 22 Jun 2023 04:57:11 GMT
strict-transport-security
max-age=315360000; includeSubDomains
cache-control
max-age=31536000, public,max-age=31536000,s-maxage=1814400
via
1.1 b17826d683a2d96e59e274ca2b79697e.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
6018
x-amz-cf-pop
FRA60-P6
server
nginx
initLoginPage.pack.58de3be0c9b511a0fdfd7ea4f69b56fc.js
ok2static.oktacdn.com/assets/js/mvc/loginpage/ 		204 KB
76 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ok2static.oktacdn.com/assets/js/mvc/loginpage/initLoginPage.pack.58de3be0c9b511a0fdfd7ea4f69b56fc.js
Requested by
Host:
URL: OktaUtil.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.116 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-116.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
6a6c595fcf3a6c74bf3509f160ba34b78a8a3eb92ecaf290412c46679576d3ed
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://login-patient.labcorp.com
Referer

Response headers

content-encoding
gzip
etag
W/"58de3be0c9b511a0fdfd7ea4f69b56fc"
age
1605382
expires
Mon, 29 Sep 2025 00:10:59 GMT
x-cache
Hit from cloudfront
x-amz-cf-id
WjK0GcUypwzfrDCgec_FV_a81mIcu-vE0mgvNDAPzq4J8foITxVDZg==
date
Sun, 29 Sep 2024 00:10:59 GMT
content-type
application/javascript
last-modified
Thu, 09 Nov 2023 00:18:35 GMT
vary
Accept-Encoding
strict-transport-security
max-age=315360000; includeSubDomains
cache-control
max-age=31536000, public,max-age=31536000,s-maxage=1814400
via
1.1 218c6128df18321f9758e53ccc351448.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-amz-meta-sha1sum
91eca02abf11239ec4af7a30b1da6e2610f1b9a6
x-amz-cf-pop
FRA60-P6
server
nginx
fs0103mwupk8BAYDo0x8
ok2static.oktacdn.com/fs/bco/7/ 		32 KB
32 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ok2static.oktacdn.com/fs/bco/7/fs0103mwupk8BAYDo0x8
Requested by
Host: login-patient.labcorp.com
URL: https://login-patient.labcorp.com/oauth2/default/v1/authorize?client_id=0oaympyx2kMM41A140x7&code_challenge=NJAeykWG_3-SbrDVzjLkanVB-Uq5xYx__119ijmjm4A&code_challenge_method=S256&nonce=ae9g0SFy1q9WxrURBY1zZKRgdF81Kb7yV9EUwTfxeX4duMU8utNRkRj4BvDLnNik&redirect_uri=https%3A%2F%2Fpatient.labcorp.com%2Fcallback&response_type=code&state=GUTtEHjaYnPgQRVKTAOyHqfokxEB0XlLyfG1LSKjkGDykWdVVprHA88eGoPuik90&scope=openid%20email%20profile
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.116 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-116.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
f71321a443d2c952d2926082caf12cf8935b3d17e85e97140f2471432601a23e
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://login-patient.labcorp.com/

Response headers

etag
"38c13e119415e4b7237335fddd745bdd"
age
1698649
expires
Sat, 27 Sep 2025 22:16:32 GMT
x-cache
Hit from cloudfront
x-amz-cf-id
hvtgwrJ-dmh0onIosk5OEXgp_M2IpySKycq52cIScnWSIgbQcOQsEA==
date
Fri, 27 Sep 2024 22:16:32 GMT
content-type
image/jpeg
last-modified
Thu, 22 Jun 2023 04:57:11 GMT
strict-transport-security
max-age=315360000; includeSubDomains
cache-control
max-age=31536000, public,max-age=31536000,s-maxage=1814400
via
1.1 b17826d683a2d96e59e274ca2b79697e.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
32351
x-amz-cf-pop
FRA60-P6
server
nginx
login_de.json
ok2static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.23.2/labels/json/ 		116 KB
116 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ok2static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.23.2/labels/json/login_de.json
Requested by
Host: ok2static.oktacdn.com
URL: https://ok2static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.23.2/js/okta-sign-in.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.116 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-116.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
d1052ee84460c9422cd7466310f6683e1838fd93cf22bda26dbbfcb0e109b5c9
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
accept
application/json
content-type
text/plain

Response headers

etag
"09a8a847ec7a485a6652f564bc614076"
age
746623
expires
Wed, 08 Oct 2025 22:43:38 GMT
x-cache
Hit from cloudfront
x-amz-cf-id
aA1lsW4a45VpBtfwH8XsXIMVeV4ZfzQXJxcMjeNEX3BkJ1CTbOa6Xw==
date
Tue, 08 Oct 2024 22:43:38 GMT
content-type
application/json
last-modified
Tue, 08 Oct 2024 21:41:29 GMT
strict-transport-security
max-age=315360000; includeSubDomains
cache-control
max-age=31536000, public,max-age=31536000,s-maxage=1814400
via
1.1 218c6128df18321f9758e53ccc351448.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
x-amz-meta-sha1sum
c15efb1349bf8673f1c715c4c9a936b1d76ff3c5
content-length
118342
x-amz-cf-pop
FRA60-P6
server
nginx
country_de.json
ok2static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.23.2/labels/json/ 		5 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ok2static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.23.2/labels/json/country_de.json
Requested by
Host: ok2static.oktacdn.com
URL: https://ok2static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.23.2/js/okta-sign-in.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.116 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-116.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
e540549c5ee85d139a6590536daf86400fccd811ebc9d5b714794efe1e34b897
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
accept
application/json
content-type
text/plain

Response headers

etag
"51bec6463b4f7c5a26ede1fd8ee067f8"
age
746623
expires
Wed, 08 Oct 2025 22:43:38 GMT
x-cache
Hit from cloudfront
x-amz-cf-id
1t5Dv6kr4Vg5NKDjvw-dbPEA0SV8oNjYcqwZyNmWOEiv7JhmvefS9g==
date
Tue, 08 Oct 2024 22:43:38 GMT
content-type
application/json
last-modified
Tue, 08 Oct 2024 21:41:26 GMT
strict-transport-security
max-age=315360000; includeSubDomains
cache-control
max-age=31536000, public,max-age=31536000,s-maxage=1814400
via
1.1 218c6128df18321f9758e53ccc351448.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
x-amz-meta-sha1sum
251dd1ccca4c80570aee52db71eed703ac579ad8
content-length
4805
x-amz-cf-pop
FRA60-P6
server
nginx
logo-patient-color.svg
patient.labcorp.com/assets/images/ 		16 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://patient.labcorp.com/assets/images/logo-patient-color.svg
Requested by
Host: login-patient.labcorp.com
URL: https://login-patient.labcorp.com/oauth2/default/v1/authorize?client_id=0oaympyx2kMM41A140x7&code_challenge=NJAeykWG_3-SbrDVzjLkanVB-Uq5xYx__119ijmjm4A&code_challenge_method=S256&nonce=ae9g0SFy1q9WxrURBY1zZKRgdF81Kb7yV9EUwTfxeX4duMU8utNRkRj4BvDLnNik&redirect_uri=https%3A%2F%2Fpatient.labcorp.com%2Fcallback&response_type=code&state=GUTtEHjaYnPgQRVKTAOyHqfokxEB0XlLyfG1LSKjkGDykWdVVprHA88eGoPuik90&scope=openid%20email%20profile
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.249.205.104 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-205-104.dfw56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7c56074397f9ad3a0149bb842a97ffa27682b5fa86d5a1122ed489fa30fdcce0
Security Headers
Name Value
Content-Security-Policy default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
gzip
x-amz-version-id
Drw9vC.iK0zP.vvVPcDvWZOLLg4PHbTD
etag
W/"2f62a1cffc9ea2ce8845e3ac0608fc01"
age
941
expect-ct
max-age=0
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
zIZSCJGUSW9U2gh_JQpeQEXFQH9sQQimE_FNi8oYM-Mvh-wN6bq5PQ==
date
Thu, 17 Oct 2024 13:51:41 GMT
content-type
image/svg+xml
last-modified
Thu, 12 Oct 2023 14:23:13 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
x-dns-prefetch-control
off
referrer-policy
strict-origin
x-download-options
noopen
via
1.1 905564ca9c1aa8178ba9f0bf77d23d96.cloudfront.net (CloudFront)
permissions-policy
payment=(*)
x-xss-protection
1; mode=block
x-amz-cf-pop
DFW56-P10
server
AmazonS3
x-amz-server-side-encryption
AES256
iframe.html
login.okta.com/discovery/ Frame 7088 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://login.okta.com/discovery/iframe.html
Requested by
Host: ok2static.oktacdn.com
URL: https://ok2static.oktacdn.com/assets/js/mvc/loginpage/initLoginPage.pack.58de3be0c9b511a0fdfd7ea4f69b56fc.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
108.138.7.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-7-126.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Age
76468
Connection
keep-alive
Content-Length
451
Content-Type
text/html
Date
Wed, 16 Oct 2024 16:52:54 GMT
ETag
"b2b86038bc19f36d4e1a0024a848c529"
Last-Modified
Thu, 03 Oct 2024 15:45:41 GMT
Server
AmazonS3
Strict-Transport-Security
max-age=31536000; includeSubDomains
Via
1.1 22ec86e3f4ec676e17ef8eea76eefba2.cloudfront.net (CloudFront)
X-Amz-Cf-Id
wxmZJjE2--Npan6AA2pciidy3SKUwA5Uuw6Sd9KlWVSljGTlstntqw==
X-Amz-Cf-Pop
FRA56-P6
X-Cache
Hit from cloudfront
introspect
login-patient.labcorp.com/idp/idx/ 		23 KB
26 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://login-patient.labcorp.com/idp/idx/introspect
Requested by
Host: ok2static.oktacdn.com
URL: https://ok2static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.23.2/js/okta-sign-in.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.49.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ad3225ce0e27ecc67.awsglobalaccelerator.com
Software
nginx /
Resource Hash
46743909bc846a81ef9237372d91fec43f920c7a317fdde63deedc0ded8257c2
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

X-Okta-User-Agent-Extended
okta-auth-js/7.8.0 okta-signin-widget-7.23.2
Referer
Accept-Language
de
Accept
application/ion+json; okta-version=1.0.0
Content-Type
application/ion+json; okta-version=1.0.0
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

X-Robots-Tag
noindex,nofollow
x-rate-limit-limit
2000
x-content-type-options
nosniff
expires
0
p3p
CP="HONK"
Keep-Alive
timeout=5, max=99
Date
Thu, 17 Oct 2024 14:07:21 GMT
Content-Type
application/ion+json;okta-version=1.0.0
x-rate-limit-remaining
1567
vary
Origin
x-okta-request-id
ZxEaGeICkdtFGDeMG3dehAAACKQ
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=315360000; includeSubDomains
cache-control
no-cache, no-store
x-rate-limit-reset
1729174045
pragma
no-cache
accept-ch
Sec-CH-UA-Platform-Version
Connection
Keep-Alive
access-control-allow-credentials
true
content-security-policy-report-only
default-src 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com; connect-src 'self' labcorp.okta.com labcorp-admin.okta.com login-patient.labcorp.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com labcorp.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com; style-src 'unsafe-inline' 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com; frame-src 'self' labcorp.okta.com labcorp-admin.okta.com login-patient.labcorp.com login.okta.com *.vidyard.com https://patient.labcorp.com com-okta-authenticator:; img-src 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' labcorp.okta.com login-patient.labcorp.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self'
referrer-policy
strict-origin-when-cross-origin
access-control-allow-origin
https://login-patient.labcorp.com
x-xss-protection
0
Server
nginx
favicon.ico
login-patient.labcorp.com/ 		5 KB
6 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://login-patient.labcorp.com/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.49.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ad3225ce0e27ecc67.awsglobalaccelerator.com
Software
nginx /
Resource Hash
f9e86fb363a05f75ab3b525439d46bf4911d4cd4ae94c656c0198206374002aa
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Strict-Transport-Security
max-age=315360000; includeSubDomains
X-Robots-Tag
noindex,nofollow
etag
W/"5430-1728493936000"
Connection
Keep-Alive
x-content-type-options
nosniff
accept-ranges
bytes
Content-Length
5430
Keep-Alive
timeout=5, max=98
Date
Thu, 17 Oct 2024 14:07:21 GMT
Content-Type
image/x-icon
last-modified
Wed, 09 Oct 2024 17:12:16 GMT
Server
nginx
okticon.woff
ok2static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.23.2/font/ 		20 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ok2static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.23.2/font/okticon.woff
Requested by
Host: ok2static.oktacdn.com
URL: https://ok2static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.23.2/css/okta-sign-in.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.116 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-116.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
7eccbb3b4b68f9f24a3b826f2eea4a1bbb48196cb734afc1b62c3d045cb680e1
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://login-patient.labcorp.com
Referer
https://ok2static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.23.2/css/okta-sign-in.min.css

Response headers

etag
"db28723126138387cdf40680e6e0fa5d"
age
746700
expires
Wed, 08 Oct 2025 22:42:21 GMT
x-cache
Hit from cloudfront
x-amz-cf-id
sTCfLnk322M2qaJgnj6Nsfl1FWx9LL4gePyRySg0PnKF9WXOQ63VGw==
date
Tue, 08 Oct 2024 22:42:21 GMT
content-type
application/font-woff
last-modified
Tue, 08 Oct 2024 21:41:12 GMT
strict-transport-security
max-age=315360000; includeSubDomains
cache-control
max-age=31536000, public,max-age=31536000,s-maxage=1814400
via
1.1 218c6128df18321f9758e53ccc351448.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
x-amz-meta-sha1sum
4d706297987d613a4e3f4f23d08c62d16830845d
content-length
20600
x-amz-cf-pop
FRA60-P6
server
nginx

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
geolocation.onetrust.com
URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Domain
labcorp.demdex.net
URL
https://labcorp.demdex.net/dest5.html?d_nsid=0

Verdicts & Comments Add Verdict or Comment

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| regeneratorRuntime function| jQueryCourage object| u2f function| OktaSignIn function| signInSuccessCallBackFunction object| oktaData function| runLoginPage object| OktaUtil object| config string| urlString string| clientId object| customButtons string| logoUrl1 string| logoUrl2 object| oktaSignIn function| debounce function| updateContent object| OktaLogin object| jQBrowser

7 Cookies

Domain/Path Name / Value
.demdex.net/ Name: demdex
Value: 21632240710800709371490323054813795077
.labcorp.com/ Name: AMCVS_B2CC6D25615AB18E0A495EA4%40AdobeOrg
Value: 1
.dpm.demdex.net/ Name: dpm
Value: 21632240710800709371490323054813795077
.labcorp.com/ Name: AMCV_B2CC6D25615AB18E0A495EA4%40AdobeOrg
Value: 179643557%7CMCIDTS%7C20014%7CMCMID%7C15624054903744149172235236475051314777%7CMCAAMLH-1729778840%7C6%7CMCAAMB-1729778840%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1729181240s%7CNONE%7CMCSYNCSOP%7C411-20021%7CvVersion%7C5.5.0
.labcorp.com/ Name: OptanonConsent
Value: isGpcEnabled=0&datestamp=Thu+Oct+17+2024+16%3A07%3A20+GMT%2B0200+(Mitteleurop%C3%A4ische+Sommerzeit)&version=202407.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=d4878682-9430-4fb2-b936-dbaa3722bfa1&interactionCount=1&isAnonUser=1&landingPath=https%3A%2F%2Fpatient.labcorp.com%2F90f7a532-07e2-4aea-a588-7791c437abf6&groups=C0001%3A1%2CC0003%3A0%2CC0002%3A0%2CC0004%3A0%2CC0007%3A0
login-patient.labcorp.com/ Name: DT
Value: DI13sjGghbIRxmNiXGHVk4JYQ
login-patient.labcorp.com/ Name: JSESSIONID
Value: A2411A686CF4763E54C8A4D35D19B9DA

5 Console Messages

Source Level URL
Text
security error URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Message:
Refused to connect to 'https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location' because it violates the following Content Security Policy directive: "connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org".
security warning URL: about:blank
Message:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
security error URL: https://cdn.cookielaw.org/scripttemplates/202407.1.0/otBannerSdk.js(Line 6)
Message:
Refused to connect to 'https://privacyportal.onetrust.com/request/v1/consentreceipts' because it violates the following Content Security Policy directive: "connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org".
security error URL: https://login-patient.labcorp.com/oauth2/default/v1/authorize?client_id=0oaympyx2kMM41A140x7&code_challenge=NJAeykWG_3-SbrDVzjLkanVB-Uq5xYx__119ijmjm4A&code_challenge_method=S256&nonce=ae9g0SFy1q9WxrURBY1zZKRgdF81Kb7yV9EUwTfxeX4duMU8utNRkRj4BvDLnNik&redirect_uri=https%3A%2F%2Fpatient.labcorp.com%2Fcallback&response_type=code&state=GUTtEHjaYnPgQRVKTAOyHqfokxEB0XlLyfG1LSKjkGDykWdVVprHA88eGoPuik90&scope=openid%20email%20profile(Line 16)
Message:
[Report Only] Refused to load the stylesheet 'https://fonts.googleapis.com/css2?family=Source+Code+Pro:wght@400;500;600;700;800;900&display=swap' because it violates the following Content Security Policy directive: "style-src 'unsafe-inline' 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.
security error URL: https://login-patient.labcorp.com/oauth2/default/v1/authorize?client_id=0oaympyx2kMM41A140x7&code_challenge=NJAeykWG_3-SbrDVzjLkanVB-Uq5xYx__119ijmjm4A&code_challenge_method=S256&nonce=ae9g0SFy1q9WxrURBY1zZKRgdF81Kb7yV9EUwTfxeX4duMU8utNRkRj4BvDLnNik&redirect_uri=https%3A%2F%2Fpatient.labcorp.com%2Fcallback&response_type=code&state=GUTtEHjaYnPgQRVKTAOyHqfokxEB0XlLyfG1LSKjkGDykWdVVprHA88eGoPuik90&scope=openid%20email%20profile
Message:
[Report Only] Refused to load the image 'https://patient.labcorp.com/assets/images/logo-patient-color.svg' because it violates the following Content Security Policy directive: "img-src 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.adobedtm.com
cdn.cookielaw.org
cm.everesttech.net
content.patient.pendo.cws.labcorp.com
dpm.demdex.net
fonts.googleapis.com
geolocation.onetrust.com
js.braintreegateway.com
labcorp.demdex.net
login-patient.labcorp.com
login.okta.com
ok2static.oktacdn.com
patient.labcorp.com
portal-api.patient.cws.labcorp.com
geolocation.onetrust.com
labcorp.demdex.net
107.21.107.230
108.138.7.126
13.249.205.104
18.245.86.116
192.229.221.25
2606:4700::6812:572a
2a00:1450:4001:830::200a
2a02:26f0:3500:587::1e80
34.111.138.51
34.248.198.130
52.18.168.199
52.223.49.115
078bc5f70c163ed66f8ffbf347b129dfe79944374b326145d5ee5edd47d98d7a
0afaa8243a885ae98499c05dba6fd60983bc9f9a583987894c0534999dae45d1
10a8fbaa0884f4deedfb149d83b3345d7489f9995d0737d35b3282132cd04452
20d323a44df8c3d203d800a48ead4d181f8d01efeda62c7ce240314a2f356ad5
3382eb61d5ed9187fa12fc5c174283070153ba7504352aede417c7c36bc4c910
3d9ef05bcd150166c1f5163efaa04d78e47390892439d4f9bcb4d22a6b579762
46743909bc846a81ef9237372d91fec43f920c7a317fdde63deedc0ded8257c2
4993f870aca3106a39c8d70a32ac0ecdc4ad8370dbbfa0bafaf61f2a7f9024ed
51c8dc48fb49d5df075bf32d6655815cce9440a80bef0458f72a5bb85fa96d4f
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
6a6c595fcf3a6c74bf3509f160ba34b78a8a3eb92ecaf290412c46679576d3ed
7348a2eb48c9a681d6178433394c7037144d85b57ee33a11339d3a33fa1001a4
7c2092048f21074425f3e025db78fb6505f75d6fcf2e121ced055c8d53bcb1b3
7c56074397f9ad3a0149bb842a97ffa27682b5fa86d5a1122ed489fa30fdcce0
7dbc72c3f0511495fdf45d42283a246613db44b0906199cef195a773068d822f
7eccbb3b4b68f9f24a3b826f2eea4a1bbb48196cb734afc1b62c3d045cb680e1
81b220f5ce6b003b014cc6ec49c228f25a69692981943b520bd2675e133665f7
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
91b0809d8b9dc57eaa09cb0e13c210b24edfaeadb94a8cff0fee02751c1b0b5f
9a4e0af6397a30500067cf1e08dc26ec4aa597d427a6010777bb74b92675d3f6
a1566688dd7e6e7cdce8dd2634ac42a7d939f0f9ee471a8d79b9a9e7f956e4d0
bbdb499ada9a9b54877bce6e362d9dc0745374dcc39ed49ba2ee210b1429255f
bc9a16cd945457ad9463cdaed95129b01c589466978dfee3d019d9c604b2171a
bd81627dee6ce12ff27097a365d990c3e6d231c80c973794d340aa0dcf081ea6
c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0
c18ad0dc68e29a72aa5f98140af88610a0a2a40b19029c78346514f9803b39d6
cfd7432d2d616acb643cc4642158660f3d5727d9289ef4b5aced989c8108aff1
d1052ee84460c9422cd7466310f6683e1838fd93cf22bda26dbbfcb0e109b5c9
d4ebab34a6deec0d1ab70ca05c47cf7db2709d7a087ef4ed78b5a22b2e2b7b29
d56ee9404c66feb249a5297f40bb59c6b1b32ec92c0943479a31ca1403a3ab63
d5f5e3a11b1241426353d5a508c948379146e5d2ac6257f3c48f9a13fdd372d1
d6d01246a30e9d483531c27721f73f266fa4af35effdb21683ac02a620ab8aaf
d890abf66010907c7a0a61236d25c3c98bcb7edec34b13dc887f5be122bfef7e
da983c5cc16eef0aeebf15cd3c0de165efe84261b280c708e7375b552defae7f
e35e1d03fb9b7417fc605b85e7a9ef1baa9822bc6e6191e9e28f95e80ecbaf13
e426698cad245f1ee6b3a251500b07c9cc5322c050fbf149861e15c09603852c
e540549c5ee85d139a6590536daf86400fccd811ebc9d5b714794efe1e34b897
e5be456a4f8da7c69876e73d36d4d3f59af5ccf1b735cb25be7353ab7c725d59
e63c3fa1b2c3ebaea1683722714f25b7c98cf4dff2906307f00c8a6398be5345
ea450999d89d09a09767b77765a87a9d051dfa7c24ce5c382de148bef506ab0b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f60800d5114eb72b305133a3ccb5a441b12daffb5f166dfbcc5cf028283d0b97
f71321a443d2c952d2926082caf12cf8935b3d17e85e97140f2471432601a23e
f9e86fb363a05f75ab3b525439d46bf4911d4cd4ae94c656c0198206374002aa
ff714428e58a764745f4bd722d82ebf1f15a9c41490386f6b8a4a646a56570ee