eap.optumfinancial.com Open in urlscan Pro
149.111.149.139  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

24 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request eapLogin.jsf Show response eap.optumfinancial.com/EAP/Portlets/	14 KB 15 KB	1247ms 154ms	Document text/html	149.111.149.139 UHC
General Check archive.org Show headers Download Go to Full URL https://eap.optumfinancial.com/EAP/Portlets/eapLogin.jsf Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 149.111.149.139 , United States, ASN10879 (UHC, US), Reverse DNS eap-ldap-cop7-elr.uhc.com Software / Resource Hash 35ca36b07fc3ffcd7fe4ba7bc1ee64eb209933f9c95a8c516ddc2fa887bee2f2 Security Headers Name Value Content-Security-Policy default-src 'self' https:; font-src https: data:; img-src blob: https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer no-referrer-when-downgrade Strict-Transport-Security max-age=16070400; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Access-Control-Allow-Headers DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,origin, authorization, accept, client-security-token Access-Control-Allow-Methods GET, PUT, POST, DELETE, PATCH Access-Control-Allow-Origin * Access-Control-Expose-Headers Content-Length,Content-Range Access-Control-Max-Age 1000 Cache-Control no-cache no-store must-revalidate Connection Keep-Alive Content-Language en-US Content-Security-Policy default-src 'self' https:; font-src https: data:; img-src blob: https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer no-referrer-when-downgrade Content-Type text/html;charset=UTF-8 Date Fri, 01 Dec 2023 13:09:25 GMT Expires Mon, 8 Aug 2006 10:00:00 GMT Keep-Alive timeout=10, max=1000 Pragma no-cache Strict-Transport-Security max-age=16070400; includeSubDomains; preload Transfer-Encoding chunked X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Robots-Tag noindex nofollow X-UA-Compatible IE=EmulateIE8 X-XSS-Protection 1; mode=block
GET H/1.1	200 OK	AC_OETags.js Show response eap.optumfinancial.com/cap_static/OFS_shared/js/rsa_v11/	8 KB 9 KB	491ms 131ms	Script application/x-javascript	149.111.149.139 UHC
General Check archive.org Show headers Download Go to Full URL https://eap.optumfinancial.com/cap_static/OFS_shared/js/rsa_v11/AC_OETags.js Requested by Host: eap.optumfinancial.com URL: https://eap.optumfinancial.com/EAP/Portlets/eapLogin.jsf Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 149.111.149.139 , United States, ASN10879 (UHC, US), Reverse DNS eap-ldap-cop7-elr.uhc.com Software / Resource Hash cc7accdb92b0a05e530a0009de55307dd7cdef2b2f6099cb5450547aa74fe463 Security Headers Name Value Content-Security-Policy default-src 'self' https:; font-src https: data:; img-src blob: https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer no-referrer-when-downgrade Strict-Transport-Security max-age=16070400; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://eap.optumfinancial.com/EAP/Portlets/eapLogin.jsf User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Date Fri, 01 Dec 2023 13:09:26 GMT Strict-Transport-Security max-age=16070400; includeSubDomains; preload X-Content-Type-Options nosniff Content-Security-Policy default-src 'self' https:; font-src https: data:; img-src blob: https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer no-referrer-when-downgrade Connection Keep-Alive Content-Length 7822 X-XSS-Protection 1; mode=block Last-Modified Thu, 29 Apr 2021 18:17:46 GMT ETag "1e8e-5c12083172680" X-Frame-Options SAMEORIGIN Access-Control-Allow-Methods GET, PUT, POST, DELETE, PATCH Content-Type application/x-javascript Access-Control-Allow-Origin * Access-Control-Expose-Headers Content-Length,Content-Range Access-Control-Max-Age 1000 Accept-Ranges bytes Access-Control-Allow-Headers DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,origin, authorization, accept, client-security-token Keep-Alive timeout=10, max=1000
GET H/1.1	200 OK	hashtable.js Show response eap.optumfinancial.com/cap_static/OFS_shared/js/rsa_v11/	13 KB 14 KB	540ms 125ms	Script application/x-javascript	149.111.149.139 UHC
General Check archive.org Show headers Download Go to Full URL https://eap.optumfinancial.com/cap_static/OFS_shared/js/rsa_v11/hashtable.js Requested by Host: eap.optumfinancial.com URL: https://eap.optumfinancial.com/EAP/Portlets/eapLogin.jsf Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 149.111.149.139 , United States, ASN10879 (UHC, US), Reverse DNS eap-ldap-cop7-elr.uhc.com Software / Resource Hash ef62646b0b21053bd22e4069e956d629cd4a64b4e35aeaaca0b522123b242c29 Security Headers Name Value Content-Security-Policy default-src 'self' https:; font-src https: data:; img-src blob: https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer no-referrer-when-downgrade Strict-Transport-Security max-age=16070400; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://eap.optumfinancial.com/EAP/Portlets/eapLogin.jsf User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Date Fri, 01 Dec 2023 13:09:26 GMT Strict-Transport-Security max-age=16070400; includeSubDomains; preload X-Content-Type-Options nosniff Content-Security-Policy default-src 'self' https:; font-src https: data:; img-src blob: https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer no-referrer-when-downgrade Connection Keep-Alive Content-Length 13680 X-XSS-Protection 1; mode=block Last-Modified Thu, 29 Apr 2021 18:17:46 GMT ETag "3570-5c12083172680" X-Frame-Options SAMEORIGIN Access-Control-Allow-Methods GET, PUT, POST, DELETE, PATCH Content-Type application/x-javascript Access-Control-Allow-Origin * Access-Control-Expose-Headers Content-Length,Content-Range Access-Control-Max-Age 1000 Accept-Ranges bytes Access-Control-Allow-Headers DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,origin, authorization, accept, client-security-token Keep-Alive timeout=10, max=998
GET H/1.1	200 OK	rsa.js Show response eap.optumfinancial.com/cap_static/OFS_shared/js/rsa_v11/	34 KB 35 KB	615ms 126ms	Script application/x-javascript	149.111.149.139 UHC
General Check archive.org Show headers Download Go to Full URL https://eap.optumfinancial.com/cap_static/OFS_shared/js/rsa_v11/rsa.js Requested by Host: eap.optumfinancial.com URL: https://eap.optumfinancial.com/EAP/Portlets/eapLogin.jsf Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 149.111.149.139 , United States, ASN10879 (UHC, US), Reverse DNS eap-ldap-cop7-elr.uhc.com Software / Resource Hash 0193b6607d6b002631b1b97b03559101be6546e688ecfad270e0c9ebd3f9ab00 Security Headers Name Value Content-Security-Policy default-src 'self' https:; font-src https: data:; img-src blob: https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer no-referrer-when-downgrade Strict-Transport-Security max-age=16070400; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://eap.optumfinancial.com/EAP/Portlets/eapLogin.jsf User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Date Fri, 01 Dec 2023 13:09:26 GMT Strict-Transport-Security max-age=16070400; includeSubDomains; preload X-Content-Type-Options nosniff Content-Security-Policy default-src 'self' https:; font-src https: data:; img-src blob: https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer no-referrer-when-downgrade Connection Keep-Alive Content-Length 34849 X-XSS-Protection 1; mode=block Last-Modified Thu, 29 Apr 2021 18:17:46 GMT ETag "8821-5c12083172680" X-Frame-Options SAMEORIGIN Access-Control-Allow-Methods GET, PUT, POST, DELETE, PATCH Content-Type application/x-javascript Access-Control-Allow-Origin * Access-Control-Expose-Headers Content-Length,Content-Range Access-Control-Max-Age 1000 Accept-Ranges bytes Access-Control-Allow-Headers DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,origin, authorization, accept, client-security-token Keep-Alive timeout=10, max=999
GET H/1.1	200 OK	app_common.css eap.optumfinancial.com/cap_static/OFS_shared/css/	21 KB 22 KB	295ms 177ms	Stylesheet text/css	149.111.149.139 UHC
General Check archive.org Show headers Download Go to Full URL https://eap.optumfinancial.com/cap_static/OFS_shared/css/app_common.css Requested by Host: eap.optumfinancial.com URL: https://eap.optumfinancial.com/EAP/Portlets/eapLogin.jsf Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 149.111.149.139 , United States, ASN10879 (UHC, US), Reverse DNS eap-ldap-cop7-elr.uhc.com Software / Resource Hash 3e2d8dfde3e362b7dcf7f4d2128a87f36aef008e73c3e9db43105a97c0ab8f45 Security Headers Name Value Content-Security-Policy default-src 'self' https:; font-src https: data:; img-src blob: https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer no-referrer-when-downgrade Strict-Transport-Security max-age=16070400; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://eap.optumfinancial.com/EAP/Portlets/eapLogin.jsf User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Date Fri, 01 Dec 2023 13:09:25 GMT Strict-Transport-Security max-age=16070400; includeSubDomains; preload X-Content-Type-Options nosniff Content-Security-Policy default-src 'self' https:; font-src https: data:; img-src blob: https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer no-referrer-when-downgrade Connection Keep-Alive Content-Length 21259 X-XSS-Protection 1; mode=block Last-Modified Thu, 29 Apr 2021 18:17:46 GMT ETag "530b-5c12083172680" X-Frame-Options SAMEORIGIN Access-Control-Allow-Methods GET, PUT, POST, DELETE, PATCH Content-Type text/css Access-Control-Allow-Origin * Access-Control-Expose-Headers Content-Length,Content-Range Access-Control-Max-Age 1000 Accept-Ranges bytes Access-Control-Allow-Headers DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,origin, authorization, accept, client-security-token Keep-Alive timeout=10, max=999
GET H/1.1	200 OK	brand_Optum_v2.css eap.optumfinancial.com/cap_static/OFS_shared/css/	9 KB 10 KB	836ms 479ms	Stylesheet text/css	149.111.149.139 UHC
General Check archive.org Show headers Download Go to Full URL https://eap.optumfinancial.com/cap_static/OFS_shared/css/brand_Optum_v2.css Requested by Host: eap.optumfinancial.com URL: https://eap.optumfinancial.com/EAP/Portlets/eapLogin.jsf Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 149.111.149.139 , United States, ASN10879 (UHC, US), Reverse DNS eap-ldap-cop7-elr.uhc.com Software / Resource Hash bd640ec7f38f72a8ce6e487060ebf29ac02e4cc8f3035331d4a11495421a852c Security Headers Name Value Content-Security-Policy default-src 'self' https:; font-src https: data:; img-src blob: https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer no-referrer-when-downgrade Strict-Transport-Security max-age=16070400; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://eap.optumfinancial.com/EAP/Portlets/eapLogin.jsf User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Date Fri, 01 Dec 2023 13:09:26 GMT Strict-Transport-Security max-age=16070400; includeSubDomains; preload X-Content-Type-Options nosniff Content-Security-Policy default-src 'self' https:; font-src https: data:; img-src blob: https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer no-referrer-when-downgrade Connection Keep-Alive Content-Length 9374 X-XSS-Protection 1; mode=block Last-Modified Thu, 29 Apr 2021 18:17:46 GMT ETag "249e-5c12083172680" X-Frame-Options SAMEORIGIN Access-Control-Allow-Methods GET, PUT, POST, DELETE, PATCH Content-Type text/css Access-Control-Allow-Origin * Access-Control-Expose-Headers Content-Length,Content-Range Access-Control-Max-Age 1000 Accept-Ranges bytes Access-Control-Allow-Headers DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,origin, authorization, accept, client-security-token Keep-Alive timeout=10, max=1000
GET H/1.1	200 OK	brand_OptumHSA_v2.css eap.optumfinancial.com/cap_static/OFS_shared/css/	11 KB 12 KB	485ms 127ms	Stylesheet text/css	149.111.149.139 UHC
General Check archive.org Show headers Download Go to Full URL https://eap.optumfinancial.com/cap_static/OFS_shared/css/brand_OptumHSA_v2.css Requested by Host: eap.optumfinancial.com URL: https://eap.optumfinancial.com/EAP/Portlets/eapLogin.jsf Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 149.111.149.139 , United States, ASN10879 (UHC, US), Reverse DNS eap-ldap-cop7-elr.uhc.com Software / Resource Hash 442cf3dbb85db42be5ee7cdda3c0ea066fc6ada246377bf1f5dc71b646ac6a36 Security Headers Name Value Content-Security-Policy default-src 'self' https:; font-src https: data:; img-src blob: https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer no-referrer-when-downgrade Strict-Transport-Security max-age=16070400; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://eap.optumfinancial.com/EAP/Portlets/eapLogin.jsf User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Date Fri, 01 Dec 2023 13:09:26 GMT Strict-Transport-Security max-age=16070400; includeSubDomains; preload X-Content-Type-Options nosniff Content-Security-Policy default-src 'self' https:; font-src https: data:; img-src blob: https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer no-referrer-when-downgrade Connection Keep-Alive Content-Length 11690 X-XSS-Protection 1; mode=block Last-Modified Thu, 29 Apr 2021 18:17:46 GMT ETag "2daa-5c12083172680" X-Frame-Options SAMEORIGIN Access-Control-Allow-Methods GET, PUT, POST, DELETE, PATCH Content-Type text/css Access-Control-Allow-Origin * Access-Control-Expose-Headers Content-Length,Content-Range Access-Control-Max-Age 1000 Accept-Ranges bytes Access-Control-Allow-Headers DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,origin, authorization, accept, client-security-token Keep-Alive timeout=10, max=1000
GET H/1.1	200 OK	common_v2.js Show response eap.optumfinancial.com/cap_static/OFS_shared/js/	56 KB 57 KB	668ms 127ms	Script application/x-javascript	149.111.149.139 UHC
General Check archive.org Show headers Download Go to Full URL https://eap.optumfinancial.com/cap_static/OFS_shared/js/common_v2.js Requested by Host: eap.optumfinancial.com URL: https://eap.optumfinancial.com/EAP/Portlets/eapLogin.jsf Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 149.111.149.139 , United States, ASN10879 (UHC, US), Reverse DNS eap-ldap-cop7-elr.uhc.com Software / Resource Hash 7b4432787acb5336a2a4b600b098156fd4858a0f676d7f3fa07eb69f16eeaa78 Security Headers Name Value Content-Security-Policy default-src 'self' https:; font-src https: data:; img-src blob: https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer no-referrer-when-downgrade Strict-Transport-Security max-age=16070400; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://eap.optumfinancial.com/EAP/Portlets/eapLogin.jsf User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Date Fri, 01 Dec 2023 13:09:26 GMT Strict-Transport-Security max-age=16070400; includeSubDomains; preload X-Content-Type-Options nosniff Content-Security-Policy default-src 'self' https:; font-src https: data:; img-src blob: https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer no-referrer-when-downgrade Connection Keep-Alive Content-Length 56839 X-XSS-Protection 1; mode=block Last-Modified Thu, 29 Apr 2021 18:17:46 GMT ETag "de07-5c12083172680" X-Frame-Options SAMEORIGIN Access-Control-Allow-Methods GET, PUT, POST, DELETE, PATCH Content-Type application/x-javascript Access-Control-Allow-Origin * Access-Control-Expose-Headers Content-Length,Content-Range Access-Control-Max-Age 1000 Accept-Ranges bytes Access-Control-Allow-Headers DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,origin, authorization, accept, client-security-token Keep-Alive timeout=10, max=997
GET H/1.1	200 OK	jquery-ui-1.10.3.custom.min.css eap.optumfinancial.com/cap_static/jQuery_v2/css/custom-theme/	26 KB 27 KB	486ms 129ms	Stylesheet text/css	149.111.149.139 UHC
General Check archive.org Show headers Download Go to Full URL https://eap.optumfinancial.com/cap_static/jQuery_v2/css/custom-theme/jquery-ui-1.10.3.custom.min.css Requested by Host: eap.optumfinancial.com URL: https://eap.optumfinancial.com/EAP/Portlets/eapLogin.jsf Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 149.111.149.139 , United States, ASN10879 (UHC, US), Reverse DNS eap-ldap-cop7-elr.uhc.com Software / Resource Hash a7da7094d1a4ce76acf34ffd3960bcb0393e05bcd2545dc87ddc54bd242d44d6 Security Headers Name Value Content-Security-Policy default-src 'self' https:; font-src https: data:; img-src blob: https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer no-referrer-when-downgrade Strict-Transport-Security max-age=16070400; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://eap.optumfinancial.com/EAP/Portlets/eapLogin.jsf User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Date Fri, 01 Dec 2023 13:09:26 GMT Strict-Transport-Security max-age=16070400; includeSubDomains; preload X-Content-Type-Options nosniff Content-Security-Policy default-src 'self' https:; font-src https: data:; img-src blob: https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer no-referrer-when-downgrade Connection Keep-Alive Content-Length 27066 X-XSS-Protection 1; mode=block Last-Modified Thu, 29 Apr 2021 18:17:46 GMT ETag "69ba-5c12083172680" X-Frame-Options SAMEORIGIN Access-Control-Allow-Methods GET, PUT, POST, DELETE, PATCH Content-Type text/css Access-Control-Allow-Origin * Access-Control-Expose-Headers Content-Length,Content-Range Access-Control-Max-Age 1000 Accept-Ranges bytes Access-Control-Allow-Headers DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,origin, authorization, accept, client-security-token Keep-Alive timeout=10, max=1000
GET H/1.1	200 OK	jquery-ui.tweaks_v2.css eap.optumfinancial.com/cap_static/jqueryCustom/css/custom-theme/	2 KB 3 KB	487ms 129ms	Stylesheet text/css	149.111.149.139 UHC
General Check archive.org Show headers Download Go to Full URL https://eap.optumfinancial.com/cap_static/jqueryCustom/css/custom-theme/jquery-ui.tweaks_v2.css Requested by Host: eap.optumfinancial.com URL: https://eap.optumfinancial.com/EAP/Portlets/eapLogin.jsf Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 149.111.149.139 , United States, ASN10879 (UHC, US), Reverse DNS eap-ldap-cop7-elr.uhc.com Software / Resource Hash caf03be375515056b13bc63bbccbac0d62be6a99c5d19e080141bd82c9521fac Security Headers Name Value Content-Security-Policy default-src 'self' https:; font-src https: data:; img-src blob: https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer no-referrer-when-downgrade Strict-Transport-Security max-age=16070400; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://eap.optumfinancial.com/EAP/Portlets/eapLogin.jsf User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Date Fri, 01 Dec 2023 13:09:26 GMT Strict-Transport-Security max-age=16070400; includeSubDomains; preload X-Content-Type-Options nosniff Content-Security-Policy default-src 'self' https:; font-src https: data:; img-src blob: https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer no-referrer-when-downgrade Connection Keep-Alive Content-Length 2131 X-XSS-Protection 1; mode=block Last-Modified Thu, 29 Apr 2021 18:17:46 GMT ETag "853-5c12083172680" X-Frame-Options SAMEORIGIN Access-Control-Allow-Methods GET, PUT, POST, DELETE, PATCH Content-Type text/css Access-Control-Allow-Origin * Access-Control-Expose-Headers Content-Length,Content-Range Access-Control-Max-Age 1000 Accept-Ranges bytes Access-Control-Allow-Headers DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,origin, authorization, accept, client-security-token Keep-Alive timeout=10, max=1000
GET H/1.1	200 OK	jquery-1.9.1.js Show response eap.optumfinancial.com/cap_static/jQuery_v2/js/	262 KB 263 KB	856ms 246ms	Script application/x-javascript	149.111.149.139 UHC
General Check archive.org Show headers Download Go to Full URL https://eap.optumfinancial.com/cap_static/jQuery_v2/js/jquery-1.9.1.js Requested by Host: eap.optumfinancial.com URL: https://eap.optumfinancial.com/EAP/Portlets/eapLogin.jsf Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 149.111.149.139 , United States, ASN10879 (UHC, US), Reverse DNS eap-ldap-cop7-elr.uhc.com Software / Resource Hash 7bd80d06c01c0340c1b9159b9b4a197db882ca18cbac8e9b9aa025e68f998d40 Security Headers Name Value Content-Security-Policy default-src 'self' https:; font-src https: data:; img-src blob: https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer no-referrer-when-downgrade Strict-Transport-Security max-age=16070400; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://eap.optumfinancial.com/EAP/Portlets/eapLogin.jsf User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Date Fri, 01 Dec 2023 13:09:26 GMT Strict-Transport-Security max-age=16070400; includeSubDomains; preload X-Content-Type-Options nosniff Content-Security-Policy default-src 'self' https:; font-src https: data:; img-src blob: https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer no-referrer-when-downgrade Connection Keep-Alive Content-Length 268381 X-XSS-Protection 1; mode=block Last-Modified Thu, 29 Apr 2021 18:17:46 GMT ETag "4185d-5c12083172680" X-Frame-Options SAMEORIGIN Access-Control-Allow-Methods GET, PUT, POST, DELETE, PATCH Content-Type application/x-javascript Access-Control-Allow-Origin * Access-Control-Expose-Headers Content-Length,Content-Range Access-Control-Max-Age 1000 Accept-Ranges bytes Access-Control-Allow-Headers DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,origin, authorization, accept, client-security-token Keep-Alive timeout=10, max=999
GET H/1.1	200 OK	jquery-ui-1.10.3.custom.min.js Show response eap.optumfinancial.com/cap_static/jQuery_v2/js/	223 KB 224 KB	969ms 247ms	Script application/x-javascript	149.111.149.139 UHC
General Check archive.org Show headers Download Go to Full URL https://eap.optumfinancial.com/cap_static/jQuery_v2/js/jquery-ui-1.10.3.custom.min.js Requested by Host: eap.optumfinancial.com URL: https://eap.optumfinancial.com/EAP/Portlets/eapLogin.jsf Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 149.111.149.139 , United States, ASN10879 (UHC, US), Reverse DNS eap-ldap-cop7-elr.uhc.com Software / Resource Hash bd6845710f8b65925fdb00a1e448f0f7f8ac194cffd391946eb4ee561787eac4 Security Headers Name Value Content-Security-Policy default-src 'self' https:; font-src https: data:; img-src blob: https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer no-referrer-when-downgrade Strict-Transport-Security max-age=16070400; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://eap.optumfinancial.com/EAP/Portlets/eapLogin.jsf User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Date Fri, 01 Dec 2023 13:09:26 GMT Strict-Transport-Security max-age=16070400; includeSubDomains; preload X-Content-Type-Options nosniff Content-Security-Policy default-src 'self' https:; font-src https: data:; img-src blob: https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer no-referrer-when-downgrade Connection Keep-Alive Content-Length 228138 X-XSS-Protection 1; mode=block Last-Modified Thu, 29 Apr 2021 18:17:46 GMT ETag "37b2a-5c12083172680" X-Frame-Options SAMEORIGIN Access-Control-Allow-Methods GET, PUT, POST, DELETE, PATCH Content-Type application/x-javascript Access-Control-Allow-Origin * Access-Control-Expose-Headers Content-Length,Content-Range Access-Control-Max-Age 1000 Accept-Ranges bytes Access-Control-Allow-Headers DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,origin, authorization, accept, client-security-token Keep-Alive timeout=10, max=999
GET H/1.1	200 OK	jquery.maskedinput.min.js Show response eap.optumfinancial.com/cap_static/jQuery_v2/js/	3 KB 5 KB	912ms 125ms	Script application/x-javascript	149.111.149.139 UHC
General Check archive.org Show headers Download Go to Full URL https://eap.optumfinancial.com/cap_static/jQuery_v2/js/jquery.maskedinput.min.js Requested by Host: eap.optumfinancial.com URL: https://eap.optumfinancial.com/EAP/Portlets/eapLogin.jsf Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 149.111.149.139 , United States, ASN10879 (UHC, US), Reverse DNS eap-ldap-cop7-elr.uhc.com Software / Resource Hash 4d2f8e93a72b351e2a74a613e93e63c0c1e3b0f742cdb83b7664f4796092376d Security Headers Name Value Content-Security-Policy default-src 'self' https:; font-src https: data:; img-src blob: https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer no-referrer-when-downgrade Strict-Transport-Security max-age=16070400; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://eap.optumfinancial.com/EAP/Portlets/eapLogin.jsf User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Date Fri, 01 Dec 2023 13:09:26 GMT Strict-Transport-Security max-age=16070400; includeSubDomains; preload X-Content-Type-Options nosniff Content-Security-Policy default-src 'self' https:; font-src https: data:; img-src blob: https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer no-referrer-when-downgrade Connection Keep-Alive Content-Length 3568 X-XSS-Protection 1; mode=block Last-Modified Thu, 29 Apr 2021 18:17:46 GMT ETag "df0-5c12083172680" X-Frame-Options SAMEORIGIN Access-Control-Allow-Methods GET, PUT, POST, DELETE, PATCH Content-Type application/x-javascript Access-Control-Allow-Origin * Access-Control-Expose-Headers Content-Length,Content-Range Access-Control-Max-Age 1000 Accept-Ranges bytes Access-Control-Allow-Headers DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,origin, authorization, accept, client-security-token Keep-Alive timeout=10, max=996
GET H/1.1	200 OK	jquery.confirm-1.3.js Show response eap.optumfinancial.com/cap_static/jqueryCustom/js/	6 KB 7 KB	1037ms 125ms	Script application/x-javascript	149.111.149.139 UHC
General Check archive.org Show headers Download Go to Full URL https://eap.optumfinancial.com/cap_static/jqueryCustom/js/jquery.confirm-1.3.js Requested by Host: eap.optumfinancial.com URL: https://eap.optumfinancial.com/EAP/Portlets/eapLogin.jsf Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 149.111.149.139 , United States, ASN10879 (UHC, US), Reverse DNS eap-ldap-cop7-elr.uhc.com Software / Resource Hash 95ff3cd5d141c337ba0891e645d5efa61d4f7344899714730469e5ffe5511c75 Security Headers Name Value Content-Security-Policy default-src 'self' https:; font-src https: data:; img-src blob: https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer no-referrer-when-downgrade Strict-Transport-Security max-age=16070400; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://eap.optumfinancial.com/EAP/Portlets/eapLogin.jsf User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Date Fri, 01 Dec 2023 13:09:26 GMT Strict-Transport-Security max-age=16070400; includeSubDomains; preload X-Content-Type-Options nosniff Content-Security-Policy default-src 'self' https:; font-src https: data:; img-src blob: https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer no-referrer-when-downgrade Connection Keep-Alive Content-Length 5823 X-XSS-Protection 1; mode=block Last-Modified Thu, 29 Apr 2021 18:17:46 GMT ETag "16bf-5c12083172680" X-Frame-Options SAMEORIGIN Access-Control-Allow-Methods GET, PUT, POST, DELETE, PATCH Content-Type application/x-javascript Access-Control-Allow-Origin * Access-Control-Expose-Headers Content-Length,Content-Range Access-Control-Max-Age 1000 Accept-Ranges bytes Access-Control-Allow-Headers DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,origin, authorization, accept, client-security-token Keep-Alive timeout=10, max=995
GET H/1.1	200 OK	jquery.bgiframe.min.js Show response eap.optumfinancial.com/cap_static/jqueryCustom/js/	1 KB 2 KB	1088ms 125ms	Script application/x-javascript	149.111.149.139 UHC
General Check archive.org Show headers Download Go to Full URL https://eap.optumfinancial.com/cap_static/jqueryCustom/js/jquery.bgiframe.min.js Requested by Host: eap.optumfinancial.com URL: https://eap.optumfinancial.com/EAP/Portlets/eapLogin.jsf Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 149.111.149.139 , United States, ASN10879 (UHC, US), Reverse DNS eap-ldap-cop7-elr.uhc.com Software / Resource Hash b91ae250d8d398e18370cbb1a4f05d76142984de1da2a3244895cfe5c3b707a0 Security Headers Name Value Content-Security-Policy default-src 'self' https:; font-src https: data:; img-src blob: https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer no-referrer-when-downgrade Strict-Transport-Security max-age=16070400; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://eap.optumfinancial.com/EAP/Portlets/eapLogin.jsf User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Date Fri, 01 Dec 2023 13:09:26 GMT Strict-Transport-Security max-age=16070400; includeSubDomains; preload X-Content-Type-Options nosniff Content-Security-Policy default-src 'self' https:; font-src https: data:; img-src blob: https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer no-referrer-when-downgrade Connection Keep-Alive Content-Length 1402 X-XSS-Protection 1; mode=block Last-Modified Thu, 29 Apr 2021 18:17:46 GMT ETag "57a-5c12083172680" X-Frame-Options SAMEORIGIN Access-Control-Allow-Methods GET, PUT, POST, DELETE, PATCH Content-Type application/x-javascript Access-Control-Allow-Origin * Access-Control-Expose-Headers Content-Length,Content-Range Access-Control-Max-Age 1000 Accept-Ranges bytes Access-Control-Allow-Headers DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,origin, authorization, accept, client-security-token Keep-Alive timeout=10, max=999
GET H/1.1	200 OK	jquery.session.extender_v4.js Show response eap.optumfinancial.com/cap_static/jqueryCustom/js/	5 KB 6 KB	984ms 126ms	Script application/x-javascript	149.111.149.139 UHC
General Check archive.org Show headers Download Go to Full URL https://eap.optumfinancial.com/cap_static/jqueryCustom/js/jquery.session.extender_v4.js Requested by Host: eap.optumfinancial.com URL: https://eap.optumfinancial.com/EAP/Portlets/eapLogin.jsf Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 149.111.149.139 , United States, ASN10879 (UHC, US), Reverse DNS eap-ldap-cop7-elr.uhc.com Software / Resource Hash e297ccecb5b0a3617a85828cb57aef2cf7cfae2ee4271f3bcb76100e822e590a Security Headers Name Value Content-Security-Policy default-src 'self' https:; font-src https: data:; img-src blob: https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer no-referrer-when-downgrade Strict-Transport-Security max-age=16070400; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://eap.optumfinancial.com/EAP/Portlets/eapLogin.jsf User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Date Fri, 01 Dec 2023 13:09:26 GMT Strict-Transport-Security max-age=16070400; includeSubDomains; preload X-Content-Type-Options nosniff Content-Security-Policy default-src 'self' https:; font-src https: data:; img-src blob: https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer no-referrer-when-downgrade Connection Keep-Alive Content-Length 4822 X-XSS-Protection 1; mode=block Last-Modified Thu, 29 Apr 2021 18:17:46 GMT ETag "12d6-5c12083172680" X-Frame-Options SAMEORIGIN Access-Control-Allow-Methods GET, PUT, POST, DELETE, PATCH Content-Type application/x-javascript Access-Control-Allow-Origin * Access-Control-Expose-Headers Content-Length,Content-Range Access-Control-Max-Age 1000 Accept-Ranges bytes Access-Control-Allow-Headers DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,origin, authorization, accept, client-security-token Keep-Alive timeout=10, max=998
GET H/1.1	200 OK	commonJquery_v2.min.js Show response eap.optumfinancial.com/cap_static/OFS_shared/js/	2 KB 4 KB	1050ms 126ms	Script application/x-javascript	149.111.149.139 UHC
General Check archive.org Show headers Download Go to Full URL https://eap.optumfinancial.com/cap_static/OFS_shared/js/commonJquery_v2.min.js Requested by Host: eap.optumfinancial.com URL: https://eap.optumfinancial.com/EAP/Portlets/eapLogin.jsf Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 149.111.149.139 , United States, ASN10879 (UHC, US), Reverse DNS eap-ldap-cop7-elr.uhc.com Software / Resource Hash bc9ca7db5436805cd275f2ffef55ed6a5207897c3c05396493aa36ffcb5cae51 Security Headers Name Value Content-Security-Policy default-src 'self' https:; font-src https: data:; img-src blob: https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer no-referrer-when-downgrade Strict-Transport-Security max-age=16070400; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://eap.optumfinancial.com/EAP/Portlets/eapLogin.jsf User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Date Fri, 01 Dec 2023 13:09:26 GMT Strict-Transport-Security max-age=16070400; includeSubDomains; preload X-Content-Type-Options nosniff Content-Security-Policy default-src 'self' https:; font-src https: data:; img-src blob: https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer no-referrer-when-downgrade Connection Keep-Alive Content-Length 2505 X-XSS-Protection 1; mode=block Last-Modified Thu, 29 Apr 2021 18:17:46 GMT ETag "9c9-5c12083172680" X-Frame-Options SAMEORIGIN Access-Control-Allow-Methods GET, PUT, POST, DELETE, PATCH Content-Type application/x-javascript Access-Control-Allow-Origin * Access-Control-Expose-Headers Content-Length,Content-Range Access-Control-Max-Age 1000 Accept-Ranges bytes Access-Control-Allow-Headers DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,origin, authorization, accept, client-security-token Keep-Alive timeout=10, max=994
GET H/1.1	200 OK	sessionKillerEAP.js Show response eap.optumfinancial.com/cap_static/OFS_shared/js/	1 KB 2 KB	1085ms 126ms	Script application/x-javascript	149.111.149.139 UHC
General Check archive.org Show headers Download Go to Full URL https://eap.optumfinancial.com/cap_static/OFS_shared/js/sessionKillerEAP.js Requested by Host: eap.optumfinancial.com URL: https://eap.optumfinancial.com/EAP/Portlets/eapLogin.jsf Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 149.111.149.139 , United States, ASN10879 (UHC, US), Reverse DNS eap-ldap-cop7-elr.uhc.com Software / Resource Hash ad5f065d627edfab9665131bbadc5e451a942ab8de7d6dea5ab93b26dc3364d4 Security Headers Name Value Content-Security-Policy default-src 'self' https:; font-src https: data:; img-src blob: https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer no-referrer-when-downgrade Strict-Transport-Security max-age=16070400; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://eap.optumfinancial.com/EAP/Portlets/eapLogin.jsf User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Date Fri, 01 Dec 2023 13:09:26 GMT Strict-Transport-Security max-age=16070400; includeSubDomains; preload X-Content-Type-Options nosniff Content-Security-Policy default-src 'self' https:; font-src https: data:; img-src blob: https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer no-referrer-when-downgrade Connection Keep-Alive Content-Length 1270 X-XSS-Protection 1; mode=block Last-Modified Thu, 29 Apr 2021 18:17:46 GMT ETag "4f6-5c12083172680" X-Frame-Options SAMEORIGIN Access-Control-Allow-Methods GET, PUT, POST, DELETE, PATCH Content-Type application/x-javascript Access-Control-Allow-Origin * Access-Control-Expose-Headers Content-Length,Content-Range Access-Control-Max-Age 1000 Accept-Ranges bytes Access-Control-Allow-Headers DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,origin, authorization, accept, client-security-token Keep-Alive timeout=10, max=999
GET H/1.1	200 OK	optum_logo_gif_200px.gif eap.optumfinancial.com/cap_static/images_v2/Logos/	4 KB 5 KB	125ms 125ms	Image image/gif	149.111.149.139 UHC
General Check archive.org Show headers Download Go to Show image Full URL https://eap.optumfinancial.com/cap_static/images_v2/Logos/optum_logo_gif_200px.gif Requested by Host: eap.optumfinancial.com URL: https://eap.optumfinancial.com/EAP/Portlets/eapLogin.jsf Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 149.111.149.139 , United States, ASN10879 (UHC, US), Reverse DNS eap-ldap-cop7-elr.uhc.com Software / Resource Hash c73c0ca6d32b8ec91675fb24bfd68e2c94b805eaae259a0041a52b6b221ae20d Security Headers Name Value Content-Security-Policy default-src 'self' https:; font-src https: data:; img-src blob: https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer no-referrer-when-downgrade Strict-Transport-Security max-age=16070400; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://eap.optumfinancial.com/EAP/Portlets/eapLogin.jsf User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Date Fri, 01 Dec 2023 13:09:26 GMT Strict-Transport-Security max-age=16070400; includeSubDomains; preload X-Content-Type-Options nosniff Content-Security-Policy default-src 'self' https:; font-src https: data:; img-src blob: https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer no-referrer-when-downgrade Connection Keep-Alive Content-Length 3785 X-XSS-Protection 1; mode=block Last-Modified Thu, 29 Apr 2021 18:17:46 GMT ETag "ec9-5c12083172680" X-Frame-Options SAMEORIGIN Access-Control-Allow-Methods GET, PUT, POST, DELETE, PATCH Content-Type image/gif Access-Control-Allow-Origin * Access-Control-Expose-Headers Content-Length,Content-Range Access-Control-Max-Age 1000 Accept-Ranges bytes Access-Control-Allow-Headers DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,origin, authorization, accept, client-security-token Keep-Alive timeout=10, max=998
GET H/1.1	200 OK	white_arrow.gif eap.optumfinancial.com/cap_static/images_v2/Optum/	59 B 1 KB	125ms 125ms	Image image/gif	149.111.149.139 UHC
General Check archive.org Show headers Download Go to Show image Full URL https://eap.optumfinancial.com/cap_static/images_v2/Optum/white_arrow.gif Requested by Host: eap.optumfinancial.com URL: https://eap.optumfinancial.com/EAP/Portlets/eapLogin.jsf Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 149.111.149.139 , United States, ASN10879 (UHC, US), Reverse DNS eap-ldap-cop7-elr.uhc.com Software / Resource Hash 77b1c33c114c99fa105453c68bc1c189adc8e1bb2344c1dd93fcaefd30f67aa1 Security Headers Name Value Content-Security-Policy default-src 'self' https:; font-src https: data:; img-src blob: https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer no-referrer-when-downgrade Strict-Transport-Security max-age=16070400; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://eap.optumfinancial.com/EAP/Portlets/eapLogin.jsf User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Date Fri, 01 Dec 2023 13:09:26 GMT Strict-Transport-Security max-age=16070400; includeSubDomains; preload X-Content-Type-Options nosniff Content-Security-Policy default-src 'self' https:; font-src https: data:; img-src blob: https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer no-referrer-when-downgrade Connection Keep-Alive Content-Length 59 X-XSS-Protection 1; mode=block Last-Modified Thu, 29 Apr 2021 18:17:46 GMT ETag "3b-5c12083172680" X-Frame-Options SAMEORIGIN Access-Control-Allow-Methods GET, PUT, POST, DELETE, PATCH Content-Type image/gif Access-Control-Allow-Origin * Access-Control-Expose-Headers Content-Length,Content-Range Access-Control-Max-Age 1000 Accept-Ranges bytes Access-Control-Allow-Headers DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,origin, authorization, accept, client-security-token Keep-Alive timeout=10, max=997
GET H/1.1	200 OK	login_error_24x24.gif eap.optumfinancial.com/cap_static/images_v2/login/	1 KB 2 KB	125ms 124ms	Image image/gif	149.111.149.139 UHC
General Check archive.org Show headers Download Go to Show image Full URL https://eap.optumfinancial.com/cap_static/images_v2/login/login_error_24x24.gif Requested by Host: eap.optumfinancial.com URL: https://eap.optumfinancial.com/EAP/Portlets/eapLogin.jsf Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 149.111.149.139 , United States, ASN10879 (UHC, US), Reverse DNS eap-ldap-cop7-elr.uhc.com Software / Resource Hash 7080fe92938119875bb39a19b578f0e3fb544983a93ffa499ac0eb256db4f9c9 Security Headers Name Value Content-Security-Policy default-src 'self' https:; font-src https: data:; img-src blob: https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer no-referrer-when-downgrade Strict-Transport-Security max-age=16070400; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://eap.optumfinancial.com/EAP/Portlets/eapLogin.jsf User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Date Fri, 01 Dec 2023 13:09:26 GMT Strict-Transport-Security max-age=16070400; includeSubDomains; preload X-Content-Type-Options nosniff Content-Security-Policy default-src 'self' https:; font-src https: data:; img-src blob: https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer no-referrer-when-downgrade Connection Keep-Alive Content-Length 1157 X-XSS-Protection 1; mode=block Last-Modified Thu, 29 Apr 2021 18:17:46 GMT ETag "485-5c12083172680" X-Frame-Options SAMEORIGIN Access-Control-Allow-Methods GET, PUT, POST, DELETE, PATCH Content-Type image/gif Access-Control-Allow-Origin * Access-Control-Expose-Headers Content-Length,Content-Range Access-Control-Max-Age 1000 Accept-Ranges bytes Access-Control-Allow-Headers DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,origin, authorization, accept, client-security-token Keep-Alive timeout=10, max=993
GET H/1.1	200 OK	comodo_secure_100x85_white.png eap.optumfinancial.com/cap_static/images_v2/	8 KB 9 KB	394ms 394ms	Image image/png	149.111.149.139 UHC
General Check archive.org Show headers Download Go to Show image Full URL https://eap.optumfinancial.com/cap_static/images_v2/comodo_secure_100x85_white.png Requested by Host: eap.optumfinancial.com URL: https://eap.optumfinancial.com/EAP/Portlets/eapLogin.jsf Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 149.111.149.139 , United States, ASN10879 (UHC, US), Reverse DNS eap-ldap-cop7-elr.uhc.com Software / Resource Hash 0e981fadc7ea1d1986795ace95bfec29c44c7920a7a3eb680110f286d7d280cd Security Headers Name Value Content-Security-Policy default-src 'self' https:; font-src https: data:; img-src blob: https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer no-referrer-when-downgrade Strict-Transport-Security max-age=16070400; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://eap.optumfinancial.com/EAP/Portlets/eapLogin.jsf User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Date Fri, 01 Dec 2023 13:09:27 GMT Strict-Transport-Security max-age=16070400; includeSubDomains; preload X-Content-Type-Options nosniff Content-Security-Policy default-src 'self' https:; font-src https: data:; img-src blob: https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer no-referrer-when-downgrade Connection Keep-Alive Content-Length 8081 X-XSS-Protection 1; mode=block Last-Modified Thu, 29 Apr 2021 18:17:46 GMT ETag "1f91-5c12083172680" X-Frame-Options SAMEORIGIN Access-Control-Allow-Methods GET, PUT, POST, DELETE, PATCH Content-Type image/png Access-Control-Allow-Origin * Access-Control-Expose-Headers Content-Length,Content-Range Access-Control-Max-Age 1000 Accept-Ranges bytes Access-Control-Allow-Headers DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,origin, authorization, accept, client-security-token Keep-Alive timeout=10, max=998
POST H/1.1	200 OK	setSessionPref Show response eap.optumfinancial.com/EAP/Public/	0 986 B	180ms 179ms	XHR text/plain	149.111.149.139 UHC
General Check archive.org Show headers Download Go to Full URL https://eap.optumfinancial.com/EAP/Public/setSessionPref Requested by Host: eap.optumfinancial.com URL: https://eap.optumfinancial.com/cap_static/jQuery_v2/js/jquery-1.9.1.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 149.111.149.139 , United States, ASN10879 (UHC, US), Reverse DNS eap-ldap-cop7-elr.uhc.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Content-Security-Policy default-src 'self' https:; font-src https: data:; img-src blob: https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer no-referrer-when-downgrade Strict-Transport-Security max-age=16070400; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept */* Referer https://eap.optumfinancial.com/EAP/Portlets/eapLogin.jsf X-Requested-With XMLHttpRequest accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers Date Fri, 01 Dec 2023 13:09:27 GMT Strict-Transport-Security max-age=16070400; includeSubDomains; preload X-Content-Type-Options nosniff Content-Security-Policy default-src 'self' https:; font-src https: data:; img-src blob: https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer no-referrer-when-downgrade X-Frame-Options SAMEORIGIN Access-Control-Allow-Methods GET, PUT, POST, DELETE, PATCH Content-Language en-US Access-Control-Allow-Origin * Access-Control-Expose-Headers Content-Length,Content-Range Access-Control-Max-Age 1000 Connection Keep-Alive Access-Control-Allow-Headers DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,origin, authorization, accept, client-security-token Content-Length 0 X-XSS-Protection 1; mode=block Keep-Alive timeout=10, max=998
POST H/1.1	200 OK	setSessionPref Show response eap.optumfinancial.com/EAP/Public/	0 986 B	134ms 134ms	XHR text/plain	149.111.149.139 UHC
General Check archive.org Show headers Download Go to Full URL https://eap.optumfinancial.com/EAP/Public/setSessionPref Requested by Host: eap.optumfinancial.com URL: https://eap.optumfinancial.com/cap_static/jQuery_v2/js/jquery-1.9.1.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 149.111.149.139 , United States, ASN10879 (UHC, US), Reverse DNS eap-ldap-cop7-elr.uhc.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Content-Security-Policy default-src 'self' https:; font-src https: data:; img-src blob: https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer no-referrer-when-downgrade Strict-Transport-Security max-age=16070400; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept */* Referer https://eap.optumfinancial.com/EAP/Portlets/eapLogin.jsf X-Requested-With XMLHttpRequest accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers Date Fri, 01 Dec 2023 13:09:27 GMT Strict-Transport-Security max-age=16070400; includeSubDomains; preload X-Content-Type-Options nosniff Content-Security-Policy default-src 'self' https:; font-src https: data:; img-src blob: https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer no-referrer-when-downgrade X-Frame-Options SAMEORIGIN Access-Control-Allow-Methods GET, PUT, POST, DELETE, PATCH Content-Language en-US Access-Control-Allow-Origin * Access-Control-Expose-Headers Content-Length,Content-Range Access-Control-Max-Age 1000 Connection Keep-Alive Access-Control-Allow-Headers DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,origin, authorization, accept, client-security-token Content-Length 0 X-XSS-Protection 1; mode=block Keep-Alive timeout=10, max=997

176 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture boolean| isIE boolean| isWin boolean| isOpera function| ControlVersion function| GetSwfVer function| DetectFlashVer function| AC_AddExtension function| AC_Generateobj function| AC_FL_RunContent function| AC_GetArgs function| Hashtable function| startsWith function| DomDataCollection function| IE_FingerPrint function| Mozilla_FingerPrint function| Opera_FingerPrint function| Timer function| getRandomPort object| ProxyCollector function| BlackberryLocationCollector function| detectFields string| SEP string| PAIR string| DEV function| FingerPrint function| urlEncode function| encode_deviceprint function| decode_deviceprint function| post_deviceprint function| post_fingerprints function| add_deviceprint function| form_add_data function| form_add_deviceprint string| HTML5 string| BLACKBERRY string| UNDEFINED string| GEO_LOCATION_DEFAULT_STRUCT object| geoLocator boolean| geoLocatorStatus function| detectDeviceCollectionAPIMode function| init function| startCollection function| stopCollection function| getGeolocationStruct function| HTML5LocationCollector object| UIEventCollector function| UIEvent function| InteractionElement function| UIElementList function| activeXDetect function| stripIllegalChars function| stripFullPath object| BrowserDetect function| convertTimestampToGMT function| getTimestampInMillis function| debug function| forceIE89Synchronicity boolean| bSSO boolean| isSuperUser function| hide_header object| antiClickjack function| showAutoTimeOutMsg number| autoTimeOutMsg function| numbersOnly boolean| bSelected boolean| bFocus boolean| bClicked function| autoTab function| signOutMFA function| signOutEapMFA function| createDenialCookie function| createCookie function| signOut function| signOutSuperuser function| signOutEapuser function| goHome function| goHomeSuperuser function| goHomeEAP function| isLinkEnabledForSU function| isButtonEnabledForSU function| trim function| isCMAdocDown function| getQueryStringParameter function| popupWoutCtrls function| NumberFormat function| setInputDecimalNF function| setNumberNF function| toUnformattedNF function| getOriginalNF function| setNegativeFormatNF function| setNegativeRedNF function| setSeparatorsNF function| setCommasNF function| setCurrencyNF function| setCurrencyValueNF function| setCurrencyPrefixNF function| setCurrencyPositionNF function| setPlacesNF function| addSeparatorsNF function| toFormattedNF function| toPercentageNF function| getZerosNF function| expandExponentialNF function| moveDecimalRightNF function| moveDecimalLeftNF function| moveDecimalAsStringNF function| moveDecimalNF function| getRoundedNF function| preserveZerosNF function| justNumberNF string| datePickerDivID string| iFrameDivID object| dayArrayShort object| dayArrayMed object| dayArrayLong object| monthArrayShort object| monthArrayMed object| monthArrayLong string| defaultDateSeparator string| defaultDateFormat string| dateSeparator string| dateFormat function| displayDatePicker function| drawDatePicker function| refreshDatePicker function| getButtonCode function| getDateString function| getFieldDate function| splitDateString function| updateDateField function| adjustiFrame function| hideElements function| loadStaticData function| submitViaEnter object| ohfsOpenWinObject function| ohfsOpen function| callConfirmButton function| popUpWindowExternalLink function| callConfirmButtonOhfs function| callConfirmButtonMorningLinkOhfs function| callConfirmButtonSideNav function| popUpWindow function| popUpWindowComodo function| getCookieOHFS function| setCookieOHFS function| deleteCookieOHFS function| confirmLinks function| $ function| jQuery number| timeOutMessage undefined| timeOutAlert object| alertDialog object| sessionTimers function| basicTimeOutMessage function| showTimeOutMessage function| showTimeOutAlert function| setSessionPref function| killSession function| killAppSession function| cleanSession function| setUserCookie function| setUserCookieI boolean| validNavSK undefined| resetNavSK undefined| overrideSK function| dcsMultiTrack function| hide_footer object| errorMsg undefined| ohfsUsernameTextbox undefined| ohfsPasswordTextbox string| cookieVal object| date number| rnd object| plugin string| t

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			eap.optumfinancial.com/	1969-12-31 23:59:59	Name: JSESSIONID Value: 0000umOvyUJbcWAX7WHWD6aRRfI:1f7ljjrcm
			eap.optumfinancial.com/	1969-12-31 23:59:59	Name: BIGipServereap-ldap-cop7-elr.uhc.com_8080 Value: 382167562.36895.0000
			eap.optumfinancial.com/	1969-12-31 23:59:59	Name: TS01a8ffd3 Value: 011730d7d7ad7f5870c7e17dad2957861a77444b62f8b037095049df135fd90ca1eacc35101590ca9130edb62608e4fe8de11d734b
			eap.optumfinancial.com/	1970-01-21 02:13:16	Name: rsa Value: 1701436167384-851

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://eap.optumfinancial.com/EAP/Portlets/eapLogin.jsf Message: Unrecognized Content-Security-Policy directive 'reflected-xss'.
security	error	URL: https://eap.optumfinancial.com/EAP/Portlets/eapLogin.jsf Message: Unrecognized Content-Security-Policy directive 'referrer'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' https:; font-src https: data:; img-src blob: https: data:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; referrer no-referrer-when-downgrade
Strict-Transport-Security	max-age=16070400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

eap.optumfinancial.com
149.111.149.139
0193b6607d6b002631b1b97b03559101be6546e688ecfad270e0c9ebd3f9ab00
0e981fadc7ea1d1986795ace95bfec29c44c7920a7a3eb680110f286d7d280cd
35ca36b07fc3ffcd7fe4ba7bc1ee64eb209933f9c95a8c516ddc2fa887bee2f2
3e2d8dfde3e362b7dcf7f4d2128a87f36aef008e73c3e9db43105a97c0ab8f45
442cf3dbb85db42be5ee7cdda3c0ea066fc6ada246377bf1f5dc71b646ac6a36
4d2f8e93a72b351e2a74a613e93e63c0c1e3b0f742cdb83b7664f4796092376d
7080fe92938119875bb39a19b578f0e3fb544983a93ffa499ac0eb256db4f9c9
77b1c33c114c99fa105453c68bc1c189adc8e1bb2344c1dd93fcaefd30f67aa1
7b4432787acb5336a2a4b600b098156fd4858a0f676d7f3fa07eb69f16eeaa78
7bd80d06c01c0340c1b9159b9b4a197db882ca18cbac8e9b9aa025e68f998d40
95ff3cd5d141c337ba0891e645d5efa61d4f7344899714730469e5ffe5511c75
a7da7094d1a4ce76acf34ffd3960bcb0393e05bcd2545dc87ddc54bd242d44d6
ad5f065d627edfab9665131bbadc5e451a942ab8de7d6dea5ab93b26dc3364d4
b91ae250d8d398e18370cbb1a4f05d76142984de1da2a3244895cfe5c3b707a0
bc9ca7db5436805cd275f2ffef55ed6a5207897c3c05396493aa36ffcb5cae51
bd640ec7f38f72a8ce6e487060ebf29ac02e4cc8f3035331d4a11495421a852c
bd6845710f8b65925fdb00a1e448f0f7f8ac194cffd391946eb4ee561787eac4
c73c0ca6d32b8ec91675fb24bfd68e2c94b805eaae259a0041a52b6b221ae20d
caf03be375515056b13bc63bbccbac0d62be6a99c5d19e080141bd82c9521fac
cc7accdb92b0a05e530a0009de55307dd7cdef2b2f6099cb5450547aa74fe463
e297ccecb5b0a3617a85828cb57aef2cf7cfae2ee4271f3bcb76100e822e590a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef62646b0b21053bd22e4069e956d629cd4a64b4e35aeaaca0b522123b242c29