urlscan.io logo urlscan.io
SecurityTrails logo

login-patient.labcorp.com Open in urlscan Pro
52.223.49.115  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://click.labcorpmessage.com/?qs=e63e84bbf99892aaf801ae818402c48a601e9f1cf0b70b1184212159872c4edc88f93f57eb3c7bd245808e5c221a...
Effective URL: https://login-patient.labcorp.com/oauth2/default/v1/authorize?client_id=0oaympyx2kMM41A140x7&code_challenge=dJF-tuQspYPtjFaifaozn9...
Submission Tags: falconsandbox
Submission: On September 24 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 12 IPs in 3 countries across 11 domains to perform 61 HTTP transactions. The main IP is 52.223.49.115, located in United States and belongs to AMAZON-02, US. The main domain is login-patient.labcorp.com. The Cisco Umbrella rank of the primary domain is 129697.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on July 31st 2024. Valid for: 7 months.
This is the only time login-patient.labcorp.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 13.111.136.50 14340 (SALESFORCE)
19 18.164.124.69 16509 (AMAZON-02)
12 2606:4700::68... 13335 (CLOUDFLAR...)
3 192.229.221.25 15133 (EDGECAST)
1 2600:9000:211... 16509 (AMAZON-02)
2 52.201.20.20 14618 (AMAZON-AES)
2 2a02:26f0:350... 20940 (AKAMAI-ASN1)
7 52.223.49.115 16509 (AMAZON-02)
2 52.49.164.251 16509 (AMAZON-02)
1 1 34.252.69.234 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
9 18.245.86.88 16509 (AMAZON-02)
1 108.138.7.41 16509 (AMAZON-02)
61 12
1    13.111.136.50 (United States)

ASN14340 (SALESFORCE, US)
PTR: click.labcorpmessage.com
click.labcorpmessage.com
19    18.164.124.69 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-164-124-69.jfk50.r.cloudfront.net
patient.labcorp.com
12    2606:4700::6812:572a (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.cookielaw.org
3    192.229.221.25 (United States)

ASN15133 (EDGECAST, US)
js.braintreegateway.com
1    2600:9000:211e:a00:10:5a95:d240:93a1 (United States)

ASN16509 (AMAZON-02, US)
content.patient.pendo.cws.labcorp.com
2    52.201.20.20 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-201-20-20.compute-1.amazonaws.com
portal-api.patient.cws.labcorp.com
2    2a02:26f0:3500:587::1e80 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
assets.adobedtm.com
7    52.223.49.115 (United States)

ASN16509 (AMAZON-02, US)
PTR: ad3225ce0e27ecc67.awsglobalaccelerator.com
login-patient.labcorp.com
2    52.49.164.251 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-49-164-251.eu-west-1.compute.amazonaws.com
dpm.demdex.net
1    34.252.69.234 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-252-69-234.eu-west-1.compute.amazonaws.com
cm.everesttech.net
1    2a00:1450:4001:800::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
9    18.245.86.88 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-86-88.fra60.r.cloudfront.net
ok2static.oktacdn.com
1    108.138.7.41 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-7-41.fra56.r.cloudfront.net
login.okta.com
Apex Domain
Subdomains		 Transfer
29 labcorp.com
patient.labcorp.com — Cisco Umbrella Rank: 117070
content.patient.pendo.cws.labcorp.com — Cisco Umbrella Rank: 121578
portal-api.patient.cws.labcorp.com — Cisco Umbrella Rank: 122985
login-patient.labcorp.com — Cisco Umbrella Rank: 129697
1 MB
12 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 313
204 KB
9 oktacdn.com
ok2static.oktacdn.com — Cisco Umbrella Rank: 15097
792 KB
3 braintreegateway.com
js.braintreegateway.com — Cisco Umbrella Rank: 9158
34 KB
2 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 254
labcorp.demdex.net Failed
2 KB
2 adobedtm.com
assets.adobedtm.com — Cisco Umbrella Rank: 442
53 KB
1 okta.com
login.okta.com — Cisco Umbrella Rank: 3655
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 32
1 KB
1 everesttech.net
cm.everesttech.net — Cisco Umbrella Rank: 1454
490 B
1 labcorpmessage.com
click.labcorpmessage.com — Cisco Umbrella Rank: 152492
245 B
0 onetrust.com Failed
geolocation.onetrust.com Failed
61 11
Domain Requested by
19 patient.labcorp.com patient.labcorp.com
login-patient.labcorp.com
12 cdn.cookielaw.org patient.labcorp.com
cdn.cookielaw.org
9 ok2static.oktacdn.com login-patient.labcorp.com
ok2static.oktacdn.com
7 login-patient.labcorp.com patient.labcorp.com
ok2static.oktacdn.com
3 js.braintreegateway.com patient.labcorp.com
2 dpm.demdex.net patient.labcorp.com
2 assets.adobedtm.com patient.labcorp.com
assets.adobedtm.com
2 portal-api.patient.cws.labcorp.com patient.labcorp.com
1 login.okta.com ok2static.oktacdn.com
1 fonts.googleapis.com login-patient.labcorp.com
1 cm.everesttech.net 1 redirects
1 content.patient.pendo.cws.labcorp.com patient.labcorp.com
1 click.labcorpmessage.com 1 redirects
0 labcorp.demdex.net Failed assets.adobedtm.com
0 geolocation.onetrust.com Failed cdn.cookielaw.org
61 15

This site contains no links.

Subject Issuer Validity Valid
patient.labcorp.com
Amazon RSA 2048 M03		 2024-08-26 -
2025-09-24		 a year crt.sh
cookielaw.org
WE1		 2024-08-13 -
2024-11-11		 3 months crt.sh
www.paypal.com
DigiCert SHA2 Extended Validation Server CA		 2024-06-13 -
2025-06-12		 a year crt.sh
content.patient.pendo.cws.labcorp.com
Amazon RSA 2048 M03		 2024-07-03 -
2025-07-31		 a year crt.sh
portal-api.patient.cws.labcorp.com
Amazon RSA 2048 M03		 2024-08-08 -
2025-09-06		 a year crt.sh
assets.adobedtm.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-07-09 -
2025-08-09		 a year crt.sh
login-patient.labcorp.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-07-31 -
2025-03-11		 7 months crt.sh
*.demdex.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-09-26 -
2024-10-26		 a year crt.sh
upload.video.google.com
WR2		 2024-08-26 -
2024-11-18		 3 months crt.sh
*.oktacdn.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-12-15 -
2025-01-02		 a year crt.sh
accounts.okta.com
Amazon RSA 2048 M02		 2024-07-17 -
2025-08-15		 a year crt.sh

This page contains 3 frames:

Primary Page: https://login-patient.labcorp.com/oauth2/default/v1/authorize?client_id=0oaympyx2kMM41A140x7&code_challenge=dJF-tuQspYPtjFaifaozn9KLOqpB4DyiXRsvcsdrO9E&code_challenge_method=S256&nonce=fOwhqwwPJdwxLkxrE0U7fhZqFn1KRrgI4WqGsP2cPRyzdUD0HT4Bd8ONHEVYLAIh&redirect_uri=https%3A%2F%2Fpatient.labcorp.com%2Fcallback&response_type=code&state=xYkdbz7SIr80Wt70D2V4iwGKGqNSWByhqe4SNQHG4ZF7XsyM86fMx1SW1EdLlyes&scope=openid%20email%20profile
Frame ID: 8375DB2259B69364771A3D3A835AA913
Requests: 56 HTTP requests in this frame

Frame: https://labcorp.demdex.net/dest5.html?d_nsid=0
Frame ID: C8D183FC19FA1D5BC098182881E9F029
Requests: 1 HTTP requests in this frame

Frame: https://login.okta.com/discovery/iframe.html
Frame ID: D928A61B1958C395FF3BC9F5AEEDBF98
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Labcorp Patient - Anmelden

Page URL History Show full URLs

  1. https://click.labcorpmessage.com/?qs=e63e84bbf99892aaf801ae818402c48a601e9f1cf0b70b1184212159872c4edc88f93f57... HTTP 302
    https://patient.labcorp.com/portal/invoices/25674068/Friendly_Reminder Page URL
  2. https://login-patient.labcorp.com/oauth2/default/v1/authorize?client_id=0oaympyx2kMM41A140x7&code_challenge=dJ... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • js\.braintreegateway\.com
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js

Page Statistics

61
Requests

95 %
HTTPS

31 %
IPv6

11
Domains

15
Subdomains

12
IPs

3
Countries

2491 kB
Transfer

8192 kB
Size

9
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://click.labcorpmessage.com/?qs=e63e84bbf99892aaf801ae818402c48a601e9f1cf0b70b1184212159872c4edc88f93f57eb3c7bd245808e5c221adf63619e6007d97be613972027950dd3ccd8 HTTP 302
    https://patient.labcorp.com/portal/invoices/25674068/Friendly_Reminder Page URL
  2. https://login-patient.labcorp.com/oauth2/default/v1/authorize?client_id=0oaympyx2kMM41A140x7&code_challenge=dJF-tuQspYPtjFaifaozn9KLOqpB4DyiXRsvcsdrO9E&code_challenge_method=S256&nonce=fOwhqwwPJdwxLkxrE0U7fhZqFn1KRrgI4WqGsP2cPRyzdUD0HT4Bd8ONHEVYLAIh&redirect_uri=https%3A%2F%2Fpatient.labcorp.com%2Fcallback&response_type=code&state=xYkdbz7SIr80Wt70D2V4iwGKGqNSWByhqe4SNQHG4ZF7XsyM86fMx1SW1EdLlyes&scope=openid%20email%20profile Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://click.labcorpmessage.com/?qs=e63e84bbf99892aaf801ae818402c48a601e9f1cf0b70b1184212159872c4edc88f93f57eb3c7bd245808e5c221adf63619e6007d97be613972027950dd3ccd8 HTTP 302
  • https://patient.labcorp.com/portal/invoices/25674068/Friendly_Reminder
Request Chain 43
  • https://cm.everesttech.net/cm/dd?d_uuid=11103051434037251421310069975955269310 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZvJQIQAAADYwWgO5

61 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Friendly_Reminder
patient.labcorp.com/portal/invoices/25674068/
Redirect Chain
  • https://click.labcorpmessage.com/?qs=e63e84bbf99892aaf801ae818402c48a601e9f1cf0b70b1184212159872c4edc88f93f57eb3c7bd245808e5c221adf63619e6007d97be613972027950dd3ccd8
  • https://patient.labcorp.com/portal/invoices/25674068/Friendly_Reminder
2 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://patient.labcorp.com/portal/invoices/25674068/Friendly_Reminder
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.124.69 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-124-69.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
086834150f1cc41da942702b89f4000a461668bb4836fcec56ca578a73f40233
Security Headers
Name Value
Content-Security-Policy default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

content-encoding
gzip
content-security-policy
default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
content-type
text/html; charset=utf-8
date
Tue, 24 Sep 2024 05:37:37 GMT
etag
W/"fb1e0788d9991dd44876ab786da4b272"
expect-ct
max-age=0
last-modified
Fri, 09 Aug 2024 04:22:01 GMT
permissions-policy
payment=(*)
referrer-policy
strict-origin
server
AmazonS3
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
via
1.1 f54bc880c0d35571a4883f7c10838532.cloudfront.net (CloudFront)
x-amz-cf-id
b32iYzfo5pBvSNMC1Y-Z0iAL2Yu801R5hRoqCldE1_oMDz4MoJIwfA==
x-amz-cf-pop
JFK50-P7
x-amz-server-side-encryption
AES256
x-amz-version-id
qdjGJy5XggOoM5A_rJLByvHfJ4gwP6Hb
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-xss-protection
1; mode=block

Redirect headers

Cache-Control
private
Connection
close
Content-Length
187
Content-Type
text/html; charset=utf-8
Date
Tue, 24 Sep 2024 05:37:35 GMT
Location
https://patient.labcorp.com/portal/invoices/25674068/Friendly_Reminder
OtAutoBlock.js
cdn.cookielaw.org/consent/fdd7992d-1560-4718-962c-a5ede771f2a3/ 		107 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/fdd7992d-1560-4718-962c-a5ede771f2a3/OtAutoBlock.js
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/portal/invoices/25674068/Friendly_Reminder
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e426698cad245f1ee6b3a251500b07c9cc5322c050fbf149861e15c09603852c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://patient.labcorp.com/

Response headers

content-md5
rXZowSOqyVHiKtzdDp4uag==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
cf-cache-status
HIT
etag
0x8DCB25ADA96FF1E
age
19158
x-ms-lease-status
unlocked
x-content-type-options
nosniff
x-ms-version
2009-09-19
expires
Wed, 25 Sep 2024 05:37:36 GMT
date
Tue, 24 Sep 2024 05:37:36 GMT
content-type
application/javascript
last-modified
Thu, 01 Aug 2024 18:50:46 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin, cross-origin
x-ms-request-id
7ae3beeb-001e-00ad-7b43-e4b3e0000000
cf-ray
8c806c699fa43600-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
14759
x-ms-blob-type
BlockBlob
server
cloudflare
otSDKStub.js
cdn.cookielaw.org/scripttemplates/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/portal/invoices/25674068/Friendly_Reminder
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
91b0809d8b9dc57eaa09cb0e13c210b24edfaeadb94a8cff0fee02751c1b0b5f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://patient.labcorp.com/

Response headers

content-md5
jwlUUXc1HMPClYXMpY+NPQ==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DCD8E0A0C68C67
x-ms-lease-status
unlocked
age
78846
cf-cache-status
HIT
x-content-type-options
nosniff
expires
Tue, 24 Sep 2024 07:43:30 GMT
date
Tue, 24 Sep 2024 05:37:36 GMT
content-type
application/javascript
last-modified
Thu, 19 Sep 2024 19:24:06 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
272231be-201e-00d7-738d-0bd9ad000000
cf-ray
8c806c699fa53600-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
6881
x-ms-blob-type
BlockBlob
server
cloudflare
client.min.js
js.braintreegateway.com/web/3.87.0/js/ 		42 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.braintreegateway.com/web/3.87.0/js/client.min.js
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/portal/invoices/25674068/Friendly_Reminder
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4CDC) /
Resource Hash
bbdb499ada9a9b54877bce6e362d9dc0745374dcc39ed49ba2ee210b1429255f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://patient.labcorp.com/

Response headers

paypal-debug-id
95e19d73bc0fd
content-encoding
gzip
etag
W/"631acce0-a80d"
x-content-type-options
nosniff
traceparent
00-000000000000000000095e19d73bc0fd-4bb7ccd17b71a64f-01
dc
ccg11-origin-www-1.paypal.com
x-cache
HIT
date
Tue, 24 Sep 2024 05:37:36 GMT
content-type
application/javascript
last-modified
Fri, 09 Sep 2022 05:19:28 GMT
vary
Accept-Encoding
strict-transport-security
max-age=63072000; includeSubDomains; preload
cache-control
s-maxage=31536000, public,max-age=3600
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
accept-ranges
bytes
access-control-allow-origin
*
content-length
12839
server
ECAcc (frc/4CDC)
apple-pay.min.js
js.braintreegateway.com/web/3.87.0/js/ 		22 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.braintreegateway.com/web/3.87.0/js/apple-pay.min.js
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/portal/invoices/25674068/Friendly_Reminder
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4CEB) /
Resource Hash
10a8fbaa0884f4deedfb149d83b3345d7489f9995d0737d35b3282132cd04452
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://patient.labcorp.com/

Response headers

paypal-debug-id
3414a969c9f97
content-encoding
gzip
etag
W/"631acce0-561d"
x-content-type-options
nosniff
traceparent
00-00000000000000000003414a969c9f97-671ed0780ed40274-01
dc
ccg11-origin-www-1.paypal.com
x-cache
HIT
date
Tue, 24 Sep 2024 05:37:36 GMT
content-type
application/javascript
last-modified
Fri, 09 Sep 2022 05:19:28 GMT
vary
Accept-Encoding
strict-transport-security
max-age=63072000; includeSubDomains; preload
cache-control
s-maxage=31536000, public,max-age=3600
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
accept-ranges
bytes
access-control-allow-origin
*
content-length
6563
server
ECAcc (frc/4CEB)
paypal-checkout.min.js
js.braintreegateway.com/web/3.87.0/js/ 		54 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.braintreegateway.com/web/3.87.0/js/paypal-checkout.min.js
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/portal/invoices/25674068/Friendly_Reminder
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4CF9) /
Resource Hash
3d9ef05bcd150166c1f5163efaa04d78e47390892439d4f9bcb4d22a6b579762
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://patient.labcorp.com/

Response headers

paypal-debug-id
b0e07c475754c
content-encoding
gzip
etag
W/"631acce0-d9dd"
x-content-type-options
nosniff
traceparent
00-0000000000000000000b0e07c475754c-be324e80e881aa4b-01
dc
ccg11-origin-www-1.paypal.com
x-cache
HIT
date
Tue, 24 Sep 2024 05:37:36 GMT
content-type
application/javascript
last-modified
Fri, 09 Sep 2022 05:19:28 GMT
vary
Accept-Encoding
strict-transport-security
max-age=63072000; includeSubDomains; preload
cache-control
s-maxage=31536000, public,max-age=3600
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
accept-ranges
bytes
access-control-allow-origin
*
content-length
15122
server
ECAcc (frc/4CF9)
styles.9b1cf7eda88b17ccaf8e.css
patient.labcorp.com/ 		253 KB
41 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://patient.labcorp.com/styles.9b1cf7eda88b17ccaf8e.css
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/portal/invoices/25674068/Friendly_Reminder
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.124.69 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-124-69.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
0afaa8243a885ae98499c05dba6fd60983bc9f9a583987894c0534999dae45d1
Security Headers
Name Value
Content-Security-Policy default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://patient.labcorp.com/

Response headers

content-encoding
gzip
x-amz-version-id
bQpkt3l83Ya5RhTFAVEqNJeg_Vqk0i6u
etag
W/"a3fd981fb6b053693c015c66b189dff7"
age
90
expect-ct
max-age=0
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
PEN1t2fKulFZQL2sF88_HK30Fd1RCh8xIVozTn3pcdSinTNW0mDlAA==
date
Tue, 24 Sep 2024 05:36:07 GMT
content-type
text/css; charset=utf-8
last-modified
Fri, 08 Mar 2024 03:09:36 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
x-dns-prefetch-control
off
referrer-policy
strict-origin
x-download-options
noopen
via
1.1 f54bc880c0d35571a4883f7c10838532.cloudfront.net (CloudFront)
permissions-policy
payment=(*)
x-xss-protection
1; mode=block
x-amz-cf-pop
JFK50-P7
server
AmazonS3
x-amz-server-side-encryption
AES256
runtime-es2015.276d3f7e7efc286fcea2.js
patient.labcorp.com/ 		3 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://patient.labcorp.com/runtime-es2015.276d3f7e7efc286fcea2.js
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/portal/invoices/25674068/Friendly_Reminder
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.124.69 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-124-69.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2bc18a93aeb37d777bb109451015602aee9b30b3dd9b4f1c2a5da50577745c12
Security Headers
Name Value
Content-Security-Policy default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://patient.labcorp.com
Referer
https://patient.labcorp.com/

Response headers

content-encoding
gzip
x-amz-version-id
g7imq66eNhz2SoX_v6p4G56f1KnrzmA_
etag
W/"51486d03f9671dc4065f68befa17aad8"
age
493
expect-ct
max-age=0
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
ZHP5NSg4Mt67DZ6CBM9-sOiOKdro-rvbRP-trQ6ybrnBeaSVi0QVwA==
date
Tue, 24 Sep 2024 05:29:24 GMT
content-type
application/javascript
last-modified
Fri, 09 Aug 2024 04:22:01 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
x-dns-prefetch-control
off
referrer-policy
strict-origin
x-download-options
noopen
via
1.1 f54bc880c0d35571a4883f7c10838532.cloudfront.net (CloudFront)
permissions-policy
payment=(*)
x-xss-protection
1; mode=block
x-amz-cf-pop
JFK50-P7
server
AmazonS3
x-amz-server-side-encryption
AES256
polyfills-es2015.b87f0519b1574d0b1ba0.js
patient.labcorp.com/ 		68 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://patient.labcorp.com/polyfills-es2015.b87f0519b1574d0b1ba0.js
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/portal/invoices/25674068/Friendly_Reminder
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.124.69 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-124-69.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d4ebab34a6deec0d1ab70ca05c47cf7db2709d7a087ef4ed78b5a22b2e2b7b29
Security Headers
Name Value
Content-Security-Policy default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://patient.labcorp.com
Referer
https://patient.labcorp.com/

Response headers

content-encoding
gzip
x-amz-version-id
ahaZefA_vjBIyrKsuIg0U1GEeiPzcvsu
etag
W/"9741467ace38fb565d84ba2ef492b871"
age
2846
expect-ct
max-age=0
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
rSFklRDanvp3l-CwIAx3uPDuW3T2FA0GeiD6oOLZabTcgZAFi2BN6w==
date
Tue, 24 Sep 2024 04:50:11 GMT
content-type
application/javascript
last-modified
Tue, 25 Jun 2024 20:10:51 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
x-dns-prefetch-control
off
referrer-policy
strict-origin
x-download-options
noopen
via
1.1 f54bc880c0d35571a4883f7c10838532.cloudfront.net (CloudFront)
permissions-policy
payment=(*)
x-xss-protection
1; mode=block
x-amz-cf-pop
JFK50-P7
server
AmazonS3
x-amz-server-side-encryption
AES256
main-es2015.42d2465b925a8a837089.js
patient.labcorp.com/ 		3 MB
651 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://patient.labcorp.com/main-es2015.42d2465b925a8a837089.js
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/portal/invoices/25674068/Friendly_Reminder
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.124.69 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-124-69.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f9337ae8f0b1caec74796f1fe98f8fb3f230018a71232ae6da1d88d9bc7dc8f1
Security Headers
Name Value
Content-Security-Policy default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://patient.labcorp.com
Referer
https://patient.labcorp.com/

Response headers

content-encoding
gzip
x-amz-version-id
GjeePNEoxvmQyzStES34rngfywnvck.9
etag
W/"e378a31e8e68fb8b5d7b9998519570a4"
age
801
expect-ct
max-age=0
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
Cq19aOAVf69EmenhhPd1Gp78DBJm0nwxH4ZJOrfQ66D_x8sts43ZbQ==
date
Tue, 24 Sep 2024 05:24:16 GMT
content-type
application/javascript
last-modified
Fri, 09 Aug 2024 04:22:01 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
x-dns-prefetch-control
off
referrer-policy
strict-origin
x-download-options
noopen
via
1.1 f54bc880c0d35571a4883f7c10838532.cloudfront.net (CloudFront)
permissions-policy
payment=(*)
x-xss-protection
1; mode=block
x-amz-cf-pop
JFK50-P7
server
AmazonS3
x-amz-server-side-encryption
AES256
fdd7992d-1560-4718-962c-a5ede771f2a3.json
cdn.cookielaw.org/consent/fdd7992d-1560-4718-962c-a5ede771f2a3/ 		5 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/fdd7992d-1560-4718-962c-a5ede771f2a3/fdd7992d-1560-4718-962c-a5ede771f2a3.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c18ad0dc68e29a72aa5f98140af88610a0a2a40b19029c78346514f9803b39d6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://patient.labcorp.com/

Response headers

content-md5
0wX1xW7b/xz8rmXKW0LLWw==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
cf-cache-status
HIT
etag
0x8DCB25ADAC83835
age
55513
x-ms-lease-status
unlocked
x-content-type-options
nosniff
x-ms-version
2009-09-19
expires
Wed, 25 Sep 2024 05:37:36 GMT
date
Tue, 24 Sep 2024 05:37:36 GMT
content-type
application/json
last-modified
Thu, 01 Aug 2024 18:50:46 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin, cross-origin
x-ms-request-id
d4b4576e-401e-0044-2543-e44fe6000000
cf-ray
8c806c6a8cd6372f-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
1755
x-ms-blob-type
BlockBlob
server
cloudflare
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 		0
0
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/202407.1.0/ 		451 KB
110 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202407.1.0/otBannerSdk.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
51c8dc48fb49d5df075bf32d6655815cce9440a80bef0458f72a5bb85fa96d4f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://patient.labcorp.com/

Response headers

content-md5
OB5ZPaM1F+xqSvW4fnjknQ==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DCAB84B4C53B13
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
4240
x-content-type-options
nosniff
date
Tue, 24 Sep 2024 05:37:36 GMT
content-type
application/javascript
last-modified
Wed, 24 Jul 2024 02:02:43 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
e9e8bd35-601e-0053-1905-f48f85000000
cf-ray
8c806c6ae8f93600-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
112090
x-ms-blob-type
BlockBlob
server
cloudflare
en.json
cdn.cookielaw.org/consent/fdd7992d-1560-4718-962c-a5ede771f2a3/f7decf9b-3f6d-4798-990c-5f247f56f9ae/ 		103 KB
22 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/fdd7992d-1560-4718-962c-a5ede771f2a3/f7decf9b-3f6d-4798-990c-5f247f56f9ae/en.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202407.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
81b220f5ce6b003b014cc6ec49c228f25a69692981943b520bd2675e133665f7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://patient.labcorp.com/

Response headers

content-md5
Gt7mGk6j4Iuyp3aX2RnJpQ==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
cf-cache-status
HIT
etag
0x8DCB25ADC92DFCC
age
24229
x-ms-lease-status
unlocked
x-content-type-options
nosniff
x-ms-version
2009-09-19
expires
Wed, 25 Sep 2024 05:37:36 GMT
date
Tue, 24 Sep 2024 05:37:36 GMT
content-type
application/json
last-modified
Thu, 01 Aug 2024 18:50:49 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin, cross-origin
x-ms-request-id
611834bd-601e-003e-6743-e425ab000000
cf-ray
8c806c6b9da9372f-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
21960
x-ms-blob-type
BlockBlob
server
cloudflare
otFlat.json
cdn.cookielaw.org/scripttemplates/202407.1.0/assets/ 		13 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202407.1.0/assets/otFlat.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202407.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d890abf66010907c7a0a61236d25c3c98bcb7edec34b13dc887f5be122bfef7e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://patient.labcorp.com/

Response headers

content-md5
Jby9k1ulZUoqHRoLPkzJJA==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DCAB84B133BB3A
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
80395
x-content-type-options
nosniff
date
Tue, 24 Sep 2024 05:37:36 GMT
content-type
application/json
last-modified
Wed, 24 Jul 2024 02:02:37 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
559d1f85-301e-0040-1b06-deba64000000
cf-ray
8c806c6c0e0b372f-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
3003
x-ms-blob-type
BlockBlob
server
cloudflare
otPcCenter.json
cdn.cookielaw.org/scripttemplates/202407.1.0/assets/v2/ 		62 KB
13 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202407.1.0/assets/v2/otPcCenter.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202407.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7dbc72c3f0511495fdf45d42283a246613db44b0906199cef195a773068d822f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://patient.labcorp.com/

Response headers

content-md5
5c9cLQBQ5NMMvDEvN8aWeQ==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DCAB84B285737D
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
55512
x-content-type-options
nosniff
date
Tue, 24 Sep 2024 05:37:36 GMT
content-type
application/json
last-modified
Wed, 24 Jul 2024 02:02:39 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
1984ef37-e01e-00a7-6e06-deaa69000000
cf-ray
8c806c6c0e0c372f-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
12723
x-ms-blob-type
BlockBlob
server
cloudflare
otCommonStyles.css
cdn.cookielaw.org/scripttemplates/202407.1.0/assets/ 		24 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202407.1.0/assets/otCommonStyles.css
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202407.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7c2092048f21074425f3e025db78fb6505f75d6fcf2e121ced055c8d53bcb1b3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://patient.labcorp.com/

Response headers

content-md5
HyPJ72TNHxdfOI82cqKVqA==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
1419
content-encoding
gzip
x-content-type-options
nosniff
date
Tue, 24 Sep 2024 05:37:36 GMT
content-type
text/css
last-modified
Wed, 24 Jul 2024 02:02:48 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
9ad56a07-601e-0017-0f06-f453e9000000
cf-ray
8c806c6c0e0d372f-FRA
access-control-allow-origin
*
x-ms-blob-type
BlockBlob
server
cloudflare
pendo.js
content.patient.pendo.cws.labcorp.com/agent/static/c12c67fa-39b9-4f2b-576b-b1a7e9686dae/ 		476 KB
156 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://content.patient.pendo.cws.labcorp.com/agent/static/c12c67fa-39b9-4f2b-576b-b1a7e9686dae/pendo.js
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/portal/invoices/25674068/Friendly_Reminder
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211e:a00:10:5a95:d240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
UploadServer /
Resource Hash
91db60b953a6a6e12f05ec063e15791e4f30a0af4193a3259ec4f4e0e15aac1b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://patient.labcorp.com/

Response headers

x-goog-metageneration
1
access-control-expose-headers
*
content-encoding
gzip
x-goog-hash
crc32c=2i7+CA==, md5=odW4XpUcAazN1Bd7FJq7jg==
etag
"a1d5b85e951c01accdd4177b149abb8e"
x-goog-stored-content-encoding
gzip
expires
Tue, 24 Sep 2024 05:45:07 GMT
x-goog-stored-content-length
158364
x-cache
RefreshHit from cloudfront
x-amz-cf-id
24wggBvUvGP60lYUXi43UQAkHEmcl6EzdfQU6SmnQFgCwZI7R1Tc0w==
date
Tue, 24 Sep 2024 05:37:37 GMT
content-type
application/javascript; charset=utf-8
last-modified
Thu, 19 Sep 2024 19:13:19 GMT
vary
Accept-Encoding
x-guploader-uploadid
AD-8ljsWLTQF3eAR5jlfFQDwK4Fk2seO7v0ubS9wz9wX6GbssFVNdNIiiEeAQA_bRnx77wcDufw
cache-control
max-age=450
x-goog-storage-class
STANDARD
via
1.1 756f5290bceb9f9b2ec963e0ab326968.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1726773199164869
content-length
158364
x-amz-cf-pop
FRA56-C2
server
UploadServer
source-sans-pro-latin-400-normal.c0d191aa7fb798623030.woff2
patient.labcorp.com/ 		13 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://patient.labcorp.com/source-sans-pro-latin-400-normal.c0d191aa7fb798623030.woff2
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/styles.9b1cf7eda88b17ccaf8e.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.124.69 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-124-69.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0
Security Headers
Name Value
Content-Security-Policy default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://patient.labcorp.com
Referer
https://patient.labcorp.com/

Response headers

x-amz-version-id
_n1VIuZTIa13xHOZlZlt9w7a5N_IBzGQ
etag
"0ad032b3d07aaf33b160ac4799dda40f"
age
79
expect-ct
max-age=0
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
wg0O7rEvJvtEwCPifiEiuZFCbCg_keNImE220LjhXymfCD3v7oCOEQ==
date
Tue, 24 Sep 2024 05:36:18 GMT
content-type
font/woff2
last-modified
Thu, 12 Oct 2023 14:23:06 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
x-dns-prefetch-control
off
referrer-policy
strict-origin
x-download-options
noopen
via
1.1 f54bc880c0d35571a4883f7c10838532.cloudfront.net (CloudFront)
permissions-policy
payment=(*)
accept-ranges
bytes
content-length
13036
x-xss-protection
1; mode=block
x-amz-cf-pop
JFK50-P7
server
AmazonS3
x-amz-server-side-encryption
AES256
environment.json
patient.labcorp.com/assets/ 		1 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://patient.labcorp.com/assets/environment.json
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/polyfills-es2015.b87f0519b1574d0b1ba0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.124.69 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-124-69.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3382eb61d5ed9187fa12fc5c174283070153ba7504352aede417c7c36bc4c910
Security Headers
Name Value
Content-Security-Policy default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://patient.labcorp.com/

Response headers

content-encoding
gzip
x-amz-version-id
G_6W7cUz9FY296g1.9gDfTkgjPCe7fu1
etag
W/"2f9223c66990e09fb74694ebabddf726"
age
581
expect-ct
max-age=0
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
NXAABFciOLIO1CbLCo0vx3wLA-UhrLEL9P8B3drcHq_wVXUwoyohuQ==
date
Tue, 24 Sep 2024 05:27:56 GMT
content-type
application/json
last-modified
Fri, 08 Mar 2024 03:09:36 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
x-dns-prefetch-control
off
referrer-policy
strict-origin
x-download-options
noopen
via
1.1 f54bc880c0d35571a4883f7c10838532.cloudfront.net (CloudFront)
permissions-policy
payment=(*)
x-xss-protection
1; mode=block
x-amz-cf-pop
JFK50-P7
server
AmazonS3
x-amz-server-side-encryption
AES256
version.json
patient.labcorp.com/assets/ 		20 B
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://patient.labcorp.com/assets/version.json
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/polyfills-es2015.b87f0519b1574d0b1ba0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.124.69 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-124-69.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
da983c5cc16eef0aeebf15cd3c0de165efe84261b280c708e7375b552defae7f
Security Headers
Name Value
Content-Security-Policy default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://patient.labcorp.com/

Response headers

x-amz-version-id
FMPAfLOCtyTMpZThBD_jPFKbiyvY7TX2
etag
"71544c4a5b9b0e380a2ccad0c66664aa"
age
2892
expect-ct
max-age=0
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
wYOhw_5IQjDL-FH21oUGKmAW5Z2f1JXyPZk25G1-HoTLhmNFSCnOpw==
date
Tue, 24 Sep 2024 04:49:25 GMT
content-type
application/json
last-modified
Thu, 12 Oct 2023 14:23:12 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
x-dns-prefetch-control
off
referrer-policy
strict-origin
x-download-options
noopen
via
1.1 f54bc880c0d35571a4883f7c10838532.cloudfront.net (CloudFront)
permissions-policy
payment=(*)
accept-ranges
bytes
content-length
20
x-xss-protection
1; mode=block
x-amz-cf-pop
JFK50-P7
server
AmazonS3
x-amz-server-side-encryption
AES256
ot_close.svg
cdn.cookielaw.org/logos/static/ 		651 B
601 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/static/ot_close.svg
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/portal/invoices/25674068/Friendly_Reminder
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://patient.labcorp.com/

Response headers

content-md5
pcXWFGpuVeSg/jVnYCseRg==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
50472
content-encoding
gzip
x-content-type-options
nosniff
date
Tue, 24 Sep 2024 05:37:36 GMT
content-type
image/svg+xml
last-modified
Mon, 23 Sep 2024 06:01:56 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
c50fc515-501e-0097-3cce-0df043000000
cf-ray
8c806c6dbba63600-FRA
access-control-allow-origin
*
x-ms-blob-type
BlockBlob
server
cloudflare
source-sans-pro-latin-600-normal.ba0db8c652c563d236e1.woff2
patient.labcorp.com/ 		13 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://patient.labcorp.com/source-sans-pro-latin-600-normal.ba0db8c652c563d236e1.woff2
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/styles.9b1cf7eda88b17ccaf8e.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.124.69 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-124-69.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
bc9a16cd945457ad9463cdaed95129b01c589466978dfee3d019d9c604b2171a
Security Headers
Name Value
Content-Security-Policy default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://patient.labcorp.com
Referer
https://patient.labcorp.com/

Response headers

x-amz-version-id
9p0xht6SuRJaeJkm4wTVQS8rSA56VfrA
etag
"7cf79fbd1df848510d7352274efc2401"
age
3040
expect-ct
max-age=0
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
72lLst1OnjvMd4HlvZwmnqZNj0uibSHzNMz52_2NDOiDv2xb8Vawxg==
date
Tue, 24 Sep 2024 04:46:57 GMT
content-type
font/woff2
last-modified
Thu, 12 Oct 2023 14:23:12 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
x-dns-prefetch-control
off
referrer-policy
strict-origin
x-download-options
noopen
via
1.1 f54bc880c0d35571a4883f7c10838532.cloudfront.net (CloudFront)
permissions-policy
payment=(*)
accept-ranges
bytes
content-length
13052
x-xss-protection
1; mode=block
x-amz-cf-pop
JFK50-P7
server
AmazonS3
x-amz-server-side-encryption
AES256
source-sans-pro-latin-700-normal.a10519031679e736153a.woff2
patient.labcorp.com/ 		13 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://patient.labcorp.com/source-sans-pro-latin-700-normal.a10519031679e736153a.woff2
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/styles.9b1cf7eda88b17ccaf8e.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.124.69 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-124-69.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7348a2eb48c9a681d6178433394c7037144d85b57ee33a11339d3a33fa1001a4
Security Headers
Name Value
Content-Security-Policy default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://patient.labcorp.com
Referer
https://patient.labcorp.com/

Response headers

x-amz-version-id
kKVVKHrH00gUpnokVF57243qUJBIoex.
etag
"4610010f425c140b99c88b6819ce1c02"
age
785
expect-ct
max-age=0
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
qOajvXVF6_HKtCdIbt0wWURfVBKuPrxVhbzFWiJH87RT5c_Ah06ORw==
date
Tue, 24 Sep 2024 05:36:35 GMT
content-type
font/woff2
last-modified
Thu, 12 Oct 2023 14:23:13 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
x-dns-prefetch-control
off
referrer-policy
strict-origin
x-download-options
noopen
via
1.1 f54bc880c0d35571a4883f7c10838532.cloudfront.net (CloudFront)
permissions-policy
payment=(*)
accept-ranges
bytes
content-length
12924
x-xss-protection
1; mode=block
x-amz-cf-pop
JFK50-P7
server
AmazonS3
x-amz-server-side-encryption
AES256
ot_guard_logo.svg
cdn.cookielaw.org/logos/static/ 		497 B
495 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/polyfills-es2015.b87f0519b1574d0b1ba0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://patient.labcorp.com/

Response headers

content-md5
tXyZydHjxQshFMbbBT1/8A==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
24228
content-encoding
gzip
x-content-type-options
nosniff
date
Tue, 24 Sep 2024 05:37:36 GMT
content-type
image/svg+xml
last-modified
Mon, 23 Sep 2024 16:42:23 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
59a73ea0-f01e-00de-02f5-0dc323000000
cf-ray
8c806c6dcf9c372f-FRA
access-control-allow-origin
*
x-ms-blob-type
BlockBlob
server
cloudflare
LabCorp_logo.PNG
cdn.cookielaw.org/logos/e5fd349f-96f4-4dd6-b798-f27dc03d9f1e/fdd7992d-1560-4718-962c-a5ede771f2a3/9ded174d-efac-4d0f-b391-d9fae174aae0/ 		25 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/e5fd349f-96f4-4dd6-b798-f27dc03d9f1e/fdd7992d-1560-4718-962c-a5ede771f2a3/9ded174d-efac-4d0f-b391-d9fae174aae0/LabCorp_logo.PNG
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/portal/invoices/25674068/Friendly_Reminder
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9a4e0af6397a30500067cf1e08dc26ec4aa597d427a6010777bb74b92675d3f6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://patient.labcorp.com/

Response headers

content-md5
Pp4SvPrkXdiv4L87l3FURA==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
etag
0x8D96E4C3CF7C813
age
76912
cf-cache-status
HIT
x-content-type-options
nosniff
date
Tue, 24 Sep 2024 05:37:36 GMT
content-type
image/png
last-modified
Thu, 02 Sep 2021 19:59:56 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
x-ms-request-id
136c076d-901e-002d-40d5-128af0000000
cf-ray
8c806c6dcbb33600-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
25294
x-ms-blob-type
BlockBlob
server
cloudflare
powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/static/powered_by_logo.svg
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/portal/invoices/25674068/Friendly_Reminder
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://patient.labcorp.com/

Response headers

content-md5
Y+c301RBZNK39PvKQWrIBw==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
19049
content-encoding
gzip
x-content-type-options
nosniff
date
Tue, 24 Sep 2024 05:37:36 GMT
content-type
image/svg+xml
last-modified
Mon, 23 Sep 2024 16:42:24 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
e95127a0-601e-0058-16f3-0d97f1000000
cf-ray
8c806c6dcbb63600-FRA
access-control-allow-origin
*
x-ms-blob-type
BlockBlob
server
cloudflare
environment.json
patient.labcorp.com/assets/ 		1 KB
0 		XHR
General
Check archive.org
Download Go to
Full URL
https://patient.labcorp.com/assets/environment.json
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/polyfills-es2015.b87f0519b1574d0b1ba0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.124.69 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-124-69.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3382eb61d5ed9187fa12fc5c174283070153ba7504352aede417c7c36bc4c910
Security Headers
Name Value
Content-Security-Policy default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
application/json, text/plain, */*
Referer
https://patient.labcorp.com/

Response headers

content-encoding
gzip
x-amz-version-id
G_6W7cUz9FY296g1.9gDfTkgjPCe7fu1
etag
W/"2f9223c66990e09fb74694ebabddf726"
age
581
expect-ct
max-age=0
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
NXAABFciOLIO1CbLCo0vx3wLA-UhrLEL9P8B3drcHq_wVXUwoyohuQ==
date
Tue, 24 Sep 2024 05:27:56 GMT
content-type
application/json
last-modified
Fri, 08 Mar 2024 03:09:36 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-security-policy
default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
x-dns-prefetch-control
off
referrer-policy
strict-origin
x-download-options
noopen
via
1.1 f54bc880c0d35571a4883f7c10838532.cloudfront.net (CloudFront)
permissions-policy
payment=(*)
x-xss-protection
1; mode=block
x-amz-cf-pop
JFK50-P7
server
AmazonS3
x-amz-server-side-encryption
AES256
version.json
patient.labcorp.com/assets/ 		20 B
0 		XHR
General
Check archive.org
Download Go to
Full URL
https://patient.labcorp.com/assets/version.json
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/polyfills-es2015.b87f0519b1574d0b1ba0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.124.69 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-124-69.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
da983c5cc16eef0aeebf15cd3c0de165efe84261b280c708e7375b552defae7f
Security Headers
Name Value
Content-Security-Policy default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
application/json, text/plain, */*
Referer
https://patient.labcorp.com/

Response headers

x-amz-version-id
FMPAfLOCtyTMpZThBD_jPFKbiyvY7TX2
etag
"71544c4a5b9b0e380a2ccad0c66664aa"
age
2892
expect-ct
max-age=0
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
wYOhw_5IQjDL-FH21oUGKmAW5Z2f1JXyPZk25G1-HoTLhmNFSCnOpw==
date
Tue, 24 Sep 2024 04:49:25 GMT
content-type
application/json
last-modified
Thu, 12 Oct 2023 14:23:12 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-security-policy
default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
x-dns-prefetch-control
off
referrer-policy
strict-origin
x-download-options
noopen
via
1.1 f54bc880c0d35571a4883f7c10838532.cloudfront.net (CloudFront)
permissions-policy
payment=(*)
accept-ranges
bytes
content-length
20
x-xss-protection
1; mode=block
x-amz-cf-pop
JFK50-P7
server
AmazonS3
x-amz-server-side-encryption
AES256
metric
portal-api.patient.cws.labcorp.com/guest/guest/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://portal-api.patient.cws.labcorp.com/guest/guest/metric
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.201.20.20 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-201-20-20.compute-1.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-browser-type,x-client-type,x-referrer
Access-Control-Request-Method
POST
Origin
https://patient.labcorp.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Client-Type,X-Browser-Type,X-Referrer,SOURCE
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
https://patient.labcorp.com
access-control-max-age
86400
apigw-requestid
emF1Sg6UoAMEbsQ=
cache-control
public, max-age=86400
content-length
0
date
Tue, 24 Sep 2024 05:37:37 GMT
vary
origin
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
0
launch-1e5a6d56184f.min.js
assets.adobedtm.com/387d64faac89/5521db81ea87/ 		156 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/387d64faac89/5521db81ea87/launch-1e5a6d56184f.min.js
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/main-es2015.42d2465b925a8a837089.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
bd81627dee6ce12ff27097a365d990c3e6d231c80c973794d340aa0dcf081ea6

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://patient.labcorp.com/

Response headers

cache-control
max-age=3600
timing-allow-origin
*
content-encoding
gzip
etag
"49019c870597f980fb366e39c8ea49b9:1683838938.872681"
expires
Tue, 24 Sep 2024 06:37:37 GMT
accept-ranges
bytes
access-control-allow-origin
https://patient.labcorp.com
content-length
41460
date
Tue, 24 Sep 2024 05:37:37 GMT
content-type
application/x-javascript
last-modified
Thu, 11 May 2023 21:02:18 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
metric
portal-api.patient.cws.labcorp.com/guest/guest/ 		0
470 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://portal-api.patient.cws.labcorp.com/guest/guest/metric
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/polyfills-es2015.b87f0519b1574d0b1ba0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.201.20.20 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-201-20-20.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

X-Referrer
BadDebt
Referer
https://patient.labcorp.com/
X-Browser-Type
Chrome
X-Client-Type
Web
Accept
application/json, text/plain, */*
Content-Type
application/json
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control
no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin
*
pragma
no-cache
access-control-allow-credentials
true
x-content-type-options
nosniff
expires
0
x-oneagent-js-injection
true
server-timing
dtRpid;desc="-908064810", dtTao;desc="1", dtSInfo;desc="0"
access-control-allow-origin
https://patient.labcorp.com
apigw-requestid
emF1Vgg-IAMEVdg=
date
Tue, 24 Sep 2024 05:37:37 GMT
x-xss-protection
0
x-frame-options
DENY
0-es2015.9b220ddd87cd79b70237.js
patient.labcorp.com/ 		69 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://patient.labcorp.com/0-es2015.9b220ddd87cd79b70237.js
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/runtime-es2015.276d3f7e7efc286fcea2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.124.69 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-124-69.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
598e70b8ab9822dfe1b7427c5e46b405beea47a0aa1b21cab9f702431ace7e5e
Security Headers
Name Value
Content-Security-Policy default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://patient.labcorp.com/

Response headers

content-encoding
gzip
x-amz-version-id
VBsVqzR427DLL9UIycCB1q2ZVLrpfY1u
etag
W/"04cb553830d45e7a658c1cf68873c0ec"
age
2798
expect-ct
max-age=0
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
armuqawOm8udi3__MaFaBsElVLqBnjhL2mmqgWlLIlsWW7uFxxKtJg==
date
Tue, 24 Sep 2024 04:51:00 GMT
content-type
application/javascript
last-modified
Fri, 09 Aug 2024 04:22:00 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
x-dns-prefetch-control
off
referrer-policy
strict-origin
x-download-options
noopen
via
1.1 f54bc880c0d35571a4883f7c10838532.cloudfront.net (CloudFront)
permissions-policy
payment=(*)
x-xss-protection
1; mode=block
x-amz-cf-pop
JFK50-P7
server
AmazonS3
x-amz-server-side-encryption
AES256
2-es2015.4e237e00c360f23435ae.js
patient.labcorp.com/ 		338 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://patient.labcorp.com/2-es2015.4e237e00c360f23435ae.js
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/runtime-es2015.276d3f7e7efc286fcea2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.124.69 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-124-69.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
0078ac859f3df394db9612ec74e940083b6ddecd4fd2fd8423734a98c7e1e69a
Security Headers
Name Value
Content-Security-Policy default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://patient.labcorp.com/

Response headers

content-encoding
gzip
x-amz-version-id
ZOG36BFq3ktB7PmnfU_vBQ1YQIme2E3T
etag
W/"2f19fd057dfdac7537433326aa16a327"
age
2070
expect-ct
max-age=0
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
l6_4dKmiCEVhSa9gPFgRe8Ulyxyg8ckqJQH_CAv98wNFFDZqP9IYXA==
date
Tue, 24 Sep 2024 05:03:08 GMT
content-type
application/javascript
last-modified
Fri, 09 Aug 2024 04:22:01 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
x-dns-prefetch-control
off
referrer-policy
strict-origin
x-download-options
noopen
via
1.1 f54bc880c0d35571a4883f7c10838532.cloudfront.net (CloudFront)
permissions-policy
payment=(*)
x-xss-protection
1; mode=block
x-amz-cf-pop
JFK50-P7
server
AmazonS3
x-amz-server-side-encryption
AES256
4-es2015.e806dfa4225b7aefd26c.js
patient.labcorp.com/ 		69 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://patient.labcorp.com/4-es2015.e806dfa4225b7aefd26c.js
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/runtime-es2015.276d3f7e7efc286fcea2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.124.69 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-124-69.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ad9fc4df986eb6fe43fc1a97d3287f18c3fbc90d93cdadd176ccf171544a664a
Security Headers
Name Value
Content-Security-Policy default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://patient.labcorp.com/

Response headers

content-encoding
gzip
x-amz-version-id
b4fmdN9KiVojqdo4c.Z0j1Wtp4ddVIKz
etag
W/"c21236560a97cd1f9f41be235f931143"
age
63
expect-ct
max-age=0
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
56ppQ08s6K4B1EgMNBpwvCXg8rteXlJr59fcLx9hS9FuYriVMvkEMQ==
date
Tue, 24 Sep 2024 05:36:35 GMT
content-type
application/javascript
last-modified
Fri, 09 Aug 2024 04:22:00 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
x-dns-prefetch-control
off
referrer-policy
strict-origin
x-download-options
noopen
via
1.1 f54bc880c0d35571a4883f7c10838532.cloudfront.net (CloudFront)
permissions-policy
payment=(*)
x-xss-protection
1; mode=block
x-amz-cf-pop
JFK50-P7
server
AmazonS3
x-amz-server-side-encryption
AES256
6-es2015.359e1b146409a1dba722.js
patient.labcorp.com/ 		375 KB
85 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://patient.labcorp.com/6-es2015.359e1b146409a1dba722.js
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/runtime-es2015.276d3f7e7efc286fcea2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.124.69 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-124-69.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d459032ea415a5eeb2bead0a064d0241fa22e71c49c8222e0318a1bc3c9a0317
Security Headers
Name Value
Content-Security-Policy default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://patient.labcorp.com/

Response headers

content-encoding
gzip
x-amz-version-id
BscA_KMJpvobdZo96Eqj2DT_K81BW2QG
etag
W/"bd09e35cf97ff827888cb5ffbc9deda3"
age
1553
expect-ct
max-age=0
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
OSRuRKWIvaVwOiS-UpRCPa-mM0Qf-TEjojpVHJn_4xx3X2Yh7hbWSw==
date
Tue, 24 Sep 2024 05:11:45 GMT
content-type
application/javascript
last-modified
Fri, 09 Aug 2024 04:22:01 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
x-dns-prefetch-control
off
referrer-policy
strict-origin
x-download-options
noopen
via
1.1 f54bc880c0d35571a4883f7c10838532.cloudfront.net (CloudFront)
permissions-policy
payment=(*)
x-xss-protection
1; mode=block
x-amz-cf-pop
JFK50-P7
server
AmazonS3
x-amz-server-side-encryption
AES256
material-icons.0c35d18bf06992036b69.woff2
patient.labcorp.com/ 		125 KB
128 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://patient.labcorp.com/material-icons.0c35d18bf06992036b69.woff2
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/styles.9b1cf7eda88b17ccaf8e.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.124.69 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-124-69.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1
Security Headers
Name Value
Content-Security-Policy default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://patient.labcorp.com
Referer
https://patient.labcorp.com/

Response headers

x-amz-version-id
i0o6HPgcSnLygXHi.HNI1hSD4rJOW23D
etag
"53436aca8627a49f4deaaa44dc9e3c05"
age
2923
expect-ct
max-age=0
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
8iUCMa4F53H3vKWCHVjrpQb0e714v9cShIu7hzgC2Kwh601YX_cYIA==
date
Tue, 24 Sep 2024 04:48:55 GMT
content-type
font/woff2
last-modified
Thu, 12 Oct 2023 14:23:14 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
x-dns-prefetch-control
off
referrer-policy
strict-origin
x-download-options
noopen
via
1.1 f54bc880c0d35571a4883f7c10838532.cloudfront.net (CloudFront)
permissions-policy
payment=(*)
accept-ranges
bytes
content-length
128352
x-xss-protection
1; mode=block
x-amz-cf-pop
JFK50-P7
server
AmazonS3
x-amz-server-side-encryption
AES256
me
login-patient.labcorp.com/api/v1/sessions/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://login-patient.labcorp.com/api/v1/sessions/me
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.49.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ad3225ce0e27ecc67.awsglobalaccelerator.com
Software
nginx /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com; connect-src 'self' labcorp.okta.com labcorp-admin.okta.com login-patient.labcorp.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com labcorp.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com; style-src 'unsafe-inline' 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com; frame-src 'self' labcorp.okta.com labcorp-admin.okta.com login-patient.labcorp.com login.okta.com *.vidyard.com https://patient.labcorp.com com-okta-authenticator:; img-src 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' labcorp.okta.com login-patient.labcorp.com data: *.oktacdn.com fonts.gstatic.com
Strict-Transport-Security max-age=315360000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-okta-user-agent-extended
Access-Control-Request-Method
GET
Origin
https://patient.labcorp.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Connection
Keep-Alive
Content-Length
0
Date
Tue, 24 Sep 2024 05:37:37 GMT
Keep-Alive
timeout=5, max=100
Server
nginx
Strict-Transport-Security
max-age=315360000; includeSubDomains
accept-ch
Sec-CH-UA-Platform-Version
access-control-allow-credentials
true
access-control-allow-headers
content-type,x-okta-user-agent-extended,Content-Type
access-control-allow-methods
DELETE, GET, OPTIONS
access-control-allow-origin
https://patient.labcorp.com
access-control-max-age
3600
allow
GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
cache-control
no-cache, no-store
content-security-policy
default-src 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com; connect-src 'self' labcorp.okta.com labcorp-admin.okta.com login-patient.labcorp.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com labcorp.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com; style-src 'unsafe-inline' 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com; frame-src 'self' labcorp.okta.com labcorp-admin.okta.com login-patient.labcorp.com login.okta.com *.vidyard.com https://patient.labcorp.com com-okta-authenticator:; img-src 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' labcorp.okta.com login-patient.labcorp.com data: *.oktacdn.com fonts.gstatic.com
content-security-policy-report-only
default-src 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com; connect-src 'self' labcorp.okta.com labcorp-admin.okta.com login-patient.labcorp.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com labcorp.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com; style-src 'unsafe-inline' 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com; frame-src 'self' labcorp.okta.com labcorp-admin.okta.com login-patient.labcorp.com login.okta.com *.vidyard.com https://patient.labcorp.com com-okta-authenticator:; img-src 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' labcorp.okta.com login-patient.labcorp.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self'
expires
0
p3p
CP="HONK"
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
vary
Origin
x-okta-request-id
ZvJQIT4HFVVgjgrMhfeWVAAACJc
x-rate-limit-limit
10000
x-rate-limit-remaining
9973
x-rate-limit-reset
1727156291
x-xss-protection
0
me
login-patient.labcorp.com/api/v1/sessions/ 		174 B
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://login-patient.labcorp.com/api/v1/sessions/me
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/polyfills-es2015.b87f0519b1574d0b1ba0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.49.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ad3225ce0e27ecc67.awsglobalaccelerator.com
Software
nginx /
Resource Hash
ff540875effb031e6b92aacd20db7540f9eaab71f617597b371b3e007f393092
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

X-Okta-User-Agent-Extended
okta-auth-js/7.5.0
Referer
https://patient.labcorp.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
application/json
Content-Type
application/json

Response headers

Content-Encoding
gzip
x-rate-limit-limit
600
x-content-type-options
nosniff
expires
0
p3p
CP="HONK"
Keep-Alive
timeout=5, max=100
Date
Tue, 24 Sep 2024 05:37:38 GMT
x-rate-limit-remaining
548
Content-Type
application/json
Vary
Accept-Encoding,Origin
x-okta-request-id
ZvJQIrUg6zwSJznBAn1xoQAACL4
access-control-allow-headers
Content-Type
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=315360000; includeSubDomains
cache-control
no-cache, no-store
x-rate-limit-reset
1727156271
pragma
no-cache
accept-ch
Sec-CH-UA-Platform-Version
Connection
Keep-Alive
access-control-allow-credentials
true
content-security-policy-report-only
default-src 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com; connect-src 'self' labcorp.okta.com labcorp-admin.okta.com login-patient.labcorp.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com labcorp.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com; style-src 'unsafe-inline' 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com; frame-src 'self' labcorp.okta.com labcorp-admin.okta.com login-patient.labcorp.com login.okta.com *.vidyard.com https://patient.labcorp.com com-okta-authenticator:; img-src 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' labcorp.okta.com login-patient.labcorp.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self'
referrer-policy
strict-origin-when-cross-origin
access-control-allow-origin
https://patient.labcorp.com
x-xss-protection
0
Server
nginx
id
dpm.demdex.net/ 		366 B
918 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=B2CC6D25615AB18E0A495EA4%40AdobeOrg&d_nsid=0&ts=1727156257248
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/polyfills-es2015.b87f0519b1574d0b1ba0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.49.164.251 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-49-164-251.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
f9e0650a29aa45383610f5e67bf0e464fd98f538195a12508f1e6d05cbedc14d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Referer
https://patient.labcorp.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
dcs
dcs-prod-irl1-2-v065-003bdeb2b.edge-irl1.demdex.com 2 ms
content-encoding
gzip
pragma
no-cache
access-control-allow-credentials
true
x-tid
1+ZorOJlQTg=
expires
Thu, 01 Jan 1970 00:00:00 UTC
access-control-allow-origin
https://patient.labcorp.com
content-length
310
p3p
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
date
Tue, 24 Sep 2024 05:37:37 GMT
content-type
application/json;charset=utf-8
vary
Origin
AppMeasurement.min.js
assets.adobedtm.com/extensions/EPbf7b42aa08bc4f10879b1484195e80d1/ 		34 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/extensions/EPbf7b42aa08bc4f10879b1484195e80d1/AppMeasurement.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/387d64faac89/5521db81ea87/launch-1e5a6d56184f.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:587::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
d6d01246a30e9d483531c27721f73f266fa4af35effdb21683ac02a620ab8aaf

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://patient.labcorp.com/

Response headers

cache-control
no-cache
timing-allow-origin
*
content-encoding
gzip
etag
"dfdd9e1f988805f0c2fbb10cd6b8f034:1663863409.614694"
expires
Tue, 24 Sep 2024 06:37:37 GMT
accept-ranges
bytes
access-control-allow-origin
https://patient.labcorp.com
content-length
12384
date
Tue, 24 Sep 2024 05:37:37 GMT
content-type
application/x-javascript
last-modified
Thu, 22 Sep 2022 16:16:49 GMT
server
AkamaiNetStorage
vary
Accept-Encoding
favicon.ico
patient.labcorp.com/ 		104 KB
107 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://patient.labcorp.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.124.69 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-124-69.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d5f5e3a11b1241426353d5a508c948379146e5d2ac6257f3c48f9a13fdd372d1
Security Headers
Name Value
Content-Security-Policy default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://patient.labcorp.com/

Response headers

x-amz-version-id
Y2awls1D8Svzqz692GP9DLUgSsFfrdm2
etag
"4081f691bc6ae15008f13647fb7e2c73"
age
1669
expect-ct
max-age=0
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
Yzb5_jiGmPCkK3uvglMUhHJE__j8KoALWwCoHa3NODZX0PjxnlKx0g==
date
Tue, 24 Sep 2024 05:09:49 GMT
content-type
image/vnd.microsoft.icon
last-modified
Thu, 12 Oct 2023 14:23:14 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
x-dns-prefetch-control
off
referrer-policy
strict-origin
x-download-options
noopen
via
1.1 f54bc880c0d35571a4883f7c10838532.cloudfront.net (CloudFront)
permissions-policy
payment=(*)
accept-ranges
bytes
content-length
106614
x-xss-protection
1; mode=block
x-amz-cf-pop
JFK50-P7
server
AmazonS3
x-amz-server-side-encryption
AES256
dest5.html
labcorp.demdex.net/ Frame C8D1 		0
0
ibs:dpid=411&dpuuid=ZvJQIQAAADYwWgO5
dpm.demdex.net/
Redirect Chain
  • https://cm.everesttech.net/cm/dd?d_uuid=11103051434037251421310069975955269310
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZvJQIQAAADYwWgO5
42 B
717 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZvJQIQAAADYwWgO5
Protocol
H2
Server
52.49.164.251 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-49-164-251.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://patient.labcorp.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
dcs
dcs-prod-irl1-2-v065-003bdeb2b.edge-irl1.demdex.com 2 ms
content-encoding
gzip
pragma
no-cache
x-content-type-options
nosniff
x-tid
jFMDHjdVRrU=
expires
Thu, 01 Jan 1970 00:00:00 UTC
content-length
59
p3p
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
date
Tue, 24 Sep 2024 05:37:37 GMT
content-type
image/gif

Redirect headers

Cache-Control
no-cache
Location
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZvJQIQAAADYwWgO5
P3P
CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Content-Length
0
Date
Tue, 24 Sep 2024 05:37:37 GMT
Connection
keep-alive
Server
AMO-cookiemap/1.1
openid-configuration
login-patient.labcorp.com/oauth2/default/.well-known/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://login-patient.labcorp.com/oauth2/default/.well-known/openid-configuration
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.49.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ad3225ce0e27ecc67.awsglobalaccelerator.com
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-okta-user-agent-extended
Access-Control-Request-Method
GET
Origin
https://patient.labcorp.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
content-type,x-okta-user-agent-extended
Access-Control-Allow-Methods
GET, OPTIONS
Access-Control-Allow-Origin
https://patient.labcorp.com
Access-Control-Max-Age
3600
Connection
Keep-Alive
Content-Length
0
Content-Type
application/octet-stream
Date
Tue, 24 Sep 2024 05:37:38 GMT
Keep-Alive
timeout=5, max=99
Server
nginx
Strict-Transport-Security
max-age=315360000; includeSubDomains
Vary
Origin
X-Okta-Request-Id
ZvJQIj4HFVVgjgrMhfeWVwAACJc
openid-configuration
login-patient.labcorp.com/oauth2/default/.well-known/ 		3 KB
6 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://login-patient.labcorp.com/oauth2/default/.well-known/openid-configuration
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/polyfills-es2015.b87f0519b1574d0b1ba0.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.49.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ad3225ce0e27ecc67.awsglobalaccelerator.com
Software
nginx /
Resource Hash
e63c3fa1b2c3ebaea1683722714f25b7c98cf4dff2906307f00c8a6398be5345
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

X-Okta-User-Agent-Extended
okta-auth-js/7.5.0 @okta/okta-angular/5.3.0 Angular/11.2.8
Referer
https://patient.labcorp.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
application/json
Content-Type
application/json

Response headers

x-content-type-options
nosniff
expires
Wed, 25 Sep 2024 05:37:38 GMT
p3p
CP="HONK"
Keep-Alive
timeout=5, max=98
Date
Tue, 24 Sep 2024 05:37:38 GMT
Content-Type
application/json
vary
Origin
X-Okta-Request-Id
ZvJQIj4HFVVgjgrMhfeWWAAACJc
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=315360000; includeSubDomains
cache-control
max-age=86400, must-revalidate
accept-ch
Sec-CH-UA-Platform-Version
Connection
Keep-Alive
Access-Control-Allow-Credentials
true
referrer-policy
strict-origin-when-cross-origin
content-security-policy-report-only
default-src 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com; connect-src 'self' labcorp.okta.com labcorp-admin.okta.com login-patient.labcorp.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com labcorp.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com; style-src 'unsafe-inline' 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com; frame-src 'self' labcorp.okta.com labcorp-admin.okta.com login-patient.labcorp.com login.okta.com *.vidyard.com https://patient.labcorp.com com-okta-authenticator:; img-src 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' labcorp.okta.com login-patient.labcorp.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self'
Access-Control-Allow-Origin
https://patient.labcorp.com
x-xss-protection
0
Server
nginx
Primary Request authorize
login-patient.labcorp.com/oauth2/default/v1/ 		57 KB
20 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://login-patient.labcorp.com/oauth2/default/v1/authorize?client_id=0oaympyx2kMM41A140x7&code_challenge=dJF-tuQspYPtjFaifaozn9KLOqpB4DyiXRsvcsdrO9E&code_challenge_method=S256&nonce=fOwhqwwPJdwxLkxrE0U7fhZqFn1KRrgI4WqGsP2cPRyzdUD0HT4Bd8ONHEVYLAIh&redirect_uri=https%3A%2F%2Fpatient.labcorp.com%2Fcallback&response_type=code&state=xYkdbz7SIr80Wt70D2V4iwGKGqNSWByhqe4SNQHG4ZF7XsyM86fMx1SW1EdLlyes&scope=openid%20email%20profile
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/main-es2015.42d2465b925a8a837089.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.49.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ad3225ce0e27ecc67.awsglobalaccelerator.com
Software
nginx /
Resource Hash
55b0c7e311d0045718dc318adc02d0b555adb196750c9abe16d36e8bf5f78d98
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://patient.labcorp.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Connection
Keep-Alive
Content-Encoding
gzip
Content-Type
text/html;charset=utf-8
Date
Tue, 24 Sep 2024 05:37:38 GMT
Keep-Alive
timeout=5, max=99
Server
nginx
Strict-Transport-Security
max-age=315360000; includeSubDomains
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Robots-Tag
noindex,nofollow
accept-ch
Sec-CH-UA-Platform-Version
cache-control
no-cache, no-store
content-language
de
content-security-policy-report-only
default-src 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com; connect-src 'self' labcorp.okta.com labcorp-admin.okta.com login-patient.labcorp.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com labcorp.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com; style-src 'unsafe-inline' 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com; frame-src 'self' labcorp.okta.com labcorp-admin.okta.com login-patient.labcorp.com login.okta.com *.vidyard.com https://patient.labcorp.com com-okta-authenticator:; img-src 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' labcorp.okta.com login-patient.labcorp.com data: *.oktacdn.com fonts.gstatic.com
expires
0
p3p
CP="HONK"
pragma
no-cache
referrer-policy
no-referrer
x-content-type-options
nosniff
x-okta-request-id
ZvJQIrUg6zwSJznBAn1xowAACL4
x-rate-limit-limit
1200
x-rate-limit-remaining
1139
x-rate-limit-reset
1727156259
x-ua-compatible
IE=edge
x-xss-protection
0
css2
fonts.googleapis.com/ 		15 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Source+Code+Pro:wght@400;500;600;700;800;900&display=swap
Requested by
Host: login-patient.labcorp.com
URL: https://login-patient.labcorp.com/oauth2/default/v1/authorize?client_id=0oaympyx2kMM41A140x7&code_challenge=dJF-tuQspYPtjFaifaozn9KLOqpB4DyiXRsvcsdrO9E&code_challenge_method=S256&nonce=fOwhqwwPJdwxLkxrE0U7fhZqFn1KRrgI4WqGsP2cPRyzdUD0HT4Bd8ONHEVYLAIh&redirect_uri=https%3A%2F%2Fpatient.labcorp.com%2Fcallback&response_type=code&state=xYkdbz7SIr80Wt70D2V4iwGKGqNSWByhqe4SNQHG4ZF7XsyM86fMx1SW1EdLlyes&scope=openid%20email%20profile
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
95fb6498771046c09267492685c3392371cbb93a83339622be7bd3b17b551bbb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Tue, 24 Sep 2024 05:37:38 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 24 Sep 2024 05:37:38 GMT
content-type
text/css; charset=utf-8
last-modified
Tue, 24 Sep 2024 05:37:38 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
okta-sign-in.min.js
ok2static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.23.0/js/ 		2 MB
495 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ok2static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.23.0/js/okta-sign-in.min.js
Requested by
Host: login-patient.labcorp.com
URL: https://login-patient.labcorp.com/oauth2/default/v1/authorize?client_id=0oaympyx2kMM41A140x7&code_challenge=dJF-tuQspYPtjFaifaozn9KLOqpB4DyiXRsvcsdrO9E&code_challenge_method=S256&nonce=fOwhqwwPJdwxLkxrE0U7fhZqFn1KRrgI4WqGsP2cPRyzdUD0HT4Bd8ONHEVYLAIh&redirect_uri=https%3A%2F%2Fpatient.labcorp.com%2Fcallback&response_type=code&state=xYkdbz7SIr80Wt70D2V4iwGKGqNSWByhqe4SNQHG4ZF7XsyM86fMx1SW1EdLlyes&scope=openid%20email%20profile
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-88.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
a6aeffa6028654ed56faee45fdbeb0176c2b355a5cce9ff9cd0f3f474bfcf7b3
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://login-patient.labcorp.com
Referer

Response headers

content-encoding
gzip
etag
W/"3a6be119197020ddf37db1d7072bcc60"
age
450254
expires
Fri, 19 Sep 2025 00:33:24 GMT
x-cache
Hit from cloudfront
x-amz-cf-id
S29GaNHi3_re_rW-AYIuyIO0SHrduMN7erQ1Ad7XKE76mzragCBNjQ==
date
Thu, 19 Sep 2024 00:33:24 GMT
content-type
application/javascript
last-modified
Wed, 18 Sep 2024 23:58:36 GMT
vary
Accept-Encoding
strict-transport-security
max-age=315360000; includeSubDomains
cache-control
max-age=31536000, public,max-age=31536000,s-maxage=1814400
via
1.1 13ad77f5993668d67b8168f460ba6368.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-amz-meta-sha1sum
abcef1287a58c8c9825385181b0e96d24bebe6cd
x-amz-cf-pop
FRA60-P6
server
nginx
okta-sign-in.min.css
ok2static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.23.0/css/ 		218 KB
37 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ok2static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.23.0/css/okta-sign-in.min.css
Requested by
Host: login-patient.labcorp.com
URL: https://login-patient.labcorp.com/oauth2/default/v1/authorize?client_id=0oaympyx2kMM41A140x7&code_challenge=dJF-tuQspYPtjFaifaozn9KLOqpB4DyiXRsvcsdrO9E&code_challenge_method=S256&nonce=fOwhqwwPJdwxLkxrE0U7fhZqFn1KRrgI4WqGsP2cPRyzdUD0HT4Bd8ONHEVYLAIh&redirect_uri=https%3A%2F%2Fpatient.labcorp.com%2Fcallback&response_type=code&state=xYkdbz7SIr80Wt70D2V4iwGKGqNSWByhqe4SNQHG4ZF7XsyM86fMx1SW1EdLlyes&scope=openid%20email%20profile
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-88.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
0978fdc6a0855dfb6f56510fb5718aec2a109a949fb3adb2bba5e3db61b5a4d3
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://login-patient.labcorp.com
Referer

Response headers

content-encoding
gzip
etag
W/"fd9542de7caa40fe46598a876b894ded"
age
450254
expires
Fri, 19 Sep 2025 00:33:24 GMT
x-cache
Hit from cloudfront
x-amz-cf-id
cKWkLNCLSZwalaXaKNrM-QyWd54N-kzEMuJOTbRBWivn5NiBfiFJTA==
date
Thu, 19 Sep 2024 00:33:24 GMT
content-type
text/css
last-modified
Wed, 18 Sep 2024 23:57:28 GMT
vary
Accept-Encoding
strict-transport-security
max-age=315360000; includeSubDomains
cache-control
max-age=31536000, public,max-age=31536000,s-maxage=1814400
via
1.1 13ad77f5993668d67b8168f460ba6368.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-amz-meta-sha1sum
8252ba0e11594a1922fc7865e7dab57853f97a3c
x-amz-cf-pop
FRA60-P6
server
nginx
custom-signin.a91af2abfd04662e499bd3e151150dbf.css
ok2static.oktacdn.com/assets/loginpage/css/ 		6 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ok2static.oktacdn.com/assets/loginpage/css/custom-signin.a91af2abfd04662e499bd3e151150dbf.css
Requested by
Host: login-patient.labcorp.com
URL: https://login-patient.labcorp.com/oauth2/default/v1/authorize?client_id=0oaympyx2kMM41A140x7&code_challenge=dJF-tuQspYPtjFaifaozn9KLOqpB4DyiXRsvcsdrO9E&code_challenge_method=S256&nonce=fOwhqwwPJdwxLkxrE0U7fhZqFn1KRrgI4WqGsP2cPRyzdUD0HT4Bd8ONHEVYLAIh&redirect_uri=https%3A%2F%2Fpatient.labcorp.com%2Fcallback&response_type=code&state=xYkdbz7SIr80Wt70D2V4iwGKGqNSWByhqe4SNQHG4ZF7XsyM86fMx1SW1EdLlyes&scope=openid%20email%20profile
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-88.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
a1566688dd7e6e7cdce8dd2634ac42a7d939f0f9ee471a8d79b9a9e7f956e4d0
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://login-patient.labcorp.com
Referer

Response headers

content-encoding
gzip
etag
W/"a91af2abfd04662e499bd3e151150dbf"
age
622606
expires
Wed, 17 Sep 2025 00:40:52 GMT
x-cache
Hit from cloudfront
x-amz-cf-id
uTKM-GfDSQzv0abM82LZ6M_jTcybO2ofLhyiH8ixBmsQ7mTEeUvnBA==
date
Tue, 17 Sep 2024 00:40:52 GMT
content-type
text/css
last-modified
Tue, 06 Aug 2024 22:53:46 GMT
vary
Accept-Encoding
strict-transport-security
max-age=315360000; includeSubDomains
cache-control
max-age=31536000, public,max-age=31536000,s-maxage=1814400
via
1.1 13ad77f5993668d67b8168f460ba6368.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-amz-meta-sha1sum
411f2a1669354e6e50ec0fe8def6481fd6ca8daf
x-amz-cf-pop
FRA60-P6
server
nginx
fs0103mwup3iatbnT0x8
ok2static.oktacdn.com/fs/bco/1/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ok2static.oktacdn.com/fs/bco/1/fs0103mwup3iatbnT0x8
Requested by
Host: login-patient.labcorp.com
URL: https://login-patient.labcorp.com/oauth2/default/v1/authorize?client_id=0oaympyx2kMM41A140x7&code_challenge=dJF-tuQspYPtjFaifaozn9KLOqpB4DyiXRsvcsdrO9E&code_challenge_method=S256&nonce=fOwhqwwPJdwxLkxrE0U7fhZqFn1KRrgI4WqGsP2cPRyzdUD0HT4Bd8ONHEVYLAIh&redirect_uri=https%3A%2F%2Fpatient.labcorp.com%2Fcallback&response_type=code&state=xYkdbz7SIr80Wt70D2V4iwGKGqNSWByhqe4SNQHG4ZF7XsyM86fMx1SW1EdLlyes&scope=openid%20email%20profile
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-88.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
4993f870aca3106a39c8d70a32ac0ecdc4ad8370dbbfa0bafaf61f2a7f9024ed
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

etag
"c861e01afba3dfefc5bcc04de6a1a796"
age
586584
expires
Wed, 17 Sep 2025 10:41:14 GMT
x-cache
Hit from cloudfront
x-amz-cf-id
H0er_h1Nwy2q-o7pFUqWPlZCU1hsfv9RdZfxZ1QfsxMsLG4BsZQNnA==
date
Tue, 17 Sep 2024 10:41:14 GMT
content-type
image/png
last-modified
Thu, 22 Jun 2023 04:57:11 GMT
strict-transport-security
max-age=315360000; includeSubDomains
cache-control
max-age=31536000, public,max-age=31536000,s-maxage=1814400
via
1.1 e221f111ed3ebc025b531e81056d37a4.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
6018
x-amz-cf-pop
FRA60-P6
server
nginx
initLoginPage.pack.58de3be0c9b511a0fdfd7ea4f69b56fc.js
ok2static.oktacdn.com/assets/js/mvc/loginpage/ 		204 KB
76 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ok2static.oktacdn.com/assets/js/mvc/loginpage/initLoginPage.pack.58de3be0c9b511a0fdfd7ea4f69b56fc.js
Requested by
Host:
URL: OktaUtil.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-88.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
6a6c595fcf3a6c74bf3509f160ba34b78a8a3eb92ecaf290412c46679576d3ed
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://login-patient.labcorp.com
Referer

Response headers

content-encoding
gzip
etag
W/"58de3be0c9b511a0fdfd7ea4f69b56fc"
age
1631731
expires
Fri, 05 Sep 2025 08:22:08 GMT
x-cache
Hit from cloudfront
x-amz-cf-id
wq_09zoOlAuF2W7ZsCzpbGEhKsuYxk-LttQeHjtczcw-Srmc8yCRlg==
date
Thu, 05 Sep 2024 08:22:08 GMT
content-type
application/javascript
last-modified
Thu, 09 Nov 2023 00:18:35 GMT
vary
Accept-Encoding
strict-transport-security
max-age=315360000; includeSubDomains
cache-control
max-age=31536000, public,max-age=31536000,s-maxage=1814400
via
1.1 13ad77f5993668d67b8168f460ba6368.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-amz-meta-sha1sum
91eca02abf11239ec4af7a30b1da6e2610f1b9a6
x-amz-cf-pop
FRA60-P6
server
nginx
fs0103mwupk8BAYDo0x8
ok2static.oktacdn.com/fs/bco/7/ 		32 KB
32 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ok2static.oktacdn.com/fs/bco/7/fs0103mwupk8BAYDo0x8
Requested by
Host: login-patient.labcorp.com
URL: https://login-patient.labcorp.com/oauth2/default/v1/authorize?client_id=0oaympyx2kMM41A140x7&code_challenge=dJF-tuQspYPtjFaifaozn9KLOqpB4DyiXRsvcsdrO9E&code_challenge_method=S256&nonce=fOwhqwwPJdwxLkxrE0U7fhZqFn1KRrgI4WqGsP2cPRyzdUD0HT4Bd8ONHEVYLAIh&redirect_uri=https%3A%2F%2Fpatient.labcorp.com%2Fcallback&response_type=code&state=xYkdbz7SIr80Wt70D2V4iwGKGqNSWByhqe4SNQHG4ZF7XsyM86fMx1SW1EdLlyes&scope=openid%20email%20profile
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-88.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
f71321a443d2c952d2926082caf12cf8935b3d17e85e97140f2471432601a23e
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://login-patient.labcorp.com/

Response headers

etag
"38c13e119415e4b7237335fddd745bdd"
age
1622357
expires
Fri, 05 Sep 2025 10:58:22 GMT
x-cache
Hit from cloudfront
x-amz-cf-id
6jt_V3rxZmfJCDANZz855T5K5ycbu3gHy9-3MyyDyM5fBpy3_HEd5g==
date
Thu, 05 Sep 2024 10:58:22 GMT
content-type
image/jpeg
last-modified
Thu, 22 Jun 2023 04:57:11 GMT
strict-transport-security
max-age=315360000; includeSubDomains
cache-control
max-age=31536000, public,max-age=31536000,s-maxage=1814400
via
1.1 e221f111ed3ebc025b531e81056d37a4.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
32351
x-amz-cf-pop
FRA60-P6
server
nginx
login_de.json
ok2static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.23.0/labels/json/ 		116 KB
116 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ok2static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.23.0/labels/json/login_de.json
Requested by
Host: ok2static.oktacdn.com
URL: https://ok2static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.23.0/js/okta-sign-in.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-88.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
d1052ee84460c9422cd7466310f6683e1838fd93cf22bda26dbbfcb0e109b5c9
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
accept
application/json
content-type
text/plain

Response headers

etag
"09a8a847ec7a485a6652f564bc614076"
age
448942
expires
Fri, 19 Sep 2025 00:55:17 GMT
x-cache
Hit from cloudfront
x-amz-cf-id
EJPOz1JNDZDUCE7_YOtYCbLhlGxy363OXZ_Jb579-CIGtc-Dxh1CnA==
date
Thu, 19 Sep 2024 00:55:17 GMT
content-type
application/json
last-modified
Wed, 18 Sep 2024 23:58:42 GMT
strict-transport-security
max-age=315360000; includeSubDomains
cache-control
max-age=31536000, public,max-age=31536000,s-maxage=1814400
via
1.1 13ad77f5993668d67b8168f460ba6368.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
x-amz-meta-sha1sum
c15efb1349bf8673f1c715c4c9a936b1d76ff3c5
content-length
118342
x-amz-cf-pop
FRA60-P6
server
nginx
country_de.json
ok2static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.23.0/labels/json/ 		5 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ok2static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.23.0/labels/json/country_de.json
Requested by
Host: ok2static.oktacdn.com
URL: https://ok2static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.23.0/js/okta-sign-in.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-88.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
e540549c5ee85d139a6590536daf86400fccd811ebc9d5b714794efe1e34b897
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
accept
application/json
content-type
text/plain

Response headers

etag
"51bec6463b4f7c5a26ede1fd8ee067f8"
age
448942
expires
Fri, 19 Sep 2025 00:55:17 GMT
x-cache
Hit from cloudfront
x-amz-cf-id
rLpNqEOiniq2CtFRaOSMfLissQ9yueuM9CEYfvBcGjBJDU5whWEMLg==
date
Thu, 19 Sep 2024 00:55:17 GMT
content-type
application/json
last-modified
Wed, 18 Sep 2024 23:58:41 GMT
strict-transport-security
max-age=315360000; includeSubDomains
cache-control
max-age=31536000, public,max-age=31536000,s-maxage=1814400
via
1.1 13ad77f5993668d67b8168f460ba6368.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
x-amz-meta-sha1sum
251dd1ccca4c80570aee52db71eed703ac579ad8
content-length
4805
x-amz-cf-pop
FRA60-P6
server
nginx
logo-patient-color.svg
patient.labcorp.com/assets/images/ 		16 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://patient.labcorp.com/assets/images/logo-patient-color.svg
Requested by
Host: login-patient.labcorp.com
URL: https://login-patient.labcorp.com/oauth2/default/v1/authorize?client_id=0oaympyx2kMM41A140x7&code_challenge=dJF-tuQspYPtjFaifaozn9KLOqpB4DyiXRsvcsdrO9E&code_challenge_method=S256&nonce=fOwhqwwPJdwxLkxrE0U7fhZqFn1KRrgI4WqGsP2cPRyzdUD0HT4Bd8ONHEVYLAIh&redirect_uri=https%3A%2F%2Fpatient.labcorp.com%2Fcallback&response_type=code&state=xYkdbz7SIr80Wt70D2V4iwGKGqNSWByhqe4SNQHG4ZF7XsyM86fMx1SW1EdLlyes&scope=openid%20email%20profile
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.124.69 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-124-69.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7c56074397f9ad3a0149bb842a97ffa27682b5fa86d5a1122ed489fa30fdcce0
Security Headers
Name Value
Content-Security-Policy default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
gzip
x-amz-version-id
Drw9vC.iK0zP.vvVPcDvWZOLLg4PHbTD
etag
W/"2f62a1cffc9ea2ce8845e3ac0608fc01"
age
2890
expect-ct
max-age=0
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
5D2wEsftl3YLK6tWwYaY1VpyZfH4-j_geQEFaTWShGVrHRyQnSH80g==
date
Tue, 24 Sep 2024 04:49:29 GMT
content-type
image/svg+xml
last-modified
Thu, 12 Oct 2023 14:23:13 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
x-dns-prefetch-control
off
referrer-policy
strict-origin
x-download-options
noopen
via
1.1 f54bc880c0d35571a4883f7c10838532.cloudfront.net (CloudFront)
permissions-policy
payment=(*)
x-xss-protection
1; mode=block
x-amz-cf-pop
JFK50-P7
server
AmazonS3
x-amz-server-side-encryption
AES256
iframe.html
login.okta.com/discovery/ Frame D928 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://login.okta.com/discovery/iframe.html
Requested by
Host: ok2static.oktacdn.com
URL: https://ok2static.oktacdn.com/assets/js/mvc/loginpage/initLoginPage.pack.58de3be0c9b511a0fdfd7ea4f69b56fc.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
108.138.7.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-7-41.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Age
82880
Connection
keep-alive
Content-Length
451
Content-Type
text/html
Date
Mon, 23 Sep 2024 06:36:20 GMT
ETag
"090e4f7730dbde0bff2ffa4dc330a6a3"
Last-Modified
Thu, 29 Aug 2024 22:15:28 GMT
Server
AmazonS3
Strict-Transport-Security
max-age=31536000; includeSubDomains
Via
1.1 e1f996a9009532eeea33edfd32ef3240.cloudfront.net (CloudFront)
X-Amz-Cf-Id
cR_VKjmcFaHK4f4bFvGbaXTsP1uaiulF0Ia0rDzvQCzYcj1lK6tV5A==
X-Amz-Cf-Pop
FRA56-P6
X-Cache
Hit from cloudfront
introspect
login-patient.labcorp.com/idp/idx/ 		23 KB
26 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://login-patient.labcorp.com/idp/idx/introspect
Requested by
Host: ok2static.oktacdn.com
URL: https://ok2static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.23.0/js/okta-sign-in.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.49.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ad3225ce0e27ecc67.awsglobalaccelerator.com
Software
nginx /
Resource Hash
187ab4d5ebf5b684580d70ed08a1da4a500fd3a59db480e3ccc8c962161412db
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

X-Okta-User-Agent-Extended
okta-auth-js/7.8.0 okta-signin-widget-7.23.0
Referer
Accept-Language
de
Accept
application/ion+json; okta-version=1.0.0
Content-Type
application/ion+json; okta-version=1.0.0
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

X-Robots-Tag
noindex,nofollow
x-rate-limit-limit
2000
x-content-type-options
nosniff
expires
0
p3p
CP="HONK"
Keep-Alive
timeout=5, max=98
Date
Tue, 24 Sep 2024 05:37:39 GMT
Content-Type
application/ion+json;okta-version=1.0.0
x-rate-limit-remaining
1996
vary
Origin
x-okta-request-id
ZvJQI7Ug6zwSJznBAn1xqgAACL4
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=315360000; includeSubDomains
cache-control
no-cache, no-store
x-rate-limit-reset
1727156315
pragma
no-cache
accept-ch
Sec-CH-UA-Platform-Version
Connection
Keep-Alive
access-control-allow-credentials
true
content-security-policy-report-only
default-src 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com; connect-src 'self' labcorp.okta.com labcorp-admin.okta.com login-patient.labcorp.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com labcorp.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com; style-src 'unsafe-inline' 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com; frame-src 'self' labcorp.okta.com labcorp-admin.okta.com login-patient.labcorp.com login.okta.com *.vidyard.com https://patient.labcorp.com com-okta-authenticator:; img-src 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' labcorp.okta.com login-patient.labcorp.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self'
referrer-policy
strict-origin-when-cross-origin
access-control-allow-origin
https://login-patient.labcorp.com
x-xss-protection
0
Server
nginx
okticon.woff
ok2static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.23.0/font/ 		20 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ok2static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.23.0/font/okticon.woff
Requested by
Host: ok2static.oktacdn.com
URL: https://ok2static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.23.0/css/okta-sign-in.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-88.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
7eccbb3b4b68f9f24a3b826f2eea4a1bbb48196cb734afc1b62c3d045cb680e1
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://login-patient.labcorp.com
Referer
https://ok2static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.23.0/css/okta-sign-in.min.css

Response headers

etag
"db28723126138387cdf40680e6e0fa5d"
age
450254
expires
Fri, 19 Sep 2025 00:33:25 GMT
x-cache
Hit from cloudfront
x-amz-cf-id
f_JmopfrjIsEdcInwYe8gqayGLrcz7m0WDoB189OcYpYOeuCX5x_Hw==
date
Thu, 19 Sep 2024 00:33:25 GMT
content-type
application/font-woff
last-modified
Wed, 18 Sep 2024 23:58:25 GMT
strict-transport-security
max-age=315360000; includeSubDomains
cache-control
max-age=31536000, public,max-age=31536000,s-maxage=1814400
via
1.1 13ad77f5993668d67b8168f460ba6368.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
x-amz-meta-sha1sum
4d706297987d613a4e3f4f23d08c62d16830845d
content-length
20600
x-amz-cf-pop
FRA60-P6
server
nginx
favicon.ico
login-patient.labcorp.com/ 		5 KB
6 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://login-patient.labcorp.com/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.49.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ad3225ce0e27ecc67.awsglobalaccelerator.com
Software
nginx /
Resource Hash
f9e86fb363a05f75ab3b525439d46bf4911d4cd4ae94c656c0198206374002aa
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Strict-Transport-Security
max-age=315360000; includeSubDomains
X-Robots-Tag
noindex,nofollow
etag
W/"5430-1726868278000"
Connection
Keep-Alive
x-content-type-options
nosniff
accept-ranges
bytes
Content-Length
5430
Keep-Alive
timeout=5, max=97
Date
Tue, 24 Sep 2024 05:37:39 GMT
Content-Type
image/x-icon
last-modified
Fri, 20 Sep 2024 21:37:58 GMT
Server
nginx

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
geolocation.onetrust.com
URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Domain
labcorp.demdex.net
URL
https://labcorp.demdex.net/dest5.html?d_nsid=0

Verdicts & Comments Add Verdict or Comment

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| regeneratorRuntime function| jQueryCourage object| u2f function| OktaSignIn function| signInSuccessCallBackFunction object| oktaData function| runLoginPage object| OktaUtil object| config string| urlString string| clientId object| customButtons string| logoUrl1 string| logoUrl2 object| oktaSignIn function| debounce function| updateContent object| OktaLogin object| jQBrowser

9 Cookies

Domain/Path Name / Value
.demdex.net/ Name: demdex
Value: 11103051434037251421310069975955269310
.labcorp.com/ Name: AMCVS_B2CC6D25615AB18E0A495EA4%40AdobeOrg
Value: 1
.dpm.demdex.net/ Name: dpm
Value: 11103051434037251421310069975955269310
.labcorp.com/ Name: AMCV_B2CC6D25615AB18E0A495EA4%40AdobeOrg
Value: 179643557%7CMCIDTS%7C19991%7CMCMID%7C03431355291774556261839116698139605986%7CMCAAMLH-1727761057%7C6%7CMCAAMB-1727761057%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1727163457s%7CNONE%7CMCSYNCSOP%7C411-19998%7CvVersion%7C5.5.0
.labcorp.com/ Name: dtCookie
Value: v_4_srv_2_sn_4A5543FEE55080C4312A1E1A3992252E_perc_100000_ol_0_mul_1_app-3Aea7c4b59f27d43eb_1_rcs-3Acss_0
.labcorp.com/ Name: OptanonConsent
Value: isGpcEnabled=0&datestamp=Tue+Sep+24+2024+07%3A37%3A38+GMT%2B0200+(Mitteleurop%C3%A4ische+Sommerzeit)&version=202407.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=89a63f8a-bdf5-40d7-9932-ca709a9a70ff&interactionCount=1&isAnonUser=1&landingPath=https%3A%2F%2Fpatient.labcorp.com%2Fportal%2Finvoices%2F25674068%2FFriendly_Reminder&groups=C0001%3A1%2CC0003%3A0%2CC0002%3A0%2CC0004%3A0%2CC0007%3A0
login-patient.labcorp.com/ Name: t
Value: default
login-patient.labcorp.com/ Name: DT
Value: DI1XOUZ0UocQ6a1LRbAKqhMlg
login-patient.labcorp.com/ Name: JSESSIONID
Value: 2A85D095111F5FEB24CF7B9413D071C2

6 Console Messages

Source Level URL
Text
security error URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Message:
Refused to connect to 'https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location' because it violates the following Content Security Policy directive: "connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org".
security warning URL: about:blank
Message:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
network error URL: https://login-patient.labcorp.com/api/v1/sessions/me
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
security error URL: https://cdn.cookielaw.org/scripttemplates/202407.1.0/otBannerSdk.js(Line 6)
Message:
Refused to connect to 'https://privacyportal.onetrust.com/request/v1/consentreceipts' because it violates the following Content Security Policy directive: "connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org".
security error URL: https://login-patient.labcorp.com/oauth2/default/v1/authorize?client_id=0oaympyx2kMM41A140x7&code_challenge=dJF-tuQspYPtjFaifaozn9KLOqpB4DyiXRsvcsdrO9E&code_challenge_method=S256&nonce=fOwhqwwPJdwxLkxrE0U7fhZqFn1KRrgI4WqGsP2cPRyzdUD0HT4Bd8ONHEVYLAIh&redirect_uri=https%3A%2F%2Fpatient.labcorp.com%2Fcallback&response_type=code&state=xYkdbz7SIr80Wt70D2V4iwGKGqNSWByhqe4SNQHG4ZF7XsyM86fMx1SW1EdLlyes&scope=openid%20email%20profile(Line 16)
Message:
[Report Only] Refused to load the stylesheet 'https://fonts.googleapis.com/css2?family=Source+Code+Pro:wght@400;500;600;700;800;900&display=swap' because it violates the following Content Security Policy directive: "style-src 'unsafe-inline' 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.
security error URL: https://login-patient.labcorp.com/oauth2/default/v1/authorize?client_id=0oaympyx2kMM41A140x7&code_challenge=dJF-tuQspYPtjFaifaozn9KLOqpB4DyiXRsvcsdrO9E&code_challenge_method=S256&nonce=fOwhqwwPJdwxLkxrE0U7fhZqFn1KRrgI4WqGsP2cPRyzdUD0HT4Bd8ONHEVYLAIh&redirect_uri=https%3A%2F%2Fpatient.labcorp.com%2Fcallback&response_type=code&state=xYkdbz7SIr80Wt70D2V4iwGKGqNSWByhqe4SNQHG4ZF7XsyM86fMx1SW1EdLlyes&scope=openid%20email%20profile
Message:
[Report Only] Refused to load the image 'https://patient.labcorp.com/assets/images/logo-patient-color.svg' because it violates the following Content Security Policy directive: "img-src 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.demdex.net *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.demdex.net *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.adobedtm.com
cdn.cookielaw.org
click.labcorpmessage.com
cm.everesttech.net
content.patient.pendo.cws.labcorp.com
dpm.demdex.net
fonts.googleapis.com
geolocation.onetrust.com
js.braintreegateway.com
labcorp.demdex.net
login-patient.labcorp.com
login.okta.com
ok2static.oktacdn.com
patient.labcorp.com
portal-api.patient.cws.labcorp.com
geolocation.onetrust.com
labcorp.demdex.net
108.138.7.41
13.111.136.50
18.164.124.69
18.245.86.88
192.229.221.25
2600:9000:211e:a00:10:5a95:d240:93a1
2606:4700::6812:572a
2a00:1450:4001:800::200a
2a02:26f0:3500:587::1e80
34.252.69.234
52.201.20.20
52.223.49.115
52.49.164.251
0078ac859f3df394db9612ec74e940083b6ddecd4fd2fd8423734a98c7e1e69a
086834150f1cc41da942702b89f4000a461668bb4836fcec56ca578a73f40233
0978fdc6a0855dfb6f56510fb5718aec2a109a949fb3adb2bba5e3db61b5a4d3
0afaa8243a885ae98499c05dba6fd60983bc9f9a583987894c0534999dae45d1
10a8fbaa0884f4deedfb149d83b3345d7489f9995d0737d35b3282132cd04452
187ab4d5ebf5b684580d70ed08a1da4a500fd3a59db480e3ccc8c962161412db
2bc18a93aeb37d777bb109451015602aee9b30b3dd9b4f1c2a5da50577745c12
3382eb61d5ed9187fa12fc5c174283070153ba7504352aede417c7c36bc4c910
3d9ef05bcd150166c1f5163efaa04d78e47390892439d4f9bcb4d22a6b579762
4993f870aca3106a39c8d70a32ac0ecdc4ad8370dbbfa0bafaf61f2a7f9024ed
51c8dc48fb49d5df075bf32d6655815cce9440a80bef0458f72a5bb85fa96d4f
55b0c7e311d0045718dc318adc02d0b555adb196750c9abe16d36e8bf5f78d98
598e70b8ab9822dfe1b7427c5e46b405beea47a0aa1b21cab9f702431ace7e5e
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
6a6c595fcf3a6c74bf3509f160ba34b78a8a3eb92ecaf290412c46679576d3ed
7348a2eb48c9a681d6178433394c7037144d85b57ee33a11339d3a33fa1001a4
7c2092048f21074425f3e025db78fb6505f75d6fcf2e121ced055c8d53bcb1b3
7c56074397f9ad3a0149bb842a97ffa27682b5fa86d5a1122ed489fa30fdcce0
7dbc72c3f0511495fdf45d42283a246613db44b0906199cef195a773068d822f
7eccbb3b4b68f9f24a3b826f2eea4a1bbb48196cb734afc1b62c3d045cb680e1
81b220f5ce6b003b014cc6ec49c228f25a69692981943b520bd2675e133665f7
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
91b0809d8b9dc57eaa09cb0e13c210b24edfaeadb94a8cff0fee02751c1b0b5f
91db60b953a6a6e12f05ec063e15791e4f30a0af4193a3259ec4f4e0e15aac1b
95fb6498771046c09267492685c3392371cbb93a83339622be7bd3b17b551bbb
9a4e0af6397a30500067cf1e08dc26ec4aa597d427a6010777bb74b92675d3f6
a1566688dd7e6e7cdce8dd2634ac42a7d939f0f9ee471a8d79b9a9e7f956e4d0
a6aeffa6028654ed56faee45fdbeb0176c2b355a5cce9ff9cd0f3f474bfcf7b3
ad9fc4df986eb6fe43fc1a97d3287f18c3fbc90d93cdadd176ccf171544a664a
bbdb499ada9a9b54877bce6e362d9dc0745374dcc39ed49ba2ee210b1429255f
bc9a16cd945457ad9463cdaed95129b01c589466978dfee3d019d9c604b2171a
bd81627dee6ce12ff27097a365d990c3e6d231c80c973794d340aa0dcf081ea6
c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0
c18ad0dc68e29a72aa5f98140af88610a0a2a40b19029c78346514f9803b39d6
d1052ee84460c9422cd7466310f6683e1838fd93cf22bda26dbbfcb0e109b5c9
d459032ea415a5eeb2bead0a064d0241fa22e71c49c8222e0318a1bc3c9a0317
d4ebab34a6deec0d1ab70ca05c47cf7db2709d7a087ef4ed78b5a22b2e2b7b29
d5f5e3a11b1241426353d5a508c948379146e5d2ac6257f3c48f9a13fdd372d1
d6d01246a30e9d483531c27721f73f266fa4af35effdb21683ac02a620ab8aaf
d890abf66010907c7a0a61236d25c3c98bcb7edec34b13dc887f5be122bfef7e
da983c5cc16eef0aeebf15cd3c0de165efe84261b280c708e7375b552defae7f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e426698cad245f1ee6b3a251500b07c9cc5322c050fbf149861e15c09603852c
e540549c5ee85d139a6590536daf86400fccd811ebc9d5b714794efe1e34b897
e63c3fa1b2c3ebaea1683722714f25b7c98cf4dff2906307f00c8a6398be5345
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f71321a443d2c952d2926082caf12cf8935b3d17e85e97140f2471432601a23e
f9337ae8f0b1caec74796f1fe98f8fb3f230018a71232ae6da1d88d9bc7dc8f1
f9e0650a29aa45383610f5e67bf0e464fd98f538195a12508f1e6d05cbedc14d
f9e86fb363a05f75ab3b525439d46bf4911d4cd4ae94c656c0198206374002aa
ff540875effb031e6b92aacd20db7540f9eaab71f617597b371b3e007f393092