urlscan.io logo urlscan.io
SecurityTrails logo

login-patient.labcorp.com Open in urlscan Pro
52.223.49.115  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://click.labcorpmessage.com/?qs=be4f0f437fef1abcb11e1bb0d79ad1c4e31d198cb2acf2a76eede855368455e06ff830ff4187f104cdf93294c00b...
Effective URL: https://login-patient.labcorp.com/oauth2/default/v1/authorize?client_id=0oaympyx2kMM41A140x7&code_challenge=imRQsVIrgaMREIMGGSkJEw...
Submission: On May 31 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 12 IPs in 3 countries across 10 domains to perform 60 HTTP transactions. The main IP is 52.223.49.115, located in United States and belongs to AMAZON-02, US. The main domain is login-patient.labcorp.com. The Cisco Umbrella rank of the primary domain is 133431.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on March 12th 2024. Valid for: a year.
This is the only time login-patient.labcorp.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 13.111.136.50 14340 (SALESFORCE)
19 18.164.124.16 16509 (AMAZON-02)
12 2606:4700::68... 13335 (CLOUDFLAR...)
3 192.229.221.25 15133 (EDGECAST)
1 2600:9000:225... 16509 (AMAZON-02)
2 107.23.97.78 14618 (AMAZON-AES)
2 2a02:26f0:350... 20940 (AKAMAI-ASN1)
1 34.240.101.219 16509 (AMAZON-02)
7 52.223.49.115 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
9 108.138.36.61 16509 (AMAZON-02)
1 54.230.228.128 16509 (AMAZON-02)
60 12
1    13.111.136.50 (United States)

ASN14340 (SALESFORCE, US)
PTR: click.labcorpmessage.com
click.labcorpmessage.com
19    18.164.124.16 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-164-124-16.jfk50.r.cloudfront.net
patient.labcorp.com
12    2606:4700::6813:b134 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.cookielaw.org
3    192.229.221.25 (United States)

ASN15133 (EDGECAST, US)
js.braintreegateway.com
1    2600:9000:225b:8a00:10:5a95:d240:93a1 (United States)

ASN16509 (AMAZON-02, US)
content.patient.pendo.cws.labcorp.com
2    107.23.97.78 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-107-23-97-78.compute-1.amazonaws.com
portal-api.patient.cws.labcorp.com
2    2a02:26f0:3500:591::1e80 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
assets.adobedtm.com
1    34.240.101.219 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-240-101-219.eu-west-1.compute.amazonaws.com
dpm.demdex.net
7    52.223.49.115 (United States)

ASN16509 (AMAZON-02, US)
PTR: ad3225ce0e27ecc67.awsglobalaccelerator.com
login-patient.labcorp.com
1    2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
9    108.138.36.61 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-36-61.muc50.r.cloudfront.net
ok2static.oktacdn.com
1    54.230.228.128 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-230-228-128.muc50.r.cloudfront.net
login.okta.com
Apex Domain
Subdomains		 Transfer
29 labcorp.com
patient.labcorp.com — Cisco Umbrella Rank: 106444
content.patient.pendo.cws.labcorp.com — Cisco Umbrella Rank: 120958
portal-api.patient.cws.labcorp.com — Cisco Umbrella Rank: 123014
login-patient.labcorp.com — Cisco Umbrella Rank: 133431
1 MB
12 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 312
202 KB
9 oktacdn.com
ok2static.oktacdn.com — Cisco Umbrella Rank: 15366
780 KB
3 braintreegateway.com
js.braintreegateway.com — Cisco Umbrella Rank: 9019
34 KB
2 adobedtm.com
assets.adobedtm.com — Cisco Umbrella Rank: 425
53 KB
1 okta.com
login.okta.com — Cisco Umbrella Rank: 4048
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 33
1 KB
1 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 243
917 B
1 labcorpmessage.com
click.labcorpmessage.com — Cisco Umbrella Rank: 210650
247 B
0 onetrust.com Failed
geolocation.onetrust.com Failed
60 10
Domain Requested by
19 patient.labcorp.com patient.labcorp.com
login-patient.labcorp.com
12 cdn.cookielaw.org patient.labcorp.com
cdn.cookielaw.org
9 ok2static.oktacdn.com login-patient.labcorp.com
ok2static.oktacdn.com
7 login-patient.labcorp.com patient.labcorp.com
ok2static.oktacdn.com
3 js.braintreegateway.com patient.labcorp.com
2 assets.adobedtm.com patient.labcorp.com
assets.adobedtm.com
2 portal-api.patient.cws.labcorp.com patient.labcorp.com
1 login.okta.com ok2static.oktacdn.com
1 fonts.googleapis.com login-patient.labcorp.com
1 dpm.demdex.net patient.labcorp.com
1 content.patient.pendo.cws.labcorp.com patient.labcorp.com
1 click.labcorpmessage.com 1 redirects
0 geolocation.onetrust.com Failed cdn.cookielaw.org
60 13

This site contains no links.

Subject Issuer Validity Valid
patient.labcorp.com
Amazon RSA 2048 M01		 2023-09-11 -
2024-10-09		 a year crt.sh
cookielaw.org
Cloudflare Inc ECC CA-3		 2024-03-01 -
2024-12-31		 10 months crt.sh
www.paypal.com
DigiCert SHA2 Extended Validation Server CA		 2023-10-12 -
2024-10-31		 a year crt.sh
content.patient.pendo.cws.labcorp.com
Amazon RSA 2048 M03		 2023-08-04 -
2024-08-31		 a year crt.sh
portal-api.patient.cws.labcorp.com
Amazon RSA 2048 M01		 2023-09-07 -
2024-10-06		 a year crt.sh
assets.adobedtm.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-07-11 -
2024-08-10		 a year crt.sh
*.demdex.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-09-26 -
2024-10-26		 a year crt.sh
login-patient.labcorp.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-03-12 -
2025-03-11		 a year crt.sh
upload.video.google.com
WR2		 2024-05-13 -
2024-08-05		 3 months crt.sh
*.oktacdn.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-12-15 -
2025-01-02		 a year crt.sh
accounts.okta.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-07-19 -
2024-07-24		 a year crt.sh

This page contains 2 frames:

Primary Page: https://login-patient.labcorp.com/oauth2/default/v1/authorize?client_id=0oaympyx2kMM41A140x7&code_challenge=imRQsVIrgaMREIMGGSkJEwI1b9LFN8NKSczymcxdFak&code_challenge_method=S256&nonce=OcZCkHWZpSDEcHUhpce0RgEJXGoOdVo4XhPZ5eV26AaVsee336hiE7UkUaQRqKDN&redirect_uri=https%3A%2F%2Fpatient.labcorp.com%2Fcallback&response_type=code&state=qMUfk43DBrkeuQetbsXZ7J32NSN1y5YU08CXzv5i5bUL7qkNCUTHIQ2u1QK47OAP&scope=openid%20email%20profile
Frame ID: B2A46AC77B78AB3C093046845DD2E6F1
Requests: 56 HTTP requests in this frame

Frame: https://login.okta.com/discovery/iframe.html
Frame ID: 1F43DEA1A112B15606822899483ABC03
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Labcorp Patient - Anmelden

Page URL History Show full URLs

  1. https://click.labcorpmessage.com/?qs=be4f0f437fef1abcb11e1bb0d79ad1c4e31d198cb2acf2a76eede855368455e06ff830ff... HTTP 302
    https://patient.labcorp.com/portal/invoices/70893571/Friendly_Delinquent Page URL
  2. https://login-patient.labcorp.com/oauth2/default/v1/authorize?client_id=0oaympyx2kMM41A140x7&code_challenge=im... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • js\.braintreegateway\.com
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js

Page Statistics

60
Requests

97 %
HTTPS

33 %
IPv6

10
Domains

13
Subdomains

12
IPs

3
Countries

2453 kB
Transfer

7983 kB
Size

8
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://click.labcorpmessage.com/?qs=be4f0f437fef1abcb11e1bb0d79ad1c4e31d198cb2acf2a76eede855368455e06ff830ff4187f104cdf93294c00b7c669941de9e360a482a1e92411d058d7006 HTTP 302
    https://patient.labcorp.com/portal/invoices/70893571/Friendly_Delinquent Page URL
  2. https://login-patient.labcorp.com/oauth2/default/v1/authorize?client_id=0oaympyx2kMM41A140x7&code_challenge=imRQsVIrgaMREIMGGSkJEwI1b9LFN8NKSczymcxdFak&code_challenge_method=S256&nonce=OcZCkHWZpSDEcHUhpce0RgEJXGoOdVo4XhPZ5eV26AaVsee336hiE7UkUaQRqKDN&redirect_uri=https%3A%2F%2Fpatient.labcorp.com%2Fcallback&response_type=code&state=qMUfk43DBrkeuQetbsXZ7J32NSN1y5YU08CXzv5i5bUL7qkNCUTHIQ2u1QK47OAP&scope=openid%20email%20profile Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://click.labcorpmessage.com/?qs=be4f0f437fef1abcb11e1bb0d79ad1c4e31d198cb2acf2a76eede855368455e06ff830ff4187f104cdf93294c00b7c669941de9e360a482a1e92411d058d7006 HTTP 302
  • https://patient.labcorp.com/portal/invoices/70893571/Friendly_Delinquent
Request Chain 42
  • https://cm.everesttech.net/cm/dd?d_uuid=35293105523518533204544301033370669798 HTTP 0
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZlnUCgAAAEhQfgN-

60 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Friendly_Delinquent
patient.labcorp.com/portal/invoices/70893571/
Redirect Chain
  • https://click.labcorpmessage.com/?qs=be4f0f437fef1abcb11e1bb0d79ad1c4e31d198cb2acf2a76eede855368455e06ff830ff4187f104cdf93294c00b7c669941de9e360a482a1e92411d058d7006
  • https://patient.labcorp.com/portal/invoices/70893571/Friendly_Delinquent
2 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://patient.labcorp.com/portal/invoices/70893571/Friendly_Delinquent
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.124.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-124-16.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e608abb062c5566172c4fab67b3119457b3450d2b8f747db034700844c7e9c13
Security Headers
Name Value
Content-Security-Policy default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
content-encoding
gzip
content-security-policy
default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
content-type
text/html; charset=utf-8
date
Fri, 31 May 2024 13:43:37 GMT
etag
W/"fc07b54aadaf4af1c95124c66813f1bc"
expect-ct
max-age=0
expires
0
last-modified
Thu, 30 May 2024 20:13:19 GMT
permissions-policy
payment=(*)
pragma
no-cache
referrer-policy
strict-origin
server
AmazonS3
strict-transport-security
max-age=31536000; includeSubDomains
surrogate-control
no-store
vary
Accept-Encoding
via
1.1 f54bc880c0d35571a4883f7c10838532.cloudfront.net (CloudFront)
x-amz-cf-id
vsoEXbZsMbXHE4AI6aG3ISSCzzMHH0cEFabzG4VLLra03_1Oy2rdLA==
x-amz-cf-pop
JFK50-P7
x-amz-server-side-encryption
AES256
x-amz-version-id
QCqsV.QOkKZWI2ZrsudmpY_6embzzPsI
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-xss-protection
1; mode=block

Redirect headers

Cache-Control
private
Connection
close
Content-Length
189
Content-Type
text/html; charset=utf-8
Date
Fri, 31 May 2024 13:43:35 GMT
Location
https://patient.labcorp.com/portal/invoices/70893571/Friendly_Delinquent
OtAutoBlock.js
cdn.cookielaw.org/consent/fdd7992d-1560-4718-962c-a5ede771f2a3/ 		108 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/fdd7992d-1560-4718-962c-a5ede771f2a3/OtAutoBlock.js
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/portal/invoices/70893571/Friendly_Delinquent
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
52985983eb7fdc7d366dc1e4fb20a7ef69766aa10f3d5962465569d3ad0cc185
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://patient.labcorp.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 31 May 2024 13:43:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
55094
content-md5
v4rqaDsSImE85vlXstuccA==
content-length
15332
x-ms-lease-status
unlocked
last-modified
Fri, 12 Apr 2024 19:38:05 GMT
server
cloudflare
etag
0x8DC5B2812DE10BC
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
af106eef-b01e-0058-2c10-8de1dc000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
88c764d6ae198f35-FRA
expires
Sat, 01 Jun 2024 13:43:36 GMT
otSDKStub.js
cdn.cookielaw.org/scripttemplates/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/portal/invoices/70893571/Friendly_Delinquent
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fdfea52427fb822bebdd32b325768e73b40637bd203c100827d4dece88e431c3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://patient.labcorp.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 31 May 2024 13:43:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
YmFgVUTeB0lXZXM9YgX19A==
age
61423
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
6882
x-ms-lease-status
unlocked
last-modified
Wed, 29 May 2024 06:37:38 GMT
server
cloudflare
etag
0x8DC7FA9D53A4CA6
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
ec713162-b01e-0019-42e2-b16d01000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
88c764d6ae138f35-FRA
client.min.js
js.braintreegateway.com/web/3.87.0/js/ 		42 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.braintreegateway.com/web/3.87.0/js/client.min.js
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/portal/invoices/70893571/Friendly_Delinquent
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4CDC) /
Resource Hash
bbdb499ada9a9b54877bce6e362d9dc0745374dcc39ed49ba2ee210b1429255f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://patient.labcorp.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 31 May 2024 13:43:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
HIT
paypal-debug-id
95e19d73bc0fd
dc
ccg11-origin-www-1.paypal.com
content-length
12839
last-modified
Fri, 09 Sep 2022 05:19:28 GMT
server
ECAcc (frc/4CDC)
traceparent
00-000000000000000000095e19d73bc0fd-4bb7ccd17b71a64f-01
etag
W/"631acce0-a80d"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
apple-pay.min.js
js.braintreegateway.com/web/3.87.0/js/ 		22 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.braintreegateway.com/web/3.87.0/js/apple-pay.min.js
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/portal/invoices/70893571/Friendly_Delinquent
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4CEB) /
Resource Hash
10a8fbaa0884f4deedfb149d83b3345d7489f9995d0737d35b3282132cd04452
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://patient.labcorp.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 31 May 2024 13:43:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
HIT
paypal-debug-id
3414a969c9f97
dc
ccg11-origin-www-1.paypal.com
content-length
6563
last-modified
Fri, 09 Sep 2022 05:19:28 GMT
server
ECAcc (frc/4CEB)
traceparent
00-00000000000000000003414a969c9f97-671ed0780ed40274-01
etag
W/"631acce0-561d"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
paypal-checkout.min.js
js.braintreegateway.com/web/3.87.0/js/ 		54 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.braintreegateway.com/web/3.87.0/js/paypal-checkout.min.js
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/portal/invoices/70893571/Friendly_Delinquent
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4CF9) /
Resource Hash
3d9ef05bcd150166c1f5163efaa04d78e47390892439d4f9bcb4d22a6b579762
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://patient.labcorp.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 31 May 2024 13:43:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
HIT
paypal-debug-id
b0e07c475754c
dc
ccg11-origin-www-1.paypal.com
content-length
15122
last-modified
Fri, 09 Sep 2022 05:19:28 GMT
server
ECAcc (frc/4CF9)
traceparent
00-0000000000000000000b0e07c475754c-be324e80e881aa4b-01
etag
W/"631acce0-d9dd"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
styles.9b1cf7eda88b17ccaf8e.css
patient.labcorp.com/ 		253 KB
41 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://patient.labcorp.com/styles.9b1cf7eda88b17ccaf8e.css
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/portal/invoices/70893571/Friendly_Delinquent
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.124.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-124-16.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
0afaa8243a885ae98499c05dba6fd60983bc9f9a583987894c0534999dae45d1
Security Headers
Name Value
Content-Security-Policy default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://patient.labcorp.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 31 May 2024 13:43:37 GMT
x-amz-version-id
bQpkt3l83Ya5RhTFAVEqNJeg_Vqk0i6u
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-permitted-cross-domain-policies
none
content-security-policy
default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
via
1.1 f54bc880c0d35571a4883f7c10838532.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P7
x-amz-server-side-encryption
AES256
surrogate-control
no-store
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
strict-origin
last-modified
Fri, 08 Mar 2024 03:09:36 GMT
server
AmazonS3
etag
W/"a3fd981fb6b053693c015c66b189dff7"
expect-ct
max-age=0
x-download-options
noopen
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
vary
Accept-Encoding
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
permissions-policy
payment=(*)
x-amz-cf-id
2STKM-XM7kpD7qQSwvLKaJio5gme-mUEs5FccbuBE7cRzxkAfmAsPw==
expires
0
runtime-es2015.881df04f7c216dc5bdd4.js
patient.labcorp.com/ 		3 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://patient.labcorp.com/runtime-es2015.881df04f7c216dc5bdd4.js
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/portal/invoices/70893571/Friendly_Delinquent
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.124.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-124-16.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
fe4e6372c369c184653e55d42ba3fb530bbc0a3ccd0b07cb7cee9a33794b6cc2
Security Headers
Name Value
Content-Security-Policy default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://patient.labcorp.com/
Origin
https://patient.labcorp.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 31 May 2024 13:43:37 GMT
x-amz-version-id
tX4lLipBw4QZzhnSHJvnYtfwUClBNdO2
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-permitted-cross-domain-policies
none
content-security-policy
default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
via
1.1 f54bc880c0d35571a4883f7c10838532.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P7
x-amz-server-side-encryption
AES256
surrogate-control
no-store
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
strict-origin
last-modified
Thu, 30 May 2024 20:13:19 GMT
server
AmazonS3
etag
W/"827c14b76a012ebb6a4955e279e51a0b"
expect-ct
max-age=0
x-download-options
noopen
x-frame-options
SAMEORIGIN
content-type
application/javascript
vary
Accept-Encoding
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
permissions-policy
payment=(*)
x-amz-cf-id
l-GsvH4J-FVBssjIPbpdx-z2Vy_qGUtZsc75-N91mIwzFfbAUJ-nqw==
expires
0
polyfills-es2015.2d0077b994bc97f30feb.js
patient.labcorp.com/ 		68 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://patient.labcorp.com/polyfills-es2015.2d0077b994bc97f30feb.js
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/portal/invoices/70893571/Friendly_Delinquent
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.124.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-124-16.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
23157062805ca1e556a446cc32c61601724a61b4fe472f8108607548a802821d
Security Headers
Name Value
Content-Security-Policy default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://patient.labcorp.com/
Origin
https://patient.labcorp.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 31 May 2024 13:43:37 GMT
x-amz-version-id
k1X9oDFRfK_xWw0TDwxqRNaGgeBH8uLD
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-permitted-cross-domain-policies
none
content-security-policy
default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
via
1.1 f54bc880c0d35571a4883f7c10838532.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P7
x-amz-server-side-encryption
AES256
surrogate-control
no-store
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
strict-origin
last-modified
Fri, 08 Mar 2024 03:09:38 GMT
server
AmazonS3
etag
W/"ceae5c7a4b293736f0ffaf1d6f3d9874"
expect-ct
max-age=0
x-download-options
noopen
x-frame-options
SAMEORIGIN
content-type
application/javascript
vary
Accept-Encoding
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
permissions-policy
payment=(*)
x-amz-cf-id
TfXQdLDVJmo9f6nFty3evtwPr2h6lBRuTGSiLae0_hRk8RI2ONInVw==
expires
0
main-es2015.ecfbad12482b8d854399.js
patient.labcorp.com/ 		3 MB
649 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://patient.labcorp.com/main-es2015.ecfbad12482b8d854399.js
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/portal/invoices/70893571/Friendly_Delinquent
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.124.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-124-16.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
be775f8b89c6f8dcfba08f8c6d72ad46fea5187cf494670c33d0585c888c84d8
Security Headers
Name Value
Content-Security-Policy default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://patient.labcorp.com/
Origin
https://patient.labcorp.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 31 May 2024 13:43:37 GMT
x-amz-version-id
nFTxNy7uks.LbzAKnK45CG4q7oG5DEP4
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-permitted-cross-domain-policies
none
content-security-policy
default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
via
1.1 f54bc880c0d35571a4883f7c10838532.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P7
x-amz-server-side-encryption
AES256
surrogate-control
no-store
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
strict-origin
last-modified
Thu, 30 May 2024 20:13:19 GMT
server
AmazonS3
etag
W/"0da74f2cc870da723a1a718456b51ed8"
expect-ct
max-age=0
x-download-options
noopen
x-frame-options
SAMEORIGIN
content-type
application/javascript
vary
Accept-Encoding
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
permissions-policy
payment=(*)
x-amz-cf-id
88uL5xXClkjK5TsIPRjToJS2kAYHC0UmHAn6H6QViYpxEM23MnwHsA==
expires
0
fdd7992d-1560-4718-962c-a5ede771f2a3.json
cdn.cookielaw.org/consent/fdd7992d-1560-4718-962c-a5ede771f2a3/ 		5 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/fdd7992d-1560-4718-962c-a5ede771f2a3/fdd7992d-1560-4718-962c-a5ede771f2a3.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d1a9c59044be6bb065f1aed85b3f3c7f9a49c326001689daf7d63c12efa8821b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://patient.labcorp.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 31 May 2024 13:43:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
61809
content-md5
wH7Qz7goP5SnCWep+OT8mg==
content-length
1717
x-ms-lease-status
unlocked
last-modified
Fri, 12 Apr 2024 19:38:05 GMT
server
cloudflare
etag
0x8DC5B2812F20AD6
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
23fddde0-b01e-0015-1210-8d2e30000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
88c764d79b083672-FRA
expires
Sat, 01 Jun 2024 13:43:36 GMT
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 		0
0
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/202403.2.0/ 		447 KB
109 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202403.2.0/otBannerSdk.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7e90effe2c4b60df553e50c5e65bcf113ad7a2ddf3d5e7a594f2b8a9ccfd4523
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://patient.labcorp.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 31 May 2024 13:43:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
NaqcG2ILVJmSrG/q1ZpJ7w==
age
15176
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
110887
x-ms-lease-status
unlocked
last-modified
Mon, 22 Apr 2024 06:06:18 GMT
server
cloudflare
etag
0x8DC62925356D668
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
c839b996-c01e-001f-188e-948a87000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
88c764d818758f35-FRA
source-sans-pro-latin-400-normal.c0d191aa7fb798623030.woff2
patient.labcorp.com/ 		13 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://patient.labcorp.com/source-sans-pro-latin-400-normal.c0d191aa7fb798623030.woff2
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/styles.9b1cf7eda88b17ccaf8e.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.124.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-124-16.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0
Security Headers
Name Value
Content-Security-Policy default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://patient.labcorp.com/
Origin
https://patient.labcorp.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 31 May 2024 13:43:38 GMT
x-amz-version-id
_n1VIuZTIa13xHOZlZlt9w7a5N_IBzGQ
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 f54bc880c0d35571a4883f7c10838532.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies
none
content-security-policy
default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
x-amz-cf-pop
JFK50-P7
x-amz-server-side-encryption
AES256
surrogate-control
no-store
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
content-length
13036
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
strict-origin
last-modified
Thu, 12 Oct 2023 14:23:06 GMT
server
AmazonS3
etag
"0ad032b3d07aaf33b160ac4799dda40f"
expect-ct
max-age=0
x-download-options
noopen
x-frame-options
SAMEORIGIN
content-type
font/woff2
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
permissions-policy
payment=(*)
accept-ranges
bytes
x-amz-cf-id
E3wdfw8UJ6XNd77TMjYWMqOVKr53ropndoHwxBH2T98mmRnJxzrdvw==
expires
0
pendo.js
content.patient.pendo.cws.labcorp.com/agent/static/c12c67fa-39b9-4f2b-576b-b1a7e9686dae/ 		465 KB
152 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://content.patient.pendo.cws.labcorp.com/agent/static/c12c67fa-39b9-4f2b-576b-b1a7e9686dae/pendo.js
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/portal/invoices/70893571/Friendly_Delinquent
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225b:8a00:10:5a95:d240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
UploadServer /
Resource Hash
f9d12f73c0201d87e9c17679708dfbd9b2716a46d6c7d31375cb17fc45108ce8

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://patient.labcorp.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 31 May 2024 13:37:53 GMT
content-encoding
gzip
via
1.1 551f2461af0b3bf4faaad831ee6e5b1e.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P1
age
344
x-guploader-uploadid
ABPtcPpKWA7POt2t40BdeygMVXa5qH_Qz2O4rnLbU-d-gfgNTxcFX8OD-eD9k-UzwnA8BrrLt19GQJnN7g
x-cache
Hit from cloudfront
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
content-length
155202
last-modified
Thu, 30 May 2024 18:10:17 GMT
server
UploadServer
etag
"c49ad3e47191abc856c86b2d3f5b91c3"
vary
Accept-Encoding
x-goog-generation
1717092617706806
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-goog-hash
crc32c=YHuO4g==, md5=xJrT5HGRq8hWyGstP1uRww==
access-control-expose-headers
*
cache-control
max-age=450
x-goog-stored-content-length
155202
accept-ranges
bytes
x-amz-cf-id
fBhRjx9xw85_ftGAHeAN1gcrwX9QbWfrlY1b8q2WyrcgRP-hgG69Ng==
expires
Fri, 31 May 2024 13:45:23 GMT
en.json
cdn.cookielaw.org/consent/fdd7992d-1560-4718-962c-a5ede771f2a3/f7decf9b-3f6d-4798-990c-5f247f56f9ae/ 		81 KB
20 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/fdd7992d-1560-4718-962c-a5ede771f2a3/f7decf9b-3f6d-4798-990c-5f247f56f9ae/en.json
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/polyfills-es2015.2d0077b994bc97f30feb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c58c2b8cd85f2d46af382782b26e863f4ee56a8c0b2be5e01294b072f8ed4f44
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://patient.labcorp.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 31 May 2024 13:43:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
61809
content-md5
qVuZCwLq1MvF3Ldlh0BcBg==
content-length
20748
x-ms-lease-status
unlocked
last-modified
Fri, 12 Apr 2024 19:38:09 GMT
server
cloudflare
etag
0x8DC5B2815667A87
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
1d781b92-a01e-009f-6f10-8d7581000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
88c764d91d033672-FRA
expires
Sat, 01 Jun 2024 13:43:37 GMT
otFlat.json
cdn.cookielaw.org/scripttemplates/202403.2.0/assets/ 		13 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202403.2.0/assets/otFlat.json
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/polyfills-es2015.2d0077b994bc97f30feb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f4aaa18c55c90588c5e828e56dcc6b2cb0acf9a4280494c7d1a53fc5e3669112
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://patient.labcorp.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 31 May 2024 13:43:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
wV78mAWw6KBtzfNUzHQTew==
age
77030
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
3041
x-ms-lease-status
unlocked
last-modified
Mon, 22 Apr 2024 06:06:11 GMT
server
cloudflare
etag
0x8DC62924F52ADA5
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
f5918f5b-901e-0094-3ff1-948eea000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
88c764d98d863672-FRA
otPcCenter.json
cdn.cookielaw.org/scripttemplates/202403.2.0/assets/v2/ 		62 KB
13 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202403.2.0/assets/v2/otPcCenter.json
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/polyfills-es2015.2d0077b994bc97f30feb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3acd5c9271c2cd33f5135df43ae4c574e4d524282e5322137b77cdb4a5524bb4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://patient.labcorp.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 31 May 2024 13:43:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
AuGdfk9YQiHTOXC6nprZgA==
age
77030
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
12755
x-ms-lease-status
unlocked
last-modified
Mon, 22 Apr 2024 06:06:13 GMT
server
cloudflare
etag
0x8DC629250A45095
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
626d62d7-b01e-0093-38f1-94e289000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
88c764d98d8a3672-FRA
otCommonStyles.css
cdn.cookielaw.org/scripttemplates/202403.2.0/assets/ 		24 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202403.2.0/assets/otCommonStyles.css
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/polyfills-es2015.2d0077b994bc97f30feb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
06c0edbfc1b871fb45195265f5faad3e23191305f6ff2125557a9fbc287c8992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://patient.labcorp.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 31 May 2024 13:43:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
4ErYmXXFNbMLrnc9DrDTsg==
age
22139
x-ms-lease-status
unlocked
last-modified
Mon, 22 Apr 2024 06:06:21 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
efcefdd9-601e-0074-5ff1-940d73000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
88c764d98d8b3672-FRA
ot_close.svg
cdn.cookielaw.org/logos/static/ 		651 B
623 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/static/ot_close.svg
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/portal/invoices/70893571/Friendly_Delinquent
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://patient.labcorp.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 31 May 2024 13:43:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
pcXWFGpuVeSg/jVnYCseRg==
age
79766
x-ms-lease-status
unlocked
last-modified
Wed, 29 May 2024 06:37:40 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
c6b2ccfa-e01e-0023-3240-b22ea2000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
88c764d9eb688f35-FRA
source-sans-pro-latin-600-normal.ba0db8c652c563d236e1.woff2
patient.labcorp.com/ 		13 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://patient.labcorp.com/source-sans-pro-latin-600-normal.ba0db8c652c563d236e1.woff2
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/styles.9b1cf7eda88b17ccaf8e.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.124.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-124-16.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
bc9a16cd945457ad9463cdaed95129b01c589466978dfee3d019d9c604b2171a
Security Headers
Name Value
Content-Security-Policy default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://patient.labcorp.com/
Origin
https://patient.labcorp.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 31 May 2024 13:43:38 GMT
x-amz-version-id
9p0xht6SuRJaeJkm4wTVQS8rSA56VfrA
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 f54bc880c0d35571a4883f7c10838532.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies
none
content-security-policy
default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
x-amz-cf-pop
JFK50-P7
x-amz-server-side-encryption
AES256
surrogate-control
no-store
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
content-length
13052
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
strict-origin
last-modified
Thu, 12 Oct 2023 14:23:12 GMT
server
AmazonS3
etag
"7cf79fbd1df848510d7352274efc2401"
expect-ct
max-age=0
x-download-options
noopen
x-frame-options
SAMEORIGIN
content-type
font/woff2
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
permissions-policy
payment=(*)
accept-ranges
bytes
x-amz-cf-id
Q261lnkJz1n8C1WuC0FANbmz2zz6_Jnadz14zzi4pR7PORBNNk3S2g==
expires
0
source-sans-pro-latin-700-normal.a10519031679e736153a.woff2
patient.labcorp.com/ 		13 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://patient.labcorp.com/source-sans-pro-latin-700-normal.a10519031679e736153a.woff2
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/styles.9b1cf7eda88b17ccaf8e.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.124.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-124-16.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7348a2eb48c9a681d6178433394c7037144d85b57ee33a11339d3a33fa1001a4
Security Headers
Name Value
Content-Security-Policy default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://patient.labcorp.com/
Origin
https://patient.labcorp.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 31 May 2024 13:43:38 GMT
x-amz-version-id
kKVVKHrH00gUpnokVF57243qUJBIoex.
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 f54bc880c0d35571a4883f7c10838532.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies
none
content-security-policy
default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
x-amz-cf-pop
JFK50-P7
x-amz-server-side-encryption
AES256
surrogate-control
no-store
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
content-length
12924
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
strict-origin
last-modified
Thu, 12 Oct 2023 14:23:13 GMT
server
AmazonS3
etag
"4610010f425c140b99c88b6819ce1c02"
expect-ct
max-age=0
x-download-options
noopen
x-frame-options
SAMEORIGIN
content-type
font/woff2
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
permissions-policy
payment=(*)
accept-ranges
bytes
x-amz-cf-id
KllpAB-AgbV7NIDNC-k-HNnnOWBBK6XdkJgqb1uG7ywPG0aKAp4eng==
expires
0
ot_guard_logo.svg
cdn.cookielaw.org/logos/static/ 		497 B
495 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/polyfills-es2015.2d0077b994bc97f30feb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://patient.labcorp.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 31 May 2024 13:43:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
tXyZydHjxQshFMbbBT1/8A==
age
70045
x-ms-lease-status
unlocked
last-modified
Wed, 29 May 2024 06:37:39 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
aeeb4df6-701e-00ae-3d04-b26204000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
88c764d9ee2d3672-FRA
LabCorp_logo.PNG
cdn.cookielaw.org/logos/e5fd349f-96f4-4dd6-b798-f27dc03d9f1e/fdd7992d-1560-4718-962c-a5ede771f2a3/9ded174d-efac-4d0f-b391-d9fae174aae0/ 		25 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/e5fd349f-96f4-4dd6-b798-f27dc03d9f1e/fdd7992d-1560-4718-962c-a5ede771f2a3/9ded174d-efac-4d0f-b391-d9fae174aae0/LabCorp_logo.PNG
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/portal/invoices/70893571/Friendly_Delinquent
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9a4e0af6397a30500067cf1e08dc26ec4aa597d427a6010777bb74b92675d3f6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://patient.labcorp.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 31 May 2024 13:43:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
Pp4SvPrkXdiv4L87l3FURA==
age
55095
content-length
25294
x-ms-lease-status
unlocked
last-modified
Thu, 02 Sep 2021 19:59:56 GMT
server
cloudflare
etag
0x8D96E4C3CF7C813
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
x-ms-request-id
136c076d-901e-002d-40d5-128af0000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
88c764d9fb918f35-FRA
powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/static/powered_by_logo.svg
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/portal/invoices/70893571/Friendly_Delinquent
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://patient.labcorp.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 31 May 2024 13:43:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
Y+c301RBZNK39PvKQWrIBw==
age
48326
x-ms-lease-status
unlocked
last-modified
Wed, 29 May 2024 06:37:40 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
8764927a-001e-004f-63fb-b18571000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
88c764d9fb938f35-FRA
environment.json
patient.labcorp.com/assets/ 		1 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://patient.labcorp.com/assets/environment.json
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/polyfills-es2015.2d0077b994bc97f30feb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.124.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-124-16.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3382eb61d5ed9187fa12fc5c174283070153ba7504352aede417c7c36bc4c910
Security Headers
Name Value
Content-Security-Policy default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://patient.labcorp.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 31 May 2024 13:43:38 GMT
x-amz-version-id
G_6W7cUz9FY296g1.9gDfTkgjPCe7fu1
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-permitted-cross-domain-policies
none
content-security-policy
default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
via
1.1 f54bc880c0d35571a4883f7c10838532.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P7
x-amz-server-side-encryption
AES256
surrogate-control
no-store
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
strict-origin
last-modified
Fri, 08 Mar 2024 03:09:36 GMT
server
AmazonS3
etag
W/"2f9223c66990e09fb74694ebabddf726"
expect-ct
max-age=0
x-download-options
noopen
x-frame-options
SAMEORIGIN
content-type
application/json
vary
Accept-Encoding
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
permissions-policy
payment=(*)
x-amz-cf-id
-m7xvCiF97QQR7c7yuUwuckR0RPWTrl5QUPtYYXIoFKb8fnU6WSvQQ==
expires
0
version.json
patient.labcorp.com/assets/ 		20 B
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://patient.labcorp.com/assets/version.json
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/polyfills-es2015.2d0077b994bc97f30feb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.124.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-124-16.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
da983c5cc16eef0aeebf15cd3c0de165efe84261b280c708e7375b552defae7f
Security Headers
Name Value
Content-Security-Policy default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://patient.labcorp.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 31 May 2024 13:43:38 GMT
x-amz-version-id
FMPAfLOCtyTMpZThBD_jPFKbiyvY7TX2
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 f54bc880c0d35571a4883f7c10838532.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies
none
content-security-policy
default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
x-amz-cf-pop
JFK50-P7
x-amz-server-side-encryption
AES256
surrogate-control
no-store
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
content-length
20
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
strict-origin
last-modified
Thu, 12 Oct 2023 14:23:12 GMT
server
AmazonS3
etag
"71544c4a5b9b0e380a2ccad0c66664aa"
expect-ct
max-age=0
x-download-options
noopen
x-frame-options
SAMEORIGIN
content-type
application/json
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
permissions-policy
payment=(*)
accept-ranges
bytes
x-amz-cf-id
koOGP6XkyOBrE-QB0oWDAJvPeQfRuq4nI02geKRiM4AUGKEr2mZxSA==
expires
0
favicon.ico
patient.labcorp.com/ 		104 KB
107 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://patient.labcorp.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.124.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-124-16.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d5f5e3a11b1241426353d5a508c948379146e5d2ac6257f3c48f9a13fdd372d1
Security Headers
Name Value
Content-Security-Policy default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://patient.labcorp.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 31 May 2024 13:43:38 GMT
x-amz-version-id
Y2awls1D8Svzqz692GP9DLUgSsFfrdm2
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 f54bc880c0d35571a4883f7c10838532.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies
none
content-security-policy
default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
x-amz-cf-pop
JFK50-P7
x-amz-server-side-encryption
AES256
surrogate-control
no-store
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
content-length
106614
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
strict-origin
last-modified
Thu, 12 Oct 2023 14:23:14 GMT
server
AmazonS3
etag
"4081f691bc6ae15008f13647fb7e2c73"
expect-ct
max-age=0
x-download-options
noopen
x-frame-options
SAMEORIGIN
content-type
image/vnd.microsoft.icon
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
permissions-policy
payment=(*)
accept-ranges
bytes
x-amz-cf-id
-fsfSOUlK4hZXMkj3ZkZhi443oHFUwNBm-2s_FIT47mr3IyEkUQuhQ==
expires
0
environment.json
patient.labcorp.com/assets/ 		1 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://patient.labcorp.com/assets/environment.json
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/polyfills-es2015.2d0077b994bc97f30feb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.124.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-124-16.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3382eb61d5ed9187fa12fc5c174283070153ba7504352aede417c7c36bc4c910
Security Headers
Name Value
Content-Security-Policy default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept
application/json, text/plain, */*
Referer
https://patient.labcorp.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 31 May 2024 13:43:38 GMT
x-amz-version-id
G_6W7cUz9FY296g1.9gDfTkgjPCe7fu1
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-permitted-cross-domain-policies
none
content-security-policy
default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
via
1.1 f54bc880c0d35571a4883f7c10838532.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P7
x-amz-server-side-encryption
AES256
surrogate-control
no-store
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
strict-origin
last-modified
Fri, 08 Mar 2024 03:09:36 GMT
server
AmazonS3
etag
W/"2f9223c66990e09fb74694ebabddf726"
expect-ct
max-age=0
x-download-options
noopen
x-frame-options
SAMEORIGIN
content-type
application/json
vary
Accept-Encoding
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
permissions-policy
payment=(*)
x-amz-cf-id
VRA2HznyHlWLmCMVmGPWZseF4iUsJIGcd7BttVGLzSeV4fD8KViOyw==
expires
0
version.json
patient.labcorp.com/assets/ 		20 B
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://patient.labcorp.com/assets/version.json
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/polyfills-es2015.2d0077b994bc97f30feb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.124.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-124-16.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
da983c5cc16eef0aeebf15cd3c0de165efe84261b280c708e7375b552defae7f
Security Headers
Name Value
Content-Security-Policy default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept
application/json, text/plain, */*
Referer
https://patient.labcorp.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 31 May 2024 13:43:38 GMT
x-amz-version-id
FMPAfLOCtyTMpZThBD_jPFKbiyvY7TX2
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 f54bc880c0d35571a4883f7c10838532.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies
none
content-security-policy
default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
x-amz-cf-pop
JFK50-P7
x-amz-server-side-encryption
AES256
surrogate-control
no-store
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
content-length
20
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
strict-origin
last-modified
Thu, 12 Oct 2023 14:23:12 GMT
server
AmazonS3
etag
"71544c4a5b9b0e380a2ccad0c66664aa"
expect-ct
max-age=0
x-download-options
noopen
x-frame-options
SAMEORIGIN
content-type
application/json
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
permissions-policy
payment=(*)
accept-ranges
bytes
x-amz-cf-id
n7RGBU_eH0o3LsPBKVemHgo3Nw7yaOHx2ozM-D_nDDD9qekHyYN6AQ==
expires
0
metric
portal-api.patient.cws.labcorp.com/guest/guest/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://portal-api.patient.cws.labcorp.com/guest/guest/metric
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
107.23.97.78 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-107-23-97-78.compute-1.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-browser-type,x-client-type,x-referrer
Access-Control-Request-Method
POST
Origin
https://patient.labcorp.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Client-Type,X-Browser-Type,X-Referrer,SOURCE
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
https://patient.labcorp.com
access-control-max-age
86400
apigw-requestid
Yo4RqhnyoAMEVwg=
cache-control
public, max-age=86400
content-length
0
date
Fri, 31 May 2024 13:43:38 GMT
vary
origin
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
0
launch-1e5a6d56184f.min.js
assets.adobedtm.com/387d64faac89/5521db81ea87/ 		156 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/387d64faac89/5521db81ea87/launch-1e5a6d56184f.min.js
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/main-es2015.ecfbad12482b8d854399.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
bd81627dee6ce12ff27097a365d990c3e6d231c80c973794d340aa0dcf081ea6

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://patient.labcorp.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 31 May 2024 13:43:38 GMT
content-encoding
gzip
last-modified
Thu, 11 May 2023 21:02:18 GMT
server
AkamaiNetStorage
etag
"49019c870597f980fb366e39c8ea49b9:1683838938.872681"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://patient.labcorp.com
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
41460
expires
Fri, 31 May 2024 14:43:38 GMT
metric
portal-api.patient.cws.labcorp.com/guest/guest/ 		0
258 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://portal-api.patient.cws.labcorp.com/guest/guest/metric
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/polyfills-es2015.2d0077b994bc97f30feb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
107.23.97.78 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-107-23-97-78.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
X-Referrer
BadDebt
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/json
X-Browser-Type
Chrome
Accept
application/json, text/plain, */*
Referer
https://patient.labcorp.com/
X-Client-Type
Web
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Fri, 31 May 2024 13:43:38 GMT
x-content-type-options
nosniff
x-frame-options
DENY
access-control-allow-origin
https://patient.labcorp.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
apigw-requestid
Yo4RujaTIAMEVew=
x-xss-protection
0
expires
0
0-es2015.4fc165dcc5e820043b27.js
patient.labcorp.com/ 		69 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://patient.labcorp.com/0-es2015.4fc165dcc5e820043b27.js
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/runtime-es2015.881df04f7c216dc5bdd4.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.124.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-124-16.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f330c0cdd22c9492651aac61632a96773d29af7819e5434a3bcbfa50a9d7e19d
Security Headers
Name Value
Content-Security-Policy default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://patient.labcorp.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 31 May 2024 13:43:39 GMT
x-amz-version-id
OGjFguJqjT5wSBamiePXuMhQHPvGKacV
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-permitted-cross-domain-policies
none
content-security-policy
default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
via
1.1 f54bc880c0d35571a4883f7c10838532.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P7
x-amz-server-side-encryption
AES256
surrogate-control
no-store
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
strict-origin
last-modified
Thu, 18 Apr 2024 20:10:46 GMT
server
AmazonS3
etag
W/"513451032de7a536e0fc333a51c827ec"
expect-ct
max-age=0
x-download-options
noopen
x-frame-options
SAMEORIGIN
content-type
application/javascript
vary
Accept-Encoding
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
permissions-policy
payment=(*)
x-amz-cf-id
sab6OQm9z9WPLt6K0OpyU3aBfoF6knWsv9PDtbao7M_NiD2I_vWeJA==
expires
0
2-es2015.64ccbe6bc53a0e51db15.js
patient.labcorp.com/ 		330 KB
65 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://patient.labcorp.com/2-es2015.64ccbe6bc53a0e51db15.js
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/runtime-es2015.881df04f7c216dc5bdd4.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.124.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-124-16.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
018ead8fa2f3e054ee247a8cfe4160b3da5f60fbae4c70ad2119909e922b15ee
Security Headers
Name Value
Content-Security-Policy default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://patient.labcorp.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 31 May 2024 13:43:39 GMT
x-amz-version-id
9qtLna8wkenFUVwEMYg_JMXTFBVtQci8
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-permitted-cross-domain-policies
none
content-security-policy
default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
via
1.1 f54bc880c0d35571a4883f7c10838532.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P7
x-amz-server-side-encryption
AES256
surrogate-control
no-store
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
strict-origin
last-modified
Thu, 18 Apr 2024 20:10:46 GMT
server
AmazonS3
etag
W/"cf641248ad6ed739a5d5ae7f1bc15945"
expect-ct
max-age=0
x-download-options
noopen
x-frame-options
SAMEORIGIN
content-type
application/javascript
vary
Accept-Encoding
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
permissions-policy
payment=(*)
x-amz-cf-id
IB_oEwX30WwlByANklrV_vonm9BIF-0YsSHJpwgH18ue84GokR8JpQ==
expires
0
4-es2015.74a8b0a185be11a9d3fc.js
patient.labcorp.com/ 		69 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://patient.labcorp.com/4-es2015.74a8b0a185be11a9d3fc.js
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/runtime-es2015.881df04f7c216dc5bdd4.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.124.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-124-16.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6ca60b3e0de85a9545b17e7c68618908f61ea65455e5d63ae0c686b6cd3880be
Security Headers
Name Value
Content-Security-Policy default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://patient.labcorp.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 31 May 2024 13:43:39 GMT
x-amz-version-id
5SoEf3ePV6mYXboQ9H391lCs5fo9NQV9
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-permitted-cross-domain-policies
none
content-security-policy
default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
via
1.1 f54bc880c0d35571a4883f7c10838532.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P7
x-amz-server-side-encryption
AES256
surrogate-control
no-store
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
strict-origin
last-modified
Thu, 18 Apr 2024 20:10:46 GMT
server
AmazonS3
etag
W/"7fad809b2f0d3fb4ffc049275d393355"
expect-ct
max-age=0
x-download-options
noopen
x-frame-options
SAMEORIGIN
content-type
application/javascript
vary
Accept-Encoding
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
permissions-policy
payment=(*)
x-amz-cf-id
m5QPw243kvC8f8HrlWhnPLLaGkzCyyTmQOQHN-cgcmC-eojBefdKCg==
expires
0
5-es2015.aea79150fde2615bbe43.js
patient.labcorp.com/ 		271 KB
63 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://patient.labcorp.com/5-es2015.aea79150fde2615bbe43.js
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/runtime-es2015.881df04f7c216dc5bdd4.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.124.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-124-16.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
582b4830d56200d3955c0b0d636b183b459ef4c289621b0ef23e85fc27421ebb
Security Headers
Name Value
Content-Security-Policy default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://patient.labcorp.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 31 May 2024 13:43:39 GMT
x-amz-version-id
JWtXlTQGWEtFu4Zh4DafLV63amnhQRIz
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-permitted-cross-domain-policies
none
content-security-policy
default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
via
1.1 f54bc880c0d35571a4883f7c10838532.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P7
x-amz-server-side-encryption
AES256
surrogate-control
no-store
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
strict-origin
last-modified
Thu, 09 May 2024 20:11:56 GMT
server
AmazonS3
etag
W/"58d3134f50e51176b33fc23c15fbc201"
expect-ct
max-age=0
x-download-options
noopen
x-frame-options
SAMEORIGIN
content-type
application/javascript
vary
Accept-Encoding
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
permissions-policy
payment=(*)
x-amz-cf-id
Si4neRh_c4OACq0RUk48r8zPjqTl2phsacFaPvOJGNCu950GZFLWPQ==
expires
0
material-icons.0c35d18bf06992036b69.woff2
patient.labcorp.com/ 		125 KB
128 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://patient.labcorp.com/material-icons.0c35d18bf06992036b69.woff2
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/styles.9b1cf7eda88b17ccaf8e.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.124.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-124-16.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1
Security Headers
Name Value
Content-Security-Policy default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://patient.labcorp.com/
Origin
https://patient.labcorp.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 31 May 2024 13:43:39 GMT
x-amz-version-id
i0o6HPgcSnLygXHi.HNI1hSD4rJOW23D
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 f54bc880c0d35571a4883f7c10838532.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies
none
content-security-policy
default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
x-amz-cf-pop
JFK50-P7
x-amz-server-side-encryption
AES256
surrogate-control
no-store
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
content-length
128352
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
strict-origin
last-modified
Thu, 12 Oct 2023 14:23:14 GMT
server
AmazonS3
etag
"53436aca8627a49f4deaaa44dc9e3c05"
expect-ct
max-age=0
x-download-options
noopen
x-frame-options
SAMEORIGIN
content-type
font/woff2
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
permissions-policy
payment=(*)
accept-ranges
bytes
x-amz-cf-id
efemlPs7UjyceSzVT0ReWf36jVqapPYiAMuQuArdbETRN9eH2z4GBw==
expires
0
id
dpm.demdex.net/ 		366 B
917 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=B2CC6D25615AB18E0A495EA4%40AdobeOrg&d_nsid=0&ts=1717163018267
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/polyfills-es2015.2d0077b994bc97f30feb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.240.101.219 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-240-101-219.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
07d94304adbf6730d8ffb7f833e34a79213485cebef68084661547b0007f7166
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://patient.labcorp.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

dcs
dcs-prod-irl1-2-v061-0039776d2.edge-irl1.demdex.com 2 ms
pragma
no-cache
date
Fri, 31 May 2024 13:43:38 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-tid
G70m/RwoS6w=
vary
Origin
content-type
application/json;charset=utf-8
p3p
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
access-control-allow-origin
https://patient.labcorp.com
cache-control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
access-control-allow-credentials
true
content-length
309
expires
Thu, 01 Jan 1970 00:00:00 UTC
AppMeasurement.min.js
assets.adobedtm.com/extensions/EPbf7b42aa08bc4f10879b1484195e80d1/ 		34 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/extensions/EPbf7b42aa08bc4f10879b1484195e80d1/AppMeasurement.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/387d64faac89/5521db81ea87/launch-1e5a6d56184f.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
d6d01246a30e9d483531c27721f73f266fa4af35effdb21683ac02a620ab8aaf

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://patient.labcorp.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 31 May 2024 13:43:38 GMT
content-encoding
gzip
last-modified
Thu, 22 Sep 2022 16:16:49 GMT
server
AkamaiNetStorage
etag
"dfdd9e1f988805f0c2fbb10cd6b8f034:1663863409.614694"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://patient.labcorp.com
cache-control
no-cache
accept-ranges
bytes
timing-allow-origin
*
content-length
12384
expires
Fri, 31 May 2024 14:43:38 GMT
me
login-patient.labcorp.com/api/v1/sessions/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://login-patient.labcorp.com/api/v1/sessions/me
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.49.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ad3225ce0e27ecc67.awsglobalaccelerator.com
Software
nginx /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com; connect-src 'self' labcorp.okta.com labcorp-admin.okta.com login-patient.labcorp.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com labcorp.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com; style-src 'unsafe-inline' 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com; frame-src 'self' labcorp.okta.com labcorp-admin.okta.com login-patient.labcorp.com login.okta.com *.vidyard.com https://patient.labcorp.com com-okta-authenticator:; img-src 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' labcorp.okta.com login-patient.labcorp.com data: *.oktacdn.com fonts.gstatic.com
Strict-Transport-Security max-age=315360000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-okta-user-agent-extended
Access-Control-Request-Method
GET
Origin
https://patient.labcorp.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Connection
Keep-Alive
Content-Length
0
Date
Fri, 31 May 2024 13:43:38 GMT
Keep-Alive
timeout=5, max=100
Server
nginx
Strict-Transport-Security
max-age=315360000; includeSubDomains
accept-ch
Sec-CH-UA-Platform-Version
access-control-allow-credentials
true
access-control-allow-headers
content-type,x-okta-user-agent-extended,Content-Type
access-control-allow-methods
DELETE, GET, OPTIONS
access-control-allow-origin
https://patient.labcorp.com
access-control-max-age
3600
allow
GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
cache-control
no-cache, no-store
content-security-policy
default-src 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com; connect-src 'self' labcorp.okta.com labcorp-admin.okta.com login-patient.labcorp.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com labcorp.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com; style-src 'unsafe-inline' 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com; frame-src 'self' labcorp.okta.com labcorp-admin.okta.com login-patient.labcorp.com login.okta.com *.vidyard.com https://patient.labcorp.com com-okta-authenticator:; img-src 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' labcorp.okta.com login-patient.labcorp.com data: *.oktacdn.com fonts.gstatic.com
content-security-policy-report-only
default-src 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com; connect-src 'self' labcorp.okta.com labcorp-admin.okta.com login-patient.labcorp.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com labcorp.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com; style-src 'unsafe-inline' 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com; frame-src 'self' labcorp.okta.com labcorp-admin.okta.com login-patient.labcorp.com login.okta.com *.vidyard.com https://patient.labcorp.com com-okta-authenticator:; img-src 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' labcorp.okta.com login-patient.labcorp.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self'
expires
0
p3p
CP="HONK"
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
report-to
{"group":"csp","max_age":31536000,"endpoints":[{"url":"https://oktacsp.report-uri.com/a/t/g"}],"include_subdomains":true}
vary
Origin
x-okta-request-id
ZlnUCgDEhKIs2TbPvtsLzQAAAPE
x-rate-limit-limit
10000
x-rate-limit-remaining
9041
x-rate-limit-reset
1717163023
x-xss-protection
0
me
login-patient.labcorp.com/api/v1/sessions/ 		168 B
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://login-patient.labcorp.com/api/v1/sessions/me
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/polyfills-es2015.2d0077b994bc97f30feb.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.49.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ad3225ce0e27ecc67.awsglobalaccelerator.com
Software
nginx /
Resource Hash
86e77da16fa9744225e7a0e469d954928c83b9f4939a1f873ee37500bf19fc96
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
X-Okta-User-Agent-Extended
okta-auth-js/7.5.0
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/json
Accept
application/json
Referer
https://patient.labcorp.com/
sec-ch-ua-platform
"Win32"

Response headers

x-okta-request-id
ZlnUCxrIbWvrfAqJ7YTqQAAAC7c
Date
Fri, 31 May 2024 13:43:39 GMT
Strict-Transport-Security
max-age=315360000; includeSubDomains
x-rate-limit-limit
600
x-content-type-options
nosniff
Content-Encoding
gzip
x-rate-limit-remaining
285
content-security-policy-report-only
default-src 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com; connect-src 'self' labcorp.okta.com labcorp-admin.okta.com login-patient.labcorp.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com labcorp.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com; style-src 'unsafe-inline' 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com; frame-src 'self' labcorp.okta.com labcorp-admin.okta.com login-patient.labcorp.com login.okta.com *.vidyard.com https://patient.labcorp.com com-okta-authenticator:; img-src 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' labcorp.okta.com login-patient.labcorp.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self'
Transfer-Encoding
chunked
p3p
CP="HONK"
Connection
Keep-Alive
x-xss-protection
0
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
Server
nginx
accept-ch
Sec-CH-UA-Platform-Version
Vary
Accept-Encoding,Origin
Content-Type
application/json
access-control-allow-origin
https://patient.labcorp.com
x-rate-limit-reset
1717163047
access-control-allow-credentials
true
cache-control
no-cache, no-store
access-control-allow-headers
Content-Type
Keep-Alive
timeout=5, max=100
expires
0
ibs:dpid=411&dpuuid=ZlnUCgAAAEhQfgN-
dpm.demdex.net/
Redirect Chain
  • https://cm.everesttech.net/cm/dd?d_uuid=35293105523518533204544301033370669798
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZlnUCgAAAEhQfgN-
0
0
openid-configuration
login-patient.labcorp.com/oauth2/default/.well-known/ 		3 KB
6 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://login-patient.labcorp.com/oauth2/default/.well-known/openid-configuration
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/polyfills-es2015.2d0077b994bc97f30feb.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.49.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ad3225ce0e27ecc67.awsglobalaccelerator.com
Software
nginx /
Resource Hash
e63c3fa1b2c3ebaea1683722714f25b7c98cf4dff2906307f00c8a6398be5345
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
X-Okta-User-Agent-Extended
okta-auth-js/7.5.0 @okta/okta-angular/5.3.0 Angular/11.2.8
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/json
Accept
application/json
Referer
https://patient.labcorp.com/
sec-ch-ua-platform
"Win32"

Response headers

X-Okta-Request-Id
ZlnUCwDEhKIs2TbPvtsL0QAAAPE
Date
Fri, 31 May 2024 13:43:39 GMT
Strict-Transport-Security
max-age=315360000; includeSubDomains
x-content-type-options
nosniff
content-security-policy-report-only
default-src 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com; connect-src 'self' labcorp.okta.com labcorp-admin.okta.com login-patient.labcorp.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com labcorp.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com; style-src 'unsafe-inline' 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com; frame-src 'self' labcorp.okta.com labcorp-admin.okta.com login-patient.labcorp.com login.okta.com *.vidyard.com https://patient.labcorp.com com-okta-authenticator:; img-src 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' labcorp.okta.com login-patient.labcorp.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self'
Transfer-Encoding
chunked
p3p
CP="HONK"
Connection
Keep-Alive
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
Server
nginx
accept-ch
Sec-CH-UA-Platform-Version
vary
Origin
Content-Type
application/json
Access-Control-Allow-Origin
https://patient.labcorp.com
cache-control
max-age=86400, must-revalidate
Access-Control-Allow-Credentials
true
Keep-Alive
timeout=5, max=98
expires
Sat, 01 Jun 2024 13:42:52 GMT
openid-configuration
login-patient.labcorp.com/oauth2/default/.well-known/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://login-patient.labcorp.com/oauth2/default/.well-known/openid-configuration
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.49.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ad3225ce0e27ecc67.awsglobalaccelerator.com
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-okta-user-agent-extended
Access-Control-Request-Method
GET
Origin
https://patient.labcorp.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
content-type,x-okta-user-agent-extended
Access-Control-Allow-Methods
GET, OPTIONS
Access-Control-Allow-Origin
https://patient.labcorp.com
Access-Control-Max-Age
3600
Connection
Keep-Alive
Content-Length
0
Content-Type
application/octet-stream
Date
Fri, 31 May 2024 13:43:39 GMT
Keep-Alive
timeout=5, max=99
Server
nginx
Strict-Transport-Security
max-age=315360000; includeSubDomains
Vary
Origin
X-Okta-Request-Id
ZlnUCwDEhKIs2TbPvtsLzwAAAPE
Primary Request authorize
login-patient.labcorp.com/oauth2/default/v1/ 		54 KB
19 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://login-patient.labcorp.com/oauth2/default/v1/authorize?client_id=0oaympyx2kMM41A140x7&code_challenge=imRQsVIrgaMREIMGGSkJEwI1b9LFN8NKSczymcxdFak&code_challenge_method=S256&nonce=OcZCkHWZpSDEcHUhpce0RgEJXGoOdVo4XhPZ5eV26AaVsee336hiE7UkUaQRqKDN&redirect_uri=https%3A%2F%2Fpatient.labcorp.com%2Fcallback&response_type=code&state=qMUfk43DBrkeuQetbsXZ7J32NSN1y5YU08CXzv5i5bUL7qkNCUTHIQ2u1QK47OAP&scope=openid%20email%20profile
Requested by
Host: patient.labcorp.com
URL: https://patient.labcorp.com/main-es2015.ecfbad12482b8d854399.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.49.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ad3225ce0e27ecc67.awsglobalaccelerator.com
Software
nginx /
Resource Hash
214e8421af845169e553ada0c1de9ab1e40e68fd48e45ae69d9ee45f6934358b
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://patient.labcorp.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Connection
Keep-Alive
Content-Encoding
gzip
Content-Type
text/html;charset=utf-8
Date
Fri, 31 May 2024 13:43:39 GMT
Keep-Alive
timeout=5, max=99
Server
nginx
Strict-Transport-Security
max-age=315360000; includeSubDomains
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Robots-Tag
noindex,nofollow
accept-ch
Sec-CH-UA-Platform-Version
cache-control
no-cache, no-store
content-language
de
content-security-policy-report-only
default-src 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com; connect-src 'self' labcorp.okta.com labcorp-admin.okta.com login-patient.labcorp.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com labcorp.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com; style-src 'unsafe-inline' 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com; frame-src 'self' labcorp.okta.com labcorp-admin.okta.com login-patient.labcorp.com login.okta.com *.vidyard.com https://patient.labcorp.com com-okta-authenticator:; img-src 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' labcorp.okta.com login-patient.labcorp.com data: *.oktacdn.com fonts.gstatic.com
expires
0
p3p
CP="HONK"
pragma
no-cache
referrer-policy
no-referrer
x-content-type-options
nosniff
x-okta-request-id
ZlnUCxrIbWvrfAqJ7YTqRAAAC7c
x-rate-limit-limit
1200
x-rate-limit-remaining
1068
x-rate-limit-reset
1717163060
x-ua-compatible
IE=edge
x-xss-protection
0
css2
fonts.googleapis.com/ 		15 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Source+Code+Pro:wght@400;500;600;700;800;900&display=swap
Requested by
Host: login-patient.labcorp.com
URL: https://login-patient.labcorp.com/oauth2/default/v1/authorize?client_id=0oaympyx2kMM41A140x7&code_challenge=imRQsVIrgaMREIMGGSkJEwI1b9LFN8NKSczymcxdFak&code_challenge_method=S256&nonce=OcZCkHWZpSDEcHUhpce0RgEJXGoOdVo4XhPZ5eV26AaVsee336hiE7UkUaQRqKDN&redirect_uri=https%3A%2F%2Fpatient.labcorp.com%2Fcallback&response_type=code&state=qMUfk43DBrkeuQetbsXZ7J32NSN1y5YU08CXzv5i5bUL7qkNCUTHIQ2u1QK47OAP&scope=openid%20email%20profile
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
95fb6498771046c09267492685c3392371cbb93a83339622be7bd3b17b551bbb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Fri, 31 May 2024 13:43:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 31 May 2024 13:43:39 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 31 May 2024 13:43:39 GMT
okta-sign-in.min.js
ok2static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/js/ 		2 MB
484 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ok2static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/js/okta-sign-in.min.js
Requested by
Host: login-patient.labcorp.com
URL: https://login-patient.labcorp.com/oauth2/default/v1/authorize?client_id=0oaympyx2kMM41A140x7&code_challenge=imRQsVIrgaMREIMGGSkJEwI1b9LFN8NKSczymcxdFak&code_challenge_method=S256&nonce=OcZCkHWZpSDEcHUhpce0RgEJXGoOdVo4XhPZ5eV26AaVsee336hiE7UkUaQRqKDN&redirect_uri=https%3A%2F%2Fpatient.labcorp.com%2Fcallback&response_type=code&state=qMUfk43DBrkeuQetbsXZ7J32NSN1y5YU08CXzv5i5bUL7qkNCUTHIQ2u1QK47OAP&scope=openid%20email%20profile
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-61.muc50.r.cloudfront.net
Software
nginx /
Resource Hash
e8cefc46a1d3bc8e7e66399561998518e710f58053edf88d92cae906a942d30d
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Origin
https://login-patient.labcorp.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 14 May 2024 22:03:39 GMT
x-amz-meta-sha1sum
2d799979e3e21e774edb68fd83c13258996a5926
content-encoding
gzip
strict-transport-security
max-age=315360000; includeSubDomains
via
1.1 d34e2629ef96cca4a5e6c92c061c82b4.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P2
age
1438800
x-cache
Hit from cloudfront
last-modified
Tue, 14 May 2024 21:31:39 GMT
server
nginx
etag
W/"406211b3d96f32f8abb35e76aa7fdf76"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000, public,max-age=31536000,s-maxage=1814400
x-amz-cf-id
bJS-fbwxMOTy8H_0snnGu0LTSwDHGp00RGCF1G_TN1yU6C_rfHE76g==
expires
Wed, 14 May 2025 22:03:39 GMT
okta-sign-in.min.css
ok2static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/ 		218 KB
37 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ok2static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css
Requested by
Host: login-patient.labcorp.com
URL: https://login-patient.labcorp.com/oauth2/default/v1/authorize?client_id=0oaympyx2kMM41A140x7&code_challenge=imRQsVIrgaMREIMGGSkJEwI1b9LFN8NKSczymcxdFak&code_challenge_method=S256&nonce=OcZCkHWZpSDEcHUhpce0RgEJXGoOdVo4XhPZ5eV26AaVsee336hiE7UkUaQRqKDN&redirect_uri=https%3A%2F%2Fpatient.labcorp.com%2Fcallback&response_type=code&state=qMUfk43DBrkeuQetbsXZ7J32NSN1y5YU08CXzv5i5bUL7qkNCUTHIQ2u1QK47OAP&scope=openid%20email%20profile
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-61.muc50.r.cloudfront.net
Software
nginx /
Resource Hash
0e47f4d2af98bfe77921113c8aaf0c53614f88ff14ff819be6612538611ed3d1
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Origin
https://login-patient.labcorp.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 14 May 2024 22:03:39 GMT
x-amz-meta-sha1sum
7b5499b46660a0348cc2b22cae927dcc3fda8b20
content-encoding
gzip
strict-transport-security
max-age=315360000; includeSubDomains
via
1.1 d34e2629ef96cca4a5e6c92c061c82b4.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P2
age
1438800
x-cache
Hit from cloudfront
last-modified
Tue, 14 May 2024 21:30:32 GMT
server
nginx
etag
W/"0329c939fca7c78756b94fbcd95e322b"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000, public,max-age=31536000,s-maxage=1814400
x-amz-cf-id
SHRqLKm3m8BzcyW2eAYHg4FbCXIGEqFpsRHCiBZ2rk1ePCvrZ4YFZA==
expires
Wed, 14 May 2025 22:03:39 GMT
custom-signin.73947dcedbe30f708373f1b3405f6417.css
ok2static.oktacdn.com/assets/loginpage/css/ 		9 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ok2static.oktacdn.com/assets/loginpage/css/custom-signin.73947dcedbe30f708373f1b3405f6417.css
Requested by
Host: login-patient.labcorp.com
URL: https://login-patient.labcorp.com/oauth2/default/v1/authorize?client_id=0oaympyx2kMM41A140x7&code_challenge=imRQsVIrgaMREIMGGSkJEwI1b9LFN8NKSczymcxdFak&code_challenge_method=S256&nonce=OcZCkHWZpSDEcHUhpce0RgEJXGoOdVo4XhPZ5eV26AaVsee336hiE7UkUaQRqKDN&redirect_uri=https%3A%2F%2Fpatient.labcorp.com%2Fcallback&response_type=code&state=qMUfk43DBrkeuQetbsXZ7J32NSN1y5YU08CXzv5i5bUL7qkNCUTHIQ2u1QK47OAP&scope=openid%20email%20profile
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-61.muc50.r.cloudfront.net
Software
nginx /
Resource Hash
79e149cae4cee318fb0fc5beb4feec6880022de818efdb269f8cf90298d61a00
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Origin
https://login-patient.labcorp.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-meta-sha1sum
35d16198401d1fd985775d017f4a337e2a74c215
strict-transport-security
max-age=315360000; includeSubDomains
content-encoding
gzip
date
Sun, 19 May 2024 05:30:18 GMT
via
1.1 d34e2629ef96cca4a5e6c92c061c82b4.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P2
age
1066401
x-cache
Hit from cloudfront
last-modified
Thu, 14 Mar 2024 00:03:56 GMT
server
nginx
etag
W/"73947dcedbe30f708373f1b3405f6417"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000, public,max-age=31536000,s-maxage=1814400
x-amz-cf-id
rLg22DHlKfbPZPS8GbVZo4SvX9RtZINXLfPJJb058pBRWcSyw_njNw==
expires
Mon, 19 May 2025 05:30:18 GMT
fs0103mwup3iatbnT0x8
ok2static.oktacdn.com/fs/bco/1/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ok2static.oktacdn.com/fs/bco/1/fs0103mwup3iatbnT0x8
Requested by
Host: login-patient.labcorp.com
URL: https://login-patient.labcorp.com/oauth2/default/v1/authorize?client_id=0oaympyx2kMM41A140x7&code_challenge=imRQsVIrgaMREIMGGSkJEwI1b9LFN8NKSczymcxdFak&code_challenge_method=S256&nonce=OcZCkHWZpSDEcHUhpce0RgEJXGoOdVo4XhPZ5eV26AaVsee336hiE7UkUaQRqKDN&redirect_uri=https%3A%2F%2Fpatient.labcorp.com%2Fcallback&response_type=code&state=qMUfk43DBrkeuQetbsXZ7J32NSN1y5YU08CXzv5i5bUL7qkNCUTHIQ2u1QK47OAP&scope=openid%20email%20profile
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-61.muc50.r.cloudfront.net
Software
nginx /
Resource Hash
4993f870aca3106a39c8d70a32ac0ecdc4ad8370dbbfa0bafaf61f2a7f9024ed
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=315360000; includeSubDomains
date
Wed, 15 May 2024 04:16:12 GMT
via
1.1 09b934fc5a2991212bdc3b299a0a1cb4.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P2
age
1416447
x-cache
Hit from cloudfront
content-length
6018
last-modified
Thu, 22 Jun 2023 04:57:11 GMT
server
nginx
etag
"c861e01afba3dfefc5bcc04de6a1a796"
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31536000, public,max-age=31536000,s-maxage=1814400
accept-ranges
bytes
x-amz-cf-id
E6kWppyFC1-TEU6xmhI0PAOFTgxCZfsvQ_D1IaADP55x61wJu8Eypg==
expires
Thu, 15 May 2025 04:16:12 GMT
initLoginPage.pack.58de3be0c9b511a0fdfd7ea4f69b56fc.js
ok2static.oktacdn.com/assets/js/mvc/loginpage/ 		204 KB
76 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ok2static.oktacdn.com/assets/js/mvc/loginpage/initLoginPage.pack.58de3be0c9b511a0fdfd7ea4f69b56fc.js
Requested by
Host:
URL: OktaUtil.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-61.muc50.r.cloudfront.net
Software
nginx /
Resource Hash
6a6c595fcf3a6c74bf3509f160ba34b78a8a3eb92ecaf290412c46679576d3ed
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Origin
https://login-patient.labcorp.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-meta-sha1sum
91eca02abf11239ec4af7a30b1da6e2610f1b9a6
strict-transport-security
max-age=315360000; includeSubDomains
content-encoding
gzip
date
Sun, 12 May 2024 23:03:39 GMT
via
1.1 d34e2629ef96cca4a5e6c92c061c82b4.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P2
age
1608001
x-cache
Hit from cloudfront
last-modified
Thu, 09 Nov 2023 00:18:35 GMT
server
nginx
etag
W/"58de3be0c9b511a0fdfd7ea4f69b56fc"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000, public,max-age=31536000,s-maxage=1814400
x-amz-cf-id
7_U2rA_FR5vP5XpzgXAB4nftwcmH6MNoB7MzAKCssZxiP3KcNxruXg==
expires
Mon, 12 May 2025 23:03:39 GMT
fs0103mwupk8BAYDo0x8
ok2static.oktacdn.com/fs/bco/7/ 		32 KB
32 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ok2static.oktacdn.com/fs/bco/7/fs0103mwupk8BAYDo0x8
Requested by
Host: login-patient.labcorp.com
URL: https://login-patient.labcorp.com/oauth2/default/v1/authorize?client_id=0oaympyx2kMM41A140x7&code_challenge=imRQsVIrgaMREIMGGSkJEwI1b9LFN8NKSczymcxdFak&code_challenge_method=S256&nonce=OcZCkHWZpSDEcHUhpce0RgEJXGoOdVo4XhPZ5eV26AaVsee336hiE7UkUaQRqKDN&redirect_uri=https%3A%2F%2Fpatient.labcorp.com%2Fcallback&response_type=code&state=qMUfk43DBrkeuQetbsXZ7J32NSN1y5YU08CXzv5i5bUL7qkNCUTHIQ2u1QK47OAP&scope=openid%20email%20profile
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-61.muc50.r.cloudfront.net
Software
nginx /
Resource Hash
f71321a443d2c952d2926082caf12cf8935b3d17e85e97140f2471432601a23e
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://login-patient.labcorp.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=315360000; includeSubDomains
date
Tue, 14 May 2024 10:27:12 GMT
via
1.1 09b934fc5a2991212bdc3b299a0a1cb4.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P2
age
1480588
x-cache
Hit from cloudfront
content-length
32351
last-modified
Thu, 22 Jun 2023 04:57:11 GMT
server
nginx
etag
"38c13e119415e4b7237335fddd745bdd"
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=31536000, public,max-age=31536000,s-maxage=1814400
accept-ranges
bytes
x-amz-cf-id
cvAcqZgAapc9QRHkG5tlXVbXzPIc2hwAwFBT7s2eci3kK_WnAtNi0w==
expires
Wed, 14 May 2025 10:27:12 GMT
login_de.json
ok2static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/labels/json/ 		114 KB
115 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ok2static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/labels/json/login_de.json
Requested by
Host: ok2static.oktacdn.com
URL: https://ok2static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/js/okta-sign-in.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-61.muc50.r.cloudfront.net
Software
nginx /
Resource Hash
c72d18b9c0efac5a6844a75651a7ab5163152cf5e371e4cff8750b447dec9e98
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
content-type
text/plain
accept
application/json
Referer
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 14 May 2024 22:25:38 GMT
x-amz-meta-sha1sum
3b77d149eee503d29a2cc275a2da551ea2e6289c
via
1.1 d34e2629ef96cca4a5e6c92c061c82b4.cloudfront.net (CloudFront)
strict-transport-security
max-age=315360000; includeSubDomains
x-amz-cf-pop
MUC50-P2
age
1437482
x-cache
Hit from cloudfront
content-length
117214
last-modified
Tue, 14 May 2024 21:31:45 GMT
server
nginx
etag
"d80a0c3392392948c28563c965b793c9"
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=31536000, public,max-age=31536000,s-maxage=1814400
accept-ranges
bytes
x-amz-cf-id
XCuK55XJkOGCAEL_NBsSIUmNnKVYZPLcyNW6xEPx-eZQR5uk8pRcnw==
expires
Wed, 14 May 2025 22:25:38 GMT
country_de.json
ok2static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/labels/json/ 		5 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ok2static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/labels/json/country_de.json
Requested by
Host: ok2static.oktacdn.com
URL: https://ok2static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/js/okta-sign-in.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-61.muc50.r.cloudfront.net
Software
nginx /
Resource Hash
e540549c5ee85d139a6590536daf86400fccd811ebc9d5b714794efe1e34b897
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
content-type
text/plain
accept
application/json
Referer
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 14 May 2024 22:25:38 GMT
x-amz-meta-sha1sum
251dd1ccca4c80570aee52db71eed703ac579ad8
via
1.1 d34e2629ef96cca4a5e6c92c061c82b4.cloudfront.net (CloudFront)
strict-transport-security
max-age=315360000; includeSubDomains
x-amz-cf-pop
MUC50-P2
age
1437482
x-cache
Hit from cloudfront
content-length
4805
last-modified
Tue, 14 May 2024 21:31:43 GMT
server
nginx
etag
"51bec6463b4f7c5a26ede1fd8ee067f8"
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=31536000, public,max-age=31536000,s-maxage=1814400
accept-ranges
bytes
x-amz-cf-id
50uinKt9AJvpHJKfp8Yxq8s4q2OlhxPSvF-qDKPrgdjaKMubA8Usqw==
expires
Wed, 14 May 2025 22:25:38 GMT
logo-patient-color.svg
patient.labcorp.com/assets/images/ 		16 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://patient.labcorp.com/assets/images/logo-patient-color.svg
Requested by
Host: login-patient.labcorp.com
URL: https://login-patient.labcorp.com/oauth2/default/v1/authorize?client_id=0oaympyx2kMM41A140x7&code_challenge=imRQsVIrgaMREIMGGSkJEwI1b9LFN8NKSczymcxdFak&code_challenge_method=S256&nonce=OcZCkHWZpSDEcHUhpce0RgEJXGoOdVo4XhPZ5eV26AaVsee336hiE7UkUaQRqKDN&redirect_uri=https%3A%2F%2Fpatient.labcorp.com%2Fcallback&response_type=code&state=qMUfk43DBrkeuQetbsXZ7J32NSN1y5YU08CXzv5i5bUL7qkNCUTHIQ2u1QK47OAP&scope=openid%20email%20profile
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.124.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-124-16.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7c56074397f9ad3a0149bb842a97ffa27682b5fa86d5a1122ed489fa30fdcce0
Security Headers
Name Value
Content-Security-Policy default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 31 May 2024 13:43:41 GMT
x-amz-version-id
Drw9vC.iK0zP.vvVPcDvWZOLLg4PHbTD
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-permitted-cross-domain-policies
none
content-security-policy
default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
via
1.1 f54bc880c0d35571a4883f7c10838532.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P7
x-amz-server-side-encryption
AES256
surrogate-control
no-store
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
strict-origin
last-modified
Thu, 12 Oct 2023 14:23:13 GMT
server
AmazonS3
etag
W/"2f62a1cffc9ea2ce8845e3ac0608fc01"
expect-ct
max-age=0
x-download-options
noopen
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
vary
Accept-Encoding
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate
permissions-policy
payment=(*)
x-amz-cf-id
6NA0KnqYUEQiiB8QY7hiunkP7H8VlAo-05MW_l7x8tyOtbE0AAh_fg==
expires
0
iframe.html
login.okta.com/discovery/ Frame 1F43 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://login.okta.com/discovery/iframe.html
Requested by
Host: ok2static.oktacdn.com
URL: https://ok2static.oktacdn.com/assets/js/mvc/loginpage/initLoginPage.pack.58de3be0c9b511a0fdfd7ea4f69b56fc.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.230.228.128 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-230-228-128.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Age
52463
Connection
keep-alive
Content-Length
451
Content-Type
text/html
Date
Thu, 30 May 2024 23:09:18 GMT
ETag
"784b5568ec5e774927468e9f55af7c0f"
Last-Modified
Thu, 16 May 2024 19:25:16 GMT
Server
AmazonS3
Strict-Transport-Security
max-age=31536000; includeSubDomains
Via
1.1 1457b39f2ccd71582289928342a87178.cloudfront.net (CloudFront)
X-Amz-Cf-Id
4cRQM3z_Vfb55Iz3ojLzgmOyLOF2YsA9IWE2WqSNqjNLTx9DQLVUHQ==
X-Amz-Cf-Pop
MUC50-P5
X-Cache
Hit from cloudfront
introspect
login-patient.labcorp.com/idp/idx/ 		23 KB
25 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://login-patient.labcorp.com/idp/idx/introspect
Requested by
Host: ok2static.oktacdn.com
URL: https://ok2static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/js/okta-sign-in.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.49.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ad3225ce0e27ecc67.awsglobalaccelerator.com
Software
nginx /
Resource Hash
252b697df84ab1228a4c2669f7c6b9f5da69828211c5d8597d5b05dd4c8c8a4d
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
X-Okta-User-Agent-Extended
okta-auth-js/7.0.1 okta-signin-widget-7.18.0
Accept-Language
de
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/ion+json; okta-version=1.0.0
Accept
application/ion+json; okta-version=1.0.0
sec-ch-ua-platform-version
"10.0.0"
Referer
sec-ch-ua-platform
"Win32"

Response headers

x-okta-request-id
ZlnUDBrIbWvrfAqJ7YTqSAAAC7c
Date
Fri, 31 May 2024 13:43:40 GMT
Strict-Transport-Security
max-age=315360000; includeSubDomains
x-rate-limit-limit
2000
x-content-type-options
nosniff
x-rate-limit-remaining
1633
content-security-policy-report-only
default-src 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com; connect-src 'self' labcorp.okta.com labcorp-admin.okta.com login-patient.labcorp.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com labcorp.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com; style-src 'unsafe-inline' 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com; frame-src 'self' labcorp.okta.com labcorp-admin.okta.com login-patient.labcorp.com login.okta.com *.vidyard.com https://patient.labcorp.com com-okta-authenticator:; img-src 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' labcorp.okta.com login-patient.labcorp.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self'
Transfer-Encoding
chunked
p3p
CP="HONK"
Connection
Keep-Alive
x-xss-protection
0
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
Server
nginx
accept-ch
Sec-CH-UA-Platform-Version
vary
Origin
Content-Type
application/ion+json;okta-version=1.0.0
access-control-allow-origin
https://login-patient.labcorp.com
x-rate-limit-reset
1717163035
access-control-allow-credentials
true
cache-control
no-cache, no-store
X-Robots-Tag
noindex,nofollow
Keep-Alive
timeout=5, max=98
expires
0
okticon.woff
ok2static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/font/ 		20 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ok2static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/font/okticon.woff
Requested by
Host: ok2static.oktacdn.com
URL: https://ok2static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-61.muc50.r.cloudfront.net
Software
nginx /
Resource Hash
7eccbb3b4b68f9f24a3b826f2eea4a1bbb48196cb734afc1b62c3d045cb680e1
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://ok2static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css
Origin
https://login-patient.labcorp.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 14 May 2024 22:03:40 GMT
x-amz-meta-sha1sum
4d706297987d613a4e3f4f23d08c62d16830845d
via
1.1 d34e2629ef96cca4a5e6c92c061c82b4.cloudfront.net (CloudFront)
strict-transport-security
max-age=315360000; includeSubDomains
x-amz-cf-pop
MUC50-P2
age
1438800
x-cache
Hit from cloudfront
content-length
20600
last-modified
Tue, 14 May 2024 21:31:27 GMT
server
nginx
etag
"db28723126138387cdf40680e6e0fa5d"
content-type
application/font-woff
access-control-allow-origin
*
cache-control
max-age=31536000, public,max-age=31536000,s-maxage=1814400
accept-ranges
bytes
x-amz-cf-id
dUCOr5gC40s2_nTha0wznHadyPEK8OzElt-fFg3lyDtBjCuBAIUIKQ==
expires
Wed, 14 May 2025 22:03:40 GMT
favicon.ico
login-patient.labcorp.com/ 		5 KB
6 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://login-patient.labcorp.com/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.49.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ad3225ce0e27ecc67.awsglobalaccelerator.com
Software
nginx /
Resource Hash
f9e86fb363a05f75ab3b525439d46bf4911d4cd4ae94c656c0198206374002aa
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform-version
"10.0.0"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Fri, 31 May 2024 13:43:40 GMT
Strict-Transport-Security
max-age=315360000; includeSubDomains
x-content-type-options
nosniff
last-modified
Mon, 13 May 2024 21:22:32 GMT
Server
nginx
etag
W/"5430-1715635352000"
Content-Type
image/x-icon
Connection
Keep-Alive
accept-ranges
bytes
X-Robots-Tag
noindex,nofollow
Keep-Alive
timeout=5, max=97
Content-Length
5430

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
geolocation.onetrust.com
URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Domain
dpm.demdex.net
URL
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZlnUCgAAAEhQfgN-

Verdicts & Comments Add Verdict or Comment

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| regeneratorRuntime function| jQueryCourage object| u2f function| OktaSignIn function| signInSuccessCallBackFunction object| oktaData function| runLoginPage object| OktaUtil object| config string| urlString string| clientId object| url_context object| customButtons string| logoUrl1 string| logoUrl2 object| oktaSignIn function| debounce function| updateContent object| OktaLogin object| jQBrowser

8 Cookies

Domain/Path Name / Value
.demdex.net/ Name: demdex
Value: 35293105523518533204544301033370669798
.labcorp.com/ Name: AMCVS_B2CC6D25615AB18E0A495EA4%40AdobeOrg
Value: 1
.labcorp.com/ Name: AMCV_B2CC6D25615AB18E0A495EA4%40AdobeOrg
Value: 179643557%7CMCIDTS%7C19875%7CMCMID%7C42742573443458064203799647072845664186%7CMCAAMLH-1717767818%7C6%7CMCAAMB-1717767818%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1717170218s%7CNONE%7CvVersion%7C5.5.0
.everesttech.net/ Name: everest_g_v2
Value: g_surferid~ZlnUCgAAAEhQfgN-
.labcorp.com/ Name: OptanonConsent
Value: isGpcEnabled=0&datestamp=Fri+May+31+2024+15%3A43%3A39+GMT%2B0200+(Mitteleurop%C3%A4ische+Sommerzeit)&version=202403.2.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=487571f4-1f93-4d17-a3d0-46f3711f2a6c&interactionCount=1&isAnonUser=1&landingPath=https%3A%2F%2Fpatient.labcorp.com%2Fportal%2Finvoices%2F70893571%2FFriendly_Delinquent&groups=C0001%3A1%2CC0003%3A0%2CC0002%3A0%2CC0004%3A0%2CC0007%3A0
login-patient.labcorp.com/ Name: t
Value: default
login-patient.labcorp.com/ Name: DT
Value: DI1SNqIIapXQkmT1pBtqfBs6w
login-patient.labcorp.com/ Name: JSESSIONID
Value: 4A38B0AEC010B2CF35A80D22CE7A3656

11 Console Messages

Source Level URL
Text
security error URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Message:
Refused to connect to 'https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location' because it violates the following Content Security Policy directive: "connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org".
other warning URL: https://patient.labcorp.com/portal/invoices/70893571/Friendly_Delinquent
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
security error URL: https://assets.adobedtm.com/
Message:
Refused to frame 'https://labcorp.demdex.net/' because it violates the following Content Security Policy directive: "frame-src 'self' blob: *.cws.labcorp.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com".
security warning URL: about:blank
Message:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
security error URL: https://patient.labcorp.com/portal/invoices/70893571/Friendly_Delinquent
Message:
Refused to load the image 'https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZlnUCgAAAEhQfgN-' because it violates the following Content Security Policy directive: "img-src blob: *.cloudfront.net data: *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org".
other warning URL: https://patient.labcorp.com/portal/invoices/70893571/Friendly_Delinquent
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://patient.labcorp.com/portal/invoices/70893571/Friendly_Delinquent
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
network error URL: https://login-patient.labcorp.com/api/v1/sessions/me
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
security error URL: https://cdn.cookielaw.org/scripttemplates/202403.2.0/otBannerSdk.js(Line 6)
Message:
Refused to connect to 'https://privacyportal.onetrust.com/request/v1/consentreceipts' because it violates the following Content Security Policy directive: "connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org".
security error URL: https://login-patient.labcorp.com/oauth2/default/v1/authorize?client_id=0oaympyx2kMM41A140x7&code_challenge=imRQsVIrgaMREIMGGSkJEwI1b9LFN8NKSczymcxdFak&code_challenge_method=S256&nonce=OcZCkHWZpSDEcHUhpce0RgEJXGoOdVo4XhPZ5eV26AaVsee336hiE7UkUaQRqKDN&redirect_uri=https%3A%2F%2Fpatient.labcorp.com%2Fcallback&response_type=code&state=qMUfk43DBrkeuQetbsXZ7J32NSN1y5YU08CXzv5i5bUL7qkNCUTHIQ2u1QK47OAP&scope=openid%20email%20profile(Line 16)
Message:
[Report Only] Refused to load the stylesheet 'https://fonts.googleapis.com/css2?family=Source+Code+Pro:wght@400;500;600;700;800;900&display=swap' because it violates the following Content Security Policy directive: "style-src 'unsafe-inline' 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.
security error URL: https://login-patient.labcorp.com/oauth2/default/v1/authorize?client_id=0oaympyx2kMM41A140x7&code_challenge=imRQsVIrgaMREIMGGSkJEwI1b9LFN8NKSczymcxdFak&code_challenge_method=S256&nonce=OcZCkHWZpSDEcHUhpce0RgEJXGoOdVo4XhPZ5eV26AaVsee336hiE7UkUaQRqKDN&redirect_uri=https%3A%2F%2Fpatient.labcorp.com%2Fcallback&response_type=code&state=qMUfk43DBrkeuQetbsXZ7J32NSN1y5YU08CXzv5i5bUL7qkNCUTHIQ2u1QK47OAP&scope=openid%20email%20profile
Message:
[Report Only] Refused to load the image 'https://patient.labcorp.com/assets/images/logo-patient-color.svg' because it violates the following Content Security Policy directive: "img-src 'self' labcorp.okta.com login-patient.labcorp.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src *.amazonaws.com *.cloudfront.net *.google.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' *.speedpay.com us-autocomplete-pro.api.smartystreets.com www.google.com *.cookielaw.org; style-src blob: *.cloudfront.net *.google.com fonts.googleapis.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' 'unsafe-inline'; script-src *.braintreegateway.com *.cloudfront.net *.google.com *.google-analytics.com *.labcorp.com *.okta.com *.oktapreview.com assets.adobedtm.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-io-static.storage.googleapis.com pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com resource://pdf.js/build/pdf.js resource://pdf.js/build/pdf.worker.js resource://pdf.js/web/viewer.js 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.google.com www.gstatic.com *.cookielaw.org; object-src blob: *.cloudfront.net *.labcorp.com 'self'; connect-src *.api.smartystreets.com blob: *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.labcorp.com *.okta.com *.oktapreview.com *.demdex.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com *.princetonecom.com 'self' us-autocomplete-pro.api.smartystreets.com *.us-east-1.amazonaws.com www.google-analytics.com *.cookielaw.org; img-src blob: *.cloudfront.net data: *.labcorp.com maps.gstatic.com labcorp.sc.omtrdc.net *.everesttech.net *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io pendo-static-4664900665475072.storage.googleapis.com pendo-static-5755680404537344.storage.googleapis.com 'self' www.google-analytics.com *.cookielaw.org; font-src fonts.gstatic.com *.princetonecom.com 'self'; frame-src blob: *.cws.labcorp.com *.labcorp.com *.pendo.cws.labcorp.com *.ald1p.cws.labcorp.com *.pendo.io *.princetonecom.com 'self' www.chasepaymentechhostedpay-var.com www.google.com batinternet.speedpay.com internet.speedpay.com *.okta.com *.oktapreview.com; frame-ancestors *.oktacdn.com labcorp-qa.oktapreview.com labcorp-stage.oktapreview.com labcorp.okta.com *.labcorp.com 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.adobedtm.com
cdn.cookielaw.org
click.labcorpmessage.com
content.patient.pendo.cws.labcorp.com
dpm.demdex.net
fonts.googleapis.com
geolocation.onetrust.com
js.braintreegateway.com
login-patient.labcorp.com
login.okta.com
ok2static.oktacdn.com
patient.labcorp.com
portal-api.patient.cws.labcorp.com
dpm.demdex.net
geolocation.onetrust.com
107.23.97.78
108.138.36.61
13.111.136.50
18.164.124.16
192.229.221.25
2600:9000:225b:8a00:10:5a95:d240:93a1
2606:4700::6813:b134
2a00:1450:4001:82a::200a
2a02:26f0:3500:591::1e80
34.240.101.219
52.223.49.115
54.230.228.128
018ead8fa2f3e054ee247a8cfe4160b3da5f60fbae4c70ad2119909e922b15ee
06c0edbfc1b871fb45195265f5faad3e23191305f6ff2125557a9fbc287c8992
07d94304adbf6730d8ffb7f833e34a79213485cebef68084661547b0007f7166
0afaa8243a885ae98499c05dba6fd60983bc9f9a583987894c0534999dae45d1
0e47f4d2af98bfe77921113c8aaf0c53614f88ff14ff819be6612538611ed3d1
10a8fbaa0884f4deedfb149d83b3345d7489f9995d0737d35b3282132cd04452
214e8421af845169e553ada0c1de9ab1e40e68fd48e45ae69d9ee45f6934358b
23157062805ca1e556a446cc32c61601724a61b4fe472f8108607548a802821d
252b697df84ab1228a4c2669f7c6b9f5da69828211c5d8597d5b05dd4c8c8a4d
3382eb61d5ed9187fa12fc5c174283070153ba7504352aede417c7c36bc4c910
3acd5c9271c2cd33f5135df43ae4c574e4d524282e5322137b77cdb4a5524bb4
3d9ef05bcd150166c1f5163efaa04d78e47390892439d4f9bcb4d22a6b579762
4993f870aca3106a39c8d70a32ac0ecdc4ad8370dbbfa0bafaf61f2a7f9024ed
52985983eb7fdc7d366dc1e4fb20a7ef69766aa10f3d5962465569d3ad0cc185
582b4830d56200d3955c0b0d636b183b459ef4c289621b0ef23e85fc27421ebb
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
6a6c595fcf3a6c74bf3509f160ba34b78a8a3eb92ecaf290412c46679576d3ed
6ca60b3e0de85a9545b17e7c68618908f61ea65455e5d63ae0c686b6cd3880be
7348a2eb48c9a681d6178433394c7037144d85b57ee33a11339d3a33fa1001a4
79e149cae4cee318fb0fc5beb4feec6880022de818efdb269f8cf90298d61a00
7c56074397f9ad3a0149bb842a97ffa27682b5fa86d5a1122ed489fa30fdcce0
7e90effe2c4b60df553e50c5e65bcf113ad7a2ddf3d5e7a594f2b8a9ccfd4523
7eccbb3b4b68f9f24a3b826f2eea4a1bbb48196cb734afc1b62c3d045cb680e1
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1
86e77da16fa9744225e7a0e469d954928c83b9f4939a1f873ee37500bf19fc96
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
95fb6498771046c09267492685c3392371cbb93a83339622be7bd3b17b551bbb
9a4e0af6397a30500067cf1e08dc26ec4aa597d427a6010777bb74b92675d3f6
bbdb499ada9a9b54877bce6e362d9dc0745374dcc39ed49ba2ee210b1429255f
bc9a16cd945457ad9463cdaed95129b01c589466978dfee3d019d9c604b2171a
bd81627dee6ce12ff27097a365d990c3e6d231c80c973794d340aa0dcf081ea6
be775f8b89c6f8dcfba08f8c6d72ad46fea5187cf494670c33d0585c888c84d8
c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0
c58c2b8cd85f2d46af382782b26e863f4ee56a8c0b2be5e01294b072f8ed4f44
c72d18b9c0efac5a6844a75651a7ab5163152cf5e371e4cff8750b447dec9e98
d1a9c59044be6bb065f1aed85b3f3c7f9a49c326001689daf7d63c12efa8821b
d5f5e3a11b1241426353d5a508c948379146e5d2ac6257f3c48f9a13fdd372d1
d6d01246a30e9d483531c27721f73f266fa4af35effdb21683ac02a620ab8aaf
da983c5cc16eef0aeebf15cd3c0de165efe84261b280c708e7375b552defae7f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e540549c5ee85d139a6590536daf86400fccd811ebc9d5b714794efe1e34b897
e608abb062c5566172c4fab67b3119457b3450d2b8f747db034700844c7e9c13
e63c3fa1b2c3ebaea1683722714f25b7c98cf4dff2906307f00c8a6398be5345
e8cefc46a1d3bc8e7e66399561998518e710f58053edf88d92cae906a942d30d
f330c0cdd22c9492651aac61632a96773d29af7819e5434a3bcbfa50a9d7e19d
f4aaa18c55c90588c5e828e56dcc6b2cb0acf9a4280494c7d1a53fc5e3669112
f71321a443d2c952d2926082caf12cf8935b3d17e85e97140f2471432601a23e
f9d12f73c0201d87e9c17679708dfbd9b2716a46d6c7d31375cb17fc45108ce8
f9e86fb363a05f75ab3b525439d46bf4911d4cd4ae94c656c0198206374002aa
fdfea52427fb822bebdd32b325768e73b40637bd203c100827d4dece88e431c3
fe4e6372c369c184653e55d42ba3fb530bbc0a3ccd0b07cb7cee9a33794b6cc2