urlscan.io logo urlscan.io
SecurityTrails logo

www.bathandbodyworks.ca Open in urlscan Pro
13.225.195.84  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://www.bathandbodyworks.ca/
Effective URL: https://www.bathandbodyworks.ca/
Submission: On April 28 via api from US — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 24 IPs in 2 countries across 17 domains to perform 114 HTTP transactions. The main IP is 13.225.195.84, located in United States and belongs to AMAZON-02, US. The main domain is www.bathandbodyworks.ca.
TLS certificate: Issued by Amazon RSA 2048 M02 on July 16th 2023. Valid for: a year.
This is the only time www.bathandbodyworks.ca was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
56 13.225.195.84 16509 (AMAZON-02)
10 104.19.177.52 13335 (CLOUDFLAR...)
2 34.192.218.136 14618 (AMAZON-AES)
1 3.136.242.212 16509 (AMAZON-02)
7 104.18.72.113 13335 (CLOUDFLAR...)
1 3.162.4.149 16509 (AMAZON-02)
1 172.253.115.95 15169 (GOOGLE)
1 104.18.70.113 13335 (CLOUDFLAR...)
1 104.18.32.137 13335 (CLOUDFLAR...)
2 142.251.111.97 15169 (GOOGLE)
4 34.225.115.81 14618 (AMAZON-AES)
1 104.16.51.111 13335 (CLOUDFLAR...)
2 31.13.66.19 32934 (FACEBOOK)
3 204.79.197.237 8068 (MICROSOFT...)
1 3.161.209.109 16509 (AMAZON-02)
9 216.239.38.178 15169 (GOOGLE)
1 104.22.53.252 13335 (CLOUDFLAR...)
1 142.251.111.155 15169 (GOOGLE)
1 31.13.66.35 32934 (FACEBOOK)
1 2 52.223.40.198 16509 (AMAZON-02)
5 34.134.85.232 396982 (GOOGLE-CL...)
1 35.225.143.12 396982 (GOOGLE-CL...)
2 34.66.3.160 396982 (GOOGLE-CL...)
114 24
56    13.225.195.84 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-195-84.yul62.r.cloudfront.net
www.bathandbodyworks.ca
10    104.19.177.52 (None, )

ASN13335 (CLOUDFLARENET, US)
cdn.cookielaw.org
2    34.192.218.136 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-192-218-136.compute-1.amazonaws.com
7316103.collect.igodigital.com
nova.collect.igodigital.com
1    3.136.242.212 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-136-242-212.us-east-2.compute.amazonaws.com
hostedpayments.radial.com
7    104.18.72.113 (None, )

ASN13335 (CLOUDFLARENET, US)
static.zdassets.com
1    3.162.4.149 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-162-4-149.yul62.r.cloudfront.net
cdn.cquotient.com
1    172.253.115.95 (United States)

ASN15169 (GOOGLE, US)
PTR: bg-in-f95.1e100.net
fonts.googleapis.com
1    104.18.70.113 (None, )

ASN13335 (CLOUDFLARENET, US)
ekr.zdassets.com
1    104.18.32.137 (None, )

ASN13335 (CLOUDFLARENET, US)
geolocation.onetrust.com
2    142.251.111.97 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: bk-in-f97.1e100.net
www.googletagmanager.com
4    34.225.115.81 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-225-115-81.compute-1.amazonaws.com
e.cquotient.com
p.cquotient.com
1    104.16.51.111 (None, )

ASN13335 (CLOUDFLARENET, US)
bathandbodyworkscc.zendesk.com
2    31.13.66.19 (Ashburn, United States)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-iad3.fbcdn.net
connect.facebook.net
3    204.79.197.237 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
bat.bing.com
1    3.161.209.109 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-161-209-109.yul62.r.cloudfront.net
js.adsrvr.org
9    216.239.38.178 (United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    104.22.53.252 (None, )

ASN13335 (CLOUDFLARENET, US)
cdn.quantummetric.com
1    142.251.111.155 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: bk-in-f155.1e100.net
stats.g.doubleclick.net
1    31.13.66.35 (Ashburn, United States)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-01-iad3.facebook.com
www.facebook.com
2    52.223.40.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com
insight.adsrvr.org
match.adsrvr.org
5    34.134.85.232 (Council Bluffs, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 232.85.134.34.bc.googleusercontent.com
ingest.quantummetric.com
1    35.225.143.12 (Council Bluffs, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 12.143.225.35.bc.googleusercontent.com
bbwca-sync.quantummetric.com
2    34.66.3.160 (Council Bluffs, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 160.3.66.34.bc.googleusercontent.com
rl.quantummetric.com
Apex Domain
Subdomains		 Transfer
56 bathandbodyworks.ca
www.bathandbodyworks.ca
4 MB
10 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 306
296 KB
9 quantummetric.com
cdn.quantummetric.com — Cisco Umbrella Rank: 2613
ingest.quantummetric.com — Cisco Umbrella Rank: 3033
bbwca-sync.quantummetric.com
rl.quantummetric.com — Cisco Umbrella Rank: 3896
80 KB
9 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 31
23 KB
8 zdassets.com
static.zdassets.com — Cisco Umbrella Rank: 2198
ekr.zdassets.com — Cisco Umbrella Rank: 2568
365 KB
5 cquotient.com
cdn.cquotient.com — Cisco Umbrella Rank: 6745
e.cquotient.com — Cisco Umbrella Rank: 11497
p.cquotient.com — Cisco Umbrella Rank: 7426
22 KB
3 adsrvr.org
js.adsrvr.org — Cisco Umbrella Rank: 1361
insight.adsrvr.org — Cisco Umbrella Rank: 622
match.adsrvr.org — Cisco Umbrella Rank: 356
5 KB
3 bing.com
bat.bing.com — Cisco Umbrella Rank: 337
14 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 180
72 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
202 KB
2 igodigital.com
7316103.collect.igodigital.com
nova.collect.igodigital.com — Cisco Umbrella Rank: 6679
3 KB
1 facebook.com
www.facebook.com — Cisco Umbrella Rank: 97
274 B
1 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 84
352 B
1 zendesk.com
bathandbodyworkscc.zendesk.com
1 KB
1 onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 535
306 B
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 33
982 B
1 radial.com
hostedpayments.radial.com — Cisco Umbrella Rank: 830408
85 KB
114 17
Domain Requested by
56 www.bathandbodyworks.ca www.bathandbodyworks.ca
10 cdn.cookielaw.org www.bathandbodyworks.ca
cdn.cookielaw.org
9 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
www.bathandbodyworks.ca
7 static.zdassets.com www.bathandbodyworks.ca
static.zdassets.com
5 ingest.quantummetric.com cdn.quantummetric.com
3 bat.bing.com www.bathandbodyworks.ca
bat.bing.com
2 rl.quantummetric.com cdn.quantummetric.com
2 p.cquotient.com cdn.cquotient.com
2 connect.facebook.net www.bathandbodyworks.ca
connect.facebook.net
2 e.cquotient.com cdn.cquotient.com
2 www.googletagmanager.com www.bathandbodyworks.ca
www.googletagmanager.com
1 bbwca-sync.quantummetric.com cdn.quantummetric.com
1 match.adsrvr.org js.adsrvr.org
1 insight.adsrvr.org 1 redirects
1 www.facebook.com www.bathandbodyworks.ca
1 stats.g.doubleclick.net www.bathandbodyworks.ca
1 cdn.quantummetric.com www.bathandbodyworks.ca
1 js.adsrvr.org www.bathandbodyworks.ca
1 bathandbodyworkscc.zendesk.com static.zdassets.com
1 geolocation.onetrust.com cdn.cookielaw.org
1 ekr.zdassets.com static.zdassets.com
1 nova.collect.igodigital.com www.bathandbodyworks.ca
1 fonts.googleapis.com www.bathandbodyworks.ca
1 cdn.cquotient.com www.bathandbodyworks.ca
1 hostedpayments.radial.com www.bathandbodyworks.ca
1 7316103.collect.igodigital.com www.bathandbodyworks.ca
114 26
Subject Issuer Validity Valid
bathandbodyworks.ca
Amazon RSA 2048 M02		 2023-07-16 -
2024-08-13		 a year crt.sh
cookielaw.org
Cloudflare Inc ECC CA-3		 2024-03-01 -
2024-12-31		 10 months crt.sh
*.collect.igodigital.com
Amazon RSA 2048 M03		 2023-11-15 -
2024-12-14		 a year crt.sh
*.radial.com
Amazon RSA 2048 M02		 2024-02-26 -
2025-03-25		 a year crt.sh
zdassets.com
E1		 2024-03-03 -
2024-06-01		 3 months crt.sh
*.cquotient.com
Amazon RSA 2048 M02		 2024-03-05 -
2025-04-02		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2024-04-08 -
2024-07-01		 3 months crt.sh
onetrust.com
Cloudflare Inc ECC CA-3		 2023-11-13 -
2024-11-12		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2024-04-08 -
2024-07-01		 3 months crt.sh
bathandbodyworkscc.zendesk.com
Cloudflare Inc ECC CA-3		 2024-01-18 -
2024-12-31		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2024-02-05 -
2024-05-05		 3 months crt.sh
www.bing.com
Microsoft Azure TLS Issuing CA 01		 2024-04-28 -
2024-06-27		 2 months crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2023-04-12 -
2024-05-13		 a year crt.sh
quantummetric.com
GTS CA 1P5		 2024-04-16 -
2024-07-15		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2024-04-08 -
2024-07-01		 3 months crt.sh
*.quantummetric.com
Sectigo RSA Domain Validation Secure Server CA		 2024-01-19 -
2025-02-13		 a year crt.sh

This page contains 4 frames:

Primary Page: https://www.bathandbodyworks.ca/
Frame ID: 283542350B096B1673A81D0E27B82C59
Requests: 99 HTTP requests in this frame

Frame: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-7bc1c0f.js
Frame ID: 6A4E8E4D24EA361855A1C3FFE5969247
Requests: 7 HTTP requests in this frame

Frame: https://match.adsrvr.org/track/upb/?adv=xhdi368&ref=https%3A%2F%2Fwww.bathandbodyworks.ca%2F&upid=mxb9bzg&upv=1.1.0
Frame ID: 102C07C2640DBBA3298E41729A57B0EA
Requests: 1 HTTP requests in this frame

Frame: https://ingest.quantummetric.com/horizon/bbwca?T=B&u=https%3A%2F%2Fwww.bathandbodyworks.ca%2F&t=1714290074122&v=1714290075249&S=0&N=0&P=0&z=1
Frame ID: 89ECB78D2158412F6C8FA8475D82D921
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Bath & Body Works Canada: Body Care & Home Fragrances You'll Love!

Page URL History Show full URLs

  1. http://www.bathandbodyworks.ca/ HTTP 307
    https://www.bathandbodyworks.ca/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /demandware\.static/
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js

Page Statistics

114
Requests

100 %
HTTPS

0 %
IPv6

17
Domains

26
Subdomains

24
IPs

2
Countries

5630 kB
Transfer

9289 kB
Size

36
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://www.bathandbodyworks.ca/ HTTP 307
    https://www.bathandbodyworks.ca/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 99
  • https://insight.adsrvr.org/track/up?adv=xhdi368&ref=https%3A%2F%2Fwww.bathandbodyworks.ca%2F&upid=mxb9bzg&upv=1.1.0 HTTP 302
  • https://match.adsrvr.org/track/upb/?adv=xhdi368&ref=https%3A%2F%2Fwww.bathandbodyworks.ca%2F&upid=mxb9bzg&upv=1.1.0

114 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.bathandbodyworks.ca/
Redirect Chain
  • http://www.bathandbodyworks.ca/
  • https://www.bathandbodyworks.ca/
210 KB
31 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-84.yul62.r.cloudfront.net
Software
cloudflare /
Resource Hash
52aded04030e9e84ef654af5546348db64caff84e05b7d1ff0b5d9b4be51d153
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
cache-control
no-cache, no-store, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
87b56895591081ab-IAD
content-encoding
gzip
content-security-policy
frame-ancestors 'self'
content-type
text/html;charset=UTF-8
date
Sun, 28 Apr 2024 07:41:12 GMT
expires
Thu, 01 Dec 1994 16:00:00 GMT
pragma
no-cache
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains
vary
accept-encoding
via
1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
x-amz-cf-id
6sixWholBi3rTl0VEBhQg1oD_iUjS8Nh2Fz7r2dm_RZZ1Y3FQjHEYA==
x-amz-cf-pop
YUL62-C1
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-dw-request-base-id
OYeGTGXULGYBAAB_

Redirect headers

Location
https://www.bathandbodyworks.ca/
Non-Authoritative-Reason
HttpsUpgrades
imageReplacement.js
www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/js/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/js/imageReplacement.js
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-84.yul62.r.cloudfront.net
Software
cloudflare /
Resource Hash
8d4c1db85d50200f95edd51f5d03dc76121c98237747bd02111897d0d6567382
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:12 GMT
content-encoding
gzip
via
1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
YUL62-C1
age
76158
x-cache
Miss from cloudfront
cross-origin-resource-policy
cross-origin
last-modified
Tue, 06 Feb 2024 20:33:54 GMT
server
cloudflare
vary
accept-encoding
content-type
text/javascript
cache-control
public, max-age=2592000
cf-ray
87b5689758bd7fc3-IAD
x-dw-request-base-id
OYd7RxrULGYBAAB_
x-amz-cf-id
fwSGFFtcm5MvUzK41SWnCIqZ44pf2wrIoIoyHZOz9TtbASwaCtRB3A==
expires
Mon, 27 May 2024 10:31:54 GMT
main.js
www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/js/ 		490 KB
143 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/js/main.js
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-84.yul62.r.cloudfront.net
Software
cloudflare /
Resource Hash
1e4e6657efabad62e5374766366f83f939a65931040b18c9b4002c136ecdab23
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:12 GMT
content-encoding
gzip
via
1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
YUL62-C1
age
76158
x-cache
Miss from cloudfront
cross-origin-resource-policy
cross-origin
last-modified
Tue, 06 Feb 2024 20:33:54 GMT
server
cloudflare
vary
accept-encoding
content-type
text/javascript
cache-control
public, max-age=2592000
cf-ray
87b568975e0b2000-IAD
x-dw-request-base-id
OYd8RxrULGYBAAB_
x-amz-cf-id
hQAip2bbHFWEXVzkrc5XqX2UY7RkuHcjm7JKVb5Emipovpx7h8t8yw==
expires
Mon, 27 May 2024 10:31:54 GMT
productTile.js
www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/js/ 		145 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/js/productTile.js
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-84.yul62.r.cloudfront.net
Software
cloudflare /
Resource Hash
6ba279aae921839aca81fa1836683652017d0053514befa87d9221609b1357c6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:12 GMT
content-encoding
gzip
via
1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
YUL62-C1
age
76157
x-cache
Miss from cloudfront
cross-origin-resource-policy
cross-origin
last-modified
Tue, 06 Feb 2024 20:33:54 GMT
server
cloudflare
vary
accept-encoding
content-type
text/javascript
cache-control
public, max-age=2592000
cf-ray
87b568991e663b36-IAD
x-dw-request-base-id
OYehRxvULGYBAAB_
x-amz-cf-id
qWpuLotNxHF6x8fVweoEwmoktfLq7f2k0xmPR2HAzLHmpN5PnPhZZg==
expires
Mon, 27 May 2024 10:31:55 GMT
wishlistProduct.js
www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/js/ 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/js/wishlistProduct.js
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-84.yul62.r.cloudfront.net
Software
cloudflare /
Resource Hash
ea6a2acc0548e0a2b8ff7d65d97626bd7f896d6296442819b5b01112959db0da
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:12 GMT
content-encoding
gzip
via
1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
YUL62-C1
age
76157
x-cache
Miss from cloudfront
cross-origin-resource-policy
cross-origin
last-modified
Tue, 06 Feb 2024 20:33:54 GMT
server
cloudflare
vary
accept-encoding
content-type
text/javascript
cache-control
public, max-age=2592000
cf-ray
87b568991dea5767-IAD
x-dw-request-base-id
OYejRxvULGYBAAB_
x-amz-cf-id
jyDzy9tw_M1BCAZaWoo60aQHRnogXftHsrr5G6eS3ByGnhVeaxovRA==
expires
Mon, 27 May 2024 10:31:55 GMT
wishlist.js
www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/js/ 		45 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/js/wishlist.js
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-84.yul62.r.cloudfront.net
Software
cloudflare /
Resource Hash
01050a730fedaba86de32287827f43d81f86768bbccd32ccd999d103d44154ae
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:12 GMT
content-encoding
gzip
via
1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
YUL62-C1
age
76157
x-cache
Miss from cloudfront
cross-origin-resource-policy
cross-origin
last-modified
Tue, 06 Feb 2024 20:33:54 GMT
server
cloudflare
vary
accept-encoding
content-type
text/javascript
cache-control
public, max-age=2592000
cf-ray
87b568993f3805e9-IAD
x-dw-request-base-id
OYemRxvULGYBAAB_
x-amz-cf-id
e3Lky_PpliPNBDh5ZVtEEMRLTz-kNA1sWMU1xbWoNW4myulxl2W7lQ==
expires
Mon, 27 May 2024 10:31:55 GMT
jRespond.min.js
www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/lib/js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/lib/js/jRespond.min.js
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-84.yul62.r.cloudfront.net
Software
cloudflare /
Resource Hash
fac90e3fae6b4554d908c9518ae6ad788d3ccd470bd5eaf62e70c5db9bf90531
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:12 GMT
content-encoding
gzip
via
1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
YUL62-C1
age
76158
x-cache
Miss from cloudfront
cross-origin-resource-policy
cross-origin
last-modified
Tue, 06 Feb 2024 20:33:54 GMT
server
cloudflare
vary
accept-encoding
content-type
text/javascript
cache-control
public, max-age=2592000
cf-ray
87b568975a158199-IAD
x-dw-request-base-id
OYeCRxrULGYBAAB_
x-amz-cf-id
NpURXWuV0rKrXy5GdnkfmUxyrwvRU8w3hZ88iKccaFdl_hnzaRgURQ==
expires
Mon, 27 May 2024 10:31:54 GMT
thirdParties.js
www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/js/ 		130 KB
44 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/js/thirdParties.js
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-84.yul62.r.cloudfront.net
Software
cloudflare /
Resource Hash
46457384633208f30ed19d2dae892aacf4a57991bb7c2986e2d572189ab0bbe6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:12 GMT
content-encoding
gzip
via
1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
YUL62-C1
age
76157
x-cache
Miss from cloudfront
cross-origin-resource-policy
cross-origin
last-modified
Tue, 06 Feb 2024 20:33:54 GMT
server
cloudflare
vary
accept-encoding
content-type
text/javascript
cache-control
public, max-age=2592000
cf-ray
87b568998f7805e9-IAD
x-dw-request-base-id
OYecRxvULGYBAAB_
x-amz-cf-id
63V16RE_l2cAQHe2mgiHUoUGRO8kkQr5ZTkyNhaxUUBWyCkj4p1Sbg==
expires
Mon, 27 May 2024 10:31:55 GMT
picturefill.min.js
www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/lib/js/ 		12 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/lib/js/picturefill.min.js
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-84.yul62.r.cloudfront.net
Software
cloudflare /
Resource Hash
893fa7fe8b6e69e2828319c04a7cbb6f129ea820db695d4ced5757d59450b6a8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:12 GMT
content-encoding
gzip
via
1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
YUL62-C1
age
76156
x-cache
Miss from cloudfront
cross-origin-resource-policy
cross-origin
last-modified
Tue, 06 Feb 2024 20:33:54 GMT
server
cloudflare
vary
accept-encoding
content-type
text/javascript
cache-control
public, max-age=2592000
cf-ray
87b568998e31056c-IAD
x-dw-request-base-id
OYepRxzULGYBAAB_
x-amz-cf-id
fhnT_fwTnyGeCbBJ7RFHDUPsnU-2XhVTcTCTfr6OMA-lc8dUKzFNLA==
expires
Mon, 27 May 2024 10:31:56 GMT
lazysizes.min.js
www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/lib/js/ 		8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/lib/js/lazysizes.min.js
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-84.yul62.r.cloudfront.net
Software
cloudflare /
Resource Hash
3d9120fa621da6d613c1698b7014ec6bdf4620366e8f2b7b547059f4b6f6272b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:12 GMT
content-encoding
gzip
via
1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
YUL62-C1
age
76156
x-cache
Miss from cloudfront
cross-origin-resource-policy
cross-origin
last-modified
Tue, 06 Feb 2024 20:33:54 GMT
server
cloudflare
vary
accept-encoding
content-type
text/javascript
cache-control
public, max-age=2592000
cf-ray
87b568998c0f05a5-IAD
x-dw-request-base-id
OYeqRxzULGYBAAB_
x-amz-cf-id
0TUPz-VEiB1OQvYSfQ3LLwFz_yT2Y-dCpcU5X5IjPKyfZNRupeoGxQ==
expires
Mon, 27 May 2024 10:31:56 GMT
ls.blur-up.min.js
www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/lib/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/lib/js/ls.blur-up.min.js
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-84.yul62.r.cloudfront.net
Software
cloudflare /
Resource Hash
410b8bb543fe7d0651d9c8ad0365d0c4a0fbe3edfafc6d9e1227e137bc216f67
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:12 GMT
content-encoding
gzip
via
1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
YUL62-C1
age
76156
x-cache
Miss from cloudfront
cross-origin-resource-policy
cross-origin
last-modified
Tue, 06 Feb 2024 20:33:54 GMT
server
cloudflare
vary
accept-encoding
content-type
text/javascript
cache-control
public, max-age=2592000
cf-ray
87b568997fa32000-IAD
x-dw-request-base-id
OYerRxzULGYBAAB_
x-amz-cf-id
JkQjOemGIUE7x5-Lf0nfm1ASNLSEr7G7IOpL36aW5HKINtdpNM_GNA==
expires
Mon, 27 May 2024 10:31:56 GMT
global.css
www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/css/ 		388 KB
61 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/css/global.css
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-84.yul62.r.cloudfront.net
Software
cloudflare /
Resource Hash
66db64c3240ecbdabe58b7c81a1f160fa8229232e3d34bf9b812bc7954f1935f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:12 GMT
content-encoding
gzip
via
1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
YUL62-C1
age
76158
x-cache
Miss from cloudfront
cross-origin-resource-policy
cross-origin
last-modified
Tue, 06 Feb 2024 20:33:54 GMT
server
cloudflare
vary
accept-encoding
content-type
text/css
cache-control
public, max-age=2592000
cf-ray
87b56897ab0a3961-IAD
x-dw-request-base-id
OYeBRxrULGYBAAB_
x-amz-cf-id
LcAgXgw0rpiSKxoK9VIeraiLQ38hy77MGv5UM_E7M39eN7AVXH-sWQ==
expires
Mon, 27 May 2024 10:31:54 GMT
wishlist.css
www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/css/ 		13 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/css/wishlist.css
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-84.yul62.r.cloudfront.net
Software
cloudflare /
Resource Hash
210eaa5c6d21df2fd80fd304d7f0ce3c59c51d988f4e57f00faa65eb6a07eca4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:12 GMT
content-encoding
gzip
via
1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
YUL62-C1
age
76157
x-cache
Miss from cloudfront
cross-origin-resource-policy
cross-origin
last-modified
Tue, 06 Feb 2024 20:33:54 GMT
server
cloudflare
vary
accept-encoding
content-type
text/css
cache-control
public, max-age=2592000
cf-ray
87b56897ad413b36-IAD
x-dw-request-base-id
OYeaRxvULGYBAAB_
x-amz-cf-id
_T6bKSw_C2T7edQQICylpEe0z8LOnbRA0mdtHJCwrgoSZIap0qmC9Q==
expires
Mon, 27 May 2024 10:31:55 GMT
homePage.css
www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/css/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/css/homePage.css
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-84.yul62.r.cloudfront.net
Software
cloudflare /
Resource Hash
137026282609c5ef1288e13b73a1cd6f1a6ef4d3e139f27cf9e49c04c3e77808
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:12 GMT
content-encoding
gzip
via
1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
YUL62-C1
age
76152
x-cache
Miss from cloudfront
cross-origin-resource-policy
cross-origin
last-modified
Tue, 06 Feb 2024 20:33:54 GMT
server
cloudflare
vary
accept-encoding
content-type
text/css
cache-control
public, max-age=2592000
cf-ray
87b568976ad43961-IAD
x-dw-request-base-id
OYf3RyDULGYBAAB_
x-amz-cf-id
0CS0dfoO7mUcPBI6Qhxv4pLFZK_HdnMp1Z7KFJYhXDwGLSqYhvKWjA==
expires
Mon, 27 May 2024 10:32:00 GMT
otSDKStub.js
cdn.cookielaw.org/scripttemplates/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.177.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6f08699117c1f15f6d35e7b4380d12d18a1881f075e177b5853b1017a3307544
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Sun, 28 Apr 2024 07:41:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
zgTRIDojRJmnmBTwUyI2Vw==
age
49735
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
6882
x-ms-lease-status
unlocked
last-modified
Thu, 25 Apr 2024 20:00:12 GMT
server
cloudflare
etag
0x8DC6562513BC785
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
73ddc489-601e-005b-02f4-9700b8000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
87b568978b15a1e0-YYZ
collect.js
7316103.collect.igodigital.com/ 		8 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://7316103.collect.igodigital.com/collect.js
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.192.218.136 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-192-218-136.compute-1.amazonaws.com
Software
/
Resource Hash
463faad63e59f653f8367ca1bd38629a240ebd4f2165c313e660933acc322b04

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:12 GMT
content-encoding
gzip
last-modified
Fri, 26 Apr 2024 21:41:44 GMT
vary
Accept-Encoding
content-type
application/javascript
skin.css
www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/css/skin/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/css/skin/skin.css
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-84.yul62.r.cloudfront.net
Software
cloudflare /
Resource Hash
24b711c3998191cf7608c12d15887d9d87320ed1dc12b06ce983a68f584809f9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:12 GMT
content-encoding
gzip
via
1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
YUL62-C1
age
76158
x-cache
Miss from cloudfront
cross-origin-resource-policy
cross-origin
last-modified
Tue, 06 Feb 2024 20:33:54 GMT
server
cloudflare
vary
accept-encoding
content-type
text/css
cache-control
public, max-age=2592000
cf-ray
87b56897bb7412c3-IAD
x-dw-request-base-id
OYd9RxrULGYBAAB_
x-amz-cf-id
OtrA7MHz09w6aCo6kCyTuLu1ehR8ITd83LF77EPJmbgEQJ0aopiOMQ==
expires
Mon, 27 May 2024 10:31:54 GMT
radial_payments.js
hostedpayments.radial.com/hosted-payments/ 		84 KB
85 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hostedpayments.radial.com/hosted-payments/radial_payments.js
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.136.242.212 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-136-242-212.us-east-2.compute.amazonaws.com
Software
Apache-Coyote/1.1 /
Resource Hash
3ee2ee943900eb4065cbc4fd98dae33f441e549ef61a1f62ab985dca8b07d34b
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Pragma
no-cache
Date
Sun, 28 Apr 2024 07:39:52 GMT
Server
Apache-Coyote/1.1
X-Frame-Options
SAMEORIGIN
transfer-encoding
chunked
Content-Language
en-CA
Content-Type
text/html;charset=UTF-8
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Connection
keep-alive
X-Application-Context
application:prodeast:8080
Expires
0
cbt.js
www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/js/ 		110 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/js/cbt.js
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-84.yul62.r.cloudfront.net
Software
cloudflare /
Resource Hash
14eefa3f54b37c5618ae9b2e4b3f17b25fb99882be2f25dc6539bd70d8af3c7b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:12 GMT
content-encoding
gzip
via
1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
YUL62-C1
age
76158
x-cache
Miss from cloudfront
cross-origin-resource-policy
cross-origin
last-modified
Tue, 06 Feb 2024 20:34:20 GMT
server
cloudflare
vary
accept-encoding
content-type
text/javascript
cache-control
public, max-age=2592000
cf-ray
87b56897bd665767-IAD
x-dw-request-base-id
OYd-RxrULGYBAAB_
x-amz-cf-id
W6hOl5QGYcmOvM2VwMsuRJ0wfuCo2IoRa1en9ylur449LrwVDEKXXw==
expires
Mon, 27 May 2024 10:31:54 GMT
logo.svg
www.bathandbodyworks.ca/on/demandware.static/-/Sites/default/dwafa3700f/images/logo/ 		3 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bathandbodyworks.ca/on/demandware.static/-/Sites/default/dwafa3700f/images/logo/logo.svg
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-84.yul62.r.cloudfront.net
Software
cloudflare /
Resource Hash
49d099626ec42e634441708d66bc30f119f645c8c84861425adf3df43ece29ed
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:12 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
cf-cache-status
HIT
via
1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
x-amz-cf-pop
YUL62-C1
age
904598
x-cache
Miss from cloudfront
cross-origin-resource-policy
cross-origin
last-modified
Tue, 04 Jan 2022 21:46:05 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=2592000
cf-ray
87b568999cab3961-IAD
x-dw-request-base-id
OYedKgGj-GUBAAB_
x-amz-cf-id
oZqeJul1cdKAnXK5paX4jUHUYyn7zmWSdgy_CmCtdm43M9ipie3qdg==
expires
Fri, 17 May 2024 20:24:34 GMT
UI-Close-blue.svg
www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/default/dw647d35c2/images/ui/ 		230 B
710 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/default/dw647d35c2/images/ui/UI-Close-blue.svg
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-84.yul62.r.cloudfront.net
Software
cloudflare /
Resource Hash
ca4a8ac37d52ee0b7e4c09b000bdbeff886e08a725e9d7249e651bedd76dc0cc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:12 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
cf-cache-status
HIT
via
1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
x-amz-cf-pop
YUL62-C1
age
915353
x-cache
Miss from cloudfront
cross-origin-resource-policy
cross-origin
last-modified
Wed, 03 Apr 2024 18:51:36 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=2592000
cf-ray
87b568998ba881ab-IAD
x-dw-request-base-id
OYerBf8FIGYBAAB_
x-amz-cf-id
iWSu8bopR31kkHZdXELHfbty4FJkRANFNWEmSUFe573fIIaC-WjOoQ==
expires
Fri, 17 May 2024 17:25:19 GMT
UI-Search.svg
www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/default/dw2081228d/images/ui/ 		414 B
806 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/default/dw2081228d/images/ui/UI-Search.svg
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-84.yul62.r.cloudfront.net
Software
cloudflare /
Resource Hash
a64f799b2116f3da8ceabfee50a26fbcbc7950ee4be81780174e738843a03e24
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:12 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
cf-cache-status
HIT
via
1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
x-amz-cf-pop
YUL62-C1
age
919919
x-cache
Miss from cloudfront
cross-origin-resource-policy
cross-origin
last-modified
Wed, 03 Apr 2024 18:51:36 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=2592000
cf-ray
87b568998f896faa-IAD
x-dw-request-base-id
OYfrtCn0H2YBAAB_
x-amz-cf-id
6M84tSWMUc8sxv6bkGrYHpGs_EIsiE1XlxJgd7SktR3HOOIWMm1GrQ==
expires
Fri, 17 May 2024 16:09:13 GMT
topofers.svg
www.bathandbodyworks.ca/on/demandware.static/-/Sites-bbw_ca-storefront-catalog/default/dw473da7e6/images/category/ 		664 B
939 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bathandbodyworks.ca/on/demandware.static/-/Sites-bbw_ca-storefront-catalog/default/dw473da7e6/images/category/topofers.svg
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-84.yul62.r.cloudfront.net
Software
cloudflare /
Resource Hash
cf8f32ba274c51f95e3c6760360d46785b37a2e5be29967f229c5b24ed6d122b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:12 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
cf-cache-status
HIT
via
1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
x-amz-cf-pop
YUL62-C1
age
904583
x-cache
Miss from cloudfront
cross-origin-resource-policy
cross-origin
last-modified
Wed, 04 Aug 2021 07:02:46 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=2592000
cf-ray
87b5689988d39c18-IAD
x-dw-request-base-id
OYdgKxCj-GUBAAB_
x-amz-cf-id
_wzwhvg0ww-wuTPFO6_d5ysENDqydtc3VZTFYzqKUgCY0i9XX8W4kQ==
expires
Fri, 17 May 2024 20:24:49 GMT
megamenu-mobile_primary-carat.svg
www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/default/dw71887e96/images/ui/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/default/dw71887e96/images/ui/megamenu-mobile_primary-carat.svg
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-84.yul62.r.cloudfront.net
Software
cloudflare /
Resource Hash
fce36f490ff2993a6cd7d983cf2026b27e079115ea9d111920d90f663d34ddc3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:12 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
cf-cache-status
HIT
via
1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
x-amz-cf-pop
YUL62-C1
age
931426
x-cache
Miss from cloudfront
cross-origin-resource-policy
cross-origin
last-modified
Wed, 03 Apr 2024 18:51:36 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=2592000
cf-ray
87b568999a4e7fc3-IAD
x-dw-request-base-id
OYeLKzbHH2YBAAB_
x-amz-cf-id
7OM6Yak3fHUpFI_Q52pFBRG3mZO7V3ksimjeHwWdcqFekhsMhuQbZw==
expires
Fri, 17 May 2024 12:57:26 GMT
storeLocator.svg
www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/default/dw7ae71771/images/ui/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/default/dw7ae71771/images/ui/storeLocator.svg
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-84.yul62.r.cloudfront.net
Software
cloudflare /
Resource Hash
7651dc32bb4500f625221f9abed5493e02680f4a7822495f2b5bda96e9875473
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:12 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
cf-cache-status
HIT
via
1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
x-amz-cf-pop
YUL62-C1
age
908168
x-cache
Miss from cloudfront
cross-origin-resource-policy
cross-origin
last-modified
Wed, 03 Apr 2024 18:51:36 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=2592000
cf-ray
87b56899881239a6-IAD
x-dw-request-base-id
OYeJPxAiIGYBAAB_
x-amz-cf-id
oTnopBqd_uae5-3wMwkW0RZiR3FXuPOnFhxaygKVSCQr1cFJElZdMw==
expires
Fri, 17 May 2024 19:25:04 GMT
UI-MyAccount-v2.svg
www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/default/dw05573697/images/ui/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/default/dw05573697/images/ui/UI-MyAccount-v2.svg
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-84.yul62.r.cloudfront.net
Software
cloudflare /
Resource Hash
b66c67d0eba97c7443420e38822e1f6f6c80a674f3a42b616480d5fda4f27fb4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:12 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
cf-cache-status
HIT
via
1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
x-amz-cf-pop
YUL62-C1
age
908960
x-cache
Miss from cloudfront
cross-origin-resource-policy
cross-origin
last-modified
Wed, 03 Apr 2024 18:51:36 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=2592000
cf-ray
87b568999a8281ff-IAD
x-dw-request-base-id
OYcLA_geIGYBAAB_
x-amz-cf-id
SbWfcpHFuNET7wtDkysoGICMdiiJAwcNKbkXZa9n_YqP7ZRqUNp0hw==
expires
Fri, 17 May 2024 19:11:52 GMT
snippet.js
static.zdassets.com/ekr/ 		10 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/ekr/snippet.js?key=0ed8e7db-9fcc-4fa1-a2bb-77aefc709ab0
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ce337ec7dda4b3a741363a2673c7edce5c736f1660e2aa908131ecfd9dd1343f
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:12 GMT
x-amz-version-id
sR7NItkX1i3nKckB5vEat7T2DUmPnRiJ
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
ATPJN2BBRNAVEP8C
age
52
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-id-2
yZSnXp5joC1jEUcdstI6JJxXe+57NDQVrgC8bP2Gtlxd0OKsnfmbb0FPfdOCVjDBGs07rFDX82g=
last-modified
Mon, 15 Jan 2024 02:56:11 GMT
server
cloudflare
etag
W/"c0053b411b753138af468db1bd3b19f3"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gjDkHeXO9SXtlgYMo43u4faW9OtPQ53TjgIKTIsZ6WPTltAyBX%2Fdc7aIlDPymAASA7ZkIjJ0joDTIor6GPgs7Igt67xNZXQ2nzi%2Bz%2FGR2jDEYOcRXJ95Ehg%2FJBAYaXpIfSShhps%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
access-control-allow-methods
GET, HEAD
cache-control
public, max-age=3600, s-maxage=60
access-control-max-age
0
cf-ray
87b56897b98654a9-YYZ
access-control-allow-headers
*
BBWCD_image_not_availble_EN.jpg
www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/default/dw22541405/images/ 		21 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/default/dw22541405/images/BBWCD_image_not_availble_EN.jpg
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-84.yul62.r.cloudfront.net
Software
cloudflare /
Resource Hash
c345f80b553a73c1332c0b5b038758c5fef27f5034065ee783037d5422eb1761
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:12 GMT
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-cf-pop
YUL62-C1
age
908960
cf-polished
origSize=24745
x-cache
Miss from cloudfront
cross-origin-resource-policy
cross-origin
content-length
21376
cf-bgj
imgq:85,h2pri
last-modified
Wed, 03 Apr 2024 18:51:36 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
87b56897da7e8199-IAD
x-dw-request-base-id
OYcKA_geIGYBAAB_
x-amz-cf-id
awtEJ9RpMAXJqyKz_aftITnhb3L5UQ4hhrZYNUuZfVb1virnpp32Qg==
expires
Fri, 17 May 2024 19:11:52 GMT
dwanalytics-22.2.js
www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/internal/jscript/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/internal/jscript/dwanalytics-22.2.js
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-84.yul62.r.cloudfront.net
Software
cloudflare /
Resource Hash
a9b2a97b95ecaab1920aba84b26169c23a38e0513c2d4423ab9c0102b96cb195
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:12 GMT
content-encoding
gzip
via
1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
YUL62-C1
age
76156
x-cache
Miss from cloudfront
cross-origin-resource-policy
cross-origin
last-modified
Sat, 27 Apr 2024 10:31:56 GMT
server
cloudflare
vary
accept-encoding
content-type
text/javascript
cache-control
public, max-age=2592000
cf-ray
87b568999ed43b36-IAD
x-dw-request-base-id
OYe7RxzULGYBAAB_
x-amz-cf-id
dN22Y1I1j2aXyZsdftNvKryHyg8bRXjWg3wIE6eC5z-eCNNNSShvFA==
expires
Mon, 27 May 2024 10:31:56 GMT
dwac-21.7.js
www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/internal/jscript/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/internal/jscript/dwac-21.7.js
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-84.yul62.r.cloudfront.net
Software
cloudflare /
Resource Hash
a7d87091d363393cdfb559f44f41e447f70b67917b9dedb3e97c2a8d476e1ea8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:12 GMT
content-encoding
gzip
via
1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
YUL62-C1
age
76156
x-cache
Miss from cloudfront
cross-origin-resource-policy
cross-origin
last-modified
Sat, 27 Apr 2024 10:31:56 GMT
server
cloudflare
vary
accept-encoding
content-type
text/javascript
cache-control
public, max-age=2592000
cf-ray
87b568999a701753-IAD
x-dw-request-base-id
OYe1RxzULGYBAAB_
x-amz-cf-id
L4wmbdsTko6JfNoZn-E3RZv5Dux3p7TkLGkDu8JpJ2GRwFTRvB7Szg==
expires
Mon, 27 May 2024 10:31:56 GMT
gretel.min.js
cdn.cquotient.com/js/v2/ 		65 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cquotient.com/js/v2/gretel.min.js
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.4.149 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-4-149.yul62.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
709de1b955852f8d94747824000c07f253a89a03078941703df9859d2e75c252

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:06:19 GMT
content-encoding
gzip
via
1.1 b9608c5d714fa42feebf61497cac7bd4.cloudfront.net (CloudFront)
last-modified
Tue, 05 Mar 2024 18:43:25 GMT
server
AmazonS3
x-amz-cf-pop
YUL62-P2
age
2094
x-amz-server-side-encryption
AES256
etag
W/"5a46adde69ff5afdefaed355873317e1"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=3600
x-amz-cf-id
3Nuk_9X14LRH8FgFzCi5eJmKR1sOusdVa5R_5u8-Hll7LLpxwfA7yQ==
applepay.js
www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/internal/jscript/ 		14 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/internal/jscript/applepay.js
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-84.yul62.r.cloudfront.net
Software
cloudflare /
Resource Hash
3e7938fd5c17bb1b600de328beb4372fd16d07ef78ec200436f4b683d465ffa0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:12 GMT
content-encoding
gzip
via
1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
YUL62-C1
age
76156
x-cache
Miss from cloudfront
cross-origin-resource-policy
cross-origin
last-modified
Sat, 27 Apr 2024 10:31:56 GMT
server
cloudflare
vary
accept-encoding
content-type
text/javascript
cache-control
public, max-age=2592000
cf-ray
87b568999c6a690c-IAD
x-dw-request-base-id
OYe6RxzULGYBAAB_
x-amz-cf-id
KaTRdso22IvVYV9BJLUtqiUbev2ynBxexd5atlaXccor541A_MDqCg==
expires
Mon, 27 May 2024 10:31:56 GMT
css
fonts.googleapis.com/ 		1 KB
982 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Dosis&subset=latin-ext
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/css/global.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.115.95 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bg-in-f95.1e100.net
Software
ESF /
Resource Hash
624e86189772b537bac6cdd7473595a69d9b90241203e2422fb4b5f0aa8e7014
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Sun, 28 Apr 2024 07:41:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/bcfae741e379a885f2ab2cf83ebe6d32/mr
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sun, 28 Apr 2024 06:12:49 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 28 Apr 2024 07:41:12 GMT
599fce23-4c9d-4950-9fdd-7c3104112b8b.json
cdn.cookielaw.org/consent/599fce23-4c9d-4950-9fdd-7c3104112b8b/ 		4 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/599fce23-4c9d-4950-9fdd-7c3104112b8b/599fce23-4c9d-4950-9fdd-7c3104112b8b.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.177.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3ef97c872ee8199f094bbde0f22d34c3fbdf786330ab2ec9eb5e540aa073e3d8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Sun, 28 Apr 2024 07:41:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
36357
content-md5
2SrmIwLD/LjMlkXxwkZnvw==
content-length
1554
x-ms-lease-status
unlocked
last-modified
Fri, 27 Oct 2023 18:45:39 GMT
server
cloudflare
etag
0x8DBD71CEA54FD61
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
7a1a09a4-801e-006c-8087-0cd214000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
87b568994c7036b3-YYZ
expires
Mon, 29 Apr 2024 07:41:12 GMT
track_page_view
nova.collect.igodigital.com/c2/7316103/ 		43 B
798 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nova.collect.igodigital.com/c2/7316103/track_page_view?payload=%7B%22title%22%3A%22Bath%20%26%20Body%20Works%20Canada%3A%20Body%20Care%20%26%20Home%20Fragrances%20You%27ll%20Love!%22%2C%22url%22%3A%22https%3A%2F%2Fwww.bathandbodyworks.ca%2F%22%2C%22referrer%22%3A%22%22%7D
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.192.218.136 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-192-218-136.compute-1.amazonaws.com
Software
/
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-runtime
0.006874
date
Sun, 28 Apr 2024 07:41:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
x-permitted-cross-domain-policies
none
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/gif
cache-control
private
content-transfer-encoding
binary
content-disposition
inline
x-xss-protection
1; mode=block
x-request-id
c7aeac58-32f1-4e90-b9a4-ba898152a397
0ed8e7db-9fcc-4fa1-a2bb-77aefc709ab0
ekr.zdassets.com/compose/ 		982 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ekr.zdassets.com/compose/0ed8e7db-9fcc-4fa1-a2bb-77aefc709ab0
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=0ed8e7db-9fcc-4fa1-a2bb-77aefc709ab0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.70.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c47fa7768df06b591d64141556669e9378917109559cc669d050f082c62b0264
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:12 GMT
strict-transport-security
max-age=0
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies
none
age
15
content-encoding
br
cdn-cache-control
max-age=60
x-xss-protection
1; mode=block
x-request-id
879ecbc6b86a4c52-SEA, 879ecbc6b86a4c52-SEA
x-runtime
0.006159
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"c47fa7768df06b591d64141556669e93"
x-download-options
noopen
x-frame-options
SAMEORIGIN
access-control-max-age
7200
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u4wVabt5HZSu7LtJfNGyyC35QntUP%2BD2iBpAvgHyRfEQEnJ0vG3KP8c7pK5REAknLfCxN1bUA08Qy7OSjHwFMn2c0I5TdDdyUMVUMBPrhy6OH88L%2BNumDs71O77Lsnq%2FhXE%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
vary
Accept, Origin, Accept-Encoding
cache-control
max-age=300, public, stale-while-revalidate=300, stale-if-error=21600
content-type
application/json; charset=utf-8
x-zendesk-zorg
yes
cf-ray
87b568999bb13705-YYZ
pbbg.jpg
www.bathandbodyworks.ca/on/demandware.static/-/Library-Sites-BBWCASharedLibrary/default/dw46f91aae/images/promoBanner/ 		852 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bathandbodyworks.ca/on/demandware.static/-/Library-Sites-BBWCASharedLibrary/default/dw46f91aae/images/promoBanner/pbbg.jpg
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-84.yul62.r.cloudfront.net
Software
cloudflare /
Resource Hash
dc02bdeae2dad0e17a3ad06f77cd98993ca6443762db26ca69f4377c6b43964e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:12 GMT
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-cf-pop
YUL62-C1
age
918893
cf-polished
degrade=85, origSize=1859
x-cache
Miss from cloudfront
cross-origin-resource-policy
cross-origin
content-length
852
cf-bgj
imgq:85,h2pri
last-modified
Sun, 18 Jul 2021 19:21:54 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
87b568996eab3b36-IAD
x-dw-request-base-id
OYd_Zipr-GUBAAB_
x-amz-cf-id
eUVs1GCJ535ijURNy5Ed9uMMXIgGOU-ad6QDAZYsPyXKet25-Rn6sw==
expires
Fri, 17 May 2024 16:26:19 GMT
ca.svg
www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/fonts/flags/4x3/ 		728 B
968 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/fonts/flags/4x3/ca.svg
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/css/global.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-84.yul62.r.cloudfront.net
Software
cloudflare /
Resource Hash
5bda905693ffed32df95f79a8eeac1fbf062630de05f48875e109c35681e2331
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/css/global.css
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:12 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
cf-cache-status
HIT
via
1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
x-amz-cf-pop
YUL62-C1
age
76156
x-cache
Miss from cloudfront
cross-origin-resource-policy
cross-origin
last-modified
Tue, 06 Feb 2024 20:34:14 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=2592000
cf-ray
87b56899b82c39a6-IAD
x-dw-request-base-id
OYe-RxzULGYBAAB_
x-amz-cf-id
3II-_dLrRytrExeafnC0CvZClperAQSoaJgYk--tzh_X7upGMg66XA==
expires
Mon, 27 May 2024 10:31:56 GMT
SourceSansPro-Regular.woff2
www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/fonts/source-sans-pro/ 		77 KB
77 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/fonts/source-sans-pro/SourceSansPro-Regular.woff2
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/css/global.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-84.yul62.r.cloudfront.net
Software
cloudflare /
Resource Hash
63597cf8ff61996a7b945498413fbf409d8eedf759d382cc67bedd370d7adb23
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/css/global.css
Origin
https://www.bathandbodyworks.ca
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:12 GMT
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-cf-pop
YUL62-C1
age
76156
x-cache
Miss from cloudfront
cross-origin-resource-policy
cross-origin
content-length
78672
last-modified
Tue, 06 Feb 2024 20:33:54 GMT
server
cloudflare
vary
Accept-Encoding
content-type
font/woff2
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
87b56899fe6e056c-IAD
x-dw-request-base-id
OYevRxzULGYBAAB_
x-amz-cf-id
2Kv1C0YyfDmLWkMCxrPpqcbKrJcOLOudRXlObjI_Oqtayl1gCJhl8Q==
expires
Mon, 27 May 2024 10:31:56 GMT
SourceSansPro-SemiBold.woff2
www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/fonts/source-sans-pro/ 		77 KB
77 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/fonts/source-sans-pro/SourceSansPro-SemiBold.woff2
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/css/global.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-84.yul62.r.cloudfront.net
Software
cloudflare /
Resource Hash
a21d2ad8d5bb69e81d1f6fd0e3f84c27bd7bc5558ce6baadd520a913b26a9c11
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/css/global.css
Origin
https://www.bathandbodyworks.ca
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:12 GMT
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-cf-pop
YUL62-C1
age
76156
x-cache
Miss from cloudfront
cross-origin-resource-policy
cross-origin
content-length
78488
last-modified
Tue, 06 Feb 2024 20:33:54 GMT
server
cloudflare
vary
Accept-Encoding
content-type
font/woff2
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
87b56899ffc605e9-IAD
x-dw-request-base-id
OYewRxzULGYBAAB_
x-amz-cf-id
I6MZVHoxhlskIC-z6I0MmHR6Xv8V13FIbhRIyakq23oMMtTr0cFc2Q==
expires
Mon, 27 May 2024 10:31:56 GMT
SourceSansPro-Bold.woff2
www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/fonts/source-sans-pro/ 		76 KB
78 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/fonts/source-sans-pro/SourceSansPro-Bold.woff2
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/css/global.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-84.yul62.r.cloudfront.net
Software
cloudflare /
Resource Hash
9853e7ee2f1807d61ea20cd49da857438509e4097c8e46cc417a79cd7ccb1885
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/css/global.css
Origin
https://www.bathandbodyworks.ca
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:12 GMT
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-cf-pop
YUL62-C1
age
76156
content-security-policy-report-only
script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=Whfz60GHO3ZP1qbA2tUbpt27XPevVLYltdzvDm9.1qw-1714290072-1.0.1.1-8fZfHb2JaZQ0H4HEYzOzdZM5j74zo_0wIgwxso1z6OPR7qMhU8hx8iMANRQ_5.oPwgJqYE_qRrc.znqtv5f7zQKBfJ8YL7IMJFEVen2UVcSDVVEJKLyRW1JATaUnXEXcbfpc9LpKd92ReV_PBUdQ_cHBN90f0m4SSR.vRR5RGHE; report-to cf-csp-endpoint
x-cache
Miss from cloudfront
cross-origin-resource-policy
cross-origin
content-length
78284
last-modified
Tue, 06 Feb 2024 20:33:54 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=Whfz60GHO3ZP1qbA2tUbpt27XPevVLYltdzvDm9.1qw-1714290072-1.0.1.1-8fZfHb2JaZQ0H4HEYzOzdZM5j74zo_0wIgwxso1z6OPR7qMhU8hx8iMANRQ_5.oPwgJqYE_qRrc.znqtv5f7zQKBfJ8YL7IMJFEVen2UVcSDVVEJKLyRW1JATaUnXEXcbfpc9LpKd92ReV_PBUdQ_cHBN90f0m4SSR.vRR5RGHE"}],"group":"cf-csp-endpoint","max_age":86400}
content-type
font/woff2
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
87b56899ffcb6faa-IAD
x-dw-request-base-id
OYexRxzULGYBAAB_
x-amz-cf-id
I9QYQpn0zpS_B-bAW3cpEyX46q-evjQUSV_FGGoMU3gZghbvG5mjgQ==
expires
Mon, 27 May 2024 10:31:56 GMT
sp3_fbc_fbcnew_hvn.jpg
www.bathandbodyworks.ca/on/demandware.static/-/Library-Sites-BBWCASharedLibrary/default/dw484f1499/images/Spring3/ 		64 KB
65 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bathandbodyworks.ca/on/demandware.static/-/Library-Sites-BBWCASharedLibrary/default/dw484f1499/images/Spring3/sp3_fbc_fbcnew_hvn.jpg
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-84.yul62.r.cloudfront.net
Software
cloudflare /
Resource Hash
0bc8cfc9ab6bc84fe0d769da97187ca2a4a2b8d720764471b9dfc6356f9a8b9f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:12 GMT
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-cf-pop
YUL62-C1
age
942060
cf-polished
degrade=85, origSize=249273
x-cache
Miss from cloudfront
cross-origin-resource-policy
cross-origin
content-length
65953
cf-bgj
imgq:85,h2pri
last-modified
Thu, 14 Mar 2024 19:31:51 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=2559249
accept-ranges
bytes
cf-ray
87b56899af9405e9-IAD
x-dw-request-base-id
OYcKeaIQ-GUBAAB_
x-amz-cf-id
IS7OHQTAGF8eoJYozFEfuIJne37qbjWa19lvhAFuZ6azzccxLd0H3A==
expires
Fri, 17 May 2024 10:00:12 GMT
sp3_can_acvn_hvn.jpg
www.bathandbodyworks.ca/on/demandware.static/-/Library-Sites-BBWCASharedLibrary/default/dw9dbd91db/images/Spring3/ 		48 KB
48 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bathandbodyworks.ca/on/demandware.static/-/Library-Sites-BBWCASharedLibrary/default/dw9dbd91db/images/Spring3/sp3_can_acvn_hvn.jpg
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-84.yul62.r.cloudfront.net
Software
cloudflare /
Resource Hash
e71844ff80c7c21c528a79554dffed44055e3e22fa56b39a38bf70f39b435eeb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:12 GMT
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-cf-pop
YUL62-C1
age
904586
cf-polished
degrade=85, origSize=118370
x-cache
Miss from cloudfront
cross-origin-resource-policy
cross-origin
content-length
49027
cf-bgj
imgq:85,h2pri
last-modified
Thu, 14 Mar 2024 19:31:51 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
87b56899ae1913b3-IAD
x-dw-request-base-id
OYciKwuj-GUBAAB_
x-amz-cf-id
OWo-RK77MB2Tg9CKy2cyu280mzp023vxHMJXccsIvKWAN_UuY75pSA==
expires
Fri, 17 May 2024 20:24:46 GMT
sp3_sop_mdsoap_hvn.jpg
www.bathandbodyworks.ca/on/demandware.static/-/Library-Sites-BBWCASharedLibrary/default/dw70b60847/images/Spring3/ 		58 KB
59 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bathandbodyworks.ca/on/demandware.static/-/Library-Sites-BBWCASharedLibrary/default/dw70b60847/images/Spring3/sp3_sop_mdsoap_hvn.jpg
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-84.yul62.r.cloudfront.net
Software
cloudflare /
Resource Hash
8112d1a494c3eee64d38c471f7dce0316aa16ea3ecbe18eda5cc01ca6e83d210
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:12 GMT
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-cf-pop
YUL62-C1
age
942060
cf-polished
degrade=85, origSize=149637
x-cache
Miss from cloudfront
cross-origin-resource-policy
cross-origin
content-length
59551
cf-bgj
imgq:85,h2pri
last-modified
Thu, 14 Mar 2024 19:31:51 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=2565903
accept-ranges
bytes
cf-ray
87b56899ac0012c3-IAD
x-dw-request-base-id
OYcueacQ-GUBAAB_
x-amz-cf-id
C8miXc_2jiSiSIvaBTFwRLxFsvNOvJwvHmgTIzBDHLwpgv2w_84Ocg==
expires
Fri, 17 May 2024 10:00:12 GMT
sp3_dif_mothdaydiff_sit_hvn.jpg
www.bathandbodyworks.ca/on/demandware.static/-/Library-Sites-BBWCASharedLibrary/default/dw0fa2dcfc/images/Spring3/ 		46 KB
47 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bathandbodyworks.ca/on/demandware.static/-/Library-Sites-BBWCASharedLibrary/default/dw0fa2dcfc/images/Spring3/sp3_dif_mothdaydiff_sit_hvn.jpg
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-84.yul62.r.cloudfront.net
Software
cloudflare /
Resource Hash
5e36abce7ddbde18b1220dc12a1f8a5ac252141f11375e148e2e0ee8e7fce2b9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:12 GMT
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-cf-pop
YUL62-C1
age
904593
cf-polished
degrade=85, origSize=123683
x-cache
Miss from cloudfront
cross-origin-resource-policy
cross-origin
content-length
47286
cf-bgj
imgq:85,h2pri
last-modified
Fri, 15 Mar 2024 13:58:20 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
87b56899f8062000-IAD
x-dw-request-base-id
OYffKgWj-GUBAAB_
x-amz-cf-id
EifXgCAE6JOYbeRDJSP6wWvQsM8oZ5ieJssDDtza6xS4z-J2a4kX7w==
expires
Fri, 17 May 2024 20:24:39 GMT
sp2_bc_ssminitrvl_sit_hvn.jpg
www.bathandbodyworks.ca/on/demandware.static/-/Library-Sites-BBWCASharedLibrary/default/dw92e70cbb/images/Spring2/ 		41 KB
42 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bathandbodyworks.ca/on/demandware.static/-/Library-Sites-BBWCASharedLibrary/default/dw92e70cbb/images/Spring2/sp2_bc_ssminitrvl_sit_hvn.jpg
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-84.yul62.r.cloudfront.net
Software
cloudflare /
Resource Hash
2384a7a942da2487510dc7a688c154732481877d545dab05419a4793bf45d246
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:12 GMT
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-cf-pop
YUL62-C1
age
923520
cf-polished
degrade=85, origSize=171064
x-cache
Miss from cloudfront
cross-origin-resource-policy
cross-origin
content-length
42399
cf-bgj
imgq:85,h2pri
last-modified
Wed, 28 Feb 2024 17:53:32 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=2584445
accept-ranges
bytes
cf-ray
87b56899f9289c18-IAD
x-dw-request-base-id
OYfKfRRZ-GUBAAB_
x-amz-cf-id
Ci-pBu0hihWhfRpBdMoNc3kjgo8f6cLmXt9Qt9RLjsTwn_JR_Fv4gQ==
expires
Fri, 17 May 2024 05:49:37 GMT
sp3_xct_mdaygifts_hvn.jpg
www.bathandbodyworks.ca/on/demandware.static/-/Library-Sites-BBWCASharedLibrary/default/dw76411fc6/images/Spring3/ 		42 KB
43 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bathandbodyworks.ca/on/demandware.static/-/Library-Sites-BBWCASharedLibrary/default/dw76411fc6/images/Spring3/sp3_xct_mdaygifts_hvn.jpg
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-84.yul62.r.cloudfront.net
Software
cloudflare /
Resource Hash
ee852f6cdceaf6651cbfd679438c4a3c78b99543850bf7d830f8362788d4112b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:12 GMT
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-cf-pop
YUL62-C1
age
2324471
cf-polished
degrade=85, origSize=189410
x-cache
Miss from cloudfront
cross-origin-resource-policy
cross-origin
content-length
43134
cf-bgj
imgq:85,h2pri
last-modified
Thu, 28 Mar 2024 18:18:47 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
87b56899f86839a6-IAD
x-dw-request-base-id
OYeUk6GFCmYBAAB_
x-amz-cf-id
i3Td9w-yY9mAIZ1etkwynazfPkdBWqnv9rfw6Hxt4WRpJdTQl-CEkQ==
expires
Wed, 01 May 2024 10:00:01 GMT
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 		68 B
306 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.32.137 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0a1309d2ccff026ab4dcf050977befc877505115e4777e240fa328b1781c63ae
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
accept
application/json
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:12 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
cf-ray
87b5689a1be63972-YYZ
access-control-allow-headers
Content-Type
ajax-loader.gif
www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/images/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/images/ajax-loader.gif
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/css/global.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-84.yul62.r.cloudfront.net
Software
cloudflare /
Resource Hash
4283b7de52bd36949abd99c7f8f7a1301ecf3d67f60658fa8c6854eadcb91950
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/css/global.css
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:12 GMT
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-cf-pop
YUL62-C1
age
76153
cf-polished
status=not_needed
x-cache
Miss from cloudfront
cross-origin-resource-policy
cross-origin
content-length
6242
cf-bgj
imgq:85,h2pri
last-modified
Tue, 06 Feb 2024 20:33:54 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/gif
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
87b5689a4c9605a5-IAD
x-dw-request-base-id
OYf2Rx_ULGYBAAB_
x-amz-cf-id
0Ia4S3OLqY0Seg0RsovvRzzgRgemW7nXAxsDYFQbdOWG93PZIxpzbQ==
expires
Mon, 27 May 2024 10:31:59 GMT
gtm.js
www.googletagmanager.com/ 		317 KB
104 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-W67BBTW
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.111.97 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
bk-in-f97.1e100.net
Software
Google Tag Manager /
Resource Hash
c3d7eeb2ab0112f6b2664922bedd08b1bfe8f4e881d89596bc936d3168cf4899
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:12 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
106573
x-xss-protection
0
last-modified
Sun, 28 Apr 2024 06:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sun, 28 Apr 2024 07:41:12 GMT
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/202310.1.0/ 		426 KB
103 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202310.1.0/otBannerSdk.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.177.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
feeb83e3a11fb74465e062a5081f1f6f573ef66197f218a3a86447fefe3166f6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Sun, 28 Apr 2024 07:41:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
1/fYiRcAkidM+2Rc1fEXtg==
age
36374
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
104832
x-ms-lease-status
unlocked
last-modified
Thu, 26 Oct 2023 03:35:14 GMT
server
cloudflare
etag
0x8DBD5D490C850BD
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
fbbc7bb8-101e-0041-2a9a-226167000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
87b5689add33a1e0-YYZ
products-in-a-category-soapstitbi
e.cquotient.com/recs/bgfz-BBW_CA/ 		4 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://e.cquotient.com/recs/bgfz-BBW_CA/products-in-a-category-soapstitbi?callback=CQuotient._callback0&_=1714290072780&_device=windows&userId=&cookieId=bdMbFnvYvKLv4T2acqAPejiJtV&emailId=&anchors=id%3A%3A%7C%7Csku%3A%3A%7C%7Ctype%3A%3A%7C%7Calt_id%3A%3A&slotId=bbw-homepage-middle1-slot&slotConfigId=HP_prodrecco1_0427&slotConfigTemplate=slots%2Frecommendation%2FbbwHomepageRecommendationCarousel.isml&ccver=1.03&realm=BGFZ&siteId=BBW_CA&instanceType=prd&v=v3.1.2&json=%7B%22userId%22%3A%22%22%2C%22cookieId%22%3A%22bdMbFnvYvKLv4T2acqAPejiJtV%22%2C%22emailId%22%3A%22%22%2C%22anchors%22%3A%5B%7B%22id%22%3A%22%22%2C%22sku%22%3A%22%22%2C%22type%22%3A%22%22%2C%22alt_id%22%3A%22%22%7D%5D%2C%22slotId%22%3A%22bbw-homepage-middle1-slot%22%2C%22slotConfigId%22%3A%22HP_prodrecco1_0427%22%2C%22slotConfigTemplate%22%3A%22slots%2Frecommendation%2FbbwHomepageRecommendationCarousel.isml%22%2C%22ccver%22%3A%221.03%22%2C%22realm%22%3A%22BGFZ%22%2C%22siteId%22%3A%22BBW_CA%22%2C%22instanceType%22%3A%22prd%22%2C%22v%22%3A%22v3.1.2%22%7D
Requested by
Host: cdn.cquotient.com
URL: https://cdn.cquotient.com/js/v2/gretel.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.225.115.81 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-225-115-81.compute-1.amazonaws.com
Software
envoy /
Resource Hash
a75c9de995acd82559e8116834e754944ce7bb91abd7bdf414e005509b4670d5
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubdomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:12 GMT
strict-transport-security
max-age=15552000; includeSubdomains
x-content-type-options
nosniff
content-encoding
gzip
server
envoy
etag
W/"fab-PqzwSIbetdWqtndfTbx9flG+XVE"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
cache-control
no-store
x-envoy-upstream-service-time
34
products-in-all-categories-hp
e.cquotient.com/recs/bgfz-BBW_CA/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://e.cquotient.com/recs/bgfz-BBW_CA/products-in-all-categories-hp?callback=CQuotient._callback1&_=1714290072782&_device=windows&userId=&cookieId=bdMbFnvYvKLv4T2acqAPejiJtV&emailId=&anchors=id%3A%3A%7C%7Csku%3A%3A%7C%7Ctype%3A%3A%7C%7Calt_id%3A%3A&slotId=bbw-homepage-recommendation-carousel&slotConfigId=HP_prodrecco2_0318&slotConfigTemplate=slots%2Frecommendation%2FbbwHomepageRecommendationCarousel.isml&ccver=1.03&realm=BGFZ&siteId=BBW_CA&instanceType=prd&v=v3.1.2&json=%7B%22userId%22%3A%22%22%2C%22cookieId%22%3A%22bdMbFnvYvKLv4T2acqAPejiJtV%22%2C%22emailId%22%3A%22%22%2C%22anchors%22%3A%5B%7B%22id%22%3A%22%22%2C%22sku%22%3A%22%22%2C%22type%22%3A%22%22%2C%22alt_id%22%3A%22%22%7D%5D%2C%22slotId%22%3A%22bbw-homepage-recommendation-carousel%22%2C%22slotConfigId%22%3A%22HP_prodrecco2_0318%22%2C%22slotConfigTemplate%22%3A%22slots%2Frecommendation%2FbbwHomepageRecommendationCarousel.isml%22%2C%22ccver%22%3A%221.03%22%2C%22realm%22%3A%22BGFZ%22%2C%22siteId%22%3A%22BBW_CA%22%2C%22instanceType%22%3A%22prd%22%2C%22v%22%3A%22v3.1.2%22%7D
Requested by
Host: cdn.cquotient.com
URL: https://cdn.cquotient.com/js/v2/gretel.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.225.115.81 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-225-115-81.compute-1.amazonaws.com
Software
envoy /
Resource Hash
85800e685a127fa2bb094a05342f41b8ef10ec1062eb6cf1432e258bdf1ad0bb
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubdomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:12 GMT
strict-transport-security
max-age=15552000; includeSubdomains
x-content-type-options
nosniff
content-encoding
gzip
server
envoy
etag
W/"dbf-cwe1RGubMde0nE24ijSIMdjArzU"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
cache-control
no-store
x-envoy-upstream-service-time
17
web-widget-main-7bc1c0f.js
static.zdassets.com/web_widget/classic/latest/ Frame 6A4E 		969 KB
275 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/web_widget/classic/latest/web-widget-main-7bc1c0f.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=0ed8e7db-9fcc-4fa1-a2bb-77aefc709ab0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7f4ac95d1ab40c0d78d98acf1da862b901ce896b43f738c7b1731c986a612bf4
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:12 GMT
x-amz-version-id
_IYDenNVju8wHXIpAa8FJzBqmTlghdyK
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
64S1GV9HNQKB0DVA
age
1454163
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-id-2
ldH41+NY0+fYAgvbqFIJmvudIE2j/SxzaKSwKqxB3P/vSWpJ08HqoFV2mSP6KWgMbK8lgvcvTvmD4moNqUmffw==
last-modified
Mon, 08 Apr 2024 13:46:13 GMT
server
cloudflare
etag
W/"3784cf5e1ddd3a68e335f3bb4a5e2fcd"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AUaDfnoRpxdXVsuAE48NTkAZPhHd5%2FsqitoLao5Tivds0%2BAf4HXlasEl1rHFEOjELFhAPYSGTN1ljW25wTaK44bvHhZgt8fGlxhSXnJ86vbSXkeX%2FTPU1YondoeJ5A3JoXhLFbM%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-allow-methods
GET, HEAD
cache-control
public, max-age=31536000
access-control-max-age
0
cf-ray
87b5689b0af654a9-YYZ
access-control-allow-headers
*
expires
Tue, 08 Apr 2025 13:46:12 GMT
325soaptitbi_sp3_hm_0_EN.jpg
www.bathandbodyworks.ca/on/demandware.static/-/Library-Sites-BBWCASharedLibrary/default/dwa0734cdd/images/Spring3/ 		168 KB
169 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bathandbodyworks.ca/on/demandware.static/-/Library-Sites-BBWCASharedLibrary/default/dwa0734cdd/images/Spring3/325soaptitbi_sp3_hm_0_EN.jpg
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-84.yul62.r.cloudfront.net
Software
cloudflare /
Resource Hash
dd95c6bf84e13c5e355fbda63b280f1a8858f25cb96f392d104fc8c4bb0f0143
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:12 GMT
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-cf-pop
YUL62-C1
age
78062
cf-polished
degrade=85, origSize=2550589
x-cache
Miss from cloudfront
cross-origin-resource-policy
cross-origin
content-length
172394
cf-bgj
imgq:85,h2pri
last-modified
Wed, 24 Apr 2024 14:18:47 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
87b5689b390e8792-IAD
x-dw-request-base-id
OYdp36rMLGYBAAB_
x-amz-cf-id
nufoYp72WR49yt33grt_4AyaC6uxcx_F_0UksA8ATP4O7lTFLZ81ug==
expires
Mon, 27 May 2024 10:00:10 GMT
sp3_xct_bbmday_hm_EN.gif
www.bathandbodyworks.ca/on/demandware.static/-/Library-Sites-BBWCASharedLibrary/default/dw274b0b30/images/Spring3/ 		1 MB
1 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bathandbodyworks.ca/on/demandware.static/-/Library-Sites-BBWCASharedLibrary/default/dw274b0b30/images/Spring3/sp3_xct_bbmday_hm_EN.gif
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-84.yul62.r.cloudfront.net
Software
cloudflare /
Resource Hash
88cd1dcb89e096dad2c1534755269149237d8ea9397acc80db10d669b495f1a7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:12 GMT
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-cf-pop
YUL62-C1
age
1719670
cf-polished
status=not_needed
x-cache
Miss from cloudfront
cross-origin-resource-policy
cross-origin
content-length
1200071
cf-bgj
imgq:85,h2pri
last-modified
Tue, 26 Mar 2024 19:36:29 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/gif
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
87b5689b3a099c18-IAD
x-dw-request-base-id
OYcrbCLAE2YBAAB_
x-amz-cf-id
5G0GeXLGCIv6yI3kAaRoFdJp7RE5J9x9qDoio0-Do4I5lb4UWRIzzg==
expires
Wed, 08 May 2024 10:00:02 GMT
sp3_xct_btonvid_hm_EN.gif
www.bathandbodyworks.ca/on/demandware.static/-/Library-Sites-BBWCASharedLibrary/default/dwce1a238c/images/Spring3/ 		2 MB
2 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bathandbodyworks.ca/on/demandware.static/-/Library-Sites-BBWCASharedLibrary/default/dwce1a238c/images/Spring3/sp3_xct_btonvid_hm_EN.gif
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-84.yul62.r.cloudfront.net
Software
cloudflare /
Resource Hash
e4065244fd66af0ce369f011a25213fc24a61d21f15aa0ee1d802a81147a369c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:12 GMT
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-cf-pop
YUL62-C1
age
337232
cf-polished
status=not_needed
x-cache
Miss from cloudfront
cross-origin-resource-policy
cross-origin
content-length
2022100
cf-bgj
imgq:85,h2pri
last-modified
Fri, 22 Mar 2024 15:29:48 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/gif
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
87b5689b38716faa-IAD
x-dw-request-base-id
OYcsviJLAWYBAAB_
x-amz-cf-id
_XPBoR5jhotUQeSlJ741sqxAXzyh_d7YKYJT9TZi4EXL_66VRf_PgA==
expires
Fri, 24 May 2024 10:00:39 GMT
en.json
cdn.cookielaw.org/consent/599fce23-4c9d-4950-9fdd-7c3104112b8b/adcc0c6e-bfbb-4e93-871d-e9df6806465e/ 		96 KB
21 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/599fce23-4c9d-4950-9fdd-7c3104112b8b/adcc0c6e-bfbb-4e93-871d-e9df6806465e/en.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202310.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.177.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d9ff155d66740b96f031b62e57a566148f0fb35e16223db0b349f39e51b7bd5d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Sun, 28 Apr 2024 07:41:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
36334
content-md5
IZ6G9kUiwYb6b1SxpXuvjg==
content-length
21481
x-ms-lease-status
unlocked
last-modified
Fri, 27 Oct 2023 18:45:44 GMT
server
cloudflare
etag
0x8DBD71CED6FA695
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
ea354361-801e-00a7-6280-22d141000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
87b5689b6de936b3-YYZ
expires
Mon, 29 Apr 2024 07:41:12 GMT
BG_image1_d.jpg
www.bathandbodyworks.ca/on/demandware.static/-/Library-Sites-BBWCASharedLibrary/default/dwd3ac755d/images/ 		26 KB
26 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bathandbodyworks.ca/on/demandware.static/-/Library-Sites-BBWCASharedLibrary/default/dwd3ac755d/images/BG_image1_d.jpg
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-84.yul62.r.cloudfront.net
Software
cloudflare /
Resource Hash
3b38011263a3ccdf79a17243120ef47fdf7dbaef189937115675090d39efc59b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:12 GMT
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-cf-pop
YUL62-C1
age
915918
cf-polished
degrade=85, origSize=434557
x-cache
Miss from cloudfront
cross-origin-resource-policy
cross-origin
content-length
26334
cf-bgj
imgq:85,h2pri
last-modified
Tue, 24 May 2022 19:56:51 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
87b5689b98a36faa-IAD
x-dw-request-base-id
OYd2R7J2-GUBAAB_
x-amz-cf-id
XnSXN9Z-EgwbyH-VQO6ksdeTtLiBSzBXWrZjfMmn-TdjLxeYK_c-FA==
expires
Fri, 17 May 2024 17:15:54 GMT
otFlat.json
cdn.cookielaw.org/scripttemplates/202310.1.0/assets/ 		13 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202310.1.0/assets/otFlat.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202310.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.177.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ea5db5581e262d77d1a43fbb3f0fa3661b51d097b40ca38f584b4943f47cf2e0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Sun, 28 Apr 2024 07:41:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
gA7tJXNyGFicHKODkM9Iaw==
age
40815
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
3017
x-ms-lease-status
unlocked
last-modified
Thu, 26 Oct 2023 03:35:07 GMT
server
cloudflare
etag
0x8DBD5D48CFC97D7
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
559ce09c-501e-00a4-2a5f-143025000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
87b5689bde2b36b3-YYZ
otPcCenter.json
cdn.cookielaw.org/scripttemplates/202310.1.0/assets/v2/ 		62 KB
13 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202310.1.0/assets/v2/otPcCenter.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202310.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.177.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0b0a210e89ac35b54a9b4ccb0336ea91c561e6dc5f8bda49574da98d40799c6e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Sun, 28 Apr 2024 07:41:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
D6052jlcz/0opqTP4tUV1A==
age
36353
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
12708
x-ms-lease-status
unlocked
last-modified
Thu, 26 Oct 2023 03:35:10 GMT
server
cloudflare
etag
0x8DBD5D48E5675E0
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
f873e98b-c01e-0089-4eb7-218356000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
87b5689bde2d36b3-YYZ
otCommonStyles.css
cdn.cookielaw.org/scripttemplates/202310.1.0/assets/ 		21 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202310.1.0/assets/otCommonStyles.css
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202310.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.177.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d3f7b0ec4de079928a999641e781e80f33597a392a561bc460276dfb4efb6eec
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Sun, 28 Apr 2024 07:41:12 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
c7xAZ9MSGAobGaTYg/Qtag==
age
53777
x-ms-lease-status
unlocked
last-modified
Thu, 26 Oct 2023 03:35:19 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
34b70bf3-e01e-00a1-3204-24e2fe000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
87b5689bde2e36b3-YYZ
en-us-json-7bc1c0f.js
static.zdassets.com/web_widget/classic/latest/web-widget-locales/classic/ Frame 6A4E 		25 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/web_widget/classic/latest/web-widget-locales/classic/en-us-json-7bc1c0f.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-7bc1c0f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a48fd35c61908d912b5ac9e1face12e0962a0d9ecc8679e87db4031697cec54e
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:13 GMT
x-amz-version-id
LLNIVxZ_bojnmbOmqAvI_43_VNrKfel_
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
DKWT4SJ3NP0VX855
age
1063253
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-id-2
W9B1SBtAeKjZ8kR3+2GgpY7yqrRwEUd74ifS+fdKkR32Prbx0bEwMeNV6dGVRlF6Cg02ybWPMLk=
last-modified
Mon, 08 Apr 2024 13:46:15 GMT
server
cloudflare
etag
W/"6eb45e96a7cbb4b8ca10897f3cf09981"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Saq0sFuiaCDRtH1bWvzsXUxQBuW9VaowPA0jNRt02qOWNAkKNUsMQeGhxekX%2BfK%2FyJt3bUBTudkCLwEsVEqatEoGSXV9iG9F3zZDfN9m0i0mO68Un8wMhbjeNKHQ7BOgTDkIIK0%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-allow-methods
GET, HEAD
cache-control
public, max-age=31536000
access-control-max-age
0
cf-ray
87b5689c7ba154a9-YYZ
access-control-allow-headers
*
expires
Tue, 08 Apr 2025 13:46:13 GMT
config
bathandbodyworkscc.zendesk.com/embeddable/ Frame 6A4E 		628 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://bathandbodyworkscc.zendesk.com/embeddable/config
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-7bc1c0f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.51.111 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e062b0348e9bac9f262578fde6fa15107de433143e9ee2357f6cd22eccf5b1c6

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:13 GMT
content-encoding
br
cf-cache-status
EXPIRED
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-zendesk-origin-server
embeddable-app-server-f4766f8f6-v97f5
x-cached
MISS
x-runtime
0.002925
last-modified
Sun, 28 Apr 2024 07:40:03 GMT
server
cloudflare
access-control-max-age
7200
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oKAx3z1ZAGX1Ey28sJ456ApkVn9ccAJCdjUlJBMc4SFXIzBvql5i2kS%2BsX0Zbb0k4yCOQts9wEhGzEjZRFLTmnKqGoBBH58GmI9pDqVxYyiP%2Fp3yf%2Bo7NbUyAT%2FCuiMfJEFKgx0gjqRMFPGVU0vtvA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
cache-control
public, max-age=60, stale-while-revalidate=600, stale-if-error=3600
vary
Origin, Accept-Encoding
cf-ray
87b5689e5d3036cd-YYZ
CQRecomm-Start
www.bathandbodyworks.ca/on/demandware.store/Sites-BBW_CA-Site/en_CA/ 		90 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.bathandbodyworks.ca/on/demandware.store/Sites-BBW_CA-Site/en_CA/CQRecomm-Start
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/js/cbt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-84.yul62.r.cloudfront.net
Software
cloudflare /
Resource Hash
3cbd1e99d6b13f5b390cd3cf665c2f4b26ea1f31385dfc48ae602626b5a8fa12
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Sun, 28 Apr 2024 07:41:13 GMT
content-encoding
gzip
via
1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
cf-cache-status
DYNAMIC
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
YUL62-C1
x-cache
Miss from cloudfront
pragma
no-cache
server
cloudflare
vary
accept-encoding
content-type
text/html;charset=UTF-8
cache-control
no-cache, no-store, must-revalidate
accept-ranges
bytes
cf-ray
87b5689cda0439a6-IAD
x-dw-request-base-id
OYf5nJn9LWYBAAB_
x-amz-cf-id
gOtdwZqTQaOl26olqbbRxI6TtPF1vBuABnU8zXOZHAJkjkSiWSKh5Q==
expires
Thu, 01 Dec 1994 16:00:00 GMT
fbevents.js
connect.facebook.net/en_US/ 		218 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
31.13.66.19 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-01-iad3.fbcdn.net
Software
/
Resource Hash
01e9582655224c83e6c075f44b7eecb135e108b6ad2150bf6f78a0a77c4ad5e0
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Sun, 28 Apr 2024 07:41:13 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
57850
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=17, rtx=0, c=12, mss=1380, tbw=2770, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma
public
x-fb-debug
sPc637Ouf+Xdk1AfujJ/RMFpuGDzU1bfW0GguojP+j8+8AuHMpfy08kkSZQZfAXI3G01E8agt4zf1Ea/eOwQcg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
bat.js
bat.bing.com/ 		45 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
204.79.197.237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
date
Sun, 28 Apr 2024 07:41:13 GMT
last-modified
Thu, 29 Feb 2024 19:58:06 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 54DA2D5F81624EBF820DACDCB0CBF832 Ref B: YTO01EDGE0714 Ref C: 2024-04-28T07:41:13Z
etag
"01b4e9c496bda1:0"
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
13261
up_loader.1.1.0.js
js.adsrvr.org/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.adsrvr.org/up_loader.1.1.0.js
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.161.209.109 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-161-209-109.yul62.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3a95689e90e588b166f7b3ecd334959a2d6a3da1d73d557c8fb72fa10cf465dd

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sat, 27 Apr 2024 19:52:54 GMT
Content-Encoding
gzip
Via
1.1 7ea5749a224369d9af20b6d6ce7dbd92.cloudfront.net (CloudFront)
Last-Modified
Thu, 25 Apr 2024 19:49:47 GMT
Server
AmazonS3
X-Amz-Cf-Pop
YUL62-P1
Age
42500
ETag
W/"d6f0435164aefe6cf324147b77c7b6bb"
x-amz-server-side-encryption
AES256
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/x-javascript
X-Cache
Hit from cloudfront
Connection
keep-alive
X-Amz-Cf-Id
SVD8HbtPhq7oFYIXGhyBmJlTbbjL5gMYeUO5FsKou6XqeawzbOhRww==
ot_guard_logo.svg
cdn.cookielaw.org/logos/static/ 		497 B
518 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202310.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.177.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Sun, 28 Apr 2024 07:41:13 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
tXyZydHjxQshFMbbBT1/8A==
age
36344
x-ms-lease-status
unlocked
last-modified
Thu, 25 Apr 2024 20:00:14 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
e35b25a0-501e-0032-118d-9739f4000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
87b5689d2f2636b3-YYZ
5fc5bda0a87ecc437592599a_Bath-_and_Body_Works_logo_logotype.png
cdn.cookielaw.org/logos/60adc86b-07ef-485b-8ea0-1ef2f9f6c1fc/ed22aafc-54f7-4e35-9eed-959c6c2c4756/2fcb4c65-fdf9-4dab-bfa6-7b21f84e412e/ 		141 KB
141 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/60adc86b-07ef-485b-8ea0-1ef2f9f6c1fc/ed22aafc-54f7-4e35-9eed-959c6c2c4756/2fcb4c65-fdf9-4dab-bfa6-7b21f84e412e/5fc5bda0a87ecc437592599a_Bath-_and_Body_Works_logo_logotype.png
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.177.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
93e5062a715eeead8aea9413daddb8918219d84023fd55a3e302857c392ec423
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Sun, 28 Apr 2024 07:41:13 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
yVk7zEbRqYJdYUekZISqUg==
age
49704
content-length
143927
x-ms-lease-status
unlocked
last-modified
Wed, 09 Jun 2021 19:52:45 GMT
server
cloudflare
etag
0x8D92B802695CE8F
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
x-ms-request-id
e7662a79-901e-0084-0bcd-214b82000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
87b5689d3ec4a1e0-YYZ
powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/static/powered_by_logo.svg
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.177.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Sun, 28 Apr 2024 07:41:13 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
Y+c301RBZNK39PvKQWrIBw==
age
40844
x-ms-lease-status
unlocked
last-modified
Thu, 25 Apr 2024 20:00:15 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
e7b30062-501e-008b-7b0c-983dee000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
87b5689d3ec5a1e0-YYZ
CQRecomm-Start
www.bathandbodyworks.ca/on/demandware.store/Sites-BBW_CA-Site/en_CA/ 		99 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.bathandbodyworks.ca/on/demandware.store/Sites-BBW_CA-Site/en_CA/CQRecomm-Start
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/js/cbt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-84.yul62.r.cloudfront.net
Software
cloudflare /
Resource Hash
1741c129931b57da7e105b407dd6c21f8ae80ed2910b4ec7b7224d30860adb96
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Sun, 28 Apr 2024 07:41:13 GMT
content-encoding
gzip
via
1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
cf-cache-status
DYNAMIC
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
YUL62-C1
x-cache
Miss from cloudfront
pragma
no-cache
server
cloudflare
vary
accept-encoding
content-type
text/html;charset=UTF-8
cache-control
no-cache, no-store, must-revalidate
accept-ranges
bytes
cf-ray
87b5689d4e93690c-IAD
x-dw-request-base-id
OYf7nJn9LWYBAAB_
x-amz-cf-id
4316GBFeuGa979R9lsDmf0UbcV20s5xxsUjB67V69zmzvEIaeeiEJA==
expires
Thu, 01 Dec 1994 16:00:00 GMT
js
www.googletagmanager.com/gtag/ 		287 KB
98 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-QTMQ58ZDWF&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W67BBTW
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.111.97 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
bk-in-f97.1e100.net
Software
Google Tag Manager /
Resource Hash
488b3c339c35ade0912021302abc8ec57ee61927dbff14816b426fe618768baa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:13 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
99978
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Sun, 28 Apr 2024 07:41:13 GMT
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W67BBTW
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.239.38.178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Sun, 28 Apr 2024 07:38:27 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
166
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Sun, 28 Apr 2024 09:38:27 GMT
quantum-bbwca.js
cdn.quantummetric.com/qscripts/ 		278 KB
78 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.quantummetric.com/qscripts/quantum-bbwca.js
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.22.53.252 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e60df0432714c9ab20426b8909af3c2e09e72b78233ecc70897ef8c5aa6a42ae
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options no-sniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:13 GMT
strict-transport-security
max-age=31536000
x-content-type-options
no-sniff
cf-cache-status
HIT
content-encoding
br
age
142
alt-svc
h3=":443"; ma=86400
server
cloudflare
etag
W/"171407738078517133706183601714204802179"
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=300, stale-while-revalidate=21600, stale-if-error=21600
x-robots-tag
noindex
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
cf-ray
87b5689d7f9d7116-YYZ
en-ca-json-7bc1c0f.js
static.zdassets.com/web_widget/classic/latest/web-widget-locales/classic/ Frame 6A4E 		25 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/web_widget/classic/latest/web-widget-locales/classic/en-ca-json-7bc1c0f.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-7bc1c0f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4a74ee3ace70bec77c0d6ea49ed5580a749e52fd20ab94f2ad6a9f66e30a6665
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:13 GMT
x-amz-version-id
tZvdhE6uk_4kBuJIRzEwyQqHyqm8Qcr5
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
DKWG8GN5W4R2ZDE3
age
1454162
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-id-2
nNimydQ6g2nyzIgpO5apLPDs99uLKEbDN/hShQevo77YS8XXS3YrN1FjjOm1fpugPznEh/83lTtLjj1pHGE0Fg==
last-modified
Mon, 08 Apr 2024 13:46:14 GMT
server
cloudflare
etag
W/"f3c0f6d6a8fa33c80b11a6250a5c5b28"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=caO0K5hIGDuGf1VEtl1hiO2ru%2F3ZQ6dYh1X%2FocqA%2BvNcmbnljP9zoUQwbPD%2B%2FcwlWd8xc6Fc5c2SVCOARIQrecN3MKi%2BcQUipIKmzXf1U7S%2B8Vjygs%2F%2FmTFtMTJAe1%2FA7ftMUWI%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-allow-methods
GET, HEAD
cache-control
public, max-age=31536000
access-control-max-age
0
cf-ray
87b5689d5c0954a9-YYZ
access-control-allow-headers
*
expires
Tue, 08 Apr 2025 13:46:13 GMT
web-widget-chat-sdk-7bc1c0f.js
static.zdassets.com/web_widget/classic/latest/ Frame 6A4E 		202 KB
52 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/web_widget/classic/latest/web-widget-chat-sdk-7bc1c0f.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-7bc1c0f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
965cba95c928e95003ce37271090406eaa7d5c2d955230a785b2b3be8a9a17f5
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:13 GMT
x-amz-version-id
PnwdCuJviouphoOKkGhIayUUaC4tYXWL
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
7P01XWB44YSSFFP5
age
1454163
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-id-2
XxQ8S/lBv1OtyK14Vkg8IAF2w1ME0kGwFoL/pkM7jEvNEGJZFHeFeFmAEaVODwS7Try+N51fJGM=
last-modified
Mon, 08 Apr 2024 13:46:13 GMT
server
cloudflare
etag
W/"b8284a4b45e40625c2b90a641ebe4a68"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dXmOLcvwhu89rUyV23pYgH5q1tMpT59xVSKJZhNF9v2VPQBgtdjf4G61qYbdwX1NxU%2BxcXEts2Qzw0eOGNSVDP3zy1MS9m2k3Rdpsf1mJjy0mXIJqYyIffnBUv0pBcF5z89ff10%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-allow-methods
GET, HEAD
cache-control
public, max-age=31536000
access-control-max-age
0
cf-ray
87b5689d5c0b54a9-YYZ
access-control-allow-headers
*
expires
Tue, 08 Apr 2025 13:46:12 GMT
collect
www.google-analytics.com/g/ 		0
177 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-QTMQ58ZDWF&gtm=45je44o0v877791066z8848656376za200&_p=1714290072738&gcd=13l3l3l3l1&npa=0&dma=0&cid=1051872550.1714290073&ul=en-ca&sr=1600x1200&ir=1&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.78%7CGoogle%2520Chrome%3B124.0.6367.78%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_eu=EAAACA&_s=1&uid=Anonymous&sid=1714290073&sct=1&seg=0&dl=https%3A%2F%2Fwww.bathandbodyworks.ca%2F&dt=Bath%20%26%20Body%20Works%20Canada%3A%20Body%20Care%20%26%20Home%20Fragrances%20You%27ll%20Love!&en=page_view&_fv=1&_nsi=1&_ss=1&ep.anonymize_ip=true&tfd=1526
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-QTMQ58ZDWF&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.239.38.178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sun, 28 Apr 2024 07:41:13 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.bathandbodyworks.ca
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
20264342.js
bat.bing.com/p/action/ 		0
117 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/p/action/20264342.js
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
204.79.197.237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private,max-age=1800
date
Sun, 28 Apr 2024 07:41:13 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 13AE7D81150A48B7B8235B582CDD3CF0 Ref B: YTO01EDGE0714 Ref C: 2024-04-28T07:41:13Z
x-cache
CONFIG_NOCACHE
0
bat.bing.com/action/ 		0
360 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=20264342&Ver=2&mid=29059158-6ce6-4b44-8446-15f5295c6868&sid=b0259fb0053211ef96ad61f154273c18&vid=b025b950053211efb3acf74b4c2c3df8&vids=1&msclkid=N&pi=918639831&lg=en-CA&sw=1600&sh=1200&sc=24&tl=Bath%20%26%20Body%20Works%20Canada%3A%20Body%20Care%20%26%20Home%20Fragrances%20You%27ll%20Love!&kw=body%20care,%20skin%20care,%20hand%20soaps,%20candles,%20fragrance&p=https%3A%2F%2Fwww.bathandbodyworks.ca%2F&r=&lt=952&evt=pageLoad&sv=1&rn=553676
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
204.79.197.237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Sun, 28 Apr 2024 07:41:13 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: FD1F1C950C874219BC675D48D22AE612 Ref B: YTO01EDGE0714 Ref C: 2024-04-28T07:41:13Z
x-cache
CONFIG_NOCACHE
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
expires
Fri, 01 Jan 1990 00:00:00 GMT
linkid.js
www.google-analytics.com/plugins/ua/ 		2 KB
722 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/plugins/ua/linkid.js
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.239.38.178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:03:36 GMT
content-encoding
br
x-content-type-options
nosniff
age
2257
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
697
x-xss-protection
0
last-modified
Fri, 30 Jun 2023 18:58:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Sun, 28 Apr 2024 08:03:36 GMT
893104011554550
connect.facebook.net/signals/config/ 		65 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/893104011554550?v=2.9.154&r=stable&domain=www.bathandbodyworks.ca&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
31.13.66.19 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-01-iad3.fbcdn.net
Software
/
Resource Hash
7e534242fe6ae720126f090f0ff28ddb80822fd06d1e95fad247b1ac27fb0936
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Sun, 28 Apr 2024 07:41:13 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
13872
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=17, rtx=0, c=61, mss=1380, tbw=63174, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma
public
x-fb-debug
NbvcK4TFbD27HQSFp34WhRLjXsmns/vAOF14+Cu8mh/G5lpv6VPCCd3e5Tkejb5syW8rxIQLzrJ6b/Tg3RzwBQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
collect
www.google-analytics.com/j/ 		4 B
24 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&aip=1&a=1496569135&t=pageview&_s=1&dl=https%3A%2F%2Fwww.bathandbodyworks.ca%2F&ul=en-ca&de=UTF-8&dt=Bath%20%26%20Body%20Works%20Canada%3A%20Body%20Care%20%26%20Home%20Fragrances%20You%27ll%20Love!&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aCDAAEAjAAAAACAEK~&jid=1992434042&gjid=122855470&cid=1051872550.1714290073&uid=Anonymous&tid=UA-202372494-1&_gid=75198814.1714290073&_r=1&_slc=1&gtm=45He44o0n81W67BBTWv848656376za200&cd1=Anonymous&cd3=2024-04-28T00%3A41%3A13.152-07%3A00&cd4=GTM-W67BBTW%7C35&cd7=true&gcd=13l3l3l3l1&dma=0&cd2=1051872550.1714290073&z=52043153
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/js/cbt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.239.38.178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sun, 28 Apr 2024 07:41:13 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.bathandbodyworks.ca
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
ec.js
www.google-analytics.com/plugins/ua/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/plugins/ua/ec.js
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.239.38.178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:34:00 GMT
content-encoding
br
x-content-type-options
nosniff
age
433
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1129
x-xss-protection
0
last-modified
Tue, 27 Jun 2023 17:28:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Sun, 28 Apr 2024 08:34:00 GMT
truncated
/ 		37 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/gif
SourceSansPro-SemiBoldItalic.woff2
www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/fonts/source-sans-pro/ 		42 KB
42 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/fonts/source-sans-pro/SourceSansPro-SemiBoldItalic.woff2
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/css/global.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-84.yul62.r.cloudfront.net
Software
cloudflare /
Resource Hash
bf41d670ae2c0154c87722b9f154bce56934a043af9655886b2eccafa4ead865
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/css/global.css
Origin
https://www.bathandbodyworks.ca
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:13 GMT
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-cf-pop
YUL62-C1
age
76151
x-cache
Miss from cloudfront
cross-origin-resource-policy
cross-origin
content-length
42724
last-modified
Tue, 06 Feb 2024 20:33:54 GMT
server
cloudflare
vary
Accept-Encoding
content-type
font/woff2
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
87b568a0cca239a6-IAD
x-dw-request-base-id
OYcsSCLULGYBAAB_
x-amz-cf-id
Ix1QUfOo3zKq3vByMKhVEHSfxIQ7fz1Qpgl5iWyezsKlcfCExcFArQ==
expires
Mon, 27 May 2024 10:32:02 GMT
collect
stats.g.doubleclick.net/j/ 		1 B
352 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-202372494-1&cid=1051872550.1714290073&jid=1992434042&uid=Anonymous&gjid=122855470&_gid=75198814.1714290073&_u=aCDAAEAiAAAAACAEK~&z=546196898
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/en_CA/v1714213910849/js/cbt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.111.155 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
bk-in-f155.1e100.net
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Sun, 28 Apr 2024 07:41:13 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.bathandbodyworks.ca
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
pebble
p.cquotient.com/ 		147 B
485 B 		Script
General
Check archive.org
Download Go to
Full URL
https://p.cquotient.com/pebble?tla=bgfz-BBW_CA&activityType=viewReco&callback=CQuotient._act_callback2&cookieId=bdMbFnvYvKLv4T2acqAPejiJtV&userId=&emailId=&products=id%3A%3A026291248%7C%7Csku%3A%3A%7C%7Ctype%3A%3A%7C%7Calt_id%3A%3A%3B%3Bid%3A%3A026291252%7C%7Csku%3A%3A%7C%7Ctype%3A%3A%7C%7Calt_id%3A%3A%3B%3Bid%3A%3A026291244%7C%7Csku%3A%3A%7C%7Ctype%3A%3A%7C%7Calt_id%3A%3A%3B%3Bid%3A%3A028001061%7C%7Csku%3A%3A%7C%7Ctype%3A%3A%7C%7Calt_id%3A%3A%3B%3Bid%3A%3A028003403%7C%7Csku%3A%3A%7C%7Ctype%3A%3A%7C%7Calt_id%3A%3A%3B%3Bid%3A%3A028001000%7C%7Csku%3A%3A%7C%7Ctype%3A%3A%7C%7Calt_id%3A%3A%3B%3Bid%3A%3A026291245%7C%7Csku%3A%3A%7C%7Ctype%3A%3A%7C%7Calt_id%3A%3A%3B%3Bid%3A%3A028001120%7C%7Csku%3A%3A%7C%7Ctype%3A%3A%7C%7Calt_id%3A%3A%3B%3Bid%3A%3A028001000%7C%7Csku%3A%3A%7C%7Ctype%3A%3A%7C%7Calt_id%3A%3A%3B%3Bid%3A%3A026291245%7C%7Csku%3A%3A%7C%7Ctype%3A%3A%7C%7Calt_id%3A%3A%3B%3Bid%3A%3A028001120%7C%7Csku%3A%3A%7C%7Ctype%3A%3A%7C%7Calt_id%3A%3A%3B%3Bid%3A%3A026291248%7C%7Csku%3A%3A%7C%7Ctype%3A%3A%7C%7Calt_id%3A%3A%3B%3Bid%3A%3A026291252%7C%7Csku%3A%3A%7C%7Ctype%3A%3A%7C%7Calt_id%3A%3A%3B%3Bid%3A%3A026291244%7C%7Csku%3A%3A%7C%7Ctype%3A%3A%7C%7Calt_id%3A%3A%3B%3Bid%3A%3A028001061%7C%7Csku%3A%3A%7C%7Ctype%3A%3A%7C%7Calt_id%3A%3A%3B%3Bid%3A%3A028003403%7C%7Csku%3A%3A%7C%7Ctype%3A%3A%7C%7Calt_id%3A%3A%3B%3Bid%3A%3A028001000%7C%7Csku%3A%3A%7C%7Ctype%3A%3A%7C%7Calt_id%3A%3A%3B%3Bid%3A%3A026291245%7C%7Csku%3A%3A%7C%7Ctype%3A%3A%7C%7Calt_id%3A%3A%3B%3Bid%3A%3A028001120%7C%7Csku%3A%3A%7C%7Ctype%3A%3A%7C%7Calt_id%3A%3A&recommenderName=products-in-all-categories-hp&realm=BGFZ&siteId=BBW_CA&instanceType=prd&locale=en_CA&slotId=bbw-homepage-recommendation-carousel&slotConfigId=HP_prodrecco2_0318&slotConfigTemplate=slots%2Frecommendation%2FbbwHomepageRecommendationCarousel.isml&viewRecoRoundtrip=285&anchors=&__recoUUID=bed9ec35-ed94-420f-8e2f-e5a084b9daf6&referrer=&currentLocation=https%3A%2F%2Fwww.bathandbodyworks.ca%2F&ls=true&_=1714290073695&v=v3.1.2&fbPixelId=__UNKNOWN__
Requested by
Host: cdn.cquotient.com
URL: https://cdn.cquotient.com/js/v2/gretel.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.225.115.81 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-225-115-81.compute-1.amazonaws.com
Software
envoy /
Resource Hash
8aafc23886fc4faed27711d3d7c9d10ffee3b60a83c152cbf15a661f7e07012b
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubdomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:13 GMT
strict-transport-security
max-age=15552000; includeSubdomains
x-content-type-options
nosniff
server
envoy
etag
W/"93-cDshlJnrVxkrwFRJBi0hK8WJDw4"
content-type
text/javascript; charset=utf-8
x-envoy-upstream-service-time
2
content-length
147
026793217.jpg
www.bathandbodyworks.ca/dw/image/v2/BGFZ_PRD/on/demandware.static/-/Sites-bbw_ca-storefront-catalog/default/dw24458cf2/hires/ 		10 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bathandbodyworks.ca/dw/image/v2/BGFZ_PRD/on/demandware.static/-/Sites-bbw_ca-storefront-catalog/default/dw24458cf2/hires/026793217.jpg?sw=360&sh=270&sm=fit
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-84.yul62.r.cloudfront.net
Software
cloudflare /
Resource Hash
fe538972d6be5cf5f1611e7a5ec5091a2fb04523c1aa6260a9fb6940613b3087
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:13 GMT
via
1.1 e67eec39bafe7d4b59266632bc2a9886.cloudfront.net (CloudFront), 1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
IAD50-C2, YUL62-C1
x-amz-meta-cleanquerystring
sw=360&sh=270&sm=fit
cf-polished
degrade=85, origSize=11313
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
age
909285
x-amz-storage-class
INTELLIGENT_TIERING
content-length
10251
x-amz-expiration
expiry-date="Mon, 31 Mar 2025 00:00:00 GMT", rule-id="transform_cache_ttl"
cf-bgj
imgq:85,h2pri
last-modified
Thu, 29 Feb 2024 19:46:02 GMT
server
cloudflare
etag
"95e4c8c44d821d79a2853c4136bc39da"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
87b568a1182f9c19-IAD
x-amz-cf-id
lBnnviKoPzg4kwVIP34gwDM0AQ2KCbmBghYkf2y3sIjGAfhUixcKbw==
028001284.jpg
www.bathandbodyworks.ca/dw/image/v2/BGFZ_PRD/on/demandware.static/-/Sites-bbw_ca-storefront-catalog/default/dw210b4698/hires/ 		9 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bathandbodyworks.ca/dw/image/v2/BGFZ_PRD/on/demandware.static/-/Sites-bbw_ca-storefront-catalog/default/dw210b4698/hires/028001284.jpg?sw=360&sh=270&sm=fit
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-84.yul62.r.cloudfront.net
Software
cloudflare /
Resource Hash
f90943a1560aca3f9e6077d33cd21aa43e81d3235e220fe760326cab9b183439
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:13 GMT
via
1.1 4085d0fb63bcf1447db3c47a72df12a4.cloudfront.net (CloudFront), 1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
IAD79-C2, YUL62-C1
age
168073
cf-polished
degrade=85, origSize=10414
x-amzn-requestid
cfdb586f-f9e0-4ecd-bf10-0886a79f7cfb
x-cache
Miss from cloudfront
x-amz-apigw-id
W036jE8MoAMEGGQ=
content-length
9243
cf-bgj
imgq:85,h2pri
last-modified
Fri, 26 Apr 2024 09:00:00 GMT
server
cloudflare
x-amzn-trace-id
Root=1-662b6d10-5934000f1aa7e88c0bd754a1;Parent=332054b2291f1851;Sampled=0;lineage=36621fcf:0
vary
Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
87b568a11f591753-IAD
x-amz-cf-id
L7KeUfYKckbO8jWY8M9o7HbnuZ5flnf6kg6wHUEzbb9UcRoeo0T0pg==
028001265.jpg
www.bathandbodyworks.ca/dw/image/v2/BGFZ_PRD/on/demandware.static/-/Sites-bbw_ca-storefront-catalog/default/dwcc319e49/hires/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bathandbodyworks.ca/dw/image/v2/BGFZ_PRD/on/demandware.static/-/Sites-bbw_ca-storefront-catalog/default/dwcc319e49/hires/028001265.jpg?sw=360&sh=270&sm=fit
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-84.yul62.r.cloudfront.net
Software
cloudflare /
Resource Hash
8abeac43eeff839541335f86bb9fa275f989a99311faa18f3e49ae62471114db
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:13 GMT
via
1.1 077f711c23b8630fba0cd55c24dd3124.cloudfront.net (CloudFront), 1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
IAD66-C2, YUL62-C1
x-amz-meta-cleanquerystring
sw=360&sh=270&sm=fit
cf-polished
degrade=85, origSize=7083
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
age
612935
x-amz-storage-class
INTELLIGENT_TIERING
content-length
5417
x-amz-expiration
expiry-date="Fri, 18 Apr 2025 00:00:00 GMT", rule-id="transform_cache_ttl"
cf-bgj
imgq:85,h2pri
last-modified
Mon, 18 Mar 2024 10:02:17 GMT
server
cloudflare
etag
"55f9eb22073f3d8247988f5f5502544d"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
87b568a119c813b3-IAD
x-amz-cf-id
kJEuXlr8wZgoRU-vAb_C7-DfpHBx14ib4_W1yiC9NOuJnEWFzEkibA==
026467195.jpg
www.bathandbodyworks.ca/dw/image/v2/BGFZ_PRD/on/demandware.static/-/Sites-bbw_ca-storefront-catalog/default/dw28e9d5a8/hires/ 		8 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bathandbodyworks.ca/dw/image/v2/BGFZ_PRD/on/demandware.static/-/Sites-bbw_ca-storefront-catalog/default/dw28e9d5a8/hires/026467195.jpg?sw=360&sh=270&sm=fit
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-84.yul62.r.cloudfront.net
Software
cloudflare /
Resource Hash
66827a7de4d192bbf118b720734b9d68755007b08cd4d8197a3e39b4726879f2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:13 GMT
via
1.1 ce0d380336eb1f624e574285078b47f6.cloudfront.net (CloudFront), 1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
EWR50-C1, YUL62-C1
x-amz-meta-cleanquerystring
sw=360&sh=270&sm=fit
cf-polished
degrade=85, origSize=11346
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
age
904545
content-length
8676
x-amz-expiration
expiry-date="Fri, 03 Jan 2025 00:00:00 GMT", rule-id="transform_cache_ttl"
cf-bgj
imgq:85,h2pri
last-modified
Mon, 04 Dec 2023 10:12:28 GMT
server
cloudflare
etag
"ccc2e28ff1c5ffe24a2548dbc6051399"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
87b568a11899690c-IAD
x-amz-cf-id
fjSBoV99IX0bGH7I7JIq5x5_3mB7WHLtCHJ9SC6OCHHJx8AsWPRUbQ==
028002140.jpg
www.bathandbodyworks.ca/dw/image/v2/BGFZ_PRD/on/demandware.static/-/Sites-bbw_ca-storefront-catalog/default/dwc962b13a/hires/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bathandbodyworks.ca/dw/image/v2/BGFZ_PRD/on/demandware.static/-/Sites-bbw_ca-storefront-catalog/default/dwc962b13a/hires/028002140.jpg?sw=360&sh=270&sm=fit
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-84.yul62.r.cloudfront.net
Software
cloudflare /
Resource Hash
9c1501806b356ebbe6ed15dbad641daba088ab74c5cbb80b469911a3966c010e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:13 GMT
via
1.1 5f96bc4a22f6baa91bf4a4bb246e4ff8.cloudfront.net (CloudFront), 1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
IAD79-C2, YUL62-C1
x-amz-meta-cleanquerystring
sw=360&sh=270&sm=fit
cf-polished
degrade=85, origSize=7974
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
age
904481
x-amz-storage-class
INTELLIGENT_TIERING
content-length
6227
x-amz-expiration
expiry-date="Fri, 18 Apr 2025 00:00:00 GMT", rule-id="transform_cache_ttl"
cf-bgj
imgq:85,h2pri
last-modified
Mon, 18 Mar 2024 09:07:31 GMT
server
cloudflare
etag
"9182e8685eaeac0dabf4f4dd76c20bc4"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
87b568a11b8e3961-IAD
x-amz-cf-id
YxN1vlgYJmXQoUv3pvBA819XiWXS0qa5e3uREFVDMknOdHbJvvZBRw==
028002132.jpg
www.bathandbodyworks.ca/dw/image/v2/BGFZ_PRD/on/demandware.static/-/Sites-bbw_ca-storefront-catalog/default/dwa7424b8e/hires/ 		8 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bathandbodyworks.ca/dw/image/v2/BGFZ_PRD/on/demandware.static/-/Sites-bbw_ca-storefront-catalog/default/dwa7424b8e/hires/028002132.jpg?sw=360&sh=270&sm=fit
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-84.yul62.r.cloudfront.net
Software
cloudflare /
Resource Hash
75d355943e432d32c10165410c17881dabdef8d0f9215f84a56418d676c23087
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:13 GMT
via
1.1 cd3b189d4dff15bd0a2ccf14f97ffda2.cloudfront.net (CloudFront), 1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
IAD79-C2, YUL62-C1
x-amz-meta-cleanquerystring
sw=360&sh=270&sm=fit
cf-polished
degrade=85, origSize=9376
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
age
688046
x-amz-storage-class
INTELLIGENT_TIERING
content-length
8566
x-amz-expiration
expiry-date="Fri, 18 Apr 2025 00:00:00 GMT", rule-id="transform_cache_ttl"
cf-bgj
imgq:85,h2pri
last-modified
Mon, 18 Mar 2024 09:07:32 GMT
server
cloudflare
etag
"e46d100f944029020dfbc91cf14a8bce"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
87b568a1196705a5-IAD
x-amz-cf-id
p-WlZnKKJkIjMdUNqYeTHK8O5VbtJkqeD9u0P1Y-tua_S0kNqloV6Q==
collect
www.google-analytics.com/ 		35 B
55 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/collect
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.239.38.178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Sun, 28 Apr 2024 07:41:13 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
https://www.bathandbodyworks.ca
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/collect
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.239.38.178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Sun, 28 Apr 2024 07:41:13 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
https://www.bathandbodyworks.ca
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.facebook.com/tr/ 		0
274 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=893104011554550&ev=PageView&dl=https%3A%2F%2Fwww.bathandbodyworks.ca%2F&rl=&if=false&ts=1714290073780&sw=1600&sh=1200&v=2.9.154&r=stable&ec=0&o=4126&fbp=fb.1.1714290073773.1178368212&hmd=ba7fd0a53675ac35c7420b94&pl=https%3A%2F%2Fwww.bathandbodyworks.ca%2F&ler=empty&cdl=API_unavailable&it=1714290073379&coo=false&rqm=GET
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
31.13.66.35 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-01-iad3.facebook.com
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-fb-connection-quality
EXCELLENT; q=0.9, rtt=17, rtx=0, c=10, mss=1380, tbw=2762, tp=-1, tpl=-1, uplat=1, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Sun, 28 Apr 2024 07:41:14 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
web-widget-chat-incoming-message-notification-7bc1c0f.js
static.zdassets.com/web_widget/classic/latest/ Frame 6A4E 		236 B
681 B 		Script
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/web_widget/classic/latest/web-widget-chat-incoming-message-notification-7bc1c0f.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-7bc1c0f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a29e4af6aa6a95982d1092a20f0068173b9a9d5df0a89bc99da556aebec3ce54
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:13 GMT
x-amz-version-id
Lm_gk05VN5DG3iiQELVQYeeCHNOGOA_r
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
XFADR46K4TGX035H
age
1454162
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-id-2
R3PecKyMJCGDs4JT2rQH8kobx+xe4PmFL3bhxKf2ufYIH8AcJNe/MKDfH2LJ2tMd1M/EVwVYdpk=
last-modified
Mon, 08 Apr 2024 13:46:13 GMT
server
cloudflare
etag
W/"77bb07ca171e3ff2b72a7dafa7822bc8"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ry2u1xlFG%2BBPQGGILJtf36EynGhNgxt4BJ7GcqV5Nb%2FeH%2F%2BoSQyhhAw4UDMln541Hb%2FB88dkRl%2BjKa7WUpk7ZNuJjIq2bpGsj%2Fo3yVbE23XLpDQeF4rmC1AdYjJFC4zEi81ozAA%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-allow-methods
GET, HEAD
cache-control
public, max-age=31536000
access-control-max-age
0
cf-ray
87b568a16dce54a9-YYZ
access-control-allow-headers
*
expires
Tue, 08 Apr 2025 13:46:12 GMT
pebble
p.cquotient.com/ 		147 B
485 B 		Script
General
Check archive.org
Download Go to
Full URL
https://p.cquotient.com/pebble?tla=bgfz-BBW_CA&activityType=viewReco&callback=CQuotient._act_callback4&cookieId=bdMbFnvYvKLv4T2acqAPejiJtV&userId=&emailId=&products=id%3A%3A028001284%7C%7Csku%3A%3A%7C%7Ctype%3A%3A%7C%7Calt_id%3A%3A%3B%3Bid%3A%3A028001265%7C%7Csku%3A%3A%7C%7Ctype%3A%3A%7C%7Calt_id%3A%3A%3B%3Bid%3A%3A026467195%7C%7Csku%3A%3A%7C%7Ctype%3A%3A%7C%7Calt_id%3A%3A%3B%3Bid%3A%3A028002140%7C%7Csku%3A%3A%7C%7Ctype%3A%3A%7C%7Calt_id%3A%3A%3B%3Bid%3A%3A028002132%7C%7Csku%3A%3A%7C%7Ctype%3A%3A%7C%7Calt_id%3A%3A%3B%3Bid%3A%3A026686019%7C%7Csku%3A%3A%7C%7Ctype%3A%3A%7C%7Calt_id%3A%3A%3B%3Bid%3A%3A028002131%7C%7Csku%3A%3A%7C%7Ctype%3A%3A%7C%7Calt_id%3A%3A%3B%3Bid%3A%3A026686025%7C%7Csku%3A%3A%7C%7Ctype%3A%3A%7C%7Calt_id%3A%3A%3B%3Bid%3A%3A026793217%7C%7Csku%3A%3A%7C%7Ctype%3A%3A%7C%7Calt_id%3A%3A%3B%3Bid%3A%3A028002131%7C%7Csku%3A%3A%7C%7Ctype%3A%3A%7C%7Calt_id%3A%3A%3B%3Bid%3A%3A026686025%7C%7Csku%3A%3A%7C%7Ctype%3A%3A%7C%7Calt_id%3A%3A%3B%3Bid%3A%3A026793217%7C%7Csku%3A%3A%7C%7Ctype%3A%3A%7C%7Calt_id%3A%3A%3B%3Bid%3A%3A028001284%7C%7Csku%3A%3A%7C%7Ctype%3A%3A%7C%7Calt_id%3A%3A%3B%3Bid%3A%3A028001265%7C%7Csku%3A%3A%7C%7Ctype%3A%3A%7C%7Calt_id%3A%3A%3B%3Bid%3A%3A026467195%7C%7Csku%3A%3A%7C%7Ctype%3A%3A%7C%7Calt_id%3A%3A%3B%3Bid%3A%3A028002140%7C%7Csku%3A%3A%7C%7Ctype%3A%3A%7C%7Calt_id%3A%3A%3B%3Bid%3A%3A028002132%7C%7Csku%3A%3A%7C%7Ctype%3A%3A%7C%7Calt_id%3A%3A%3B%3Bid%3A%3A026686019%7C%7Csku%3A%3A%7C%7Ctype%3A%3A%7C%7Calt_id%3A%3A%3B%3Bid%3A%3A028002131%7C%7Csku%3A%3A%7C%7Ctype%3A%3A%7C%7Calt_id%3A%3A%3B%3Bid%3A%3A026686025%7C%7Csku%3A%3A%7C%7Ctype%3A%3A%7C%7Calt_id%3A%3A%3B%3Bid%3A%3A026793217%7C%7Csku%3A%3A%7C%7Ctype%3A%3A%7C%7Calt_id%3A%3A&recommenderName=products-in-a-category-soapstitbi&realm=BGFZ&siteId=BBW_CA&instanceType=prd&locale=en_CA&slotId=bbw-homepage-middle1-slot&slotConfigId=HP_prodrecco1_0427&slotConfigTemplate=slots%2Frecommendation%2FbbwHomepageRecommendationCarousel.isml&viewRecoRoundtrip=365&anchors=&__recoUUID=4166ff98-fa71-490b-ad7b-951739bae1b4&referrer=&currentLocation=https%3A%2F%2Fwww.bathandbodyworks.ca%2F&ls=true&_=1714290073833&v=v3.1.2&fbPixelId=__UNKNOWN__&__cq_uuid=bdMbFnvYvKLv4T2acqAPejiJtV&__fbp=fb.1.1714290073773.1178368212
Requested by
Host: cdn.cquotient.com
URL: https://cdn.cquotient.com/js/v2/gretel.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.225.115.81 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-225-115-81.compute-1.amazonaws.com
Software
envoy /
Resource Hash
4191232023ff6d3cd1527f1b76b7bd1f2687302bc8f55f5e041781c2eee58dcf
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubdomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:13 GMT
strict-transport-security
max-age=15552000; includeSubdomains
x-content-type-options
nosniff
server
envoy
etag
W/"93-w7Fv/agZwH2rUJSa7g5nzppKFB8"
content-type
text/javascript; charset=utf-8
x-envoy-upstream-service-time
2
content-length
147
fda6cd35495c75f83508d9d2e77ee33d.mp3
static.zdassets.com/web_widget/classic/latest/ Frame 6A4E 		19 KB
20 KB 		Media
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/web_widget/classic/latest/fda6cd35495c75f83508d9d2e77ee33d.mp3
Requested by
Host: www.bathandbodyworks.ca
URL: https://www.bathandbodyworks.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
05069cc62b394b6ecc2daf3c51b4b2ba7f6cc8735988e8234487234af47eceee
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Encoding
identity;q=1, *;q=0
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Referer
Range
bytes=0-
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:13 GMT
x-amz-version-id
Kl.biZfM8rz6re2aS0glnDheA8R9Dmfl
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
KH5VE2Z70ZGQ75A2
age
5138503
x-amz-server-side-encryption
AES256
Content-Range
bytes 0-19697/19698
x-amz-replication-status
COMPLETED
Content-Length
19698
x-amz-id-2
LqweHRijvBdbgWotLxDeNcs9Lz6cG09nTN1pbS7TIlVP/kJbpnlLrkq/B74CU90UTxSTSp+E3xk=
last-modified
Wed, 29 Nov 2023 08:06:43 GMT
server
cloudflare
etag
"f11ce9e8f40a392830217253fe75d6de"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f7qUM8WAhUESVkleksygxn1HYCF8SAsDCCznief6OExJJnMU5QCIjCxLsBXl7f7r6sSpW%2Fs%2BVas7DmKWdsOWYKlg611PjJKnC8Rf95mgUGAEbgnjRnmaMlvQbvQoFURQGBIdCHY%3D"}],"group":"cf-nel","max_age":604800}
content-type
audio/mpeg; charset=utf-8
access-control-allow-origin
*
access-control-allow-methods
GET, HEAD
cache-control
public, max-age=31536000
access-control-max-age
0
cf-ray
87b568a1ade654a9-YYZ
access-control-allow-headers
*
expires
Thu, 28 Nov 2024 08:06:42 GMT
/
match.adsrvr.org/track/upb/ Frame 102C
Redirect Chain
  • https://insight.adsrvr.org/track/up?adv=xhdi368&ref=https%3A%2F%2Fwww.bathandbodyworks.ca%2F&upid=mxb9bzg&upv=1.1.0
  • https://match.adsrvr.org/track/upb/?adv=xhdi368&ref=https%3A%2F%2Fwww.bathandbodyworks.ca%2F&upid=mxb9bzg&upv=1.1.0
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://match.adsrvr.org/track/upb/?adv=xhdi368&ref=https%3A%2F%2Fwww.bathandbodyworks.ca%2F&upid=mxb9bzg&upv=1.1.0
Requested by
Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
https://www.bathandbodyworks.ca/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

content-encoding
gzip
content-type
text/html
date
Sun, 28 Apr 2024 07:41:14 GMT
server
Kestrel
vary
Accept-Encoding

Redirect headers

content-length
281
date
Sun, 28 Apr 2024 07:41:14 GMT
location
https://match.adsrvr.org/track/upb/?adv=xhdi368&ref=https%3A%2F%2Fwww.bathandbodyworks.ca%2F&upid=mxb9bzg&upv=1.1.0
server
Kestrel
collect
www.google-analytics.com/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j101&aip=1&a=1496569135&t=timing&_s=2&dl=https%3A%2F%2Fwww.bathandbodyworks.ca%2F&ul=en-ca&de=UTF-8&dt=Bath%20%26%20Body%20Works%20Canada%3A%20Body%20Care%20%26%20Home%20Fragrances%20You%27ll%20Love!&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&plt=2247&pdt=17&dns=0&rrt=1&srt=305&tcp=51&dit=776&clt=950&_gst=1367&_gbt=1569&_u=aCDAAEArAAAAACAMK~&jid=&gjid=&cid=1051872550.1714290073&uid=Anonymous&tid=UA-202372494-1&_gid=75198814.1714290073&gtm=45He44o0n81W67BBTWv848656376za200&cd1=Anonymous&cd3=2024-04-28T00%3A41%3A13.152-07%3A00&cd4=GTM-W67BBTW%7C35&cd7=true&gcd=13l3l3l3l1&dma=0&cd2=1051872550.1714290073&z=252530398
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.239.38.178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sun, 28 Apr 2024 01:58:36 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
20558
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
favicon.ico
www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/default/dw6d5b0a4b/images/favicons/ 		318 B
622 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.bathandbodyworks.ca/on/demandware.static/Sites-BBW_CA-Site/-/default/dw6d5b0a4b/images/favicons/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-84.yul62.r.cloudfront.net
Software
cloudflare /
Resource Hash
6a58760a6a66b6056d0935178a3a042cd9d842cad9d1ffa38bb939de3dd1d1ce
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:14 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
cf-cache-status
HIT
via
1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
x-amz-cf-pop
YUL62-C1
age
102481
x-cache
Miss from cloudfront
cross-origin-resource-policy
cross-origin
last-modified
Tue, 06 Feb 2024 20:33:54 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/x-icon
cache-control
public, max-age=2589970
cf-ray
87b568a30ae313b3-IAD
x-dw-request-base-id
OYfN11xlLGYBAAB_
x-amz-cf-id
p17SWjDHGRoNxzsawWmzERkqDQsEqK4A5aHrQGb41QcLrhbZDrAtzg==
expires
Mon, 27 May 2024 02:39:24 GMT
026686025.jpg
www.bathandbodyworks.ca/dw/image/v2/BGFZ_PRD/on/demandware.static/-/Sites-bbw_ca-storefront-catalog/default/dwceb7156d/hires/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bathandbodyworks.ca/dw/image/v2/BGFZ_PRD/on/demandware.static/-/Sites-bbw_ca-storefront-catalog/default/dwceb7156d/hires/026686025.jpg?sw=360&sh=270&sm=fit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-84.yul62.r.cloudfront.net
Software
cloudflare /
Resource Hash
4069ed858066df447e04b4cb5e1caae979b6d5a4d489273c65c6a6e29d401d14
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:14 GMT
via
1.1 5451b84324d9bca0bdd03e4c4009ae10.cloudfront.net (CloudFront), 1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
IAD50-C2, YUL62-C1
x-amz-meta-cleanquerystring
sw=360&sh=270&sm=fit
cf-polished
degrade=85, origSize=6129
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
age
909272
content-length
5019
x-amz-expiration
expiry-date="Wed, 03 Jul 2024 00:00:00 GMT", rule-id="transform_cache_ttl"
cf-bgj
imgq:85,h2pri
last-modified
Sat, 03 Jun 2023 10:31:59 GMT
server
cloudflare
etag
"5a1fb27bda50ab24875590a77cdcd358"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
87b568a3ee9e39a6-IAD
x-amz-cf-id
hu8KVBtj-sPvvYdtE0793-xtMS1yjUOICzHeNYAR02LS2bd0S0Kezg==
026686019.jpg
www.bathandbodyworks.ca/dw/image/v2/BGFZ_PRD/on/demandware.static/-/Sites-bbw_ca-storefront-catalog/default/dw082a985d/hires/ 		9 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bathandbodyworks.ca/dw/image/v2/BGFZ_PRD/on/demandware.static/-/Sites-bbw_ca-storefront-catalog/default/dw082a985d/hires/026686019.jpg?sw=360&sh=270&sm=fit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-84.yul62.r.cloudfront.net
Software
cloudflare /
Resource Hash
5ab21e8a715ce880d23e6be1ca8fe11e8f25381296afe63470ae7b6774fb3273
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:14 GMT
via
1.1 13af704549c5ac5d9fb78e3b737019ec.cloudfront.net (CloudFront), 1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
IAD50-C2, YUL62-C1
x-amz-meta-cleanquerystring
sw=360&sh=270&sm=fit
cf-polished
degrade=85, origSize=10226
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
age
915958
content-length
9520
x-amz-expiration
expiry-date="Mon, 21 Oct 2024 00:00:00 GMT", rule-id="transform_cache_ttl"
cf-bgj
imgq:85,h2pri
last-modified
Thu, 21 Sep 2023 10:40:34 GMT
server
cloudflare
etag
"54fef71e7dcff6a91e9af8bffe698794"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
87b568a3eb3205a5-IAD
x-amz-cf-id
OOnZuMkdLPmHys-58t6On6mVdoHQNpIl9_UmOAv5DWrhqp9nIhPk_Q==
__Analytics-Start
www.bathandbodyworks.ca/on/demandware.store/Sites-BBW_CA-Site/en_CA/ 		35 B
488 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bathandbodyworks.ca/on/demandware.store/Sites-BBW_CA-Site/en_CA/__Analytics-Start?url=https%3A%2F%2Fwww.bathandbodyworks.ca%2F&res=1600x1200&cookie=1&ref=&title=Bath%20%26%20Body%20Works%20Canada%3A%20Body%20Care%20%26%20Home%20Fragrances%20You%27ll%20Love!&pdf=1&qt=0&realp=0&wma=0&dir=0&fla=0&java=0&gears=0&ag=0&dwac=0.6929647039749058&cmpn=&tz=Canada/Eastern&pcc=CAD&pct=&pcat=&pid-0=026291248&pev-0=event3&evr4-0=Yes&pid-1=026291252&pev-1=event3&evr4-1=Yes&pid-2=026291244&pev-2=event3&evr4-2=Yes&pid-3=028001061&pev-3=event3&evr4-3=Yes&pid-4=028003403&pev-4=event3&evr4-4=Yes&pid-5=028001000&pev-5=event3&evr4-5=Yes&pid-6=026291245&pev-6=event3&evr4-6=Yes&pid-7=028001120&pev-7=event3&evr4-7=Yes&pid-8=028001284&pev-8=event3&evr4-8=Yes&pid-9=028001265&pev-9=event3&evr4-9=Yes&pid-10=026467195&pev-10=event3&evr4-10=Yes&pid-11=028002140&pev-11=event3&evr4-11=Yes&pid-12=028002132&pev-12=event3&evr4-12=Yes&pid-13=026686019&pev-13=event3&evr4-13=Yes&pid-14=028002131&pev-14=event3&evr4-14=Yes&pid-15=026686025&pev-15=event3&evr4-15=Yes&pid-16=026793217&pev-16=event3&evr4-16=Yes&dw_dnt=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.195.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-195-84.yul62.r.cloudfront.net
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 28 Apr 2024 07:41:14 GMT
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
cf-cache-status
DYNAMIC
x-amz-cf-pop
YUL62-C1
x-cache
Miss from cloudfront
content-length
35
pragma
no-cache
server
cloudflare
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
accept-ranges
bytes
cf-ray
87b568a6acd213b3-IAD
x-dw-request-base-id
OYcBnZr9LWYBAAB_
x-amz-cf-id
1fsizZFfiwIMmiTr8vCpXyegNF_6XVmckN-UqMgFG2gxh_eeBg7T3A==
expires
Thu, 01 Dec 1994 16:00:00 GMT
bbwca
ingest.quantummetric.com/horizon/ Frame 89EC 		90 B
253 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ingest.quantummetric.com/horizon/bbwca?T=B&u=https%3A%2F%2Fwww.bathandbodyworks.ca%2F&t=1714290074122&v=1714290075249&S=0&N=0&P=0&z=1
Requested by
Host: cdn.quantummetric.com
URL: https://cdn.quantummetric.com/qscripts/quantum-bbwca.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.134.85.232 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
232.85.134.34.bc.googleusercontent.com
Software
/
Resource Hash
622289b41f455b478a6f5179065b9134e30b11a2b2eb22d8a4f1c831f601b245
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.bathandbodyworks.ca
date
Sun, 28 Apr 2024 07:41:15 GMT
strict-transport-security
max-age=31536000
access-control-allow-credentials
true
content-length
90
content-type
application/json
/
bbwca-sync.quantummetric.com/ Frame 89EC 		0
653 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bbwca-sync.quantummetric.com/?T=B&u=https%3A%2F%2Fwww.bathandbodyworks.ca%2F&t=1714290074122&v=1714290075437&H=9bfd2d66f215c0150ce61c60&s=d65e24fee9b906f55d931c1840b488d7&Q=1&Y=1&X=2ce8a2747b5d46c079625df9b8cb329c&z=1
Requested by
Host: cdn.quantummetric.com
URL: https://cdn.quantummetric.com/qscripts/quantum-bbwca.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.225.143.12 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
12.143.225.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.quantummetric.com; connect-src * ws:; frame-src * data: blob:; font-src * data: blob:; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.quantummetric.com https://app.getbeamer.com https://backend.getbeamer.com https://realtime.getbeamer.com https://static.getbeamer.com https://ajax.googleapis.com https://static.zdassets.com https://*.appcues.com https://*.appcues.net https://*.qualtrics.com; style-src 'self' 'unsafe-inline' *.quantummetric.com https://fonts.googleapis.com https://app.getbeamer.com https://*.appcues.com https://*.appcues.net;
Strict-Transport-Security max-age=31536000; includeSubDomains;

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

date
Sun, 28 Apr 2024 07:41:15 GMT
strict-transport-security
max-age=31536000; includeSubDomains;
content-security-policy
default-src 'self' *.quantummetric.com; connect-src * ws:; frame-src * data: blob:; font-src * data: blob:; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.quantummetric.com https://app.getbeamer.com https://backend.getbeamer.com https://realtime.getbeamer.com https://static.getbeamer.com https://ajax.googleapis.com https://static.zdassets.com https://*.appcues.com https://*.appcues.net https://*.qualtrics.com; style-src 'self' 'unsafe-inline' *.quantummetric.com https://fonts.googleapis.com https://app.getbeamer.com https://*.appcues.com https://*.appcues.net;
server
nginx
content-type
application/json
access-control-allow-origin
https://www.bathandbodyworks.ca
access-control-allow-credentials
true
x-robots-tag
noindex
content-length
0
bbwca
ingest.quantummetric.com/horizon/ Frame 89EC 		0
152 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ingest.quantummetric.com/horizon/bbwca?T=B&u=https%3A%2F%2Fwww.bathandbodyworks.ca%2F&t=1714290074122&v=1714290075450&H=9bfd2d66f215c0150ce61c60&s=d65e24fee9b906f55d931c1840b488d7&U=460dedef238cacbe7b3ccd9e26da4120&Q=2&S=0&N=0&z=1
Requested by
Host: cdn.quantummetric.com
URL: https://cdn.quantummetric.com/qscripts/quantum-bbwca.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.134.85.232 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
232.85.134.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.bathandbodyworks.ca
date
Sun, 28 Apr 2024 07:41:15 GMT
strict-transport-security
max-age=31536000
access-control-allow-credentials
true
content-length
0
content-type
application/json
bbwca
ingest.quantummetric.com/horizon/ Frame 89EC 		0
152 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ingest.quantummetric.com/horizon/bbwca?T=B&u=https%3A%2F%2Fwww.bathandbodyworks.ca%2F&t=1714290074122&v=1714290075554&H=9bfd2d66f215c0150ce61c60&s=d65e24fee9b906f55d931c1840b488d7&S=1019&N=2&P=1&z=1
Requested by
Host: cdn.quantummetric.com
URL: https://cdn.quantummetric.com/qscripts/quantum-bbwca.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.134.85.232 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
232.85.134.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.bathandbodyworks.ca
date
Sun, 28 Apr 2024 07:41:15 GMT
strict-transport-security
max-age=31536000
access-control-allow-credentials
true
content-length
0
content-type
application/json
hash-check
rl.quantummetric.com/bbwca/ Frame 89EC 		2 B
233 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://rl.quantummetric.com/bbwca/hash-check
Requested by
Host: cdn.quantummetric.com
URL: https://cdn.quantummetric.com/qscripts/quantum-bbwca.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.66.3.160 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
160.3.66.34.bc.googleusercontent.com
Software
/
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

date
Sun, 28 Apr 2024 07:41:16 GMT
strict-transport-security
max-age=15724800; includeSubDomains
vary
Origin
access-control-allow-methods
*
content-type
text/plain; charset=utf-8
access-control-allow-origin
https://www.bathandbodyworks.ca
access-control-allow-credentials
true
content-length
2
hash-check
rl.quantummetric.com/bbwca/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://rl.quantummetric.com/bbwca/hash-check
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.66.3.160 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
160.3.66.34.bc.googleusercontent.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.bathandbodyworks.ca
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type
access-control-allow-methods
*
access-control-allow-origin
https://www.bathandbodyworks.ca
content-length
0
date
Sun, 28 Apr 2024 07:41:16 GMT
strict-transport-security
max-age=15724800; includeSubDomains
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
bbwca
ingest.quantummetric.com/horizon/ Frame 89EC 		0
152 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ingest.quantummetric.com/horizon/bbwca?T=B&u=https%3A%2F%2Fwww.bathandbodyworks.ca%2F&t=1714290074122&v=1714290077749&H=9bfd2d66f215c0150ce61c60&s=d65e24fee9b906f55d931c1840b488d7&S=81533&N=300&P=2&z=1
Requested by
Host: cdn.quantummetric.com
URL: https://cdn.quantummetric.com/qscripts/quantum-bbwca.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.134.85.232 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
232.85.134.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.bathandbodyworks.ca
date
Sun, 28 Apr 2024 07:41:17 GMT
strict-transport-security
max-age=31536000
access-control-allow-credentials
true
content-length
0
content-type
application/json
bbwca
ingest.quantummetric.com/horizon/ Frame 89EC 		0
152 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ingest.quantummetric.com/horizon/bbwca?T=B&u=https%3A%2F%2Fwww.bathandbodyworks.ca%2F&t=1714290074122&v=1714290078001&H=9bfd2d66f215c0150ce61c60&s=d65e24fee9b906f55d931c1840b488d7&Q=2&S=537&N=1&z=1
Requested by
Host: cdn.quantummetric.com
URL: https://cdn.quantummetric.com/qscripts/quantum-bbwca.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
34.134.85.232 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
232.85.134.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.bathandbodyworks.ca
date
Sun, 28 Apr 2024 07:41:18 GMT
strict-transport-security
max-age=31536000
access-control-allow-credentials
true
content-length
0
content-type
application/json
collect
www.google-analytics.com/g/ 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-QTMQ58ZDWF&gtm=45je44o0v877791066z8848656376za200&_p=1714290072738&gcd=13l3l3l3l1&npa=0&dma=0&cid=1051872550.1714290073&ul=en-ca&sr=1600x1200&ir=1&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.78%7CGoogle%2520Chrome%3B124.0.6367.78%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_eu=EA&uid=Anonymous&sid=1714290073&sct=1&seg=0&dl=https%3A%2F%2Fwww.bathandbodyworks.ca%2F&dt=Bath%20%26%20Body%20Works%20Canada%3A%20Body%20Care%20%26%20Home%20Fragrances%20You%27ll%20Love!&_s=2&tfd=6648
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-QTMQ58ZDWF&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.239.38.178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://www.bathandbodyworks.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Sun, 28 Apr 2024 07:41:18 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.bathandbodyworks.ca
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

104 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 function| Animation function| replaceImage function| jRespond object| OneTrustStub function| OptanonWrapper object| _etmc object| _etmc_temp function| waitFortokenizeBase function| waitForauthorizedBase function| waitForBase object| Radial boolean| isPaused number| waitTime number| TRACE number| DEBUG number| INFO number| WARN number| ERROR number| FATAL undefined| songbirdLoadLog boolean| songbirdLoadCompleted number| songbirdWaitTimeFactor number| cardinalInitWaitTimeFactor number| songbirdLoadWaitCounter number| cardinalInitWaitCounter string| originUrl object| values string| restBaseUrl function| LogTemplate function| LogEntry function| createLog function| sendLogs function| getLoggerLevel object| logList boolean| isIE function| loadPaymentsWebpackCallback undefined| radialSetupStartTime object| current_script object| dw object| CQuotient object| dataLayer object| cbtSitePreferences object| __core-js_shared__ object| core function| _ function| mccEventLoader string| func_name object| args string| collect_url object| zEWebpackACJsonp function| zE function| zEmbed object| zESettings function| trackPage function| $ function| jQuery boolean| jResInitFlag string| currentBreakpoint object| jRes function| Cleave object| mutables object| picturefillCFG function| picturefill string| OnetrustActiveGroups string| OptanonActiveGroups object| otStubData object| lazySizes function| _typeof boolean| zEACLoaded function| DOMContentLoaded object| Optanon object| OneTrust function| $zopim object| google_tag_manager object| google_tag_data function| fbq function| _fbq object| uetq string| GoogleAnalyticsObject function| ga function| ttd_dom_ready function| TTDUniversalPixelApi object| ttdPixel function| onYouTubeIframeAPIReady object| gaGlobal undefined| productNameSkuQty function| consoleError string| qmErrString function| QuantumMetricInstrumentationStart object| QuantumMetricAPI function| UET function| UET_init function| UET_push object| ueto_be3a30bd8d object| gaplugins object| gaData function| _ga_originalSendHitTask string| e string| loggedInStatus

36 Cookies

Domain/Path Name / Value
www.bathandbodyworks.ca/ Name: dwac_b56309bc9dc70cf74c4727733a
Value: KkQrIzs7UkD5_Cj5EL4dCZXLlFMKF-6XVNs%3D|dw-only|||CAD|false|Canada%2FEastern|true
www.bathandbodyworks.ca/ Name: cqcid
Value: bdMbFnvYvKLv4T2acqAPejiJtV
www.bathandbodyworks.ca/ Name: cquid
Value: ||
www.bathandbodyworks.ca/ Name: sid
Value: KkQrIzs7UkD5_Cj5EL4dCZXLlFMKF-6XVNs
www.bathandbodyworks.ca/ Name: dwanonymous_9cacda7888b6b3c82c79a1615d1865f5
Value: bdMbFnvYvKLv4T2acqAPejiJtV
www.bathandbodyworks.ca/ Name: __cq_dnt
Value: 0
www.bathandbodyworks.ca/ Name: dw_dnt
Value: 0
www.bathandbodyworks.ca/ Name: dwsid
Value: XFMWflm7hti5BVl_zOnLsePcqQ5olzoPFCLEdIKwZKMjvnNNhekp-KIc0fksTqGYiN34JxFpJvjWmXK_hfFUmQ==
.igodigital.com/ Name: igodigitaltc2
Value: afa9692e-0532-11ef-bcaa-5e67fac3a5ff
.igodigital.com/ Name: igodigitalst_7316103
Value: afa9705e-0532-11ef-bcaa-5e67fac3a5ff
.igodigital.com/ Name: igodigitalstdomain
Value: 1147305
www.bathandbodyworks.ca/ Name: EmailSignupModalDismissalCA
Value: true
www.bathandbodyworks.ca/ Name: EmailSignupModalDismissalCALocale
Value: en_CA
.bathandbodyworks.ca/ Name: _gcl_au
Value: 1.1.892098397.1714290073
.bathandbodyworks.ca/ Name: OptanonConsent
Value: isGpcEnabled=0&datestamp=Sun+Apr+28+2024+00%3A41%3A13+GMT-0700+(Pacific+Daylight+Saving+Time)&version=202310.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&consentId=0a52d388-5e75-46fe-ad82-683e42f74b58&interactionCount=0&landingPath=https%3A%2F%2Fwww.bathandbodyworks.ca%2F&groups=C0001%3A1%2CC0017%3A1%2CC0003%3A1%2CC0004%3A1
.bathandbodyworks.ca/ Name: _uetsid
Value: b0259fb0053211ef96ad61f154273c18
.bathandbodyworks.ca/ Name: _uetvid
Value: b025b950053211efb3acf74b4c2c3df8
widget-mediator.zopim.com/ Name: AWSALBCORS
Value: JFTfVpJOfYE4t6upvZfn8SxaPKm5Hz3IXmqjl65cXf9xaQ7YbXObg6QvkLywfzlDnIGvFAp2SBda1flTS1JsWFesCaJVLBbUWBzSsvazUvp5H7ZisNmNT2xa9ZVX
.bathandbodyworks.ca/ Name: _ga
Value: GA1.2.1051872550.1714290073
.bathandbodyworks.ca/ Name: _gid
Value: GA1.2.75198814.1714290073
.bathandbodyworks.ca/ Name: _gat_UA-202372494-1
Value: 1
.bing.com/ Name: MUID
Value: 0353D244305F60B634D4C62B31F56148
.bat.bing.com/ Name: MR
Value: 0
.bathandbodyworks.ca/ Name: _ga_QTMQ58ZDWF
Value: GS1.1.1714290073.1.0.1714290073.0.0.0
.cquotient.com/ Name: uuid
Value: bdMbFnvYvKLv4T2acqAPejiJtV
.bathandbodyworks.ca/ Name: _fbp
Value: fb.1.1714290073773.1178368212
.bathandbodyworks.ca/ Name: __zlcmid
Value: 1LVmg6R2XH9nUug
.bathandbodyworks.ca/ Name: __cq_uuid
Value: bdMbFnvYvKLv4T2acqAPejiJtV
.adsrvr.org/ Name: TDID
Value: 860c0be7-b0c8-4132-a979-cd0e79b4ad5a
.adnxs.com/ Name: receive-cookie-deprecation
Value: 1
.doubleclick.net/ Name: IDE
Value: AHWqTUnQDFjy_bvDjz-XhSlUlORF7BaYeYReERgFXgYUVha4Wh2N0Xl1m3yym5MFPAA
.rubiconproject.com/ Name: khaos
Value: LVJ81R38-N-7PWM
.rubiconproject.com/ Name: audit
Value: 1|RV5BRK3Xcahu9xOtCgd4Ajw6E0kELM8TM2LVoTw2vIO6DKtRtV0ye7bOqEHhHge2RQLXXmQKjJeM1KxoLazIt9i2Wk5FrGos0XY24Ec+XLts+dAeRbNtvTp/aWqRA4lOfIrQEKzcEl3Y13W0hsftqFauUKU1xrYzF64gtd3/XepbOz6AjJtUa8ZnH3r7x5VAdeodiyl5GGjkt77VmXBK7kiCfUmSYXqD+ohH/uuQN8oOr/S07bYDcYQkZmofZQkSVSwKu1RXSJT0/fhu8/pkBO4VeIulq+4M1TRwmTZWV3Xc6UO785F0Pw==
.adsrvr.org/ Name: TDCPM
Value: CAESFQoGZ29vZ2xlEgsI5p-m0pPY8zwQBRIWCgdydWJpY29uEgsI1MCm0pPY8zwQBRIXCghhcHBuZXh1cxILCLbiptKT2PM8EAUYBSABKAMyCwi4-qj_qdjzPBAFQg8iDQgBEgkKBXRpZXIzEAFaB3hoZGkzNjhgAQ..
.bathandbodyworks.ca/ Name: QuantumMetricSessionID
Value: d65e24fee9b906f55d931c1840b488d7
.bathandbodyworks.ca/ Name: QuantumMetricUserID
Value: 460dedef238cacbe7b3ccd9e26da4120

26 Console Messages

Source Level URL
Text
other warning URL: https://www.bathandbodyworks.ca/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.bathandbodyworks.ca/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://connect.facebook.net/signals/config/893104011554550?v=2.9.154&r=stable&domain=www.bathandbodyworks.ca&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105(Line 107)
Message:
Unrecognized feature: 'attribution-reporting'.
other warning URL: https://www.bathandbodyworks.ca/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.bathandbodyworks.ca/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.bathandbodyworks.ca/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.bathandbodyworks.ca/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.bathandbodyworks.ca/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.bathandbodyworks.ca/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.bathandbodyworks.ca/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.bathandbodyworks.ca/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.bathandbodyworks.ca/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.bathandbodyworks.ca/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.bathandbodyworks.ca/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.bathandbodyworks.ca/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.bathandbodyworks.ca/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.bathandbodyworks.ca/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.bathandbodyworks.ca/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.bathandbodyworks.ca/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.bathandbodyworks.ca/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.bathandbodyworks.ca/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.bathandbodyworks.ca/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.bathandbodyworks.ca/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.bathandbodyworks.ca/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.bathandbodyworks.ca/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.bathandbodyworks.ca/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

7316103.collect.igodigital.com
bat.bing.com
bathandbodyworkscc.zendesk.com
bbwca-sync.quantummetric.com
cdn.cookielaw.org
cdn.cquotient.com
cdn.quantummetric.com
connect.facebook.net
e.cquotient.com
ekr.zdassets.com
fonts.googleapis.com
geolocation.onetrust.com
hostedpayments.radial.com
ingest.quantummetric.com
insight.adsrvr.org
js.adsrvr.org
match.adsrvr.org
nova.collect.igodigital.com
p.cquotient.com
rl.quantummetric.com
static.zdassets.com
stats.g.doubleclick.net
www.bathandbodyworks.ca
www.facebook.com
www.google-analytics.com
www.googletagmanager.com
104.16.51.111
104.18.32.137
104.18.70.113
104.18.72.113
104.19.177.52
104.22.53.252
13.225.195.84
142.251.111.155
142.251.111.97
172.253.115.95
204.79.197.237
216.239.38.178
3.136.242.212
3.161.209.109
3.162.4.149
31.13.66.19
31.13.66.35
34.134.85.232
34.192.218.136
34.225.115.81
34.66.3.160
35.225.143.12
52.223.40.198
01050a730fedaba86de32287827f43d81f86768bbccd32ccd999d103d44154ae
01e9582655224c83e6c075f44b7eecb135e108b6ad2150bf6f78a0a77c4ad5e0
05069cc62b394b6ecc2daf3c51b4b2ba7f6cc8735988e8234487234af47eceee
058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c
0a1309d2ccff026ab4dcf050977befc877505115e4777e240fa328b1781c63ae
0b0a210e89ac35b54a9b4ccb0336ea91c561e6dc5f8bda49574da98d40799c6e
0bc8cfc9ab6bc84fe0d769da97187ca2a4a2b8d720764471b9dfc6356f9a8b9f
137026282609c5ef1288e13b73a1cd6f1a6ef4d3e139f27cf9e49c04c3e77808
14eefa3f54b37c5618ae9b2e4b3f17b25fb99882be2f25dc6539bd70d8af3c7b
1741c129931b57da7e105b407dd6c21f8ae80ed2910b4ec7b7224d30860adb96
1e4e6657efabad62e5374766366f83f939a65931040b18c9b4002c136ecdab23
210eaa5c6d21df2fd80fd304d7f0ce3c59c51d988f4e57f00faa65eb6a07eca4
2384a7a942da2487510dc7a688c154732481877d545dab05419a4793bf45d246
24b711c3998191cf7608c12d15887d9d87320ed1dc12b06ce983a68f584809f9
3a95689e90e588b166f7b3ecd334959a2d6a3da1d73d557c8fb72fa10cf465dd
3b38011263a3ccdf79a17243120ef47fdf7dbaef189937115675090d39efc59b
3cbd1e99d6b13f5b390cd3cf665c2f4b26ea1f31385dfc48ae602626b5a8fa12
3d9120fa621da6d613c1698b7014ec6bdf4620366e8f2b7b547059f4b6f6272b
3e7938fd5c17bb1b600de328beb4372fd16d07ef78ec200436f4b683d465ffa0
3ee2ee943900eb4065cbc4fd98dae33f441e549ef61a1f62ab985dca8b07d34b
3ef97c872ee8199f094bbde0f22d34c3fbdf786330ab2ec9eb5e540aa073e3d8
4069ed858066df447e04b4cb5e1caae979b6d5a4d489273c65c6a6e29d401d14
410b8bb543fe7d0651d9c8ad0365d0c4a0fbe3edfafc6d9e1227e137bc216f67
4191232023ff6d3cd1527f1b76b7bd1f2687302bc8f55f5e041781c2eee58dcf
4283b7de52bd36949abd99c7f8f7a1301ecf3d67f60658fa8c6854eadcb91950
463faad63e59f653f8367ca1bd38629a240ebd4f2165c313e660933acc322b04
46457384633208f30ed19d2dae892aacf4a57991bb7c2986e2d572189ab0bbe6
488b3c339c35ade0912021302abc8ec57ee61927dbff14816b426fe618768baa
49d099626ec42e634441708d66bc30f119f645c8c84861425adf3df43ece29ed
4a74ee3ace70bec77c0d6ea49ed5580a749e52fd20ab94f2ad6a9f66e30a6665
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
52aded04030e9e84ef654af5546348db64caff84e05b7d1ff0b5d9b4be51d153
5ab21e8a715ce880d23e6be1ca8fe11e8f25381296afe63470ae7b6774fb3273
5bda905693ffed32df95f79a8eeac1fbf062630de05f48875e109c35681e2331
5e36abce7ddbde18b1220dc12a1f8a5ac252141f11375e148e2e0ee8e7fce2b9
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
622289b41f455b478a6f5179065b9134e30b11a2b2eb22d8a4f1c831f601b245
624e86189772b537bac6cdd7473595a69d9b90241203e2422fb4b5f0aa8e7014
63597cf8ff61996a7b945498413fbf409d8eedf759d382cc67bedd370d7adb23
66827a7de4d192bbf118b720734b9d68755007b08cd4d8197a3e39b4726879f2
66db64c3240ecbdabe58b7c81a1f160fa8229232e3d34bf9b812bc7954f1935f
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
6a58760a6a66b6056d0935178a3a042cd9d842cad9d1ffa38bb939de3dd1d1ce
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6ba279aae921839aca81fa1836683652017d0053514befa87d9221609b1357c6
6f08699117c1f15f6d35e7b4380d12d18a1881f075e177b5853b1017a3307544
709de1b955852f8d94747824000c07f253a89a03078941703df9859d2e75c252
75d355943e432d32c10165410c17881dabdef8d0f9215f84a56418d676c23087
7651dc32bb4500f625221f9abed5493e02680f4a7822495f2b5bda96e9875473
7e534242fe6ae720126f090f0ff28ddb80822fd06d1e95fad247b1ac27fb0936
7f4ac95d1ab40c0d78d98acf1da862b901ce896b43f738c7b1731c986a612bf4
8112d1a494c3eee64d38c471f7dce0316aa16ea3ecbe18eda5cc01ca6e83d210
823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
85800e685a127fa2bb094a05342f41b8ef10ec1062eb6cf1432e258bdf1ad0bb
88cd1dcb89e096dad2c1534755269149237d8ea9397acc80db10d669b495f1a7
893fa7fe8b6e69e2828319c04a7cbb6f129ea820db695d4ced5757d59450b6a8
8aafc23886fc4faed27711d3d7c9d10ffee3b60a83c152cbf15a661f7e07012b
8abeac43eeff839541335f86bb9fa275f989a99311faa18f3e49ae62471114db
8d4c1db85d50200f95edd51f5d03dc76121c98237747bd02111897d0d6567382
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
93e5062a715eeead8aea9413daddb8918219d84023fd55a3e302857c392ec423
965cba95c928e95003ce37271090406eaa7d5c2d955230a785b2b3be8a9a17f5
9853e7ee2f1807d61ea20cd49da857438509e4097c8e46cc417a79cd7ccb1885
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
9c1501806b356ebbe6ed15dbad641daba088ab74c5cbb80b469911a3966c010e
a21d2ad8d5bb69e81d1f6fd0e3f84c27bd7bc5558ce6baadd520a913b26a9c11
a29e4af6aa6a95982d1092a20f0068173b9a9d5df0a89bc99da556aebec3ce54
a48fd35c61908d912b5ac9e1face12e0962a0d9ecc8679e87db4031697cec54e
a64f799b2116f3da8ceabfee50a26fbcbc7950ee4be81780174e738843a03e24
a75c9de995acd82559e8116834e754944ce7bb91abd7bdf414e005509b4670d5
a7d87091d363393cdfb559f44f41e447f70b67917b9dedb3e97c2a8d476e1ea8
a9b2a97b95ecaab1920aba84b26169c23a38e0513c2d4423ab9c0102b96cb195
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b66c67d0eba97c7443420e38822e1f6f6c80a674f3a42b616480d5fda4f27fb4
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bf41d670ae2c0154c87722b9f154bce56934a043af9655886b2eccafa4ead865
c345f80b553a73c1332c0b5b038758c5fef27f5034065ee783037d5422eb1761
c3d7eeb2ab0112f6b2664922bedd08b1bfe8f4e881d89596bc936d3168cf4899
c47fa7768df06b591d64141556669e9378917109559cc669d050f082c62b0264
ca4a8ac37d52ee0b7e4c09b000bdbeff886e08a725e9d7249e651bedd76dc0cc
ce337ec7dda4b3a741363a2673c7edce5c736f1660e2aa908131ecfd9dd1343f
cf8f32ba274c51f95e3c6760360d46785b37a2e5be29967f229c5b24ed6d122b
d3f7b0ec4de079928a999641e781e80f33597a392a561bc460276dfb4efb6eec
d9ff155d66740b96f031b62e57a566148f0fb35e16223db0b349f39e51b7bd5d
dc02bdeae2dad0e17a3ad06f77cd98993ca6443762db26ca69f4377c6b43964e
dd95c6bf84e13c5e355fbda63b280f1a8858f25cb96f392d104fc8c4bb0f0143
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e062b0348e9bac9f262578fde6fa15107de433143e9ee2357f6cd22eccf5b1c6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4065244fd66af0ce369f011a25213fc24a61d21f15aa0ee1d802a81147a369c
e60df0432714c9ab20426b8909af3c2e09e72b78233ecc70897ef8c5aa6a42ae
e71844ff80c7c21c528a79554dffed44055e3e22fa56b39a38bf70f39b435eeb
ea5db5581e262d77d1a43fbb3f0fa3661b51d097b40ca38f584b4943f47cf2e0
ea6a2acc0548e0a2b8ff7d65d97626bd7f896d6296442819b5b01112959db0da
ee852f6cdceaf6651cbfd679438c4a3c78b99543850bf7d830f8362788d4112b
f90943a1560aca3f9e6077d33cd21aa43e81d3235e220fe760326cab9b183439
fac90e3fae6b4554d908c9518ae6ad788d3ccd470bd5eaf62e70c5db9bf90531
fce36f490ff2993a6cd7d983cf2026b27e079115ea9d111920d90f663d34ddc3
fe538972d6be5cf5f1611e7a5ec5091a2fb04523c1aa6260a9fb6940613b3087
feeb83e3a11fb74465e062a5081f1f6f573ef66197f218a3a86447fefe3166f6