"Lab-Tested" Isn't Proof: How to Actually Verify a Peptide COA

Q: How do I verify a peptide COA is real?

Check three things: (1) it names a specific third-party testing lab (e.g. Janoshik, Freedom Diagnostics), not just 'lab-tested'; (2) the batch/lot number on the COA matches the number on your vial; and (3) the report ID can be looked up on the lab's own verification portal. If any of those is missing, treat the COA as unverified.

Q: Does 'third-party tested' mean a peptide is verified?

Not by itself. 'Third-party tested' or 'lab-tested' is a marketing claim. It becomes proof only when there is an actual COA that names the lab, ties to a specific batch, and is independently verifiable at the lab's portal.

Q: What is the difference between a public COA and an on-request COA?

A public COA is posted on the product or a dedicated certificates page so anyone can open it before buying; an on-request COA is only sent if you ask, which is weaker because it cannot be checked pre-purchase. Public, batch-linked, third-party COAs are the strongest signal.

Key takeaways

'Third-party tested' is a marketing claim; a verifiable Certificate of Analysis (COA) is the proof — and most vendors only offer the claim.
A real COA names the testing lab, shows a batch/lot number that matches the vial, and can be looked up at the lab's own verification portal.
The 90-second check: confirm the named lab, match the batch number to your product, then verify the report ID on the lab's website.
Public, batch-linked, third-party COAs are the strongest signal; on-request or unnamed-lab COAs are far weaker.

Every peptide vendor says the same three words: "third-party tested." It's on the homepage, the product page, the checkout banner. And most of the time, that's where it ends — a claim, in marketing font, with nothing behind it you can actually open.

A real Certificate of Analysis (COA) isn't a trust badge. It's a document, and the entire point of it is that you can verify it yourself. The gap between a vendor that says "lab-tested" and one that hands you a COA you can click, read, and confirm against the testing lab is the single biggest signal of whether you're buying research-grade material or a story.

Here's how to tell the difference in about ninety seconds.

"Lab-tested" is a claim. A COA is evidence.

Think of it like a restaurant health grade. "We're very clean" is what every restaurant says. The letter grade in the window — issued by someone who isn't the restaurant — is what you actually trust. A COA is that letter grade: a third party measured the contents of a specific batch and put their name on the result.

So the first question is never "do they test?" Every vendor will say yes. The real question is: can I see the actual certificate, and can I confirm it's real?

What a real COA actually contains

A legitimate third-party COA has a small number of non-negotiable elements. Run down this list every time:

A named testing laboratory — not "an accredited lab" or "our in-house lab," but a specific, independent name you can look up. In this market that usually means Janoshik Analytical, Freedom Diagnostics, Colmaric Analyticals, Vanguard, or a handful of others. A COA with no lab name is not a third-party COA.
The compound and a purity number — e.g. "BPC-157 — 99.1%," measured by HPLC (and ideally identity confirmed by mass spec). Purity without a method is just a number.
A batch or lot number — the element almost everyone skips. The batch number on the COA has to match the batch number on the vial you receive. A COA for batch A pasted onto a product from batch B tells you nothing about what's in your hand. That vial-to-COA link is the difference between a real test and a decorative PDF.
A recent date. A 2019 COA on a 2026 product is a red flag, not reassurance. Peptides are made in batches; each batch should carry its own recent test.
A verification key or portal link. The strongest labs (Janoshik is the clearest example) print a unique report ID and host a public lookup on their own domain. If you can type that ID into the lab's site — not the vendor's — and see the same numbers, that's verification. Everything short of that is trust.

The hierarchy that actually matters

Not all "we have COAs" are equal. Rank them:

Public, on-site, per-batch COAs — you can open them without an account, and they're tied to specific lots. This is the gold standard, and it's exactly what the best vendors do.
COAs on request — better than nothing, but you're trusting that what arrives matches what ships, and you can't compare before you buy.
"Lab-tested" with no document — treat as unverified. It may be true. You have no way to know.

We weight this directly: on PeptidePrices, how we rate vendors puts 40% of a vendor's entire score on COA practices — named lab, batch linkage, public availability, and independent verifiability — because it's the factor that most reliably separates legitimate operators from the rest.

The red flags that take ten seconds to spot

No lab named anywhere. The most common tell.
"Certificate of Authenticity" instead of "Certificate of Analysis." Authenticity is a marketing word; analysis is a measurement. The swap is deliberate.
The same COA across different products or batches. Open two and compare the batch numbers and dates. Identical means decorative.
A verify link that points to the vendor's own site rather than the lab's. Verification has to come from the party that isn't selling you the product.
Batch number on the COA does not match the vial. If they don't match, the COA isn't for your material.

Format-matching catches the lazy fakes — the portal catches the rest

Be honest about the limits. Eyeballing a COA's format will catch the lazy counterfeits: the wrong lab letterhead, a missing or malformed verification key, a contact domain that doesn't belong to the real lab. What format-matching won't catch is a careful forgery that copies a genuine layout and swaps in a fake key. For that there's only one definitive check: look the report up on the testing lab's own portal. If the lab confirms the ID and the numbers match, it's real. If the portal has no record of it, walk away.

This is exactly why we built the COA Authenticity Checker — a free tool where you paste a COA link or upload the PDF or image, and it pulls out the lab, the report ID, and the purity, checks the document against the genuine formats of the labs we've fingerprinted, and flags the inconsistencies for you. It runs the checklist above automatically. It's also deliberately honest about its scope: it assesses completeness and consistency and surfaces the lab-portal lookup — it doesn't pretend to be a fraud oracle. The portal is still the final word.

Put it together

Next time a vendor tells you they're "third-party tested," do this:

Find the actual COA. If you can't, that's your answer.
Confirm a real, independent lab is named.
Match the batch number on the COA to the vial.
Verify the report ID on the lab's portal, not the vendor's.

It's the difference between a claim and proof — and it's the whole reason we link the real COA on every vendor we can, instead of just repeating the word "verified." Start with how we rate vendors, run any certificate through the COA Authenticity Checker, or browse vendor COA status across the board.

A peptide is only as good as the batch in the vial. "Lab-tested" doesn't tell you what's in the vial. A COA you can verify does.