urlscan.io logo urlscan.io
SecurityTrails logo

www.lululemonstudio.ca Open in urlscan Pro
2606:4700::6812:75b  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://checkout.lululemonstudio.ca/
Effective URL: https://www.lululemonstudio.ca/
Submission Tags: @phish_report
Submission: On May 04 via api from FI — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 20 IPs in 3 countries across 17 domains to perform 81 HTTP transactions. The main IP is 2606:4700::6812:75b, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.lululemonstudio.ca.
TLS certificate: Issued by GTS CA 1P5 on March 6th 2024. Valid for: 3 months.
This is the only time www.lululemonstudio.ca was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
17 2620:127:f00f... 13335 (CLOUDFLAR...)
1 2620:127:f00f... 13335 (CLOUDFLAR...)
1 1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 24 2606:4700::68... 13335 (CLOUDFLAR...)
1 35.186.249.72 15169 (GOOGLE)
4 162.159.140.33 13335 (CLOUDFLAR...)
1 34.120.195.249 396982 (GOOGLE-CL...)
2 13.224.214.17 16509 (AMAZON-02)
10 13.224.207.4 16509 (AMAZON-02)
2 13.224.214.62 16509 (AMAZON-02)
4 2606:4700::68... 13335 (CLOUDFLAR...)
1 54.69.251.6 16509 (AMAZON-02)
2 2a03:2880:f00... 32934 (FACEBOOK)
2 35.201.112.186 396982 (GOOGLE-CL...)
1 2607:f8b0:400... 15169 (GOOGLE)
3 2600:9000:26a... 16509 (AMAZON-02)
1 35.186.194.58 15169 (GOOGLE)
1 2a03:2880:f10... 32934 (FACEBOOK)
2 104.18.43.135 13335 (CLOUDFLAR...)
1 104.18.39.221 13335 (CLOUDFLAR...)
2 3.161.213.67 16509 (AMAZON-02)
81 20
17    2620:127:f00f:e:: (Canada)

ASN13335 (CLOUDFLARENET, US)
checkout.lululemonstudio.ca
1    2620:127:f00f:ff00:: (Canada)

ASN13335 (CLOUDFLARENET, US)
shop.app
1    2606:4700:10::ac43:76b (United States)

ASN13335 (CLOUDFLARENET, US)
mirrorcanada.com
24    2606:4700::6812:75b (United States)

ASN13335 (CLOUDFLARENET, US)
lululemonstudio.ca
www.lululemonstudio.ca
1    35.186.249.72 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 72.249.186.35.bc.googleusercontent.com
d.impactradius-event.com
4    162.159.140.33 (None, )

ASN13335 (CLOUDFLARENET, US)
cdn1.affirm.ca
api-cf.affirm.ca
www.affirm.ca
1    34.120.195.249 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 249.195.120.34.bc.googleusercontent.com
o251128.ingest.sentry.io
2    13.224.214.17 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-214-17.phl50.r.cloudfront.net
js.stripe.com
10    13.224.207.4 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-207-4.phl50.r.cloudfront.net
cdn.segment.com
2    13.224.214.62 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-214-62.phl50.r.cloudfront.net
js.stripe.com
4    2606:4700::6813:a741 (United States)

ASN13335 (CLOUDFLARENET, US)
res.cloudinary.com
1    54.69.251.6 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-69-251-6.us-west-2.compute.amazonaws.com
api.segment.io
2    2a03:2880:f003:c0e:face:b00c:0:3 (Ashburn, United States)

ASN32934 (FACEBOOK, US)
connect.facebook.net
2    35.201.112.186 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 186.112.201.35.bc.googleusercontent.com
edge.fullstory.com
1    2607:f8b0:4004:c19::61 (Washington, United States)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
3    2600:9000:26a0:5c00:1c:9484:cec0:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.attn.tv
1    35.186.194.58 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 58.194.186.35.bc.googleusercontent.com
rs.fullstory.com
1    2a03:2880:f103:83:face:b00c:0:25de (Ashburn, United States)

ASN32934 (FACEBOOK, US)
www.facebook.com
2    104.18.43.135 (None, )

ASN13335 (CLOUDFLARENET, US)
mirror-ca.attn.tv
1    104.18.39.221 (None, )

ASN13335 (CLOUDFLARENET, US)
events.attentivemobile.com
2    3.161.213.67 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-161-213-67.yul62.r.cloudfront.net
cdn.kustomerapp.com
Apex Domain
Subdomains		 Transfer
41 lululemonstudio.ca
checkout.lululemonstudio.ca
lululemonstudio.ca
www.lululemonstudio.ca
1 MB
10 segment.com
cdn.segment.com — Cisco Umbrella Rank: 1845
88 KB
5 attn.tv
cdn.attn.tv — Cisco Umbrella Rank: 4152
mirror-ca.attn.tv
47 KB
4 cloudinary.com
res.cloudinary.com — Cisco Umbrella Rank: 2449
109 KB
4 stripe.com
js.stripe.com — Cisco Umbrella Rank: 1088
148 KB
4 affirm.ca
cdn1.affirm.ca — Cisco Umbrella Rank: 333352
api-cf.affirm.ca — Cisco Umbrella Rank: 216996
www.affirm.ca — Cisco Umbrella Rank: 192588
150 KB
3 fullstory.com
edge.fullstory.com — Cisco Umbrella Rank: 2197
rs.fullstory.com — Cisco Umbrella Rank: 2240
75 KB
2 kustomerapp.com
cdn.kustomerapp.com — Cisco Umbrella Rank: 18208
13 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 183
72 KB
1 attentivemobile.com
events.attentivemobile.com — Cisco Umbrella Rank: 3904
260 B
1 facebook.com
www.facebook.com — Cisco Umbrella Rank: 101
274 B
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
82 KB
1 segment.io
api.segment.io — Cisco Umbrella Rank: 1425
179 B
1 sentry.io
o251128.ingest.sentry.io
308 B
1 impactradius-event.com
d.impactradius-event.com — Cisco Umbrella Rank: 4072
16 KB
1 mirrorcanada.com
mirrorcanada.com
155 B
1 shop.app
shop.app — Cisco Umbrella Rank: 3102
551 B
81 17
Domain Requested by
23 www.lululemonstudio.ca checkout.lululemonstudio.ca
www.lululemonstudio.ca
17 checkout.lululemonstudio.ca checkout.lululemonstudio.ca
www.lululemonstudio.ca
10 cdn.segment.com www.lululemonstudio.ca
cdn.segment.com
4 res.cloudinary.com www.lululemonstudio.ca
4 js.stripe.com www.lululemonstudio.ca
js.stripe.com
3 cdn.attn.tv www.googletagmanager.com
cdn.attn.tv
2 cdn.kustomerapp.com checkout.lululemonstudio.ca
cdn.kustomerapp.com
2 mirror-ca.attn.tv www.lululemonstudio.ca
2 edge.fullstory.com cdn.segment.com
www.lululemonstudio.ca
2 connect.facebook.net cdn.segment.com
connect.facebook.net
2 www.affirm.ca www.lululemonstudio.ca
1 events.attentivemobile.com cdn.attn.tv
1 www.facebook.com www.lululemonstudio.ca
1 rs.fullstory.com www.lululemonstudio.ca
1 www.googletagmanager.com cdn.segment.com
1 api.segment.io www.lululemonstudio.ca
1 api-cf.affirm.ca www.lululemonstudio.ca
1 o251128.ingest.sentry.io www.lululemonstudio.ca
1 cdn1.affirm.ca www.lululemonstudio.ca
1 d.impactradius-event.com www.lululemonstudio.ca
1 lululemonstudio.ca 1 redirects
1 mirrorcanada.com 1 redirects
1 shop.app checkout.lululemonstudio.ca
81 23
Subject Issuer Validity Valid
checkout.lululemonstudio.ca
R3		 2024-05-04 -
2024-08-02		 3 months crt.sh
shop.app
E1		 2024-03-27 -
2024-06-25		 3 months crt.sh
lululemonstudio.ca
GTS CA 1P5		 2024-03-06 -
2024-06-04		 3 months crt.sh
*.impactradius-event.com
Sectigo RSA Domain Validation Secure Server CA		 2023-12-08 -
2025-01-06		 a year crt.sh
affirm.ca
GTS CA 1P5		 2024-03-20 -
2024-06-18		 3 months crt.sh
ingest.sentry.io
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-11-02 -
2024-12-02		 a year crt.sh
a.stripecdn.com
DigiCert SHA2 Extended Validation Server CA		 2024-03-27 -
2024-06-27		 3 months crt.sh
*.segment.com
Amazon RSA 2048 M03		 2023-11-14 -
2024-12-13		 a year crt.sh
*.cloudinary.com
Go Daddy Secure Certificate Authority - G2		 2023-12-14 -
2024-06-22		 6 months crt.sh
*.segment.io
Amazon RSA 2048 M03		 2023-12-13 -
2025-01-11		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2024-02-11 -
2024-05-11		 3 months crt.sh
edge.fullstory.com
GTS CA 1D4		 2024-05-03 -
2024-08-01		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2024-04-16 -
2024-07-09		 3 months crt.sh
*.attn.tv
Amazon RSA 2048 M02		 2024-04-30 -
2025-05-28		 a year crt.sh
rs.fullstory.com
GTS CA 1D4		 2024-05-02 -
2024-07-31		 3 months crt.sh
attn.tv
GTS CA 1P5		 2024-04-25 -
2024-05-24		 a month crt.sh
attentivemobile.com
GTS CA 1P5		 2024-04-26 -
2024-05-24		 a month crt.sh
*.kustomerapp.com
Amazon RSA 2048 M02		 2023-12-15 -
2025-01-11		 a year crt.sh

This page contains 3 frames:

Primary Page: https://www.lululemonstudio.ca/
Frame ID: 23B8F9F8380A9F718296F8A793D6555C
Requests: 77 HTTP requests in this frame

Frame: https://js.stripe.com/v3/controller-with-preconnect-ba24daed42a54a44a0fcb76cc1282352.html
Frame ID: 5BE2D12BE0179E2ACCD1B1DD5DB198D3
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Frame ID: 16E6CDBA45D2F9AFD746F4A614B34623
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

lululemon Studio | 10,000+ Workout Classes

Page URL History Show full URLs

  1. http://checkout.lululemonstudio.ca/ HTTP 307
    https://checkout.lululemonstudio.ca/ Page URL
  2. https://mirrorcanada.com/ HTTP 301
    https://lululemonstudio.ca/ HTTP 301
    https://www.lululemonstudio.ca/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • js\.stripe\.com
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
Overall confidence: 100%
Detected patterns
  • d\.impactradius-event\.com
Overall confidence: 100%
Detected patterns
  • cdn\.segment\.com/analytics\.js

Page Statistics

81
Requests

100 %
HTTPS

43 %
IPv6

17
Domains

23
Subdomains

20
IPs

3
Countries

1886 kB
Transfer

6377 kB
Size

29
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://checkout.lululemonstudio.ca/ HTTP 307
    https://checkout.lululemonstudio.ca/ Page URL
  2. https://mirrorcanada.com/ HTTP 301
    https://lululemonstudio.ca/ HTTP 301
    https://www.lululemonstudio.ca/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://checkout.lululemonstudio.ca/ HTTP 307
  • https://checkout.lululemonstudio.ca/

81 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
checkout.lululemonstudio.ca/
Redirect Chain
  • http://checkout.lululemonstudio.ca/
  • https://checkout.lululemonstudio.ca/
239 KB
53 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://checkout.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:127:f00f:e:: , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
Strict-Transport-Security max-age=7889238
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
87e9943b88b4ab39-YYZ
content-encoding
br
content-language
en
content-security-policy
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
content-type
text/html; charset=utf-8
date
Sat, 04 May 2024 15:38:39 GMT
etag
"cacheable:9abb8862d5d546f681b303b2975093da"
link
<https://cdn.shopify.com>; rel="preconnect", <https://cdn.shopify.com>; rel="preconnect"; crossorigin
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
powered-by
Shopify
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=phSGmMfPl9g5k1me%2BkduBk%2BMF5DUcyNUEXIeYxa49%2B2lGl1M09ydY%2B11h8HF%2FVHYIEf3hgc0Kjj6XkILuu2o9uAmUi9s354rcB7dNEHiat7RU8hG6NwfmCGjqCZpdtrrZrAn2AGo9%2BsE6thp404d2Kjvgt%2BYfXe2lQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
processing;dur=19, db;dur=10, asn;desc="577", edge;desc="YYZ", country;desc="CA", theme;desc="139446452524", pageType;desc="index", servedBy;desc="dbxs", requestID;desc="3f3b7449-eb6b-4d70-90a3-c6485db0a0d4-1714837119" cfRequestDuration;dur=82.000017 ipv6
strict-transport-security
max-age=7889238
vary
Accept
x-cache
hit, server
x-content-type-options
nosniff
x-dc
gcp-northamerica-northeast2,gcp-us-central1,gcp-us-central1
x-download-options
noopen
x-frame-options
DENY
x-permitted-cross-domain-policies
none
x-request-id
3f3b7449-eb6b-4d70-90a3-c6485db0a0d4-1714837119
x-shardid
299
x-shopid
69030576428
x-sorting-hat-podid
299
x-sorting-hat-shopid
69030576428
x-storefront-renderer-rendered
1
x-xss-protection
1; mode=block

Redirect headers

Location
https://checkout.lululemonstudio.ca/
Non-Authoritative-Reason
HttpsUpgrades
global.js
checkout.lululemonstudio.ca/cdn/shop/t/1/assets/ 		26 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://checkout.lululemonstudio.ca/cdn/shop/t/1/assets/global.js?v=149496944046504657681670594042
Requested by
Host: checkout.lululemonstudio.ca
URL: https://checkout.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:127:f00f:e:: , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://checkout.lululemonstudio.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 15:38:39 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-dc
gcp-us-east1,gcp-us-central1
x-permitted-cross-domain-policies
none
server-timing
imagery;dur=105.716, imageryFetch;dur=58.017, cfRequestDuration;dur=50.999880, ipv6
alt-svc
h3=":443"; ma=86400
content-length
5920
x-xss-protection
1; mode=block
x-sorting-hat-shopid
69030576428
x-request-id
ed76bb0f-13a9-4286-8cd9-46b3ed888019-1714837111
last-modified
Sat, 04 May 2024 15:38:31 GMT
server
cloudflare
x-download-options
noopen
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WVZChVaVb4IJIU3zFZmd13ap92J64jsxmZeESHmg1NBLG9QZnTaoxFgDY3BpeiAndHJNE77lGx6pjV34gnVYoWMEilhxPGr6WIAVDODEucUzJlK0tdBnnyrn%2FwEXDNlusT7q%2BW0Q0JjX0ObKbm8EaZKbyJ7oHjDo7g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31557600
accept-ranges
bytes
cf-ray
87e9943ca9f2ab39-YYZ
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/0690/3057/6428/t/1/assets/global.js>; rel="canonical"
x-sorting-hat-podid
299
preloads.js
checkout.lululemonstudio.ca/checkouts/internal/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://checkout.lululemonstudio.ca/checkouts/internal/preloads.js?locale=en-CA
Requested by
Host: checkout.lululemonstudio.ca
URL: https://checkout.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:127:f00f:e:: , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=7889238
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://checkout.lululemonstudio.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 15:38:39 GMT
strict-transport-security
max-age=7889238
x-content-type-options
nosniff
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies
none
content-encoding
br
server-timing
cfRequestDuration;dur=105.999708, ipv6
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
server
cloudflare
x-download-options
noopen
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TRaHvSaQ22Uvw4WETyNi7LCQL3XkZgHE5iCpeqMu8mtGlpxncW48gjAB4NF41lOI4Y2TU04Das4ug5rLPeoQkRRNsLlUzsqZXam43WAhttkbSSRQOevrmzParNstZfNMjdIm106PeCYaSb%2FYz69BbKnU6lqXqGTq2A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; encoding=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate
timing-allow-origin
*
cf-ray
87e9943ca9f5ab39-YYZ
preloads.js
shop.app/checkouts/internal/ 		0
551 B 		Script
General
Check archive.org
Download Go to
Full URL
https://shop.app/checkouts/internal/preloads.js?locale=en-CA&shop_id=69030576428
Requested by
Host: checkout.lululemonstudio.ca
URL: https://checkout.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:127:f00f:ff00:: , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://checkout.lululemonstudio.ca/
Origin
https://checkout.lululemonstudio.ca
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 15:38:39 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0l2vDhPQ%2Fw%2FkOkRc91dyOYkkspiRy3HnSk%2FwSItYEMC9GBEbLhsXRvoBeD0UlH6rCmPxKY1Bj%2FP2j%2Fgu4AwaFESQvdKs1muVnL0ibvtXnLa3USW3sGkVo031McJ0wfCbCucfDCl0"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=60
server-timing
cfRequestDuration;dur=12.000084, ipv6
timing-allow-origin
*
cf-ray
87e9943fceefabb8-YYZ
content-length
0
alt-svc
h3=":443"; ma=86400
load_feature-9f951eb7d8d53973c719de211f807d63af81c644e5b9a6ae72661ac408d472f6.js
checkout.lululemonstudio.ca/cdn/shopifycloud/shopify/assets/storefront/ 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://checkout.lululemonstudio.ca/cdn/shopifycloud/shopify/assets/storefront/load_feature-9f951eb7d8d53973c719de211f807d63af81c644e5b9a6ae72661ac408d472f6.js
Requested by
Host: checkout.lululemonstudio.ca
URL: https://checkout.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:127:f00f:e:: , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://checkout.lululemonstudio.ca/
Origin
https://checkout.lululemonstudio.ca
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 15:38:39 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-east1
age
65442
x-permitted-cross-domain-policies
none
server-timing
imagery;dur=47.606, imageryFetch;dur=22.130, cfRequestDuration;dur=10.999918, ipv6
alt-svc
h3=":443"; ma=86400
content-length
3324
x-xss-protection
1; mode=block
x-request-id
6c408abd-3d9c-414b-9b8e-ca40a55a22d1-1714771676
last-modified
Fri, 03 May 2024 21:27:56 GMT
server
cloudflare
x-download-options
noopen
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oueijyISxdBro1xlVAUn2p%2F%2BjrKWP1GwH1Klk4ozsZfYVNgOvbFLriGjdFa%2Fcjt6%2FA53p%2FjT91QPtptatjxil6CfF1mFcwus8S57uIM7Xxvv59uQugQ9tCBASWLUgcz2lMXqdzCdpFWVd8OYC8qWjfv6%2Bsj70QT1KQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31556952, immutable
accept-ranges
bytes
cf-ray
87e9943dfad6ab39-YYZ
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/shopify/assets/storefront/load_feature-9f951eb7d8d53973c719de211f807d63af81c644e5b9a6ae72661ac408d472f6.js>; rel="canonical"
x-sorting-hat-podid
-1
scripts.js
checkout.lululemonstudio.ca/cdn/shop/t/1/compiled_assets/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://checkout.lululemonstudio.ca/cdn/shop/t/1/compiled_assets/scripts.js?102
Requested by
Host: checkout.lululemonstudio.ca
URL: https://checkout.lululemonstudio.ca/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2620:127:f00f:e:: , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://checkout.lululemonstudio.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 15:38:39 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-dc
gcp-us-east1,gcp-us-central1
x-permitted-cross-domain-policies
none
server-timing
imagery;dur=128.188, imageryFetch;dur=109.287, cfRequestDuration;dur=55.000067, ipv6
alt-svc
h3=":443"; ma=86400
content-length
1165
x-xss-protection
1; mode=block
x-sorting-hat-shopid
69030576428
x-request-id
e00311a4-d4e7-409f-b96e-2284d79ba962-1714837111
last-modified
Sat, 04 May 2024 15:38:31 GMT
server
cloudflare
x-download-options
noopen
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Hl5%2FAjI0WXXSV4Rassrm8yEakH4fzGzud3cvlYZSEAxyIKfqaB8%2FGx%2FKxStam5oGqQ6qokAFJCJeq8nwaRcNDba0WTsiLAK0%2F9KIy0rpMkkFov4io0NW%2FRHCBfzuVJvshp75v1WFEqeRa6uWOf5fB5Rnc41bfoy4Kw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31557600
accept-ranges
bytes
cf-ray
87e9943e9ff5a1f2-YYZ
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/0690/3057/6428/t/1/compiled_assets/scripts.js>; rel="canonical"
x-sorting-hat-podid
299
base.css
checkout.lululemonstudio.ca/cdn/shop/t/1/assets/ 		52 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://checkout.lululemonstudio.ca/cdn/shop/t/1/assets/base.css?v=88290808517547527771670594060
Requested by
Host: checkout.lululemonstudio.ca
URL: https://checkout.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:127:f00f:e:: , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://checkout.lululemonstudio.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 15:38:39 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-dc
gcp-us-central1,gcp-us-central1
x-permitted-cross-domain-policies
none
server-timing
imagery;dur=86.143, imageryFetch;dur=73.679, cfRequestDuration;dur=31.999826, ipv6
alt-svc
h3=":443"; ma=86400
content-length
8352
x-xss-protection
1; mode=block
x-sorting-hat-shopid
69030576428
x-request-id
bf6941c6-af7c-426f-ad4c-f0e4d639b65c-1714837111
last-modified
Sat, 04 May 2024 15:38:31 GMT
server
cloudflare
x-download-options
noopen
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0ogsllO0nZKC5NT0LZeGgzOWtJWYSgQoaN%2BcRbr51fK%2F%2Bot2MQ5n%2BUeRR2VZofBbuiprdTwOliGjUKbeR7QMPNuX6gTQ7Kz9C8rlalCwRMJauEqckwxbC9hunVQ%2FvyexYC9qtiBmHDedEhDfTzTZPK36nIJhX88eIA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31557600
accept-ranges
bytes
cf-ray
87e9943ca9f6ab39-YYZ
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/0690/3057/6428/t/1/assets/base.css>; rel="canonical"
x-sorting-hat-podid
299
assistant_n4.bcd3d09dcb631dec5544b8fb7b154ff234a44630.woff2
checkout.lululemonstudio.ca/cdn/fonts/assistant/ 		17 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://checkout.lululemonstudio.ca/cdn/fonts/assistant/assistant_n4.bcd3d09dcb631dec5544b8fb7b154ff234a44630.woff2?h1=bHVsdWxlbW9uLXN0dWRpby1jYW5hZGEtcHJvZHVjdGlvbi5hY2NvdW50Lm15c2hvcGlmeS5jb20&h2=Y2hlY2tvdXQubWlycm9yY2FuYWRhLmNvbQ&h3=Y2hlY2tvdXQubHVsdWxlbW9uc3R1ZGlvLmNh&hmac=6ba5889a5263d9138fcc77860c3080bf5a1a6fca328b2f1b6552899c0b797fb6
Requested by
Host: checkout.lululemonstudio.ca
URL: https://checkout.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:127:f00f:e:: , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://checkout.lululemonstudio.ca/
Origin
https://checkout.lululemonstudio.ca
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 15:38:39 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies
none
x-dc
gcp-us-central1,gcp-us-central1
age
65660
server-timing
imagery;dur=36.798, imageryFetch;dur=36.406, cfRequestDuration;dur=16.000032, ipv6, cfRequestDuration;dur=39.000034, ipv6
alt-svc
h3=":443"; ma=86400
content-length
17000
x-xss-protection
1; mode=block
x-request-id
693a96a5-cc6f-48fa-81d8-5c56f3ddcebe-1714771458
last-modified
Fri, 03 May 2024 21:24:18 GMT
server
cloudflare
x-download-options
noopen
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4Y8IB1qoCadH5Q%2Fo12wTatRvetJ6Z5SL5THapyNo%2FaZa6m6dX8rbyX8qEuV220C4%2F2iwHtjAoytjVq3yt%2FuyeD0oAemi00%2FMCgavN5n7JWn6%2BIOeOL%2FZ%2BN2Th%2BkM6xfvgEzmwV5eZMBVwKtk3COMi3y9IW700moBVg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=2629800, immutable
accept-ranges
bytes
cf-ray
87e9943ca9f7ab39-YYZ
timing-allow-origin
*
Primary Request /
www.lululemonstudio.ca/
Redirect Chain
  • https://mirrorcanada.com/
  • https://lululemonstudio.ca/
  • https://www.lululemonstudio.ca/
34 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.lululemonstudio.ca/
Requested by
Host: checkout.lululemonstudio.ca
URL: https://checkout.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:75b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b60265df790b0931fe9124aab39d3b657e554b806f6f04a8fbde19601731704f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
https://checkout.lululemonstudio.ca/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

age
17741
cf-cache-status
DYNAMIC
cf-ray
87e99443f9bcab00-YYZ
content-encoding
gzip
content-security-policy
default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
content-type
text/html
date
Sat, 04 May 2024 15:38:40 GMT
last-modified
Thu, 25 Apr 2024 17:14:42 GMT
permissions-policy
geolocation=(self)
referrer-policy
same-origin
server
cloudflare
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Accept-Encoding
via
1.1 60d690eb8aefecb50f44bbe348e3804a.cloudfront.net (CloudFront)
x-amz-cf-id
Ri3jqgucdRyposlkaeYv4r_jDDYqeGxyeTzMqr7385EGNUQQcLWeoA==
x-amz-cf-pop
YUL62-P2
x-cache
Hit from cloudfront
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block

Redirect headers

cache-control
max-age=3600
cf-ray
87e99442b8e1ab00-YYZ
content-length
167
content-type
text/html
date
Sat, 04 May 2024 15:38:40 GMT
expires
Sat, 04 May 2024 16:38:40 GMT
location
https://www.lululemonstudio.ca/
server
cloudflare
vary
Accept-Encoding
0970f143af1e3323.css
www.lululemonstudio.ca/_next/static/css/ 		118 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.lululemonstudio.ca/_next/static/css/0970f143af1e3323.css
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:75b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
04659a7aed58fabd452d5e2366b807334200dfb8ebe0e96772cc6693d1249154
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.lululemonstudio.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 15:38:40 GMT
via
1.1 b9608c5d714fa42feebf61497cac7bd4.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
cf-cache-status
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
YUL62-P2
age
5648
content-encoding
gzip
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 25 Apr 2024 17:14:41 GMT
server
cloudflare
etag
W/"ce68b1c2b590237a8f302b109dc30b62"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/css
cache-control
public, max-age=14400
permissions-policy
geolocation=(self)
cf-ray
87e99444fa6dab00-YYZ
x-amz-cf-id
uuIt3Nyvg6a966Hs5nBItbU9KzY8DckzHWfRO3lcHs_jllVC_HSS7A==
expires
Sat, 04 May 2024 19:38:40 GMT
webpack-fceaccc3a3cfb340.js
www.lululemonstudio.ca/_next/static/chunks/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.lululemonstudio.ca/_next/static/chunks/webpack-fceaccc3a3cfb340.js
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:75b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7c49145d8f516fcd695181edfba284494f1b35e751d9a07c2bab1a6f65a9e567
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.lululemonstudio.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 15:38:40 GMT
via
1.1 97a1bb4fb9aff82a97dbf758ce602258.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
cf-cache-status
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
YUL62-P2
age
5648
content-encoding
gzip
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 25 Apr 2024 17:14:41 GMT
server
cloudflare
etag
W/"6da28f7cda695bf5de293ffd2dd0255c"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/javascript
cache-control
public, max-age=14400
permissions-policy
geolocation=(self)
cf-ray
87e99444fa6eab00-YYZ
x-amz-cf-id
dMx-Ct0e8Z-Tm8lj5kM22lLzy_-urgRCSpLX1TrJ5KQJcsVGIQUCOg==
expires
Sat, 04 May 2024 19:38:40 GMT
framework-1f2116cc6e84ff0a.js
www.lululemonstudio.ca/_next/static/chunks/ 		138 KB
46 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.lululemonstudio.ca/_next/static/chunks/framework-1f2116cc6e84ff0a.js
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:75b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f971e914c5f85367f1290c947fcc45e1d0289aaed8c9f053ace1835996a2584b
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.lululemonstudio.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 15:38:40 GMT
via
1.1 e2bc53c67d7a4b6beae25c798d638b10.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
cf-cache-status
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
YUL62-P2
age
5648
content-encoding
gzip
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 25 Apr 2024 17:14:40 GMT
server
cloudflare
etag
W/"644a28122d6e2c0b1111269f2eb4b4b8"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/javascript
cache-control
public, max-age=14400
permissions-policy
geolocation=(self)
cf-ray
87e994451a81ab00-YYZ
x-amz-cf-id
B1n8kQtpPoufpts8kJrt-YKYJ2JxBC0XBWvjaPZXu3_RMPVx4Z10XA==
expires
Sat, 04 May 2024 19:38:40 GMT
main-a75f951d25e88ee6.js
www.lululemonstudio.ca/_next/static/chunks/ 		316 KB
96 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.lululemonstudio.ca/_next/static/chunks/main-a75f951d25e88ee6.js
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:75b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1cbf584b764b9d798d3618f3a092cedfd3c12a640e4233d1129da24674bda306
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.lululemonstudio.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 15:38:40 GMT
via
1.1 302bce0287d24df9c94be17a5fd67262.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
cf-cache-status
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
YUL62-P2
age
5648
content-encoding
gzip
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 25 Apr 2024 17:14:40 GMT
server
cloudflare
etag
W/"859b759e8943342ae78ea601f48b1ccd"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/javascript
cache-control
public, max-age=14400
permissions-policy
geolocation=(self)
cf-ray
87e994451a83ab00-YYZ
x-amz-cf-id
Z1LNOhpzjoe1ZSVlqbfpWalNdvRmbJRO3YVHwpIcisk90BB6dRxyvg==
expires
Sat, 04 May 2024 19:38:40 GMT
_app-ac8c47f938e8cf12.js
www.lululemonstudio.ca/_next/static/chunks/pages/ 		599 KB
147 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.lululemonstudio.ca/_next/static/chunks/pages/_app-ac8c47f938e8cf12.js
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:75b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ec7d43e514448a50475ea114b07035b6bfb8e626112db9a2296beb873ea10492
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.lululemonstudio.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 15:38:40 GMT
via
1.1 141b2a0bfdcf3225afbe04affb901120.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
cf-cache-status
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
YUL62-P2
age
5648
content-encoding
gzip
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 25 Apr 2024 17:14:40 GMT
server
cloudflare
etag
W/"796ade5d654d106b34b5c628f981a345"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/javascript
cache-control
public, max-age=14400
permissions-policy
geolocation=(self)
cf-ray
87e994451a84ab00-YYZ
x-amz-cf-id
MhUDPDgyPB3__N4bHIwAQdk27tgl64DNldiVX5oKEhQvt4kCsKnaCQ==
expires
Sat, 04 May 2024 19:38:40 GMT
1f803228-8055ddc314b2f460.js
www.lululemonstudio.ca/_next/static/chunks/ 		807 KB
226 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.lululemonstudio.ca/_next/static/chunks/1f803228-8055ddc314b2f460.js
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:75b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
16ff004c190366bb7eb1d508846eb8a0c2c13b49c9fffe8a01f215ce617f7f3c
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.lululemonstudio.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 15:38:40 GMT
via
1.1 275c32bc50366db37e8c3324dfc942a6.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
cf-cache-status
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
YUL62-P2
age
5648
content-encoding
gzip
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 25 Apr 2024 17:14:40 GMT
server
cloudflare
etag
W/"b7a13fc5a795acc3e686ac6c5b4782eb"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/javascript
cache-control
public, max-age=14400
permissions-policy
geolocation=(self)
cf-ray
87e994451a85ab00-YYZ
x-amz-cf-id
AQoMrOOQpvYCM37BsepgRXzY3D-ED_5Z43PwDP0Mu1WRVI1hwzHrEQ==
expires
Sat, 04 May 2024 19:38:40 GMT
795-33b4514f6f33b7fb.js
www.lululemonstudio.ca/_next/static/chunks/ 		326 KB
103 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.lululemonstudio.ca/_next/static/chunks/795-33b4514f6f33b7fb.js
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:75b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bf59fbc839be393148e301eb31970eefa393e95bc7c9745c04f07f6979c9f4c6
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.lululemonstudio.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 15:38:40 GMT
via
1.1 fb7b65b8cad8124239a4b25728a84288.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
cf-cache-status
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
YUL62-P2
age
5648
content-encoding
gzip
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 25 Apr 2024 17:14:40 GMT
server
cloudflare
etag
W/"e111648f77b8c31d5a95cdb3d3dc33c3"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/javascript
cache-control
public, max-age=14400
permissions-policy
geolocation=(self)
cf-ray
87e99445aaecab00-YYZ
x-amz-cf-id
AaF4VxmcSnrYkUXDe2vCjCZe8ucLUG5fscVOCFhhkVnGXwXIvTO9Vg==
expires
Sat, 04 May 2024 19:38:40 GMT
193-b5a4b41ec5cffe08.js
www.lululemonstudio.ca/_next/static/chunks/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.lululemonstudio.ca/_next/static/chunks/193-b5a4b41ec5cffe08.js
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:75b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4575dcb8875ca8339c98104a93c76910e92ff796cdf4c981969add0692c00afb
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.lululemonstudio.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 15:38:40 GMT
via
1.1 275c32bc50366db37e8c3324dfc942a6.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
cf-cache-status
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
YUL62-P2
age
5648
content-encoding
gzip
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 25 Apr 2024 17:14:40 GMT
server
cloudflare
etag
W/"1e3625610ede7b7671764651bb300bae"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/javascript
cache-control
public, max-age=14400
permissions-policy
geolocation=(self)
cf-ray
87e99445cb04ab00-YYZ
x-amz-cf-id
QFtSl1fHBs9UU1tzoxYL24pus5wVngkEFPf-mc6zGpCqWnuwYviKBQ==
expires
Sat, 04 May 2024 19:38:40 GMT
226-be8fda2ea1524e58.js
www.lululemonstudio.ca/_next/static/chunks/ 		159 KB
48 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.lululemonstudio.ca/_next/static/chunks/226-be8fda2ea1524e58.js
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:75b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b3a8c929ac8c59664cffbd61440d2b4b3e5c0e36a993fbe7c369020de06fd288
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.lululemonstudio.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 15:38:40 GMT
via
1.1 fb7b65b8cad8124239a4b25728a84288.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
cf-cache-status
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
YUL62-P2
age
5648
content-encoding
gzip
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 25 Apr 2024 17:14:40 GMT
server
cloudflare
etag
W/"0a1db2163ea9aa60d4fbc512d21259a8"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/javascript
cache-control
public, max-age=14400
permissions-policy
geolocation=(self)
cf-ray
87e994463b57ab00-YYZ
x-amz-cf-id
SLVZW9QpmCe8FUoxskoR56Yaxlyk6lkvq40wPekwcx3P0Jxjk6254A==
expires
Sat, 04 May 2024 19:38:40 GMT
106-d6ad48a8566b8d90.js
www.lululemonstudio.ca/_next/static/chunks/ 		103 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.lululemonstudio.ca/_next/static/chunks/106-d6ad48a8566b8d90.js
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:75b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
24e30cf2d40cc2c5491d52c13154e7e0a505a5ae6e3e21977ed16e024d4542bd
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.lululemonstudio.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 15:38:41 GMT
via
1.1 4afe58622c53f3abab57af35bd692fb4.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
cf-cache-status
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
YUL62-P2
age
5649
content-encoding
gzip
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 25 Apr 2024 17:14:40 GMT
server
cloudflare
etag
W/"e92702c7df5c16d939693b84dc3ba000"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/javascript
cache-control
public, max-age=14400
permissions-policy
geolocation=(self)
cf-ray
87e99446abc3ab00-YYZ
x-amz-cf-id
oJ7LqkRX3uXon9qpuwTNJurCLGip3i1I96lGWdqms0fF1yJqDwzGYQ==
expires
Sat, 04 May 2024 19:38:41 GMT
343-8413fbced20b659e.js
www.lululemonstudio.ca/_next/static/chunks/ 		148 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.lululemonstudio.ca/_next/static/chunks/343-8413fbced20b659e.js
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:75b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f7337c461409c9b6fe752936376d9f779dc3969777c35254585142fa6f7cd994
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.lululemonstudio.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 15:38:41 GMT
via
1.1 73b649084fd37ee574892f300f5199ec.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
cf-cache-status
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
YUL62-P2
age
5649
content-encoding
gzip
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 25 Apr 2024 17:14:40 GMT
server
cloudflare
etag
W/"0259078a864f08c6df54cff1484a9a13"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/javascript
cache-control
public, max-age=14400
permissions-policy
geolocation=(self)
cf-ray
87e994470bffab00-YYZ
x-amz-cf-id
Va4aZXXXbdRFAHToLmsneWauau3I287zlo2WuN040sTHoMVs1nLZSg==
expires
Sat, 04 May 2024 19:38:41 GMT
758-9e88cc8cfcb4e906.js
www.lululemonstudio.ca/_next/static/chunks/ 		513 KB
116 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.lululemonstudio.ca/_next/static/chunks/758-9e88cc8cfcb4e906.js
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:75b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a6469c35e86aa2a57efb2d2f5e0ca4173f73028c5fc78b6faa2a24642498302c
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.lululemonstudio.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 15:38:41 GMT
via
1.1 24c2a7b3c7e677d544aa5e2a7eb85b4e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
cf-cache-status
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
YUL62-P2
age
5649
content-encoding
gzip
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 25 Apr 2024 17:14:40 GMT
server
cloudflare
etag
W/"348c78da2ecacd7024a05d715a036608"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/javascript
cache-control
public, max-age=14400
permissions-policy
geolocation=(self)
cf-ray
87e994471c0fab00-YYZ
x-amz-cf-id
tDR-UxC-FBZKnBi4q54joHISiFsoCMKTpcP6YtMSQrdSxcNxODyVSQ==
expires
Sat, 04 May 2024 19:38:41 GMT
index-3f5dc568d591881f.js
www.lululemonstudio.ca/_next/static/chunks/pages/ 		900 B
814 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.lululemonstudio.ca/_next/static/chunks/pages/index-3f5dc568d591881f.js
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:75b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
579036ffb483c560da315f3ef7e63ad43c7ef5dedb1cd95e47fe78ca0fe21ef1
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.lululemonstudio.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 15:38:41 GMT
via
1.1 bccdd9eb44a87c0c46b5374545a79a04.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
cf-cache-status
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
YUL62-P2
age
5649
content-encoding
gzip
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 25 Apr 2024 17:14:41 GMT
server
cloudflare
etag
W/"670134d141e2605c4042e62ccebb6ac0"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/javascript
cache-control
public, max-age=14400
permissions-policy
geolocation=(self)
cf-ray
87e994471c17ab00-YYZ
x-amz-cf-id
zLuJW13e8XzjnVBiPe23wgUillp4W7bLj5_wTRhZE6Vdtte4gdXg_w==
expires
Sat, 04 May 2024 19:38:41 GMT
_buildManifest.js
www.lululemonstudio.ca/_next/static/uu70LS7Ef5hHlEQTkdvWR/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.lululemonstudio.ca/_next/static/uu70LS7Ef5hHlEQTkdvWR/_buildManifest.js
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:75b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9c078419ef95c9457c01d7d8f53a600d3682538a54fd86a9dfbeef9d3658c486
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.lululemonstudio.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 15:38:41 GMT
via
1.1 275c32bc50366db37e8c3324dfc942a6.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
cf-cache-status
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
YUL62-P2
age
5649
content-encoding
gzip
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 25 Apr 2024 17:14:41 GMT
server
cloudflare
etag
W/"1ed4bde421d678a8ed284e68798d87b1"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/javascript
cache-control
public, max-age=14400
permissions-policy
geolocation=(self)
cf-ray
87e994471c19ab00-YYZ
x-amz-cf-id
bksdP9wR1o7UP_juJjyvX0pgTkDPtGH77teMxelRvBP9NneoIQYMOA==
expires
Sat, 04 May 2024 19:38:41 GMT
_ssgManifest.js
www.lululemonstudio.ca/_next/static/uu70LS7Ef5hHlEQTkdvWR/ 		422 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.lululemonstudio.ca/_next/static/uu70LS7Ef5hHlEQTkdvWR/_ssgManifest.js
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:75b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
80e325718f3ed0f6bfe1bd0a2a5a99d23d71a9da41931b71cc6ba5bdb0f1c0bf
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.lululemonstudio.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 15:38:41 GMT
via
1.1 412b0215b557780a6efcc1651037dc90.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
cf-cache-status
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
YTO50-P1
age
5649
content-encoding
gzip
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 25 Apr 2024 17:14:41 GMT
server
cloudflare
etag
W/"b07fa05f3a864de4dd5c4fec69007269"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/javascript
cache-control
public, max-age=14400
permissions-policy
geolocation=(self)
cf-ray
87e994472c28ab00-YYZ
x-amz-cf-id
wsqrpwFLaElGT0Oqk99GtzfuPaJn_72mVGMjBs-yz9e3P6hBVdh3iw==
expires
Sat, 04 May 2024 19:38:41 GMT
A1455831-7b56-45b2-abf0-b30550f6c0de1.js
d.impactradius-event.com/ 		39 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d.impactradius-event.com/A1455831-7b56-45b2-abf0-b30550f6c0de1.js
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.249.72 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
72.249.186.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
4338750fa2f43cdf25347ae756edeedcafd30b143c02e34ec85c59a9d9571621

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 15:38:41 GMT
content-encoding
gzip
age
0
x-guploader-uploadid
ABPtcPrWKn0stK5H_PZ3H0r96GO3dD5Q3u06OLWzth6Y7tjwk0wL3GVhETe0uwh0TKENsHmzOag
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15802
last-modified
Fri, 22 Mar 2024 16:27:14 GMT
server
UploadServer
etag
"3eba4bfc9ae9a373b383a27aaf5bd4e4"
vary
Accept-Encoding
x-goog-generation
1711124834014055
x-goog-hash
crc32c=qKy1uA==, md5=PrpL/Jrpo3Ozg6J6r1vU5A==
access-control-allow-origin
*
content-type
text/javascript; charset=utf-8
cache-control
public,max-age=900,s-maxage=300
x-goog-stored-content-length
15802
accept-ranges
bytes
expires
Sat, 04 May 2024 15:43:41 GMT
affirm.js
cdn1.affirm.ca/js/v2/ 		653 KB
149 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn1.affirm.ca/js/v2/affirm.js
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.159.140.33 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
014a2eee6f690770e561bd55c527701d2130db7765c42c08ddb1f511197ed4e4
Security Headers
Name Value
Strict-Transport-Security max-age=31557600; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 15:38:41 GMT
strict-transport-security
max-age=31557600; includeSubDomains
content-encoding
br
cf-cache-status
HIT
age
689
x-envoy-upstream-service-time
366
x-affirm-cache-status
STALE
x-affirm-request-id
e06516bd-fa58-4d9e-cd75-60bfbedcbc24
last-modified
Thu, 02 May 2024 21:13:20 GMT
server
cloudflare
etag
W/"6c8fd654ea75974859befa9afbf70208"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=14400
timing-allow-origin
*
link
<https://cdn1.affirm.ca>; rel=preconnect; crossorigin, <https://cdn1.affirm.ca>; rel=preconnect, <https://cdn-assets.affirm.com>; rel=preconnect; crossorigin, <https://cdn-assets.affirm.com>; rel=preconnect, <https://cdnjs.cloudflare.com>; rel=preconnect; crossorigin, <https://cdnjs.cloudflare.com>; rel=preconnect
cf-ray
87e99446cfdbab12-YYZ
expires
Sat, 04 May 2024 19:38:41 GMT
/
o251128.ingest.sentry.io/api/4504572996419584/envelope/ 		2 B
308 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://o251128.ingest.sentry.io/api/4504572996419584/envelope/?sentry_key=98b0f0c98b27437e9b0118e221e2f539&sentry_version=7&sentry_client=sentry.javascript.nextjs%2F7.34.0
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/_next/static/chunks/main-a75f951d25e88ee6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
249.195.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://www.lululemonstudio.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Sat, 04 May 2024 15:38:41 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 google
server
nginx
vary
origin,access-control-request-method,access-control-request-headers
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
x-sentry-error,x-sentry-rate-limits,retry-after
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
v3
js.stripe.com/ 		603 KB
148 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/_next/static/chunks/pages/_app-ac8c47f938e8cf12.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.214.17 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-214-17.phl50.r.cloudfront.net
Software
Cloudfront /
Resource Hash
8ef02e291be1f7804ae4dd3c30e6395a5fd555b1e07f145f415cdf0075028d18
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 15:38:40 GMT
content-encoding
br
via
1.1 53e905605490f05641e5a7bb370e4b1a.cloudfront.net (CloudFront)
strict-transport-security
max-age=31556926; includeSubDomains; preload
x-content-type-options
nosniff
age
1
x-amz-cf-pop
PHL50-C1
x-cache
Hit from cloudfront
last-modified
Sat, 04 May 2024 04:29:46 GMT
server
Cloudfront
etag
W/"2692eab1e562bacee19ab5e8f3b0b448"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=60
timing-allow-origin
*
x-amz-cf-id
RKycIZFyqIXuNoEfZRwp9oKklb_I0qqJk20jWqXzsiDForxJdZB0TA==
integrations
cdn.segment.com/v1/projects/yak13J4DdLsAf2uEvYFgQi0CTMTvN1KJ/ 		3 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/v1/projects/yak13J4DdLsAf2uEvYFgQi0CTMTvN1KJ/integrations
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/_next/static/chunks/main-a75f951d25e88ee6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.207.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-207-4.phl50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7caf52de3e6fc20e8cdb4d10dd28cd6f0befc91c5f17513b576235cc34afdecc

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
yTEpTlrQfrQphyAH_GaapSsEHTyxarJK
content-encoding
br
via
1.1 9a4c760031a0dcc526cc9dcd0d0940ea.cloudfront.net (CloudFront)
date
Sat, 04 May 2024 13:20:21 GMT
x-amz-cf-pop
PHL50-C1
age
8301
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Thu, 04 Jan 2024 18:27:02 GMT
server
AmazonS3
etag
W/"6adbef88cb33ee221bb55009e150f488"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=10800
vary
Accept-Encoding
x-amz-cf-id
u327yyArS9fn9gM4Aa5NgBCvZtXGE96MjXSg50Z2Khv9aqOZDtWaXg==
touch_track
api-cf.affirm.ca/api/v2/session/ 		46 B
777 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api-cf.affirm.ca/api/v2/session/touch_track
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/_next/static/chunks/main-a75f951d25e88ee6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.159.140.33 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0379b3a49b2c830f23e2304fd22e616b08cc4a94c731779e098902ced1972f97
Security Headers
Name Value
Strict-Transport-Security max-age=31557600; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 15:38:41 GMT
strict-transport-security
max-age=31557600; includeSubDomains
content-encoding
br
cf-cache-status
DYNAMIC
affirm-axp-override
x-envoy-upstream-service-time
19
x-affirm-cache-status
MISS
x-affirm-request-id
6633e9d1-1e44-4d48-cdc7-8fc2df29ce89
server
cloudflare
access-control-max-age
86400
vary
Accept-Encoding,Origin, Cookie
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
https://www.lululemonstudio.ca
content-type
application/json
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
affirm-chameleon-profile-id
cf-ray
87e99448d998ab12-YYZ
access-control-allow-headers
Accept, Content-Type, X-Requested-With
cookie_sent
www.affirm.ca/api/v2/ 		22 B
401 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.affirm.ca/api/v2/cookie_sent
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/_next/static/chunks/main-a75f951d25e88ee6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.159.140.33 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
924aebf24af414b12986f4af470b2ac7b61d765897f9e222c0af15805de9ae40
Security Headers
Name Value
Strict-Transport-Security max-age=31557600; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept
application/json
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 15:38:41 GMT
strict-transport-security
max-age=31557600; includeSubDomains
content-encoding
br
cf-cache-status
EXPIRED
affirm-axp-override
x-envoy-upstream-service-time
6
x-affirm-cache-status
MISS
x-affirm-request-id
0b390bc2-f02f-4f97-cf96-825a8af98b8a
last-modified
Sat, 04 May 2024 14:12:54 GMT
server
cloudflare
vary
Accept-Encoding,cookie, Origin,Origin
access-control-allow-methods
GET, OPTIONS
content-type
application/json
access-control-allow-origin
https://www.lululemonstudio.ca
cache-control
max-age=3600
access-control-allow-credentials
true
access-control-max-age
86400
affirm-chameleon-profile-id
cf-ray
87e99448e99dab12-YYZ
access-control-allow-headers
Accept, Content-Type, X-Requested-With
Calibre-Regular.woff2
www.lululemonstudio.ca/fonts/ 		20 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.lululemonstudio.ca/fonts/Calibre-Regular.woff2
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/_next/static/css/0970f143af1e3323.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:75b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
67cf74fc128846917976d821404b0d9c797977bdd493ba6b0f671700ec1288e7
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.lululemonstudio.ca/_next/static/css/0970f143af1e3323.css
Origin
https://www.lululemonstudio.ca
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 15:38:41 GMT
via
1.1 39bd4dd36d89ac693c6b532053af59d6.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
cf-cache-status
REVALIDATED
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
YUL62-P2
x-cache
Hit from cloudfront
content-length
20968
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 25 Apr 2024 17:14:42 GMT
server
cloudflare
etag
"1515d79ba1be4b3a7941247503938731"
vary
Accept-Encoding
x-frame-options
DENY
content-type
font/woff2
cache-control
public, max-age=14400
permissions-policy
geolocation=(self)
accept-ranges
bytes
cf-ray
87e994491d76ab00-YYZ
x-amz-cf-id
l_vVHCT6tqv0WKnMI3y4FU62lbSDTrZzowvExcBLcYJqtwPXIEQgUQ==
expires
Sat, 04 May 2024 19:38:41 GMT
cookie_sent
www.affirm.ca/api/v2/ 		22 B
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.affirm.ca/api/v2/cookie_sent
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/_next/static/chunks/main-a75f951d25e88ee6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.159.140.33 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
924aebf24af414b12986f4af470b2ac7b61d765897f9e222c0af15805de9ae40

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept
application/json
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 15:38:41 GMT
content-encoding
br
cf-cache-status
EXPIRED
affirm-axp-override
x-envoy-upstream-service-time
6
x-affirm-cache-status
MISS
x-affirm-request-id
0b390bc2-f02f-4f97-cf96-825a8af98b8a
last-modified
Sat, 04 May 2024 14:12:54 GMT
server
cloudflare
vary
Accept-Encoding,cookie, Origin,Origin
access-control-allow-methods
GET, OPTIONS
content-type
application/json
access-control-allow-origin
https://www.lululemonstudio.ca
cache-control
max-age=3600
access-control-allow-credentials
true
access-control-max-age
86400
affirm-chameleon-profile-id
cf-ray
87e99448e99dab12-YYZ
access-control-allow-headers
Accept, Content-Type, X-Requested-With
controller-with-preconnect-ba24daed42a54a44a0fcb76cc1282352.html
js.stripe.com/v3/ Frame 5BE2 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/controller-with-preconnect-ba24daed42a54a44a0fcb76cc1282352.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.214.62 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-214-62.phl50.r.cloudfront.net
Software
Cloudfront /
Resource Hash
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
46
cache-control
max-age=60, stale-while-revalidate=900
content-length
391
content-security-policy
base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Sat, 04 May 2024 15:38:33 GMT
etag
"ba24daed42a54a44a0fcb76cc1282352"
last-modified
Sat, 04 May 2024 03:50:32 GMT
server
Cloudfront
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 4f7671bb51952e26d4af9f468d98bc84.cloudfront.net (CloudFront)
x-amz-cf-id
1qxpPk08BHODUMzbCNLdhzwvouzGOLYfJApDY7gGdBHB0rYJEkD4Lg==
x-amz-cf-pop
PHL50-C1
x-cache
Hit from cloudfront
x-content-type-options
nosniff
analytics.min.js
cdn.segment.com/analytics.js/v1/yak13J4DdLsAf2uEvYFgQi0CTMTvN1KJ/ 		103 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics.js/v1/yak13J4DdLsAf2uEvYFgQi0CTMTvN1KJ/analytics.min.js
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.207.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-207-4.phl50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f44f88e172fec8c783a0bf8c8b909321388bb984b9f8e45adcd4b2937f01a2fb

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
YMXqc4826xFmsM.ffy3T0IDA6CJypgvz
content-encoding
br
via
1.1 5c70ae1eac1857f85c7660495d949094.cloudfront.net (CloudFront)
date
Sat, 04 May 2024 15:38:43 GMT
x-amz-cf-pop
PHL50-C1
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Thu, 25 Apr 2024 17:21:51 GMT
server
AmazonS3
etag
W/"4b02fa7ac9bad077bef97dc5aa59a5f1"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=120
vary
Accept-Encoding
x-amz-cf-id
RyP752zsv9COU6wMHfjh7veFOVNSECO4Hj00xh3Eq9YqoLxFZFiOnQ==
graphql
checkout.lululemonstudio.ca/api/2022-10/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://checkout.lululemonstudio.ca/api/2022-10/graphql
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2620:127:f00f:e:: , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-sdk-variant,x-sdk-version,x-shopify-storefront-access-token
Access-Control-Request-Method
POST
Origin
https://www.lululemonstudio.ca
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Authorization, Content-Type, X-SDK-Variant, X-SDK-Variant-Source, X-SDK-Version, X-Shopify-Storefront-Access-Token, Shopify-Storefront-Private-Token, Shopify-Storefront-Buyer-IP, Shopify-Storefront-Id, Shopify-Storefront-S, Shopify-Storefront-Y, Shopify-Storefront-Extension-Token, Custom-Storefront-Request-Group-ID, shopify-core-canary
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-max-age
86400
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
87e9944dbb3dac5d-YYZ
content-encoding
br
content-security-policy
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
content-type
text/html; charset=utf-8
date
Sat, 04 May 2024 15:38:42 GMT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
powered-by
Shopify
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LfM4tRwcikNxxA3z8IEpjzvdMqAVr%2B3dlWgYSQ%2F8UJEqaN1Th5FCp1gwlx6UeGyLKffs5M0GuEuGWygFj%2BOIUEltJc6dMvuvm2DSGnBbyFcHimyF4WxsAqueq83lzR31EFqOYNO%2BhfYNXCGh7cP0dI93n23tbh%2FDCw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
processing;dur=5, db;dur=1, asn;desc="577", edge;desc="YYZ", country;desc="CA", servedBy;desc="75m2", requestID;desc="20883f72-c108-4881-8add-9a02a34e7faa-1714837122" cfRequestDuration;dur=64.000130 ipv6
vary
Accept-Encoding Accept
x-content-type-options
nosniff
x-dc
gcp-northamerica-northeast2,gcp-us-central1,gcp-us-central1
x-download-options
noopen
x-frame-options
DENY
x-permitted-cross-domain-policies
none
x-request-id
20883f72-c108-4881-8add-9a02a34e7faa-1714837122
x-shardid
299
x-shopid
69030576428
x-sorting-hat-podid
299
x-sorting-hat-shopid
69030576428
x-storefront-renderer-rendered
1
x-xss-protection
1; mode=block
graphql
checkout.lululemonstudio.ca/api/2022-10/ 		1 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://checkout.lululemonstudio.ca/api/2022-10/graphql
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/_next/static/chunks/main-a75f951d25e88ee6.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2620:127:f00f:e:: , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ffc787e178bb8cb0508318500fdae3a034ce8c953a9823e5d6bba5d70b34725b
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
X-SDK-Version
2.17.1
Accept-Language
*
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
X-SDK-Variant
javascript
Content-Type
application/json
Accept
application/json
X-Shopify-Storefront-Access-Token
a793ef718fe256e2f8ec70b56cbb9f92
Referer
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 15:38:42 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
x-content-type-options
nosniff
x-shopify-api-version
2023-07
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-northamerica-northeast2,gcp-us-central1,gcp-us-central1
content-encoding
br
x-permitted-cross-domain-policies
none
x-shopify-api-deprecated-reason
https://shopify.dev/api/usage/versioning#deprecation-practices
server-timing
processing;dur=186;desc="gc:2", db;dur=6, fetch;dur=139, asn;desc="577", edge;desc="YYZ", country;desc="CA", servedBy;desc="pn72", graphql;desc="storefront/mutation/other", gqlSelectionNames;desc="sfr/checkoutCreate", requestID;desc="173cc94d-bcf5-4435-beed-c79f8715047f-1714837122", cfRequestDuration;dur=236.999989, ipv6
powered-by
Shopify
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-sorting-hat-shopid
69030576428
x-request-id
173cc94d-bcf5-4435-beed-c79f8715047f-1714837122
x-shardid
299
x-storefront-renderer-rendered
1
server
cloudflare
x-shopid
69030576428
vary
Accept-Encoding, Accept
x-frame-options
DENY
content-type
application/json; charset=utf-8
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=69SuB4qAa7t2KYF%2Fv8gjFhR7hnxCe20GpFPyuLgHOr2wpwRWsVTLFY57kAvjnQzSUOOsQsBKYc38ukYpWN%2FNtOlRkTiva9eqXPHdPNPS%2Bwk54ka0S9raOe6WWqykQU5gtjg64kQiQutzF79DxJ6hqo7sjt4bYjfewQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-language
en
x-download-options
noopen
cf-ray
87e9944ebc4bac5d-YYZ
x-sorting-hat-podid
299
graphql
checkout.lululemonstudio.ca/api/2022-10/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://checkout.lululemonstudio.ca/api/2022-10/graphql
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2620:127:f00f:e:: , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-sdk-variant,x-sdk-version,x-shopify-storefront-access-token
Access-Control-Request-Method
POST
Origin
https://www.lululemonstudio.ca
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Authorization, Content-Type, X-SDK-Variant, X-SDK-Variant-Source, X-SDK-Version, X-Shopify-Storefront-Access-Token, Shopify-Storefront-Private-Token, Shopify-Storefront-Buyer-IP, Shopify-Storefront-Id, Shopify-Storefront-S, Shopify-Storefront-Y, Shopify-Storefront-Extension-Token, Custom-Storefront-Request-Group-ID, shopify-core-canary
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-max-age
86400
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
87e9944dbb47ac5d-YYZ
content-encoding
br
content-security-policy
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
content-type
text/html; charset=utf-8
date
Sat, 04 May 2024 15:38:42 GMT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
powered-by
Shopify
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uQNol11WSsRR6HwUgd1PIoPtoQ7ZRgVS4DoYsGGkAVKgs6XMrETFavgcY29iIjeLAYVrgWHkAIgpwsG81hfSsfn937hXZPP%2FnfiBEPLOB1%2B%2FJ%2B47Yb783uhY1dzSN5CWKiy7PpGVBJ0fX7fcCJh8Lcg7m1XVRNKpfw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
processing;dur=6, db;dur=3, asn;desc="577", edge;desc="YYZ", country;desc="CA", servedBy;desc="szhr", requestID;desc="1b7b6a73-bd5a-4495-b005-9f812604648d-1714837122" cfRequestDuration;dur=72.000027 ipv6
vary
Accept-Encoding Accept
x-content-type-options
nosniff
x-dc
gcp-northamerica-northeast2,gcp-us-central1,gcp-us-central1
x-download-options
noopen
x-frame-options
DENY
x-permitted-cross-domain-policies
none
x-request-id
1b7b6a73-bd5a-4495-b005-9f812604648d-1714837122
x-shardid
299
x-shopid
69030576428
x-sorting-hat-podid
299
x-sorting-hat-shopid
69030576428
x-storefront-renderer-rendered
1
x-xss-protection
1; mode=block
plus_white.svg
www.lululemonstudio.ca/images/ 		269 B
437 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.lululemonstudio.ca/images/plus_white.svg
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:75b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
da4ab6947ea5b44c0677dc7973feedc565729d8a80ebd71449afab8f2caafbd0
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.lululemonstudio.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 15:38:41 GMT
via
1.1 97a1bb4fb9aff82a97dbf758ce602258.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
cf-cache-status
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
YUL62-P2
age
5649
content-encoding
gzip
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 25 Apr 2024 17:14:42 GMT
server
cloudflare
etag
W/"06609ddaef0d0f85e717644dd108c79a"
vary
Accept-Encoding
x-frame-options
DENY
content-type
image/svg+xml
cache-control
public, max-age=14400
permissions-policy
geolocation=(self)
cf-ray
87e9944c0f95ab00-YYZ
x-amz-cf-id
1WUKcpwAI2-vXosXXfKe3sEk0PV9iHRfggX_53QH7BrDumxJgxjcEg==
expires
Sat, 04 May 2024 19:38:41 GMT
Calibre-Medium.woff2
www.lululemonstudio.ca/fonts/ 		19 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.lululemonstudio.ca/fonts/Calibre-Medium.woff2
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/_next/static/css/0970f143af1e3323.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:75b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e9d248e116f7d511201f0389e6ac80c7fb7dc61e7344df9c624d4322430ccb95
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.lululemonstudio.ca/_next/static/css/0970f143af1e3323.css
Origin
https://www.lululemonstudio.ca
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 15:38:42 GMT
via
1.1 212f3832d7f59d71fd3926166fcc89ae.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
cf-cache-status
REVALIDATED
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
YUL62-P2
x-cache
Hit from cloudfront
content-length
19496
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 25 Apr 2024 17:14:42 GMT
server
cloudflare
etag
"3c36b32862a6bb076c2920bf5f8cd729"
vary
Accept-Encoding
x-frame-options
DENY
content-type
font/woff2
cache-control
public, max-age=14400
permissions-policy
geolocation=(self)
accept-ranges
bytes
cf-ray
87e9944c2fb5ab00-YYZ
x-amz-cf-id
KunXM-z_zzEhjz83_fL75ko6hmHyw0wE3a6hX4nbHAjLBlRCp9UREQ==
expires
Sat, 04 May 2024 19:38:42 GMT
Calibre-Semibold.woff2
www.lululemonstudio.ca/fonts/ 		21 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.lululemonstudio.ca/fonts/Calibre-Semibold.woff2
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/_next/static/css/0970f143af1e3323.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:75b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9cbf292d35cc8fb17c91e3876798f3ae889146c8ae148e41a94a9fa38a5d98a5
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.lululemonstudio.ca/_next/static/css/0970f143af1e3323.css
Origin
https://www.lululemonstudio.ca
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 15:38:41 GMT
via
1.1 d64e73a7e708de06492b99c7e55873b6.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
cf-cache-status
REVALIDATED
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
YUL62-P2
x-cache
Hit from cloudfront
content-length
21468
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 25 Apr 2024 17:14:42 GMT
server
cloudflare
etag
"5a1ba231826789b4b88f890c2a5bfa45"
x-frame-options
DENY
vary
Accept-Encoding
content-type
font/woff2
cache-control
public, max-age=14400
permissions-policy
geolocation=(self)
accept-ranges
bytes
cf-ray
87e9944c2fb7ab00-YYZ
x-amz-cf-id
YROQUFTfnm-SCkmv90S1YDHmmKR70w0_1-OR5LDG_q_lVnz8KyHKAQ==
expires
Sat, 04 May 2024 19:38:41 GMT
graphql
checkout.lululemonstudio.ca/api/2022-10/ 		1 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://checkout.lululemonstudio.ca/api/2022-10/graphql
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/_next/static/chunks/main-a75f951d25e88ee6.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2620:127:f00f:e:: , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
86ec21856d128256e3115601a31e2350c6115885b23bafab415400df74c5889e
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
X-SDK-Version
2.17.1
Accept-Language
*
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
X-SDK-Variant
javascript
Content-Type
application/json
Accept
application/json
X-Shopify-Storefront-Access-Token
a793ef718fe256e2f8ec70b56cbb9f92
Referer
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 15:38:42 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
x-content-type-options
nosniff
x-shopify-api-version
2023-07
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-northamerica-northeast2,gcp-us-central1,gcp-us-central1
content-encoding
br
x-permitted-cross-domain-policies
none
x-shopify-api-deprecated-reason
https://shopify.dev/api/usage/versioning#deprecation-practices
server-timing
processing;dur=185, db;dur=4, fetch;dur=158, asn;desc="577", edge;desc="YYZ", country;desc="CA", servedBy;desc="ltpr", graphql;desc="storefront/mutation/other", gqlSelectionNames;desc="sfr/checkoutCreate", requestID;desc="b486b505-5f88-44c2-ae5f-925798fb288c-1714837122", cfRequestDuration;dur=231.000185, ipv6
powered-by
Shopify
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-sorting-hat-shopid
69030576428
x-request-id
b486b505-5f88-44c2-ae5f-925798fb288c-1714837122
x-shardid
299
x-storefront-renderer-rendered
1
server
cloudflare
x-shopid
69030576428
vary
Accept-Encoding, Accept
x-frame-options
DENY
content-type
application/json; charset=utf-8
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uzMNIwGY8Dx%2FPXPuziK05RhNQB872EdCh%2BLd%2BDd%2F5oUdLHilsbiItio0BiZLGQHlIYrm5VVJT5HN0LG5%2BRZ074YWYvYy66gRJQIsu4SBQASh96FiKK9ZNBSQ2eS8XqOisatuHFlxrHpXi2NiablvzsONDxrRIjE05A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-language
en
x-download-options
noopen
cf-ray
87e9944ecc59ac5d-YYZ
x-sorting-hat-podid
299
lululemonStudio_YogoStudio_Primary_White_2.svg
res.cloudinary.com/themirror/image/upload/v1661441564/ecomm-cms-assets/production/icons/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://res.cloudinary.com/themirror/image/upload/v1661441564/ecomm-cms-assets/production/icons/lululemonStudio_YogoStudio_Primary_White_2.svg
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:a741 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
05dae9f297cc19f31afe3b53098189e62607770e6558501ccf58a96b1a77ff6f
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 15:38:42 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=604800
content-disposition
attachment; filename="lululemonStudio_YogoStudio_Primary_White_2.svg"
server-timing
cld-cloudflare;dur=21;start=2024-05-04T15:38:42.316Z;desc=hit,rtt;dur=2,content-info;desc="width=286,height=72,owidth=286,oheight=72,obytes=2416;"
content-length
1134
last-modified
Thu, 25 Aug 2022 15:32:47 GMT
server
cloudflare
etag
W/"11e7fdff38b60efa7dca88e9ae75dcbe"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Disposition,ETag,Server-Timing,Vary,x-content-type-options
cache-control
public, no-transform, immutable, max-age=2592000
accept-ranges
bytes
cf-ray
87e9944e6be6ab81-YYZ
timing-allow-origin
*
lululemonStudio_YogoStudio_Primary_Black_2.svg
res.cloudinary.com/themirror/image/upload/v1661441564/ecomm-cms-assets/production/icons/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://res.cloudinary.com/themirror/image/upload/v1661441564/ecomm-cms-assets/production/icons/lululemonStudio_YogoStudio_Primary_Black_2.svg
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:a741 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d006f4b0cfa518771c8110427114b1810398480b52889c7da5077a38c632a55b
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 15:38:42 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=604800
content-disposition
attachment; filename="lululemonStudio_YogoStudio_Primary_Black_2.svg"
server-timing
cld-cloudflare;dur=23;start=2024-05-04T15:38:42.318Z;desc=hit,rtt;dur=2,content-info;desc="width=286,height=72,owidth=286,oheight=72,obytes=2313;"
content-length
1082
last-modified
Thu, 25 Aug 2022 15:32:47 GMT
server
cloudflare
etag
W/"63eb78c0f444d5f8b90f3c41b6d67fef"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Disposition,ETag,Server-Timing,Vary,x-content-type-options
cache-control
public, no-transform, immutable, max-age=2592000
accept-ranges
bytes
cf-ray
87e9944e6be8ab81-YYZ
timing-allow-origin
*
landing-page-desktop.jpg
res.cloudinary.com/themirror/w_1440,c_scale,f_auto,q_auto/ecomm-cms-assets/production/heros/ 		41 KB
41 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://res.cloudinary.com/themirror/w_1440,c_scale,f_auto,q_auto/ecomm-cms-assets/production/heros/landing-page-desktop.jpg
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:a741 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
db432405a21b948e9c297ee67a2452374c0796da6dcf4f801b7a704bd2f09f8a
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 15:38:42 GMT
strict-transport-security
max-age=604800
x-content-type-options
nosniff
content-disposition
inline; filename="landing-page-desktop.webp"
server-timing
cld-cloudflare;dur=24;start=2024-05-04T15:38:42.315Z;desc=hit,rtt;dur=2,content-info;desc="width=1440,height=810,bytes=41984,owidth=1440,oheight=810,obytes=1002394;"
content-length
41984
last-modified
Mon, 23 Oct 2023 16:57:10 GMT
server
cloudflare
etag
"6f214fecb7d8a45b17c0c1af81a4f3ca"
vary
Accept,User-Agent,Save-Data, Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Disposition,ETag,Server-Timing,Vary,x-content-type-options
cache-control
private, no-transform, max-age=2592000
accept-ranges
bytes
cf-ray
87e9944e6be7ab81-YYZ
timing-allow-origin
*
MicrosoftTeams-image.jpg
res.cloudinary.com/themirror/w_960,c_scale,f_auto,q_auto/ecomm-cms-assets/production/ 		64 KB
64 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://res.cloudinary.com/themirror/w_960,c_scale,f_auto,q_auto/ecomm-cms-assets/production/MicrosoftTeams-image.jpg
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:a741 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a3b76111f14dc848b243a4c8a55afe3a50294438f67d81548276c15249371fed
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 15:38:42 GMT
strict-transport-security
max-age=604800
x-content-type-options
nosniff
content-disposition
inline; filename="MicrosoftTeams-image.webp"
server-timing
cld-cloudflare;dur=106;start=2024-05-04T15:38:42.317Z;desc=miss,rtt;dur=2,content-info;desc="width=960,height=1200,bytes=65632,owidth=1160,oheight=1450,obytes=1041560;";cloudinary;dur=61;start=2024-05-04T15:38:42.351Z
content-length
65632
last-modified
Wed, 01 Nov 2023 17:02:51 GMT
server
cloudflare
etag
"0776270aa1b84c8b6891736e2296dc50"
vary
Accept,User-Agent,Save-Data, Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Disposition,ETag,Server-Timing,Vary,x-content-type-options
cache-control
private, no-transform, max-age=2592000
accept-ranges
bytes
cf-ray
87e9944e6beaab81-YYZ
timing-allow-origin
*
index.json
www.lululemonstudio.ca/_next/data/uu70LS7Ef5hHlEQTkdvWR/ 		28 KB
8 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.lululemonstudio.ca/_next/data/uu70LS7Ef5hHlEQTkdvWR/index.json
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/_next/static/chunks/main-a75f951d25e88ee6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:75b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
65fbc0d6a7ebfb7fb098c20620d85cb10952c3492dd645988ebbde84eda24451
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
x-nextjs-data
1
purpose
prefetch
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Referer
https://www.lululemonstudio.ca/
baggage
sentry-environment=production,sentry-release=uu70LS7Ef5hHlEQTkdvWR,sentry-transaction=%2F,sentry-public_key=98b0f0c98b27437e9b0118e221e2f539,sentry-trace_id=0538ea47ddf34efe94ade1f749939cb1,sentry-sample_rate=0.1
sentry-trace
0538ea47ddf34efe94ade1f749939cb1-ac0830d407e20ec1-0
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 15:38:42 GMT
via
1.1 60d690eb8aefecb50f44bbe348e3804a.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
cf-cache-status
DYNAMIC
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
YUL62-P2
age
7794
content-encoding
gzip
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 25 Apr 2024 17:14:39 GMT
server
cloudflare
etag
W/"937f4a4ea3f3a67078138e44336acfcd"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/json
permissions-policy
geolocation=(self)
cf-ray
87e9944c7fdeab00-YYZ
x-amz-cf-id
6YuQWaoPkxW4y-z_0qWq_eiRwM46g2raqzXuaUpkyOn4U8A5OxHO4w==
settings
cdn.segment.com/v1/projects/yak13J4DdLsAf2uEvYFgQi0CTMTvN1KJ/ 		5 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/v1/projects/yak13J4DdLsAf2uEvYFgQi0CTMTvN1KJ/settings
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/_next/static/chunks/main-a75f951d25e88ee6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.207.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-207-4.phl50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
611c16d656a5a736dc40453551bee2de4cd6c5ab06fdf3b78f35c299ccf86e7d

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
DaQTnFM74zx88MRDmI_TDBpyaHmBMLN.
content-encoding
br
via
1.1 9a4c760031a0dcc526cc9dcd0d0940ea.cloudfront.net (CloudFront)
date
Sat, 04 May 2024 13:20:22 GMT
x-amz-cf-pop
PHL50-C1
age
8301
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Mon, 15 Apr 2024 15:30:21 GMT
server
AmazonS3
etag
W/"6b95e5d6e332b5ced145395001126615"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=10800
vary
Accept-Encoding
x-amz-cf-id
cV5zvijXZZBXBjLil7EqNHDMlKq0OIym5X9fp_wjNJbRGBL46IiYrA==
graphql
checkout.lululemonstudio.ca/api/2022-10/ 		1 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://checkout.lululemonstudio.ca/api/2022-10/graphql
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/_next/static/chunks/main-a75f951d25e88ee6.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2620:127:f00f:e:: , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6a2133b30ca25642f43dab3aae205d29e2981022edf3e1e07609b92c4c802fb1
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
X-SDK-Version
2.17.1
Accept-Language
*
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
X-SDK-Variant
javascript
Content-Type
application/json
Accept
application/json
X-Shopify-Storefront-Access-Token
a793ef718fe256e2f8ec70b56cbb9f92
Referer
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 15:38:42 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
x-content-type-options
nosniff
x-shopify-api-version
2023-07
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-northamerica-northeast2,gcp-us-central1,gcp-us-central1
content-encoding
br
x-permitted-cross-domain-policies
none
server-timing
processing;dur=167;desc="gc:3", db;dur=5, fetch;dur=129, asn;desc="577", edge;desc="YYZ", country;desc="CA", servedBy;desc="pn72", graphql;desc="storefront/query/other", gqlSelectionNames;desc="sfr/node", requestID;desc="ec867019-ffed-4903-9f2b-bec16627f7e6-1714837122", cfRequestDuration;dur=240.000010, ipv6
powered-by
Shopify
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-sorting-hat-shopid
69030576428
x-request-id
ec867019-ffed-4903-9f2b-bec16627f7e6-1714837122
x-shardid
299
x-storefront-renderer-rendered
1
server
cloudflare
x-shopid
69030576428
vary
Accept-Encoding, Accept
x-frame-options
DENY
content-type
application/json; charset=utf-8
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DHkrnRwkB03ldN6M3IbqZK3TcgnEoD%2FFigo4BZGrfMo5YSggigl%2Fr1HDvQprxjrKThIz7s1wtiEPFWexcuIh5TRT%2BXsNh9mIAQzoINsL9UJ3Kaw194MBpJLvznMDeL3aDuHY87kg2g6WxgdiF4D2AypoUUXlzytlqg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-language
en
x-download-options
noopen
cf-ray
87e99450de55ac5d-YYZ
x-sorting-hat-podid
299
graphql
checkout.lululemonstudio.ca/api/2022-10/ 		1 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://checkout.lululemonstudio.ca/api/2022-10/graphql
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/_next/static/chunks/main-a75f951d25e88ee6.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2620:127:f00f:e:: , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
638244fac8839d622f612e1d8f74a474fa422c2905380943a567d87b1d34cead
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
X-SDK-Version
2.17.1
Accept-Language
*
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
X-SDK-Variant
javascript
Content-Type
application/json
Accept
application/json
X-Shopify-Storefront-Access-Token
a793ef718fe256e2f8ec70b56cbb9f92
Referer
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 15:38:42 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
x-content-type-options
nosniff
x-shopify-api-version
2023-07
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-northamerica-northeast2,gcp-us-central1,gcp-us-central1
content-encoding
br
x-permitted-cross-domain-policies
none
server-timing
processing;dur=162, db;dur=3, fetch;dur=128, asn;desc="577", edge;desc="YYZ", country;desc="CA", servedBy;desc="k2xn", graphql;desc="storefront/query/other", gqlSelectionNames;desc="sfr/node", requestID;desc="ea97b787-f941-4e5a-af92-5a58742053e5-1714837122", cfRequestDuration;dur=206.000090, ipv6
powered-by
Shopify
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-sorting-hat-shopid
69030576428
x-request-id
ea97b787-f941-4e5a-af92-5a58742053e5-1714837122
x-shardid
299
x-storefront-renderer-rendered
1
server
cloudflare
x-shopid
69030576428
vary
Accept-Encoding, Accept
x-frame-options
DENY
content-type
application/json; charset=utf-8
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QLJSUrU7SOx8CGIKqDUDnVPAepvcXYqJ%2Bfz2tO0dcEj1JvuAL4fn5VKQ4SCRxxLdCnG793Gcc5zqE3HQb%2Fih8IumPPpvDYlO9WbaHfegIP%2FpGlRty8ldj3i3YRaDS9TMSsMjNh6FxBFgTFo9Wjhud1uR86l26kCcJg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-language
en
x-download-options
noopen
cf-ray
87e99450ee5bac5d-YYZ
x-sorting-hat-podid
299
ajs-destination.bundle.ed53a26b6edc80c65d73.js
cdn.segment.com/analytics-next/bundles/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics-next/bundles/ajs-destination.bundle.ed53a26b6edc80c65d73.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/yak13J4DdLsAf2uEvYFgQi0CTMTvN1KJ/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.207.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-207-4.phl50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
129151ed0140041b198ce3b364a11861a3b5baa5bb60475ebf7bedb9b0fc94d6

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 15 Apr 2024 15:05:27 GMT
x-amz-version-id
1lCjHefPzcRt0EbQDFkkb.6FnzhNuKxa
content-encoding
br
via
1.1 5c70ae1eac1857f85c7660495d949094.cloudfront.net (CloudFront)
x-amz-cf-pop
PHL50-C1
age
1643596
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Fri, 12 Apr 2024 21:39:45 GMT
server
AmazonS3
etag
W/"00e9c65cbba11c07c4bf4a6e2727b8ea"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
vary
Accept-Encoding
x-amz-cf-id
bxpNa7xND8xwcwStfKvPPsO98bNG1ic7D--IWIIxkATTykYCUO8mdQ==
schemaFilter.bundle.5c2661f67b4b71a6d9bd.js
cdn.segment.com/analytics-next/bundles/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics-next/bundles/schemaFilter.bundle.5c2661f67b4b71a6d9bd.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/yak13J4DdLsAf2uEvYFgQi0CTMTvN1KJ/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.207.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-207-4.phl50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
31892c21ae4fb908a875bbe29dbf0df74c2e84171cfbcac23540f3ad8222a35a

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 15 Apr 2024 06:07:13 GMT
x-amz-version-id
Yw3_Qtko75ayfD57fhuMKy0z.t7FgyPk
content-encoding
br
via
1.1 5c70ae1eac1857f85c7660495d949094.cloudfront.net (CloudFront)
x-amz-cf-pop
PHL50-C1
age
1675890
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Fri, 12 Apr 2024 22:19:51 GMT
server
AmazonS3
etag
W/"3867b2388b619ff7fddc29ef359fc9aa"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
vary
Accept-Encoding
x-amz-cf-id
uCSp87DLUICA3NMDMz93BzEk7wTfk7cEVL7eS_-JmVc9paa6TVfyiA==
facebook-pixel.dynamic.js.gz
cdn.segment.com/next-integrations/integrations/facebook-pixel/2.11.5/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/facebook-pixel/2.11.5/facebook-pixel.dynamic.js.gz
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/yak13J4DdLsAf2uEvYFgQi0CTMTvN1KJ/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.207.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-207-4.phl50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4df53644d1c9fd651ccfd697977eb07d94cd744b0a4997568d67cc25ef44e483

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 23 Apr 2024 05:58:29 GMT
content-encoding
gzip
via
1.1 5c70ae1eac1857f85c7660495d949094.cloudfront.net (CloudFront)
x-amz-version-id
e4_5M802DvRTYZH643Q1UBSxA84VQpM1
x-amz-cf-pop
PHL50-C1
age
985214
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
3273
last-modified
Fri, 05 Apr 2024 16:42:47 GMT
server
AmazonS3
etag
"a7cd49c834a0851140e3304c91cb34d0"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
x-amz-cf-id
eNvAmfjpZVR2IeOmusi1rfJObFIcwuHc0RaGhof6Q_LTeq9cnTC_IQ==
fullstory.dynamic.js.gz
cdn.segment.com/next-integrations/integrations/fullstory/3.1.0/ 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/fullstory/3.1.0/fullstory.dynamic.js.gz
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/yak13J4DdLsAf2uEvYFgQi0CTMTvN1KJ/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.207.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-207-4.phl50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
de8f2ac57087767409b0bb4025e88c1ebb0fd18e0e73144e4ac15997f3350821

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 06 Feb 2024 00:03:13 GMT
content-encoding
gzip
via
1.1 5c70ae1eac1857f85c7660495d949094.cloudfront.net (CloudFront)
x-amz-version-id
sZ4uaVuryvCnkNR7kX2ChFxfvv_9ZYSp
x-amz-cf-pop
PHL50-C1
age
7659330
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
2166
last-modified
Wed, 18 Oct 2023 10:36:35 GMT
server
AmazonS3
etag
"e99e99fffc341f6a85e129a73956e837"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
x-amz-cf-id
qepbgcapTgn_BMD-l4ZHgkMOvslDnGzg2iDURmp1yERP69vn2Dcnaw==
google-tag-manager.dynamic.js.gz
cdn.segment.com/next-integrations/integrations/google-tag-manager/2.5.1/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/google-tag-manager/2.5.1/google-tag-manager.dynamic.js.gz
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/yak13J4DdLsAf2uEvYFgQi0CTMTvN1KJ/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.207.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-207-4.phl50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e91a86b8d8da28eaf681b924b135c3a8ffacb6d51d2affad9d684e708d60a3db

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 24 Jan 2024 08:03:36 GMT
content-encoding
gzip
via
1.1 5c70ae1eac1857f85c7660495d949094.cloudfront.net (CloudFront)
x-amz-version-id
iBgkeROQ82ipYgPNwFnoDehQ.U3dPJg.
x-amz-cf-pop
PHL50-C1
age
8753707
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
1342
last-modified
Wed, 18 Oct 2023 10:36:34 GMT
server
AmazonS3
etag
"a1bed0458702cf863f2d24fb1b9d39ae"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
x-amz-cf-id
J7zvrEUKYyvj9r9YcE6QK2XuQlh6qZd2hMVWTzyoyjorWW6BYF-Dzw==
p
api.segment.io/v1/ 		21 B
179 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.segment.io/v1/p
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/_next/static/chunks/main-a75f951d25e88ee6.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.69.251.6 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-69-251-6.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.lululemonstudio.ca
date
Sat, 04 May 2024 15:38:43 GMT
strict-transport-security
max-age=31536000
content-length
21
vary
Origin
content-type
application/json
graphql
checkout.lululemonstudio.ca/api/2022-10/ 		1 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://checkout.lululemonstudio.ca/api/2022-10/graphql
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/_next/static/chunks/main-a75f951d25e88ee6.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2620:127:f00f:e:: , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
973978af49041fd39f8354e0ac908867ae9d9d914bfc5246377d733c7c921e04
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
X-SDK-Version
2.17.1
Accept-Language
*
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
X-SDK-Variant
javascript
Content-Type
application/json
Accept
application/json
X-Shopify-Storefront-Access-Token
a793ef718fe256e2f8ec70b56cbb9f92
Referer
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 15:38:43 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
x-content-type-options
nosniff
x-shopify-api-version
2023-07
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-northamerica-northeast2,gcp-us-central1,gcp-us-central1
content-encoding
br
x-permitted-cross-domain-policies
none
x-shopify-api-deprecated-reason
https://shopify.dev/api/usage/versioning#deprecation-practices
server-timing
processing;dur=193, db;dur=5, fetch;dur=158, asn;desc="577", edge;desc="YYZ", country;desc="CA", servedBy;desc="d754", graphql;desc="storefront/mutation/other", gqlSelectionNames;desc="sfr/checkoutAttributesUpdateV2", requestID;desc="061ab9e6-7a4d-4dcf-a098-f000264541fe-1714837123", cfRequestDuration;dur=238.000154, ipv6
powered-by
Shopify
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-sorting-hat-shopid
69030576428
x-request-id
061ab9e6-7a4d-4dcf-a098-f000264541fe-1714837123
x-shardid
299
x-storefront-renderer-rendered
1
server
cloudflare
x-shopid
69030576428
vary
Accept-Encoding, Accept
x-frame-options
DENY
content-type
application/json; charset=utf-8
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HOiFo4J5lHxZGzL8UQ%2BbvvwB5ZXHjnE%2BcKB0i6kWQPvFbMl4evHgkrwQ7jgdagAheGRZXpROkSq2lKOLJtAMOK5wFLcAnmy0Fb2qvgVd7Xf%2B4httmL8cnvjA8Mg6dqAk8FVH%2BdTZqhf%2BlfuXQdRFs8cvGJaDIS1NkQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-language
en
x-download-options
noopen
cf-ray
87e99452cff4ac5d-YYZ
x-sorting-hat-podid
299
graphql
checkout.lululemonstudio.ca/api/2022-10/ 		1 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://checkout.lululemonstudio.ca/api/2022-10/graphql
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/_next/static/chunks/main-a75f951d25e88ee6.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2620:127:f00f:e:: , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f3e62d7a630f42116eaf8f1c1586a3c892d2409a99365c2d7d3c85ee6697fd45
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
X-SDK-Version
2.17.1
Accept-Language
*
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
X-SDK-Variant
javascript
Content-Type
application/json
Accept
application/json
X-Shopify-Storefront-Access-Token
a793ef718fe256e2f8ec70b56cbb9f92
Referer
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 15:38:43 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
x-content-type-options
nosniff
x-shopify-api-version
2023-07
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-northamerica-northeast2,gcp-us-central1,gcp-us-central1
content-encoding
br
x-permitted-cross-domain-policies
none
x-shopify-api-deprecated-reason
https://shopify.dev/api/usage/versioning#deprecation-practices
server-timing
processing;dur=179, db;dur=5, fetch;dur=146, asn;desc="577", edge;desc="YYZ", country;desc="CA", servedBy;desc="zw2c", graphql;desc="storefront/mutation/other", gqlSelectionNames;desc="sfr/checkoutAttributesUpdateV2", requestID;desc="5b7a405a-bbbe-4ade-951d-3fc003f15038-1714837123", cfRequestDuration;dur=240.000010, ipv6
powered-by
Shopify
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-sorting-hat-shopid
69030576428
x-request-id
5b7a405a-bbbe-4ade-951d-3fc003f15038-1714837123
x-shardid
299
x-storefront-renderer-rendered
1
server
cloudflare
x-shopid
69030576428
vary
Accept-Encoding, Accept
x-frame-options
DENY
content-type
application/json; charset=utf-8
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IVFypX2kF8HL109a3yRvrm2ctIMj5pjIGx43j%2FeRxMaRGWWlsW1KtJCFX2PiQ3u%2F3I4FjsKinDQrObrCWCvPKndgMHblfayJgDY4DwcE2ncNdbVzpGgD9DtHXFdFMdlXdLbPsyfzc%2B1XtXCW6wck2nNvilGzK3s4Jg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-language
en
x-download-options
noopen
cf-ray
87e99452f816ac5d-YYZ
x-sorting-hat-podid
299
commons.a61d7bea37d2de5d4b69.js.gz
cdn.segment.com/next-integrations/integrations/vendor/ 		70 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/vendor/commons.a61d7bea37d2de5d4b69.js.gz
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/yak13J4DdLsAf2uEvYFgQi0CTMTvN1KJ/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.207.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-207-4.phl50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
265ac7549793e4b9d51f8ab19acc8518770ace94078790776b3ac34eb47e1bbd

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 05 Apr 2024 17:25:47 GMT
content-encoding
gzip
via
1.1 5c70ae1eac1857f85c7660495d949094.cloudfront.net (CloudFront)
x-amz-version-id
1Y99HfuTczPsGIDdcPhw1L1EusEviR19
x-amz-cf-pop
PHL50-C1
age
2499177
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
21911
last-modified
Fri, 05 Apr 2024 16:42:46 GMT
server
AmazonS3
etag
"c467a63b2e7c3a99be423ace649014d8"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
x-amz-cf-id
NHZO7JqwE1pYeQBtYiWsABxjMXbhc6cG60OPez_IGu6HoDrU3qEsSg==
commons.c42222c4cb2f8913500f.js.gz
cdn.segment.com/next-integrations/integrations/vendor/ 		73 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/vendor/commons.c42222c4cb2f8913500f.js.gz
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/yak13J4DdLsAf2uEvYFgQi0CTMTvN1KJ/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.207.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-207-4.phl50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b17b4a5cc840a366a4c006794502f887a316402f781f85e913ac4af19a93fc13

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 22 Mar 2024 06:01:10 GMT
content-encoding
gzip
via
1.1 5c70ae1eac1857f85c7660495d949094.cloudfront.net (CloudFront)
x-amz-version-id
HopHKmY9TBcR3b.zdj3KrkRozUW9hj.F
x-amz-cf-pop
PHL50-C1
age
3749854
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
22177
last-modified
Fri, 08 Mar 2024 07:35:27 GMT
server
AmazonS3
etag
"befb217271e2e926c7d898f1c85f6cb7"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
x-amz-cf-id
fnoU6eC-2JVWtPBTIJGa7JkaLkU0M1NC0C9Uo9RBzGVp0rpEDpcLKQ==
fbevents.js
connect.facebook.net/en_US/ 		218 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.a61d7bea37d2de5d4b69.js.gz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f003:c0e:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
f589b180c1064f697c91ac117fafda9aff1c66123a099e82da0b976a09011510
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Sat, 04 May 2024 15:38:43 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
57845
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=22, rtx=0, c=15, mss=1392, tbw=2785, tp=-1, tpl=-1, uplat=1, ullat=-1
pragma
public
x-fb-debug
qop+PMRk/bwSSpKOUBT5WtQiIBtqCXoUcVuvib0ZdKnZSSslp8wqXV9dpJ+jnezVuAX4cz+m9LuxHmXKTaoSTQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
cache-control
public, max-age=1200
x-fb-optimizer
1
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
fs.js
edge.fullstory.com/s/ 		270 KB
73 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://edge.fullstory.com/s/fs.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.c42222c4cb2f8913500f.js.gz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.112.186 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
186.112.201.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
714e572d89d556563c1364be11abf53243e01bec73dcec44bf812fa77059b385

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Origin
https://www.lululemonstudio.ca
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 15:02:22 GMT
content-encoding
br
age
2181
x-guploader-uploadid
ABPtcPoxfywBrkHcOWqY7sLHnqTN04bQJeydairKxUDoeZ_y60A-WXP1rvt8eSqzmJogasJJd5OmK2fE9Q
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
74572
last-modified
Wed, 01 May 2024 18:59:38 GMT
server
UploadServer
etag
"9568c49933648165a4b57d6134954fb0"
vary
Accept-Encoding
x-goog-generation
1714589978252932
x-goog-hash
crc32c=TIbhRA==, md5=lWjEmTNkgWWktX1hNJVPsA==
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=3600,no-transform
x-goog-stored-content-length
74572
accept-ranges
bytes
content-type
application/javascript
expires
Sat, 04 May 2024 16:02:22 GMT
gtm.js
www.googletagmanager.com/ 		229 KB
82 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-TBTC976&l=dataLayer
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.c42222c4cb2f8913500f.js.gz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c19::61 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
66dff811fd9f5f4965c70e767392b14b0d1733e51f3cf75622c3ed6c67faa0a8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 15:38:43 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
83687
x-xss-protection
0
last-modified
Sat, 04 May 2024 15:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sat, 04 May 2024 15:38:43 GMT
graphql
checkout.lululemonstudio.ca/api/2022-10/ 		1 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://checkout.lululemonstudio.ca/api/2022-10/graphql
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/_next/static/chunks/main-a75f951d25e88ee6.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2620:127:f00f:e:: , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3aea1fa2845485b2f56569a9f4274734470fb8bc164677d99f64e6e3f9d0943c
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
X-SDK-Version
2.17.1
Accept-Language
*
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
X-SDK-Variant
javascript
Content-Type
application/json
Accept
application/json
X-Shopify-Storefront-Access-Token
a793ef718fe256e2f8ec70b56cbb9f92
Referer
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 15:38:43 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
x-content-type-options
nosniff
x-shopify-api-version
2023-07
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-northamerica-northeast2,gcp-us-central1,gcp-us-central1
content-encoding
br
x-permitted-cross-domain-policies
none
server-timing
processing;dur=171, db;dur=6, fetch;dur=135, asn;desc="577", edge;desc="YYZ", country;desc="CA", servedBy;desc="pn72", graphql;desc="storefront/query/other", gqlSelectionNames;desc="sfr/node", requestID;desc="4a129e81-7713-411b-a96f-55ddf1964553-1714837123", cfRequestDuration;dur=217.999935, ipv6
powered-by
Shopify
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-sorting-hat-shopid
69030576428
x-request-id
4a129e81-7713-411b-a96f-55ddf1964553-1714837123
x-shardid
299
x-storefront-renderer-rendered
1
server
cloudflare
x-shopid
69030576428
vary
Accept-Encoding, Accept
x-frame-options
DENY
content-type
application/json; charset=utf-8
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XRNjoP6h048R87NkJYi9LdCVbjO93yGCjJo5vtoxJj1hSw5db8e4nnRX86Fa5sSYyq57wsOXJTptOz1KcFEC17%2BW0nhhT0OeXjZgxoFlUyao05o8KsnB1Doz%2BRb3Si%2FTHit1Q3xpL%2Bw1Z5FWDC8QBzpumWYDk57e7g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-language
en
x-download-options
noopen
cf-ray
87e994551a0aac5d-YYZ
x-sorting-hat-podid
299
web
edge.fullstory.com/s/settings/KM59Q/v1/ 		4 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://edge.fullstory.com/s/settings/KM59Q/v1/web
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/_next/static/chunks/main-a75f951d25e88ee6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.112.186 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
186.112.201.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
67bab36d7f31001c4fb77e154c171d143cef2b459b15e38403455cb23ef56593

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 15:38:43 GMT
content-encoding
gzip
age
0
x-guploader-uploadid
ABPtcPqb26o4a3ntqRJ3n6TtVVGGeIQDCqzN9fT86lFPvn6pv2htF3PKDyRIdrGj5yHBxvmw5GA
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1149
last-modified
Mon, 27 Feb 2023 17:00:55 GMT
server
UploadServer
etag
"d8d6a048db6ead41e2c7d6e9fbdf33f8"
x-goog-generation
1677517254984889
x-goog-hash
crc32c=xlZuYg==, md5=2NagSNturUHix9bp+98z+A==
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public,max-age=900,no-transform
x-goog-stored-content-length
1149
accept-ranges
bytes
content-type
application/json
expires
Sat, 04 May 2024 15:53:43 GMT
graphql
checkout.lululemonstudio.ca/api/2022-10/ 		1 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://checkout.lululemonstudio.ca/api/2022-10/graphql
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/_next/static/chunks/main-a75f951d25e88ee6.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2620:127:f00f:e:: , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f3e62d7a630f42116eaf8f1c1586a3c892d2409a99365c2d7d3c85ee6697fd45
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
X-SDK-Version
2.17.1
Accept-Language
*
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
X-SDK-Variant
javascript
Content-Type
application/json
Accept
application/json
X-Shopify-Storefront-Access-Token
a793ef718fe256e2f8ec70b56cbb9f92
Referer
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 15:38:44 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
x-content-type-options
nosniff
x-shopify-api-version
2023-07
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-northamerica-northeast2,gcp-us-central1,gcp-us-central1
content-encoding
br
x-permitted-cross-domain-policies
none
x-shopify-api-deprecated-reason
https://shopify.dev/api/usage/versioning#deprecation-practices
server-timing
processing;dur=223;desc="gc:2", db;dur=3, fetch;dur=189, asn;desc="577", edge;desc="YYZ", country;desc="CA", servedBy;desc="6688", graphql;desc="storefront/mutation/other", gqlSelectionNames;desc="sfr/checkoutAttributesUpdateV2", requestID;desc="bd914290-c514-478c-a734-b69f05bcb0b1-1714837123", cfRequestDuration;dur=278.000116, ipv6
powered-by
Shopify
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-sorting-hat-shopid
69030576428
x-request-id
bd914290-c514-478c-a734-b69f05bcb0b1-1714837123
x-shardid
299
x-storefront-renderer-rendered
1
server
cloudflare
x-shopid
69030576428
vary
Accept-Encoding, Accept
x-frame-options
DENY
content-type
application/json; charset=utf-8
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c7dMZvqviiA0IxZWQup737Joxu%2FjaNIHDPM%2F%2FuROhwMLxqAke%2FP9zHjxKZESRTQSF%2FrxAN%2BVR3VK75k8ic%2FhGvlEaHLheH9JeMQkYnlLddcvh2UyyDnF4IgvRaIFBYXtIdkjeCrszLosER0w1xyrNpiUDwRJT4ljPg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-language
en
x-download-options
noopen
cf-ray
87e994576bb6ac5d-YYZ
x-sorting-hat-podid
299
365790728635697
connect.facebook.net/signals/config/ 		66 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/365790728635697?v=2.9.155&r=stable&domain=www.lululemonstudio.ca&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f003:c0e:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
1a84684e9bcbe1b415e4efee3f95edf7f6106c9dad5b47a710a1264db511d68f
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Sat, 04 May 2024 15:38:43 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=22, rtx=0, c=60, mss=1392, tbw=63302, tp=-1, tpl=-1, uplat=58, ullat=0
pragma
public
x-fb-debug
p6LcUTzYAOWJlTvFw+/1SdN3M14mSwH4zdrzyDRYHMDkV+urBuaPyaDzV/hwOeq4VYIp8azOyibixc58ZCEk/Q==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
dtag.js
cdn.attn.tv/mirror-ca/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.attn.tv/mirror-ca/dtag.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TBTC976&l=dataLayer
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26a0:5c00:1c:9484:cec0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
746b95a55ec0a56a74120fcbba61801fdd50376e6989feecd5943de920e40f41

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
FuTPg1X6OwByzlyxiDZx2193pKsAxmEO
content-encoding
gzip
via
1.1 60d690eb8aefecb50f44bbe348e3804a.cloudfront.net (CloudFront)
date
Sat, 04 May 2024 15:38:45 GMT
last-modified
Thu, 03 Aug 2023 16:31:24 GMT
server
AmazonS3
x-amz-cf-pop
YUL62-P2
x-amz-server-side-encryption
AES256
etag
W/"2ea7fb0bcab2ade76079018826ab485b"
vary
Accept-Encoding, Origin
x-cache
RefreshHit from cloudfront
content-type
text/javascript
cache-control
public, max-age=120
x-amz-replication-status
COMPLETED
x-amz-cf-id
Y1IR6IpxKLA2zYL09Z2hnZwHplf53Qum3sZvIY8IdO9KkRySS6R8tQ==
page
rs.fullstory.com/rec/ 		82 B
294 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://rs.fullstory.com/rec/page
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/_next/static/chunks/main-a75f951d25e88ee6.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.194.58 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
58.194.186.35.bc.googleusercontent.com
Software
/
Resource Hash
7276e79c9f3b182f8635969effac5c153a7337c69016c34050a60b605e97a1d0
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 04 May 2024 15:38:44 GMT
via
1.1 google
x-content-type-options
nosniff
content-type
text/plain; charset=utf-8
access-control-allow-origin
https://www.lululemonstudio.ca
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
82
/
www.facebook.com/tr/ 		0
274 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=365790728635697&ev=PageView&dl=https%3A%2F%2Fwww.lululemonstudio.ca%2F&rl=https%3A%2F%2Fcheckout.lululemonstudio.ca%2F&if=false&ts=1714837124105&sw=1600&sh=1200&v=2.9.155&r=stable&a=seg&ec=0&o=4126&fbp=fb.1.1714837124098.253145084&cs_est=true&ler=other&cdl=API_unavailable&it=1714837123852&coo=false&dpo=LDU&dpoco=0&dpost=0&eid=ajs-next-1714837122948-9e3de27e-d071-44d9-be28-bf2e4d55dfdf&rqm=GET
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f103:83:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-fb-connection-quality
EXCELLENT; q=0.9, rtt=19, rtx=0, c=10, mss=1392, tbw=2756, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Sat, 04 May 2024 15:38:44 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
unified-tag.js
cdn.attn.tv/tag/4-latest/ 		130 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.attn.tv/tag/4-latest/unified-tag.js?v=4-latest_6c714ccac7
Requested by
Host: cdn.attn.tv
URL: https://cdn.attn.tv/mirror-ca/dtag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26a0:5c00:1c:9484:cec0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
952b06ec483af224baa94586bb7495b727ac0bd114fa154b03ce838f6aa5270c

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
CFF8pRstLHnTeZ0V9WSpTWKtnR.mXuZ_
content-encoding
gzip
via
1.1 60d690eb8aefecb50f44bbe348e3804a.cloudfront.net (CloudFront)
date
Sat, 04 May 2024 15:36:06 GMT
x-amz-cf-pop
YUL62-P2
age
159
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Mon, 29 Apr 2024 15:44:20 GMT
server
AmazonS3
etag
W/"73448defe2e57d185909128d845ccf1f"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=300
x-amz-cf-id
MpL3WA72gYwEhTkptIMBxOUjtIxJVpv35uiitzEoW6ImEaz9F_v2bw==
/
mirror-ca.attn.tv/d/ 		5 B
252 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://mirror-ca.attn.tv/d/?attn_vid=727c8b7398634df4b1b602a4deeb21bf
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/_next/static/chunks/main-a75f951d25e88ee6.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.43.135 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fcbcf165908dd18a9e49f7ff27810176db8e9f63b4352213741664245224f8aa

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 15:38:45 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
content-type
application/json
access-control-allow-origin
*
x-envoy-upstream-service-time
4
cf-ray
87e9945f8b15ab09-YYZ
alt-svc
h3=":443"; ma=86400
e
events.attentivemobile.com/ 		0
260 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://events.attentivemobile.com/e?v=4.34.2_a2836cacd5&pd=https%3A%2F%2Fwww.lululemonstudio.ca%2F&u=727c8b7398634df4b1b602a4deeb21bf&c=mirror-ca&ceid=zMM&lt=1714837124755&tag=modern&cs=180653487&t=v&r=https%3A%2F%2Fcheckout.lululemonstudio.ca%2F&m=%7B%22source%22%3A%22a%22%7D&cb=1714837124762&evs=%5B%7B%22vendor%22%3A8%2C%22id%22%3A%223bdc2714-c7d5-4faf-b358-b695352f2033%22%7D%5D
Requested by
Host: cdn.attn.tv
URL: https://cdn.attn.tv/tag/4-latest/unified-tag.js?v=4-latest_6c714ccac7
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.39.221 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 15:38:45 GMT
strict-transport-security
max-age=31536000 ; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
x-frame-options
DENY
access-control-expose-headers
Set-Cookie, X-Count, X-Token
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-envoy-upstream-service-time
30
cf-ray
87e9945f88f2abc7-YYZ
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
zMM.js
cdn.attn.tv/growth-tag-assets/client-configs/ 		0
383 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.attn.tv/growth-tag-assets/client-configs/zMM.js
Requested by
Host: cdn.attn.tv
URL: https://cdn.attn.tv/tag/4-latest/unified-tag.js?v=4-latest_6c714ccac7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26a0:5c00:1c:9484:cec0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
kGJjc2HxNgGNuk_7UqP1h9o.liqWLb8I
content-encoding
via
1.1 60d690eb8aefecb50f44bbe348e3804a.cloudfront.net (CloudFront)
date
Sat, 04 May 2024 10:18:56 GMT
last-modified
Mon, 17 Dec 2018 20:59:49 GMT
server
AmazonS3
x-amz-cf-pop
YUL62-P2
age
19201
etag
"d41d8cd98f00b204e9800998ecf8427e"
vary
Accept-Encoding
x-cache
Error from cloudfront
content-type
text/javascript
accept-ranges
bytes
content-length
0
x-amz-cf-id
lataXFtB8gRpa1CY43Romsqyer5cP7HdBtVts9XD0nJxKUcET8CEiQ==
unrenderedCreative
mirror-ca.attn.tv/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://mirror-ca.attn.tv/unrenderedCreative?v=4.34.2&r=https%3A%2F%2Fcheckout.lululemonstudio.ca%2F&id=727c8b7398634df4b1b602a4deeb21bf&pv=1&l=https%3A%2F%2Fwww.lululemonstudio.ca%2F&w=1600&h=1200&ss_ref=https%3A%2F%2Fcheckout.lululemonstudio.ca%2F&f=2
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/_next/static/chunks/main-a75f951d25e88ee6.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.43.135 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Sat, 04 May 2024 15:38:45 GMT
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
26
cf-ray
87e9945f8b14ab09-YYZ
alt-svc
h3=":443"; ma=86400
m-outer-3437aaddcdf6922d623e172c2d6f9278.html
js.stripe.com/v3/ Frame 16E6 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.214.62 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-214-62.phl50.r.cloudfront.net
Software
Cloudfront /
Resource Hash
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
1053
cache-control
max-age=31536000
content-length
200
content-security-policy
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Sat, 04 May 2024 15:21:28 GMT
etag
"3437aaddcdf6922d623e172c2d6f9278"
last-modified
Tue, 30 Apr 2024 20:04:18 GMT
server
Cloudfront
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 4f7671bb51952e26d4af9f468d98bc84.cloudfront.net (CloudFront)
x-amz-cf-id
rYqlAsF7lys9DLWy7wV9DDmWY7SpWI2y0ut-QdanvuP8Ozn7HMBwMw==
x-amz-cf-pop
PHL50-C1
x-cache
Hit from cloudfront
x-content-type-options
nosniff
widget.js
cdn.kustomerapp.com/chat-web/ 		937 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.kustomerapp.com/chat-web/widget.js
Requested by
Host: checkout.lululemonstudio.ca
URL: https://checkout.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.161.213.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-161-213-67.yul62.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
8c6b5de616eabf348a1fd3cc8839a6d57670dcdc164c81f690a3ff5b504002d2

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
rhWJb2_JwuC_UnrIHa.6TrXaXLBj_F_O
date
Sat, 04 May 2024 15:37:58 GMT
x-amz-meta-releaseversion
release-v0.1.375
via
1.1 f4979fa9d388cee1327b2a7fad0fcbfa.cloudfront.net (CloudFront)
x-amz-cf-pop
YUL62-P1
age
48
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
content-length
937
last-modified
Wed, 27 Mar 2024 21:54:04 GMT
server
AmazonS3
etag
"429467a41d91b15cb8d521f4a1312d76"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=0, s-maxage=60
vary
Accept-Encoding
accept-ranges
bytes
x-amz-cf-id
ilOsCav0wlD4pj8Lrtd_ryOwIwPJo2jaycka6UqTeQkvGrNsg-R-yw==
widget-api.8acb1fabd3e20af59d34.js
cdn.kustomerapp.com/chat-web/release-v0.1.375/ 		31 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.kustomerapp.com/chat-web/release-v0.1.375/widget-api.8acb1fabd3e20af59d34.js
Requested by
Host: cdn.kustomerapp.com
URL: https://cdn.kustomerapp.com/chat-web/widget.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.161.213.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-161-213-67.yul62.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9e86b08a0d8849527cdd52c214c04c1c7e3e151415acf94fdab46c2241ce6252

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 28 Mar 2024 06:33:35 GMT
x-amz-version-id
7S7TfTXePzws_K1JpIFL0PKxKErwwIeS
content-encoding
br
via
1.1 f4979fa9d388cee1327b2a7fad0fcbfa.cloudfront.net (CloudFront)
x-amz-cf-pop
YUL62-P1
age
3229511
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Wed, 27 Mar 2024 21:54:07 GMT
server
AmazonS3
etag
W/"82f95f906f817ee4c1ef932c450517d6"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=34149600, s-maxage=34149600
vary
Accept-Encoding
x-amz-cf-id
9ecOUELf_Yt_Q3GleKCQSb59TT-PrjBw4tlbRHd3E-N-F1sE86Loag==
favicon.ico
www.lululemonstudio.ca/ 		1 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.lululemonstudio.ca/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:75b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
91db6a7827b1ba906ea4b90d0c733e33e69023766c42cb158a09dc438f66c742
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.lululemonstudio.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 15:38:46 GMT
via
1.1 97a1bb4fb9aff82a97dbf758ce602258.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
cf-cache-status
REVALIDATED
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
YUL62-P2
content-encoding
gzip
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 25 Apr 2024 17:14:41 GMT
server
cloudflare
etag
W/"5d1fe955cb466265c0ebfa4d3cf9e9c8"
x-frame-options
DENY
vary
Accept-Encoding
content-type
image/vnd.microsoft.icon
cache-control
public, max-age=14400
permissions-policy
geolocation=(self)
cf-ray
87e9946579b4ab00-YYZ
x-amz-cf-id
5AL6R3dQKRa6Laxe-lvcST3kCJWRf35dDH4G2mQ61ah4WjIbqsvlDg==
expires
Sat, 04 May 2024 19:38:46 GMT
favicon-32x32.png
www.lululemonstudio.ca/ 		6 KB
6 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.lululemonstudio.ca/favicon-32x32.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:75b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e7502e0a0103769fa716c86207f6062fdaf34ad5780c8b18f6bc87fb8bc73698
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.lululemonstudio.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 15:38:46 GMT
via
1.1 101faeb149b23d8a2ab2e8bae2efec18.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
cf-cache-status
REVALIDATED
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
YTO50-P1
x-cache
Miss from cloudfront
content-length
6352
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 25 Apr 2024 17:14:41 GMT
server
cloudflare
etag
"4482156ee5daf05cef544815a868599b"
x-frame-options
DENY
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=14400
permissions-policy
geolocation=(self)
accept-ranges
bytes
cf-ray
87e99466ca89ab00-YYZ
x-amz-cf-id
SkHz9qi_bjafKfxUvJasYRY_HVmipYHAToJQRNPn5bie-Vj80P-IzQ==
expires
Sat, 04 May 2024 19:38:46 GMT
trusted-types-checker-efd8cf45ce422659c098993bfc62531b.js
js.stripe.com/v3/fingerprinted/js/ 		176 B
678 B 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/fingerprinted/js/trusted-types-checker-efd8cf45ce422659c098993bfc62531b.js
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.214.17 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-214-17.phl50.r.cloudfront.net
Software
Cloudfront /
Resource Hash
07b6b3d899dd69c0e9eb463e23e10e30e82588eddf95d15d45bb505c6703a813
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 15:11:36 GMT
via
1.1 53e905605490f05641e5a7bb370e4b1a.cloudfront.net (CloudFront)
x-content-type-options
nosniff
strict-transport-security
max-age=31556926; includeSubDomains; preload
age
2027
x-amz-cf-pop
PHL50-C1
x-cache
Hit from cloudfront
content-length
176
last-modified
Tue, 30 Apr 2024 20:04:17 GMT
server
Cloudfront
etag
"96f5b26d366f47393b3ff36fe7471474"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
q0sB21q8VZecG_6Uv6DE8yd_c-r04LRT6ISmbqF6FycVYp7CLyO62g==

Verdicts & Comments Add Verdict or Comment

74 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| analytics string| ire_o function| ire object| _affirm_config object| affirm object| webpackChunk_N_E object| __SENTRY__ undefined| __sentryRewritesTunnelPath__ object| SENTRY_RELEASE string| __rewriteFramesAssetPrefixPath__ function| __next_require__ object| next object| __NEXT_DATA__ function| __SSG_MANIFEST_CB object| __NEXT_P object| _N_E object| irEvent function| __NEXT_PRELOADREADY object| __MIDDLEWARE_MATCHERS object| __BUILD_MANIFEST object| __SSG_MANIFEST function| _rollbarURH object| perfMetrics object| webpackChunkStripeJSouter function| noop function| Stripe object| webpackChunk_segment_analytics_next string| analyticsWriteKey object| __SEGMENT_INSPECTOR__ object| AnalyticsNext object| facebook-pixelDeps function| facebook-pixelLoader object| fullstoryDeps function| fullstoryLoader object| google-tag-managerDeps function| google-tag-managerLoader object| webpackJsonp_name_Integration function| setImmediate function| clearImmediate function| facebook-pixelIntegration function| _fbq function| fbq function| fullstoryIntegration boolean| _fs_is_outer_script boolean| _fs_debug string| _fs_host string| _fs_script string| _fs_org string| _fs_namespace function| FS function| google-tag-managerIntegration object| dataLayer string| _fs_loaded function| _fs_shutdown object| google_tag_manager object| google_tag_data boolean| __attnLoaded object| attn_d0x0b_evt object| attentive string| __attentive_domain object| __attentive object| __attentive_cfg boolean| __poll_for_path_change string| attn_d0x0b_cfg boolean| isMobile object| script function| _defineProperty object| Kustomer object| webpackChunkchat_web

29 Cookies

Domain/Path Name / Value
checkout.lululemonstudio.ca/ Name: keep_alive
Value: 48fd2a32-b6e2-45c4-87ea-ba6526d40f2f
checkout.lululemonstudio.ca/ Name: secure_customer_sig
Value:
checkout.lululemonstudio.ca/ Name: localization
Value: CA
.lululemonstudio.ca/ Name: _cmp_a
Value: %7B%22purposes%22%3A%7B%22a%22%3Atrue%2C%22p%22%3Atrue%2C%22m%22%3Atrue%2C%22t%22%3Atrue%7D%2C%22display_banner%22%3Afalse%2C%22sale_of_data_region%22%3Afalse%7D
.lululemonstudio.ca/ Name: _tracking_consent
Value: %7B%22region%22%3A%22CAQC%22%2C%22reg%22%3A%22%22%2C%22con%22%3A%7B%22CMP%22%3A%7B%22a%22%3A%22%22%2C%22s%22%3A%22%22%2C%22p%22%3A%22%22%2C%22m%22%3A%22%22%7D%7D%2C%22v%22%3A%222.1%22%7D
.lululemonstudio.ca/ Name: _shopify_y
Value: 3bdc2714-c7d5-4faf-b358-b695352f2033
.lululemonstudio.ca/ Name: _shopify_s
Value: 299c07ee-2de8-4ba9-a3ae-d651d96409c9
.lululemonstudio.ca/ Name: _orig_referrer
Value:
.lululemonstudio.ca/ Name: _landing_page
Value: %2F
checkout.lululemonstudio.ca/ Name: receive-cookie-deprecation
Value: 1
.affirm.ca/ Name: _cfuvid
Value: WVuqxGaVrskb0Ld_xYMPOLEhSJqo3h.5ER6IkYq4wqo-1714837121106-0.0.1.1-604800000
.affirm.ca/ Name: tracker_device
Value: cab23514-3b27-4205-931b-08233fcff639
.affirm.ca/ Name: t_v2_s
Value: ImNhYjIzNTE0LTNiMjctNDIwNS05MzFiLTA4MjMzZmNmZjYzOSI.GRfoAQ.15tMi9objCI-m5bBCQyWeoA-z3k
.affirm.ca/ Name: 3060738.3440491
Value: cab23514-3b27-4205-931b-08233fcff639
api-cf.affirm.ca/ Name: session
Value: eyJfcGVybWFuZW50Ijp0cnVlfQ.GRfoAQ.aqLvwmnM1oT43wYRVl6s-t5KnuE
www.lululemonstudio.ca/ Name: tracker_device
Value: cab23514-3b27-4205-931b-08233fcff639
www.lululemonstudio.ca/ Name: mirror_marketingTokens
Value: %7B%7D
.lululemonstudio.ca/ Name: ajs_anonymous_id
Value: 3de27ed0-7174-49fe-a8bf-2e4d55dfdf97
.lululemonstudio.ca/ Name: _gcl_au
Value: 1.1.368602963.1714837124
.lululemonstudio.ca/ Name: _fbp
Value: fb.1.1714837124098.253145084
www.lululemonstudio.ca/ Name: __attentive_id
Value: 727c8b7398634df4b1b602a4deeb21bf
www.lululemonstudio.ca/ Name: _attn_
Value: eyJ1Ijoie1wiY29cIjoxNzE0ODM3MTI0NzU4LFwidW9cIjoxNzE0ODM3MTI0NzU4LFwibWFcIjoyMTkwMCxcImluXCI6ZmFsc2UsXCJ2YWxcIjpcIjcyN2M4YjczOTg2MzRkZjRiMWI2MDJhNGRlZWIyMWJmXCJ9In0=
www.lululemonstudio.ca/ Name: __attentive_cco
Value: 1714837124760
www.lululemonstudio.ca/ Name: __attentive_pv
Value: 1
www.lululemonstudio.ca/ Name: __attentive_ss_referrer
Value: https://checkout.lululemonstudio.ca/
www.lululemonstudio.ca/ Name: __attentive_dv
Value: 1
m.stripe.com/ Name: m
Value: be3b9990-0216-4f8b-99fb-8924661b4196439912
.www.lululemonstudio.ca/ Name: __stripe_mid
Value: cdf1b07a-f234-4cea-8068-797ff6416fbcadc223
.www.lululemonstudio.ca/ Name: __stripe_sid
Value: 5eb49e3a-720e-42ae-a812-9f0dc9452d855d1e64

11 Console Messages

Source Level URL
Text
other warning URL: https://www.lululemonstudio.ca/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.lululemonstudio.ca/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.lululemonstudio.ca/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.lululemonstudio.ca/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.lululemonstudio.ca/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.lululemonstudio.ca/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.lululemonstudio.ca/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
security error URL: https://www.lululemonstudio.ca/_next/static/chunks/main-a75f951d25e88ee6.js(Line 31)
Message:
Refused to connect to 'https://cdn-assets.affirm.com/upfunnel/experiments/axpV2ExperimentList.json' because it violates the following Content Security Policy directive: "connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai".
javascript error URL: https://www.lululemonstudio.ca/_next/static/chunks/main-a75f951d25e88ee6.js(Line 31)
Message:
Refused to connect to 'https://cdn-assets.affirm.com/upfunnel/experiments/axpV2ExperimentList.json' because it violates the document's Content Security Policy.
other warning URL: https://connect.facebook.net/signals/config/365790728635697?v=2.9.155&r=stable&domain=www.lululemonstudio.ca&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105(Line 107)
Message:
Unrecognized feature: 'attribution-reporting'.
other warning URL: https://www.lululemonstudio.ca/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
Strict-Transport-Security max-age=7889238
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api-cf.affirm.ca
api.segment.io
cdn.attn.tv
cdn.kustomerapp.com
cdn.segment.com
cdn1.affirm.ca
checkout.lululemonstudio.ca
connect.facebook.net
d.impactradius-event.com
edge.fullstory.com
events.attentivemobile.com
js.stripe.com
lululemonstudio.ca
mirror-ca.attn.tv
mirrorcanada.com
o251128.ingest.sentry.io
res.cloudinary.com
rs.fullstory.com
shop.app
www.affirm.ca
www.facebook.com
www.googletagmanager.com
www.lululemonstudio.ca
104.18.39.221
104.18.43.135
13.224.207.4
13.224.214.17
13.224.214.62
162.159.140.33
2600:9000:26a0:5c00:1c:9484:cec0:93a1
2606:4700:10::ac43:76b
2606:4700::6812:75b
2606:4700::6813:a741
2607:f8b0:4004:c19::61
2620:127:f00f:e::
2620:127:f00f:ff00::
2a03:2880:f003:c0e:face:b00c:0:3
2a03:2880:f103:83:face:b00c:0:25de
3.161.213.67
34.120.195.249
35.186.194.58
35.186.249.72
35.201.112.186
54.69.251.6
014a2eee6f690770e561bd55c527701d2130db7765c42c08ddb1f511197ed4e4
0379b3a49b2c830f23e2304fd22e616b08cc4a94c731779e098902ced1972f97
04659a7aed58fabd452d5e2366b807334200dfb8ebe0e96772cc6693d1249154
05dae9f297cc19f31afe3b53098189e62607770e6558501ccf58a96b1a77ff6f
07b6b3d899dd69c0e9eb463e23e10e30e82588eddf95d15d45bb505c6703a813
129151ed0140041b198ce3b364a11861a3b5baa5bb60475ebf7bedb9b0fc94d6
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
16ff004c190366bb7eb1d508846eb8a0c2c13b49c9fffe8a01f215ce617f7f3c
1a84684e9bcbe1b415e4efee3f95edf7f6106c9dad5b47a710a1264db511d68f
1cbf584b764b9d798d3618f3a092cedfd3c12a640e4233d1129da24674bda306
24e30cf2d40cc2c5491d52c13154e7e0a505a5ae6e3e21977ed16e024d4542bd
265ac7549793e4b9d51f8ab19acc8518770ace94078790776b3ac34eb47e1bbd
31892c21ae4fb908a875bbe29dbf0df74c2e84171cfbcac23540f3ad8222a35a
3aea1fa2845485b2f56569a9f4274734470fb8bc164677d99f64e6e3f9d0943c
4338750fa2f43cdf25347ae756edeedcafd30b143c02e34ec85c59a9d9571621
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4575dcb8875ca8339c98104a93c76910e92ff796cdf4c981969add0692c00afb
4df53644d1c9fd651ccfd697977eb07d94cd744b0a4997568d67cc25ef44e483
579036ffb483c560da315f3ef7e63ad43c7ef5dedb1cd95e47fe78ca0fe21ef1
611c16d656a5a736dc40453551bee2de4cd6c5ab06fdf3b78f35c299ccf86e7d
638244fac8839d622f612e1d8f74a474fa422c2905380943a567d87b1d34cead
65fbc0d6a7ebfb7fb098c20620d85cb10952c3492dd645988ebbde84eda24451
66dff811fd9f5f4965c70e767392b14b0d1733e51f3cf75622c3ed6c67faa0a8
67bab36d7f31001c4fb77e154c171d143cef2b459b15e38403455cb23ef56593
67cf74fc128846917976d821404b0d9c797977bdd493ba6b0f671700ec1288e7
6a2133b30ca25642f43dab3aae205d29e2981022edf3e1e07609b92c4c802fb1
714e572d89d556563c1364be11abf53243e01bec73dcec44bf812fa77059b385
7276e79c9f3b182f8635969effac5c153a7337c69016c34050a60b605e97a1d0
746b95a55ec0a56a74120fcbba61801fdd50376e6989feecd5943de920e40f41
7c49145d8f516fcd695181edfba284494f1b35e751d9a07c2bab1a6f65a9e567
7caf52de3e6fc20e8cdb4d10dd28cd6f0befc91c5f17513b576235cc34afdecc
80e325718f3ed0f6bfe1bd0a2a5a99d23d71a9da41931b71cc6ba5bdb0f1c0bf
86ec21856d128256e3115601a31e2350c6115885b23bafab415400df74c5889e
8c6b5de616eabf348a1fd3cc8839a6d57670dcdc164c81f690a3ff5b504002d2
8ef02e291be1f7804ae4dd3c30e6395a5fd555b1e07f145f415cdf0075028d18
91db6a7827b1ba906ea4b90d0c733e33e69023766c42cb158a09dc438f66c742
924aebf24af414b12986f4af470b2ac7b61d765897f9e222c0af15805de9ae40
952b06ec483af224baa94586bb7495b727ac0bd114fa154b03ce838f6aa5270c
973978af49041fd39f8354e0ac908867ae9d9d914bfc5246377d733c7c921e04
9c078419ef95c9457c01d7d8f53a600d3682538a54fd86a9dfbeef9d3658c486
9cbf292d35cc8fb17c91e3876798f3ae889146c8ae148e41a94a9fa38a5d98a5
9e86b08a0d8849527cdd52c214c04c1c7e3e151415acf94fdab46c2241ce6252
a3b76111f14dc848b243a4c8a55afe3a50294438f67d81548276c15249371fed
a6469c35e86aa2a57efb2d2f5e0ca4173f73028c5fc78b6faa2a24642498302c
b17b4a5cc840a366a4c006794502f887a316402f781f85e913ac4af19a93fc13
b3a8c929ac8c59664cffbd61440d2b4b3e5c0e36a993fbe7c369020de06fd288
b60265df790b0931fe9124aab39d3b657e554b806f6f04a8fbde19601731704f
bf59fbc839be393148e301eb31970eefa393e95bc7c9745c04f07f6979c9f4c6
d006f4b0cfa518771c8110427114b1810398480b52889c7da5077a38c632a55b
da4ab6947ea5b44c0677dc7973feedc565729d8a80ebd71449afab8f2caafbd0
db432405a21b948e9c297ee67a2452374c0796da6dcf4f801b7a704bd2f09f8a
de8f2ac57087767409b0bb4025e88c1ebb0fd18e0e73144e4ac15997f3350821
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7502e0a0103769fa716c86207f6062fdaf34ad5780c8b18f6bc87fb8bc73698
e91a86b8d8da28eaf681b924b135c3a8ffacb6d51d2affad9d684e708d60a3db
e9d248e116f7d511201f0389e6ac80c7fb7dc61e7344df9c624d4322430ccb95
ec7d43e514448a50475ea114b07035b6bfb8e626112db9a2296beb873ea10492
f3e62d7a630f42116eaf8f1c1586a3c892d2409a99365c2d7d3c85ee6697fd45
f44f88e172fec8c783a0bf8c8b909321388bb984b9f8e45adcd4b2937f01a2fb
f589b180c1064f697c91ac117fafda9aff1c66123a099e82da0b976a09011510
f7337c461409c9b6fe752936376d9f779dc3969777c35254585142fa6f7cd994
f971e914c5f85367f1290c947fcc45e1d0289aaed8c9f053ace1835996a2584b
fcbcf165908dd18a9e49f7ff27810176db8e9f63b4352213741664245224f8aa
ffc787e178bb8cb0508318500fdae3a034ce8c953a9823e5d6bba5d70b34725b