urlscan.io logo urlscan.io
SecurityTrails logo

ocr.synlab.fr Open in urlscan Pro
212.0.125.17  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://ocr.synlab.fr/
Effective URL: https://ocr.synlab.fr/account/login
Submission: On October 30 via manual from PH — Scanned from FR
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 14 HTTP transactions. The main IP is 212.0.125.17, located in Barcelona, Spain and belongs to COLT COLT Technology Services Group Limited, GB. The main domain is ocr.synlab.fr.
TLS certificate: Issued by GlobalSign RSA OV SSL CA 2018 on October 12th 2023. Valid for: a year.
This is the only time ocr.synlab.fr was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 10 212.0.125.17 8220 (COLT COLT...)
2 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
14 4
Apex Domain
Subdomains		 Transfer
10 synlab.fr
ocr.synlab.fr
236 KB
5 google.com
apis.google.com — Cisco Umbrella Rank: 112
accounts.google.com — Cisco Umbrella Rank: 24
50 KB
1 gstatic.com
www.gstatic.com
36 KB
14 3
Domain Requested by
10 ocr.synlab.fr 2 redirects ocr.synlab.fr
3 accounts.google.com apis.google.com
ocr.synlab.fr
www.gstatic.com
2 apis.google.com ocr.synlab.fr
apis.google.com
1 www.gstatic.com accounts.google.com
14 4

This site contains links to these domains. Also see Links.

Domain
www.deister.es
Subject Issuer Validity Valid
*.synlab.fr
GlobalSign RSA OV SSL CA 2018		 2023-10-12 -
2024-11-12		 a year crt.sh
*.apis.google.com
GTS CA 1C3		 2023-10-09 -
2024-01-01		 3 months crt.sh
accounts.google.com
GTS CA 1C3		 2023-10-09 -
2024-01-01		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-10-09 -
2024-01-01		 3 months crt.sh
*.google.com
GTS CA 1C3		 2023-10-09 -
2024-01-01		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://ocr.synlab.fr/account/login
Frame ID: 46CFB7C0134271265F99E47806BB8103
Requests: 10 HTTP requests in this frame

Frame: https://accounts.google.com/o/oauth2/iframe
Frame ID: 096A6373C0F96F68474E3A1B7E3559BC
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Login

Page URL History Show full URLs

  1. http://ocr.synlab.fr/ HTTP 302
    https://ocr.synlab.fr/ HTTP 303
    https://ocr.synlab.fr/account/login Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • apis\.google\.com/js/[a-z]*\.js

Page Statistics

14
Requests

100 %
HTTPS

75 %
IPv6

3
Domains

4
Subdomains

4
IPs

2
Countries

321 kB
Transfer

1016 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://ocr.synlab.fr/ HTTP 302
    https://ocr.synlab.fr/ HTTP 303
    https://ocr.synlab.fr/account/login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login
ocr.synlab.fr/account/
Redirect Chain
  • http://ocr.synlab.fr/
  • https://ocr.synlab.fr/
  • https://ocr.synlab.fr/account/login
5 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ocr.synlab.fr/account/login
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
212.0.125.17 Barcelona, Spain, ASN8220 (COLT COLT Technology Services Group Limited, GB),
Reverse DNS
Software
/
Resource Hash
93fd57a5a0d0493d3d62035ca311ca1de279aea983010a298a8de605d3aa43f8
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://maps.googleapis.com https://maps.google.com https://maps.gstatic.com https://csi.gstatic.com https://apis.google.com https://www.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com https://cdn.jsdelivr.net; img-src 'self' data: blob: https://maps.gstatic.com https://csi.gstatic.com https://maps.google.com https://maps.googleapis.com https://khms0.googleapis.com https://khms1.googleapis.com https://cbks0.googleapis.com http://cdn.fedefarma.com; frame-src 'self' data: blob: http: https: https://accounts.google.com; frame-ancestors 'self'; worker-src 'self' blob: upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

Cache-Control
no-cache, no-transform
Connection
close
Content-Encoding
gzip
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://maps.googleapis.com https://maps.google.com https://maps.gstatic.com https://csi.gstatic.com https://apis.google.com https://www.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com https://cdn.jsdelivr.net; img-src 'self' data: blob: https://maps.gstatic.com https://csi.gstatic.com https://maps.google.com https://maps.googleapis.com https://khms0.googleapis.com https://khms1.googleapis.com https://cbks0.googleapis.com http://cdn.fedefarma.com; frame-src 'self' data: blob: http: https: https://accounts.google.com; frame-ancestors 'self'; worker-src 'self' blob: upgrade-insecure-requests
Content-Type
text/html
Date
Mon, 30 Oct 2023 07:04:26 GMT
Referrer-Policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload;
Vary
Accept-Encoding, User-Agent
X-Content-Type-Options
nosniff
X-Frame-Options
sameorigin

Redirect headers

Connection
close
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://maps.googleapis.com https://maps.google.com https://maps.gstatic.com https://csi.gstatic.com https://apis.google.com https://www.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com https://cdn.jsdelivr.net; img-src 'self' data: blob: https://maps.gstatic.com https://csi.gstatic.com https://maps.google.com https://maps.googleapis.com https://khms0.googleapis.com https://khms1.googleapis.com https://cbks0.googleapis.com http://cdn.fedefarma.com; frame-src 'self' data: blob: http: https: https://accounts.google.com; frame-ancestors 'self'; worker-src 'self' blob: upgrade-insecure-requests
Date
Mon, 30 Oct 2023 07:04:26 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Location
https://ocr.synlab.fr/account/login
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options
nosniff
X-Frame-Options
sameorigin
login.css
ocr.synlab.fr/server/static/login/dist/css/ 		2 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ocr.synlab.fr/server/static/login/dist/css/login.css?version=380
Requested by
Host: ocr.synlab.fr
URL: https://ocr.synlab.fr/account/login
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
212.0.125.17 Barcelona, Spain, ASN8220 (COLT COLT Technology Services Group Limited, GB),
Reverse DNS
Software
/
Resource Hash
8ae4b98111a9bccaf17a0ab45dd9af6d1e864dd9adae6bbd1ae95a204f241d68
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://maps.googleapis.com https://maps.google.com https://maps.gstatic.com https://csi.gstatic.com https://apis.google.com https://www.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com https://cdn.jsdelivr.net; img-src 'self' data: blob: https://maps.gstatic.com https://csi.gstatic.com https://maps.google.com https://maps.googleapis.com https://khms0.googleapis.com https://khms1.googleapis.com https://cbks0.googleapis.com http://cdn.fedefarma.com; frame-src 'self' data: blob: http: https: https://accounts.google.com; frame-ancestors 'self'; worker-src 'self' blob:, upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://ocr.synlab.fr/account/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Date
Mon, 30 Oct 2023 07:04:26 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload;
Last-Modified
Fri, 14 Oct 2022 12:34:38 GMT
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://maps.googleapis.com https://maps.google.com https://maps.gstatic.com https://csi.gstatic.com https://apis.google.com https://www.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com https://cdn.jsdelivr.net; img-src 'self' data: blob: https://maps.gstatic.com https://csi.gstatic.com https://maps.google.com https://maps.googleapis.com https://khms0.googleapis.com https://khms1.googleapis.com https://cbks0.googleapis.com http://cdn.fedefarma.com; frame-src 'self' data: blob: http: https: https://accounts.google.com; frame-ancestors 'self'; worker-src 'self' blob:, upgrade-insecure-requests
Vary
Accept-Encoding, User-Agent
X-Frame-Options
sameorigin
Content-Type
text/css
Cache-Control
public;max-age=31604439
Connection
close
Expires
Wed, 30 Oct 2024 02:05:05 GMT
login.js
ocr.synlab.fr/server/static/login/dist/js/ 		18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ocr.synlab.fr/server/static/login/dist/js/login.js?version=380
Requested by
Host: ocr.synlab.fr
URL: https://ocr.synlab.fr/account/login
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
212.0.125.17 Barcelona, Spain, ASN8220 (COLT COLT Technology Services Group Limited, GB),
Reverse DNS
Software
/
Resource Hash
9ccfe361837768302022b3d1b4e9b88ece2c9f546fb271f502837945174d3b63
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://maps.googleapis.com https://maps.google.com https://maps.gstatic.com https://csi.gstatic.com https://apis.google.com https://www.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com https://cdn.jsdelivr.net; img-src 'self' data: blob: https://maps.gstatic.com https://csi.gstatic.com https://maps.google.com https://maps.googleapis.com https://khms0.googleapis.com https://khms1.googleapis.com https://cbks0.googleapis.com http://cdn.fedefarma.com; frame-src 'self' data: blob: http: https: https://accounts.google.com; frame-ancestors 'self'; worker-src 'self' blob:, upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://ocr.synlab.fr/account/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Date
Mon, 30 Oct 2023 07:04:26 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload;
Last-Modified
Fri, 14 Oct 2022 12:34:38 GMT
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://maps.googleapis.com https://maps.google.com https://maps.gstatic.com https://csi.gstatic.com https://apis.google.com https://www.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com https://cdn.jsdelivr.net; img-src 'self' data: blob: https://maps.gstatic.com https://csi.gstatic.com https://maps.google.com https://maps.googleapis.com https://khms0.googleapis.com https://khms1.googleapis.com https://cbks0.googleapis.com http://cdn.fedefarma.com; frame-src 'self' data: blob: http: https: https://accounts.google.com; frame-ancestors 'self'; worker-src 'self' blob:, upgrade-insecure-requests
Vary
Accept-Encoding, User-Agent
X-Frame-Options
sameorigin
Content-Type
application/javascript
Cache-Control
public;max-age=31604439
Connection
close
Expires
Wed, 30 Oct 2024 02:05:05 GMT
chunk-vendors.js
ocr.synlab.fr/server/static/login/dist/js/ 		285 KB
92 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ocr.synlab.fr/server/static/login/dist/js/chunk-vendors.js?version=380
Requested by
Host: ocr.synlab.fr
URL: https://ocr.synlab.fr/account/login
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
212.0.125.17 Barcelona, Spain, ASN8220 (COLT COLT Technology Services Group Limited, GB),
Reverse DNS
Software
/
Resource Hash
47443a641fba0795aa461e3ec129a1d6eb85fef2c65bc8a565d8de074985a0bf
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://maps.googleapis.com https://maps.google.com https://maps.gstatic.com https://csi.gstatic.com https://apis.google.com https://www.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com https://cdn.jsdelivr.net; img-src 'self' data: blob: https://maps.gstatic.com https://csi.gstatic.com https://maps.google.com https://maps.googleapis.com https://khms0.googleapis.com https://khms1.googleapis.com https://cbks0.googleapis.com http://cdn.fedefarma.com; frame-src 'self' data: blob: http: https: https://accounts.google.com; frame-ancestors 'self'; worker-src 'self' blob:, upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://ocr.synlab.fr/account/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Date
Mon, 30 Oct 2023 07:04:26 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload;
Last-Modified
Fri, 14 Oct 2022 12:34:38 GMT
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://maps.googleapis.com https://maps.google.com https://maps.gstatic.com https://csi.gstatic.com https://apis.google.com https://www.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com https://cdn.jsdelivr.net; img-src 'self' data: blob: https://maps.gstatic.com https://csi.gstatic.com https://maps.google.com https://maps.googleapis.com https://khms0.googleapis.com https://khms1.googleapis.com https://cbks0.googleapis.com http://cdn.fedefarma.com; frame-src 'self' data: blob: http: https: https://accounts.google.com; frame-ancestors 'self'; worker-src 'self' blob:, upgrade-insecure-requests
Vary
Accept-Encoding, User-Agent
X-Frame-Options
sameorigin
Content-Type
application/javascript
Cache-Control
public;max-age=31604439
Connection
close
Expires
Wed, 30 Oct 2024 02:05:05 GMT
chunk-vendors.css
ocr.synlab.fr/server/static/login/dist/css/ 		385 KB
49 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ocr.synlab.fr/server/static/login/dist/css/chunk-vendors.css?version=380
Requested by
Host: ocr.synlab.fr
URL: https://ocr.synlab.fr/account/login
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
212.0.125.17 Barcelona, Spain, ASN8220 (COLT COLT Technology Services Group Limited, GB),
Reverse DNS
Software
/
Resource Hash
c6862554a3a24538822e165c42cb81ad22f0d4dfedf737e5630d05bbf4b5fff6
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://maps.googleapis.com https://maps.google.com https://maps.gstatic.com https://csi.gstatic.com https://apis.google.com https://www.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com https://cdn.jsdelivr.net; img-src 'self' data: blob: https://maps.gstatic.com https://csi.gstatic.com https://maps.google.com https://maps.googleapis.com https://khms0.googleapis.com https://khms1.googleapis.com https://cbks0.googleapis.com http://cdn.fedefarma.com; frame-src 'self' data: blob: http: https: https://accounts.google.com; frame-ancestors 'self'; worker-src 'self' blob:, upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://ocr.synlab.fr/account/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Date
Mon, 30 Oct 2023 07:04:26 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload;
Last-Modified
Fri, 14 Oct 2022 12:34:38 GMT
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://maps.googleapis.com https://maps.google.com https://maps.gstatic.com https://csi.gstatic.com https://apis.google.com https://www.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com https://cdn.jsdelivr.net; img-src 'self' data: blob: https://maps.gstatic.com https://csi.gstatic.com https://maps.google.com https://maps.googleapis.com https://khms0.googleapis.com https://khms1.googleapis.com https://cbks0.googleapis.com http://cdn.fedefarma.com; frame-src 'self' data: blob: http: https: https://accounts.google.com; frame-ancestors 'self'; worker-src 'self' blob:, upgrade-insecure-requests
Vary
Accept-Encoding, User-Agent
X-Frame-Options
sameorigin
Content-Type
text/css
Cache-Control
public;max-age=31604439
Connection
close
Expires
Wed, 30 Oct 2024 02:05:05 GMT
api.js
apis.google.com/js/ 		18 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/js/api.js
Requested by
Host: ocr.synlab.fr
URL: https://ocr.synlab.fr/server/static/login/dist/js/chunk-vendors.js?version=380
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9c40b36613f01f4902da8a2a12a6fa318c1f6bbf2033eff339410e3bbc2bfbe3
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://ocr.synlab.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

content-security-policy
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 30 Oct 2023 07:04:26 GMT
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7114
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="gapi-team"
etag
"66dd06583d906b4d"
vary
Accept-Encoding
report-to
{"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
private, max-age=1800, stale-while-revalidate=1800
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 30 Oct 2023 07:04:26 GMT
MaterialIcons-Regular.woff2
ocr.synlab.fr/server/static/login/dist/fonts/ 		59 KB
61 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ocr.synlab.fr/server/static/login/dist/fonts/MaterialIcons-Regular.woff2
Requested by
Host: ocr.synlab.fr
URL: https://ocr.synlab.fr/server/static/login/dist/css/chunk-vendors.css?version=380
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
212.0.125.17 Barcelona, Spain, ASN8220 (COLT COLT Technology Services Group Limited, GB),
Reverse DNS
Software
/
Resource Hash
ea0a28549d97a6d2e69064f12ef47fdc80afb8c75b6e53a598a5fbf9daffa5c2
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://maps.googleapis.com https://maps.google.com https://maps.gstatic.com https://csi.gstatic.com https://apis.google.com https://www.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com https://cdn.jsdelivr.net; img-src 'self' data: blob: https://maps.gstatic.com https://csi.gstatic.com https://maps.google.com https://maps.googleapis.com https://khms0.googleapis.com https://khms1.googleapis.com https://cbks0.googleapis.com http://cdn.fedefarma.com; frame-src 'self' data: blob: http: https: https://accounts.google.com; frame-ancestors 'self'; worker-src 'self' blob:, upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

Referer
https://ocr.synlab.fr/server/static/login/dist/css/chunk-vendors.css?version=380
Origin
https://ocr.synlab.fr
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Date
Mon, 30 Oct 2023 07:04:26 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload;
Last-Modified
Fri, 14 Oct 2022 12:34:38 GMT
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://maps.googleapis.com https://maps.google.com https://maps.gstatic.com https://csi.gstatic.com https://apis.google.com https://www.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com https://cdn.jsdelivr.net; img-src 'self' data: blob: https://maps.gstatic.com https://csi.gstatic.com https://maps.google.com https://maps.googleapis.com https://khms0.googleapis.com https://khms1.googleapis.com https://cbks0.googleapis.com http://cdn.fedefarma.com; frame-src 'self' data: blob: http: https: https://accounts.google.com; frame-ancestors 'self'; worker-src 'self' blob:, upgrade-insecure-requests
Vary
Accept-Encoding, User-Agent
X-Frame-Options
sameorigin
Cache-Control
public;max-age=31604438
Connection
close
Expires
Wed, 30 Oct 2024 02:05:05 GMT
deister-logo-light.png
ocr.synlab.fr/server/static/login/dist/img/ 		19 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ocr.synlab.fr/server/static/login/dist/img/deister-logo-light.png
Requested by
Host: ocr.synlab.fr
URL: https://ocr.synlab.fr/account/login
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
212.0.125.17 Barcelona, Spain, ASN8220 (COLT COLT Technology Services Group Limited, GB),
Reverse DNS
Software
/
Resource Hash
6f1bbe78a5a5d0dfe96e935b21d2d89a65816fee6be2d975673ab7a3e2cab551
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://maps.googleapis.com https://maps.google.com https://maps.gstatic.com https://csi.gstatic.com https://apis.google.com https://www.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com https://cdn.jsdelivr.net; img-src 'self' data: blob: https://maps.gstatic.com https://csi.gstatic.com https://maps.google.com https://maps.googleapis.com https://khms0.googleapis.com https://khms1.googleapis.com https://cbks0.googleapis.com http://cdn.fedefarma.com; frame-src 'self' data: blob: http: https: https://accounts.google.com; frame-ancestors 'self'; worker-src 'self' blob:, upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://ocr.synlab.fr/account/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Date
Mon, 30 Oct 2023 07:04:26 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload;
Last-Modified
Fri, 14 Oct 2022 12:34:38 GMT
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://maps.googleapis.com https://maps.google.com https://maps.gstatic.com https://csi.gstatic.com https://apis.google.com https://www.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com https://cdn.jsdelivr.net; img-src 'self' data: blob: https://maps.gstatic.com https://csi.gstatic.com https://maps.google.com https://maps.googleapis.com https://khms0.googleapis.com https://khms1.googleapis.com https://cbks0.googleapis.com http://cdn.fedefarma.com; frame-src 'self' data: blob: http: https: https://accounts.google.com; frame-ancestors 'self'; worker-src 'self' blob:, upgrade-insecure-requests
Vary
Accept-Encoding, User-Agent
X-Frame-Options
sameorigin
Content-Type
image/png
Cache-Control
public;max-age=31604438
Connection
close
Expires
Wed, 30 Oct 2024 02:05:05 GMT
google.svg
ocr.synlab.fr/server/static/login/dist/img/ 		777 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ocr.synlab.fr/server/static/login/dist/img/google.svg
Requested by
Host: ocr.synlab.fr
URL: https://ocr.synlab.fr/account/login
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
212.0.125.17 Barcelona, Spain, ASN8220 (COLT COLT Technology Services Group Limited, GB),
Reverse DNS
Software
/
Resource Hash
9175cc5571eb531e002b95076234550ca82522b9f8164db5c24fd1b44e8fa771
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://maps.googleapis.com https://maps.google.com https://maps.gstatic.com https://csi.gstatic.com https://apis.google.com https://www.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com https://cdn.jsdelivr.net; img-src 'self' data: blob: https://maps.gstatic.com https://csi.gstatic.com https://maps.google.com https://maps.googleapis.com https://khms0.googleapis.com https://khms1.googleapis.com https://cbks0.googleapis.com http://cdn.fedefarma.com; frame-src 'self' data: blob: http: https: https://accounts.google.com; frame-ancestors 'self'; worker-src 'self' blob:, upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://ocr.synlab.fr/account/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Date
Mon, 30 Oct 2023 07:04:26 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload;
Last-Modified
Fri, 14 Oct 2022 12:34:38 GMT
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://maps.googleapis.com https://maps.google.com https://maps.gstatic.com https://csi.gstatic.com https://apis.google.com https://www.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com https://cdn.jsdelivr.net; img-src 'self' data: blob: https://maps.gstatic.com https://csi.gstatic.com https://maps.google.com https://maps.googleapis.com https://khms0.googleapis.com https://khms1.googleapis.com https://cbks0.googleapis.com http://cdn.fedefarma.com; frame-src 'self' data: blob: http: https: https://accounts.google.com; frame-ancestors 'self'; worker-src 'self' blob:, upgrade-insecure-requests
Vary
Accept-Encoding, User-Agent
X-Frame-Options
sameorigin
Content-Type
image/svg+xml
Cache-Control
public;max-age=31604438
Connection
close
Expires
Wed, 30 Oct 2024 02:05:05 GMT
cb=gapi.loaded_0
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.fr.VXdxOsKJBxg.O/m=auth2/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9haxQKqkNZwniaaV-zSTS6Q1k20g/ 		118 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.fr.VXdxOsKJBxg.O/m=auth2/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9haxQKqkNZwniaaV-zSTS6Q1k20g/cb=gapi.loaded_0?le=scs
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/api.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5511f892ca73c1ef6b891ead26e451dd50c08e9e0f8b8cc90c486bf6fee41036
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://ocr.synlab.fr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date
Wed, 25 Oct 2023 17:51:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
393180
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
40610
x-xss-protection
0
last-modified
Tue, 03 Oct 2023 15:22:58 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="social-frontend-mpm-access"
vary
Accept-Encoding
report-to
{"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 24 Oct 2024 17:51:27 GMT
iframe
accounts.google.com/o/oauth2/ Frame 096A 		287 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://accounts.google.com/o/oauth2/iframe
Requested by
Host: apis.google.com
URL: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.fr.VXdxOsKJBxg.O/m=auth2/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9haxQKqkNZwniaaV-zSTS6Q1k20g/cb=gapi.loaded_0?le=scs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2681403ba8eb96bbf502f10705020e8a2b63bf6c0b2ca793cdb73b36346ae7ee
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/IdpIFrameHttp/cspreport script-src 'report-sample' 'nonce-gx5SGdjehXtKA6Itw3th3Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdpIFrameHttp/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdpIFrameHttp/cspreport/allowlist
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ocr.synlab.fr/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
require-trusted-types-for 'script';report-uri /_/IdpIFrameHttp/cspreport script-src 'report-sample' 'nonce-gx5SGdjehXtKA6Itw3th3Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdpIFrameHttp/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdpIFrameHttp/cspreport/allowlist
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
cross-origin
date
Mon, 30 Oct 2023 07:04:27 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma
no-cache
server
ESF
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-xss-protection
0
m=base
www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdpIFrameHttp.fr.TEUWO-mZk4I.es5.O/am=CAM/d=1/rs=AOaEmlHAMXv_P8EYbZxzonFgu7oQtnzM-A/ Frame 096A 		104 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdpIFrameHttp.fr.TEUWO-mZk4I.es5.O/am=CAM/d=1/rs=AOaEmlHAMXv_P8EYbZxzonFgu7oQtnzM-A/m=base
Requested by
Host: accounts.google.com
URL: https://accounts.google.com/o/oauth2/iframe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d490ee185e4d69ef6d3dd2ea1c2c1dbd83569c605e061bacfa2ef4393dd00c5c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://accounts.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date
Thu, 26 Oct 2023 06:50:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
346452
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/identity-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
36528
x-xss-protection
0
last-modified
Wed, 25 Oct 2023 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="boq-infra/identity-boq-js-css-signers"
vary
Accept-Encoding, Origin
report-to
{"group":"boq-infra/identity-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/identity-boq-js-css-signers"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Fri, 25 Oct 2024 06:50:15 GMT
cspreport
accounts.google.com/_/IdpIFrameHttp/ Frame 096A 		2 KB
914 B 		Other
General
Check archive.org
Download Go to
Full URL
https://accounts.google.com/_/IdpIFrameHttp/cspreport
Requested by
Host: ocr.synlab.fr
URL: https://ocr.synlab.fr/account/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
1b6f8ba79a74b9f92b2eeba70085a09b006709e06a5d95971d9b83f41bf07323
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://accounts.google.com/o/oauth2/iframe
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
Content-Type
application/csp-report

Response headers

pragma
no-cache
date
Mon, 30 Oct 2023 07:04:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Mon, 01 Jan 1990 00:00:00 GMT
iframerpc
accounts.google.com/o/oauth2/ Frame 096A 		50 B
90 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://accounts.google.com/o/oauth2/iframerpc?action=checkOrigin&origin=https%3A%2F%2Focr.synlab.fr&client_id=464244676918-8f37id674g61nkl0cgogat0l9k73451k.apps.googleusercontent.com
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.IdpIFrameHttp.fr.TEUWO-mZk4I.es5.O/am=CAM/d=1/rs=AOaEmlHAMXv_P8EYbZxzonFgu7oQtnzM-A/m=base
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
427653d8b0569e986b88bb7dca1852b627a034f69be1da68b150eb0d2bbacb5d
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-h24ZtyADwgqrO3B9-75-SA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdpIFrameHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdpIFrameHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/IdpIFrameHttp/cspreport
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://accounts.google.com/o/oauth2/iframe
X-Requested-With
XmlHttpRequest
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date
Mon, 30 Oct 2023 07:04:28 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
script-src 'report-sample' 'nonce-h24ZtyADwgqrO3B9-75-SA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdpIFrameHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdpIFrameHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/IdpIFrameHttp/cspreport
content-encoding
gzip
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
same-site
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site, Origin
content-type
application/json; charset=utf-8
cache-control
public, max-age=3600
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires
Mon, 30 Oct 2023 08:04:28 GMT

Verdicts & Comments Add Verdict or Comment

23 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| documentPictureInPicture object| g_messages object| g_customStyle string| g_formactionurl boolean| g_embedded boolean| g_is_console_context boolean| g_securePort boolean| g_server_status_offline string| g_server_status_offline_error boolean| g_error boolean| g_oauth2Error string| g_referer boolean| g_oauth string| g_oauth_clientId string| g_loginInfo_passRecoveryURL object| g_serverInfo object| g_clientInfo undefined| g_jvmInfo object| webpackJsonp object| gapi object| ___jsl object| osapi

3 Cookies

Domain/Path Name / Value
ocr.synlab.fr/ Name: JSESSIONID
Value: erpax1~sz2cb6j0ei4pq9jc6j3gwpvl
.google.com/ Name: NID
Value: 511=s4-DHeZsmwIroMvKzBaiAdWEqWohiOmN6648Gtp16MkLAK70qh6ah_Jq6O4BfDnt9BwMe0uZYjXOBCZYbzYmnYzj6U9i2F9LP1pJpnZSN_SJt0DxPjGqzqrkQ5t0uAdMcysW6V8Nc1AC1WsFP9ehmNFdB8K8TMUGrCOe81yf7HM
.ocr.synlab.fr/ Name: G_ENABLED_IDPS
Value: google

4 Console Messages

Source Level URL
Text
rendering info URL: https://ocr.synlab.fr/account/login(Line 134)
Message:
Autofocus processing was blocked because a document already has a focused element.
security warning URL: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.fr.VXdxOsKJBxg.O/m=auth2/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9haxQKqkNZwniaaV-zSTS6Q1k20g/cb=gapi.loaded_0?le=scs(Line 184)
Message:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
security error (Line 6)
Message:
This document requires 'TrustedScript' assignment.
network error URL: https://accounts.google.com/_/IdpIFrameHttp/cspreport
Message:
Failed to load resource: the server responded with a status of 400 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://maps.googleapis.com https://maps.google.com https://maps.gstatic.com https://csi.gstatic.com https://apis.google.com https://www.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com https://cdn.jsdelivr.net; img-src 'self' data: blob: https://maps.gstatic.com https://csi.gstatic.com https://maps.google.com https://maps.googleapis.com https://khms0.googleapis.com https://khms1.googleapis.com https://cbks0.googleapis.com http://cdn.fedefarma.com; frame-src 'self' data: blob: http: https: https://accounts.google.com; frame-ancestors 'self'; worker-src 'self' blob: upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options sameorigin