urlscan.io logo urlscan.io
SecurityTrails logo

identity.onehealthcareid.com Open in urlscan Pro
13.249.91.33  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://secure.uhcprovider.com/?cid=em-trackitnotification-recentlyclosedtickets/#/paan/trackit/recently-closed-tab
Effective URL: https://identity.onehealthcareid.com/api/v1/auth/login
Submission: On September 20 via manual from US — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 11 IPs in 1 countries across 8 domains to perform 28 HTTP transactions. The main IP is 13.249.91.33, located in United States and belongs to AMAZON-02, US. The main domain is identity.onehealthcareid.com. The Cisco Umbrella rank of the primary domain is 22036.
TLS certificate: Issued by COMODO RSA Organization Validation Se... on April 9th 2024. Valid for: a year.
This is the only time identity.onehealthcareid.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

6    2600:9000:261f:2200:1a:19fe:bb80:93a1 (United States)

ASN16509 (AMAZON-02, US)
secure.uhcprovider.com
4    2600:9000:247b:1400:18:51c1:c340:93a1 (United States)

ASN16509 (AMAZON-02, US)
apps.uhcprovider.com
3    2600:9000:21da:9000:1d:be51:5240:93a1 (United States)

ASN16509 (AMAZON-02, US)
maelstrom-dmz.uhc.com
maelstrom-dmz.uhcprovider.com
3    2a04:4e42::485 (United States)

ASN54113 (FASTLY, US)
cdn.jsdelivr.net
1    2602:816:5001::39 (United States)

ASN54113 (FASTLY, US)
js-agent.newrelic.com
2    162.247.243.29 (United States)

ASN54113 (FASTLY, US)
bam.nr-data.net
4    13.249.91.33 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-249-91-33.jfk52.r.cloudfront.net
identity.onehealthcareid.com
1    2600:141b:1c00:209f::1e80 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)
assets.adobedtm.com
1    2606:4700::6811:f7cb (United States)

ASN13335 (CLOUDFLARENET, US)
unpkg.com
5    151.101.65.229 (San Francisco, United States)

ASN54113 (FASTLY, US)
cdn.jsdelivr.net
Apex Domain
Subdomains		 Transfer
12 uhcprovider.com
secure.uhcprovider.com — Cisco Umbrella Rank: 27796
apps.uhcprovider.com — Cisco Umbrella Rank: 29523
maelstrom-dmz.uhcprovider.com — Cisco Umbrella Rank: 31228
107 KB
8 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 327
72 KB
4 onehealthcareid.com
identity.onehealthcareid.com — Cisco Umbrella Rank: 22036
4 KB
2 nr-data.net
bam.nr-data.net — Cisco Umbrella Rank: 248
928 B
1 unpkg.com
unpkg.com — Cisco Umbrella Rank: 803
24 KB
1 adobedtm.com
assets.adobedtm.com — Cisco Umbrella Rank: 442
205 KB
1 newrelic.com
js-agent.newrelic.com — Cisco Umbrella Rank: 569
14 KB
1 uhc.com
maelstrom-dmz.uhc.com — Cisco Umbrella Rank: 34045
7 KB
28 8
Domain Requested by
8 cdn.jsdelivr.net secure.uhcprovider.com
6 secure.uhcprovider.com secure.uhcprovider.com
4 identity.onehealthcareid.com 2 redirects apps.uhcprovider.com
4 apps.uhcprovider.com secure.uhcprovider.com
apps.uhcprovider.com
2 bam.nr-data.net secure.uhcprovider.com
2 maelstrom-dmz.uhcprovider.com 1 redirects secure.uhcprovider.com
1 unpkg.com secure.uhcprovider.com
1 assets.adobedtm.com secure.uhcprovider.com
1 js-agent.newrelic.com secure.uhcprovider.com
1 maelstrom-dmz.uhc.com secure.uhcprovider.com
28 10

This site contains no links.

Subject Issuer Validity Valid
secure.uhcprovider.com
COMODO RSA Organization Validation Secure Server CA		 2024-03-01 -
2025-03-01		 a year crt.sh
apps.uhcprovider.com
COMODO RSA Organization Validation Secure Server CA		 2024-08-07 -
2025-08-07		 a year crt.sh
maelstrom-dmz.optum.com
COMODO RSA Organization Validation Secure Server CA		 2024-08-07 -
2025-08-07		 a year crt.sh
jsdelivr.net
GlobalSign Atlas R3 DV TLS CA 2024 Q3		 2024-07-30 -
2025-08-31		 a year crt.sh
js-agent.newrelic.com
GlobalSign Atlas R3 DV TLS CA 2024 Q1		 2024-03-21 -
2025-04-22		 a year crt.sh
*.nr-data.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-07-12 -
2025-08-12		 a year crt.sh
identity.onehealthcareid.com
COMODO RSA Organization Validation Secure Server CA		 2024-04-09 -
2025-04-09		 a year crt.sh
assets.adobedtm.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-07-09 -
2025-08-09		 a year crt.sh
unpkg.com
WE1		 2024-07-28 -
2024-10-26		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://identity.onehealthcareid.com/api/v1/auth/login
Frame ID: 12F8AE869F6F706A9333ED72B84367CE
Requests: 28 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

ERROR: The request could not be satisfied

Page URL History Show full URLs

  1. https://secure.uhcprovider.com/?cid=em-trackitnotification-recentlyclosedtickets/ Page URL
  2. https://maelstrom-dmz.uhcprovider.com/api/identity/uhc-ohid/authorize?state=eyJyZWRpcmVjdCI6Imh0dHBzOi8vc2VjdXJlLn... HTTP 302
    https://identity.onehealthcareid.com/oidc/authorize?client_id=sde60155&redirect_uri=https%3A%2F%2Fapps.uhcprovide... HTTP 302
    https://identity.onehealthcareid.com/api/v1/auth/login Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

28
Requests

93 %
HTTPS

70 %
IPv6

8
Domains

10
Subdomains

11
IPs

1
Countries

431 kB
Transfer

1891 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://secure.uhcprovider.com/?cid=em-trackitnotification-recentlyclosedtickets/ Page URL
  2. https://maelstrom-dmz.uhcprovider.com/api/identity/uhc-ohid/authorize?state=eyJyZWRpcmVjdCI6Imh0dHBzOi8vc2VjdXJlLnVoY3Byb3ZpZGVyLmNvbS8/Y2lkPWVtLXRyYWNraXRub3RpZmljYXRpb24tcmVjZW50bHljbG9zZWR0aWNrZXRzLyMvcGFhbi90cmFja2l0L3JlY2VudGx5LWNsb3NlZC10YWIiLCJub25jZSI6IlF3a3hacDFDNzBXcCJ9 HTTP 302
    https://identity.onehealthcareid.com/oidc/authorize?client_id=sde60155&redirect_uri=https%3A%2F%2Fapps.uhcprovider.com%2Fapi%2Fidentity%2Fohid%2Fauthorize%2Fcallback&response_type=code&scope=openid%2Bprofile%2Bemail%2Bphone%2Baddress&state=O1k0HdSComHC6WNIRXWsGJQ1mRPTdulT HTTP 302
    https://identity.onehealthcareid.com/api/v1/auth/login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 26
  • https://identity.onehealthcareid.com/favicon.ico HTTP 302
  • https://identity.onehealthcareid.com/app/error.html

28 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
secure.uhcprovider.com/ 		2 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://secure.uhcprovider.com/?cid=em-trackitnotification-recentlyclosedtickets/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:261f:2200:1a:19fe:bb80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
UnitedHealthcare /
Resource Hash
c44c3d1632d92c8ea5f98489caf72c32ce1e675c286d12124b03c068162c60ce
Security Headers
Name Value
Content-Security-Policy default-src blob: data: *.lpsnmedia.net; connect-src 'self' data: *.liveperson.net *.bluecoat.com *.federateddataservices.com *.gstatic.com *.qualtrics.com *.console.glassboxsaas.com *.coveo.com wss://va.msg.liveperson.net *.launchdarkly.com *.uhcprovider.com *.jsdelivr.net pollyfill.io *.uhc.com *.uhg.com c2001.report.gbss.io cdn.gbqofs.com c1001.report.gbss.io *.glassboxdigital.io *.gbqofs.io *.newrelic.com *.adobedtm.com https://unpkg.com *.nr-data.net *.licdn.com *.cloudfront.net *.cloudflare.com *.optum.com *.demdex.net *.omtrdc.net *.amazonaws.com *.lpsnmedia.net 'unsafe-inline'; script-src 'self' 'unsafe-eval' *.bluecoat.com *.federateddataservices.com *.gstatic.com *.qualtrics.com *.console.glassboxsaas.com *.coveo.com *.uhcprovider.com *.jsdelivr.net https://polyfill.io/v3/polyfill.js *.uhc.com *.uhg.com c2001.report.gbss.io cdn.gbqofs.com c1001.report.gbss.io *.glassboxdigital.io *.gbqofs.io *.newrelic.com *.adobedtm.com https://unpkg.com *.nr-data.net *.licdn.com *.cloudfront.net *.optum.com *.amazonaws.com *.liveperson.net *.lpsnmedia.net blob: 'unsafe-inline'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-ancestors 'none'
Strict-Transport-Security max-age=31536000; includeSubdomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
cache-control
max-age=0,no-cache,no-store,must-revalidate
content-length
1752
content-security-policy
default-src blob: data: *.lpsnmedia.net; connect-src 'self' data: *.liveperson.net *.bluecoat.com *.federateddataservices.com *.gstatic.com *.qualtrics.com *.console.glassboxsaas.com *.coveo.com wss://va.msg.liveperson.net *.launchdarkly.com *.uhcprovider.com *.jsdelivr.net pollyfill.io *.uhc.com *.uhg.com c2001.report.gbss.io cdn.gbqofs.com c1001.report.gbss.io *.glassboxdigital.io *.gbqofs.io *.newrelic.com *.adobedtm.com https://unpkg.com *.nr-data.net *.licdn.com *.cloudfront.net *.cloudflare.com *.optum.com *.demdex.net *.omtrdc.net *.amazonaws.com *.lpsnmedia.net 'unsafe-inline'; script-src 'self' 'unsafe-eval' *.bluecoat.com *.federateddataservices.com *.gstatic.com *.qualtrics.com *.console.glassboxsaas.com *.coveo.com *.uhcprovider.com *.jsdelivr.net https://polyfill.io/v3/polyfill.js *.uhc.com *.uhg.com c2001.report.gbss.io cdn.gbqofs.com c1001.report.gbss.io *.glassboxdigital.io *.gbqofs.io *.newrelic.com *.adobedtm.com https://unpkg.com *.nr-data.net *.licdn.com *.cloudfront.net *.optum.com *.amazonaws.com *.liveperson.net *.lpsnmedia.net blob: 'unsafe-inline'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-ancestors 'none'
content-type
text/html
date
Fri, 20 Sep 2024 13:55:01 GMT
etag
"612395729a24667ec62bb06016fd03ea"
last-modified
Wed, 11 Sep 2024 00:13:52 GMT
server
UnitedHealthcare
strict-transport-security
max-age=31536000; includeSubdomains; preload
via
1.1 2784337ad1bef2f5343cdf0842e12a80.cloudfront.net (CloudFront)
x-amz-cf-id
6FgSqFPqDZweE73VyPw6mfo9lfVBDiNqi-o8nrZ6DpsKrEmGYDpDrw==
x-amz-cf-pop
JFK52-P3
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
stylesheet.css
apps.uhcprovider.com/cdn/uhc-brand/ 		297 KB
38 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://apps.uhcprovider.com/cdn/uhc-brand/stylesheet.css
Requested by
Host: secure.uhcprovider.com
URL: https://secure.uhcprovider.com/?cid=em-trackitnotification-recentlyclosedtickets/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:1400:18:51c1:c340:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
705495f84f2adb64029733a4ea92b84aa9cf373b5dc7f05f2329165829d38b96

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://secure.uhcprovider.com/

Response headers

vary
Accept-Encoding
cache-control
max-age=31536000,public,must-revalidate
content-encoding
gzip
etag
W/"5224ab3b73a47e6ee23685c4ef32e732"
age
10314654
via
1.1 e2730004afe9197a527c2569a0e0d39a.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-cache
Hit from cloudfront
x-amz-cf-id
Kntda3G7ZxOjhqEbKGMJvTDzOmaygpDoC1snRighjW_ZPm1U5ccL1Q==
date
Fri, 24 May 2024 04:44:07 GMT
content-type
text/css
last-modified
Sat, 23 Apr 2022 00:04:27 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
script.js
apps.uhcprovider.com/cdn/uhcpp-script/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apps.uhcprovider.com/cdn/uhcpp-script/script.js?id=sde-core:prod
Requested by
Host: secure.uhcprovider.com
URL: https://secure.uhcprovider.com/?cid=em-trackitnotification-recentlyclosedtickets/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:1400:18:51c1:c340:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2d481831a540df0d562b603d761f5d1654b40e8b954c87bce99103a7ad76a519

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://secure.uhcprovider.com/

Response headers

vary
Accept-Encoding
cache-control
max-age=31536000,public,must-revalidate
content-encoding
gzip
etag
W/"acfe73656d7eca25e2afcf99ecb08cd0"
age
4276561
via
1.1 e2730004afe9197a527c2569a0e0d39a.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-cache
Hit from cloudfront
x-amz-cf-id
_1vBrwqwBrnmchSRoj-raHL1729CC350PWWUy04hoOG8VSFJ_RySYA==
date
Fri, 02 Aug 2024 01:59:00 GMT
content-type
application/javascript
last-modified
Fri, 02 Aug 2024 01:57:46 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
newrelic.js
secure.uhcprovider.com/static/scripts/prod/ 		27 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.uhcprovider.com/static/scripts/prod/newrelic.js
Requested by
Host: secure.uhcprovider.com
URL: https://secure.uhcprovider.com/?cid=em-trackitnotification-recentlyclosedtickets/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:261f:2200:1a:19fe:bb80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
UnitedHealthcare /
Resource Hash
062a832fee52b63b43ab13ff33f83e71d4a3ba1b617b6e88d1c46c1100ef7a40
Security Headers
Name Value
Content-Security-Policy default-src blob: data: *.lpsnmedia.net; connect-src 'self' data: *.liveperson.net *.bluecoat.com *.federateddataservices.com *.gstatic.com *.qualtrics.com *.console.glassboxsaas.com *.coveo.com wss://va.msg.liveperson.net *.launchdarkly.com *.uhcprovider.com *.jsdelivr.net pollyfill.io *.uhc.com *.uhg.com c2001.report.gbss.io cdn.gbqofs.com c1001.report.gbss.io *.glassboxdigital.io *.gbqofs.io *.newrelic.com *.adobedtm.com https://unpkg.com *.nr-data.net *.licdn.com *.cloudfront.net *.cloudflare.com *.optum.com *.demdex.net *.omtrdc.net *.amazonaws.com *.lpsnmedia.net 'unsafe-inline'; script-src 'self' 'unsafe-eval' *.bluecoat.com *.federateddataservices.com *.gstatic.com *.qualtrics.com *.console.glassboxsaas.com *.coveo.com *.uhcprovider.com *.jsdelivr.net https://polyfill.io/v3/polyfill.js *.uhc.com *.uhg.com c2001.report.gbss.io cdn.gbqofs.com c1001.report.gbss.io *.glassboxdigital.io *.gbqofs.io *.newrelic.com *.adobedtm.com https://unpkg.com *.nr-data.net *.licdn.com *.cloudfront.net *.optum.com *.amazonaws.com *.liveperson.net *.lpsnmedia.net blob: 'unsafe-inline'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-ancestors 'none'
Strict-Transport-Security max-age=31536000; includeSubdomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://secure.uhcprovider.com/?cid=em-trackitnotification-recentlyclosedtickets/

Response headers

etag
"fc42d194426cccf5b7409c0738cbc26e"
age
12355547
x-cache
Hit from cloudfront
x-amz-cf-id
rzPQwcBkaThQshyxOBgl-G1y2JJCVqEIXTYsuTxK3RbxZr8D5eZ2Og==
date
Tue, 30 Apr 2024 13:49:14 GMT
content-type
application/javascript
last-modified
Thu, 18 Apr 2024 01:02:00 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-security-policy
default-src blob: data: *.lpsnmedia.net; connect-src 'self' data: *.liveperson.net *.bluecoat.com *.federateddataservices.com *.gstatic.com *.qualtrics.com *.console.glassboxsaas.com *.coveo.com wss://va.msg.liveperson.net *.launchdarkly.com *.uhcprovider.com *.jsdelivr.net pollyfill.io *.uhc.com *.uhg.com c2001.report.gbss.io cdn.gbqofs.com c1001.report.gbss.io *.glassboxdigital.io *.gbqofs.io *.newrelic.com *.adobedtm.com https://unpkg.com *.nr-data.net *.licdn.com *.cloudfront.net *.cloudflare.com *.optum.com *.demdex.net *.omtrdc.net *.amazonaws.com *.lpsnmedia.net 'unsafe-inline'; script-src 'self' 'unsafe-eval' *.bluecoat.com *.federateddataservices.com *.gstatic.com *.qualtrics.com *.console.glassboxsaas.com *.coveo.com *.uhcprovider.com *.jsdelivr.net https://polyfill.io/v3/polyfill.js *.uhc.com *.uhg.com c2001.report.gbss.io cdn.gbqofs.com c1001.report.gbss.io *.glassboxdigital.io *.gbqofs.io *.newrelic.com *.adobedtm.com https://unpkg.com *.nr-data.net *.licdn.com *.cloudfront.net *.optum.com *.amazonaws.com *.liveperson.net *.lpsnmedia.net blob: 'unsafe-inline'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-ancestors 'none'
cache-control
max-age=31536000,public,must-revalidate
via
1.1 2784337ad1bef2f5343cdf0842e12a80.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
27169
x-amz-cf-pop
JFK52-P3
server
UnitedHealthcare
x-amz-server-side-encryption
AES256
browser.js
maelstrom-dmz.uhc.com/cdn/uhcp/scripts/ 		18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maelstrom-dmz.uhc.com/cdn/uhcp/scripts/browser.js
Requested by
Host: secure.uhcprovider.com
URL: https://secure.uhcprovider.com/?cid=em-trackitnotification-recentlyclosedtickets/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21da:9000:1d:be51:5240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4c5859edb889a16fa463eefe5be729df8ade6f111943dd34b9128259801576e8

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://secure.uhcprovider.com/

Response headers

vary
Accept-Encoding
cache-control
max-age=31536000,public,must-revalidate
content-encoding
gzip
etag
W/"69384171c7c2e2683818339324a970bf"
age
3055241
via
1.1 42d3518040c55e24793897f7f5d5f342.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-cache
Hit from cloudfront
x-amz-cf-id
MEsCEvAJ7FgL451Qp5wfdjXGUnx9plAqNxk6ZQHWh1dKXvMMtV6c6A==
date
Fri, 16 Aug 2024 05:14:20 GMT
content-type
application/javascript
last-modified
Sat, 23 Apr 2022 00:15:18 GMT
server
AmazonS3
x-amz-cf-pop
EWR53-C1
x-amz-server-side-encryption
AES256
system.min.js
cdn.jsdelivr.net/npm/systemjs@6.3.1/dist/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/systemjs@6.3.1/dist/system.min.js
Requested by
Host: secure.uhcprovider.com
URL: https://secure.uhcprovider.com/?cid=em-trackitnotification-recentlyclosedtickets/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
d798f67f0d33a7c52e6179ae6c51d6ed270aff1af9361c64c6625ca7b4f72eb7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://secure.uhcprovider.com/

Response headers

access-control-expose-headers
*
content-encoding
br
etag
W/"26c0-61yroWzK5sDphugOTqtkhTczLdQ"
age
739531
x-content-type-options
nosniff
x-jsd-version-type
version
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT, HIT
date
Fri, 20 Sep 2024 13:55:00 GMT
content-type
application/javascript; charset=utf-8
x-served-by
cache-fra-eddf8230144-FRA, cache-yul1970040-YUL
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
content-length
3985
x-jsd-version
6.3.1
amd.min.js
cdn.jsdelivr.net/npm/systemjs@6.3.1/dist/extras/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/systemjs@6.3.1/dist/extras/amd.min.js
Requested by
Host: secure.uhcprovider.com
URL: https://secure.uhcprovider.com/?cid=em-trackitnotification-recentlyclosedtickets/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
eef4b8a4fb20ef3c75a13009d73408af694383fabc6a7cd409ccfa9f1b9a2a15
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://secure.uhcprovider.com/

Response headers

access-control-expose-headers
*
content-encoding
br
etag
W/"667-eZzd4CidAcY82fX+qaGvike/hxM"
age
1320300
x-content-type-options
nosniff
x-jsd-version-type
version
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT, HIT
date
Fri, 20 Sep 2024 13:55:00 GMT
content-type
application/javascript; charset=utf-8
x-served-by
cache-fra-eddf8230072-FRA, cache-yul1970040-YUL
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
content-length
837
x-jsd-version
6.3.1
named-exports.min.js
cdn.jsdelivr.net/npm/systemjs@6.3.1/dist/extras/ 		651 B
510 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/systemjs@6.3.1/dist/extras/named-exports.min.js
Requested by
Host: secure.uhcprovider.com
URL: https://secure.uhcprovider.com/?cid=em-trackitnotification-recentlyclosedtickets/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
3cc632231fca883c829e8a6edb5d36d92fc1f3db5f6b716bc44ed89bbb07083a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://secure.uhcprovider.com/

Response headers

access-control-expose-headers
*
content-encoding
br
etag
W/"28b-1wPHHu04o4Og/uTT+l2W3oSafaw"
age
904065
x-content-type-options
nosniff
x-jsd-version-type
version
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT, HIT
date
Fri, 20 Sep 2024 13:55:00 GMT
content-type
application/javascript; charset=utf-8
x-served-by
cache-fra-etou8220111-FRA, cache-yul1970040-YUL
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
content-length
394
x-jsd-version
6.3.1
auth.js
apps.uhcprovider.com/cdn/uhc-ohid/ 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apps.uhcprovider.com/cdn/uhc-ohid/auth.js
Requested by
Host: secure.uhcprovider.com
URL: https://secure.uhcprovider.com/?cid=em-trackitnotification-recentlyclosedtickets/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:1400:18:51c1:c340:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a1b300471cd4361016b2ba738a92b1c4790572bc683f6356631232dfbf77d150

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://secure.uhcprovider.com/

Response headers

vary
Accept-Encoding
cache-control
max-age=31536000,public,must-revalidate
content-encoding
gzip
etag
W/"9d68cda9c7cfad2478f1e7d54fd1ab68"
age
8853189
via
1.1 e2730004afe9197a527c2569a0e0d39a.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-cache
Hit from cloudfront
x-amz-cf-id
fa9oKrFY9Pd6lf3ONKBhjyvrVkvgeeriPPXiCwFILXpTrRHWMcZIPg==
date
Mon, 10 Jun 2024 02:41:52 GMT
content-type
text/javascript
last-modified
Thu, 07 Mar 2024 01:28:40 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
prod
apps.uhcprovider.com/app/uhcpp/sde-core/env/ 		210 B
603 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://apps.uhcprovider.com/app/uhcpp/sde-core/env/prod
Requested by
Host: apps.uhcprovider.com
URL: https://apps.uhcprovider.com/cdn/uhcpp-script/script.js?id=sde-core:prod
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:247b:1400:18:51c1:c340:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://secure.uhcprovider.com/

Response headers

vary
Accept-Encoding
etag
"9404aaff5b1793162104dd8a8aef1d3c"
via
1.1 d7365e331e2f3aa085a6501cac42bb72.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
x-cache
RefreshHit from cloudfront
content-length
210
x-amz-cf-id
f3hT2gmWz4AfTHserNyo3I6uojWYQ9lj2_i5yKKPmXIboOX0IejfdQ==
date
Fri, 20 Sep 2024 13:55:01 GMT
content-type
application/json
last-modified
Fri, 15 Dec 2023 06:31:21 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P2
x-amz-server-side-encryption
AES256
importmap.json
secure.uhcprovider.com/ 		2 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://secure.uhcprovider.com/importmap.json
Requested by
Host: secure.uhcprovider.com
URL: https://secure.uhcprovider.com/static/scripts/prod/newrelic.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:261f:2200:1a:19fe:bb80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
UnitedHealthcare /
Resource Hash
a3f509e7e67a6855169a603f3fb28505ae6c56b279ef10c9134b63f6ffc835a2
Security Headers
Name Value
Content-Security-Policy default-src blob: data: *.lpsnmedia.net; connect-src 'self' data: *.liveperson.net *.bluecoat.com *.federateddataservices.com *.gstatic.com *.qualtrics.com *.console.glassboxsaas.com *.coveo.com wss://va.msg.liveperson.net *.launchdarkly.com *.uhcprovider.com *.jsdelivr.net pollyfill.io *.uhc.com *.uhg.com c2001.report.gbss.io cdn.gbqofs.com c1001.report.gbss.io *.glassboxdigital.io *.gbqofs.io *.newrelic.com *.adobedtm.com https://unpkg.com *.nr-data.net *.licdn.com *.cloudfront.net *.cloudflare.com *.optum.com *.demdex.net *.omtrdc.net *.amazonaws.com *.lpsnmedia.net 'unsafe-inline'; script-src 'self' 'unsafe-eval' *.bluecoat.com *.federateddataservices.com *.gstatic.com *.qualtrics.com *.console.glassboxsaas.com *.coveo.com *.uhcprovider.com *.jsdelivr.net https://polyfill.io/v3/polyfill.js *.uhc.com *.uhg.com c2001.report.gbss.io cdn.gbqofs.com c1001.report.gbss.io *.glassboxdigital.io *.gbqofs.io *.newrelic.com *.adobedtm.com https://unpkg.com *.nr-data.net *.licdn.com *.cloudfront.net *.optum.com *.amazonaws.com *.liveperson.net *.lpsnmedia.net blob: 'unsafe-inline'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-ancestors 'none'
Strict-Transport-Security max-age=31536000; includeSubdomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://secure.uhcprovider.com/?cid=em-trackitnotification-recentlyclosedtickets/

Response headers

strict-transport-security
max-age=31536000; includeSubdomains; preload
content-security-policy
default-src blob: data: *.lpsnmedia.net; connect-src 'self' data: *.liveperson.net *.bluecoat.com *.federateddataservices.com *.gstatic.com *.qualtrics.com *.console.glassboxsaas.com *.coveo.com wss://va.msg.liveperson.net *.launchdarkly.com *.uhcprovider.com *.jsdelivr.net pollyfill.io *.uhc.com *.uhg.com c2001.report.gbss.io cdn.gbqofs.com c1001.report.gbss.io *.glassboxdigital.io *.gbqofs.io *.newrelic.com *.adobedtm.com https://unpkg.com *.nr-data.net *.licdn.com *.cloudfront.net *.cloudflare.com *.optum.com *.demdex.net *.omtrdc.net *.amazonaws.com *.lpsnmedia.net 'unsafe-inline'; script-src 'self' 'unsafe-eval' *.bluecoat.com *.federateddataservices.com *.gstatic.com *.qualtrics.com *.console.glassboxsaas.com *.coveo.com *.uhcprovider.com *.jsdelivr.net https://polyfill.io/v3/polyfill.js *.uhc.com *.uhg.com c2001.report.gbss.io cdn.gbqofs.com c1001.report.gbss.io *.glassboxdigital.io *.gbqofs.io *.newrelic.com *.adobedtm.com https://unpkg.com *.nr-data.net *.licdn.com *.cloudfront.net *.optum.com *.amazonaws.com *.liveperson.net *.lpsnmedia.net blob: 'unsafe-inline'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-ancestors 'none'
cache-control
max-age=0,no-cache,no-store,must-revalidate
etag
"72937b57eb36c71905745f6c40f724f0"
via
1.1 2784337ad1bef2f5343cdf0842e12a80.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Miss from cloudfront
content-length
1887
x-amz-cf-id
rc3wSTbNwwdmrABwX3UUeKBzA0FfMuWUa8vJaw5zOBMHJT9ivCmHYg==
date
Fri, 20 Sep 2024 13:55:01 GMT
content-type
binary/octet-stream
last-modified
Fri, 13 Sep 2024 01:41:13 GMT
server
UnitedHealthcare
x-amz-cf-pop
JFK52-P3
x-amz-server-side-encryption
AES256
introspect
maelstrom-dmz.uhcprovider.com/api/identity/uhc-ohid/ 		24 B
477 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://maelstrom-dmz.uhcprovider.com/api/identity/uhc-ohid/introspect
Requested by
Host: secure.uhcprovider.com
URL: https://secure.uhcprovider.com/static/scripts/prod/newrelic.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21da:9000:1d:be51:5240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://secure.uhcprovider.com/

Response headers

x-amz-apigw-id
eaC8QGhSiYcEq5w=
x-amzn-trace-id
Root=1-66ed7eb4-01c6cf984603b60372ea539c;Parent=66b47650c833eabb;Sampled=0;Lineage=1:c3c8c0e3:0
access-control-allow-credentials
true
x-amzn-requestid
057777ce-0a13-4e04-9efe-89772a2c44f0
via
1.1 42d3518040c55e24793897f7f5d5f342.cloudfront.net (CloudFront)
access-control-allow-origin
https://secure.uhcprovider.com
x-cache
Error from cloudfront
content-length
24
x-amz-cf-id
CvoZoIpW4Kg3xZ-7d4axs9rogw7YuDQPaUzd3wl2QNqQTIsuvtFWOg==
date
Fri, 20 Sep 2024 13:55:00 GMT
content-type
application/json
x-amz-cf-pop
EWR53-C1
nr-spa-1177.min.js
js-agent.newrelic.com/ 		37 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-agent.newrelic.com/nr-spa-1177.min.js
Requested by
Host: secure.uhcprovider.com
URL: https://secure.uhcprovider.com/static/scripts/prod/newrelic.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2602:816:5001::39 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
54cb1f867060c01677649ce2d5e65485b33ce06ea271cb4244cbdd22c31fe69a
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://secure.uhcprovider.com/

Response headers

strict-transport-security
max-age=300
cache-control
public, max-age=31536000, stale-while-revalidate=86400, stale-if-error=86400
content-encoding
br
etag
"d89642b485486b2c9af6da463597333c"
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
x-cache
HIT
content-length
13664
date
Fri, 20 Sep 2024 13:55:00 GMT
last-modified
Wed, 18 Oct 2023 21:30:50 GMT
content-type
application/javascript
x-served-by
cache-yul1970024-YUL
x-cache-hits
196
vary
Accept-Encoding
favicon.png
secure.uhcprovider.com/ 		1 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://secure.uhcprovider.com/favicon.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:261f:2200:1a:19fe:bb80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
UnitedHealthcare /
Resource Hash
4f88e47b338330d914eebdd94d10953f24efd069a0e8ff038fee3e252d72f39d
Security Headers
Name Value
Content-Security-Policy default-src blob: data: *.lpsnmedia.net; connect-src 'self' data: *.liveperson.net *.bluecoat.com *.federateddataservices.com *.gstatic.com *.qualtrics.com *.console.glassboxsaas.com *.coveo.com wss://va.msg.liveperson.net *.launchdarkly.com *.uhcprovider.com *.jsdelivr.net pollyfill.io *.uhc.com *.uhg.com c2001.report.gbss.io cdn.gbqofs.com c1001.report.gbss.io *.glassboxdigital.io *.gbqofs.io *.newrelic.com *.adobedtm.com https://unpkg.com *.nr-data.net *.licdn.com *.cloudfront.net *.cloudflare.com *.optum.com *.demdex.net *.omtrdc.net *.amazonaws.com *.lpsnmedia.net 'unsafe-inline'; script-src 'self' 'unsafe-eval' *.bluecoat.com *.federateddataservices.com *.gstatic.com *.qualtrics.com *.console.glassboxsaas.com *.coveo.com *.uhcprovider.com *.jsdelivr.net https://polyfill.io/v3/polyfill.js *.uhc.com *.uhg.com c2001.report.gbss.io cdn.gbqofs.com c1001.report.gbss.io *.glassboxdigital.io *.gbqofs.io *.newrelic.com *.adobedtm.com https://unpkg.com *.nr-data.net *.licdn.com *.cloudfront.net *.optum.com *.amazonaws.com *.liveperson.net *.lpsnmedia.net blob: 'unsafe-inline'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-ancestors 'none'
Strict-Transport-Security max-age=31536000; includeSubdomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://secure.uhcprovider.com/?cid=em-trackitnotification-recentlyclosedtickets/

Response headers

etag
"fb909ce3f8e9a7201ab5c2ec73525b4d"
age
8246180
x-cache
Hit from cloudfront
x-amz-cf-id
0uM2dkLUUEqG_z9xfHo8WWH9AqlQo6eipeE2gQTbvpRRT80ef5TMuw==
date
Mon, 17 Jun 2024 03:18:41 GMT
content-type
image/png
last-modified
Thu, 30 May 2024 00:33:58 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-security-policy
default-src blob: data: *.lpsnmedia.net; connect-src 'self' data: *.liveperson.net *.bluecoat.com *.federateddataservices.com *.gstatic.com *.qualtrics.com *.console.glassboxsaas.com *.coveo.com wss://va.msg.liveperson.net *.launchdarkly.com *.uhcprovider.com *.jsdelivr.net pollyfill.io *.uhc.com *.uhg.com c2001.report.gbss.io cdn.gbqofs.com c1001.report.gbss.io *.glassboxdigital.io *.gbqofs.io *.newrelic.com *.adobedtm.com https://unpkg.com *.nr-data.net *.licdn.com *.cloudfront.net *.cloudflare.com *.optum.com *.demdex.net *.omtrdc.net *.amazonaws.com *.lpsnmedia.net 'unsafe-inline'; script-src 'self' 'unsafe-eval' *.bluecoat.com *.federateddataservices.com *.gstatic.com *.qualtrics.com *.console.glassboxsaas.com *.coveo.com *.uhcprovider.com *.jsdelivr.net https://polyfill.io/v3/polyfill.js *.uhc.com *.uhg.com c2001.report.gbss.io cdn.gbqofs.com c1001.report.gbss.io *.glassboxdigital.io *.gbqofs.io *.newrelic.com *.adobedtm.com https://unpkg.com *.nr-data.net *.licdn.com *.cloudfront.net *.optum.com *.amazonaws.com *.liveperson.net *.lpsnmedia.net blob: 'unsafe-inline'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-ancestors 'none'
cache-control
max-age=31536000,public,must-revalidate
via
1.1 2784337ad1bef2f5343cdf0842e12a80.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
1107
x-amz-cf-pop
JFK52-P3
server
UnitedHealthcare
x-amz-server-side-encryption
AES256
sde-core.js
secure.uhcprovider.com/sde-core/static/version/V2VkIFNlcCAxMSAyMDI0IDAwOjEwOjA5/ 		26 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.uhcprovider.com/sde-core/static/version/V2VkIFNlcCAxMSAyMDI0IDAwOjEwOjA5/sde-core.js
Requested by
Host: secure.uhcprovider.com
URL: https://secure.uhcprovider.com/static/scripts/prod/newrelic.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:261f:2200:1a:19fe:bb80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src blob: data: *.lpsnmedia.net; connect-src 'self' data: *.liveperson.net *.bluecoat.com *.federateddataservices.com *.gstatic.com *.qualtrics.com *.console.glassboxsaas.com *.coveo.com wss://va.msg.liveperson.net *.launchdarkly.com *.uhcprovider.com *.jsdelivr.net pollyfill.io *.uhc.com *.uhg.com c2001.report.gbss.io cdn.gbqofs.com c1001.report.gbss.io *.glassboxdigital.io *.gbqofs.io *.newrelic.com *.adobedtm.com https://unpkg.com *.nr-data.net *.licdn.com *.cloudfront.net *.cloudflare.com *.optum.com *.demdex.net *.omtrdc.net *.amazonaws.com *.lpsnmedia.net 'unsafe-inline'; script-src 'self' 'unsafe-eval' *.bluecoat.com *.federateddataservices.com *.gstatic.com *.qualtrics.com *.console.glassboxsaas.com *.coveo.com *.uhcprovider.com *.jsdelivr.net https://polyfill.io/v3/polyfill.js *.uhc.com *.uhg.com c2001.report.gbss.io cdn.gbqofs.com c1001.report.gbss.io *.glassboxdigital.io *.gbqofs.io *.newrelic.com *.adobedtm.com https://unpkg.com *.nr-data.net *.licdn.com *.cloudfront.net *.optum.com *.amazonaws.com *.liveperson.net *.lpsnmedia.net blob: 'unsafe-inline'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-ancestors 'none'

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://secure.uhcprovider.com
Referer
https://secure.uhcprovider.com/?cid=em-trackitnotification-recentlyclosedtickets/

Response headers

content-security-policy
default-src blob: data: *.lpsnmedia.net; connect-src 'self' data: *.liveperson.net *.bluecoat.com *.federateddataservices.com *.gstatic.com *.qualtrics.com *.console.glassboxsaas.com *.coveo.com wss://va.msg.liveperson.net *.launchdarkly.com *.uhcprovider.com *.jsdelivr.net pollyfill.io *.uhc.com *.uhg.com c2001.report.gbss.io cdn.gbqofs.com c1001.report.gbss.io *.glassboxdigital.io *.gbqofs.io *.newrelic.com *.adobedtm.com https://unpkg.com *.nr-data.net *.licdn.com *.cloudfront.net *.cloudflare.com *.optum.com *.demdex.net *.omtrdc.net *.amazonaws.com *.lpsnmedia.net 'unsafe-inline'; script-src 'self' 'unsafe-eval' *.bluecoat.com *.federateddataservices.com *.gstatic.com *.qualtrics.com *.console.glassboxsaas.com *.coveo.com *.uhcprovider.com *.jsdelivr.net https://polyfill.io/v3/polyfill.js *.uhc.com *.uhg.com c2001.report.gbss.io cdn.gbqofs.com c1001.report.gbss.io *.glassboxdigital.io *.gbqofs.io *.newrelic.com *.adobedtm.com https://unpkg.com *.nr-data.net *.licdn.com *.cloudfront.net *.optum.com *.amazonaws.com *.liveperson.net *.lpsnmedia.net blob: 'unsafe-inline'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-ancestors 'none'
cache-control
max-age=31536000,public,must-revalidate
etag
"dd484d6ddd2a572b3c7bf046f2387ad3"
via
1.1 2784337ad1bef2f5343cdf0842e12a80.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
RefreshHit from cloudfront
content-length
26266
x-amz-cf-id
GKUrbBiaHIgtT410-Q1ZLsFGRFcLnEucuibVt4kqYsS3Ar1o9SIZYQ==
date
Fri, 20 Sep 2024 13:55:01 GMT
content-type
application/javascript
last-modified
Wed, 11 Sep 2024 00:13:49 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P3
x-amz-server-side-encryption
AES256
2cf9a53754
bam.nr-data.net/1/ 		79 B
579 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bam.nr-data.net/1/2cf9a53754?a=296774782&sa=1&v=1177.96a4d39&t=Unnamed%20Transaction&rst=451&ck=1&ref=https://secure.uhcprovider.com/&be=334&fe=378&dc=377&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1726840500177,%22n%22:0,%22f%22:1,%22dn%22:2,%22dne%22:37,%22c%22:37,%22s%22:61,%22ce%22:97,%22rq%22:97,%22rp%22:160,%22rpe%22:163,%22dl%22:169,%22di%22:377,%22ds%22:377,%22de%22:378,%22dc%22:378,%22l%22:378,%22le%22:379%7D,%22navigation%22:%7B%7D%7D&jsonp=NREUM.setToken
Requested by
Host: secure.uhcprovider.com
URL: https://secure.uhcprovider.com/static/scripts/prod/newrelic.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.247.243.29 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://secure.uhcprovider.com/

Response headers

access-control-expose-headers
Date
timing-allow-origin
*
Connection
keep-alive
access-control-allow-credentials
true
access-control-allow-methods
GET, POST, PUT, HEAD, OPTIONS
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
Content-Length
79
date
Fri, 20 Sep 2024 13:55:00 GMT
content-type
text/javascript
x-served-by
cache-nyc-kteb1890086-NYC
Primary Request login
identity.onehealthcareid.com/api/v1/auth/
Redirect Chain
  • https://maelstrom-dmz.uhcprovider.com/api/identity/uhc-ohid/authorize?state=eyJyZWRpcmVjdCI6Imh0dHBzOi8vc2VjdXJlLnVoY3Byb3ZpZGVyLmNvbS8/Y2lkPWVtLXRyYWNraXRub3RpZmljYXRpb24tcmVjZW50bHljbG9zZWR0aWNrZ...
  • https://identity.onehealthcareid.com/oidc/authorize?client_id=sde60155&redirect_uri=https%3A%2F%2Fapps.uhcprovider.com%2Fapi%2Fidentity%2Fohid%2Fauthorize%2Fcallback&response_type=code&scope=openid...
  • https://identity.onehealthcareid.com/api/v1/auth/login
919 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://identity.onehealthcareid.com/api/v1/auth/login
Requested by
Host: apps.uhcprovider.com
URL: https://apps.uhcprovider.com/cdn/uhc-ohid/auth.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.249.91.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-91-33.jfk52.r.cloudfront.net
Software
CloudFront /
Resource Hash
13bc7bebe1fdb4ea310734d0dffac7f7d7d2901a41a2f696e0249e9c130ac80c

Request headers

Referer
https://secure.uhcprovider.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

content-length
919
content-type
text/html
date
Fri, 20 Sep 2024 13:55:00 GMT
server
CloudFront
via
1.1 c49eddbbbee7a3b1464851f470bede1e.cloudfront.net (CloudFront)
x-amz-cf-id
WEzWqoyotwyOwR_uUaUGM8uFlh05O93amjVbkFcq5YfHvGJhmm33bA==
x-amz-cf-pop
JFK52-P9
x-cache
Error from cloudfront

Redirect headers

cache-control
no-cache, no-store, max-age=0, must-revalidate
content-length
0
content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;
date
Fri, 20 Sep 2024 13:55:00 GMT
expires
0
location
https://identity.onehealthcareid.com/api/v1/auth/login
server
istio-envoy
strict-transport-security
max-age=31536000; includeSubDomains
trace-id
ba9a7b2084f09493
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
via
1.1 c49eddbbbee7a3b1464851f470bede1e.cloudfront.net (CloudFront)
x-amz-cf-id
QgHJGhyfvQ5PXzpeb99D5sicz4jjw3KiyVdgIoRZjC_dA4Ly7n7Kag==
x-amz-cf-pop
JFK52-P9
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-envoy-upstream-service-time
17
x-frame-options
DENY
x-xss-protection
1; mode=block
launch-ENc6e1900426c840fd81d27085571d578d.min.js
assets.adobedtm.com/ 		1 MB
205 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/launch-ENc6e1900426c840fd81d27085571d578d.min.js
Requested by
Host: secure.uhcprovider.com
URL: https://secure.uhcprovider.com/static/scripts/prod/newrelic.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:209f::1e80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://secure.uhcprovider.com/

Response headers

cache-control
max-age=3600
timing-allow-origin
*
content-encoding
gzip
etag
"6408c6420a918f36e63fcf64d1f985a4:1726564979.542147"
expires
Fri, 20 Sep 2024 14:55:00 GMT
accept-ranges
bytes
access-control-allow-origin
https://secure.uhcprovider.com
content-length
209599
date
Fri, 20 Sep 2024 13:55:00 GMT
content-type
application/x-javascript
last-modified
Tue, 17 Sep 2024 09:22:59 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
elastic-apm-rum.umd.min.js
unpkg.com/@elastic/apm-rum@5.10.2/dist/bundles/ 		58 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://unpkg.com/@elastic/apm-rum@5.10.2/dist/bundles/elastic-apm-rum.umd.min.js
Requested by
Host: secure.uhcprovider.com
URL: https://secure.uhcprovider.com/static/scripts/prod/newrelic.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:f7cb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://secure.uhcprovider.com/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
"e6c5-/9BUvuWqLuyh6WbAdjVZWIIeVZs"
age
31002
x-content-type-options
nosniff
date
Fri, 20 Sep 2024 13:55:00 GMT
content-type
application/javascript; charset=utf-8
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id
01J86XVRTHRRC3TAD3113ERCQE-yul
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31536000
via
1.1 fly.io
cf-ray
8c624f899a40a2a4-YUL
access-control-allow-origin
*
server
cloudflare
2cf9a53754
bam.nr-data.net/events/1/ 		24 B
349 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bam.nr-data.net/events/1/2cf9a53754?a=296774782&sa=1&v=1177.96a4d39&t=Unnamed%20Transaction&rst=562&ck=1&ref=https://secure.uhcprovider.com/
Requested by
Host: secure.uhcprovider.com
URL: https://secure.uhcprovider.com/static/scripts/prod/newrelic.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.247.243.29 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://secure.uhcprovider.com/

Response headers

Connection
keep-alive
access-control-allow-credentials
true
access-control-allow-methods
GET, POST, PUT, HEAD, OPTIONS
access-control-allow-origin
https://secure.uhcprovider.com
Content-Length
24
date
Fri, 20 Sep 2024 13:55:00 GMT
content-type
image/gif
x-served-by
cache-nyc-kteb1890038-NYC
react.production.min.js
cdn.jsdelivr.net/npm/react@16.13.0/umd/ 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/react@16.13.0/umd/react.production.min.js
Requested by
Host: secure.uhcprovider.com
URL: https://secure.uhcprovider.com/static/scripts/prod/newrelic.js
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
151.101.65.229 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://secure.uhcprovider.com
Referer
https://secure.uhcprovider.com/

Response headers

access-control-expose-headers
*
content-encoding
br
etag
W/"30af-PdQeRv5Wrr+mzPClFwc4E01l6K0"
age
1754690
x-content-type-options
nosniff
x-jsd-version-type
version
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT, HIT
date
Fri, 20 Sep 2024 13:55:00 GMT
content-type
application/javascript; charset=utf-8
x-served-by
cache-fra-etou8220065-FRA, cache-yul1970024-YUL
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
content-length
5139
x-jsd-version
16.13.0
react-dom.production.min.js
cdn.jsdelivr.net/npm/react-dom@16.13.0/umd/ 		116 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/react-dom@16.13.0/umd/react-dom.production.min.js
Requested by
Host: secure.uhcprovider.com
URL: https://secure.uhcprovider.com/static/scripts/prod/newrelic.js
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
151.101.65.229 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://secure.uhcprovider.com
Referer
https://secure.uhcprovider.com/

Response headers

access-control-expose-headers
*
content-encoding
br
etag
W/"1cf4f-WPOBYPb6DskoqH8J9BSB+53Ki+M"
age
1127484
x-content-type-options
nosniff
x-jsd-version-type
version
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT, HIT
date
Fri, 20 Sep 2024 13:55:00 GMT
content-type
application/javascript; charset=utf-8
x-served-by
cache-fra-etou8220108-FRA, cache-yul1970024-YUL
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
content-length
39333
x-jsd-version
16.13.0
react-is.production.min.js
cdn.jsdelivr.net/npm/react-is@16.13.0/umd/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/react-is@16.13.0/umd/react-is.production.min.js
Requested by
Host: secure.uhcprovider.com
URL: https://secure.uhcprovider.com/static/scripts/prod/newrelic.js
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
151.101.65.229 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://secure.uhcprovider.com
Referer
https://secure.uhcprovider.com/

Response headers

access-control-expose-headers
*
content-encoding
br
etag
W/"a0f-rh4+5Imj4bKOeyXrf7o3EeHIcd0"
age
862729
x-content-type-options
nosniff
x-jsd-version-type
version
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT, HIT
date
Fri, 20 Sep 2024 13:55:00 GMT
content-type
application/javascript; charset=utf-8
x-served-by
cache-fra-etou8220133-FRA, cache-yul1970024-YUL
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
content-length
953
x-jsd-version
16.13.0
styled-components.min.js
cdn.jsdelivr.net/npm/styled-components@5.2.1/dist/ 		33 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/styled-components@5.2.1/dist/styled-components.min.js
Requested by
Host: secure.uhcprovider.com
URL: https://secure.uhcprovider.com/static/scripts/prod/newrelic.js
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
151.101.65.229 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://secure.uhcprovider.com
Referer
https://secure.uhcprovider.com/

Response headers

access-control-expose-headers
*
content-encoding
br
etag
W/"820a-z8+fULg5XikqL8s308G3P2obcWw"
age
988237
x-content-type-options
nosniff
x-jsd-version-type
version
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT, HIT
date
Fri, 20 Sep 2024 13:55:00 GMT
content-type
application/javascript; charset=utf-8
x-served-by
cache-fra-eddf8230120-FRA, cache-yul1970024-YUL
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
content-length
13700
x-jsd-version
5.2.1
single-spa.min.js
cdn.jsdelivr.net/npm/single-spa@5.5.0/lib/system/ 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/single-spa@5.5.0/lib/system/single-spa.min.js
Requested by
Host: secure.uhcprovider.com
URL: https://secure.uhcprovider.com/static/scripts/prod/newrelic.js
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
151.101.65.229 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://secure.uhcprovider.com
Referer
https://secure.uhcprovider.com/

Response headers

access-control-expose-headers
*
content-encoding
br
etag
W/"4c71-2hnMAlXhr3b/dbYWaee2nU1I8Dw"
age
298953
x-content-type-options
nosniff
x-jsd-version-type
version
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT, HIT
date
Fri, 20 Sep 2024 13:55:00 GMT
content-type
application/javascript; charset=utf-8
x-served-by
cache-fra-eddf8230034-FRA, cache-yul1970024-YUL
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
content-length
6423
x-jsd-version
5.5.0
1.56827816.chunk.js
secure.uhcprovider.com/static/version/V2VkIFNlcCAxMSAyMDI0IDAwOjEwOjA5/ 		0
0
2.aa02b10c.chunk.js
secure.uhcprovider.com/static/version/V2VkIFNlcCAxMSAyMDI0IDAwOjEwOjA5/ 		158 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://secure.uhcprovider.com/static/version/V2VkIFNlcCAxMSAyMDI0IDAwOjEwOjA5/2.aa02b10c.chunk.js
Requested by
Host: secure.uhcprovider.com
URL: https://secure.uhcprovider.com/static/scripts/prod/newrelic.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:261f:2200:1a:19fe:bb80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
UnitedHealthcare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src blob: data: *.lpsnmedia.net; connect-src 'self' data: *.liveperson.net *.bluecoat.com *.federateddataservices.com *.gstatic.com *.qualtrics.com *.console.glassboxsaas.com *.coveo.com wss://va.msg.liveperson.net *.launchdarkly.com *.uhcprovider.com *.jsdelivr.net pollyfill.io *.uhc.com *.uhg.com c2001.report.gbss.io cdn.gbqofs.com c1001.report.gbss.io *.glassboxdigital.io *.gbqofs.io *.newrelic.com *.adobedtm.com https://unpkg.com *.nr-data.net *.licdn.com *.cloudfront.net *.cloudflare.com *.optum.com *.demdex.net *.omtrdc.net *.amazonaws.com *.lpsnmedia.net 'unsafe-inline'; script-src 'self' 'unsafe-eval' *.bluecoat.com *.federateddataservices.com *.gstatic.com *.qualtrics.com *.console.glassboxsaas.com *.coveo.com *.uhcprovider.com *.jsdelivr.net https://polyfill.io/v3/polyfill.js *.uhc.com *.uhg.com c2001.report.gbss.io cdn.gbqofs.com c1001.report.gbss.io *.glassboxdigital.io *.gbqofs.io *.newrelic.com *.adobedtm.com https://unpkg.com *.nr-data.net *.licdn.com *.cloudfront.net *.optum.com *.amazonaws.com *.liveperson.net *.lpsnmedia.net blob: 'unsafe-inline'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-ancestors 'none'
Strict-Transport-Security max-age=31536000; includeSubdomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://secure.uhcprovider.com/?cid=em-trackitnotification-recentlyclosedtickets/

Response headers

etag
"b2e02e20b4429323ef98db0b80883be9"
age
826864
x-cache
Hit from cloudfront
x-amz-cf-id
SoAv9WF0-zRPBSCPCM0T4mC59HKLT2q8qESsrcJRgCAQ-u3GM76Vcg==
date
Wed, 11 Sep 2024 00:13:57 GMT
content-type
application/javascript
last-modified
Wed, 11 Sep 2024 00:13:49 GMT
strict-transport-security
max-age=31536000; includeSubdomains; preload
content-security-policy
default-src blob: data: *.lpsnmedia.net; connect-src 'self' data: *.liveperson.net *.bluecoat.com *.federateddataservices.com *.gstatic.com *.qualtrics.com *.console.glassboxsaas.com *.coveo.com wss://va.msg.liveperson.net *.launchdarkly.com *.uhcprovider.com *.jsdelivr.net pollyfill.io *.uhc.com *.uhg.com c2001.report.gbss.io cdn.gbqofs.com c1001.report.gbss.io *.glassboxdigital.io *.gbqofs.io *.newrelic.com *.adobedtm.com https://unpkg.com *.nr-data.net *.licdn.com *.cloudfront.net *.cloudflare.com *.optum.com *.demdex.net *.omtrdc.net *.amazonaws.com *.lpsnmedia.net 'unsafe-inline'; script-src 'self' 'unsafe-eval' *.bluecoat.com *.federateddataservices.com *.gstatic.com *.qualtrics.com *.console.glassboxsaas.com *.coveo.com *.uhcprovider.com *.jsdelivr.net https://polyfill.io/v3/polyfill.js *.uhc.com *.uhg.com c2001.report.gbss.io cdn.gbqofs.com c1001.report.gbss.io *.glassboxdigital.io *.gbqofs.io *.newrelic.com *.adobedtm.com https://unpkg.com *.nr-data.net *.licdn.com *.cloudfront.net *.optum.com *.amazonaws.com *.liveperson.net *.lpsnmedia.net blob: 'unsafe-inline'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-ancestors 'none'
cache-control
max-age=31536000,public,must-revalidate
via
1.1 2784337ad1bef2f5343cdf0842e12a80.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
706340
x-amz-cf-pop
JFK52-P3
server
UnitedHealthcare
x-amz-server-side-encryption
AES256
error.html
identity.onehealthcareid.com/app/
Redirect Chain
  • https://identity.onehealthcareid.com/favicon.ico
  • https://identity.onehealthcareid.com/app/error.html
1 KB
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://identity.onehealthcareid.com/app/error.html
Protocol
H2
Server
13.249.91.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-91-33.jfk52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e3499ad72ea07649dbcc2f3a141a7793b7a172c995908f54dc1928721720d4d5
Security Headers
Name Value
Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://identity.onehealthcareid.com/api/v1/auth/login

Response headers

content-encoding
gzip
etag
W/"3c632d0dfa1ba8997182adfaa11e58b3"
x-amz-version-id
X.xlKIHRbsnVVJlCIQN1WmZXbniS7Ftx
age
24081
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
EolFs5G0yI1bwLN-UhRkR6LmZHotZw5Y_EFS-zRjIyjCguH1HHEkEQ==
date
Fri, 20 Sep 2024 07:13:41 GMT
content-type
text/html
last-modified
Wed, 19 Jun 2024 08:41:42 GMT
vary
Accept-Encoding
x-amz-id-2
bkUgx66beOAhzmY24UINAuQDYoBxzv/n/f1R4/30VhHZqfmV3o4i+yQcVAjgOh6MsYTvbkbbO5c=
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-replication-status
COMPLETED
content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;
cache-control
max-age=3600,s-maxage=86400
via
1.1 c49eddbbbee7a3b1464851f470bede1e.cloudfront.net (CloudFront)
x-amz-request-id
R93SVJ2FM9GYZKGR
x-xss-protection
1; mode=block
x-amz-cf-pop
JFK52-P9
server
AmazonS3
x-amz-server-side-encryption
AES256

Redirect headers

x-content-type-options
nosniff
x-cache
Error from cloudfront
x-amz-cf-id
sSuukRoQNC5TI_84wdu6Pm867cXubU9uhxuUknnfU1mDMrzOLjsMNQ==
date
Fri, 20 Sep 2024 13:55:01 GMT
content-type
application/xml
x-frame-options
DENY
x-amz-id-2
AUMzROx1k3jcUu+a4vRsW4shd2iHx/sl3O+epD2hGJ+rYvAWNZQ2V/3WcVEmUgWyDYuGdpowmFM=
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;
cache-control
no-store
location
/app/error.html#/handle-error?errorCode=404
via
1.1 c49eddbbbee7a3b1464851f470bede1e.cloudfront.net (CloudFront)
x-amz-request-id
SP6NZ45DT6WWNBMX
content-length
0
x-xss-protection
1; mode=block
x-amz-cf-pop
JFK52-P9
server
AmazonS3

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
secure.uhcprovider.com
URL
https://secure.uhcprovider.com/static/version/V2VkIFNlcCAxMSAyMDI0IDAwOjEwOjA5/1.56827816.chunk.js

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Domain/Path Name / Value
.nr-data.net/ Name: JSESSIONID
Value: ffd974b4c36b2af0
identity.onehealthcareid.com/ Name: oidp
Value: AV48EsyqTcK7aw8D2ZFlHQcxr9Sg4f7rJ0j_1zirspWXgBDlWI8EuSgB78viSQ==
.uhcprovider.com/ Name: AMCV_8E391C8B533058250A490D4D%40AdobeOrg
Value: -1124106680%7CMCIDTS%7C19987%7CvVersion%7C5.2.0
.uhcprovider.com/ Name: mbox
Value: session#be7307a7fb934f23b701b5652b1204bc#1726842361
.uhcprovider.com/ Name: at_check
Value: true

2 Console Messages

Source Level URL
Text
network error URL: https://maelstrom-dmz.uhcprovider.com/api/identity/uhc-ohid/introspect
Message:
Failed to load resource: the server responded with a status of 401 ()
network error URL: https://identity.onehealthcareid.com/api/v1/auth/login
Message:
Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src blob: data: *.lpsnmedia.net; connect-src 'self' data: *.liveperson.net *.bluecoat.com *.federateddataservices.com *.gstatic.com *.qualtrics.com *.console.glassboxsaas.com *.coveo.com wss://va.msg.liveperson.net *.launchdarkly.com *.uhcprovider.com *.jsdelivr.net pollyfill.io *.uhc.com *.uhg.com c2001.report.gbss.io cdn.gbqofs.com c1001.report.gbss.io *.glassboxdigital.io *.gbqofs.io *.newrelic.com *.adobedtm.com https://unpkg.com *.nr-data.net *.licdn.com *.cloudfront.net *.cloudflare.com *.optum.com *.demdex.net *.omtrdc.net *.amazonaws.com *.lpsnmedia.net 'unsafe-inline'; script-src 'self' 'unsafe-eval' *.bluecoat.com *.federateddataservices.com *.gstatic.com *.qualtrics.com *.console.glassboxsaas.com *.coveo.com *.uhcprovider.com *.jsdelivr.net https://polyfill.io/v3/polyfill.js *.uhc.com *.uhg.com c2001.report.gbss.io cdn.gbqofs.com c1001.report.gbss.io *.glassboxdigital.io *.gbqofs.io *.newrelic.com *.adobedtm.com https://unpkg.com *.nr-data.net *.licdn.com *.cloudfront.net *.optum.com *.amazonaws.com *.liveperson.net *.lpsnmedia.net blob: 'unsafe-inline'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-ancestors 'none'
Strict-Transport-Security max-age=31536000; includeSubdomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

apps.uhcprovider.com
assets.adobedtm.com
bam.nr-data.net
cdn.jsdelivr.net
identity.onehealthcareid.com
js-agent.newrelic.com
maelstrom-dmz.uhc.com
maelstrom-dmz.uhcprovider.com
secure.uhcprovider.com
unpkg.com
secure.uhcprovider.com
13.249.91.33
151.101.65.229
162.247.243.29
2600:141b:1c00:209f::1e80
2600:9000:21da:9000:1d:be51:5240:93a1
2600:9000:247b:1400:18:51c1:c340:93a1
2600:9000:261f:2200:1a:19fe:bb80:93a1
2602:816:5001::39
2606:4700::6811:f7cb
2a04:4e42::485
062a832fee52b63b43ab13ff33f83e71d4a3ba1b617b6e88d1c46c1100ef7a40
13bc7bebe1fdb4ea310734d0dffac7f7d7d2901a41a2f696e0249e9c130ac80c
2d481831a540df0d562b603d761f5d1654b40e8b954c87bce99103a7ad76a519
3cc632231fca883c829e8a6edb5d36d92fc1f3db5f6b716bc44ed89bbb07083a
4c5859edb889a16fa463eefe5be729df8ade6f111943dd34b9128259801576e8
4f88e47b338330d914eebdd94d10953f24efd069a0e8ff038fee3e252d72f39d
54cb1f867060c01677649ce2d5e65485b33ce06ea271cb4244cbdd22c31fe69a
705495f84f2adb64029733a4ea92b84aa9cf373b5dc7f05f2329165829d38b96
a1b300471cd4361016b2ba738a92b1c4790572bc683f6356631232dfbf77d150
a3f509e7e67a6855169a603f3fb28505ae6c56b279ef10c9134b63f6ffc835a2
c44c3d1632d92c8ea5f98489caf72c32ce1e675c286d12124b03c068162c60ce
d798f67f0d33a7c52e6179ae6c51d6ed270aff1af9361c64c6625ca7b4f72eb7
e3499ad72ea07649dbcc2f3a141a7793b7a172c995908f54dc1928721720d4d5
eef4b8a4fb20ef3c75a13009d73408af694383fabc6a7cd409ccfa9f1b9a2a15