urlscan.io logo urlscan.io
SecurityTrails logo

www.lululemonstudio.ca Open in urlscan Pro
104.18.6.91  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://checkout.lululemonstudio.ca/
Effective URL: https://www.lululemonstudio.ca/
Submission Tags: @phish_report
Submission: On July 03 via api from FI — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 21 IPs in 3 countries across 18 domains to perform 85 HTTP transactions. The main IP is 104.18.6.91, located in and belongs to CLOUDFLARENET, US. The main domain is www.lululemonstudio.ca.
TLS certificate: Issued by WE1 on July 2nd 2024. Valid for: 3 months.
This is the only time www.lululemonstudio.ca was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
14 23.227.38.74 13335 (CLOUDFLAR...)
1 172.67.72.134 13335 (CLOUDFLAR...)
1 1 104.22.72.81 13335 (CLOUDFLAR...)
1 24 104.18.6.91 13335 (CLOUDFLAR...)
1 35.186.249.72 15169 (GOOGLE)
4 172.66.0.33 13335 (CLOUDFLAR...)
1 34.120.195.249 396982 (GOOGLE-CL...)
2 3.162.125.72 16509 (AMAZON-02)
9 99.86.191.237 16509 (AMAZON-02)
2 3.162.125.52 16509 (AMAZON-02)
4 104.17.201.1 13335 (CLOUDFLAR...)
1 35.81.90.104 16509 (AMAZON-02)
2 31.13.66.19 32934 (FACEBOOK)
2 35.201.112.186 396982 (GOOGLE-CL...)
1 172.217.222.97 15169 (GOOGLE)
3 52.85.151.39 16509 (AMAZON-02)
2 52.85.151.31 16509 (AMAZON-02)
1 35.186.194.58 15169 (GOOGLE)
2 157.240.229.35 32934 (FACEBOOK)
2 172.64.144.121 13335 (CLOUDFLAR...)
1 104.18.39.221 13335 (CLOUDFLAR...)
85 21
14    23.227.38.74 (Ottawa, Canada)

ASN13335 (CLOUDFLARENET, US)
PTR: shops.myshopify.com
checkout.lululemonstudio.ca
1    172.67.72.134 (United States)

ASN13335 (CLOUDFLARENET, US)
api.fastbundle.co
1    104.22.72.81 (None, )

ASN13335 (CLOUDFLARENET, US)
mirrorcanada.com
24    104.18.6.91 (None, )

ASN13335 (CLOUDFLARENET, US)
lululemonstudio.ca
www.lululemonstudio.ca
1    35.186.249.72 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 72.249.186.35.bc.googleusercontent.com
d.impactradius-event.com
4    172.66.0.33 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn1.affirm.ca
api-cf.affirm.ca
www.affirm.ca
1    34.120.195.249 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 249.195.120.34.bc.googleusercontent.com
o251128.ingest.sentry.io
2    3.162.125.72 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-162-125-72.iad61.r.cloudfront.net
js.stripe.com
9    99.86.191.237 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-191-237.iad79.r.cloudfront.net
cdn.segment.com
2    3.162.125.52 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-162-125-52.iad61.r.cloudfront.net
js.stripe.com
4    104.17.201.1 (None, )

ASN13335 (CLOUDFLARENET, US)
res.cloudinary.com
1    35.81.90.104 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-81-90-104.us-west-2.compute.amazonaws.com
api.segment.io
2    31.13.66.19 (Ashburn, United States)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-iad3.fbcdn.net
connect.facebook.net
2    35.201.112.186 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 186.112.201.35.bc.googleusercontent.com
edge.fullstory.com
1    172.217.222.97 (United States)

ASN15169 (GOOGLE, US)
PTR: qi-in-f97.1e100.net
www.googletagmanager.com
3    52.85.151.39 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-85-151-39.iad89.r.cloudfront.net
cdn.attn.tv
2    52.85.151.31 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-85-151-31.iad89.r.cloudfront.net
cdn.kustomerapp.com
1    35.186.194.58 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 58.194.186.35.bc.googleusercontent.com
rs.fullstory.com
2    157.240.229.35 (Ashburn, United States)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-02-iad3.facebook.com
www.facebook.com
2    172.64.144.121 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)
mirror-ca.attn.tv
1    104.18.39.221 (None, )

ASN13335 (CLOUDFLARENET, US)
events.attentivemobile.com
Apex Domain
Subdomains		 Transfer
38 lululemonstudio.ca
checkout.lululemonstudio.ca
lululemonstudio.ca
www.lululemonstudio.ca
1 MB
9 segment.com
cdn.segment.com — Cisco Umbrella Rank: 1789
66 KB
5 attn.tv
cdn.attn.tv — Cisco Umbrella Rank: 4592
mirror-ca.attn.tv
44 KB
4 cloudinary.com
res.cloudinary.com — Cisco Umbrella Rank: 3546
109 KB
4 stripe.com
js.stripe.com — Cisco Umbrella Rank: 1638
152 KB
4 affirm.ca
cdn1.affirm.ca — Cisco Umbrella Rank: 248170
api-cf.affirm.ca — Cisco Umbrella Rank: 192383
www.affirm.ca — Cisco Umbrella Rank: 165806
153 KB
3 fullstory.com
edge.fullstory.com — Cisco Umbrella Rank: 2394
rs.fullstory.com — Cisco Umbrella Rank: 2203
77 KB
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 114
4 KB
2 kustomerapp.com
cdn.kustomerapp.com — Cisco Umbrella Rank: 21560
13 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 204
73 KB
1 attentivemobile.com
events.attentivemobile.com — Cisco Umbrella Rank: 4204
334 B
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 81
87 KB
1 segment.io
api.segment.io — Cisco Umbrella Rank: 1325
179 B
1 sentry.io
o251128.ingest.sentry.io
299 B
1 impactradius-event.com
d.impactradius-event.com — Cisco Umbrella Rank: 4429
16 KB
1 mirrorcanada.com
mirrorcanada.com
156 B
1 fastbundle.co
api.fastbundle.co — Cisco Umbrella Rank: 52464 Failed
3 KB
0 shop.app Failed
shop.app Failed
85 18
Domain Requested by
23 www.lululemonstudio.ca checkout.lululemonstudio.ca
www.lululemonstudio.ca
14 checkout.lululemonstudio.ca checkout.lululemonstudio.ca
www.lululemonstudio.ca
9 cdn.segment.com www.lululemonstudio.ca
cdn.segment.com
4 res.cloudinary.com www.lululemonstudio.ca
4 js.stripe.com www.lululemonstudio.ca
js.stripe.com
3 cdn.attn.tv www.googletagmanager.com
cdn.attn.tv
2 mirror-ca.attn.tv www.lululemonstudio.ca
2 www.facebook.com
2 cdn.kustomerapp.com checkout.lululemonstudio.ca
cdn.kustomerapp.com
2 edge.fullstory.com cdn.segment.com
www.lululemonstudio.ca
2 connect.facebook.net cdn.segment.com
connect.facebook.net
2 www.affirm.ca www.lululemonstudio.ca
1 events.attentivemobile.com cdn.attn.tv
1 rs.fullstory.com www.lululemonstudio.ca
1 www.googletagmanager.com cdn.segment.com
1 api.segment.io www.lululemonstudio.ca
1 api-cf.affirm.ca www.lululemonstudio.ca
1 o251128.ingest.sentry.io www.lululemonstudio.ca
1 cdn1.affirm.ca www.lululemonstudio.ca
1 d.impactradius-event.com www.lululemonstudio.ca
1 lululemonstudio.ca 1 redirects
1 mirrorcanada.com 1 redirects
1 api.fastbundle.co checkout.lululemonstudio.ca
0 shop.app Failed checkout.lululemonstudio.ca
85 24
Subject Issuer Validity Valid
checkout.lululemonstudio.ca
R3		 2024-05-04 -
2024-08-02		 3 months crt.sh
fastbundle.co
E1		 2024-06-02 -
2024-08-31		 3 months crt.sh
lululemonstudio.ca
WE1		 2024-07-02 -
2024-09-30		 3 months crt.sh
*.impactradius-event.com
Sectigo RSA Domain Validation Secure Server CA		 2023-12-08 -
2025-01-06		 a year crt.sh
affirm.ca
GTS CA 1P5		 2024-05-18 -
2024-08-16		 3 months crt.sh
ingest.sentry.io
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-11-02 -
2024-12-02		 a year crt.sh
a.stripecdn.com
DigiCert SHA2 Extended Validation Server CA		 2024-06-21 -
2024-09-19		 3 months crt.sh
*.segment.com
Amazon RSA 2048 M03		 2023-11-14 -
2024-12-13		 a year crt.sh
*.cloudinary.com
Go Daddy Secure Certificate Authority - G2		 2024-04-23 -
2025-05-25		 a year crt.sh
*.segment.io
Amazon RSA 2048 M03		 2023-12-13 -
2025-01-11		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2024-04-11 -
2024-07-10		 3 months crt.sh
edge.fullstory.com
WR3		 2024-06-28 -
2024-09-27		 3 months crt.sh
*.google-analytics.com
WR2		 2024-06-13 -
2024-09-05		 3 months crt.sh
*.attn.tv
Amazon RSA 2048 M02		 2024-04-30 -
2025-05-28		 a year crt.sh
*.kustomerapp.com
Amazon RSA 2048 M02		 2023-12-15 -
2025-01-11		 a year crt.sh
rs.fullstory.com
WR3		 2024-06-29 -
2024-09-27		 3 months crt.sh
attn.tv
WE1		 2024-07-02 -
2024-08-01		 a month crt.sh
attentivemobile.com
WE1		 2024-07-02 -
2024-08-01		 a month crt.sh

This page contains 3 frames:

Primary Page: https://www.lululemonstudio.ca/
Frame ID: 226805BACB1152881EEE61A2F08531C5
Requests: 81 HTTP requests in this frame

Frame: https://js.stripe.com/v3/controller-with-preconnect-c9b628599dd7481c62cb7887043b2c22.html
Frame ID: B4C89DE0279D240407C9B8E15F079FA0
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Frame ID: 3E55C8892F30ABFBBAF7FB731D4D7B2E
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

lululemon Studio | 10,000+ Workout Classes

Page URL History Show full URLs

  1. http://checkout.lululemonstudio.ca/ HTTP 307
    https://checkout.lululemonstudio.ca/ Page URL
  2. https://mirrorcanada.com/ HTTP 301
    https://lululemonstudio.ca/ HTTP 301
    https://www.lululemonstudio.ca/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • js\.stripe\.com
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
Overall confidence: 100%
Detected patterns
  • d\.impactradius-event\.com
Overall confidence: 100%
Detected patterns
  • cdn\.segment\.com/analytics\.js

Page Statistics

85
Requests

92 %
HTTPS

0 %
IPv6

18
Domains

24
Subdomains

21
IPs

3
Countries

1868 kB
Transfer

6307 kB
Size

29
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://checkout.lululemonstudio.ca/ HTTP 307
    https://checkout.lululemonstudio.ca/ Page URL
  2. https://mirrorcanada.com/ HTTP 301
    https://lululemonstudio.ca/ HTTP 301
    https://www.lululemonstudio.ca/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://checkout.lululemonstudio.ca/ HTTP 307
  • https://checkout.lululemonstudio.ca/

85 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
checkout.lululemonstudio.ca/
Redirect Chain
  • http://checkout.lululemonstudio.ca/
  • https://checkout.lululemonstudio.ca/
239 KB
53 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://checkout.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
23.227.38.74 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
shops.myshopify.com
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
Strict-Transport-Security max-age=7889238
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
89d7b3ff9f3c33eb-YUL
content-encoding
br
content-language
en
content-security-policy
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
content-type
text/html; charset=utf-8
date
Wed, 03 Jul 2024 14:53:06 GMT
etag
"cacheable:0df170a30365ebe34de1614b9049630b"
link
<https://cdn.shopify.com>; rel="preconnect", <https://cdn.shopify.com>; rel="preconnect"; crossorigin
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
powered-by
Shopify
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jFgkwRWNpxG2Fymprh1dT6TNqJepoBlWmbfuf9TkDXZtcklp%2Fo3MGVWJPQ99pitreYrPmqhsvkNLKX0kFtKsRtN2r6pQcl2dCbhcEs2phFLGp1u7Eko2F%2FjYbGG0G3t%2F7dQGEHr9DUCERIWzjw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
processing;dur=585;desc="gc:164", db;dur=106, fetch;dur=99, parse;dur=3, render;dur=60, wasm, wasmDownload;dur=100, asn;desc="212238", edge;desc="YUL", country;desc="CA", theme;desc="139446452524", pageType;desc="index", servedBy;desc="9tdn", requestID;desc="902bfeb9-f9dc-41d2-885c-782584880015-1720018385" cfRequestDuration;dur=653.999805
strict-transport-security
max-age=7889238
vary
Accept
x-cache
miss
x-content-type-options
nosniff
x-dc
gcp-northamerica-northeast2,gcp-us-central1,gcp-us-central1
x-download-options
noopen
x-frame-options
DENY
x-permitted-cross-domain-policies
none
x-request-id
902bfeb9-f9dc-41d2-885c-782584880015-1720018385
x-shardid
299
x-shopid
69030576428
x-shopify-nginx-no-cookies
0
x-sorting-hat-podid
299
x-sorting-hat-shopid
69030576428
x-storefront-renderer-rendered
1
x-xss-protection
1; mode=block

Redirect headers

Location
https://checkout.lululemonstudio.ca/
Non-Authoritative-Reason
HttpsUpgrades
global.js
checkout.lululemonstudio.ca/cdn/shop/t/1/assets/ 		26 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://checkout.lululemonstudio.ca/cdn/shop/t/1/assets/global.js?v=149496944046504657681670594042
Requested by
Host: checkout.lululemonstudio.ca
URL: https://checkout.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
23.227.38.74 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
shops.myshopify.com
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://checkout.lululemonstudio.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 14:53:06 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-dc
gcp-us-east1,gcp-us-east1
x-permitted-cross-domain-policies
none
server-timing
imagery;dur=183.290, imageryFetch;dur=128.325, cfRequestDuration;dur=272.000074
alt-svc
h3=":443"; ma=86400
content-length
5920
x-xss-protection
1; mode=block
x-sorting-hat-shopid
69030576428
x-request-id
832fac0a-7b45-4cd3-9359-865ea3c7692a-1720018386
last-modified
Wed, 03 Jul 2024 14:53:06 GMT
server
cloudflare
x-shopid
69030576428
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kh1GU3BAjLasgo0EVS%2BDfW5p2GMaCHyaxqYyyWsRqamh4SGQ0i%2F%2FaLoRTSgLAoIqp0YVhZLUd0gMAcahkddHbCjyUpZZ8OYc974ru84gBBoew4XYRf65%2BaAj3e3YorYcftSkZpGlHVXEjIvbKg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31557600
x-download-options
noopen
accept-ranges
bytes
cf-ray
89d7b403fe9f33eb-YUL
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/0690/3057/6428/t/1/assets/global.js>; rel="canonical"
x-sorting-hat-podid
299
preloads.js
checkout.lululemonstudio.ca/checkouts/internal/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://checkout.lululemonstudio.ca/checkouts/internal/preloads.js?locale=en-CA
Requested by
Host: checkout.lululemonstudio.ca
URL: https://checkout.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
23.227.38.74 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
shops.myshopify.com
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=7889238
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://checkout.lululemonstudio.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 14:53:06 GMT
strict-transport-security
max-age=7889238
x-content-type-options
nosniff
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies
none
content-encoding
br
server-timing
cfRequestDuration;dur=203.999996
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
server
cloudflare
x-shopid
69030576428
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8u55FOvhV%2FrkdVbdW0Jbsc3GpgozO1BRlMluQYLI1RhUoOvR66gVLbaCOS%2BOkdDx5C%2FlHDUC3NS9xtaXZ3%2F7qtfo4kRcoURyrP6xfjGpZO5WOIFiCq8HrUOR44okwFxsCRKSeYbwPX%2FwzEy0gw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; encoding=utf-8
access-control-allow-origin
*
x-download-options
noopen
cache-control
no-store, no-cache, must-revalidate
timing-allow-origin
*
cf-ray
89d7b403fea333eb-YUL
preloads.js
shop.app/checkouts/internal/ 		0
0
load_feature-9f951eb7d8d53973c719de211f807d63af81c644e5b9a6ae72661ac408d472f6.js
checkout.lululemonstudio.ca/cdn/shopifycloud/shopify/assets/storefront/ 		0
0
features-1c0b396bd4d054b94abae1eb6a1bd6ba47beb35525c57a217c77a862ff06d83f.js
checkout.lululemonstudio.ca/cdn/shopifycloud/shopify/assets/storefront/ 		0
0
scripts.js
checkout.lululemonstudio.ca/cdn/shop/t/1/compiled_assets/ 		0
0
base.css
checkout.lululemonstudio.ca/cdn/shop/t/1/assets/ 		0
0
assistant_n4.bcd3d09dcb631dec5544b8fb7b154ff234a44630.woff2
checkout.lululemonstudio.ca/cdn/fonts/assistant/ 		17 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://checkout.lululemonstudio.ca/cdn/fonts/assistant/assistant_n4.bcd3d09dcb631dec5544b8fb7b154ff234a44630.woff2?h1=bHVsdWxlbW9uLXN0dWRpby1jYW5hZGEtcHJvZHVjdGlvbi5hY2NvdW50Lm15c2hvcGlmeS5jb20&h2=Y2hlY2tvdXQubWlycm9yY2FuYWRhLmNvbQ&h3=Y2hlY2tvdXQubHVsdWxlbW9uc3R1ZGlvLmNh&hmac=6ba5889a5263d9138fcc77860c3080bf5a1a6fca328b2f1b6552899c0b797fb6
Requested by
Host: checkout.lululemonstudio.ca
URL: https://checkout.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
23.227.38.74 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
shops.myshopify.com
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://checkout.lululemonstudio.ca/
Origin
https://checkout.lululemonstudio.ca
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 14:53:06 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies
none
x-dc
gcp-us-east1,gcp-us-central1
age
1749051
server-timing
imagery;dur=38.359, imageryFetch;dur=37.861, cfRequestDuration;dur=13.000011, ipv6, cfRequestDuration;dur=65.000057
alt-svc
h3=":443"; ma=86400
content-length
17000
x-xss-protection
1; mode=block
x-request-id
4f5a68fd-ef34-4c11-80a3-52865c76009d-1718269334
last-modified
Thu, 13 Jun 2024 09:02:14 GMT
server
cloudflare
x-download-options
noopen
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9kIB86u2CG7Bfv2uF9L6%2FPp5ecYy%2BfTI8TvVWwtSUNO5XUPqaV5ShMmsVqthZKoWVpViu1yjdxP7ixORacrX36hAYOTds2DxXbNxz12en%2B08e1zEM445GjtVy7PjMEfR2YpJVX1tlv9C7lN4%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=2629800, immutable
accept-ranges
bytes
cf-ray
89d7b403fe9e33eb-YUL
timing-allow-origin
*
main.min.js
api.fastbundle.co/react-src/static/js/ 		0
0
main.min.css
api.fastbundle.co/react-src/static/css/ 		12 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://api.fastbundle.co/react-src/static/css/main.min.css?rgn=889701
Requested by
Host: checkout.lululemonstudio.ca
URL: https://checkout.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.72.134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://checkout.lululemonstudio.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 14:53:06 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Wed, 03 Jul 2024 13:04:56 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"66854c78-31e8"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=deVbyMDaXiWbjUOPGP7kSoY3QnkIEtTtNExdrQcIPiO1KMhhV79KYdhsu2QEtfmmscJCTWpSTpc4mABhYDkUpC79ifPAuEV05f5hcrBuItocSXuq8Egtab0PPRk3xt%2F1i73X"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
89d7b4043de1ab76-YYZ
cart.js
api.fastbundle.co/scripts/ 		0
0
Primary Request /
www.lululemonstudio.ca/
Redirect Chain
  • https://mirrorcanada.com/
  • https://lululemonstudio.ca/
  • https://www.lululemonstudio.ca/
35 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.lululemonstudio.ca/
Requested by
Host: checkout.lululemonstudio.ca
URL: https://checkout.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.6.91 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e289fcd0035898060454821d7f520d2d48d6fb5c7fde5dc30d643f0c0df4d807
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
https://checkout.lululemonstudio.ca/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

age
78822
cf-cache-status
DYNAMIC
cf-ray
89d7b4054fac3a00-YYZ
content-encoding
gzip
content-security-policy
default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
content-type
text/html
date
Wed, 03 Jul 2024 14:53:06 GMT
last-modified
Thu, 27 Jun 2024 14:49:57 GMT
permissions-policy
geolocation=(self)
referrer-policy
same-origin
server
cloudflare
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Accept-Encoding
via
1.1 aae20db21c50ea4a322cf21a1aa201b4.cloudfront.net (CloudFront)
x-amz-cf-id
t2akr62rcdhgi3MOhp73JVQZhYTTMi2deTik_6CYaLbFXuxQC6SeEw==
x-amz-cf-pop
ORD56-P6
x-cache
Hit from cloudfront
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block

Redirect headers

cache-control
max-age=3600
cf-ray
89d7b4050f6c3a00-YYZ
content-length
167
content-type
text/html
date
Wed, 03 Jul 2024 14:53:06 GMT
expires
Wed, 03 Jul 2024 15:53:06 GMT
location
https://www.lululemonstudio.ca/
server
cloudflare
vary
Accept-Encoding
0970f143af1e3323.css
www.lululemonstudio.ca/_next/static/css/ 		118 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.lululemonstudio.ca/_next/static/css/0970f143af1e3323.css
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.6.91 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
04659a7aed58fabd452d5e2366b807334200dfb8ebe0e96772cc6693d1249154
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.lululemonstudio.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 14:53:06 GMT
via
1.1 2cf47d29654db45db9bba43a6d5a68e0.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
cf-cache-status
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
YTO50-P1
age
86
content-encoding
gzip
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 25 Apr 2024 17:14:41 GMT
server
cloudflare
etag
W/"ce68b1c2b590237a8f302b109dc30b62"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/css
cache-control
public, max-age=14400
permissions-policy
geolocation=(self)
cf-ray
89d7b405f8633a00-YYZ
x-amz-cf-id
DeZFEiQoeapSnpxLvOWYOyoHDMQojCFBblZwsjnu81UWjYGT8CXQoA==
expires
Wed, 03 Jul 2024 18:53:06 GMT
webpack-fceaccc3a3cfb340.js
www.lululemonstudio.ca/_next/static/chunks/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.lululemonstudio.ca/_next/static/chunks/webpack-fceaccc3a3cfb340.js
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.6.91 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7c49145d8f516fcd695181edfba284494f1b35e751d9a07c2bab1a6f65a9e567
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.lululemonstudio.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 14:53:06 GMT
via
1.1 c5670948bece41c6bb9df947cb650b7e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
cf-cache-status
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
YTO50-P1
age
86
content-encoding
gzip
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 25 Apr 2024 17:14:41 GMT
server
cloudflare
etag
W/"6da28f7cda695bf5de293ffd2dd0255c"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/javascript
cache-control
public, max-age=14400
permissions-policy
geolocation=(self)
cf-ray
89d7b405f8653a00-YYZ
x-amz-cf-id
YenPQHStQBqCkyIOMoOXYJzmuKomZT9EcYJWDQdPUxSnlvl7qE63cg==
expires
Wed, 03 Jul 2024 18:53:06 GMT
framework-1f2116cc6e84ff0a.js
www.lululemonstudio.ca/_next/static/chunks/ 		138 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.lululemonstudio.ca/_next/static/chunks/framework-1f2116cc6e84ff0a.js
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.6.91 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f971e914c5f85367f1290c947fcc45e1d0289aaed8c9f053ace1835996a2584b
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.lululemonstudio.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 14:53:06 GMT
via
1.1 b46ea00af935bf6290d93c76c66e0c8e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
cf-cache-status
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
YUL62-P2
age
86
content-encoding
gzip
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 25 Apr 2024 17:14:40 GMT
server
cloudflare
etag
W/"644a28122d6e2c0b1111269f2eb4b4b8"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/javascript
cache-control
public, max-age=14400
permissions-policy
geolocation=(self)
cf-ray
89d7b40638a83a00-YYZ
x-amz-cf-id
dccMHMU_0EP-MUIF2oMblEyRCUg6Q0iKHpy6lwiV__lgAuByjUP6Rg==
expires
Wed, 03 Jul 2024 18:53:06 GMT
main-bdb5b6b4256f375d.js
www.lululemonstudio.ca/_next/static/chunks/ 		316 KB
97 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.lululemonstudio.ca/_next/static/chunks/main-bdb5b6b4256f375d.js
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.6.91 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aff223626e220bb12d8ef0d64e9f9115d47e418f14846c9bdc6a42207515246c
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.lululemonstudio.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 14:53:06 GMT
via
1.1 1093497011694314ff008667ee2636c0.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
cf-cache-status
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
YTO50-P1
age
86
content-encoding
gzip
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 27 Jun 2024 14:49:55 GMT
server
cloudflare
etag
W/"8acf74f3ec88207e26b4b471e979e737"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/javascript
cache-control
public, max-age=14400
permissions-policy
geolocation=(self)
cf-ray
89d7b40638ab3a00-YYZ
x-amz-cf-id
AhVDWAgsBSh04s1imQIIAJMZuRiRe3TFgdk0qLSdsYbh7W93XL3QNA==
expires
Wed, 03 Jul 2024 18:53:06 GMT
_app-f828560b4c1cf708.js
www.lululemonstudio.ca/_next/static/chunks/pages/ 		651 KB
167 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.lululemonstudio.ca/_next/static/chunks/pages/_app-f828560b4c1cf708.js
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.6.91 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2b866cd31cb4e4919fc0014d7ac0467f8b54f15164ea55e7da8a13d79aa21ddd
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.lululemonstudio.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 14:53:06 GMT
via
1.1 d64e73a7e708de06492b99c7e55873b6.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
cf-cache-status
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
YUL62-P2
age
86
content-encoding
gzip
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 06 Jun 2024 18:10:53 GMT
server
cloudflare
etag
W/"df4d66f523565e512c6a055a885bc279"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/javascript
cache-control
public, max-age=14400
permissions-policy
geolocation=(self)
cf-ray
89d7b40638ad3a00-YYZ
x-amz-cf-id
l3tUR4Xpd1ThOEDBm8SHJPK_lrqlYuASC83GDzkhIcEF6gW_YjpxWg==
expires
Wed, 03 Jul 2024 18:53:06 GMT
1f803228-8055ddc314b2f460.js
www.lululemonstudio.ca/_next/static/chunks/ 		807 KB
226 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.lululemonstudio.ca/_next/static/chunks/1f803228-8055ddc314b2f460.js
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.6.91 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
16ff004c190366bb7eb1d508846eb8a0c2c13b49c9fffe8a01f215ce617f7f3c
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.lululemonstudio.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 14:53:06 GMT
via
1.1 72620161c44640062c801bfda3ae46f2.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
cf-cache-status
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
YUL62-P2
age
86
content-encoding
gzip
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 06 Jun 2024 18:10:53 GMT
server
cloudflare
etag
W/"b7a13fc5a795acc3e686ac6c5b4782eb"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/javascript
cache-control
public, max-age=14400
permissions-policy
geolocation=(self)
cf-ray
89d7b40638af3a00-YYZ
x-amz-cf-id
mZItPXXyVQUuEAhS2h2EgUjBR4JPjozIb8CLdCgnYoW3kzausfODag==
expires
Wed, 03 Jul 2024 18:53:06 GMT
270-133f922eb147b62b.js
www.lululemonstudio.ca/_next/static/chunks/ 		275 KB
85 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.lululemonstudio.ca/_next/static/chunks/270-133f922eb147b62b.js
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.6.91 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
76295d9581aaf7a383a5b58602be57b3465de8b544bf67cb5d88b49ca4a6320c
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.lululemonstudio.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 14:53:06 GMT
via
1.1 e2bc53c67d7a4b6beae25c798d638b10.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
cf-cache-status
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
YUL62-P2
age
86
content-encoding
gzip
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 06 Jun 2024 18:10:53 GMT
server
cloudflare
etag
W/"4c9cf18bd761aed0f2d83dd92451bc76"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/javascript
cache-control
public, max-age=14400
permissions-policy
geolocation=(self)
cf-ray
89d7b40638b03a00-YYZ
x-amz-cf-id
krQfnMnoZWSHycRxhSfjltE_wBk3NxklvHJkm-xUwo2NEvsyj-qt9Q==
expires
Wed, 03 Jul 2024 18:53:06 GMT
193-b5a4b41ec5cffe08.js
www.lululemonstudio.ca/_next/static/chunks/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.lululemonstudio.ca/_next/static/chunks/193-b5a4b41ec5cffe08.js
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.6.91 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4575dcb8875ca8339c98104a93c76910e92ff796cdf4c981969add0692c00afb
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.lululemonstudio.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 14:53:06 GMT
content-encoding
gzip
via
1.1 764453ad26f42978656c5c159a3b32ce.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
HIT
content-security-policy
default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
x-amz-cf-pop
YUL62-P2
age
86
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Wed, 21 Feb 2024 05:42:30 GMT
server
cloudflare
etag
W/"1e3625610ede7b7671764651bb300bae"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/javascript
cache-control
public, max-age=14400
permissions-policy
geolocation=(self)
cf-ray
89d7b40638b13a00-YYZ
x-amz-cf-id
RXR4j32aC-bEEZHYuCoKPijYjGhGqGaURg6Nn2lVyMV5y9R3t7TXhQ==
expires
Wed, 03 Jul 2024 18:53:06 GMT
226-be8fda2ea1524e58.js
www.lululemonstudio.ca/_next/static/chunks/ 		159 KB
48 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.lululemonstudio.ca/_next/static/chunks/226-be8fda2ea1524e58.js
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.6.91 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b3a8c929ac8c59664cffbd61440d2b4b3e5c0e36a993fbe7c369020de06fd288
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.lululemonstudio.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 14:53:07 GMT
content-encoding
gzip
via
1.1 72620161c44640062c801bfda3ae46f2.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
HIT
content-security-policy
default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
x-amz-cf-pop
YUL62-P2
age
87
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-cache
RefreshHit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Wed, 21 Feb 2024 05:42:31 GMT
server
cloudflare
etag
W/"0a1db2163ea9aa60d4fbc512d21259a8"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/javascript
cache-control
public, max-age=14400
permissions-policy
geolocation=(self)
cf-ray
89d7b40668e93a00-YYZ
x-amz-cf-id
ONhQsMgwE4LZNE-jNxDkhJ_tjyowRTNw6ST68PMoHay9OXWAFBzVNA==
expires
Wed, 03 Jul 2024 18:53:07 GMT
106-d6ad48a8566b8d90.js
www.lululemonstudio.ca/_next/static/chunks/ 		103 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.lululemonstudio.ca/_next/static/chunks/106-d6ad48a8566b8d90.js
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.6.91 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
24e30cf2d40cc2c5491d52c13154e7e0a505a5ae6e3e21977ed16e024d4542bd
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.lululemonstudio.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 14:53:07 GMT
via
1.1 4afe58622c53f3abab57af35bd692fb4.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
cf-cache-status
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
YUL62-P2
age
87
content-encoding
gzip
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 25 Apr 2024 17:14:40 GMT
server
cloudflare
etag
W/"e92702c7df5c16d939693b84dc3ba000"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/javascript
cache-control
public, max-age=14400
permissions-policy
geolocation=(self)
cf-ray
89d7b406b92b3a00-YYZ
x-amz-cf-id
oJ7LqkRX3uXon9qpuwTNJurCLGip3i1I96lGWdqms0fF1yJqDwzGYQ==
expires
Wed, 03 Jul 2024 18:53:07 GMT
273-8c61d413800ae76c.js
www.lululemonstudio.ca/_next/static/chunks/ 		147 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.lululemonstudio.ca/_next/static/chunks/273-8c61d413800ae76c.js
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.6.91 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
61140c1682991b3e5389a6d118010c3dceb880670d9549012fda12ff4eea56e3
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.lululemonstudio.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 14:53:07 GMT
via
1.1 c5670948bece41c6bb9df947cb650b7e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
cf-cache-status
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
YTO50-P1
age
87
content-encoding
gzip
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 06 Jun 2024 18:10:53 GMT
server
cloudflare
etag
W/"acc748f2c8a08e56df9f80ee57b6e2ed"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/javascript
cache-control
public, max-age=14400
permissions-policy
geolocation=(self)
cf-ray
89d7b406b93a3a00-YYZ
x-amz-cf-id
OZ9I_iX02iH1Ymrt4vVUhxUamuqC-DIvOHiYwDh8-BnNEWCFEUNEOw==
expires
Wed, 03 Jul 2024 18:53:07 GMT
758-9e88cc8cfcb4e906.js
www.lululemonstudio.ca/_next/static/chunks/ 		513 KB
116 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.lululemonstudio.ca/_next/static/chunks/758-9e88cc8cfcb4e906.js
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.6.91 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a6469c35e86aa2a57efb2d2f5e0ca4173f73028c5fc78b6faa2a24642498302c
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.lululemonstudio.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 14:53:07 GMT
via
1.1 24c2a7b3c7e677d544aa5e2a7eb85b4e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
cf-cache-status
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
YUL62-P2
age
87
content-encoding
gzip
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 25 Apr 2024 17:14:40 GMT
server
cloudflare
etag
W/"348c78da2ecacd7024a05d715a036608"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/javascript
cache-control
public, max-age=14400
permissions-policy
geolocation=(self)
cf-ray
89d7b406c9403a00-YYZ
x-amz-cf-id
tDR-UxC-FBZKnBi4q54joHISiFsoCMKTpcP6YtMSQrdSxcNxODyVSQ==
expires
Wed, 03 Jul 2024 18:53:07 GMT
index-81de6f226806e551.js
www.lululemonstudio.ca/_next/static/chunks/pages/ 		900 B
796 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.lululemonstudio.ca/_next/static/chunks/pages/index-81de6f226806e551.js
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.6.91 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
952352fe3321370ea924646c4d7da089ce9e856f5bb11155c206e4bcd81537a1
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.lululemonstudio.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 14:53:07 GMT
via
1.1 2080aae7ace369c71819923852e1b17e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
cf-cache-status
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
YUL62-P2
age
87
content-encoding
gzip
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 06 Jun 2024 18:10:54 GMT
server
cloudflare
etag
W/"856580a67be8bedf45507f9f9e455ab4"
x-frame-options
DENY
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=14400
permissions-policy
geolocation=(self)
cf-ray
89d7b406c9453a00-YYZ
x-amz-cf-id
SyXolwqe1wRKfcHWA_WTSY4CBszhNVTpQuNpO7LzgFhGkNBF5bpUEQ==
expires
Wed, 03 Jul 2024 18:53:07 GMT
_buildManifest.js
www.lululemonstudio.ca/_next/static/odLDzK2-K94FBZq-PS8H4/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.lululemonstudio.ca/_next/static/odLDzK2-K94FBZq-PS8H4/_buildManifest.js
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.6.91 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1d0667e54a00f30645b5868bd2449847bf81b6ea71359aba4131297242a8c527
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.lululemonstudio.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 14:53:07 GMT
via
1.1 9b2dd59575ce5b546a63dbe37a7ae2de.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
cf-cache-status
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
YTO50-P1
age
87
content-encoding
gzip
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 27 Jun 2024 14:49:56 GMT
server
cloudflare
etag
W/"105112be0bf46ecdfa04ae08131abf3d"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/javascript
cache-control
public, max-age=14400
permissions-policy
geolocation=(self)
cf-ray
89d7b406c9473a00-YYZ
x-amz-cf-id
in4-EX6QDwZ8ZzXZU-6ffYqlxvGqTcubZxryR2qU4QOX0Dscb4KxQA==
expires
Wed, 03 Jul 2024 18:53:07 GMT
_ssgManifest.js
www.lululemonstudio.ca/_next/static/odLDzK2-K94FBZq-PS8H4/ 		422 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.lululemonstudio.ca/_next/static/odLDzK2-K94FBZq-PS8H4/_ssgManifest.js
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.6.91 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
80e325718f3ed0f6bfe1bd0a2a5a99d23d71a9da41931b71cc6ba5bdb0f1c0bf
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.lululemonstudio.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 14:53:07 GMT
via
1.1 a7adea6a626ffc779dc26bac2782f042.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
cf-cache-status
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
YUL62-P2
age
87
content-encoding
gzip
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 27 Jun 2024 14:49:56 GMT
server
cloudflare
etag
W/"b07fa05f3a864de4dd5c4fec69007269"
x-frame-options
DENY
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=14400
permissions-policy
geolocation=(self)
cf-ray
89d7b406e95a3a00-YYZ
x-amz-cf-id
lbIPkU8rIkt3Ra1Z80d9tY4MzfOFGr-w7Vjarkfq5JItbQGAguRPew==
expires
Wed, 03 Jul 2024 18:53:07 GMT
A1455831-7b56-45b2-abf0-b30550f6c0de1.js
d.impactradius-event.com/ 		39 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d.impactradius-event.com/A1455831-7b56-45b2-abf0-b30550f6c0de1.js
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.249.72 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
72.249.186.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
4338750fa2f43cdf25347ae756edeedcafd30b143c02e34ec85c59a9d9571621

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 14:53:06 GMT
content-encoding
gzip
age
1
x-guploader-uploadid
ACJd0NruyQs7Ubwd5SJycd7G4mV445rCDytKqaeEA7CDDj7RrZ4vps_XO59xi2HkqZPogtpO3Es
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15802
last-modified
Fri, 22 Mar 2024 16:27:14 GMT
server
UploadServer
etag
"3eba4bfc9ae9a373b383a27aaf5bd4e4"
vary
Accept-Encoding
x-goog-generation
1711124834014055
x-goog-hash
crc32c=qKy1uA==, md5=PrpL/Jrpo3Ozg6J6r1vU5A==
access-control-allow-origin
*
content-type
text/javascript; charset=utf-8
cache-control
public,max-age=900,s-maxage=300
x-goog-stored-content-length
15802
accept-ranges
bytes
expires
Wed, 03 Jul 2024 14:58:06 GMT
affirm.js
cdn1.affirm.ca/js/v2/ 		673 KB
152 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn1.affirm.ca/js/v2/affirm.js
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.66.0.33 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5a2eefae024aa225bafa843e5b5a702b795eae8543ebf10c5839f3bbdc6c8fd4
Security Headers
Name Value
Strict-Transport-Security max-age=31557600; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 14:53:06 GMT
strict-transport-security
max-age=31557600; includeSubDomains
content-encoding
br
cf-cache-status
HIT
age
180
x-envoy-upstream-service-time
1431
x-affirm-cache-status
HIT
x-affirm-request-id
6fc13556-aa77-4874-c86d-c7ff3c1d8586
last-modified
Wed, 03 Jul 2024 11:43:27 GMT
server
cloudflare
etag
W/"7cdef376b564f6399ae24f0b3886ec3e"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=300
timing-allow-origin
*
link
<https://cdn1.affirm.ca>; rel=preconnect; crossorigin, <https://cdn1.affirm.ca>; rel=preconnect, <https://cdn-assets.affirm.com>; rel=preconnect; crossorigin, <https://cdn-assets.affirm.com>; rel=preconnect, <https://cdnjs.cloudflare.com>; rel=preconnect; crossorigin, <https://cdnjs.cloudflare.com>; rel=preconnect
cf-ray
89d7b4068a99aaaa-YYZ
expires
Wed, 03 Jul 2024 14:58:06 GMT
/
o251128.ingest.sentry.io/api/4504572996419584/envelope/ 		2 B
299 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://o251128.ingest.sentry.io/api/4504572996419584/envelope/?sentry_key=98b0f0c98b27437e9b0118e221e2f539&sentry_version=7&sentry_client=sentry.javascript.nextjs%2F7.34.0
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/_next/static/chunks/main-bdb5b6b4256f375d.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
249.195.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://www.lululemonstudio.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 03 Jul 2024 14:53:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 google
server
nginx
vary
origin,access-control-request-method,access-control-request-headers
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
x-sentry-error,x-sentry-rate-limits,retry-after
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
v3
js.stripe.com/ 		619 KB
152 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/_next/static/chunks/pages/_app-f828560b4c1cf708.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.125.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-125-72.iad61.r.cloudfront.net
Software
Cloudfront /
Resource Hash
676d33bdcc1ce8919249566c6dd5f42e3ffc68469e50fce0ed8634efd9f5743d
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 14:52:49 GMT
content-encoding
br
via
1.1 412b51478c24c00d9c9185312b00ffd0.cloudfront.net (CloudFront)
strict-transport-security
max-age=31556926; includeSubDomains; preload
x-content-type-options
nosniff
age
19
x-amz-cf-pop
IAD61-P3
x-cache
Hit from cloudfront
last-modified
Tue, 02 Jul 2024 21:49:00 GMT
server
Cloudfront
etag
W/"d648a4d92267ef274fa4bbdb905d40a9"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=60
timing-allow-origin
*
x-amz-cf-id
UWjVIeZZP56YELsE8e63R16nEkpSm2s3Bi1Mc-oII1kOnQeRVHi9hw==
touch_track
api-cf.affirm.ca/api/v2/session/ 		46 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api-cf.affirm.ca/api/v2/session/touch_track
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/_next/static/chunks/main-bdb5b6b4256f375d.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.66.0.33 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
93556cb372c7b9880be87263655939373433a91ea0db753747f5d8cba2faf51c
Security Headers
Name Value
Strict-Transport-Security max-age=31557600; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 14:53:07 GMT
content-encoding
gzip
strict-transport-security
max-age=31557600; includeSubDomains
cf-cache-status
DYNAMIC
affirm-axp-override
x-envoy-upstream-service-time
17
x-affirm-cache-status
MISS
x-affirm-request-id
bb545a8a-cfdd-4e10-ce0f-cd47b2d855a6
server
cloudflare
access-control-max-age
86400
vary
Accept-Encoding,Origin, Cookie
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
https://www.lululemonstudio.ca
content-type
application/json
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-affirm-endpoint-name
/api/v2/session/touch_track
affirm-chameleon-profile-id
cf-ray
89d7b407bbb2aaaa-YYZ
access-control-allow-headers
Accept, Content-Type, X-Requested-With
cookie_sent
www.affirm.ca/api/v2/ 		22 B
220 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.affirm.ca/api/v2/cookie_sent
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/_next/static/chunks/main-bdb5b6b4256f375d.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.66.0.33 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
924aebf24af414b12986f4af470b2ac7b61d765897f9e222c0af15805de9ae40
Security Headers
Name Value
Strict-Transport-Security max-age=31557600; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept
application/json
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 14:53:07 GMT
content-encoding
gzip
strict-transport-security
max-age=31557600; includeSubDomains
cf-cache-status
HIT
age
81
affirm-axp-override
x-envoy-upstream-service-time
6
x-affirm-cache-status
MISS
x-affirm-request-id
82502886-5b98-4b7d-cbf8-50c7b91577f1
last-modified
Wed, 03 Jul 2024 14:51:46 GMT
server
cloudflare
vary
Accept-Encoding,cookie, Origin,Origin
access-control-allow-methods
GET, OPTIONS
content-type
application/json
access-control-allow-origin
https://www.lululemonstudio.ca
x-affirm-endpoint-name
/api/v2/cookie_sent
cache-control
max-age=3600
access-control-allow-credentials
true
access-control-max-age
86400
affirm-chameleon-profile-id
cf-ray
89d7b407fbe5aaaa-YYZ
access-control-allow-headers
Accept, Content-Type, X-Requested-With
integrations
cdn.segment.com/v1/projects/yak13J4DdLsAf2uEvYFgQi0CTMTvN1KJ/ 		3 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/v1/projects/yak13J4DdLsAf2uEvYFgQi0CTMTvN1KJ/integrations
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/_next/static/chunks/main-bdb5b6b4256f375d.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.191.237 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-191-237.iad79.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7caf52de3e6fc20e8cdb4d10dd28cd6f0befc91c5f17513b576235cc34afdecc

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
yTEpTlrQfrQphyAH_GaapSsEHTyxarJK
content-encoding
br
via
1.1 9edb8d9b9614520133cf2257f302ebaa.cloudfront.net (CloudFront)
date
Wed, 03 Jul 2024 14:48:48 GMT
x-amz-cf-pop
IAD79-C3
age
260
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Thu, 04 Jan 2024 18:27:02 GMT
server
AmazonS3
etag
W/"6adbef88cb33ee221bb55009e150f488"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=10800
vary
Accept-Encoding
x-amz-cf-id
-HujYQzbSChwLHm2mMY6YePGbslCSgSCVHHDTdmFhQ1WTg8koBZ7mA==
controller-with-preconnect-c9b628599dd7481c62cb7887043b2c22.html
js.stripe.com/v3/ Frame B4C8 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/controller-with-preconnect-c9b628599dd7481c62cb7887043b2c22.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.125.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-125-52.iad61.r.cloudfront.net
Software
Cloudfront /
Resource Hash
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
19
cache-control
max-age=60, stale-while-revalidate=900
content-length
651
content-security-policy
base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Wed, 03 Jul 2024 14:52:51 GMT
etag
"c9b628599dd7481c62cb7887043b2c22"
last-modified
Tue, 02 Jul 2024 21:10:26 GMT
server
Cloudfront
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 91e0db6ff3a77218c7993c4fa2b04cf6.cloudfront.net (CloudFront)
x-amz-cf-id
oFY7kU6m0okpXSnkjSHzbf0abyQLwDV7ReVCX7Yq0H7z8tVnBSNS4w==
x-amz-cf-pop
IAD61-P3
x-cache
Hit from cloudfront
x-content-type-options
nosniff
cookie_sent
www.affirm.ca/api/v2/ 		22 B
109 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.affirm.ca/api/v2/cookie_sent
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/_next/static/chunks/main-bdb5b6b4256f375d.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.66.0.33 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
924aebf24af414b12986f4af470b2ac7b61d765897f9e222c0af15805de9ae40
Security Headers
Name Value
Strict-Transport-Security max-age=31557600; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept
application/json
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 14:53:07 GMT
content-encoding
gzip
strict-transport-security
max-age=31557600; includeSubDomains
cf-cache-status
HIT
age
81
affirm-axp-override
x-envoy-upstream-service-time
6
x-affirm-cache-status
MISS
x-affirm-request-id
82502886-5b98-4b7d-cbf8-50c7b91577f1
last-modified
Wed, 03 Jul 2024 14:51:46 GMT
server
cloudflare
vary
Accept-Encoding,cookie, Origin,Origin
access-control-allow-methods
GET, OPTIONS
content-type
application/json
access-control-allow-origin
https://www.lululemonstudio.ca
x-affirm-endpoint-name
/api/v2/cookie_sent
cache-control
max-age=3600
access-control-allow-credentials
true
access-control-max-age
86400
affirm-chameleon-profile-id
cf-ray
89d7b4093cf0aaaa-YYZ
access-control-allow-headers
Accept, Content-Type, X-Requested-With
Calibre-Regular.woff2
www.lululemonstudio.ca/fonts/ 		20 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.lululemonstudio.ca/fonts/Calibre-Regular.woff2
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/_next/static/css/0970f143af1e3323.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.6.91 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
67cf74fc128846917976d821404b0d9c797977bdd493ba6b0f671700ec1288e7
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.lululemonstudio.ca/_next/static/css/0970f143af1e3323.css
Origin
https://www.lululemonstudio.ca
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 14:53:07 GMT
via
1.1 1005873908b937da8d6e408eda0fb9e0.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
cf-cache-status
REVALIDATED
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
YTO50-P1
x-cache
Miss from cloudfront
content-length
20968
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 25 Apr 2024 17:14:42 GMT
server
cloudflare
etag
"1515d79ba1be4b3a7941247503938731"
x-frame-options
DENY
vary
Accept-Encoding
content-type
font/woff2
cache-control
public, max-age=14400
permissions-policy
geolocation=(self)
accept-ranges
bytes
cf-ray
89d7b4093b563a00-YYZ
x-amz-cf-id
bBN7Yt7CsIt8ahGpsaDiqQjRavzS-fqHfExw_DmV9stTal0mm7jKPQ==
expires
Wed, 03 Jul 2024 18:53:07 GMT
analytics.min.js
cdn.segment.com/analytics.js/v1/yak13J4DdLsAf2uEvYFgQi0CTMTvN1KJ/ 		103 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics.js/v1/yak13J4DdLsAf2uEvYFgQi0CTMTvN1KJ/analytics.min.js
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.191.237 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-191-237.iad79.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9e9c227133e054d03eb9712707f65dd97dbd6bb0bdc61959dcd91735faef33e2

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
E1Rb9UBLd.5D5Bg4CNdK8HNNPeNUcRlM
content-encoding
br
via
1.1 3ebe5e903d733a5e00724b1dfdba02bc.cloudfront.net (CloudFront)
date
Wed, 03 Jul 2024 14:53:08 GMT
x-amz-cf-pop
IAD79-C3
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Thu, 30 May 2024 17:49:59 GMT
server
AmazonS3
etag
W/"aa00b505954e0e070faf6b07ab9eefbf"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=120
vary
Accept-Encoding
x-amz-cf-id
YostNpRaMtWhgbm8Y5PpESJkbRqj50wfEMaAIrn5Zrqes7IReidLSA==
graphql
checkout.lululemonstudio.ca/api/2022-10/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://checkout.lululemonstudio.ca/api/2022-10/graphql
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.74 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
shops.myshopify.com
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-sdk-variant,x-sdk-version,x-shopify-storefront-access-token
Access-Control-Request-Method
POST
Origin
https://www.lululemonstudio.ca
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Authorization, Content-Type, X-SDK-Variant, X-SDK-Variant-Source, X-SDK-Version, X-Shopify-Storefront-Access-Token, Shopify-Storefront-Private-Token, Shopify-Storefront-Buyer-IP, Shopify-Storefront-Id, Shopify-Storefront-S, Shopify-Storefront-Y, Shopify-Storefront-Extension-Token, Custom-Storefront-Request-Group-ID, shopify-core-canary
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-max-age
86400
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
89d7b40a2f774bb9-YUL
content-encoding
gzip
content-security-policy
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
content-type
text/html; charset=utf-8
date
Wed, 03 Jul 2024 14:53:07 GMT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
powered-by
Shopify
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4oK05H1i15uQwb5aWtrklAKVgKGI3jSmgmhwzqWzn3%2B0Nf4EsDAPjWkUMAI2kqR9epTadofenExbl7q3BIb%2BsYnrTf8WrYBFvdWfyc8%2BgyGpHBpPJBiQv7LCyykbridnymNGElyq%2Fy4bHm5ZZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
processing;dur=7, db;dur=4, asn;desc="212238", edge;desc="YUL", country;desc="CA", servedBy;desc="7bht", requestID;desc="d6530da0-12e5-492a-9e3a-b2f0cc5172e7-1720018387" cfRequestDuration;dur=88.999987
vary
Accept-Encoding Accept
x-content-type-options
nosniff
x-dc
gcp-northamerica-northeast2,gcp-us-central1,gcp-us-central1
x-download-options
noopen
x-frame-options
DENY
x-permitted-cross-domain-policies
none
x-request-id
d6530da0-12e5-492a-9e3a-b2f0cc5172e7-1720018387
x-shardid
299
x-shopid
69030576428
x-sorting-hat-podid
299
x-sorting-hat-shopid
69030576428
x-storefront-renderer-rendered
1
x-xss-protection
1; mode=block
graphql
checkout.lululemonstudio.ca/api/2022-10/ 		1 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://checkout.lululemonstudio.ca/api/2022-10/graphql
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/_next/static/chunks/main-bdb5b6b4256f375d.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.74 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
shops.myshopify.com
Software
cloudflare /
Resource Hash
65fa52c6e32a6c47bcd57ff4e77fb165e72ac1f43872dbf5495b0167156d9993
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
X-SDK-Version
2.17.1
Accept-Language
*
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
X-SDK-Variant
javascript
Content-Type
application/json
Accept
application/json
X-Shopify-Storefront-Access-Token
a793ef718fe256e2f8ec70b56cbb9f92
Referer
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 14:53:07 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
content-encoding
gzip
x-shopify-api-version
2023-07
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-northamerica-northeast2,gcp-us-central1,gcp-us-central1
x-content-type-options
nosniff
x-shopify-api-deprecated-reason
https://shopify.dev/api/usage/versioning#deprecation-practices
x-permitted-cross-domain-policies
none
x-shopify-api-version-warning
https://shopify.dev/concepts/about-apis/versioning
server-timing
processing;dur=233, db;dur=16, fetch;dur=174, asn;desc="212238", edge;desc="YUL", country;desc="CA", servedBy;desc="47cl", graphql;desc="storefront/mutation/other", gqlSelectionNames;desc="sfr/checkoutCreate", requestID;desc="5b60a8e5-4347-451f-92fc-803a432752b2-1720018387", cfRequestDuration;dur=296.000004
powered-by
Shopify
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-sorting-hat-shopid
69030576428
x-request-id
5b60a8e5-4347-451f-92fc-803a432752b2-1720018387
x-shardid
299
x-storefront-renderer-rendered
1
server
cloudflare
x-shopid
69030576428
vary
Accept-Encoding, Accept
x-frame-options
DENY
content-type
application/json; charset=utf-8
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YQYaJOFpgXg0fPTZK78CFN5c8V1A3oC%2FxTu698OOJyoZBd%2BbYei5nApn3WY6hk2KHa5G2msPR9Z9sWnttOUgDZwHN5JCUM045Us%2Fq%2Bh3laeLiLLIn6rU5FXQtfyOK2MeSr6bCZDHVEureFCfRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-language
en
x-download-options
noopen
cf-ray
89d7b40ae8ba4bb9-YUL
x-sorting-hat-podid
299
graphql
checkout.lululemonstudio.ca/api/2022-10/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://checkout.lululemonstudio.ca/api/2022-10/graphql
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.74 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
shops.myshopify.com
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-sdk-variant,x-sdk-version,x-shopify-storefront-access-token
Access-Control-Request-Method
POST
Origin
https://www.lululemonstudio.ca
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Authorization, Content-Type, X-SDK-Variant, X-SDK-Variant-Source, X-SDK-Version, X-Shopify-Storefront-Access-Token, Shopify-Storefront-Private-Token, Shopify-Storefront-Buyer-IP, Shopify-Storefront-Id, Shopify-Storefront-S, Shopify-Storefront-Y, Shopify-Storefront-Extension-Token, Custom-Storefront-Request-Group-ID, shopify-core-canary
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-max-age
86400
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
89d7b40a6fcf4bb9-YUL
content-encoding
gzip
content-security-policy
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
content-type
text/html; charset=utf-8
date
Wed, 03 Jul 2024 14:53:07 GMT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
powered-by
Shopify
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qA0Aww2omfl4iCjE9CWal%2FTMDwf9syXwqMdUKxdBfRXxnZ7z0Y%2FnACpZH8bJpZ%2F7nF2PURwczDqhOsMJEr2Mwi42fa7aQZc5I3%2Fi5cEJ23R5oCpvj3Rlc5yU0xuizSVygBzGusTK8B95iQBzbg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
processing;dur=4, db;dur=2, asn;desc="212238", edge;desc="YUL", country;desc="CA", servedBy;desc="p8wr", requestID;desc="f7e0d29f-3e78-4afe-b67c-b55c290ffc6d-1720018387" cfRequestDuration;dur=77.999830
vary
Accept-Encoding Accept
x-content-type-options
nosniff
x-dc
gcp-northamerica-northeast2,gcp-us-central1,gcp-us-central1
x-download-options
noopen
x-frame-options
DENY
x-permitted-cross-domain-policies
none
x-request-id
f7e0d29f-3e78-4afe-b67c-b55c290ffc6d-1720018387
x-shardid
299
x-shopid
69030576428
x-sorting-hat-podid
299
x-sorting-hat-shopid
69030576428
x-storefront-renderer-rendered
1
x-xss-protection
1; mode=block
plus_white.svg
www.lululemonstudio.ca/images/ 		269 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.lululemonstudio.ca/images/plus_white.svg
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.6.91 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
da4ab6947ea5b44c0677dc7973feedc565729d8a80ebd71449afab8f2caafbd0
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.lululemonstudio.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 14:53:07 GMT
via
1.1 f0b5ff1c80ac588b3de0f130e6e2c0b6.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
cf-cache-status
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
YTO50-P1
age
87
content-encoding
gzip
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 25 Apr 2024 17:14:42 GMT
server
cloudflare
etag
W/"06609ddaef0d0f85e717644dd108c79a"
vary
Accept-Encoding
x-frame-options
DENY
content-type
image/svg+xml
cache-control
public, max-age=14400
permissions-policy
geolocation=(self)
cf-ray
89d7b40a3c3a3a00-YYZ
x-amz-cf-id
xuriMJ1p27cJBe28-6KtpXyjMVIHEV2jx1oi1vEWdGAwFzoiPT9x5A==
expires
Wed, 03 Jul 2024 18:53:07 GMT
Calibre-Medium.woff2
www.lululemonstudio.ca/fonts/ 		19 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.lululemonstudio.ca/fonts/Calibre-Medium.woff2
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/_next/static/css/0970f143af1e3323.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.6.91 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e9d248e116f7d511201f0389e6ac80c7fb7dc61e7344df9c624d4322430ccb95
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.lululemonstudio.ca/_next/static/css/0970f143af1e3323.css
Origin
https://www.lululemonstudio.ca
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 14:53:07 GMT
via
1.1 1093497011694314ff008667ee2636c0.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
cf-cache-status
REVALIDATED
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
YTO50-P1
x-cache
Miss from cloudfront
content-length
19496
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 25 Apr 2024 17:14:42 GMT
server
cloudflare
etag
"3c36b32862a6bb076c2920bf5f8cd729"
x-frame-options
DENY
vary
Accept-Encoding
content-type
font/woff2
cache-control
public, max-age=14400
permissions-policy
geolocation=(self)
accept-ranges
bytes
cf-ray
89d7b40a6c6a3a00-YYZ
x-amz-cf-id
GIryJTPxTHHjI5w5xdVt4uaEh21tAfH2XHx3URelhndEwofdT4Qyyw==
expires
Wed, 03 Jul 2024 18:53:07 GMT
Calibre-Semibold.woff2
www.lululemonstudio.ca/fonts/ 		21 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.lululemonstudio.ca/fonts/Calibre-Semibold.woff2
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/_next/static/css/0970f143af1e3323.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.6.91 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9cbf292d35cc8fb17c91e3876798f3ae889146c8ae148e41a94a9fa38a5d98a5
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.lululemonstudio.ca/_next/static/css/0970f143af1e3323.css
Origin
https://www.lululemonstudio.ca
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 14:53:07 GMT
via
1.1 99442e301c9543d48067e4e142e03290.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
cf-cache-status
REVALIDATED
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
YUL62-P2
x-cache
Hit from cloudfront
content-length
21468
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 25 Apr 2024 17:14:42 GMT
server
cloudflare
etag
"5a1ba231826789b4b88f890c2a5bfa45"
x-frame-options
DENY
vary
Accept-Encoding
content-type
font/woff2
cache-control
public, max-age=14400
permissions-policy
geolocation=(self)
accept-ranges
bytes
cf-ray
89d7b40a6c6b3a00-YYZ
x-amz-cf-id
S0aJOeryyPWW4KE5_I0NFtjdz1_nlfxusXbVC5wsE4p1sF3gYD21gg==
expires
Wed, 03 Jul 2024 18:53:07 GMT
graphql
checkout.lululemonstudio.ca/api/2022-10/ 		1 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://checkout.lululemonstudio.ca/api/2022-10/graphql
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/_next/static/chunks/main-bdb5b6b4256f375d.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.74 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
shops.myshopify.com
Software
cloudflare /
Resource Hash
65a922c0452064cda92b70d8299b4f9e01b14e7dd8d05b93f7bfa354a887f1df
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
X-SDK-Version
2.17.1
Accept-Language
*
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
X-SDK-Variant
javascript
Content-Type
application/json
Accept
application/json
X-Shopify-Storefront-Access-Token
a793ef718fe256e2f8ec70b56cbb9f92
Referer
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 14:53:07 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
content-encoding
gzip
x-shopify-api-version
2023-07
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-northamerica-northeast2,gcp-us-central1,gcp-us-central1
x-content-type-options
nosniff
x-shopify-api-deprecated-reason
https://shopify.dev/api/usage/versioning#deprecation-practices
x-permitted-cross-domain-policies
none
x-shopify-api-version-warning
https://shopify.dev/concepts/about-apis/versioning
server-timing
processing;dur=229, db;dur=7, fetch;dur=192, asn;desc="212238", edge;desc="YUL", country;desc="CA", servedBy;desc="2277", graphql;desc="storefront/mutation/other", gqlSelectionNames;desc="sfr/checkoutCreate", requestID;desc="d9662590-0039-46a9-acec-40a438cd4184-1720018387", cfRequestDuration;dur=292.999983
powered-by
Shopify
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-sorting-hat-shopid
69030576428
x-request-id
d9662590-0039-46a9-acec-40a438cd4184-1720018387
x-shardid
299
x-storefront-renderer-rendered
1
server
cloudflare
x-shopid
69030576428
vary
Accept-Encoding, Accept
x-frame-options
DENY
content-type
application/json; charset=utf-8
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mIjHnv8s45ZYTvYAE%2BiAXJVOJiHCbxcF54IWeO9PGMZB16ptvlhTsgaZYaQxkSYFA1djWYuwMGS3YQe3s08NSTMGtpISLoUfuwtteCCpL7IEhyVjoZVmYJP8CqcAm%2BFCrOOMJ34qT16huM55jg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-language
en
x-download-options
noopen
cf-ray
89d7b40b192a4bb9-YUL
x-sorting-hat-podid
299
lululemonStudio_YogoStudio_Primary_White_2.svg
res.cloudinary.com/themirror/image/upload/v1661441564/ecomm-cms-assets/production/icons/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://res.cloudinary.com/themirror/image/upload/v1661441564/ecomm-cms-assets/production/icons/lululemonStudio_YogoStudio_Primary_White_2.svg
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.201.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
05dae9f297cc19f31afe3b53098189e62607770e6558501ccf58a96b1a77ff6f
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 14:53:07 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=604800
content-disposition
attachment; filename="lululemonStudio_YogoStudio_Primary_White_2.svg"
server-timing
cld-cloudflare;dur=20;start=2024-07-03T14:53:07.699Z;desc=hit,rtt;dur=17,content-info;desc="width=286,height=72,owidth=286,oheight=72,obytes=2416;"
content-length
1134
last-modified
Thu, 25 Aug 2022 15:32:47 GMT
server
cloudflare
etag
W/"11e7fdff38b60efa7dca88e9ae75dcbe"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Disposition,ETag,Server-Timing,Vary,x-content-type-options
cache-control
public, no-transform, immutable, max-age=2592000
accept-ranges
bytes
cf-ray
89d7b40b1f92ac63-YYZ
timing-allow-origin
*
lululemonStudio_YogoStudio_Primary_Black_2.svg
res.cloudinary.com/themirror/image/upload/v1661441564/ecomm-cms-assets/production/icons/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://res.cloudinary.com/themirror/image/upload/v1661441564/ecomm-cms-assets/production/icons/lululemonStudio_YogoStudio_Primary_Black_2.svg
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.201.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d006f4b0cfa518771c8110427114b1810398480b52889c7da5077a38c632a55b
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 14:53:07 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=604800
content-disposition
attachment; filename="lululemonStudio_YogoStudio_Primary_Black_2.svg"
server-timing
cld-cloudflare;dur=16;start=2024-07-03T14:53:07.700Z;desc=hit,rtt;dur=17,content-info;desc="width=286,height=72,owidth=286,oheight=72,obytes=2313;"
content-length
1082
last-modified
Thu, 25 Aug 2022 15:32:47 GMT
server
cloudflare
etag
W/"63eb78c0f444d5f8b90f3c41b6d67fef"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Disposition,ETag,Server-Timing,Vary,x-content-type-options
cache-control
public, no-transform, immutable, max-age=2592000
accept-ranges
bytes
cf-ray
89d7b40b1f93ac63-YYZ
timing-allow-origin
*
landing-page-desktop.jpg
res.cloudinary.com/themirror/w_1440,c_scale,f_auto,q_auto/ecomm-cms-assets/production/heros/ 		41 KB
42 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://res.cloudinary.com/themirror/w_1440,c_scale,f_auto,q_auto/ecomm-cms-assets/production/heros/landing-page-desktop.jpg
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.201.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
db432405a21b948e9c297ee67a2452374c0796da6dcf4f801b7a704bd2f09f8a
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 14:53:07 GMT
strict-transport-security
max-age=604800
x-content-type-options
nosniff
content-disposition
inline; filename="landing-page-desktop.webp"
server-timing
cld-cloudflare;dur=18;start=2024-07-03T14:53:07.698Z;desc=hit,rtt;dur=17,content-info;desc="width=1440,height=810,bytes=41984,owidth=1440,oheight=810,obytes=1002394;"
content-length
41984
last-modified
Mon, 23 Oct 2023 16:57:10 GMT
server
cloudflare
etag
"6f214fecb7d8a45b17c0c1af81a4f3ca"
vary
Accept,User-Agent,Save-Data, Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Disposition,ETag,Server-Timing,Vary,x-content-type-options
cache-control
private, no-transform, max-age=2592000
accept-ranges
bytes
cf-ray
89d7b40b1f8fac63-YYZ
timing-allow-origin
*
MicrosoftTeams-image.jpg
res.cloudinary.com/themirror/w_960,c_scale,f_auto,q_auto/ecomm-cms-assets/production/ 		64 KB
64 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://res.cloudinary.com/themirror/w_960,c_scale,f_auto,q_auto/ecomm-cms-assets/production/MicrosoftTeams-image.jpg
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.201.1 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a3b76111f14dc848b243a4c8a55afe3a50294438f67d81548276c15249371fed
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 14:53:07 GMT
strict-transport-security
max-age=604800
x-content-type-options
nosniff
content-disposition
inline; filename="MicrosoftTeams-image.webp"
server-timing
cld-cloudflare;dur=23;start=2024-07-03T14:53:07.702Z;desc=hit,rtt;dur=17,content-info;desc="width=960,height=1200,bytes=65632,owidth=1160,oheight=1450,obytes=1041560;"
content-length
65632
last-modified
Wed, 01 Nov 2023 17:02:51 GMT
server
cloudflare
etag
"0776270aa1b84c8b6891736e2296dc50"
vary
Accept,User-Agent,Save-Data, Accept-Encoding
content-type
image/webp
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Disposition,ETag,Server-Timing,Vary,x-content-type-options
cache-control
private, no-transform, max-age=2592000
accept-ranges
bytes
cf-ray
89d7b40b1f90ac63-YYZ
timing-allow-origin
*
index.json
www.lululemonstudio.ca/_next/data/odLDzK2-K94FBZq-PS8H4/ 		28 KB
8 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.lululemonstudio.ca/_next/data/odLDzK2-K94FBZq-PS8H4/index.json
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/_next/static/chunks/main-bdb5b6b4256f375d.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.6.91 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e90a1b65a7a4d63915c162adcf60ecee4e49ac1fedf29b7fd81179f24c1bf669
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
x-nextjs-data
1
purpose
prefetch
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Referer
https://www.lululemonstudio.ca/
baggage
sentry-environment=production,sentry-release=odLDzK2-K94FBZq-PS8H4,sentry-transaction=%2F,sentry-public_key=98b0f0c98b27437e9b0118e221e2f539,sentry-trace_id=4058b6d781cd4924891cd43fd823cb34,sentry-sample_rate=0.1
sentry-trace
4058b6d781cd4924891cd43fd823cb34-bdb92f100a1491ba-0
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 14:53:07 GMT
via
1.1 aae20db21c50ea4a322cf21a1aa201b4.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
cf-cache-status
DYNAMIC
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
ORD56-P6
age
72694
content-encoding
gzip
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 27 Jun 2024 14:49:54 GMT
server
cloudflare
etag
W/"0bce5d97612d7664cb3a28a99bc58bec"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/json
permissions-policy
geolocation=(self)
cf-ray
89d7b40aac983a00-YYZ
x-amz-cf-id
WzhtRInezohBDm9WtMPWPfM4FS92TUBNu9f_WPzw5-9g0yZmtxIPcA==
settings
cdn.segment.com/v1/projects/yak13J4DdLsAf2uEvYFgQi0CTMTvN1KJ/ 		5 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/v1/projects/yak13J4DdLsAf2uEvYFgQi0CTMTvN1KJ/settings
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/_next/static/chunks/main-bdb5b6b4256f375d.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.191.237 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-191-237.iad79.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
13267b296d4b99ecb040096c2c25623d956c3e55f566394c82e7118ce0110618

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 12:18:35 GMT
x-amz-version-id
BA8r5oIPF77MapOaz87tQpwacnbhSlSw
content-encoding
br
via
1.1 9edb8d9b9614520133cf2257f302ebaa.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD79-C3
age
9273
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Wed, 26 Jun 2024 10:41:54 GMT
server
AmazonS3
etag
W/"1f173f2b6d68a73e08923dbbb1bcc068"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=10800
vary
Accept-Encoding
x-amz-cf-id
7O-Ggj3LaFAZuprMT5IpyxVUyEKiTuW2A8xY68ZYeW9k_QBHj_XglQ==
m-outer-3437aaddcdf6922d623e172c2d6f9278.html
js.stripe.com/v3/ Frame 3E55 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.125.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-125-52.iad61.r.cloudfront.net
Software
Cloudfront /
Resource Hash
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
551
cache-control
max-age=31536000
content-length
200
content-security-policy
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Wed, 03 Jul 2024 14:43:56 GMT
etag
"3437aaddcdf6922d623e172c2d6f9278"
last-modified
Tue, 02 Jul 2024 21:10:41 GMT
server
Cloudfront
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 91e0db6ff3a77218c7993c4fa2b04cf6.cloudfront.net (CloudFront)
x-amz-cf-id
BISravmros0d_tDUs67B7U2C2yaowacl19bstwpiJp9iddcTkSkIFg==
x-amz-cf-pop
IAD61-P3
x-cache
Hit from cloudfront
x-content-type-options
nosniff
ajs-destination.bundle.ed53a26b6edc80c65d73.js
cdn.segment.com/analytics-next/bundles/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics-next/bundles/ajs-destination.bundle.ed53a26b6edc80c65d73.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/yak13J4DdLsAf2uEvYFgQi0CTMTvN1KJ/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.191.237 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-191-237.iad79.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
129151ed0140041b198ce3b364a11861a3b5baa5bb60475ebf7bedb9b0fc94d6

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 15 Apr 2024 15:05:27 GMT
x-amz-version-id
1lCjHefPzcRt0EbQDFkkb.6FnzhNuKxa
content-encoding
br
via
1.1 3ebe5e903d733a5e00724b1dfdba02bc.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD79-C3
age
6824861
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Fri, 12 Apr 2024 21:39:45 GMT
server
AmazonS3
etag
W/"00e9c65cbba11c07c4bf4a6e2727b8ea"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
vary
Accept-Encoding
x-amz-cf-id
IcRM4fImD3qaIhR2P8SbXX0einMx01HQxNzlIrQ-sPf8ig0TsUQwAA==
graphql
checkout.lululemonstudio.ca/api/2022-10/ 		1 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://checkout.lululemonstudio.ca/api/2022-10/graphql
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/_next/static/chunks/main-bdb5b6b4256f375d.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.74 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
shops.myshopify.com
Software
cloudflare /
Resource Hash
0fa259074104b93c02a4c7e2a3406342319f1198fe963bff9b763598efc16153
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
X-SDK-Version
2.17.1
Accept-Language
*
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
X-SDK-Variant
javascript
Content-Type
application/json
Accept
application/json
X-Shopify-Storefront-Access-Token
a793ef718fe256e2f8ec70b56cbb9f92
Referer
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 14:53:08 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
content-encoding
gzip
x-shopify-api-version
2023-07
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-northamerica-northeast2,gcp-us-central1,gcp-us-central1
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
x-shopify-api-version-warning
https://shopify.dev/concepts/about-apis/versioning
server-timing
processing;dur=207, db;dur=7, fetch;dur=159, asn;desc="212238", edge;desc="YUL", country;desc="CA", servedBy;desc="47cl", graphql;desc="storefront/query/other", gqlSelectionNames;desc="sfr/node", requestID;desc="f21ef306-81df-4cb9-ac5f-30bd52a10c60-1720018388", cfRequestDuration;dur=262.999773
powered-by
Shopify
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-sorting-hat-shopid
69030576428
x-request-id
f21ef306-81df-4cb9-ac5f-30bd52a10c60-1720018388
x-shardid
299
x-storefront-renderer-rendered
1
server
cloudflare
x-shopid
69030576428
vary
Accept-Encoding, Accept
x-frame-options
DENY
content-type
application/json; charset=utf-8
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uh4X4CZuXMK8%2BOvbrusmGr3bdjxK0uD9jGVFX1zYDliIzisEgkKJRwigieSJiCJyga7Xp5NWwmLA%2FUVMEcJ8XHM47tKkkKLCFLEUDr3CxbPpfqsI%2FU%2F%2Fl2bHbeDKulywJGFksjlfJlY7e2Olnw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-language
en
x-download-options
noopen
cf-ray
89d7b40d0bd84bb9-YUL
x-sorting-hat-podid
299
schemaFilter.bundle.5c2661f67b4b71a6d9bd.js
cdn.segment.com/analytics-next/bundles/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics-next/bundles/schemaFilter.bundle.5c2661f67b4b71a6d9bd.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/yak13J4DdLsAf2uEvYFgQi0CTMTvN1KJ/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.191.237 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-191-237.iad79.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
31892c21ae4fb908a875bbe29dbf0df74c2e84171cfbcac23540f3ad8222a35a

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 12 Apr 2024 06:42:44 GMT
x-amz-version-id
6p7m0DymtVd2iHKfdr7k4GM1yYafy1xS
content-encoding
br
via
1.1 3ebe5e903d733a5e00724b1dfdba02bc.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD79-C3
age
7114225
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Fri, 12 Apr 2024 03:48:56 GMT
server
AmazonS3
etag
W/"3867b2388b619ff7fddc29ef359fc9aa"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
vary
Accept-Encoding
x-amz-cf-id
EiSZ4Dfu51W25gWNMDiex5CgyDUEjQTLgNlhJZFckjR9qfG__yEhlg==
graphql
checkout.lululemonstudio.ca/api/2022-10/ 		1 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://checkout.lululemonstudio.ca/api/2022-10/graphql
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/_next/static/chunks/main-bdb5b6b4256f375d.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.74 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
shops.myshopify.com
Software
cloudflare /
Resource Hash
c09f82b6d785a5439fa7428f543d0e547edfdd7161922e457db1b18a5bf380b9
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
X-SDK-Version
2.17.1
Accept-Language
*
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
X-SDK-Variant
javascript
Content-Type
application/json
Accept
application/json
X-Shopify-Storefront-Access-Token
a793ef718fe256e2f8ec70b56cbb9f92
Referer
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 14:53:08 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
content-encoding
gzip
x-shopify-api-version
2023-07
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-northamerica-northeast2,gcp-us-central1,gcp-us-central1
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
x-shopify-api-version-warning
https://shopify.dev/concepts/about-apis/versioning
server-timing
processing;dur=198;desc="gc:1", db;dur=9, fetch;dur=157, asn;desc="212238", edge;desc="YUL", country;desc="CA", servedBy;desc="hslj", graphql;desc="storefront/query/other", gqlSelectionNames;desc="sfr/node", requestID;desc="10f749d5-6e19-4f14-be4b-78c11b0ca489-1720018388", cfRequestDuration;dur=262.000084
powered-by
Shopify
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-sorting-hat-shopid
69030576428
x-request-id
10f749d5-6e19-4f14-be4b-78c11b0ca489-1720018388
x-shardid
299
x-storefront-renderer-rendered
1
server
cloudflare
x-shopid
69030576428
vary
Accept-Encoding, Accept
x-frame-options
DENY
content-type
application/json; charset=utf-8
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d22VuSVB2uxymi0Sj8CW2Ow4l5nyS6HKhDWVjOYFrzFs3RLY3B74u8gdjXQ%2BIN79%2F1DZyjJGA9HsDzs2xaKaRKoSg2H%2FM%2BlU607G077C2MXj06rAVbupSN%2FykROvnBq2RaYE5HreICCt8xNTbQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-language
en
x-download-options
noopen
cf-ray
89d7b40d2c094bb9-YUL
x-sorting-hat-podid
299
facebook-pixel.dynamic.js.gz
cdn.segment.com/next-integrations/integrations/facebook-pixel/2.11.5/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/facebook-pixel/2.11.5/facebook-pixel.dynamic.js.gz
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/yak13J4DdLsAf2uEvYFgQi0CTMTvN1KJ/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.191.237 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-191-237.iad79.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4df53644d1c9fd651ccfd697977eb07d94cd744b0a4997568d67cc25ef44e483

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 08 Apr 2024 01:44:01 GMT
content-encoding
gzip
via
1.1 3ebe5e903d733a5e00724b1dfdba02bc.cloudfront.net (CloudFront)
x-amz-version-id
e4_5M802DvRTYZH643Q1UBSxA84VQpM1
x-amz-cf-pop
IAD79-C3
age
7477748
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
3273
last-modified
Fri, 05 Apr 2024 16:42:47 GMT
server
AmazonS3
etag
"a7cd49c834a0851140e3304c91cb34d0"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
x-amz-cf-id
dUiKuHgfWrcDK2guRf0Z5fgpEkXAMl6wnSp_OhGVhQBNr4vXGqZnXw==
fullstory.dynamic.js.gz
cdn.segment.com/next-integrations/integrations/fullstory/3.1.0/ 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/fullstory/3.1.0/fullstory.dynamic.js.gz
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/yak13J4DdLsAf2uEvYFgQi0CTMTvN1KJ/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.191.237 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-191-237.iad79.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e9fda204818eb76752b45ba07f2a3357507dfbd1ffac18a8badebda6f96feab7

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 13 May 2024 21:19:50 GMT
content-encoding
gzip
via
1.1 3ebe5e903d733a5e00724b1dfdba02bc.cloudfront.net (CloudFront)
x-amz-version-id
oPHfKDIg3jvUi4BGP8xSSh5eX6u0MY0C
x-amz-cf-pop
IAD79-C3
age
4383199
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
2166
last-modified
Fri, 05 Apr 2024 16:42:47 GMT
server
AmazonS3
etag
"5ab49a383e9cf7b93c013d369b1b30f7"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
x-amz-cf-id
0xCFfjzOTRH5zRdqLwlSippxq5s2dEeSJyob6EC8Omhpii8VOHwNQg==
google-tag-manager.dynamic.js.gz
cdn.segment.com/next-integrations/integrations/google-tag-manager/2.5.1/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/google-tag-manager/2.5.1/google-tag-manager.dynamic.js.gz
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/yak13J4DdLsAf2uEvYFgQi0CTMTvN1KJ/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.191.237 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-191-237.iad79.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9e2189d573b1df3fd3c684ba1f9ad2ad5cd2f8394f14dde87b5fde495bea200c

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 01:03:56 GMT
content-encoding
gzip
via
1.1 3ebe5e903d733a5e00724b1dfdba02bc.cloudfront.net (CloudFront)
x-amz-version-id
2QnOYwF5YFKn4huywZP2TBu6SmwTBwS6
x-amz-cf-pop
IAD79-C3
age
49753
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
1343
last-modified
Mon, 03 Jun 2024 14:40:12 GMT
server
AmazonS3
etag
"a2b1aa1a0e402b1f891c929f94449d47"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
x-amz-cf-id
JrBG0eR-ePaLPHIucdoSKtpS8LTVDjwJXhRUjH9rpaRARoeH8qqivw==
p
api.segment.io/v1/ 		21 B
179 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.segment.io/v1/p
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/_next/static/chunks/main-bdb5b6b4256f375d.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.81.90.104 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-81-90-104.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.lululemonstudio.ca
date
Wed, 03 Jul 2024 14:53:08 GMT
strict-transport-security
max-age=31536000
content-length
21
vary
Origin
content-type
application/json
commons.a61d7bea37d2de5d4b69.js.gz
cdn.segment.com/next-integrations/integrations/vendor/ 		70 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/vendor/commons.a61d7bea37d2de5d4b69.js.gz
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/yak13J4DdLsAf2uEvYFgQi0CTMTvN1KJ/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.191.237 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-191-237.iad79.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
265ac7549793e4b9d51f8ab19acc8518770ace94078790776b3ac34eb47e1bbd

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 04:26:25 GMT
content-encoding
gzip
via
1.1 3ebe5e903d733a5e00724b1dfdba02bc.cloudfront.net (CloudFront)
x-amz-version-id
V.SxMmReU8g28xcE4bFlqm5TAakYuTpt
x-amz-cf-pop
IAD79-C3
age
642404
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
21911
last-modified
Mon, 03 Jun 2024 14:40:11 GMT
server
AmazonS3
etag
"c467a63b2e7c3a99be423ace649014d8"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
x-amz-cf-id
NcYym0NKvwjL7z6YUkKpKx0QyBXCqPeh-PNEetD7cH1JxKYNTccY3w==
fbevents.js
connect.facebook.net/en_US/ 		222 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.a61d7bea37d2de5d4b69.js.gz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
31.13.66.19 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-01-iad3.fbcdn.net
Software
/
Resource Hash
63bae03aa97278acb1d6f7863e593999bbdc5d280d2fa5a3050f234ce5eee850
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Wed, 03 Jul 2024 14:53:08 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
58293
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=34, rtx=0, c=12, mss=1316, tbw=2780, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma
public
x-fb-debug
Ig1jscKO1zJbjrI4Cy/u1voK7LcvsHgPlU6ket6R57Xtg5EO+zc3S1VcxlyPJzOvP22qkV77u5SlmMmnEutb2Q==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
fs.js
edge.fullstory.com/s/ 		277 KB
75 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://edge.fullstory.com/s/fs.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.a61d7bea37d2de5d4b69.js.gz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.112.186 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
186.112.201.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
3437f195c3f03e93049d9ef9c9e79b2ebeb8b97339a268cf2d6e4ab38aee09c5

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Origin
https://www.lululemonstudio.ca
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 14:42:42 GMT
content-encoding
br
age
626
x-guploader-uploadid
ACJd0NqgAmgt4Ma_hItX4diRR9Ihl9NiXQ5MpJB5I1ewQhjaFm4NrTlBx_GGorKL9i_Oi7PzNXGX0pqktw
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
br
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
76394
last-modified
Thu, 27 Jun 2024 13:38:26 GMT
server
UploadServer
etag
"f79ad65695b94b39d47799af56fbd7e3"
vary
Accept-Encoding
x-goog-generation
1719495506351318
x-goog-hash
crc32c=wtOMAQ==, md5=95rWVpW5SznUd5mvVvvX4w==
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=3600,no-transform
x-goog-stored-content-length
76394
accept-ranges
bytes
content-type
application/javascript
expires
Wed, 03 Jul 2024 15:42:42 GMT
gtm.js
www.googletagmanager.com/ 		245 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-TBTC976&l=dataLayer
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.a61d7bea37d2de5d4b69.js.gz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.222.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
qi-in-f97.1e100.net
Software
Google Tag Manager /
Resource Hash
2e3d9b18a8789368048a194b45df371e62405b06a2453c017b93b83249bca043
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 14:53:08 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
89052
x-xss-protection
0
last-modified
Wed, 03 Jul 2024 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 03 Jul 2024 14:53:08 GMT
web
edge.fullstory.com/s/settings/KM59Q/v1/ 		4 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://edge.fullstory.com/s/settings/KM59Q/v1/web
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/_next/static/chunks/main-bdb5b6b4256f375d.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.112.186 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
186.112.201.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
67bab36d7f31001c4fb77e154c171d143cef2b459b15e38403455cb23ef56593

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 14:53:08 GMT
content-encoding
gzip
age
0
x-guploader-uploadid
ACJd0Nrll6-RMd98iWH85msOohIRFCVJrNQvfRgcr2OzIs_ALwSS65XuIiSfdGeJKRBhCG0I9kVrIIfiDg
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1149
last-modified
Mon, 27 Feb 2023 17:00:55 GMT
server
UploadServer
etag
"d8d6a048db6ead41e2c7d6e9fbdf33f8"
x-goog-generation
1677517254984889
x-goog-hash
crc32c=xlZuYg==, md5=2NagSNturUHix9bp+98z+A==
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public,max-age=900,no-transform
x-goog-stored-content-length
1149
accept-ranges
bytes
content-type
application/json
expires
Wed, 03 Jul 2024 15:08:08 GMT
graphql
checkout.lululemonstudio.ca/api/2022-10/ 		1 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://checkout.lululemonstudio.ca/api/2022-10/graphql
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/_next/static/chunks/main-bdb5b6b4256f375d.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.74 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
shops.myshopify.com
Software
cloudflare /
Resource Hash
5b3b55ee1200b14f642f0f0072f41a23db64b4155cd2a6b11fa8464b14ca2a49
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
X-SDK-Version
2.17.1
Accept-Language
*
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
X-SDK-Variant
javascript
Content-Type
application/json
Accept
application/json
X-Shopify-Storefront-Access-Token
a793ef718fe256e2f8ec70b56cbb9f92
Referer
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 14:53:08 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
content-encoding
gzip
x-shopify-api-version
2023-07
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-northamerica-northeast2,gcp-us-central1,gcp-us-central1
x-content-type-options
nosniff
x-shopify-api-deprecated-reason
https://shopify.dev/api/usage/versioning#deprecation-practices
x-permitted-cross-domain-policies
none
x-shopify-api-version-warning
https://shopify.dev/concepts/about-apis/versioning
server-timing
processing;dur=327, db;dur=4, fetch;dur=240, asn;desc="212238", edge;desc="YUL", country;desc="CA", servedBy;desc="9d5r", graphql;desc="storefront/mutation/other", gqlSelectionNames;desc="sfr/checkoutAttributesUpdateV2", requestID;desc="fdfb02fd-aa7f-4dda-8753-d65767de3ba5-1720018388", cfRequestDuration;dur=398.999929
powered-by
Shopify
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-sorting-hat-shopid
69030576428
x-request-id
fdfb02fd-aa7f-4dda-8753-d65767de3ba5-1720018388
x-shardid
299
x-storefront-renderer-rendered
1
server
cloudflare
x-shopid
69030576428
vary
Accept-Encoding, Accept
x-frame-options
DENY
content-type
application/json; charset=utf-8
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wgfitDsjaHIKuYlZmNQSZhRVS54UH%2F65Tq6gzEOHhlSgXZIB7KdfB4lJVdEZccZIGGxzpvujGQGy7EzhB%2BBcuPUxQ8%2FajKRlIH%2F5FqS3yGRdmdxOV5fMLoo0Nzw8dbqtrc4dnjOWv%2F49%2BKXw9w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-language
en
x-download-options
noopen
cf-ray
89d7b40f1e954bb9-YUL
x-sorting-hat-podid
299
graphql
checkout.lululemonstudio.ca/api/2022-10/ 		1 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://checkout.lululemonstudio.ca/api/2022-10/graphql
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/_next/static/chunks/main-bdb5b6b4256f375d.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.74 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
shops.myshopify.com
Software
cloudflare /
Resource Hash
f9d958244809bfacae51a9bed8a61afe5a233cec9ad74b040601d6364747f0f3
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
X-SDK-Version
2.17.1
Accept-Language
*
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
X-SDK-Variant
javascript
Content-Type
application/json
Accept
application/json
X-Shopify-Storefront-Access-Token
a793ef718fe256e2f8ec70b56cbb9f92
Referer
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 14:53:08 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
content-encoding
gzip
x-shopify-api-version
2023-07
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-northamerica-northeast2,gcp-us-central1,gcp-us-central1
x-content-type-options
nosniff
x-shopify-api-deprecated-reason
https://shopify.dev/api/usage/versioning#deprecation-practices
x-permitted-cross-domain-policies
none
x-shopify-api-version-warning
https://shopify.dev/concepts/about-apis/versioning
server-timing
processing;dur=264, db;dur=7, fetch;dur=226, asn;desc="212238", edge;desc="YUL", country;desc="CA", servedBy;desc="2277", graphql;desc="storefront/mutation/other", gqlSelectionNames;desc="sfr/checkoutAttributesUpdateV2", requestID;desc="83fe78ea-3844-4eed-8b68-d236f8e4aa07-1720018388", cfRequestDuration;dur=321.000099
powered-by
Shopify
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-sorting-hat-shopid
69030576428
x-request-id
83fe78ea-3844-4eed-8b68-d236f8e4aa07-1720018388
x-shardid
299
x-storefront-renderer-rendered
1
server
cloudflare
x-shopid
69030576428
vary
Accept-Encoding, Accept
x-frame-options
DENY
content-type
application/json; charset=utf-8
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x%2BAXPGZ3Q1ed1dLe%2BJg96M%2FxiO0E3ZQEc5YSk4cdvkV0bdSqe6p0htZHIExuROwknGuiifN3BunthkWBktOjKizYW1xLKjAIlfVYA%2FwFD1qZkgtiwasTn4YAzLRV%2BcCgto%2Bi%2FJZ0VSUdmA9L2g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-language
en
x-download-options
noopen
cf-ray
89d7b40f1e964bb9-YUL
x-sorting-hat-podid
299
365790728635697
connect.facebook.net/signals/config/ 		69 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/365790728635697?v=2.9.160&r=stable&domain=www.lululemonstudio.ca&hme=733c3732ec767f7a62e7787aff967e6d19b1e13e533937876f2e15efe07bf678&ex_m=67%2C113%2C100%2C104%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C160%2C163%2C175%2C171%2C172%2C174%2C28%2C94%2C50%2C73%2C173%2C155%2C158%2C168%2C169%2C176%2C122%2C39%2C33%2C134%2C14%2C48%2C181%2C180%2C124%2C17%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C101%2C103%2C37%2C102%2C29%2C25%2C156%2C159%2C131%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C98%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C34%2C80%2C2%2C35%2C60%2C40%2C99%2C43%2C75%2C65%2C105%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C106
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
31.13.66.19 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-01-iad3.fbcdn.net
Software
/
Resource Hash
f10252fe142b0be97fb24a4d65d6aaa484a8718251b2fe9831a65641fbc16069
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Wed, 03 Jul 2024 14:53:08 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=41, rtx=0, c=64, mss=1316, tbw=63784, tp=-1, tpl=-1, uplat=78, ullat=0
pragma
public
x-fb-debug
HdHccE9Y/MKbzaaQE538ecCzHRImzrYUVp1pzT1a1Op/JqEFMRXr0+NLli90efwd+k1su3tNKsY6D+woJvnwMg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
dtag.js
cdn.attn.tv/mirror-ca/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.attn.tv/mirror-ca/dtag.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TBTC976&l=dataLayer
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.85.151.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-151-39.iad89.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
746b95a55ec0a56a74120fcbba61801fdd50376e6989feecd5943de920e40f41

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
FuTPg1X6OwByzlyxiDZx2193pKsAxmEO
content-encoding
gzip
via
1.1 ac28147bf6a75debb0811f62b6224e6e.cloudfront.net (CloudFront)
date
Wed, 03 Jul 2024 14:53:09 GMT
last-modified
Thu, 03 Aug 2023 16:31:24 GMT
server
AmazonS3
x-amz-cf-pop
IAD89-C3
x-amz-server-side-encryption
AES256
etag
W/"2ea7fb0bcab2ade76079018826ab485b"
vary
Accept-Encoding, Origin
x-cache
RefreshHit from cloudfront
content-type
text/javascript
cache-control
public, max-age=120
x-amz-replication-status
COMPLETED
x-amz-cf-id
i7JpfQ3EEPUHkPRGrcB2d2J7a4FSsllHdmCX3Cpud9uzbHpUvmSsCQ==
widget.js
cdn.kustomerapp.com/chat-web/ 		937 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.kustomerapp.com/chat-web/widget.js
Requested by
Host: checkout.lululemonstudio.ca
URL: https://checkout.lululemonstudio.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.85.151.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-151-31.iad89.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
8c6b5de616eabf348a1fd3cc8839a6d57670dcdc164c81f690a3ff5b504002d2

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
rhWJb2_JwuC_UnrIHa.6TrXaXLBj_F_O
date
Wed, 03 Jul 2024 14:53:00 GMT
x-amz-meta-releaseversion
release-v0.1.375
via
1.1 9c90b41a9e5ac2856624d29ed4da4234.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD89-C3
age
15
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
content-length
937
last-modified
Wed, 27 Mar 2024 21:54:04 GMT
server
AmazonS3
etag
"429467a41d91b15cb8d521f4a1312d76"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=0, s-maxage=60
vary
Accept-Encoding
accept-ranges
bytes
x-amz-cf-id
IE7o53P20oddsaT-gGwzWzk_WMhUEAsyDFNBHP-sTH_N2KZyCU5PjQ==
page
rs.fullstory.com/rec/ 		82 B
285 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://rs.fullstory.com/rec/page
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/_next/static/chunks/main-bdb5b6b4256f375d.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.194.58 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
58.194.186.35.bc.googleusercontent.com
Software
/
Resource Hash
7276e79c9f3b182f8635969effac5c153a7337c69016c34050a60b605e97a1d0
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 03 Jul 2024 14:53:08 GMT
via
1.1 google
x-content-type-options
nosniff
content-type
text/plain; charset=utf-8
access-control-allow-origin
https://www.lululemonstudio.ca
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
82
/
www.facebook.com/tr/ 		0
274 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=365790728635697&ev=PageView&dl=https%3A%2F%2Fwww.lululemonstudio.ca%2F&rl=https%3A%2F%2Fcheckout.lululemonstudio.ca%2F&if=false&ts=1720018388478&sw=1600&sh=1200&v=2.9.160&r=stable&a=seg&ec=0&o=4126&fbp=fb.1.1720018388474.551095919122156511&cs_est=true&ler=other&cdl=API_unavailable&it=1720018388338&coo=false&dpo=LDU&dpoco=0&dpost=0&eid=ajs-next-1720018388037-60e3b1c0-2d2b-4671-a636-e172a6a4baea&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
157.240.229.35 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-02-iad3.facebook.com
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-fb-connection-quality
EXCELLENT; q=0.9, rtt=33, rtx=0, c=10, mss=1316, tbw=2805, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Wed, 03 Jul 2024 14:53:08 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=365790728635697&ev=PageView&dl=https%3A%2F%2Fwww.lululemonstudio.ca%2F&rl=https%3A%2F%2Fcheckout.lululemonstudio.ca%2F&if=false&ts=1720018388478&sw=1600&sh=1200&v=2.9.160&r=stable&a=seg&ec=0&o=4126&fbp=fb.1.1720018388474.551095919122156511&cs_est=true&ler=other&cdl=API_unavailable&it=1720018388338&coo=false&dpo=LDU&dpoco=0&dpost=0&eid=ajs-next-1720018388037-60e3b1c0-2d2b-4671-a636-e172a6a4baea&rqm=FGET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
157.240.229.35 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-02-iad3.facebook.com
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

attribution-reporting-register-trigger
{"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0xbecba4a90cb42130","source_keys":["1","2"]},{"key_piece":"0xbe4422995605bed9","source_keys":["1","2"]}],"aggregatable_values":{"1":1}}
content-encoding
zstd
x-content-type-options
nosniff
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
strict-transport-security
max-age=15552000; preload
document-policy
force-load-at-top
date
Wed, 03 Jul 2024 14:53:08 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7387422726645865542", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=33, rtx=0, c=12, mss=1316, tbw=3123, tp=-1, tpl=-1, uplat=105, ullat=0
pragma
no-cache
x-fb-debug
mL6B0RyeRCY+PNaLiopDN4b/9pRe43UTUvmkzSaQBiBe5zRHGt6IFqdCjJPq8Haw1gdTlPuw5yA8IH/x+0wCGA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7387422726645865542"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
image/png
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
private, no-store, no-cache, must-revalidate
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires
Sat, 01 Jan 2000 00:00:00 GMT
unified-tag.js
cdn.attn.tv/tag/4-latest/ 		123 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.attn.tv/tag/4-latest/unified-tag.js?v=4-latest_6c714ccac7
Requested by
Host: cdn.attn.tv
URL: https://cdn.attn.tv/mirror-ca/dtag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.85.151.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-151-39.iad89.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1aea165a1bb393798a8d20189157b0f7a799c6d7ae2d5c9b59a700e15acec14e

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
j4krP5FLKgHwD9UZA20FxkH9e7A_3ztC
content-encoding
gzip
via
1.1 ac28147bf6a75debb0811f62b6224e6e.cloudfront.net (CloudFront)
date
Wed, 03 Jul 2024 14:48:52 GMT
x-amz-cf-pop
IAD89-C3
age
257
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Tue, 25 Jun 2024 16:08:48 GMT
server
AmazonS3
etag
W/"954f36687ef138bae8d4b0532386bf26"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=300
x-amz-cf-id
grg1XM-xFFihzjWDkyX0sIHLE9UpnoPsqxNYU_MKUaEMA0s9DTHpXA==
widget-api.8acb1fabd3e20af59d34.js
cdn.kustomerapp.com/chat-web/release-v0.1.375/ 		31 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.kustomerapp.com/chat-web/release-v0.1.375/widget-api.8acb1fabd3e20af59d34.js
Requested by
Host: cdn.kustomerapp.com
URL: https://cdn.kustomerapp.com/chat-web/widget.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.85.151.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-151-31.iad89.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9e86b08a0d8849527cdd52c214c04c1c7e3e151415acf94fdab46c2241ce6252

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 26 Jun 2024 11:54:40 GMT
x-amz-version-id
7S7TfTXePzws_K1JpIFL0PKxKErwwIeS
content-encoding
br
via
1.1 9c90b41a9e5ac2856624d29ed4da4234.cloudfront.net (CloudFront)
x-amz-cf-pop
IAD89-C3
age
615509
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Wed, 27 Mar 2024 21:54:07 GMT
server
AmazonS3
etag
W/"82f95f906f817ee4c1ef932c450517d6"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=34149600, s-maxage=34149600
vary
Accept-Encoding
x-amz-cf-id
8rd2bajuC4aTGjkRA-wG_SXmORJL8FUwpSCZ_oZpEUkJog7nQNyQLg==
/
mirror-ca.attn.tv/d/ 		5 B
252 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://mirror-ca.attn.tv/d/?attn_vid=babfcccf99e34f2787e7c1c7a5c3680c
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/_next/static/chunks/main-bdb5b6b4256f375d.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.144.121 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fcbcf165908dd18a9e49f7ff27810176db8e9f63b4352213741664245224f8aa

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 14:53:08 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
content-type
application/json
access-control-allow-origin
*
x-envoy-upstream-service-time
4
cf-ray
89d7b4111dbaab27-YYZ
alt-svc
h3=":443"; ma=86400
e
events.attentivemobile.com/ 		0
334 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://events.attentivemobile.com/e?v=4.37.9_71cd04ce4a&pd=https%3A%2F%2Fwww.lululemonstudio.ca%2F&u=babfcccf99e34f2787e7c1c7a5c3680c&c=mirror-ca&ceid=zMM&lt=1720018388609&tag=modern&cs=305334293&t=v&r=https%3A%2F%2Fcheckout.lululemonstudio.ca%2F&m=%7B%22source%22%3A%22a%22%7D&cb=1720018388615&evs=%5B%7B%22vendor%22%3A8%2C%22id%22%3A%2235aaf143-f3bb-40e6-b629-6b229a4ea4d8%22%7D%5D
Requested by
Host: cdn.attn.tv
URL: https://cdn.attn.tv/tag/4-latest/unified-tag.js?v=4-latest_6c714ccac7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.39.221 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 14:53:08 GMT
strict-transport-security
max-age=31536000 ; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
x-frame-options
DENY
access-control-expose-headers
Set-Cookie, X-Count, X-Token
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-envoy-upstream-service-time
28
cf-ray
89d7b41148ab39dd-YYZ
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
zMM.js
cdn.attn.tv/growth-tag-assets/client-configs/ 		0
384 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.attn.tv/growth-tag-assets/client-configs/zMM.js
Requested by
Host: cdn.attn.tv
URL: https://cdn.attn.tv/tag/4-latest/unified-tag.js?v=4-latest_6c714ccac7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.85.151.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-151-39.iad89.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
kGJjc2HxNgGNuk_7UqP1h9o.liqWLb8I
content-encoding
via
1.1 ac28147bf6a75debb0811f62b6224e6e.cloudfront.net (CloudFront)
date
Wed, 03 Jul 2024 11:56:51 GMT
last-modified
Mon, 17 Dec 2018 20:59:49 GMT
server
AmazonS3
x-amz-cf-pop
IAD89-C3
age
10578
etag
"d41d8cd98f00b204e9800998ecf8427e"
vary
Accept-Encoding
x-cache
Error from cloudfront
content-type
text/javascript
accept-ranges
bytes
content-length
0
x-amz-cf-id
6u4xWBC7yiVPUp_H81Jvr_oDH58zjEz7MCEFnsLZD7cUKu-iCtZ95w==
unrenderedCreative
mirror-ca.attn.tv/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://mirror-ca.attn.tv/unrenderedCreative?v=4.37.9&r=https%3A%2F%2Fcheckout.lululemonstudio.ca%2F&id=babfcccf99e34f2787e7c1c7a5c3680c&pv=1&l=https%3A%2F%2Fwww.lululemonstudio.ca%2F&w=1600&h=1200&ss_ref=https%3A%2F%2Fcheckout.lululemonstudio.ca%2F&f=2
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/_next/static/chunks/main-bdb5b6b4256f375d.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.144.121 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 03 Jul 2024 14:53:08 GMT
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
28
cf-ray
89d7b4114dd6ab27-YYZ
alt-svc
h3=":443"; ma=86400
favicon.ico
www.lululemonstudio.ca/ 		1 KB
701 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.lululemonstudio.ca/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.6.91 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
91db6a7827b1ba906ea4b90d0c733e33e69023766c42cb158a09dc438f66c742
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.lululemonstudio.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 14:53:08 GMT
via
1.1 60c77d7f2a0954d991174a909a828016.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
cf-cache-status
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
YTO50-P1
age
81
content-encoding
gzip
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 25 Apr 2024 17:14:41 GMT
server
cloudflare
etag
W/"5d1fe955cb466265c0ebfa4d3cf9e9c8"
vary
Accept-Encoding
x-frame-options
DENY
content-type
image/vnd.microsoft.icon
cache-control
public, max-age=14400
permissions-policy
geolocation=(self)
cf-ray
89d7b4116b503a00-YYZ
x-amz-cf-id
2vsyBpZLHrffbu8elJGU989EhmwwvKsX49w45xVuRh8DDZ7NGDEwqQ==
expires
Wed, 03 Jul 2024 18:53:08 GMT
favicon-32x32.png
www.lululemonstudio.ca/ 		6 KB
6 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.lululemonstudio.ca/favicon-32x32.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.6.91 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e7502e0a0103769fa716c86207f6062fdaf34ad5780c8b18f6bc87fb8bc73698
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.lululemonstudio.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 14:53:08 GMT
via
1.1 1bffd64b2a2fa20ecc97fd2f8e605ec4.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self' https://*.affirm.ca https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.ca https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none'
cf-cache-status
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
YUL62-P2
age
81
x-cache
Hit from cloudfront
content-length
6352
x-xss-protection
1; mode=block
referrer-policy
same-origin
last-modified
Thu, 25 Apr 2024 17:14:41 GMT
server
cloudflare
etag
"4482156ee5daf05cef544815a868599b"
vary
Accept-Encoding
x-frame-options
DENY
content-type
image/png
cache-control
public, max-age=14400
permissions-policy
geolocation=(self)
accept-ranges
bytes
cf-ray
89d7b411ab893a00-YYZ
x-amz-cf-id
865oVZUx54x5iiZRQHqtaVkO5dgfpeb895vj9bTy87Kqqj9tELjInQ==
expires
Wed, 03 Jul 2024 18:53:08 GMT
graphql
checkout.lululemonstudio.ca/api/2022-10/ 		1 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://checkout.lululemonstudio.ca/api/2022-10/graphql
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/_next/static/chunks/main-bdb5b6b4256f375d.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.74 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
shops.myshopify.com
Software
cloudflare /
Resource Hash
650f7548567b6087915ac6b0f65e9249b899a31545ba7568b101e24d4efae6a4
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
X-SDK-Version
2.17.1
Accept-Language
*
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
X-SDK-Variant
javascript
Content-Type
application/json
Accept
application/json
X-Shopify-Storefront-Access-Token
a793ef718fe256e2f8ec70b56cbb9f92
Referer
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 14:53:08 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
content-encoding
gzip
x-shopify-api-version
2023-07
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-northamerica-northeast2,gcp-us-central1,gcp-us-central1
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
x-shopify-api-version-warning
https://shopify.dev/concepts/about-apis/versioning
server-timing
processing;dur=165, db;dur=4, fetch;dur=129, asn;desc="212238", edge;desc="YUL", country;desc="CA", servedBy;desc="7bht", graphql;desc="storefront/query/other", gqlSelectionNames;desc="sfr/node", requestID;desc="45cc73f2-4713-4a84-bd43-75a8b020b9a7-1720018388", cfRequestDuration;dur=226.000071
powered-by
Shopify
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-sorting-hat-shopid
69030576428
x-request-id
45cc73f2-4713-4a84-bd43-75a8b020b9a7-1720018388
x-shardid
299
x-storefront-renderer-rendered
1
server
cloudflare
x-shopid
69030576428
vary
Accept-Encoding, Accept
x-frame-options
DENY
content-type
application/json; charset=utf-8
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WVOACO7K%2Be7B58L1Nh7m20%2FRGyt5UtqEGalauCVOMBk%2Flf908GCe6jJ%2Fb73mmdPUzBFD%2FbAb1NN173JkMLw%2Bw1wZbiXMB5OFp5rcu3DkQ6n6kpDJJiQvW2yTttnP%2BkhpVNecke95kxQp3UnPDw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-language
en
x-download-options
noopen
cf-ray
89d7b411ca754bb9-YUL
x-sorting-hat-podid
299
graphql
checkout.lululemonstudio.ca/api/2022-10/ 		1 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://checkout.lululemonstudio.ca/api/2022-10/graphql
Requested by
Host: www.lululemonstudio.ca
URL: https://www.lululemonstudio.ca/_next/static/chunks/main-bdb5b6b4256f375d.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.74 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
shops.myshopify.com
Software
cloudflare /
Resource Hash
5b3b55ee1200b14f642f0f0072f41a23db64b4155cd2a6b11fa8464b14ca2a49
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
X-SDK-Version
2.17.1
Accept-Language
*
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
X-SDK-Variant
javascript
Content-Type
application/json
Accept
application/json
X-Shopify-Storefront-Access-Token
a793ef718fe256e2f8ec70b56cbb9f92
Referer
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 14:53:09 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
content-encoding
gzip
x-shopify-api-version
2023-07
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-northamerica-northeast2,gcp-us-central1,gcp-us-central1
x-content-type-options
nosniff
x-shopify-api-deprecated-reason
https://shopify.dev/api/usage/versioning#deprecation-practices
x-permitted-cross-domain-policies
none
x-shopify-api-version-warning
https://shopify.dev/concepts/about-apis/versioning
server-timing
processing;dur=355, db;dur=7, fetch;dur=204, asn;desc="212238", edge;desc="YUL", country;desc="CA", servedBy;desc="f5m2", graphql;desc="storefront/mutation/other", gqlSelectionNames;desc="sfr/checkoutAttributesUpdateV2", requestID;desc="6f663eb3-a13a-4ced-8f55-70eba4f9275a-1720018389", cfRequestDuration;dur=411.999941
powered-by
Shopify
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-sorting-hat-shopid
69030576428
x-request-id
6f663eb3-a13a-4ced-8f55-70eba4f9275a-1720018389
x-shardid
299
x-storefront-renderer-rendered
1
server
cloudflare
x-shopid
69030576428
vary
Accept-Encoding, Accept
x-frame-options
DENY
content-type
application/json; charset=utf-8
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Iw4lC9j3NjkuYiPIJp5%2FOq4kx0zScpS96fvyeGIUGgn8B3EaNJg5%2F8JQHMxL4qtBZMTF6BfuMvY1p%2BPCd%2Bhu%2Fjx%2F5UGRgppAj3A31sKq1lnHMWxJM7yhktC0DzhEdNfagzrWXD%2FqAj4P6%2BelsA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-language
en
x-download-options
noopen
cf-ray
89d7b4136cda4bb9-YUL
x-sorting-hat-podid
299
trusted-types-checker-efd8cf45ce422659c098993bfc62531b.js
js.stripe.com/v3/fingerprinted/js/ 		176 B
670 B 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/fingerprinted/js/trusted-types-checker-efd8cf45ce422659c098993bfc62531b.js
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.125.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-125-72.iad61.r.cloudfront.net
Software
Cloudfront /
Resource Hash
07b6b3d899dd69c0e9eb463e23e10e30e82588eddf95d15d45bb505c6703a813
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 14:45:34 GMT
via
1.1 412b51478c24c00d9c9185312b00ffd0.cloudfront.net (CloudFront)
x-content-type-options
nosniff
strict-transport-security
max-age=31556926; includeSubDomains; preload
age
459
x-amz-cf-pop
IAD61-P3
x-cache
Hit from cloudfront
content-length
176
last-modified
Fri, 14 Jun 2024 20:01:05 GMT
server
Cloudfront
etag
"96f5b26d366f47393b3ff36fe7471474"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
4tyOXkDZE9BkA59O6VXDi87GutsCWfdZ3xLXT5iJqZ4ibptxdfN_gg==

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
shop.app
URL
https://shop.app/checkouts/internal/preloads.js?locale=en-CA&shop_id=69030576428
Domain
checkout.lululemonstudio.ca
URL
https://checkout.lululemonstudio.ca/cdn/shopifycloud/shopify/assets/storefront/load_feature-9f951eb7d8d53973c719de211f807d63af81c644e5b9a6ae72661ac408d472f6.js
Domain
checkout.lululemonstudio.ca
URL
https://checkout.lululemonstudio.ca/cdn/shopifycloud/shopify/assets/storefront/features-1c0b396bd4d054b94abae1eb6a1bd6ba47beb35525c57a217c77a862ff06d83f.js
Domain
checkout.lululemonstudio.ca
URL
https://checkout.lululemonstudio.ca/cdn/shop/t/1/compiled_assets/scripts.js?103
Domain
checkout.lululemonstudio.ca
URL
https://checkout.lululemonstudio.ca/cdn/shop/t/1/assets/base.css?v=88290808517547527771670594060
Domain
api.fastbundle.co
URL
https://api.fastbundle.co/react-src/static/js/main.min.js?rgn=889701
Domain
api.fastbundle.co
URL
https://api.fastbundle.co/scripts/cart.js?rgn=889701

Verdicts & Comments Add Verdict or Comment

76 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 undefined| event object| fence object| sharedStorage object| analytics string| ire_o function| ire object| _affirm_config object| affirm object| webpackChunk_N_E object| __SENTRY__ undefined| __sentryRewritesTunnelPath__ object| SENTRY_RELEASE string| __rewriteFramesAssetPrefixPath__ function| __next_require__ object| next object| __NEXT_DATA__ function| __SSG_MANIFEST_CB object| __NEXT_P object| _N_E object| irEvent object| perfMetrics function| __NEXT_PRELOADREADY object| __MIDDLEWARE_MATCHERS object| __BUILD_MANIFEST object| __SSG_MANIFEST object| webpackChunkStripeJSouter function| noop function| Stripe object| webpackChunk_segment_analytics_next string| analyticsWriteKey object| __SEGMENT_INSPECTOR__ object| AnalyticsNext object| facebook-pixelDeps function| facebook-pixelLoader object| fullstoryDeps function| fullstoryLoader object| google-tag-managerDeps function| google-tag-managerLoader object| webpackJsonp_name_Integration function| setImmediate function| clearImmediate function| facebook-pixelIntegration function| _fbq function| fbq function| fullstoryIntegration boolean| _fs_is_outer_script boolean| _fs_debug string| _fs_host string| _fs_script string| _fs_org string| _fs_namespace function| FS function| google-tag-managerIntegration object| dataLayer string| _fs_loaded function| _fs_shutdown object| google_tag_manager object| google_tag_data boolean| isMobile object| script boolean| __attnLoaded object| attn_d0x0b_evt object| attentive string| __attentive_domain object| __attentive object| __attentive_cfg boolean| __poll_for_path_change string| attn_d0x0b_cfg function| _defineProperty object| Kustomer object| webpackChunkchat_web

29 Cookies

Domain/Path Name / Value
checkout.lululemonstudio.ca/ Name: keep_alive
Value: d5710e5b-2611-43be-b874-444c73243f34
checkout.lululemonstudio.ca/ Name: secure_customer_sig
Value:
checkout.lululemonstudio.ca/ Name: localization
Value: CA
.lululemonstudio.ca/ Name: _tracking_consent
Value: %7B%22con%22%3A%7B%22CMP%22%3A%7B%22a%22%3A%22%22%2C%22m%22%3A%22%22%2C%22p%22%3A%22%22%2C%22s%22%3A%22%22%7D%7D%2C%22v%22%3A%222.1%22%2C%22region%22%3A%22CAON%22%2C%22reg%22%3A%22%22%7D
.lululemonstudio.ca/ Name: _cmp_a
Value: %7B%22purposes%22%3A%7B%22a%22%3Atrue%2C%22p%22%3Atrue%2C%22m%22%3Atrue%2C%22t%22%3Atrue%7D%2C%22display_banner%22%3Afalse%2C%22sale_of_data_region%22%3Afalse%7D
.lululemonstudio.ca/ Name: _shopify_y
Value: 35aaf143-f3bb-40e6-b629-6b229a4ea4d8
.lululemonstudio.ca/ Name: _shopify_s
Value: ea6db51e-3ab8-4f00-8ae7-ffcafbd3df37
.lululemonstudio.ca/ Name: _orig_referrer
Value:
.lululemonstudio.ca/ Name: _landing_page
Value: %2F
checkout.lululemonstudio.ca/ Name: receive-cookie-deprecation
Value: 1
.affirm.ca/ Name: _cfuvid
Value: 1YkPASfBP_MmT240my.Z7Lfvur.Bv_qaUV5gi_FSJhk-1720018386980-0.0.1.1-604800000
.affirm.ca/ Name: tracker_device
Value: 2261d332-8462-49b8-9eaa-d3d84128ccb0
.affirm.ca/ Name: t_v2_s
Value: IjIyNjFkMzMyLTg0NjItNDliOC05ZWFhLWQzZDg0MTI4Y2NiMCI.GWb3Uw.XXMOq2BX6iWgOAFrcb_DzXQPl_s
.affirm.ca/ Name: 3060738.3440491
Value: 2261d332-8462-49b8-9eaa-d3d84128ccb0
api-cf.affirm.ca/ Name: session
Value: eyJfcGVybWFuZW50Ijp0cnVlfQ.GWb3Uw.x8GIpvc45q_muSxJzLorB4msYSc
www.lululemonstudio.ca/ Name: tracker_device
Value: 2261d332-8462-49b8-9eaa-d3d84128ccb0
www.lululemonstudio.ca/ Name: mirror_marketingTokens
Value: %7B%7D
.lululemonstudio.ca/ Name: ajs_anonymous_id
Value: e3b1c02d-2b56-41e6-b6e1-72a6a4baea16
.lululemonstudio.ca/ Name: _gcl_au
Value: 1.1.912046667.1720018388
m.stripe.com/ Name: m
Value: c24209dc-2430-47fb-a116-c859182d1bfbca6187
.www.lululemonstudio.ca/ Name: __stripe_mid
Value: f770cd62-24dc-4c76-a15d-9e14e5fbcef292335e
.www.lululemonstudio.ca/ Name: __stripe_sid
Value: 2dfd1f56-8bac-4171-9ded-8c2c15f02fa0d93099
.lululemonstudio.ca/ Name: _fbp
Value: fb.1.1720018388474.551095919122156511
www.lululemonstudio.ca/ Name: __attentive_id
Value: babfcccf99e34f2787e7c1c7a5c3680c
www.lululemonstudio.ca/ Name: _attn_
Value: eyJ1Ijoie1wiY29cIjoxNzIwMDE4Mzg4NjExLFwidW9cIjoxNzIwMDE4Mzg4NjExLFwibWFcIjoyMTkwMCxcImluXCI6ZmFsc2UsXCJ2YWxcIjpcImJhYmZjY2NmOTllMzRmMjc4N2U3YzFjN2E1YzM2ODBjXCJ9In0=
www.lululemonstudio.ca/ Name: __attentive_cco
Value: 1720018388613
www.lululemonstudio.ca/ Name: __attentive_pv
Value: 1
www.lululemonstudio.ca/ Name: __attentive_ss_referrer
Value: https://checkout.lululemonstudio.ca/
www.lululemonstudio.ca/ Name: __attentive_dv
Value: 1

2 Console Messages

Source Level URL
Text
security error URL: https://www.lululemonstudio.ca/_next/static/chunks/main-bdb5b6b4256f375d.js(Line 31)
Message:
Refused to connect to 'https://cdn-assets.affirm.com/upfunnel/experiments/axpV2ExperimentList.json' because it violates the following Content Security Policy directive: "connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.ca https://refinemirror.com https://*.affirm.ca https://mirror-ca.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai".
javascript error URL: https://www.lululemonstudio.ca/_next/static/chunks/main-bdb5b6b4256f375d.js(Line 31)
Message:
Refused to connect to 'https://cdn-assets.affirm.com/upfunnel/experiments/axpV2ExperimentList.json' because it violates the document's Content Security Policy.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
Strict-Transport-Security max-age=7889238
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api-cf.affirm.ca
api.fastbundle.co
api.segment.io
cdn.attn.tv
cdn.kustomerapp.com
cdn.segment.com
cdn1.affirm.ca
checkout.lululemonstudio.ca
connect.facebook.net
d.impactradius-event.com
edge.fullstory.com
events.attentivemobile.com
js.stripe.com
lululemonstudio.ca
mirror-ca.attn.tv
mirrorcanada.com
o251128.ingest.sentry.io
res.cloudinary.com
rs.fullstory.com
shop.app
www.affirm.ca
www.facebook.com
www.googletagmanager.com
www.lululemonstudio.ca
api.fastbundle.co
checkout.lululemonstudio.ca
shop.app
104.17.201.1
104.18.39.221
104.18.6.91
104.22.72.81
157.240.229.35
172.217.222.97
172.64.144.121
172.66.0.33
172.67.72.134
23.227.38.74
3.162.125.52
3.162.125.72
31.13.66.19
34.120.195.249
35.186.194.58
35.186.249.72
35.201.112.186
35.81.90.104
52.85.151.31
52.85.151.39
99.86.191.237
04659a7aed58fabd452d5e2366b807334200dfb8ebe0e96772cc6693d1249154
05dae9f297cc19f31afe3b53098189e62607770e6558501ccf58a96b1a77ff6f
07b6b3d899dd69c0e9eb463e23e10e30e82588eddf95d15d45bb505c6703a813
0fa259074104b93c02a4c7e2a3406342319f1198fe963bff9b763598efc16153
129151ed0140041b198ce3b364a11861a3b5baa5bb60475ebf7bedb9b0fc94d6
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
13267b296d4b99ecb040096c2c25623d956c3e55f566394c82e7118ce0110618
16ff004c190366bb7eb1d508846eb8a0c2c13b49c9fffe8a01f215ce617f7f3c
1aea165a1bb393798a8d20189157b0f7a799c6d7ae2d5c9b59a700e15acec14e
1d0667e54a00f30645b5868bd2449847bf81b6ea71359aba4131297242a8c527
24e30cf2d40cc2c5491d52c13154e7e0a505a5ae6e3e21977ed16e024d4542bd
265ac7549793e4b9d51f8ab19acc8518770ace94078790776b3ac34eb47e1bbd
2b866cd31cb4e4919fc0014d7ac0467f8b54f15164ea55e7da8a13d79aa21ddd
2e3d9b18a8789368048a194b45df371e62405b06a2453c017b93b83249bca043
31892c21ae4fb908a875bbe29dbf0df74c2e84171cfbcac23540f3ad8222a35a
3437f195c3f03e93049d9ef9c9e79b2ebeb8b97339a268cf2d6e4ab38aee09c5
4338750fa2f43cdf25347ae756edeedcafd30b143c02e34ec85c59a9d9571621
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4575dcb8875ca8339c98104a93c76910e92ff796cdf4c981969add0692c00afb
4df53644d1c9fd651ccfd697977eb07d94cd744b0a4997568d67cc25ef44e483
5a2eefae024aa225bafa843e5b5a702b795eae8543ebf10c5839f3bbdc6c8fd4
5b3b55ee1200b14f642f0f0072f41a23db64b4155cd2a6b11fa8464b14ca2a49
61140c1682991b3e5389a6d118010c3dceb880670d9549012fda12ff4eea56e3
63bae03aa97278acb1d6f7863e593999bbdc5d280d2fa5a3050f234ce5eee850
650f7548567b6087915ac6b0f65e9249b899a31545ba7568b101e24d4efae6a4
65a922c0452064cda92b70d8299b4f9e01b14e7dd8d05b93f7bfa354a887f1df
65fa52c6e32a6c47bcd57ff4e77fb165e72ac1f43872dbf5495b0167156d9993
676d33bdcc1ce8919249566c6dd5f42e3ffc68469e50fce0ed8634efd9f5743d
67bab36d7f31001c4fb77e154c171d143cef2b459b15e38403455cb23ef56593
67cf74fc128846917976d821404b0d9c797977bdd493ba6b0f671700ec1288e7
7276e79c9f3b182f8635969effac5c153a7337c69016c34050a60b605e97a1d0
746b95a55ec0a56a74120fcbba61801fdd50376e6989feecd5943de920e40f41
76295d9581aaf7a383a5b58602be57b3465de8b544bf67cb5d88b49ca4a6320c
7c49145d8f516fcd695181edfba284494f1b35e751d9a07c2bab1a6f65a9e567
7caf52de3e6fc20e8cdb4d10dd28cd6f0befc91c5f17513b576235cc34afdecc
80e325718f3ed0f6bfe1bd0a2a5a99d23d71a9da41931b71cc6ba5bdb0f1c0bf
8c6b5de616eabf348a1fd3cc8839a6d57670dcdc164c81f690a3ff5b504002d2
91db6a7827b1ba906ea4b90d0c733e33e69023766c42cb158a09dc438f66c742
924aebf24af414b12986f4af470b2ac7b61d765897f9e222c0af15805de9ae40
93556cb372c7b9880be87263655939373433a91ea0db753747f5d8cba2faf51c
952352fe3321370ea924646c4d7da089ce9e856f5bb11155c206e4bcd81537a1
9cbf292d35cc8fb17c91e3876798f3ae889146c8ae148e41a94a9fa38a5d98a5
9e2189d573b1df3fd3c684ba1f9ad2ad5cd2f8394f14dde87b5fde495bea200c
9e86b08a0d8849527cdd52c214c04c1c7e3e151415acf94fdab46c2241ce6252
9e9c227133e054d03eb9712707f65dd97dbd6bb0bdc61959dcd91735faef33e2
a3b76111f14dc848b243a4c8a55afe3a50294438f67d81548276c15249371fed
a6469c35e86aa2a57efb2d2f5e0ca4173f73028c5fc78b6faa2a24642498302c
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
aff223626e220bb12d8ef0d64e9f9115d47e418f14846c9bdc6a42207515246c
b3a8c929ac8c59664cffbd61440d2b4b3e5c0e36a993fbe7c369020de06fd288
c09f82b6d785a5439fa7428f543d0e547edfdd7161922e457db1b18a5bf380b9
d006f4b0cfa518771c8110427114b1810398480b52889c7da5077a38c632a55b
da4ab6947ea5b44c0677dc7973feedc565729d8a80ebd71449afab8f2caafbd0
db432405a21b948e9c297ee67a2452374c0796da6dcf4f801b7a704bd2f09f8a
e289fcd0035898060454821d7f520d2d48d6fb5c7fde5dc30d643f0c0df4d807
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7502e0a0103769fa716c86207f6062fdaf34ad5780c8b18f6bc87fb8bc73698
e90a1b65a7a4d63915c162adcf60ecee4e49ac1fedf29b7fd81179f24c1bf669
e9d248e116f7d511201f0389e6ac80c7fb7dc61e7344df9c624d4322430ccb95
e9fda204818eb76752b45ba07f2a3357507dfbd1ffac18a8badebda6f96feab7
f10252fe142b0be97fb24a4d65d6aaa484a8718251b2fe9831a65641fbc16069
f971e914c5f85367f1290c947fcc45e1d0289aaed8c9f053ace1835996a2584b
f9d958244809bfacae51a9bed8a61afe5a233cec9ad74b040601d6364747f0f3
fcbcf165908dd18a9e49f7ff27810176db8e9f63b4352213741664245224f8aa