Submitted URL: http://heartloom.us/
Effective URL: https://www.heartloom.us/
Submission Tags: @phish_report
Submission: On April 01 via api from FI — Scanned from US

Summary

This website contacted 31 IPs in 4 countries across 26 domains to perform 127 HTTP transactions. The main IP is 172.67.208.248, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.heartloom.us.
TLS certificate: Issued by E1 on April 1st 2024. Valid for: 3 months.
This is the only time www.heartloom.us was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
12 172.67.208.248 13335 (CLOUDFLAR...)
1 2607:f8b0:400... 15169 (GOOGLE)
1 50.116.10.10 63949 (AKAMAI-LI...)
7 2620:127:f00f... 13335 (CLOUDFLAR...)
3 185.146.173.20 13335 (CLOUDFLAR...)
7 23.227.38.74 13335 (CLOUDFLAR...)
3 2600:1408:900... 20940 (AKAMAI-ASN1)
15 151.101.130.133 54113 (FASTLY)
2 2607:f8b0:400... 15169 (GOOGLE)
3 157.230.5.204 14061 (DIGITALOC...)
1 1 104.26.8.183 13335 (CLOUDFLAR...)
7 2606:4700:20:... 13335 (CLOUDFLAR...)
1 151.101.130.202 54113 (FASTLY)
2 2600:9000:269... 16509 (AMAZON-02)
20 23.227.60.200 13335 (CLOUDFLAR...)
2 2a03:2880:f00... 32934 (FACEBOOK)
10 3.162.3.82 16509 (AMAZON-02)
3 151.101.194.133 54113 (FASTLY)
1 2607:f8b0:400... 15169 (GOOGLE)
1 35.190.59.101 15169 (GOOGLE)
2 35.201.67.47 396982 (GOOGLE-CL...)
2 35.190.91.160 15169 (GOOGLE)
1 2a03:2880:f10... 32934 (FACEBOOK)
8 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 2600:9000:26a... 16509 (AMAZON-02)
1 2600:9000:21a... 16509 (AMAZON-02)
2 172.67.223.1 13335 (CLOUDFLAR...)
1 104.16.123.96 13335 (CLOUDFLAR...)
3 3.161.213.124 16509 (AMAZON-02)
127 31
Apex Domain
Subdomains
Transfer
26 klaviyo.com
static.klaviyo.com — Cisco Umbrella Rank: 3219
static-tracking.klaviyo.com — Cisco Umbrella Rank: 4111
fast.a.klaviyo.com — Cisco Umbrella Rank: 4300
static-forms.klaviyo.com — Cisco Umbrella Rank: 3986
a.klaviyo.com — Cisco Umbrella Rank: 3937
156 KB
20 shopify.com
cdn.shopify.com — Cisco Umbrella Rank: 2158
1 MB
13 heartloom.us
heartloom.us
www.heartloom.us
114 KB
11 myshopify.com
heartloom-com.myshopify.com
565 KB
10 loyaltylion.net
sdk.loyaltylion.net — Cisco Umbrella Rank: 23412
211 KB
7 tidiochat.com
widget-v4.tidiochat.com — Cisco Umbrella Rank: 22518
354 KB
6 skimresources.com
s.skimresources.com — Cisco Umbrella Rank: 4626
r.skimresources.com — Cisco Umbrella Rank: 4464
t.skimresources.com — Cisco Umbrella Rank: 4730
p.skimresources.com — Cisco Umbrella Rank: 5872
20 KB
4 cloudfront.net
d38xvr37kwwhcm.cloudfront.net
d3k81ch9hvuctc.cloudfront.net
2 MB
3 heartloom.com
www.heartloom.com
58 KB
3 foursixty.com
foursixty.com — Cisco Umbrella Rank: 30409
71 KB
3 yotpo.com
cdn-widgetsrepository.yotpo.com — Cisco Umbrella Rank: 8815
37 KB
2 product-image-zoom.com
full-page-zoom.product-image-zoom.com — Cisco Umbrella Rank: 428022
50 KB
2 rise-ai.com
str.rise-ai.com — Cisco Umbrella Rank: 22047
strn.rise-ai.com — Cisco Umbrella Rank: 22294
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 182
70 KB
2 afterpay.com
static-us.afterpay.com — Cisco Umbrella Rank: 27545
77 KB
2 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 91
17 KB
2 shop.app
shop.app — Cisco Umbrella Rank: 2862
3 KB
1 cloudflare.com
www.cloudflare.com — Cisco Umbrella Rank: 6038
411 B
1 route.com
shopify-widget.route.com — Cisco Umbrella Rank: 28324
14 KB
1 shopifyapps.com
geolocation-recommendations.shopifyapps.com — Cisco Umbrella Rank: 7717
1 KB
1 facebook.com
www.facebook.com — Cisco Umbrella Rank: 100
274 B
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 35
1 KB
1 tidio.co
code.tidio.co — Cisco Umbrella Rank: 17261
486 B
1 addons.business
cozygallery.addons.business — Cisco Umbrella Rank: 413304
5 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 42
49 KB
0 xotiny.com Failed
cdn.xotiny.com Failed
127 26
Domain Requested by
20 cdn.shopify.com www.heartloom.us
heartloom-com.myshopify.com
14 static.klaviyo.com www.heartloom.us
static.klaviyo.com
12 www.heartloom.us www.heartloom.us
heartloom-com.myshopify.com
11 heartloom-com.myshopify.com www.heartloom.us
heartloom-com.myshopify.com
10 sdk.loyaltylion.net www.heartloom.us
sdk.loyaltylion.net
heartloom-com.myshopify.com
8 a.klaviyo.com heartloom-com.myshopify.com
7 widget-v4.tidiochat.com www.heartloom.us
code.tidio.co
3 d3k81ch9hvuctc.cloudfront.net
3 www.heartloom.com heartloom-com.myshopify.com
3 foursixty.com www.heartloom.us
foursixty.com
heartloom-com.myshopify.com
3 cdn-widgetsrepository.yotpo.com www.heartloom.us
cdn-widgetsrepository.yotpo.com
2 full-page-zoom.product-image-zoom.com www.heartloom.us
heartloom-com.myshopify.com
2 p.skimresources.com www.heartloom.us
2 t.skimresources.com www.heartloom.us
heartloom-com.myshopify.com
2 static-tracking.klaviyo.com static.klaviyo.com
2 connect.facebook.net www.heartloom.us
connect.facebook.net
2 static-us.afterpay.com www.heartloom.us
2 stats.g.doubleclick.net www.heartloom.us
2 shop.app www.heartloom.us
heartloom-com.myshopify.com
1 www.cloudflare.com heartloom-com.myshopify.com
1 shopify-widget.route.com www.heartloom.us
1 geolocation-recommendations.shopifyapps.com www.heartloom.us
1 d38xvr37kwwhcm.cloudfront.net www.heartloom.us
1 strn.rise-ai.com www.heartloom.us
1 str.rise-ai.com www.heartloom.us
1 www.facebook.com www.heartloom.us
1 r.skimresources.com heartloom-com.myshopify.com
1 fonts.googleapis.com sdk.loyaltylion.net
1 static-forms.klaviyo.com heartloom-com.myshopify.com
1 fast.a.klaviyo.com heartloom-com.myshopify.com
1 s.skimresources.com www.heartloom.us
1 code.tidio.co 1 redirects
1 cozygallery.addons.business www.heartloom.us
1 www.googletagmanager.com www.heartloom.us
1 heartloom.us 1 redirects
0 cdn.xotiny.com Failed www.heartloom.us
127 36

This site contains links to these domains. Also see Links.

Domain
instagram.com
www.facebook.com
www.shareasale.com
Subject Issuer Validity Valid
heartloom.us
E1
2024-04-01 -
2024-06-30
3 months crt.sh
*.google-analytics.com
GTS CA 1C3
2024-03-04 -
2024-05-27
3 months crt.sh
boltoze.com
R3
2024-03-22 -
2024-06-20
3 months crt.sh
myshopify.com
E1
2024-02-14 -
2024-05-14
3 months crt.sh
shop.app
E1
2024-03-27 -
2024-06-25
3 months crt.sh
*.yotpo.com
DigiCert TLS RSA SHA256 2020 CA1
2024-01-30 -
2025-01-29
a year crt.sh
static.klaviyo.com
R3
2024-03-13 -
2024-06-11
3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3
2024-03-04 -
2024-05-27
3 months crt.sh
foursixty.com
Go Daddy Secure Certificate Authority - G2
2023-09-29 -
2024-10-30
a year crt.sh
*.skimresources.com
GlobalSign Atlas R3 DV TLS CA 2023 Q2
2023-07-07 -
2024-08-07
a year crt.sh
static-us.afterpay.com
Amazon RSA 2048 M03
2023-11-20 -
2024-12-17
a year crt.sh
cdn.shopify.com
E1
2024-03-05 -
2024-06-03
3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2024-01-10 -
2024-04-09
3 months crt.sh
loyaltylion.net
Amazon RSA 2048 M02
2023-06-26 -
2024-07-24
a year crt.sh
www.heartloom.com
R3
2024-03-25 -
2024-06-23
3 months crt.sh
static-tracking.klaviyo.com
R3
2024-03-21 -
2024-06-19
3 months crt.sh
fast.a.klaviyo.com
R3
2024-03-13 -
2024-06-11
3 months crt.sh
static-forms.klaviyo.com
R3
2024-02-20 -
2024-05-20
3 months crt.sh
upload.video.google.com
GTS CA 1C3
2024-03-04 -
2024-05-27
3 months crt.sh
tidiochat.com
GTS CA 1P5
2024-03-17 -
2024-06-15
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2023-06-24 -
2024-06-23
a year crt.sh
rise-ai.com
GTS CA 1P5
2024-03-28 -
2024-06-26
3 months crt.sh
*.cloudfront.net
Amazon RSA 2048 M01
2023-10-10 -
2024-09-19
a year crt.sh
geolocation-recommendations.shopifyapps.com
E1
2024-02-21 -
2024-05-21
3 months crt.sh
*.route.com
Amazon RSA 2048 M02
2024-03-23 -
2025-04-21
a year crt.sh
product-image-zoom.com
GTS CA 1P5
2024-03-25 -
2024-06-23
3 months crt.sh
www.cloudflare.com
GTS CA 1P5
2024-03-14 -
2024-06-12
3 months crt.sh

This page contains 4 frames:

Primary Page: https://www.heartloom.us/
Frame ID: 8D1BB0BCF36059194745FBC22A066494
Requests: 118 HTTP requests in this frame

Frame: https://t.skimresources.com/api/v2/robots.txt?__skimjs_preflight__please_ignore__=true&rnd=0.6444310996894766
Frame ID: 150077DC206951EEA107D2E2F983FF01
Requests: 1 HTTP requests in this frame

Frame: https://widget-v4.tidiochat.com/1_221_0/static/js/chunk-WidgetIframe-707c4e63902039f00217.js
Frame ID: C9FE27022C6915445E99C8EC9D06D000
Requests: 5 HTTP requests in this frame

Frame: https://widget-v4.tidiochat.com/fonts/mulish_SGhgqk3wotYKNnBQ.woff2
Frame ID: 9E64B5219578EA2BA08F5A15E22C71F1
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

Heartloom Official Website

Page URL History Show full URLs

  1. http://heartloom.us/ HTTP 307
    https://heartloom.us/ HTTP 301
    https://www.heartloom.us/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <script id="apple-pay

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Overall confidence: 100%
Detected patterns

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • klaviyo\.com

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

127
Requests

97 %
HTTPS

47 %
IPv6

26
Domains

36
Subdomains

31
IPs

4
Countries

4930 kB
Transfer

7853 kB
Size

26
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://heartloom.us/ HTTP 307
    https://heartloom.us/ HTTP 301
    https://www.heartloom.us/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 15
  • https://code.tidio.co/us8tyygsqav9vkjo4ijrgeamgy1wyyry.js HTTP 302
  • https://widget-v4.tidiochat.com/1_221_0/static/js/render.707c4e63902039f00217.js

127 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
www.heartloom.us/
Redirect Chain
  • http://heartloom.us/
  • https://heartloom.us/
  • https://www.heartloom.us/
130 KB
28 KB
Document
General
Full URL
https://www.heartloom.us/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.208.248 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3c56dcfe3c59504834a78fcf9827646d79d5b3fb11318d1ed70fa1ecbcc85240
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
86da266e6e2622f8-ORD
content-encoding
br
content-type
text/html; charset=UTF-8
date
Mon, 01 Apr 2024 17:03:01 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FxQnUJ6j6kCBZF5UBc2Ayz2UQUfkSEpGNZqg1BBEZjee%2BILrdQhKSsfchHIjqup513HBO4zeAobCeqxxgOA7ssN5Ty%2B12itmAEyfRVw46Chr%2Bv6OP3%2F0BgBVlJINKlwcvf3s"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
86da266cad384bbb-BUF
content-type
text/html; charset=UTF-8
date
Mon, 01 Apr 2024 17:03:00 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
location
https://www.heartloom.us/
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Nu1nkVCXmrQkC54OJjnIB2hvKY5du0dfPU0pcxF8UHR6aIm7e%2BXA1qkltqSlqSafpSJ2qxy%2BwLiTeYk%2Bp%2BnRhRRhoOuemQqDzvmnOe9xgBlSIO2%2BD8UEqo8AmKTSWqGDPY4Nx7HQ8Iyd64s%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding
js
www.googletagmanager.com/gtag/
128 KB
49 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=31217492-1
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c19::61 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
935fc3bfd905f426f7043ab48d1dae7f931ee270fa874f970f19f72f10f2b863
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:01 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
50179
x-xss-protection
0
last-modified
Mon, 01 Apr 2024 15:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 01 Apr 2024 17:03:01 GMT
cziframeagent.js
cozygallery.addons.business/embed/
14 KB
5 KB
Script
General
Full URL
https://cozygallery.addons.business/embed/cziframeagent.js?shop=Heartloom.us.myshopify.com
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
50.116.10.10 Fremont, United States, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG),
Reverse DNS
li456-10.members.linode.com
Software
FBS / erlang
Resource Hash
8576a8df9dda73acda35a1029ba73984c9cbb81bd34e1f1508ed4492c54c9504

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:01 GMT
content-encoding
gzip
last-modified
Fri, 18 Jun 2021 05:25:03 GMT
server
FBS
etag
"60cc2e2f-12e2"
x-powered-by
erlang
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=7200, public
content-length
4834
expires
Mon, 01 Apr 2024 19:03:01 GMT
theme.css
heartloom-com.myshopify.com/cdn/shop/t/40/assets/
356 KB
51 KB
Stylesheet
General
Full URL
https://heartloom-com.myshopify.com/cdn/shop/t/40/assets/theme.css?v=6f397fb62d48eb9eea84db8f2fb1ae72
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:127:f00f:e:: , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b192888daacbe9f989be92a65ee554906a2d2164af88de998029c4ba6151ecbf
Security Headers
Name Value
Content-Security-Policy sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:01 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-dc
gcp-us-central1,gcp-us-central1
x-permitted-cross-domain-policies
none
server-timing
imagery;dur=141.031, imageryFetch;dur=78.551, cfRequestDuration;dur=59.999943, ipv6
alt-svc
h3=":443"; ma=86400
content-length
50993
x-xss-protection
1; mode=block
x-sorting-hat-shopid
2396631
x-request-id
13d3618d-bcbf-452b-83e1-6d4dac50eb77-1711237387
last-modified
Sat, 23 Mar 2024 23:43:08 GMT
server
cloudflare
x-download-options
noopen
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WH%2F4iBpePmG8SKuGWv5if%2FnK7GbhlcQHl7%2B0LEfSLnxiR5%2FaybV7f73sBmQ9TgK%2BRskS%2Bk6JrITptafQTgDFB%2FZFriNWgjcS3NpAGuq3LAFlJbT2o5IxmlrWfPTv1fmYNmgbBxOq%2F%2FmP9f%2FRiv8CfnNSxvfkaTfegg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31557600
accept-ranges
bytes
cf-ray
86da2673494d4bbb-BUF
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/0239/6631/t/40/assets/theme.css>; rel="canonical"
x-sorting-hat-podid
108
preloads.js
www.heartloom.us/checkouts/internal/
4 KB
1 KB
Script
General
Full URL
https://www.heartloom.us/checkouts/internal/preloads.js?locale=en-US
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.208.248 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8653c5e322bc43c3579906cbbf8f28b8bf32768250299964510bbabc18ac803e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 01 Apr 2024 17:03:02 GMT
strict-transport-security
max-age=31536000
content-encoding
br
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xbq1LV21ah4zYhnqDqTfxR7IjOPENrnlZ46BVx6I6b59jZj8%2FNehVzxRJrxM1ZdXa8w3xlSxClrzNixTN2kRnad8d%2FaSa1VTvNQcu3dfAQXdMrpkmfJJQcqcA18y5OHKqe8W"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate
cf-ray
86da2675096c22f8-ORD
alt-svc
h3=":443"; ma=86400
expires
Thu, 19 Nov 1981 08:52:00 GMT
preloads.js
shop.app/checkouts/internal/
0
529 B
Script
General
Full URL
https://shop.app/checkouts/internal/preloads.js?locale=en-US&shop_id=2396631
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.146.173.20 , Sweden, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
Origin
https://www.heartloom.us
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:02 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jllg06N5U2dmdjsWwdlVDOc1JHCicSfPXLcg3nayRIoyvN3NcjA2a9g%2FM0wACZBEKGCUuBnImeFHl2BcJRbOsquKrDrXW2ff7FtvYhCzrCEFBEJQIUMb9tPt"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=60
server-timing
cfRequestDuration;dur=51.000118
timing-allow-origin
*
cf-ray
86da26755ddb39f6-YYZ
content-length
0
alt-svc
h3=":443"; ma=86400
load_feature-9f951eb7d8d53973c719de211f807d63af81c644e5b9a6ae72661ac408d472f6.js
heartloom-com.myshopify.com/cdn/shopifycloud/shopify/assets/storefront/
12 KB
4 KB
Script
General
Full URL
https://heartloom-com.myshopify.com/cdn/shopifycloud/shopify/assets/storefront/load_feature-9f951eb7d8d53973c719de211f807d63af81c644e5b9a6ae72661ac408d472f6.js
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.74 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
shops.myshopify.com
Software
cloudflare /
Resource Hash
9f951eb7d8d53973c719de211f807d63af81c644e5b9a6ae72661ac408d472f6
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
Origin
https://www.heartloom.us
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:02 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies
none
x-dc
gcp-us-east1,gcp-us-central1
age
1567561
content-encoding
br
server-timing
imagery;dur=79.614, imageryFetch;dur=78.649, cfRequestDuration;dur=32.000065
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
d47e67d7-3a3a-4ecb-84ab-6b9ab8821cfb-1710423420
last-modified
Thu, 14 Mar 2024 13:37:00 GMT
server
cloudflare
x-download-options
noopen
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e5lgnb%2BMnBXfjqjEp8Qxii3sC3shjjRHA6aFW73Kp7cyX7VLtCFqQBkEBtmP10FdTKSLFvLt3cRPe1%2BcqktvqkxPV49%2F7ZFlCT7OAamVHUUkyJRXMhF6tOk6DjZjouhkKx49Nt%2BMMwieoMQKIQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31556952, immutable
cf-ray
86da26756ae10298-ORD
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/shopify/assets/storefront/load_feature-9f951eb7d8d53973c719de211f807d63af81c644e5b9a6ae72661ac408d472f6.js>; rel="canonical"
x-sorting-hat-podid
-1
storefront-a2d444786d996da5634fbbaeeffe6104ee672440dfa6cdcaebfb27dceaaf9c0f.js
heartloom-com.myshopify.com/cdn/shopifycloud/shopify/assets/shopify_pay/
49 KB
19 KB
Script
General
Full URL
https://heartloom-com.myshopify.com/cdn/shopifycloud/shopify/assets/shopify_pay/storefront-a2d444786d996da5634fbbaeeffe6104ee672440dfa6cdcaebfb27dceaaf9c0f.js?v=3cb26f1edcf87af2bec46716dd571e14
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.74 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
shops.myshopify.com
Software
cloudflare /
Resource Hash
a2d444786d996da5634fbbaeeffe6104ee672440dfa6cdcaebfb27dceaaf9c0f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
Origin
https://www.heartloom.us
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:02 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies
none
x-dc
gcp-us-central1,gcp-us-east1
age
1808775
content-encoding
br
server-timing
imagery;dur=24.607, imageryFetch;dur=24.212, cfRequestDuration;dur=28.999805
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
0d08dd83-4a30-41b0-ba29-73b0213f43c3-1710182207
last-modified
Mon, 11 Mar 2024 18:36:47 GMT
server
cloudflare
x-download-options
noopen
vary
Accept-Encoding, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BAa7m1rGsjmM9n%2BOIUn11qyWlMoCduYWe%2FZhWsv6Pd1zQCp7lMpfA5HhaBeDCzQ5pinCw%2FJ4PFLZqsbmwPrhQ0RsEktWmT7HnTTIRpfyoLqhibASZz1dme9ICHORz5FzRFMB4DBf86cmcbenKg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31556952, immutable
cf-ray
86da26756ae20298-ORD
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/shopify/assets/shopify_pay/storefront-a2d444786d996da5634fbbaeeffe6104ee672440dfa6cdcaebfb27dceaaf9c0f.js>; rel="canonical"
x-sorting-hat-podid
-1
features-1c0b396bd4d054b94abae1eb6a1bd6ba47beb35525c57a217c77a862ff06d83f.js
heartloom-com.myshopify.com/cdn/shopifycloud/shopify/assets/storefront/
37 KB
14 KB
Script
General
Full URL
https://heartloom-com.myshopify.com/cdn/shopifycloud/shopify/assets/storefront/features-1c0b396bd4d054b94abae1eb6a1bd6ba47beb35525c57a217c77a862ff06d83f.js
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.74 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
shops.myshopify.com
Software
cloudflare /
Resource Hash
1c0b396bd4d054b94abae1eb6a1bd6ba47beb35525c57a217c77a862ff06d83f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
Origin
https://www.heartloom.us
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:02 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies
none
x-dc
gcp-us-east1,gcp-us-east1
age
1162516
content-encoding
br
server-timing
imagery;dur=31.046, imageryFetch;dur=28.458, cfRequestDuration;dur=21.000147
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
1f728878-86a0-4c15-9401-278f7f45042e
last-modified
Fri, 09 Feb 2024 22:13:48 GMT
server
cloudflare
x-download-options
noopen
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=41ZuqcQvwqerIxyTNUrll4ypnmSoC6MNhIcS8o2YpT%2B175y6aBDmq3ZbxPh8ifJTef5a6%2BoxmplccZpt%2Bg1BOJk4q265F2mr996%2BN%2FoPZH7gpM88uH9oKmcc1GUKf8SDuP7IE%2Fm3EkGpqIu3Kw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31556952, immutable
cf-ray
86da26756add0298-ORD
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/shopify/assets/storefront/features-1c0b396bd4d054b94abae1eb6a1bd6ba47beb35525c57a217c77a862ff06d83f.js>; rel="canonical"
x-sorting-hat-podid
-1
OmL6WbZDLWcJEfFCJHJNqQ
cdn-widgetsrepository.yotpo.com/v1/loader/
44 KB
9 KB
Script
General
Full URL
https://cdn-widgetsrepository.yotpo.com/v1/loader/OmL6WbZDLWcJEfFCJHJNqQ
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:9000:7a0::1d72 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
77672f1be3db5e04a2d00a5f0729d7dc1ffb9b4562b3465dfae4dcb9caf36974

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

ratelimit-reset
46
content-encoding
gzip
date
Mon, 01 Apr 2024 17:03:02 GMT
x-kong-proxy-latency
7
x-ratelimit-limit-minute
5000
x-kong-upstream-latency
92
x-ratelimit-remaining-minute
4999
ratelimit-limit
5000
content-length
9205
correlation-id
076aa111-7d69-4a12-96f1-5f5725b618f0
vary
Accept-Encoding
access-control-max-age
86400
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-allow-methods
GET,POST
access-control-allow-credentials
false
ratelimit-remaining
4999
access-control-allow-headers
*
klaviyo.js
static.klaviyo.com/onsite/js/
4 KB
2 KB
Script
General
Full URL
https://static.klaviyo.com/onsite/js/klaviyo.js?company_id=LCPxjh
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
46bf2d75a804c668983b5ace7260096ea60eb954cf6f81af8b5407544ca0e074
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'strict-dynamic' 'unsafe-eval' https://cdn.ampproject.org/; base-uri 'none'; frame-ancestors 'self' login.bigcommerce.com *.mybigcommerce.com admin.shopify.com klaviyo.file.force.com klaviyo.lightning.force.com klaviyo.my.salesforce.com; object-src 'none'; report-uri /csp/

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
script-src 'report-sample' 'strict-dynamic' 'unsafe-eval' https://cdn.ampproject.org/; base-uri 'none'; frame-ancestors 'self' login.bigcommerce.com *.mybigcommerce.com admin.shopify.com klaviyo.file.force.com klaviyo.lightning.force.com klaviyo.my.salesforce.com; object-src 'none'; report-uri /csp/
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Mon, 01 Apr 2024 17:03:01 GMT
age
1635
x-cache
HIT, HIT
content-length
1175
x-served-by
cache-lga21933-LGA, cache-yyz4574-YYZ
server
nginx
x-timer
S1711990982.979258,VS0,VE1
etag
W/"41276840fbf1a100f63ac97c246e0354"
allow
OPTIONS, GET
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
content-language
en-us
cache-control
max-age=1, stale-while-revalidate=10800
access-control-allow-credentials
true
content-type
application/javascript
vary
Accept-Encoding
x-resp-is-stale
true
accept-ranges
bytes
access-control-allow-headers
x-cache-hits
20, 1
dc.js
stats.g.doubleclick.net/
45 KB
17 KB
Script
General
Full URL
https://stats.g.doubleclick.net/dc.js
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c19::9c Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6181cd98fe270c2826d416574446841f86778bc45a0ab0bdd0c667b4e70fd6e8
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 01 Apr 2024 16:09:33 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
3208
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
17093
expires
Mon, 01 Apr 2024 18:09:33 GMT
HL-sfw-logo_500x83.png
heartloom-com.myshopify.com/cdn/shop/files/
5 KB
5 KB
Image
General
Full URL
https://heartloom-com.myshopify.com/cdn/shop/files/HL-sfw-logo_500x83.png?v=537fa514216183ea47bedecbea0cd610
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:127:f00f:e:: , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
39e839dcf185402ff417b9fb0116d05a03fa22603f86d5f1b18b820d0f7dac17
Security Headers
Name Value
Content-Security-Policy sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:01 GMT
content-security-policy
sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-east1
x-permitted-cross-domain-policies
none
source-type
image/png
server-timing
imagery;dur=451.914, imageryFetch;dur=94.572, imageryProcess;dur=356.715;desc="image", cfRequestDuration;dur=71.000099, ipv6
source-length
8553
content-length
4748
x-xss-protection
1; mode=block
x-sorting-hat-shopid
2396631
x-request-id
794d49fb-262f-48e6-ba87-017c6f28c53d-1711324792
alt-svc
h3=":443"; ma=86400
last-modified
Sun, 24 Mar 2024 23:59:53 GMT
server
cloudflare
x-download-options
noopen
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sWniYHIwtXTaMpYPa5IKTNWuV1%2BQhwlVMy0trpbLDFBXTuXtHN2oCPvN6UxMcuA3QsKRW%2FAsUzf2cqCGHrHPpG5M%2BduCZqtzzr%2BsWQOWnTCSP3TN1mHRQhkX6sSzZg%2Fm4bV%2FQTMRahOrOuFx%2F4xOJsdgn9yyhYptWA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/avif
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
cf-ray
86da2673494f4bbb-BUF
x-sorting-hat-podid
108
fs.slider.v2.5.js
foursixty.com/media/scripts/
103 KB
29 KB
Script
General
Full URL
https://foursixty.com/media/scripts/fs.slider.v2.5.js
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
157.230.5.204 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
4b04b47fabc5e6adaaa18f3805cb4c43399cbd4aa95484fb5c1441a8dfbf6e01

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:01 GMT
content-encoding
gzip
via
1.1 varnish (Varnish/6.2)
last-modified
Tue, 19 Mar 2024 15:44:06 GMT
server
nginx/1.18.0 (Ubuntu)
age
4405
etag
"65f9b2c6-19d94"
vary
Accept-Encoding
content-type
application/javascript
x-varnish
512163971 458163085
cache-control
max-age=86400
x-host
main_server
accept-ranges
bytes
content-length
29474
expires
Tue, 02 Apr 2024 17:03:01 GMT
atlantic.js
heartloom-com.myshopify.com/cdn/shop/t/40/assets/
454 KB
105 KB
Script
General
Full URL
https://heartloom-com.myshopify.com/cdn/shop/t/40/assets/atlantic.js?v=9202be5cf395bef2c061c135f811b3e6
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:127:f00f:e:: , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5cb995a2bd1d47e0b1623e6668cccee91977b113aa481bb7518942aff02bb57c
Security Headers
Name Value
Content-Security-Policy sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:01 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-dc
gcp-us-central1,gcp-us-east1
x-permitted-cross-domain-policies
none
server-timing
imagery;dur=281.097, imageryFetch;dur=146.981, cfRequestDuration;dur=43.999910, ipv6
alt-svc
h3=":443"; ma=86400
content-length
106775
x-xss-protection
1; mode=block
x-sorting-hat-shopid
2396631
x-request-id
dd4213d8-03d0-4ca6-bd92-90e9111a97ee-1711311785
last-modified
Sun, 24 Mar 2024 20:23:05 GMT
server
cloudflare
x-download-options
noopen
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B7k4bMfX%2FvqIpg%2FW0IF%2BKkFfeszFwqdG3bsn8aSdHgOyZDIXp4YWO9PIXOht0aycNQNJYmiHJ5ISrNI50HiDDDFYJYAyto945F9OhIwdqn2SVaHq%2BW86XOBoUb5k93NDxNRL7uBWVHQlT65KlskzfebptTh702iRiQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31557600
accept-ranges
bytes
cf-ray
86da2673e9a14bbb-BUF
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/0239/6631/t/40/assets/atlantic.js>; rel="canonical"
x-sorting-hat-podid
108
plugins.js
heartloom-com.myshopify.com/cdn/shop/t/40/assets/
15 KB
6 KB
Script
General
Full URL
https://heartloom-com.myshopify.com/cdn/shop/t/40/assets/plugins.js?v=2dbb8b63d2040c482a60033dd27f664f
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:127:f00f:e:: , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d6d57310f272af7d4a55f5def437419867ea9f1a8b439e849d566fdc13bc7570
Security Headers
Name Value
Content-Security-Policy sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:01 GMT
content-encoding
br
x-content-type-options
nosniff
content-security-policy
sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-dc
gcp-us-east1,gcp-us-central1
x-permitted-cross-domain-policies
none
server-timing
imagery;dur=93.339, imageryFetch;dur=54.057, cfRequestDuration;dur=53.999901, ipv6
alt-svc
h3=":443"; ma=86400
content-length
4814
x-xss-protection
1; mode=block
x-sorting-hat-shopid
2396631
x-request-id
275c0436-2677-4d9b-a134-d4891b0845f7-1711237387
last-modified
Sat, 23 Mar 2024 23:43:08 GMT
server
cloudflare
x-download-options
noopen
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jFpTzmEBtY90ReTLKb8zH%2FZHw3mmWepBvD6b8%2BVXlOu69xKPMA3Q145lD%2FzKc0FKwfI74JeQ24Xf6k7%2BxNGPjj8nZUfgEIxAHXyIQiZvTft8FftQKy7IOWfP5tiou40xqq6Ktq6Z6M9D84ZRSydfCj7WiXlnqfxaIQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31557600
accept-ranges
bytes
cf-ray
86da267469e64bbb-BUF
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/0239/6631/t/40/assets/plugins.js>; rel="canonical"
x-sorting-hat-podid
108
render.707c4e63902039f00217.js
widget-v4.tidiochat.com/1_221_0/static/js/
Redirect Chain
  • https://code.tidio.co/us8tyygsqav9vkjo4ijrgeamgy1wyyry.js
  • https://widget-v4.tidiochat.com/1_221_0/static/js/render.707c4e63902039f00217.js
5 KB
2 KB
Script
General
Full URL
https://widget-v4.tidiochat.com/1_221_0/static/js/render.707c4e63902039f00217.js
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/
Protocol
H2
Server
2606:4700:20::681a:88b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1af2d8276db028d2211aea121ed23d6bacbfeea8a4b525bc61614f35050cab76

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.heartloom.us/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

date
Mon, 01 Apr 2024 17:03:02 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 20 Mar 2024 10:18:07 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
1594
etag
W/"65fab7df-1472"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4JGS74F0snCRgmzMrzDIKM3TFHYCsLuL2MhxoGVMpdmSuwuh7BgPV6DkkB2A6JAEGqVy1aw%2FnhgYI4E2AqG3p9WNAFUIcKzxn0u0h3VFPYtySUcZDtWQb83hjS5jmIgTTJYnV8KB6be%2BizynD3vZPKixv2l1"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=691200
cf-ray
86da26762b4f4bd2-BUF

Redirect headers

date
Mon, 01 Apr 2024 17:03:01 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
widget-cache-status
HIT
server
cloudflare
age
34
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1qKuRAkFTNlYblXVjtALnP%2FmP9KKZk9hb7bo3Skse0invKDOEJeMKmY6CrvEmTKjSMmexQnx0F0y6AFtSgP2ViiZzZvz567HX9lugj%2FDNr563hHywF6wCsGyASCiQLY%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html
location
https://widget-v4.tidiochat.com/1_221_0/static/js/render.707c4e63902039f00217.js
cache-control
public, s-maxage=300, max-age=0
cf-ray
86da26754997639e-ORD
203089X1681994.skimlinks.js
s.skimresources.com/js/
49 KB
19 KB
Script
General
Full URL
https://s.skimresources.com/js/203089X1681994.skimlinks.js
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.202 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Skimlinks V9.0 /
Resource Hash
eb4aed858662d5ac05bb83a35a790113f89a2187f414d300fc3349c18985ca5f

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-served-by
cache-yyz4582-YYZ
x-amz-version-id
NosNctuC9nKFyw9GgWVoc2ELhFDoVcsX
content-encoding
gzip
date
Mon, 01 Apr 2024 17:03:02 GMT
server
Skimlinks V9.0
etag
"37557afed5f2e99d321683295037e0c5"
vary
Accept-Encoding
x-cache
HIT
content-type
application/octet-stream
p3p
policyref="https://s.skimresources.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control
public, max-age=3600
accept-ranges
bytes
content-length
18685
x-cache-hits
1
present-afterpay.js
static-us.afterpay.com/javascript/
142 KB
47 KB
Script
General
Full URL
https://static-us.afterpay.com/javascript/present-afterpay.js
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:269f:3800:16:77a1:11c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
62d881d47f3c1043edd73da0ddf1e4c605a8d31aa9f46e50bd2efbd95a7bd7d1

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
_dEVtS5BWj9ns3aBIO2VEUDdAkiFdwxE
content-encoding
gzip
via
1.1 ddaa088f1b6b5a9bcdc791a053431534.cloudfront.net (CloudFront)
date
Mon, 01 Apr 2024 16:29:16 GMT
last-modified
Mon, 08 Mar 2021 20:41:35 GMT
server
AmazonS3
x-amz-cf-pop
YUL62-P1
age
2027
etag
W/"39a97151f15d23ae34bcc32fd988dde8"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
x-amz-cf-id
5XLPOLU4jLklsF32WZNZKNT3nvmvgapDQVRAlLpMyIYM0mKiUXx5Iw==
xo-gallery.css
cdn.shopify.com/extensions/3fc6ac03-989d-4c04-8c4a-27b6bfd52e10/xo-gallery-28/assets/
28 KB
7 KB
Stylesheet
General
Full URL
https://cdn.shopify.com/extensions/3fc6ac03-989d-4c04-8c4a-27b6bfd52e10/xo-gallery-28/assets/xo-gallery.css
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.60.200 , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
cloudflare /
Resource Hash
d4600958388d125d2aedc233fcc9959f8575973da61f05550fb1807d00cadae4
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:01 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-east1
age
1244172
content-encoding
br
server-timing
imagery;dur=35.873, imageryFetch;dur=34.463, cfRequestDuration;dur=12.000084
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
f4da539c-aebf-4b45-a7f3-2fb3f5d2ad2e-1710264328
last-modified
Tue, 12 Mar 2024 17:25:28 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6Z1sgOwDv2hD46i4uC8EbC8CC00h95anFbyN00Hj35SdKs9Yq6tEinQqRyUsGOG%2FzWwjQViRAS4ZZrxukQMa1HNlL4%2BCyHhsKzg%2Bt4muaYFH%2BUzdV4vi1zfnJXSg2BQ4rQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31557600
timing-allow-origin
*
link
<https://cdn.shopify.com/extensions/3fc6ac03-989d-4c04-8c4a-27b6bfd52e10/xo-gallery-28/assets/xo-gallery.css>; rel="canonical"
cf-ray
86da26755b666aee-BUF
main.min.css
cdn.xotiny.com/assets/shop/Heartloom.us/gallery/
0
0

xo-gallery.js
cdn.shopify.com/extensions/3fc6ac03-989d-4c04-8c4a-27b6bfd52e10/xo-gallery-28/assets/
72 KB
26 KB
Script
General
Full URL
https://cdn.shopify.com/extensions/3fc6ac03-989d-4c04-8c4a-27b6bfd52e10/xo-gallery-28/assets/xo-gallery.js
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
23.227.60.200 , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
cloudflare /
Resource Hash
853a0c138c979a06c8247f6dc0a1ddf2b161d4641135f677d1fdf9d63564f5a4
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
Origin
https://www.heartloom.us
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:01 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-central1,gcp-us-central1
content-encoding
br
server-timing
imagery;dur=23.751, imageryFetch;dur=23.499, cfRequestDuration;dur=40.999889
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
ed2020ba-c095-4aab-a5f0-6398c1a85f09-1710268316
last-modified
Tue, 12 Mar 2024 18:31:56 GMT
server
cloudflare
vary
Accept-Encoding, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FRfs1pMD%2BaoaRYhSqeLs7WRrWVd10nsPEVDsD0nk3%2B0X5P69hXNgDtoSy4KY8oLyCHXv1wwqCgVX%2Bb4U5mEjoM%2BlaQRWzf15P4chDvexVyOa1Ot%2BhNQ0bY%2B8SMdIkh8%2BnQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31557600
timing-allow-origin
*
link
<https://cdn.shopify.com/extensions/3fc6ac03-989d-4c04-8c4a-27b6bfd52e10/xo-gallery-28/assets/xo-gallery.js>; rel="canonical"
cf-ray
86da26737fe94bd5-BUF
fbevents.js
connect.facebook.net/en_US/
218 KB
59 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f003:100:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
047e3259b6f0b42d781532fa122b2d8de9aed187d766fd45efcf119450eeb4c4
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Mon, 01 Apr 2024 17:03:02 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
58040
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=34, rtx=0, c=12, mss=1294, tbw=2766, tp=-1, tpl=-1, uplat=1, ullat=-1
pragma
public
x-fb-debug
YgTNr3jzns8XKgpVzJDz2fNRLdwHbSBIEjDNFxnqah/eAEGpdyzNr0KS4COy9PTP+rTjupZxk9ZUVMzJNu5YJQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
loader.js
sdk.loyaltylion.net/static/2/
91 KB
30 KB
Script
General
Full URL
https://sdk.loyaltylion.net/static/2/loader.js?t=202431
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.3.82 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-3-82.yul62.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c3d094c88acfa1297f6fa9e415cb35c9cff58689a9b37ed4be3ad05673a15773

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
Origin
https://www.heartloom.us
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 16:59:49 GMT
content-encoding
br
via
1.1 726979f71f252186e97d38202269f636.cloudfront.net (CloudFront)
x-amz-cf-pop
YUL62-P2
age
197
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
30313
last-modified
Thu, 21 Mar 2024 10:02:28 GMT
server
AmazonS3
etag
"a79e6d98c7eb3593510a8e2dce71752b"
access-control-max-age
86400
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
ETag
cache-control
max-age=1200, s-maxage=300, must-revalidate
vary
Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges
bytes
x-amz-cf-id
IMNa5pQNc0z0L1TbIJJHVsisbqnRfdVJm_laKxjmNmsOIGnAKVi9dQ==
77f1dd9026d389a7c7575b292465edff.js
sdk.loyaltylion.net/sdk/start/
1 KB
912 B
Script
General
Full URL
https://sdk.loyaltylion.net/sdk/start/77f1dd9026d389a7c7575b292465edff.js?t=2024317
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.3.82 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-3-82.yul62.r.cloudfront.net
Software
nginx /
Resource Hash
9b5de900c3925f45e9d04e9d476f8e9aa5e0e050c457a81fc02c3fb2b58e9cd3

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
Origin
https://www.heartloom.us
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:02 GMT
content-encoding
br
via
1.1 726979f71f252186e97d38202269f636.cloudfront.net (CloudFront)
server
nginx
x-amz-cf-pop
YUL62-P2
etag
W/"433-xytLoBckDXhAZkF+k5liGFEkolA"
x-cache-status
EXPIRED
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=60, must-revalidate
x-amz-cf-id
L4m26rX4-ILOXqNUm4-CBXhtMqJI_AENZxHw9X_BSWtuel7vksOmkA==
b923483b2w04fb9a55pdf3e3378md2b76e35m.js
www.heartloom.us/cdn/wpm/
77 KB
29 KB
Script
General
Full URL
https://www.heartloom.us/cdn/wpm/b923483b2w04fb9a55pdf3e3378md2b76e35m.js
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.208.248 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7843ff1e8eedf4a35abba44e3ac8b8194b0e0564c82bc4f454a50b88a6b05674
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 01 Apr 2024 17:03:03 GMT
strict-transport-security
max-age=31536000
content-encoding
br
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d1uAViSs%2B8%2FId6QWvmaWPPP%2FB6a6HrSJzcwktrc7kKIEEo00g04iNUCT096m1y5yjDAm01MoU5shcqMLewi5pTGzkHXx5%2B2fdUwbCvO%2B%2BxstAiDT%2BclzXp1rQNyNshtRikVD"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate
cf-ray
86da2675097222f8-ORD
alt-svc
h3=":443"; ma=86400
expires
Thu, 19 Nov 1981 08:52:00 GMT
trekkie.storefront.81e7c2f873195e45afafd9b60802a3260bdef5d8.min.js
www.heartloom.us/cdn/s/
113 KB
26 KB
Script
General
Full URL
https://www.heartloom.us/cdn/s/trekkie.storefront.81e7c2f873195e45afafd9b60802a3260bdef5d8.min.js
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.208.248 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e1e4cd57a78ac3172222361815de957bff32eb2d4db4c51f3148daafc022955f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 01 Apr 2024 17:03:03 GMT
strict-transport-security
max-age=31536000
content-encoding
br
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vpmjAAKAMVQcX8I8TKhabV5exUSpzhbO4eeJlKZewQTVcvKFxXaN5vQ7UAZ5mt0MnWxDMulo0p%2BsNdf%2F7LPi7opqha1qOO%2FSuP0ySBal52TcW00nSXV3UwyQeZq%2Btv6IOndv"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate
cf-ray
86da2675097622f8-ORD
alt-svc
h3=":443"; ma=86400
expires
Thu, 19 Nov 1981 08:52:00 GMT
shop_events_listener-61fa9e0a912c675e178777d2b27f6cbd482f8912a6b0aa31fa3515985a8cd626.js
heartloom-com.myshopify.com/cdn/shopifycloud/shopify/assets/
8 KB
4 KB
Script
General
Full URL
https://heartloom-com.myshopify.com/cdn/shopifycloud/shopify/assets/shop_events_listener-61fa9e0a912c675e178777d2b27f6cbd482f8912a6b0aa31fa3515985a8cd626.js
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.74 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
shops.myshopify.com
Software
cloudflare /
Resource Hash
61fa9e0a912c675e178777d2b27f6cbd482f8912a6b0aa31fa3515985a8cd626
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:01 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies
none
x-dc
gcp-us-central1,gcp-us-east1
age
1638068
content-encoding
br
server-timing
imagery;dur=79.652, imageryFetch;dur=78.836, cfRequestDuration;dur=19.000053
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
e8ce648a-b088-45b4-887d-d98e49d46c6f
last-modified
Fri, 23 Feb 2024 18:46:29 GMT
server
cloudflare
x-download-options
noopen
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yhjLQ5TFQLUMslC5F51Of%2BcZy2cGbONiCX49MAiXQsKrCXpgYHDeCVBGEnYW%2FszDVAOahXmpWN7ud%2BXBZ6ZpJNVWCCZa%2FsG5GECOkD3%2BNpj4D83GVq2gtIc0AOAOkjjtzEZLnnXv%2FFd47eIWew%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31556952, immutable
cf-ray
86da26752c8b8c7d-EWR
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/shopify/assets/shop_events_listener-61fa9e0a912c675e178777d2b27f6cbd482f8912a6b0aa31fa3515985a8cd626.js>; rel="canonical"
x-sorting-hat-podid
-1
shopify-boomerang-1.0.0.min.js
www.heartloom.us/cdn/shopifycloud/boomerang/
58 KB
19 KB
Script
General
Full URL
https://www.heartloom.us/cdn/shopifycloud/boomerang/shopify-boomerang-1.0.0.min.js
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.208.248 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3d4f19e27ee9a32aa646c33e89666ff5b295cfd9d96cb4a983edb4ae3c011dbd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 01 Apr 2024 17:03:02 GMT
strict-transport-security
max-age=31536000
content-encoding
br
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SBeg8N0ppdaFJyaEsrSb4jqJRsYi%2BBvAgf1I%2BbLR0JXMNmC5lF6DxUTlsyzPG2%2FkCFCIgdw0sdouU3yFicsrJpTumgclbmYd7mjy6GoCz81IuSRQhst%2FXXO31yYz8mYPhjK2"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate
cf-ray
86da2674d92122f8-ORD
alt-svc
h3=":443"; ma=86400
expires
Thu, 19 Nov 1981 08:52:00 GMT
__utm.gif
stats.g.doubleclick.net/r/
35 B
198 B
Image
General
Full URL
https://stats.g.doubleclick.net/r/__utm.gif?utmwv=5.7.2dc&utms=1&utmn=1841590961&utmhn=www.heartloom.us&utmcs=UTF-8&utmsr=800x600&utmvp=1600x1113&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Heartloom%20Official%20Website&utmhid=275757207&utmr=-&utmp=%2F&utmht=1711990981904&utmac=31217492-1&utmdid=o5cUG&utmcc=__utma%3D1.32622710.1711990982.1711990982.1711990982.1%3B%2B__utmz%3D1.1711990982.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=626248044&utmredir=3&utmu=qzAAAAAAAAAAAAAAAAAAAAAE~
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c19::9c Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Mon, 01 Apr 2024 17:03:01 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
truncated
/
71 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ba8c622a526c1aa0abd49942dd4c0f3bee0ce24d7817363f8054eb5e6291b4fc

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
slider_v2_5.css
foursixty.com/media/styles/embed/
42 KB
11 KB
Stylesheet
General
Full URL
https://foursixty.com/media/styles/embed/slider_v2_5.css
Requested by
Host: foursixty.com
URL: https://foursixty.com/media/scripts/fs.slider.v2.5.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
157.230.5.204 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
51e4ac4d06a938bd13eee8c404bc41e123167ecc95388321176b6ffd37c77b5d

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:01 GMT
content-encoding
gzip
via
1.1 varnish (Varnish/6.2)
last-modified
Tue, 15 Nov 2022 21:23:05 GMT
server
nginx/1.18.0 (Ubuntu)
age
4406
etag
"63740339-a75a"
vary
Accept-Encoding
content-type
text/css
x-varnish
511901800 467571582
cache-control
max-age=86400
x-host
main_server
accept-ranges
bytes
content-length
10963
expires
Tue, 02 Apr 2024 17:03:01 GMT
avenirnext_n3.8e9925ddfd17ebca6be10ad27e93b95630121a12.woff2
www.heartloom.com/cdn/fonts/avenir_next/
19 KB
20 KB
Font
General
Full URL
https://www.heartloom.com/cdn/fonts/avenir_next/avenirnext_n3.8e9925ddfd17ebca6be10ad27e93b95630121a12.woff2?h1=aGVhcnRsb29tLmNvbQ&h2=aGVhcnRsb29tLWNvbS5hY2NvdW50Lm15c2hvcGlmeS5jb20&hmac=524b6a981f351bba0990c8620ecf9387ee00806300effe5e7b25b0fb41ae5331
Requested by
Host: heartloom-com.myshopify.com
URL: https://heartloom-com.myshopify.com/cdn/shop/t/40/assets/theme.css?v=6f397fb62d48eb9eea84db8f2fb1ae72
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:127:f00f:e:: , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a24b456d7e02dcad9b2fd77b90dbeab996ecfe0a1bfaab59c12d478893d830b1
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://heartloom-com.myshopify.com/
Origin
https://www.heartloom.us
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:02 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies
none
x-dc
gcp-us-east1,gcp-us-central1
age
1404864
server-timing
imagery;dur=157.852, imageryFetch;dur=79.351, cfRequestDuration;dur=6.999969, ipv6, cfRequestDuration;dur=40.999889, ipv6
alt-svc
h3=":443"; ma=86400
content-length
19512
x-xss-protection
1; mode=block
x-request-id
b10582ea-a070-4c1f-8942-e47fbe13f9d0
last-modified
Wed, 28 Feb 2024 14:09:45 GMT
server
cloudflare
x-download-options
noopen
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6ZNlgUfAh8f%2F3kq0MHTxSiV1%2BK31YHCJckKAjI3biaSP%2F%2FKu8Rdke50nlixco3sSvu42PGNca5Qq06LOArnTNhgEx6pTdPTJjPO9FPCasmHZ6sh0Zh4KtkOmyGR%2FszkHWEpwjLRtjkukgpGw%2Boqf"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=2629800, immutable
accept-ranges
bytes
cf-ray
86da2675a97b4bc7-BUF
timing-allow-origin
*
SchnyderWideM-Bold-Web.otf
cdn.shopify.com/s/files/1/0422/4034/4226/files/
179 KB
63 KB
Font
General
Full URL
https://cdn.shopify.com/s/files/1/0422/4034/4226/files/SchnyderWideM-Bold-Web.otf?v=1595858280
Requested by
Host: heartloom-com.myshopify.com
URL: https://heartloom-com.myshopify.com/cdn/shop/t/40/assets/theme.css?v=6f397fb62d48eb9eea84db8f2fb1ae72
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
23.227.60.200 , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
cloudflare /
Resource Hash
16c6ee167da6dcccbc1f9f3905254d50ada6468d878d567107e8a4976830b5e7
Security Headers
Name Value
Content-Security-Policy sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://heartloom-com.myshopify.com/
Origin
https://www.heartloom.us
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:01 GMT
content-security-policy
sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-dc
gcp-us-east1,gcp-us-east1
server-timing
imagery;dur=197.477, imageryFetch;dur=162.495, cfRequestDuration;dur=43.999910
alt-svc
h3=":443"; ma=86400
content-length
63827
x-xss-protection
1; mode=block
x-request-id
9b3a77e6-3b9d-4c2b-b413-9505afa660a2-1711275175
last-modified
Sun, 24 Mar 2024 10:12:55 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wMT1e1BN2MDTfZE918mfXfPAFRGqCeheyXnbS304EBZfvJEsX%2BaoKPyduWX%2F5bgZXuUh8LFiPArJQue82boOc63RxJ3Y5fOGSn%2Bz17a8avr3ntBeu9OQ2zNO7PRsvFdC%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/otf
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/0422/4034/4226/files/SchnyderWideM-Bold-Web.otf>; rel="canonical"
cf-ray
86da267528dd4bd5-BUF
avenirnext_n5.972a96b7a049f12c89d6d1cd0e1b6c9211f7ba14.woff2
www.heartloom.com/cdn/fonts/avenir_next/
19 KB
20 KB
Font
General
Full URL
https://www.heartloom.com/cdn/fonts/avenir_next/avenirnext_n5.972a96b7a049f12c89d6d1cd0e1b6c9211f7ba14.woff2?h1=aGVhcnRsb29tLmNvbQ&h2=aGVhcnRsb29tLWNvbS5hY2NvdW50Lm15c2hvcGlmeS5jb20&hmac=d5555436d040c206b1c3d4fa04ba4a05ef61d103cb89a7401a54a41b58d2797c
Requested by
Host: heartloom-com.myshopify.com
URL: https://heartloom-com.myshopify.com/cdn/shop/t/40/assets/theme.css?v=6f397fb62d48eb9eea84db8f2fb1ae72
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:127:f00f:e:: , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b8dc428785cf4b6552754379b1e3d10e1741e11c19518c53834c3fd69688d6f1
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://heartloom-com.myshopify.com/
Origin
https://www.heartloom.us
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:02 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies
none
x-dc
gcp-us-east1,gcp-us-east1
age
1434749
server-timing
imagery;dur=35.636, imageryFetch;dur=35.306, cfRequestDuration;dur=24.999857, ipv6, cfRequestDuration;dur=43.999910, ipv6
alt-svc
h3=":443"; ma=86400
content-length
19852
x-xss-protection
1; mode=block
x-request-id
5841af00-02ba-489a-9562-1c69be870aef
last-modified
Tue, 30 Jan 2024 07:06:08 GMT
server
cloudflare
x-download-options
noopen
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u%2B0qhcMYXx%2FfiutIhdZY8K7wNU5ylTwKBD8af3FtNpoYG%2FEs1D%2Bg2Zj8gID%2BIrouhMNXRZ1Vd0qQivSiOJppILHeD91K9PkHD6J5fwYJGc%2FVFjbqZKfQD8uH1SPY2JEhLbQ4%2BP%2BV4RVPuf4A%2Fy7E"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=2629800, immutable
accept-ranges
bytes
cf-ray
86da2675a9764bc7-BUF
timing-allow-origin
*
avenirnext_n4.7fd0287595be20cd5a683102bf49d073b6abf144.woff2
www.heartloom.com/cdn/fonts/avenir_next/
18 KB
18 KB
Font
General
Full URL
https://www.heartloom.com/cdn/fonts/avenir_next/avenirnext_n4.7fd0287595be20cd5a683102bf49d073b6abf144.woff2?h1=aGVhcnRsb29tLmNvbQ&h2=aGVhcnRsb29tLWNvbS5hY2NvdW50Lm15c2hvcGlmeS5jb20&hmac=0e1f7cfe7e59f90d29e7b578b34bfa988d448f653380811ac5c595a3ca97dc8d
Requested by
Host: heartloom-com.myshopify.com
URL: https://heartloom-com.myshopify.com/cdn/shop/t/40/assets/theme.css?v=6f397fb62d48eb9eea84db8f2fb1ae72
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:127:f00f:e:: , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c343c1ab10c23d9c66c7a1ba5ffe25e9649c3c798c352a238e855549692bc28f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://heartloom-com.myshopify.com/
Origin
https://www.heartloom.us
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:02 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies
none
x-dc
gcp-us-east1,gcp-us-central1
age
1435076
server-timing
imagery;dur=64.571, imageryFetch;dur=64.040, cfRequestDuration;dur=19.000053, ipv6, cfRequestDuration;dur=40.999889, ipv6
alt-svc
h3=":443"; ma=86400
content-length
18004
x-xss-protection
1; mode=block
x-request-id
be737a0d-be36-4282-b9e5-ade47ca2bac7
last-modified
Tue, 20 Feb 2024 22:04:38 GMT
server
cloudflare
x-download-options
noopen
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xWN2W0VnenEc72yhZOUArjvErPSo96c1ibHnZQ9mqBNoyx%2BclxqpsiikhxdnjTiJ86XtphXg8b6kywl4XUrL8qgJGOX%2BxoNEABaWn%2BXTwSHWRlpKhInfAyYKwfGVY3bNvIYqfQbh16mmmyfavLkw"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=2629800, immutable
accept-ranges
bytes
cf-ray
86da2675a97a4bc7-BUF
timing-allow-origin
*
cart.js
www.heartloom.us/
283 B
1 KB
XHR
General
Full URL
https://www.heartloom.us/cart.js
Requested by
Host: heartloom-com.myshopify.com
URL: https://heartloom-com.myshopify.com/cdn/shop/t/40/assets/atlantic.js?v=9202be5cf395bef2c061c135f811b3e6
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.208.248 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5e2bd0b04ec54791db1404e0ea8de0a128eae0ff9e4ee7445bd1c36042fb2174
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.heartloom.us/
X-Requested-With
XMLHttpRequest
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 01 Apr 2024 17:03:03 GMT
strict-transport-security
max-age=31536000
content-encoding
br
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u5NPuHLg%2FuXfmF1PpotyhSOLct2p7Vb7FtjEsy7AbNrjgk9Tn8ug%2BJ3cqognVk16na6WF18gBc5zR5DzfFNXRNA4Ce78Fx%2BMF9SO2Ntk2eEH2613pCUaAFb2AdhcNGweH9tc"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate
cf-ray
86da26757a3522f8-ORD
alt-svc
h3=":443"; ma=86400
expires
Thu, 19 Nov 1981 08:52:00 GMT
cart
www.heartloom.us/
228 B
2 KB
XHR
General
Full URL
https://www.heartloom.us/cart?view=mini&_=1711990981958
Requested by
Host: heartloom-com.myshopify.com
URL: https://heartloom-com.myshopify.com/cdn/shop/t/40/assets/atlantic.js?v=9202be5cf395bef2c061c135f811b3e6
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.208.248 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3135174a6ef944fc6d05d72278b6c2b2efed9b650c00b28a4ddbc674418ceafc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Accept
text/html, */*; q=0.01
cache-control
no-cache
Referer
https://www.heartloom.us/
X-Requested-With
XMLHttpRequest
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 01 Apr 2024 17:03:02 GMT
strict-transport-security
max-age=31536000
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8u8J2xgqT3yh%2FI%2BaYSF743CcbZKYhpcBIDXXWFkNd5vnNh21C5exgRxuVOeiDbVLO9hS2C7etVRhbayLeDF9ZW6utxBdeOWJDbdimLr8Dz5rIjM0JNlmaf20ukzNIFDJo%2FO2"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate
cf-ray
86da26757a3922f8-ORD
alt-svc
h3=":443"; ma=86400
expires
Thu, 19 Nov 1981 08:52:00 GMT
11_045_Heartloom%20Official%20Website_09268_242dj9w_marisa_dress_F_edi_762b2f50-4205-427d-b951-a95e0704db9b.jpg
heartloom-com.myshopify.com/cdn/shop/files/
0
0

two-image-split_d1a4764f-932e-4e1e-b9fd-94082e01cfab.jpg
heartloom-com.myshopify.com/cdn/shop/files/
352 KB
353 KB
Image
General
Full URL
https://heartloom-com.myshopify.com/cdn/shop/files/two-image-split_d1a4764f-932e-4e1e-b9fd-94082e01cfab.jpg?v=c7aede1b56548a62533f6232ead61485
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.74 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
shops.myshopify.com
Software
cloudflare /
Resource Hash
2a005a5efa483fb32863633beedaaa1c3e41325fb405d642bb2b471a4d3f68b6
Security Headers
Name Value
Content-Security-Policy sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:02 GMT
content-security-policy
sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-east1
age
2118
x-permitted-cross-domain-policies
none
source-type
image/jpeg
server-timing
imagery;dur=624.213, imageryFetch;dur=110.656, imageryProcess;dur=512.485;desc="image", cfRequestDuration;dur=17.999887
source-length
535008
content-length
360440
x-xss-protection
1; mode=block
x-sorting-hat-shopid
2396631
x-request-id
a1dc357f-fe4e-4e91-aa42-c323a52608be-1711514697
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 27 Mar 2024 04:44:58 GMT
server
cloudflare
x-download-options
noopen
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fXHDsjQn%2B2fLixKG0OeYKSBjVxBvt3%2FEseCXUsZnlrMN7cwssOWxdBiIchESgxHdNr7TWo6Hy9rD4ED4j2lkDsQYiBy7%2F%2BYaVRgfIOTygFCnLvuDczpIlrsd%2B6XnfG%2BNuoS4nXgSXX%2FokcbCjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
cf-ray
86da26758d0f8c7d-EWR
x-sorting-hat-podid
108
03_233_Heartloom%20Official%20Website_09178_242d16v_willow_dress_H_edi_a0e959da-c3f2-42e7-afff-e1aded0ba6ee.jpg
heartloom-com.myshopify.com/cdn/shop/files/
0
0

api.jquery-b0af070cfe3f5cf7c92f9e2a5da2665ee07ed2aad63bb408f8d6672f894a5996.js
heartloom-com.myshopify.com/cdn/shopifycloud/shopify/assets/themes_support/
6 KB
3 KB
Script
General
Full URL
https://heartloom-com.myshopify.com/cdn/shopifycloud/shopify/assets/themes_support/api.jquery-b0af070cfe3f5cf7c92f9e2a5da2665ee07ed2aad63bb408f8d6672f894a5996.js
Requested by
Host: heartloom-com.myshopify.com
URL: https://heartloom-com.myshopify.com/cdn/shop/t/40/assets/atlantic.js?v=9202be5cf395bef2c061c135f811b3e6
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.74 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
shops.myshopify.com
Software
cloudflare /
Resource Hash
b0af070cfe3f5cf7c92f9e2a5da2665ee07ed2aad63bb408f8d6672f894a5996
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:02 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies
none
x-dc
gcp-us-east1,gcp-us-east1
age
1647007
content-encoding
br
server-timing
imagery;dur=22.523, imageryFetch;dur=21.479, cfRequestDuration;dur=16.000032
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
4e77a6dc-77ad-4e09-a276-a2d0fc10797f-1709751377
last-modified
Wed, 06 Mar 2024 18:56:17 GMT
server
cloudflare
x-download-options
noopen
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lXcK5QnDUAb%2FdQ3d5%2BnJVmBnUhrVO05Rthsn8%2FCeHPELNbGNsR99I%2FZOL7R29dEos07XAP7eQnp66dZ8d4L%2FWHiVd6Ad62kXvRXb3xV9DGwKT%2Bs9Lw%2B4LX1NsLggTOQ4BMS1V1a9%2FUrpPsV%2Bog%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31556952, immutable
cf-ray
86da26758d178c7d-EWR
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/shopify/assets/themes_support/api.jquery-b0af070cfe3f5cf7c92f9e2a5da2665ee07ed2aad63bb408f8d6672f894a5996.js>; rel="canonical"
x-sorting-hat-podid
-1
fender_analytics.ef4116f665b9b33c638e.js
static-tracking.klaviyo.com/onsite/js/
31 KB
12 KB
Script
General
Full URL
https://static-tracking.klaviyo.com/onsite/js/fender_analytics.ef4116f665b9b33c638e.js?cb=1
Requested by
Host: static.klaviyo.com
URL: https://static.klaviyo.com/onsite/js/klaviyo.js?company_id=LCPxjh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c33ac6bac0d25dcb6f29eca048dfb3fcc7e0e50ef3df9aecb3f5375f7b1300b9

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
Origin
https://www.heartloom.us
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
D7d8SMg9JwWnVKVLbBADvXiYsHJGXaSm
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Mon, 01 Apr 2024 17:03:02 GMT
x-amz-request-id
4CRGPH5MK9EGCT38
age
479
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
x-amz-meta-surrogate-control
max-age=31536000
x-amz-meta-surrogate-key
fender-asset
content-length
12138
x-amz-id-2
WV4R2V7QFC8kw04ncge9bLb5YZBaZdwZ9bmqr0XOczC+F5YW+Ks+YomUE4h7iTbHiuslR3XV/M8=
x-served-by
cache-lga21921-LGA, cache-yyz4575-YYZ
last-modified
Thu, 29 Feb 2024 01:31:33 GMT
server
AmazonS3
etag
"1c1ff17ca82da1c09cc65108b4b565bf"
vary
Accept-Encoding
x-amz-meta-entrypoints-hash
771bbde1e53e812fa870a548a80f450846d20814
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000,stale-while-revalidate=10800
accept-ranges
bytes
x-cache-hits
58, 405
static.500134348b1f0969ffe3.js
static-tracking.klaviyo.com/onsite/js/
2 KB
2 KB
Script
General
Full URL
https://static-tracking.klaviyo.com/onsite/js/static.500134348b1f0969ffe3.js?cb=1
Requested by
Host: static.klaviyo.com
URL: https://static.klaviyo.com/onsite/js/klaviyo.js?company_id=LCPxjh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1ba49e8383e2329fe4f6e2a33172420fefd5bee26ce915cef9315f5b09c54cf8

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
Origin
https://www.heartloom.us
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
7U3jLLw9z4sVt_PYSHf5O2sK.gyJewM_
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Mon, 01 Apr 2024 17:03:02 GMT
x-amz-request-id
4CRPYHS3F7K4D385
age
479
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
x-amz-meta-surrogate-control
max-age=31536000
x-amz-meta-surrogate-key
fender-asset
content-length
985
x-amz-id-2
2Ym4rT3wvHvg4KVFVjOt14zJE3tHMBUQ6D3ERCx5FQnbpUe004rhSpytFdKz3bo6qS30WNLsYqg=
x-served-by
cache-lga21976-LGA, cache-yyz4575-YYZ
last-modified
Thu, 29 Feb 2024 01:31:33 GMT
server
AmazonS3
etag
"64de10774c3382fe4adddab07ea17f0d"
vary
Accept-Encoding
x-amz-meta-entrypoints-hash
771bbde1e53e812fa870a548a80f450846d20814
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000,stale-while-revalidate=10800
accept-ranges
bytes
x-cache-hits
22, 432
runtime.bf489a2df9b0db4fc2a0.js
static.klaviyo.com/onsite/js/
20 KB
9 KB
Script
General
Full URL
https://static.klaviyo.com/onsite/js/runtime.bf489a2df9b0db4fc2a0.js?cb=1
Requested by
Host: static.klaviyo.com
URL: https://static.klaviyo.com/onsite/js/klaviyo.js?company_id=LCPxjh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0632b6e1331dae7fa54bce9e3670e372bcb26662ea48e8977d9b46beecac90b3

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
Origin
https://www.heartloom.us
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
QuCpTRwuwKqtbg2K8LUCQGL2mb3b63zn
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Mon, 01 Apr 2024 17:03:02 GMT
x-amz-request-id
NAF6K8YNJPGZAES1
age
480
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
x-amz-meta-surrogate-control
max-age=31536000
x-amz-meta-surrogate-key
fender-asset
content-length
8356
x-amz-id-2
669i92h5HJseV+xy0Tqw+RuNLQwcAeZ1NQjsVF/2fIrHYZRLJErsL41RZNyvuUoJeK2WQxOSajU=
x-served-by
cache-lga21934-LGA, cache-yyz4529-YYZ
last-modified
Thu, 28 Mar 2024 19:02:20 GMT
server
AmazonS3
etag
"d3e85f643d1eac991a7c8195b2979874"
vary
Accept-Encoding
x-amz-meta-entrypoints-hash
9f021bfac070a713589142bf4db8401fb1f57e14
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000,stale-while-revalidate=10800
accept-ranges
bytes
x-cache-hits
97, 453
sharedUtils.0ff9e31e256d3b1e9f8f.js
static.klaviyo.com/onsite/js/
44 KB
17 KB
Script
General
Full URL
https://static.klaviyo.com/onsite/js/sharedUtils.0ff9e31e256d3b1e9f8f.js?cb=1
Requested by
Host: static.klaviyo.com
URL: https://static.klaviyo.com/onsite/js/klaviyo.js?company_id=LCPxjh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
06fb1b30d6507f8270fb4c8af35342c42e1f2ad96ff27367476c44e1ae5ee3fe

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
Origin
https://www.heartloom.us
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
KCAYlj9oWAqv7JEImcInuEISOkDjSf8Y
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Mon, 01 Apr 2024 17:03:02 GMT
x-amz-request-id
PT5B2ZYBR2GJJ8E2
age
480
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
x-amz-meta-surrogate-control
max-age=31536000
x-amz-meta-surrogate-key
fender-asset
content-length
17136
x-amz-id-2
Z9jnGmf3ZZla5HIbAJY5RUxVPlwuWK5eT/49ZCZAJlqhXpsPI4s7NMvXNB4v832BnM7G7X692XvVf3nDQM2238oi0uooH8JSQkfKBgLnKfY=
x-served-by
cache-lga21939-LGA, cache-yyz4529-YYZ
last-modified
Thu, 28 Mar 2024 21:32:59 GMT
server
AmazonS3
etag
"b321e57689543d1cb834d077af54c4f4"
vary
Accept-Encoding
x-amz-meta-entrypoints-hash
3653e485ff2981b102511b8b95494fdd0ed9d9bf
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000,stale-while-revalidate=10800
accept-ranges
bytes
x-cache-hits
22, 455
vendors~signup_forms~onsite-triggering.864cb3176bd70af21590.js
static.klaviyo.com/onsite/js/
20 KB
7 KB
Script
General
Full URL
https://static.klaviyo.com/onsite/js/vendors~signup_forms~onsite-triggering.864cb3176bd70af21590.js?cb=1
Requested by
Host: static.klaviyo.com
URL: https://static.klaviyo.com/onsite/js/klaviyo.js?company_id=LCPxjh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f5478093cbd10c6f050a10a8b06ea68f587a3b237718cd1a1b1f9b8b37ccff4a

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
Origin
https://www.heartloom.us
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
VL81xCfcRn1Ol1kdKune1PLT11kNI9M0
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Mon, 01 Apr 2024 17:03:02 GMT
x-amz-request-id
4CRVN907YG8C7VW0
age
480
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
x-amz-meta-surrogate-control
max-age=31536000
x-amz-meta-surrogate-key
fender-asset
content-length
7259
x-amz-id-2
8mkoZTFnamljJevlesSEfBCVDYcuO/tVv3WKHq48QIK1zZvj3+TlVw6odvWxS8SuqSHkN1k+7D2ua4xPYO2AcQ==
x-served-by
cache-lga21932-LGA, cache-yyz4529-YYZ
last-modified
Thu, 29 Feb 2024 01:31:33 GMT
server
AmazonS3
etag
"6892cb06d116035760ead469a5a594cf"
vary
Accept-Encoding
x-amz-meta-entrypoints-hash
771bbde1e53e812fa870a548a80f450846d20814
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000,stale-while-revalidate=10800
accept-ranges
bytes
x-cache-hits
6, 326
vendors~signup_forms.e707d6d405eecdf67185.js
static.klaviyo.com/onsite/js/
12 KB
5 KB
Script
General
Full URL
https://static.klaviyo.com/onsite/js/vendors~signup_forms.e707d6d405eecdf67185.js?cb=1
Requested by
Host: static.klaviyo.com
URL: https://static.klaviyo.com/onsite/js/klaviyo.js?company_id=LCPxjh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bb8d8f1ac92076838afbc5d039b1f60ad83c1dcb38911112059afeae7dc4583d

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
Origin
https://www.heartloom.us
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
x7k9_zv1oLI4LVlzFX.2zxKBgEsM_l21
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Mon, 01 Apr 2024 17:03:02 GMT
x-amz-request-id
4CRY67KS13SG0DK1
age
480
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
x-amz-meta-surrogate-control
max-age=31536000
x-amz-meta-surrogate-key
fender-asset
content-length
4243
x-amz-id-2
ncnHSydBqe+riaClocDEH5qnzheGxl+QNX6LdYrssJo+xTuCXC2W8x89BPyEKoOaH/QinAUqN0hLl9wc2MzKTg==
x-served-by
cache-lga21965-LGA, cache-yyz4529-YYZ
last-modified
Thu, 29 Feb 2024 01:31:33 GMT
server
AmazonS3
etag
"05af735bb01844f826e4e4e8be8d4529"
vary
Accept-Encoding
x-amz-meta-entrypoints-hash
771bbde1e53e812fa870a548a80f450846d20814
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000,stale-while-revalidate=10800
accept-ranges
bytes
x-cache-hits
2, 334
default~signup_forms~onsite-triggering.f802a18932c79492ad38.js
static.klaviyo.com/onsite/js/
30 KB
9 KB
Script
General
Full URL
https://static.klaviyo.com/onsite/js/default~signup_forms~onsite-triggering.f802a18932c79492ad38.js?cb=1
Requested by
Host: static.klaviyo.com
URL: https://static.klaviyo.com/onsite/js/klaviyo.js?company_id=LCPxjh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
381b37762970831071baa2916dcb4008f0039de83e6db97e20085b3c61daff54

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
Origin
https://www.heartloom.us
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
qtsFjYDk4BlUn1g2DS.n32I2O7qXdXfl
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Mon, 01 Apr 2024 17:03:02 GMT
x-amz-request-id
4CRTKB0W9BVM3YC4
age
480
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
x-amz-meta-surrogate-control
max-age=31536000
x-amz-meta-surrogate-key
fender-asset
content-length
9344
x-amz-id-2
sUZCC/XYisYq1fZWWJVNleCm/G5zoeNgqLrPnKuBIeszvSl1wSmv2+K3GcspjUwUm76ijPx7iDbDMLATKYRBgg==
x-served-by
cache-lga21950-LGA, cache-yyz4529-YYZ
last-modified
Thu, 29 Feb 2024 01:31:33 GMT
server
AmazonS3
etag
"d34d9221f78489a21a7b023ac739adae"
vary
Accept-Encoding
x-amz-meta-entrypoints-hash
771bbde1e53e812fa870a548a80f450846d20814
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000,stale-while-revalidate=10800
accept-ranges
bytes
x-cache-hits
7, 328
signup_forms.b6b6f28ee33b9d03e436.js
static.klaviyo.com/onsite/js/
14 KB
5 KB
Script
General
Full URL
https://static.klaviyo.com/onsite/js/signup_forms.b6b6f28ee33b9d03e436.js?cb=1
Requested by
Host: static.klaviyo.com
URL: https://static.klaviyo.com/onsite/js/klaviyo.js?company_id=LCPxjh
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d32eb598d06797c30eb0ab0f472c07bb6798f03654f4829a964a70d5c4dec9da

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
Origin
https://www.heartloom.us
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
q4mIl_IF.X3y.iWtVRI1Eta8k8DwnNGZ
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Mon, 01 Apr 2024 17:03:02 GMT
x-amz-request-id
CDMVSR8YGHQMP3KD
age
480
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
x-amz-meta-surrogate-control
max-age=31536000
x-amz-meta-surrogate-key
fender-asset
content-length
5333
x-amz-id-2
oxIzIsftv/NltM3v/TNnoLN8rOlMjIRT4Pv7wqlAw53DKrQeJHsmKq7wtkbwGI0dPXj6tba2ZNo=
x-served-by
cache-lga21973-LGA, cache-yyz4529-YYZ
last-modified
Thu, 14 Mar 2024 14:15:17 GMT
server
AmazonS3
etag
"f83889f3ef9aba34fbff7085add56783"
vary
Accept-Encoding
x-amz-meta-entrypoints-hash
45b57a56e703881dbf8671f9858e991148697c50
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000,stale-while-revalidate=10800
accept-ranges
bytes
x-cache-hits
44, 334
onsite
fast.a.klaviyo.com/custom-fonts/api/v1/company-fonts/
559 B
1 KB
XHR
General
Full URL
https://fast.a.klaviyo.com/custom-fonts/api/v1/company-fonts/onsite?company_id=LCPxjh
Requested by
Host: heartloom-com.myshopify.com
URL: https://heartloom-com.myshopify.com/cdn/shopifycloud/shopify/assets/shop_events_listener-61fa9e0a912c675e178777d2b27f6cbd482f8912a6b0aa31fa3515985a8cd626.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
cdf0ab28d0c95fcc230f5e5a17f1745b90c014c1de11e19ef4b50c9ad1322295
Security Headers
Name Value
Content-Security-Policy object-src 'none'; frame-ancestors 'self' login.bigcommerce.com *.mybigcommerce.com admin.shopify.com klaviyo.file.force.com klaviyo.lightning.force.com klaviyo.my.salesforce.com; script-src 'report-sample' 'strict-dynamic' 'unsafe-eval' https://cdn.ampproject.org/; base-uri 'none'; report-uri /csp/
Strict-Transport-Security max-age=900

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
object-src 'none'; frame-ancestors 'self' login.bigcommerce.com *.mybigcommerce.com admin.shopify.com klaviyo.file.force.com klaviyo.lightning.force.com klaviyo.my.salesforce.com; script-src 'report-sample' 'strict-dynamic' 'unsafe-eval' https://cdn.ampproject.org/; base-uri 'none'; report-uri /csp/
via
1.1 varnish, 1.1 varnish
date
Mon, 01 Apr 2024 17:03:02 GMT
strict-transport-security
max-age=900
age
1636256
x-cache
HIT, HIT
content-length
559
x-served-by
cache-bos4641-BOS, cache-yyz4568-YYZ
server
nginx
allow
GET, HEAD, OPTIONS
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
content-language
en-us
cache-control
max-age=10
access-control-allow-credentials
true
content-type
application/json; charset=utf-8
vary
Accept-Language, Cookie
accept-ranges
bytes
access-control-allow-headers
x-cache-hits
44, 1
full-forms
static-forms.klaviyo.com/forms/api/v7/LCPxjh/
40 KB
6 KB
XHR
General
Full URL
https://static-forms.klaviyo.com/forms/api/v7/LCPxjh/full-forms
Requested by
Host: heartloom-com.myshopify.com
URL: https://heartloom-com.myshopify.com/cdn/shopifycloud/shopify/assets/shop_events_listener-61fa9e0a912c675e178777d2b27f6cbd482f8912a6b0aa31fa3515985a8cd626.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
07c386c100e2cfe0e5056d0e07ca939863e09cc132596e8f021631ef7aa0e1d6

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
0Hg9iCEWqiXGOFxw_G_ndwZBduBgNlAT
content-encoding
gzip
via
1.1 varnish
date
Mon, 01 Apr 2024 17:03:02 GMT
x-amz-request-id
CRTEN2D90K7GAR7G
age
1628082
x-amz-server-side-encryption
AES256
x-cache
HIT
client-geo-continent
NA
x-amz-meta-surrogate-control
max-age=31536000
x-amz-meta-surrogate-key
full-forms/shared full-forms/LCPxjh custom-fonts/LCPxjh
content-length
5727
x-amz-id-2
OaXZqxnKzndbd9Jr+zr+dWS5RM0QabrKNLrLjPw6ArFymZC8FBfVBlOC9eZoLt0RuFxh6c7L0mw=
x-served-by
cache-yyz4526-YYZ
client-geo-country
US
last-modified
Wed, 13 Mar 2024 20:31:32 GMT
server
AmazonS3
x-timer
S1711990982.257545,VS0,VE1
etag
"10b3edbc7491d364650aaff5f7a9f63e"
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
client-geo-continent, client-geo-country
cache-control
max-age=5
accept-ranges
bytes
x-cache-hits
1
747724335749985
connect.facebook.net/signals/config/
57 KB
12 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/747724335749985?v=2.9.151&r=stable&domain=www.heartloom.us&hme=8ce74e881727851b4427183947937854816d72704925561b9de6420cd43214ee&ex_m=66%2C111%2C98%2C102%2C57%2C3%2C92%2C65%2C15%2C90%2C83%2C48%2C50%2C157%2C160%2C171%2C167%2C168%2C170%2C28%2C93%2C49%2C72%2C169%2C152%2C155%2C164%2C165%2C172%2C120%2C14%2C47%2C176%2C175%2C122%2C17%2C32%2C36%2C1%2C40%2C61%2C62%2C63%2C67%2C87%2C16%2C13%2C89%2C86%2C85%2C99%2C101%2C35%2C100%2C29%2C25%2C153%2C156%2C129%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C53%2C58%2C60%2C70%2C94%2C26%2C71%2C8%2C7%2C75%2C45%2C20%2C96%2C95%2C9%2C19%2C18%2C77%2C82%2C44%2C43%2C81%2C37%2C39%2C80%2C52%2C78%2C31%2C41%2C34%2C69%2C0%2C88%2C4%2C84%2C76%2C79%2C2%2C33%2C59%2C38%2C97%2C42%2C74%2C64%2C103%2C56%2C55%2C30%2C91%2C54%2C51%2C46%2C73%2C68%2C23%2C104
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f003:100:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
4e0b5352b340f4167dcf1512023ea86fea12a9a1224b21a29f8aff5468cfc7b0
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Mon, 01 Apr 2024 17:03:02 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=42, rtx=0, c=64, mss=1294, tbw=63157, tp=-1, tpl=-1, uplat=78, ullat=0
pragma
public
x-fb-debug
rVwamaxGIFlrrWrniYwEAfnUwf3J1ZfejFp6FOiX5K3gjXGQOLasHaZu3f4vWJJy6bikD+HEGckz2/GVoZSAyw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
674-bc135db.js
sdk.loyaltylion.net/static/2/
170 KB
50 KB
Script
General
Full URL
https://sdk.loyaltylion.net/static/2/674-bc135db.js
Requested by
Host: sdk.loyaltylion.net
URL: https://sdk.loyaltylion.net/static/2/loader.js?t=202431
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.3.82 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-3-82.yul62.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
0eb003cfda97f0e075fe3cd63918ef76ece725ead2f7bae5aa28dc871b1e5bd5

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 17 Feb 2024 00:30:58 GMT
content-encoding
br
via
1.1 60d690eb8aefecb50f44bbe348e3804a.cloudfront.net (CloudFront)
x-amz-cf-pop
YUL62-P2
age
3861125
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
50625
last-modified
Mon, 05 Feb 2024 10:49:34 GMT
server
AmazonS3
etag
"1f6f4dce930084c062ff94c10810803e"
vary
Accept-Encoding, Origin
content-type
application/javascript
cache-control
public, max-age=31536000, immutable
accept-ranges
bytes
x-amz-cf-id
SC3e3qJU1z7IEGGDoNgqpFjU4Tv_FLGCFbzOH_iBFdLu4DAnOlAQ7Q==
258-a06cd41.js
sdk.loyaltylion.net/static/2/
76 KB
22 KB
Script
General
Full URL
https://sdk.loyaltylion.net/static/2/258-a06cd41.js
Requested by
Host: sdk.loyaltylion.net
URL: https://sdk.loyaltylion.net/static/2/loader.js?t=202431
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.3.82 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-3-82.yul62.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
8f7fd6fca039038246ba6e6919f5a31e3cb5b2f9d0c4263bffbd9ede2c292eb4

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 18 Mar 2024 12:56:21 GMT
content-encoding
br
via
1.1 60d690eb8aefecb50f44bbe348e3804a.cloudfront.net (CloudFront)
x-amz-cf-pop
YUL62-P2
age
1224402
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
22290
last-modified
Mon, 18 Mar 2024 12:56:14 GMT
server
AmazonS3
etag
"a2bb7003472e4524b8225427473af07b"
vary
Accept-Encoding, Origin
content-type
application/javascript
cache-control
public, max-age=31536000, immutable
accept-ranges
bytes
x-amz-cf-id
hn3ONNGuYFX3-SIcqCJdkFq7I47AJO5vKCsPhVqtWQky6sfEokCBFA==
lion-core-ba6a335.js
sdk.loyaltylion.net/static/2/
92 KB
26 KB
Script
General
Full URL
https://sdk.loyaltylion.net/static/2/lion-core-ba6a335.js
Requested by
Host: sdk.loyaltylion.net
URL: https://sdk.loyaltylion.net/static/2/loader.js?t=202431
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.3.82 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-3-82.yul62.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
0efe7788691893e5c5076c492b49d8adcd238f096ebf47e3cce2bb040213e3ad

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 05 Mar 2024 09:55:59 GMT
content-encoding
br
via
1.1 60d690eb8aefecb50f44bbe348e3804a.cloudfront.net (CloudFront)
x-amz-cf-pop
YUL62-P2
age
2358424
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
25962
last-modified
Tue, 05 Mar 2024 09:55:51 GMT
server
AmazonS3
etag
"0384d3ed22c581d28f5d3876502a314c"
vary
Accept-Encoding, Origin
content-type
application/javascript
cache-control
public, max-age=31536000, immutable
accept-ranges
bytes
x-amz-cf-id
HTGV2DCv00BthLEwne8uMgBNFJJefNdvYSyLl_6NRNHfX7WiIZhWRw==
766-c97c67c.js
sdk.loyaltylion.net/static/2/
27 KB
9 KB
Script
General
Full URL
https://sdk.loyaltylion.net/static/2/766-c97c67c.js
Requested by
Host: sdk.loyaltylion.net
URL: https://sdk.loyaltylion.net/static/2/loader.js?t=202431
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.3.82 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-3-82.yul62.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d0cdc10b35992ab861de9750f38a038f1183f24fbcf0bb0a5138a5b841035c9a

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 11 Feb 2024 16:15:20 GMT
content-encoding
br
via
1.1 60d690eb8aefecb50f44bbe348e3804a.cloudfront.net (CloudFront)
x-amz-cf-pop
YUL62-P2
age
4322863
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
8726
last-modified
Mon, 05 Feb 2024 10:49:34 GMT
server
AmazonS3
etag
"659c6b70c706eda15d2c901b1fcd9f1f"
vary
Accept-Encoding, Origin
content-type
application/javascript
cache-control
public, max-age=31536000, immutable
accept-ranges
bytes
x-amz-cf-id
LSoRES7Y-A8ZAjquBU-jSF03Ebqp1x7UwRnsL7oU1Q0QYFj2XT_pUQ==
lion-app-integrated-28bdfe7.js
sdk.loyaltylion.net/static/2/
200 KB
43 KB
Script
General
Full URL
https://sdk.loyaltylion.net/static/2/lion-app-integrated-28bdfe7.js
Requested by
Host: sdk.loyaltylion.net
URL: https://sdk.loyaltylion.net/static/2/loader.js?t=202431
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.3.82 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-3-82.yul62.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
82d95166489d2a35ba899e41d152e0f83d166f6c2ec532ae20bdf63ce777c27c

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 23 Feb 2024 09:59:20 GMT
content-encoding
br
via
1.1 60d690eb8aefecb50f44bbe348e3804a.cloudfront.net (CloudFront)
x-amz-cf-pop
YUL62-P2
age
3308623
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
43414
last-modified
Fri, 23 Feb 2024 09:59:16 GMT
server
AmazonS3
etag
"198230ba926c4c67c233d419a0e2fd23"
vary
Accept-Encoding, Origin
content-type
application/javascript
cache-control
public, max-age=31536000, immutable
accept-ranges
bytes
x-amz-cf-id
DdrL4yYhRuNIEN9LdMkp-1VB1TtdDfumjtL4daieDKRVOFS-j-DrUQ==
77f1dd9026d389a7c7575b292465edff
sdk.loyaltylion.net/sdk/2023-11/config/
16 KB
3 KB
Fetch
General
Full URL
https://sdk.loyaltylion.net/sdk/2023-11/config/77f1dd9026d389a7c7575b292465edff?build=25917&t=2024040117
Requested by
Host: heartloom-com.myshopify.com
URL: https://heartloom-com.myshopify.com/cdn/shopifycloud/shopify/assets/shop_events_listener-61fa9e0a912c675e178777d2b27f6cbd482f8912a6b0aa31fa3515985a8cd626.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.3.82 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-3-82.yul62.r.cloudfront.net
Software
nginx /
Resource Hash
9bb941c9b7a4f9de59a527a2327594a06875855bd7586a54b3b2eac8611ffa3a

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:02 GMT
content-encoding
br
via
1.1 726979f71f252186e97d38202269f636.cloudfront.net (CloudFront)
server
nginx
x-amz-cf-pop
YUL62-P2
etag
W/"3f72-S7hAk0bGSAcZjOxGwHCTyki4nzQ"
x-cache-status
EXPIRED
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=60, must-revalidate
x-amz-cf-id
E2lERSkXvmOlqjf-36pvFxGxrP1TZoI_lTRK50uKlNysnUMYh-HQCw==
99ec4c84e1c258bd7b7334d4c5bfbf18
sdk.loyaltylion.net/sdk/translations/en/integrated_page_only/
43 KB
9 KB
Fetch
General
Full URL
https://sdk.loyaltylion.net/sdk/translations/en/integrated_page_only/99ec4c84e1c258bd7b7334d4c5bfbf18
Requested by
Host: heartloom-com.myshopify.com
URL: https://heartloom-com.myshopify.com/cdn/shopifycloud/shopify/assets/shop_events_listener-61fa9e0a912c675e178777d2b27f6cbd482f8912a6b0aa31fa3515985a8cd626.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.3.82 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-3-82.yul62.r.cloudfront.net
Software
nginx /
Resource Hash
e88f5a0e5bb978d89b3fea2db2119b625ab87d404701f3cfa87cce9ec817d168

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 23 Feb 2024 09:52:13 GMT
content-encoding
gzip
via
1.1 726979f71f252186e97d38202269f636.cloudfront.net (CloudFront)
server
nginx
x-amz-cf-pop
YUL62-P2
age
3309049
etag
W/"acf9-oxcMvyPiK/Y9vdjz0DnA1J8Jgtg"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, immutable
x-amz-cf-id
T_awENd1okUoLw32YihtAAs75c58QEW6V8rzsM2OGuIwB4bp9Gq8_A==
modern-6cbd0f3-84bdf80.css
sdk.loyaltylion.net/sdk/css/77f1dd9026d389a7c7575b292465edff/
145 KB
18 KB
Stylesheet
General
Full URL
https://sdk.loyaltylion.net/sdk/css/77f1dd9026d389a7c7575b292465edff/modern-6cbd0f3-84bdf80.css
Requested by
Host: sdk.loyaltylion.net
URL: https://sdk.loyaltylion.net/static/2/loader.js?t=202431
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.162.3.82 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-162-3-82.yul62.r.cloudfront.net
Software
nginx /
Resource Hash
ec468b50abcf417882375e005572494b30d22e883f7eb3c2a59510da6328670d

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 22 Feb 2024 12:14:14 GMT
content-encoding
br
via
1.1 60d690eb8aefecb50f44bbe348e3804a.cloudfront.net (CloudFront)
server
nginx
x-amz-cf-pop
YUL62-P2
age
3386928
etag
W/"242e4-8rSgoN668Rl8uH9km0HLcAdsiVA"
x-cache-status
MISS
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, immutable
x-amz-cf-id
4IAaJJrhrtcS6CYLN6nE24y7qlvrwNaRQcTxHMBJy_x0x-dBpjUVuw==
css
fonts.googleapis.com/
7 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600,700
Requested by
Host: sdk.loyaltylion.net
URL: https://sdk.loyaltylion.net/static/2/loader.js?t=202431
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c06::5f Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
3273996622afec9de3fde1cdde7686ad7e8a0c67b0073df16e84c8e099d6d898
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Mon, 01 Apr 2024 17:03:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Mon, 01 Apr 2024 15:21:43 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 01 Apr 2024 17:03:02 GMT
/
r.skimresources.com/api/
149 B
365 B
XHR
General
Full URL
https://r.skimresources.com/api/
Requested by
Host: heartloom-com.myshopify.com
URL: https://heartloom-com.myshopify.com/cdn/shopifycloud/shopify/assets/shop_events_listener-61fa9e0a912c675e178777d2b27f6cbd482f8912a6b0aa31fa3515985a8cd626.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.59.101 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
101.59.190.35.bc.googleusercontent.com
Software
openresty/1.19.9.1 /
Resource Hash
91a00daaf7946b0621ca8d03cf68f6950a6825c9ab9ba3a4b6aad129a610ebb3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform
"Win32"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Mon, 01 Apr 2024 17:03:02 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-encoding
gzip
server
openresty/1.19.9.1
via
1.1 google
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://www.heartloom.us
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
robots.txt
t.skimresources.com/api/v2/ Frame 1500
0
123 B
Image
General
Full URL
https://t.skimresources.com/api/v2/robots.txt?__skimjs_preflight__please_ignore__=true&rnd=0.6444310996894766
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.67.47 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
47.67.201.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:02 GMT
via
1.1 google
cache-control
private, no-store
server
nginx
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/plain
px.gif
p.skimresources.com/
43 B
93 B
Image
General
Full URL
https://p.skimresources.com/px.gif?ch=1&rn=10.149024939564347
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.91.160 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
160.91.190.35.bc.googleusercontent.com
Software
Skimlinks Pixel 1.0 /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

p3p
policyref="http://skimlinks.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
date
Mon, 01 Apr 2024 17:03:02 GMT
via
1.1 google
server
Skimlinks Pixel 1.0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
content-type
image/gif
px.gif
p.skimresources.com/
43 B
267 B
Image
General
Full URL
https://p.skimresources.com/px.gif?ch=2&rn=10.149024939564347
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.91.160 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
160.91.190.35.bc.googleusercontent.com
Software
Skimlinks Pixel 1.0 /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

p3p
policyref="http://skimlinks.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
date
Mon, 01 Apr 2024 17:03:02 GMT
via
1.1 google
server
Skimlinks Pixel 1.0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
content-type
image/gif
klaviyo.js
static.klaviyo.com/onsite/js/
4 KB
1 KB
Other
General
Full URL
https://static.klaviyo.com/onsite/js/klaviyo.js?company_id=LCPxjh
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
46bf2d75a804c668983b5ace7260096ea60eb954cf6f81af8b5407544ca0e074
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'strict-dynamic' 'unsafe-eval' https://cdn.ampproject.org/; base-uri 'none'; frame-ancestors 'self' login.bigcommerce.com *.mybigcommerce.com admin.shopify.com klaviyo.file.force.com klaviyo.lightning.force.com klaviyo.my.salesforce.com; object-src 'none'; report-uri /csp/

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
script-src 'report-sample' 'strict-dynamic' 'unsafe-eval' https://cdn.ampproject.org/; base-uri 'none'; frame-ancestors 'self' login.bigcommerce.com *.mybigcommerce.com admin.shopify.com klaviyo.file.force.com klaviyo.lightning.force.com klaviyo.my.salesforce.com; object-src 'none'; report-uri /csp/
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Mon, 01 Apr 2024 17:03:02 GMT
age
1635
x-cache
HIT, HIT
content-length
1175
x-served-by
cache-lga21933-LGA, cache-yyz4574-YYZ
server
nginx
x-timer
S1711990982.175135,VS0,VE0
etag
W/"41276840fbf1a100f63ac97c246e0354"
allow
OPTIONS, GET
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
content-language
en-us
cache-control
max-age=1, stale-while-revalidate=10800
access-control-allow-credentials
true
content-type
application/javascript
vary
Accept-Encoding
x-resp-is-stale
true
accept-ranges
bytes
access-control-allow-headers
x-cache-hits
20, 3
consent-tracking-api.js
www.heartloom.us/cdn/shopifycloud/consent-tracking-api/v0.1/
13 KB
5 KB
Script
General
Full URL
https://www.heartloom.us/cdn/shopifycloud/consent-tracking-api/v0.1/consent-tracking-api.js
Requested by
Host: heartloom-com.myshopify.com
URL: https://heartloom-com.myshopify.com/cdn/shopifycloud/shopify/assets/storefront/load_feature-9f951eb7d8d53973c719de211f807d63af81c644e5b9a6ae72661ac408d472f6.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.208.248 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
70520fbe73005adb01fa3727abaeea916eaacbb59039ca6c6d8db02a939ba09a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
Origin
https://www.heartloom.us
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 01 Apr 2024 17:03:03 GMT
strict-transport-security
max-age=31536000
content-encoding
br
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OlHfP1LDJ64uQkTULekbbYXykZXd0D0BHkaVJEPZZ%2F95L92BkaUIvTs6%2FFJyqJZKBQh50sBzFRRpz7wcqtYo6u6SYnUTTaUobEYYDObEUKttDhICtnpbxdjHHjE6incWF%2BWa"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate
cf-ray
86da2676dcc422f8-ORD
alt-svc
h3=":443"; ma=86400
expires
Thu, 19 Nov 1981 08:52:00 GMT
session
shop.app/pay/
18 B
2 KB
Fetch
General
Full URL
https://shop.app/pay/session?v=1&token=f2ee448b-6eff-4b5e-aae1-3d06d8a50a80&shop_id=2396631
Requested by
Host: heartloom-com.myshopify.com
URL: https://heartloom-com.myshopify.com/cdn/shopifycloud/shopify/assets/shop_events_listener-61fa9e0a912c675e178777d2b27f6cbd482f8912a6b0aa31fa3515985a8cd626.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
185.146.173.20 , Sweden, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9b5179ea2a77fe69b294fbd2ed504eacbfbe048ede58967b43af2ca537144b1f
Security Headers
Name Value
Content-Security-Policy default-src 'none'; font-src 'self' https: data: https://cdn.shopify.com https://cdn.shopifycloud.com; child-src blob: merchant-feedback.shopify.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: cdnjs.cloudflare.com v.shopify.com https://cdn.shopify.com https://cdn.shopifycloud.com https://www.google-analytics.com https://mpsnare.iesnare.com https://cdn1-sandbox.affirm.com https://checkout.shopifycs.com/dist/card_fields.js https://www.google.com https://www.gstatic.com https://hcaptcha.com https://*.hcaptcha.com https://*.googleapis.com https://unpkg.com; style-src 'self' 'unsafe-inline' blob: cdn.shopify.com sdks.shopifycdn.com https://cdn.shopify.com https://cdn.shopifycloud.com https://hcaptcha.com https://*.hcaptcha.com https://*.googleapis.com; media-src 'self' blob: data: cdn.shopify.com; img-src 'self' data: blob: https: cdn.shopify.com proxy.shopifycdn.com sdks.shopifycdn.com shopify-arrive.s3.amazonaws.com storage.googleapis.com v.shopify.com; connect-src 'self' https: https://cdn.shopify.com https://cdn.shopifycloud.com https://sessions.bugsnag.com https://notify.bugsnag.com https://monorail-edge.shopifysvc.com https://www.google-analytics.com https://stats.g.doubleclick.net https://atlas.shopifysvc.com https://hcaptcha.com https://*.hcaptcha.com; object-src 'none'; upgrade-insecure-requests; frame-src 'self' https://app.mode.com https://www.youtube.com https://app.datadoghq.com https://*.shopifycs.com https://pay.shopify.com https://checkout.shopifycs.com https://www.affirm.com https://sandbox.affirm.com https://cdn1-sandbox.affirm.com https://www.google.com https://recaptcha.google.com https://hcaptcha.com https://*.hcaptcha.com; frame-ancestors admin.shopify.com https: *.myshopify.com admin.shopify.com
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'none'; font-src 'self' https: data: https://cdn.shopify.com https://cdn.shopifycloud.com; child-src blob: merchant-feedback.shopify.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: cdnjs.cloudflare.com v.shopify.com https://cdn.shopify.com https://cdn.shopifycloud.com https://www.google-analytics.com https://mpsnare.iesnare.com https://cdn1-sandbox.affirm.com https://checkout.shopifycs.com/dist/card_fields.js https://www.google.com https://www.gstatic.com https://hcaptcha.com https://*.hcaptcha.com https://*.googleapis.com https://unpkg.com; style-src 'self' 'unsafe-inline' blob: cdn.shopify.com sdks.shopifycdn.com https://cdn.shopify.com https://cdn.shopifycloud.com https://hcaptcha.com https://*.hcaptcha.com https://*.googleapis.com; media-src 'self' blob: data: cdn.shopify.com; img-src 'self' data: blob: https: cdn.shopify.com proxy.shopifycdn.com sdks.shopifycdn.com shopify-arrive.s3.amazonaws.com storage.googleapis.com v.shopify.com; connect-src 'self' https: https://cdn.shopify.com https://cdn.shopifycloud.com https://sessions.bugsnag.com https://notify.bugsnag.com https://monorail-edge.shopifysvc.com https://www.google-analytics.com https://stats.g.doubleclick.net https://atlas.shopifysvc.com https://hcaptcha.com https://*.hcaptcha.com; object-src 'none'; upgrade-insecure-requests; frame-src 'self' https://app.mode.com https://www.youtube.com https://app.datadoghq.com https://*.shopifycs.com https://pay.shopify.com https://checkout.shopifycs.com https://www.affirm.com https://sandbox.affirm.com https://cdn1-sandbox.affirm.com https://www.google.com https://recaptcha.google.com https://hcaptcha.com https://*.hcaptcha.com; frame-ancestors admin.shopify.com https: *.myshopify.com admin.shopify.com
x-permitted-cross-domain-policies
none
server-timing
cfRequestDuration;dur=64.000130
etag
W/"9b5179ea2a77fe69b294fbd2ed504eac"
vary
Accept, Origin, Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.heartloom.us
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
x-frame-options
DENY
x-robots-tag
noindex
date
Mon, 01 Apr 2024 17:03:02 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
BYPASS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-east1
p3p
CP="Not used"
alt-svc
h3=":443"; ma=86400
content-length
18
x-xss-protection
1; mode=block
x-request-id
63082c86-bee1-4b48-896e-e5572d5b20b3-1711990982
x-runtime
0.003685
server
cloudflare
x-download-options
noopen
access-control-max-age
7200
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2xnJmVMzTe4Gjz0xRSgg9gwu9LHx%2BDhHdMxRMmD9HpXA2cmozcx8qbvZ6O%2BuuYgx6UOHVOlV8A9rNVih6le1DwKZEmEHFL3X8tdaVaFuxHUKDDrMRADyOk1H"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials
true
accept-ranges
bytes
cf-ray
86da26771ebc4bc0-BUF
x-sorting-hat-podid
-1
/
foursixty.com/api/v2/heartloom/timeline/
31 KB
31 KB
XHR
General
Full URL
https://foursixty.com/api/v2/heartloom/timeline/?pagination_type=cursor&page_size=25&format=json&page=1&use_stored_image_url=true
Requested by
Host: heartloom-com.myshopify.com
URL: https://heartloom-com.myshopify.com/cdn/shopifycloud/shopify/assets/shop_events_listener-61fa9e0a912c675e178777d2b27f6cbd482f8912a6b0aa31fa3515985a8cd626.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
157.230.5.204 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
8abbf914086c67f92d961eea336d01f054f3e50c41eff33df1917a70c13a0962

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept
application/json
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:02 GMT
via
1.1 varnish (Varnish/6.2)
server
nginx/1.18.0 (Ubuntu)
age
1060
allow
GET, HEAD, OPTIONS
vary
Cookie
content-type
application/json
access-control-allow-origin
*
x-varnish
480456394 478843957
cache-control
max-age = 7200.000
x-host
slave_india
accept-ranges
bytes
content-length
31406
chunk-WidgetIframe-707c4e63902039f00217.js
widget-v4.tidiochat.com/1_221_0/static/js/ Frame C9FE
478 KB
124 KB
Script
General
Full URL
https://widget-v4.tidiochat.com/1_221_0/static/js/chunk-WidgetIframe-707c4e63902039f00217.js
Requested by
Host: code.tidio.co
URL: https://code.tidio.co/us8tyygsqav9vkjo4ijrgeamgy1wyyry.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:88b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f0d33d03f394141d2412eb25a303937df18f4755e96a13e7f060476bcf8a28c1

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:02 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 20 Mar 2024 10:18:07 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
1643
etag
W/"65fab7df-7767d"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FUjDvoV25IHMq%2FV0%2FXPF6EpqIgndcwiSsuoovimSV0ua2gAgdc9ahAHYOrblFkJYEnSjZJiFoiW2g103S1wdri228p2dV%2BUuWLcdEjBP8zKrAM2LAqnqmnKyZ4R0UZyRJMzlBJuSCR431amYwvqL1VFZZeIJ"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=691200
cf-ray
86da2676fbc84bd2-BUF
mulish_SGhgqk3wotYKNnBQ.woff2
widget-v4.tidiochat.com/fonts/ Frame C9FE
27 KB
27 KB
Font
General
Full URL
https://widget-v4.tidiochat.com/fonts/mulish_SGhgqk3wotYKNnBQ.woff2
Requested by
Host: code.tidio.co
URL: https://code.tidio.co/us8tyygsqav9vkjo4ijrgeamgy1wyyry.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:88b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
577db921a554af3596942d3c48b5c91feaac8c767e183d518a8de8de86e5c7d8

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
Origin
https://www.heartloom.us
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:02 GMT
cf-cache-status
MISS
last-modified
Wed, 20 Mar 2024 10:18:04 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"65fab7dc-6b08"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UgJUlCyYXlghYR5lR8Egc4PD2sVaNYMAwsFNXzIDDtaBrxE3WwIrpJDABIdu4rGnwfWfE6yUd%2BnFjBTJ84OOuMvOyhhM2rWCKzXGrRuDqx%2Bz52lA8PDc2yk3goNeC50%2BZl2x53bbLp16ndYIxbDHNeq0mihb"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=691200
accept-ranges
bytes
cf-ray
86da26775c594bbd-BUF
content-length
27400
tururu.mp3
widget-v4.tidiochat.com// Frame C9FE
7 KB
7 KB
Media
General
Full URL
https://widget-v4.tidiochat.com//tururu.mp3
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:88b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
12c7687514ca85ba2157ed61914ac526bb9dd15cb5a2a2d9e4d88f919349284f

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept-Encoding
identity;q=1, *;q=0
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Referer
Range
bytes=0-
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:02 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1244193
Content-Range
bytes 0-7223/7224
Content-Length
7224
pragma
public
last-modified
Wed, 13 Mar 2024 10:04:45 GMT
server
cloudflare
etag
"65f17a3d-1c38"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PR8klsLRcFBBiBWTfOM0%2B92Ea5QNEzwS6FU0XGht7U5h%2F%2BFAKsmvpIF870r0NzmDvUUDSAYjlSuepe%2F5GqNKo6RuAvd4nbrlEmjApCDNQVWLvaFNn%2BNQprLyPALkSFMlRiPCyuZnImWRRrEc0aNcVpRzr8ee"}],"group":"cf-nel","max_age":604800}
content-type
audio/mpeg
cache-control
public, max-age=31536000
cf-ray
86da26771bd64bd2-BUF
expires
Mon, 01 Apr 2024 07:26:29 GMT
/
www.facebook.com/tr/
0
274 B
Image
General
Full URL
https://www.facebook.com/tr/?id=747724335749985&ev=PageView&dl=https%3A%2F%2Fwww.heartloom.us%2F&rl=&if=false&ts=1711990982264&sw=800&sh=600&v=2.9.151&r=stable&ec=0&o=4126&fbp=fb.1.1711990982263.417467486&ler=empty&cdl=API_unavailable&it=1711990982127&coo=false&rqm=GET
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f103:181:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-fb-connection-quality
EXCELLENT; q=0.9, rtt=34, rtx=0, c=10, mss=1294, tbw=2758, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Mon, 01 Apr 2024 17:03:02 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
vendors~reviews~atlas~ClientStore.dd9d02dd9fc376e8dd48.js
static.klaviyo.com/onsite/js/
22 KB
8 KB
Script
General
Full URL
https://static.klaviyo.com/onsite/js/vendors~reviews~atlas~ClientStore.dd9d02dd9fc376e8dd48.js
Requested by
Host: static.klaviyo.com
URL: https://static.klaviyo.com/onsite/js/runtime.bf489a2df9b0db4fc2a0.js?cb=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
aa03b89682a1f628e945d75327d8d602161b73c35d7159a34e6b2d01af15e4ca

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
Origin
https://www.heartloom.us
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
A3NdrY7E_GayJEfK8q6sOY94C6h1u5eg
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Mon, 01 Apr 2024 17:03:02 GMT
x-amz-request-id
H0C0F12D9CG2B2T6
age
480
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
x-amz-meta-surrogate-control
max-age=31536000
x-amz-meta-surrogate-key
fender-asset
content-length
7956
x-amz-id-2
yfjrJR1d4bppWAput1BhL1JqtOk9Jtr37zM//foDkoGeuSOteH0J/NE0o6tEMu3NDW1+JB6+tqQdhdj424U3rutOrvBiTcHyqpPPDFT6SfY=
x-served-by
cache-lga21937-LGA, cache-yyz4529-YYZ
last-modified
Thu, 14 Mar 2024 14:15:17 GMT
server
AmazonS3
etag
"2f5438508c293a1ad8e8f5b6a6cbd520"
vary
Accept-Encoding
x-amz-meta-entrypoints-hash
45b57a56e703881dbf8671f9858e991148697c50
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000,stale-while-revalidate=10800
accept-ranges
bytes
x-cache-hits
78, 117
ClientStore.a8f9bfbacdec91740fc5.js
static.klaviyo.com/onsite/js/
66 KB
20 KB
Script
General
Full URL
https://static.klaviyo.com/onsite/js/ClientStore.a8f9bfbacdec91740fc5.js
Requested by
Host: static.klaviyo.com
URL: https://static.klaviyo.com/onsite/js/runtime.bf489a2df9b0db4fc2a0.js?cb=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c700fb7899afe827a2f9b570df5b22ec50eb5142f1ae8ee34e8fa698814beaf7

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
Origin
https://www.heartloom.us
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
qsjgoLy6l9okxf1EUAYM4k9t3QoNPE9W
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Mon, 01 Apr 2024 17:03:02 GMT
x-amz-request-id
W5M2RMJVJHMJV654
age
480
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
x-amz-meta-surrogate-control
max-age=31536000
x-amz-meta-surrogate-key
fender-asset
content-length
19760
x-amz-id-2
Hk8lopVPpPh2xe3U2jZhoefnuCxd8ktq2CPJcD3nRyccGCn5txv/uZGq+rbv1EuMPjW2Werk5YKzLtRJaBKJOA==
x-served-by
cache-lga21975-LGA, cache-yyz4529-YYZ
last-modified
Mon, 25 Mar 2024 15:48:43 GMT
server
AmazonS3
etag
"b5ab4a6c513f72813c117516683f622f"
vary
Accept-Encoding
x-amz-meta-entrypoints-hash
154b3c2da6cc6705406b66ef6a709c6e6f975883
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000,stale-while-revalidate=10800
accept-ranges
bytes
x-cache-hits
10, 129
bundle.js
cdn-widgetsrepository.yotpo.com/widget-assets/yotpo-pixel/2024-02-21_09-17-48/
47 KB
15 KB
Script
General
Full URL
https://cdn-widgetsrepository.yotpo.com/widget-assets/yotpo-pixel/2024-02-21_09-17-48/bundle.js
Requested by
Host: cdn-widgetsrepository.yotpo.com
URL: https://cdn-widgetsrepository.yotpo.com/v1/loader/OmL6WbZDLWcJEfFCJHJNqQ
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:9000:7a0::1d72 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2b94731d440087668033de043ac96ec34fca2186bb8c5acf1196106df93b1be4

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
yYGgcnOvxFbCCkF4QN4AlrAfTD93uG6Z
content-encoding
gzip
date
Mon, 01 Apr 2024 17:03:02 GMT
x-amz-request-id
AH8F5DDS19A3V992
x-amz-server-side-encryption
AES256
content-length
15029
x-amz-id-2
k0Z0eDtgID41NPWLbX/CBchMm0RF2RE2FBrdh3sK8+hb3/Nd8YMK1mmliNnv0Nh87hpdaXMGF8M=
last-modified
Wed, 21 Feb 2024 09:17:50 GMT
server
AmazonS3
etag
"cc22c429f3431d2fb30ebc514f9e3b24"
vary
Accept-Encoding
access-control-max-age
86400
content-type
text/javascript
access-control-allow-origin
*
access-control-allow-methods
GET,POST
cache-control
max-age=31536000
access-control-allow-credentials
false
accept-ranges
bytes
access-control-allow-headers
*
expires
Tue, 01 Apr 2025 17:03:02 GMT
app.v0.8.3-5890.js
cdn-widgetsrepository.yotpo.com/widget-assets/widgets-initializer/
38 KB
12 KB
Script
General
Full URL
https://cdn-widgetsrepository.yotpo.com/widget-assets/widgets-initializer/app.v0.8.3-5890.js
Requested by
Host: cdn-widgetsrepository.yotpo.com
URL: https://cdn-widgetsrepository.yotpo.com/v1/loader/OmL6WbZDLWcJEfFCJHJNqQ
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:9000:7a0::1d72 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b8cd90329cd1c01ece6d7198416368323c1c7fb2a8a4abb412415369e844b30a

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
WACEYUocKS2k_BwjZp1G2Vp7wpECpRMm
content-encoding
gzip
date
Mon, 01 Apr 2024 17:03:02 GMT
x-amz-request-id
KSVNE5HY6JBZTQAH
x-amz-server-side-encryption
AES256
content-length
11977
x-amz-id-2
2N4NErfI1YCYjvyRQDlZaBdWbM2eC39U3VnYnovthy0dfIGFv1SZ8WNZ5m9l/BHlqLHi+bpjT6c=
last-modified
Thu, 22 Feb 2024 09:22:46 GMT
server
AmazonS3
x-amz-meta-s3cmd-attrs
atime:1708593764/ctime:1708593764/gid:117/gname:jenkins/md5:73d32f0189bd428988ebed8bda744ddf/mode:33188/mtime:1708593764/uid:110/uname:jenkins
etag
"73d32f0189bd428988ebed8bda744ddf"
vary
Accept-Encoding
access-control-max-age
86400
content-type
application/javascript
access-control-allow-origin
*
access-control-allow-methods
GET,POST
cache-control
max-age=31536000
access-control-allow-credentials
false
accept-ranges
bytes
access-control-allow-headers
*
expires
Tue, 01 Apr 2025 17:03:02 GMT
page
t.skimresources.com/api/v2/
22 B
351 B
XHR
General
Full URL
https://t.skimresources.com/api/v2/page
Requested by
Host: heartloom-com.myshopify.com
URL: https://heartloom-com.myshopify.com/cdn/shopifycloud/shopify/assets/shop_events_listener-61fa9e0a912c675e178777d2b27f6cbd482f8912a6b0aa31fa3515985a8cd626.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.67.47 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
47.67.201.35.bc.googleusercontent.com
Software
Python/3.11 aiohttp/3.8.6 /
Resource Hash
fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform
"Win32"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-type
text/plain

Response headers

pragma
no-cache
date
Mon, 01 Apr 2024 17:03:02 GMT
via
1.1 google
x-content-type-options
nosniff
server
Python/3.11 aiohttp/3.8.6
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/plain; charset=utf-8, application/javascript
access-control-allow-origin
https://www.heartloom.us
cache-control
no-store, no-cache, must-revalidate
access-control-allow-credentials
true
access-control-allow-headers
Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
content-length
22
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
track-analytics
a.klaviyo.com/onsite/ Frame
0
0
Preflight
General
Full URL
https://a.klaviyo.com/onsite/track-analytics?company_id=LCPxjh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:2bb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' login.bigcommerce.com *.mybigcommerce.com admin.shopify.com klaviyo.file.force.com klaviyo.lightning.force.com klaviyo.my.salesforce.com; script-src 'report-sample' 'strict-dynamic' 'unsafe-eval' https://cdn.ampproject.org/; object-src 'none'; base-uri 'none'; report-uri /csp/
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.heartloom.us
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
OPTIONS
access-control-allow-origin
*
access-control-max-age
86400
allow
POST, OPTIONS
cf-cache-status
DYNAMIC
cf-ray
86da2678af204bc6-BUF
content-encoding
gzip
content-language
en-us
content-security-policy
frame-ancestors 'self' login.bigcommerce.com *.mybigcommerce.com admin.shopify.com klaviyo.file.force.com klaviyo.lightning.force.com klaviyo.my.salesforce.com; script-src 'report-sample' 'strict-dynamic' 'unsafe-eval' https://cdn.ampproject.org/; object-src 'none'; base-uri 'none'; report-uri /csp/
content-type
text/html; charset=utf-8
date
Mon, 01 Apr 2024 17:03:02 GMT
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Language, Cookie, Accept-Encoding
x-content-type-options
nosniff
x-robots-tag
noindex, nofollow
track-analytics
a.klaviyo.com/onsite/ Frame
0
0
Preflight
General
Full URL
https://a.klaviyo.com/onsite/track-analytics?company_id=LCPxjh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:2bb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; object-src 'none'; script-src 'report-sample' 'strict-dynamic' 'unsafe-eval' https://cdn.ampproject.org/; frame-ancestors 'self' login.bigcommerce.com *.mybigcommerce.com admin.shopify.com klaviyo.file.force.com klaviyo.lightning.force.com klaviyo.my.salesforce.com; report-uri /csp/
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.heartloom.us
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
OPTIONS
access-control-allow-origin
*
access-control-max-age
86400
allow
POST, OPTIONS
cf-cache-status
DYNAMIC
cf-ray
86da2678af214bc6-BUF
content-encoding
gzip
content-language
en-us
content-security-policy
base-uri 'none'; object-src 'none'; script-src 'report-sample' 'strict-dynamic' 'unsafe-eval' https://cdn.ampproject.org/; frame-ancestors 'self' login.bigcommerce.com *.mybigcommerce.com admin.shopify.com klaviyo.file.force.com klaviyo.lightning.force.com klaviyo.my.salesforce.com; report-uri /csp/
content-type
text/html; charset=utf-8
date
Mon, 01 Apr 2024 17:03:02 GMT
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Language, Cookie, Accept-Encoding
x-content-type-options
nosniff
x-robots-tag
noindex, nofollow
532.d02dd9cbfbfa317cb34e.css
static.klaviyo.com/onsite/js/
70 KB
9 KB
Stylesheet
General
Full URL
https://static.klaviyo.com/onsite/js/532.d02dd9cbfbfa317cb34e.css
Requested by
Host: static.klaviyo.com
URL: https://static.klaviyo.com/onsite/js/runtime.bf489a2df9b0db4fc2a0.js?cb=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8cc2354045c3c945d3f6a8ffcd538cf3b90185f5e9ecc97fcea6b46adc297227

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
Origin
https://www.heartloom.us
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
vzVHzqVBIlYzbytT4TjUJNoOe_Kh58b8
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Mon, 01 Apr 2024 17:03:02 GMT
x-amz-request-id
T2YCRBVKVHYT8YAV
age
480
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
x-amz-meta-surrogate-control
max-age=31536000
x-amz-meta-surrogate-key
fender-asset
content-length
9093
x-amz-id-2
ovMDWmX1YxOjE3BOBf4Mf71G62oTAjaYHQdXlIb8pIPzWfiTgoHRoYZSnB0WRNFrMSsQe/EuXgDes3x4c/0K/uDsQ02SEOKWSXejn2yjdyw=
x-served-by
cache-lga13623-LGA, cache-yyz4529-YYZ
last-modified
Thu, 28 Mar 2024 19:02:18 GMT
server
AmazonS3
etag
"c5fb1a689beffa321111aa015ec7146d"
vary
Accept-Encoding
x-amz-meta-entrypoints-hash
9f021bfac070a713589142bf4db8401fb1f57e14
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=2592000,stale-while-revalidate=10800
accept-ranges
bytes
x-cache-hits
18, 126
styles.ccf9eb43fb94f6b4efde.js
static.klaviyo.com/onsite/js/
13 KB
4 KB
Script
General
Full URL
https://static.klaviyo.com/onsite/js/styles.ccf9eb43fb94f6b4efde.js
Requested by
Host: static.klaviyo.com
URL: https://static.klaviyo.com/onsite/js/runtime.bf489a2df9b0db4fc2a0.js?cb=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7570cd8f44031f13f92a393607bab34cedde1d42d3513dfeb8c1e9c693390f0b

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
Origin
https://www.heartloom.us
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
vaQGZLgFQcO49kAGEchnqc5Vb68Xo.1i
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Mon, 01 Apr 2024 17:03:02 GMT
x-amz-request-id
AA7557X9MR8ASRGR
age
480
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
x-amz-meta-surrogate-control
max-age=31536000
x-amz-meta-surrogate-key
fender-asset
content-length
3996
x-amz-id-2
WbV2I89V8itZRnsDCbqcYObSs32TXJiOw014rMS81GS1e1EDiq0iSYK2V1qeU/9jbE4Ky21obscCYHEJexZ2xExvmuxyEa/BOKZVQTJWoh0=
x-served-by
cache-lga21931-LGA, cache-yyz4529-YYZ
last-modified
Thu, 29 Feb 2024 01:31:33 GMT
server
AmazonS3
etag
"c6c30853a63ebd4a4189fa8dcd359f29"
vary
Accept-Encoding
x-amz-meta-entrypoints-hash
771bbde1e53e812fa870a548a80f450846d20814
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000,stale-while-revalidate=10800
accept-ranges
bytes
x-cache-hits
36, 123
vendors~Render.9de7688d87b6116252f3.js
static.klaviyo.com/onsite/js/
12 KB
4 KB
Script
General
Full URL
https://static.klaviyo.com/onsite/js/vendors~Render.9de7688d87b6116252f3.js
Requested by
Host: static.klaviyo.com
URL: https://static.klaviyo.com/onsite/js/runtime.bf489a2df9b0db4fc2a0.js?cb=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3212465f3ca80d2cd2058c1e26f2ed4a1c1777aa02528f06f7a93fea936789b6

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
Origin
https://www.heartloom.us
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
BqROTT6QVAjLeHMcaZ7VZbaifcoa_894
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Mon, 01 Apr 2024 17:03:02 GMT
x-amz-request-id
6EXG7V2TQZT94RM9
age
480
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
x-amz-meta-surrogate-control
max-age=31536000
x-amz-meta-surrogate-key
fender-asset
content-length
4050
x-amz-id-2
mDAnJtwcNnLZ6e1DR31qmZhUnqvlszOwI8gb16UaQXzfV5b8vLU+obRkN5H9FoTCQQkcfAc70Axv5aOnrGwaOw==
x-served-by
cache-lga21923-LGA, cache-yyz4529-YYZ
last-modified
Thu, 29 Feb 2024 12:23:35 GMT
server
AmazonS3
etag
"abaa57c316b39052dff0039291ceb986"
vary
Accept-Encoding
x-amz-meta-entrypoints-hash
069fa42e7ddfc8a3c48edcf159fb3c496de7146a
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000,stale-while-revalidate=10800
accept-ranges
bytes
x-cache-hits
10, 122
Render.ada7d952083a82a926d8.js
static.klaviyo.com/onsite/js/
117 KB
32 KB
Script
General
Full URL
https://static.klaviyo.com/onsite/js/Render.ada7d952083a82a926d8.js
Requested by
Host: static.klaviyo.com
URL: https://static.klaviyo.com/onsite/js/runtime.bf489a2df9b0db4fc2a0.js?cb=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.130.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
33c87f4c78ed5f6f37d7d52dd6168eee200579bbfc3a292e573847f74eee67f7

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
Origin
https://www.heartloom.us
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
Zw6JG_.5TYSTTY7CkkuZRy9W8TwnuGHs
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Mon, 01 Apr 2024 17:03:02 GMT
x-amz-request-id
14RC6995NAFTD128
age
480
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
x-amz-meta-surrogate-control
max-age=31536000
x-amz-meta-surrogate-key
fender-asset
content-length
32454
x-amz-id-2
7yc3m9z+JsYjBNFdMCEWALN55oHsd6smYdcKKBhWSehfxN5kGTNyfG8Up688eHNuG53HsDycxBVypt9DSJovDhjhEg2ySO8/AhR3/CAhWP4=
x-served-by
cache-lga21969-LGA, cache-yyz4529-YYZ
last-modified
Mon, 25 Mar 2024 15:48:43 GMT
server
AmazonS3
etag
"ae2d3b5cc8abd39a44dc06d3e7dbc7d3"
vary
Accept-Encoding
x-amz-meta-entrypoints-hash
154b3c2da6cc6705406b66ef6a709c6e6f975883
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000,stale-while-revalidate=10800
accept-ranges
bytes
x-cache-hits
49, 122
track-analytics
a.klaviyo.com/onsite/
50 B
337 B
XHR
General
Full URL
https://a.klaviyo.com/onsite/track-analytics?company_id=LCPxjh
Requested by
Host: heartloom-com.myshopify.com
URL: https://heartloom-com.myshopify.com/cdn/shopifycloud/shopify/assets/shop_events_listener-61fa9e0a912c675e178777d2b27f6cbd482f8912a6b0aa31fa3515985a8cd626.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:2bb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf09db36a73dce64a30c34ad16fbc105bb5b3785c06cd871f6fbb3b8d8de7709
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'strict-dynamic' 'unsafe-eval' https://cdn.ampproject.org/; base-uri 'none'; frame-ancestors 'self' login.bigcommerce.com *.mybigcommerce.com admin.shopify.com klaviyo.file.force.com klaviyo.lightning.force.com klaviyo.my.salesforce.com; object-src 'none'; report-uri /csp/
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
application/json
accept
application/json
Referer
https://www.heartloom.us/
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:02 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-security-policy
script-src 'report-sample' 'strict-dynamic' 'unsafe-eval' https://cdn.ampproject.org/; base-uri 'none'; frame-ancestors 'self' login.bigcommerce.com *.mybigcommerce.com admin.shopify.com klaviyo.file.force.com klaviyo.lightning.force.com klaviyo.my.salesforce.com; object-src 'none'; report-uri /csp/
content-length
50
server
cloudflare
allow
POST, OPTIONS
vary
Accept-Language, Cookie, Accept-Encoding
content-language
en-us
access-control-allow-origin
*
access-control-allow-methods
POST
content-type
application/json
access-control-max-age
86400
access-control-allow-credentials
true
cf-ray
86da26791f574bc6-BUF
access-control-allow-headers
x-robots-tag
noindex, nofollow
track-analytics
a.klaviyo.com/onsite/
50 B
363 B
XHR
General
Full URL
https://a.klaviyo.com/onsite/track-analytics?company_id=LCPxjh
Requested by
Host: heartloom-com.myshopify.com
URL: https://heartloom-com.myshopify.com/cdn/shopifycloud/shopify/assets/shop_events_listener-61fa9e0a912c675e178777d2b27f6cbd482f8912a6b0aa31fa3515985a8cd626.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:2bb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf09db36a73dce64a30c34ad16fbc105bb5b3785c06cd871f6fbb3b8d8de7709
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'strict-dynamic' 'unsafe-eval' https://cdn.ampproject.org/; object-src 'none'; base-uri 'none'; frame-ancestors 'self' login.bigcommerce.com *.mybigcommerce.com admin.shopify.com klaviyo.file.force.com klaviyo.lightning.force.com klaviyo.my.salesforce.com; report-uri /csp/
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
application/json
accept
application/json
Referer
https://www.heartloom.us/
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:02 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-security-policy
script-src 'report-sample' 'strict-dynamic' 'unsafe-eval' https://cdn.ampproject.org/; object-src 'none'; base-uri 'none'; frame-ancestors 'self' login.bigcommerce.com *.mybigcommerce.com admin.shopify.com klaviyo.file.force.com klaviyo.lightning.force.com klaviyo.my.salesforce.com; report-uri /csp/
content-length
50
server
cloudflare
allow
POST, OPTIONS
vary
Accept-Language, Cookie, Accept-Encoding
content-language
en-us
access-control-allow-origin
*
access-control-allow-methods
POST
content-type
application/json
access-control-max-age
86400
access-control-allow-credentials
true
cf-ray
86da26791f594bc6-BUF
access-control-allow-headers
x-robots-tag
noindex, nofollow
truncated
/
3 KB
3 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f4b3a3ea7bee850d3e9af1b3c0384248858c315ab5edd49db42dee76ac6e32e0

Request headers

Referer
Origin
https://www.heartloom.us
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type
application/x-font-ttf;charset=utf-8
AvenirLTStd-Roman.woff
cdn.shopify.com/s/files/1/0239/6631/files/
14 KB
15 KB
Font
General
Full URL
https://cdn.shopify.com/s/files/1/0239/6631/files/AvenirLTStd-Roman.woff?v=1655917788
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.60.200 , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
cloudflare /
Resource Hash
4370a53666b645f488a469001b6846eba9ce7f4285595854f5e5847e7ded637f
Security Headers
Name Value
Content-Security-Policy sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
Origin
https://www.heartloom.us
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:02 GMT
content-security-policy
sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains; preload
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-central1,gcp-us-central1
server-timing
imagery;dur=157.951, imageryFetch;dur=55.039, imageryProcess;dur=102.572;desc="font", cfRequestDuration;dur=39.000034
alt-svc
h3=":443"; ma=86400
content-length
14776
x-xss-protection
1; mode=block
x-request-id
683bb02f-b2de-465e-b2eb-60330c402499-1711275176
last-modified
Sun, 24 Mar 2024 10:12:56 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9LGyPM259OHuYMKDkusxejk5KRiZJYq3SPcoHqDaPTbyf826B3CFdY7V%2BMkoiHDoNlXCKNAp4LYMMqwAKzBe4iRChsXvjD7oKyUljjxlhn4lI%2Bl83n6LZFw4U%2FfTqgDhyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/0239/6631/files/AvenirLTStd-Roman.woff>; rel="canonical"
cf-ray
86da2678dbde4bcd-BUF
cart.js
www.heartloom.us/
283 B
1 KB
Fetch
General
Full URL
https://www.heartloom.us/cart.js?_tmp=997934093384
Requested by
Host: heartloom-com.myshopify.com
URL: https://heartloom-com.myshopify.com/cdn/shopifycloud/shopify/assets/shop_events_listener-61fa9e0a912c675e178777d2b27f6cbd482f8912a6b0aa31fa3515985a8cd626.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.208.248 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
03ce23d4612c2232456abed4cf9ab8248f78d9a6f8d7737af868e3ab9daeeb5e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 01 Apr 2024 17:03:04 GMT
strict-transport-security
max-age=31536000
content-encoding
br
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eQCBYzZoZSljkEwukxEqJWn9cOSUIkRMEtP1rOvDSKPVnL5gjcL8nT497feL1rc3CitVfRqXDNqIBRgRgmXN4dXwiw%2FYF2MkoHKerXwD%2B2Rf5JZv28uS0K42iIpAu2TIGC1h"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate
cf-ray
86da2679193a22f8-ORD
alt-svc
h3=":443"; ma=86400
expires
Thu, 19 Nov 1981 08:52:00 GMT
widget.707c4e63902039f00217.js
widget-v4.tidiochat.com/1_221_0/static/js/ Frame C9FE
493 KB
158 KB
Script
General
Full URL
https://widget-v4.tidiochat.com/1_221_0/static/js/widget.707c4e63902039f00217.js
Requested by
Host: code.tidio.co
URL: https://code.tidio.co/us8tyygsqav9vkjo4ijrgeamgy1wyyry.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:88b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
acbb80fb8d967121130a1faf91ed3465632af545c50c7bcdee5b92eb304295f5

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:02 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 20 Mar 2024 10:18:07 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
1577
etag
W/"65fab7df-7b4f6"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ELmQ54cwPISGffAA2dQ4GdxsEnmA7iolDCBmVDpb6J8exJ2KH%2BYVhEGGRl4Ec1pg4GpS8hPAzmYE%2BKa7%2BDlMzOmq7OA25LxZp5JOaVnQa7HDpwmYxMtER7juV36rqI9z2zoWseOGWVn%2FABX%2Bv3W%2F5qXL%2F7AZ"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=691200
cf-ray
86da26792d224bd2-BUF
tururu.mp3
widget-v4.tidiochat.com// Frame C9FE
7 KB
7 KB
Media
General
Full URL
https://widget-v4.tidiochat.com//tururu.mp3
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:88b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
12c7687514ca85ba2157ed61914ac526bb9dd15cb5a2a2d9e4d88f919349284f

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept-Encoding
identity;q=1, *;q=0
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Referer
Range
bytes=0-
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:02 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1244193
Content-Range
bytes 0-7223/7224
Content-Length
7224
pragma
public
last-modified
Wed, 13 Mar 2024 10:04:45 GMT
server
cloudflare
etag
"65f17a3d-1c38"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JL498cpGL1IWdSR6GmtXDdRTn724umgQ7EViSAt2O%2BVhAarXTy%2BkkNSN5Nc2vWA%2Bhjs8nwDpXXvACWOGeA4NsMvac32rPkj7L5LaS%2F%2BUAb4E5SF1yZJrCAc9%2BcwAFmGISgQhFrrTQ%2FYZQtcINRYND%2FEkjYSI"}],"group":"cf-nel","max_age":604800}
content-type
audio/mpeg
cache-control
public, max-age=31536000
cf-ray
86da2679dd904bd2-BUF
expires
Mon, 01 Apr 2024 07:26:29 GMT
mulish_SGhgqk3wotYKNnBQ.woff2
widget-v4.tidiochat.com/fonts/ Frame 9E64
27 KB
27 KB
Font
General
Full URL
https://widget-v4.tidiochat.com/fonts/mulish_SGhgqk3wotYKNnBQ.woff2
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:88b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
577db921a554af3596942d3c48b5c91feaac8c767e183d518a8de8de86e5c7d8

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
Origin
https://www.heartloom.us
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:03 GMT
cf-cache-status
HIT
last-modified
Wed, 20 Mar 2024 10:18:04 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
1
etag
"65fab7dc-6b08"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m7Avfbp00SFsjJpZQnq1SpfM3yFLiA9jKuaJvpUP0HMob%2FCjz7r3lDDZg%2FZMQLs6ChnCMxl0yQZjA4tnTGI9sdiJ6lMBbsX1Om38IXkYgloNr%2BX4S5I6gam0HI0eeTDRMmBweTBN5lyui0CklW2WpZ5yy6pm"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=691200
accept-ranges
bytes
cf-ray
86da267d583e4bbd-BUF
content-length
27400
produce_batch
www.heartloom.us/.well-known/shopify/monorail/unstable/
0
488 B
Ping
General
Full URL
https://www.heartloom.us/.well-known/shopify/monorail/unstable/produce_batch
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/cdn/s/trekkie.storefront.81e7c2f873195e45afafd9b60802a3260bdef5d8.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.208.248 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform
"Win32"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Mon, 01 Apr 2024 17:03:03 GMT
strict-transport-security
max-age=31536000
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jIqV8k1iigkwh1S1qQDvgfsjeYGXe%2F5MkKK%2FBKXTql1dtdxICVRB4js8SFc8kN6c94inaEVJPKWtJe0q3ddA4mkOkPT1nlaf%2FBert5LVH7XD%2FjMX9JNMidgkxMTWhlV896XB"}],"group":"cf-nel","max_age":604800}
content-type
text/html;charset=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate
cf-ray
86da267f7daa22f8-ORD
alt-svc
h3=":443"; ma=86400
expires
Thu, 19 Nov 1981 08:52:00 GMT
/
str.rise-ai.com/
0
0
Script
General
Full URL
https://str.rise-ai.com/?shop=Heartloom.us.myshopify.com
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:18ba , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:03 GMT
cf-cache-status
BYPASS
server
cloudflare
etag
W/"15-/6VXivhc2MKdLfIkLcUE47K6aH0"
x-powered-by
Express
vary
Origin, Accept-Encoding
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
cf-ray
86da2680acae4bd8-BUF
content-length
21
/
strn.rise-ai.com/
0
0
Script
General
Full URL
https://strn.rise-ai.com/?shop=Heartloom.us.myshopify.com
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:2cbd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:03 GMT
cf-cache-status
BYPASS
server
cloudflare
etag
W/"15-/6VXivhc2MKdLfIkLcUE47K6aH0"
x-powered-by
Express
vary
Origin, Accept-Encoding
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
cf-ray
86da2680da5b4bbd-BUF
content-length
21
grin-sdk.js
d38xvr37kwwhcm.cloudfront.net/js/
47 KB
16 KB
Script
General
Full URL
https://d38xvr37kwwhcm.cloudfront.net/js/grin-sdk.js?shop=Heartloom.us.myshopify.com
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26a0:4000:15:decf:f580:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b5612f69b7e9bc926acd5b28953653996ec75e6de73fdb110f3598c28754a610

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
U6nGJyHrP5bKUSzRLYY8LHZiiNaB0WI_
content-encoding
gzip
via
1.1 39bd4dd36d89ac693c6b532053af59d6.cloudfront.net (CloudFront)
date
Mon, 01 Apr 2024 08:07:46 GMT
last-modified
Wed, 15 Feb 2023 20:44:37 GMT
server
AmazonS3
x-amz-cf-pop
YUL62-P2
age
32118
x-amz-server-side-encryption
AES256
etag
W/"1d29e2190be6665be84c49429278090f"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-id
kfnejrJsHk9_ZKprLL2CPuF3uulRFxkm9Ds_Gy034R-s2Zo3m-vhIQ==
afterpay-attract-widget.js
static-us.afterpay.com/shopify/afterpay-attract/
127 KB
30 KB
Script
General
Full URL
https://static-us.afterpay.com/shopify/afterpay-attract/afterpay-attract-widget.js?shop=Heartloom.us.myshopify.com
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:269f:3800:16:77a1:11c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8845773549841757fe5a3f9b68640bbd1e9c9c223ad82a7af1ec81c5f5d8944b

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
F_8YA3HGgmLQlz6qW1Da.LJWCvVmPQYn
content-encoding
gzip
via
1.1 ddaa088f1b6b5a9bcdc791a053431534.cloudfront.net (CloudFront)
date
Mon, 01 Apr 2024 17:00:24 GMT
last-modified
Wed, 20 Mar 2024 00:31:31 GMT
server
AmazonS3
x-amz-cf-pop
YUL62-P1
age
160
x-amz-server-side-encryption
AES256
etag
W/"a411100fa8223ea840fde5411873a0c5"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
x-amz-cf-id
HUNVOgrTea87KkTNcCTHgTW91IvhOgZueXW-vUcIH3gRMB-3tm0ePQ==
script.js
geolocation-recommendations.shopifyapps.com/locale_bar/
0
1 KB
Script
General
Full URL
https://geolocation-recommendations.shopifyapps.com/locale_bar/script.js?shop=Heartloom.us.myshopify.com
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.146.173.20 , Sweden, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.shopifycloud.com cdn.shopify.com geolocation-recommendations.shopifyapps.com; style-src 'self' 'unsafe-inline' cdn.shopify.com cdn.shopifycloud.com; img-src 'self' 'unsafe-inline' cdn.shopify.com cdn.shopifycloud.com data: *; font-src 'self' cdn.shopify.com cdn.shopifycloud.com data: *; frame-ancestors *.myshopify.com geolocation-recommendations.shopifyapps.com admin.shopify.com; object-src 'none'; media-src 'self' cdn.shopify.com cdn.shopifycloud.com; base-uri 'none'; upgrade-insecure-requests; connect-src 'self' sessions.bugsnag.com notify.bugsnag.com monorail-edge.shopifysvc.com country-service.shopifycloud.com wss://argus.shopifycloud.com shop.app cdn.shopify.com geolocation-recommendations.shopifyapps.com; frame-src 'self' shopify-geolocation-proxy.com
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:03 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.shopifycloud.com cdn.shopify.com geolocation-recommendations.shopifyapps.com; style-src 'self' 'unsafe-inline' cdn.shopify.com cdn.shopifycloud.com; img-src 'self' 'unsafe-inline' cdn.shopify.com cdn.shopifycloud.com data: *; font-src 'self' cdn.shopify.com cdn.shopifycloud.com data: *; frame-ancestors *.myshopify.com geolocation-recommendations.shopifyapps.com admin.shopify.com; object-src 'none'; media-src 'self' cdn.shopify.com cdn.shopifycloud.com; base-uri 'none'; upgrade-insecure-requests; connect-src 'self' sessions.bugsnag.com notify.bugsnag.com monorail-edge.shopifysvc.com country-service.shopifycloud.com wss://argus.shopifycloud.com shop.app cdn.shopify.com geolocation-recommendations.shopifyapps.com; frame-src 'self' shopify-geolocation-proxy.com
cf-cache-status
BYPASS
x-permitted-cross-domain-policies
none
x-dc
gcp-us-central1,gcp-us-east1
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server-timing
processing;dur=4, socket_queue;dur=4.922, util;dur=0.1, cfRequestDuration;dur=85.000038
alt-svc
h3=":443"; ma=86400
content-length
0
x-xss-protection
0
x-request-id
e96a0de2-1b16-4719-a6ae-ebb8181ee005-1711990983
x-runtime
0.004235
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
x-download-options
noopen
x-frame-options
DENY
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z%2BT4bbM1lh1gr89FF%2B18lko38hl4rHUUIk%2Bo53YaKGK9pSaGhoza%2BIW2w9f0e2zT%2FzzfR6chBD3TcXGO%2Fp7CeTW%2BaZlQTXucT%2FxJJRjD0JKfKdrEDr1j%2BLBxCcfbPMttNLSdpO4VKBw0IdTh4cOXDNoY%2B7ynX5oPIlLBIxg%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript; charset=utf-8
vary
Accept-Encoding
cache-control
no-cache
accept-ranges
bytes
cf-ray
86da268099ce4bc7-BUF
shopify.widget.js
shopify-widget.route.com/
70 KB
14 KB
Script
General
Full URL
https://shopify-widget.route.com/shopify.widget.js?shop=Heartloom.us.myshopify.com
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21a2:e800:18:94b4:d1c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e3b0416e0fbd3ac62ffb662565d7148a2e22512819a9f00b24bb7c7080c8dd73

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
SLxTIpqcXFudXq1GsgFVfbKrz32v_oeP
content-encoding
gzip
via
1.1 c895b3711944bd74895c678884a6e914.cloudfront.net (CloudFront)
date
Sun, 31 Mar 2024 20:30:30 GMT
last-modified
Tue, 26 Mar 2024 20:30:26 GMT
server
AmazonS3
x-amz-cf-pop
YUL62-C1
age
73954
x-amz-server-side-encryption
AES256
etag
W/"8ed2d58518b2fa919fbdd4810cf802b9"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-id
h1BO44i-JMMD1DPPsizkdF-5xpfbhK3R2UT0qTbx3aBBXKpalOqfRA==
main.min.js
full-page-zoom.product-image-zoom.com/js/core/
155 KB
49 KB
Script
General
Full URL
https://full-page-zoom.product-image-zoom.com/js/core/main.min.js?timestamp=1711211057&shop=Heartloom.us.myshopify.com
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.223.1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
18846b6ef4c09cd1e9103b7f02c8c3dbdc0dd055053a49345e669505174cd5f2

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:03 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Thu, 21 Mar 2024 20:39:16 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0O4LnuZy7bZ%2B94qcOLmA2yLIqlK%2ByBwGZg3EghByOfP61f92xaAXe4fKGh58BkiD%2FvtcWPo2ukpYqz2kaewMcgU1pGex4eOoT8f1vdgvnaUot2uNAbpGKe1BWZOioN%2B3SvPQDeC8pZ26rFFH1kfHBEZV3kqzxzdZ"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=31536000
cf-ray
86da2680afeb4bd3-BUF
alt-svc
h3=":443"; ma=86400
runtime.esm.en.c9639fa4634a32e9fd80.js
cdn.shopify.com/shopifycloud/checkout-web/assets/
0
4 KB
Other
General
Full URL
https://cdn.shopify.com/shopifycloud/checkout-web/assets/runtime.esm.en.c9639fa4634a32e9fd80.js
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/checkouts/internal/preloads.js?locale=en-US
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.60.200 , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
Origin
https://www.heartloom.us
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:03 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains; preload
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-east1
server-timing
imagery;dur=57.072, imageryFetch;dur=27.687, cfRequestDuration;dur=118.000031
alt-svc
h3=":443"; ma=86400
content-length
2954
x-xss-protection
1; mode=block
x-request-id
0294b0af-ac91-426d-864a-62d260c98074-1711990983
last-modified
Mon, 01 Apr 2024 17:03:03 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JWwwMFBx%2FZRsIRv13doocyQznJKq9r%2BS1GoF6MOUO0Rw9qT5jIdlll6CNvRJctlJa5N3JcNUkFlKu88R8unvjhjhcwRa%2BPjGHXwPJBdbvkuTiBQE7vlzAnxV%2BJj2a4CbhQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/checkout-web/assets/runtime.esm.en.c9639fa4634a32e9fd80.js>; rel="canonical"
cf-ray
86da26804f9c4bcd-BUF
favicons_32x32.png
heartloom-com.myshopify.com/cdn/shop/files/
662 B
2 KB
Other
General
Full URL
https://heartloom-com.myshopify.com/cdn/shop/files/favicons_32x32.png?v=60e9ffa278c8ddfdae14d06b64cc4e92
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.74 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
shops.myshopify.com
Software
cloudflare /
Resource Hash
dde0e5dcc0037e98076e82c445a8b524779b1e860625996f478c0463aafa6fe2
Security Headers
Name Value
Content-Security-Policy sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:03 GMT
content-security-policy
sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-central1
age
2117
x-permitted-cross-domain-policies
none
source-type
image/png
server-timing
imagery;dur=54.624, imageryFetch;dur=45.510, imageryProcess;dur=8.226;desc="image", cfRequestDuration;dur=15.000105
source-length
614
content-length
662
x-xss-protection
1; mode=block
x-sorting-hat-shopid
2396631
x-request-id
0b5b2287-0308-45df-be6b-76e2b03a4d2d-1711324795
alt-svc
h3=":443"; ma=86400
last-modified
Sun, 24 Mar 2024 23:59:55 GMT
server
cloudflare
x-download-options
noopen
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iOkn20BasisbQUI%2F3y5NOAy%2FgwCPKC68j%2BKGn8jpNotEUOx8WRPBGXLUHuRzd3lO8QYqdL04qFaavoRMFvVhF2kUpY2uw0I5yjwvI2AHesrcaSV%2BwiXsI2lEKlD5GJFr%2F7jWiRw9XAzfHETpFg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
cf-ray
86da26808ada8c7d-EWR
x-sorting-hat-podid
108
625.esm.en.153dda6a6c035caa012e.js
cdn.shopify.com/shopifycloud/checkout-web/assets/
0
82 KB
Other
General
Full URL
https://cdn.shopify.com/shopifycloud/checkout-web/assets/625.esm.en.153dda6a6c035caa012e.js
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/checkouts/internal/preloads.js?locale=en-US
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.60.200 , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
Origin
https://www.heartloom.us
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:04 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains; preload
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-central1
server-timing
imagery;dur=54.801, imageryFetch;dur=21.063, cfRequestDuration;dur=207.000017
alt-svc
h3=":443"; ma=86400
content-length
83247
x-xss-protection
1; mode=block
x-request-id
52f54a12-0287-4fb6-8580-99de9236882c-1711990983
last-modified
Mon, 01 Apr 2024 17:03:04 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h2ooPziRYb%2BTkwW3%2Fq%2F2LDWio2lD3qMc%2FcCmOwFdu0DKUs2CPX2kSs9Cx%2Bb%2B8DmAl91ydaUbTRHfgstAPiCGK4qtbWBfsvLXnSKzllZCVezJUq7foI0MW%2B4O%2BQ5NpOHN9A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/checkout-web/assets/625.esm.en.153dda6a6c035caa012e.js>; rel="canonical"
cf-ray
86da2681382b4bcd-BUF
produce_batch
www.heartloom.us/.well-known/shopify/monorail/unstable/
0
492 B
Ping
General
Full URL
https://www.heartloom.us/.well-known/shopify/monorail/unstable/produce_batch
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/cdn/wpm/b923483b2w04fb9a55pdf3e3378md2b76e35m.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.208.248 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform
"Win32"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Mon, 01 Apr 2024 17:03:04 GMT
strict-transport-security
max-age=31536000
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k5OQPzKeU%2Fn1b53Cvy4GvTMrqncRc6SoAlk%2Bclh9U4XXIivrk7HTSnsKF3Unl83CS%2Fa4L2sywwx54%2BQFAtqgxRVjZlYTrwCgY8%2FXNucUMeF9C%2BFC5uRmVnOAiky7m3zB7GTO"}],"group":"cf-nel","max_age":604800}
content-type
text/html;charset=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate
cf-ray
86da268179a222f8-ORD
alt-svc
h3=":443"; ma=86400
expires
Thu, 19 Nov 1981 08:52:00 GMT
preferences.json
full-page-zoom.product-image-zoom.com/json/
25 B
541 B
XHR
General
Full URL
https://full-page-zoom.product-image-zoom.com/json/preferences.json?shop=Heartloom.us.myshopify.com&timestamp=1711211057
Requested by
Host: heartloom-com.myshopify.com
URL: https://heartloom-com.myshopify.com/cdn/shopifycloud/shopify/assets/shop_events_listener-61fa9e0a912c675e178777d2b27f6cbd482f8912a6b0aa31fa3515985a8cd626.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.223.1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3306f65a2e14b828de17e6ed0119cba80ae77c55d6b7850d10aff753c0faddaf

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:04 GMT
cf-cache-status
MISS
last-modified
Mon, 01 Apr 2024 17:03:04 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XX04U4QLIFweZ%2FtlrFbI6FG3nbuK3KvhMnrDUSTLau%2F2xK7Je6IiFJEHWCq4%2BKZZ2Huj5h9N3oDA9bEkwf7YAQjQGFnp7jrA%2B8XFuK3Sjwrgk45i3LEZrjFDOGxLdH7u8iUC3rNeuVUQNpnjrpUOgWwpUvuHJHqy"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
cache-control
max-age=31536000, must-revalidate, no-transform
accept-ranges
bytes
cf-ray
86da26828ef422cd-ORD
alt-svc
h3=":443"; ma=86400
content-length
25
produce
www.heartloom.us/.well-known/shopify/monorail/v1/
0
485 B
Ping
General
Full URL
https://www.heartloom.us/.well-known/shopify/monorail/v1/produce
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/cdn/shopifycloud/boomerang/shopify-boomerang-1.0.0.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.208.248 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform
"Win32"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 01 Apr 2024 17:03:04 GMT
strict-transport-security
max-age=31536000
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FslUsKnUcf1lOz5tmGDjZ9QJjQm2tILT3hDWHSmzWTTnktvmU0jOI07uxxydJHxzQO2muVbh711U8bhSXaoRp44ZWx1x0%2FeWe2THnenP1oEiFW1hsbfIbyGPOSmSOuyYNVUZ"}],"group":"cf-nel","max_age":604800}
content-type
text/html;charset=utf-8
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate
cf-ray
86da26829b6022f8-ORD
alt-svc
h3=":443"; ma=86400
expires
Thu, 19 Nov 1981 08:52:00 GMT
945.esm.en.b0458ff49338c70b57e1.js
cdn.shopify.com/shopifycloud/checkout-web/assets/
0
193 KB
Other
General
Full URL
https://cdn.shopify.com/shopifycloud/checkout-web/assets/945.esm.en.b0458ff49338c70b57e1.js
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/checkouts/internal/preloads.js?locale=en-US
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.60.200 , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
Origin
https://www.heartloom.us
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:04 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains; preload
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-central1
server-timing
imagery;dur=59.535, imageryFetch;dur=29.156, cfRequestDuration;dur=180.999994
alt-svc
h3=":443"; ma=86400
content-length
197162
x-xss-protection
1; mode=block
x-request-id
e6b57146-0498-4fa1-932d-7b86cf1bf76a-1711990984
last-modified
Mon, 01 Apr 2024 17:03:04 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6PZnuUDbY9WsY8PkUqeXcQDqy0YXjuvtcboS1yR1xniugxmjll%2FZTJBk%2BRYZ9DtQQSzrT6xjfcFRkAEy071GvO81GaiUm9Y0mSFkMQMlOBClCpWQ39XBcYAkYcnnaCevbg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/checkout-web/assets/945.esm.en.b0458ff49338c70b57e1.js>; rel="canonical"
cf-ray
86da2682e9514bcd-BUF
681.esm.en.f62ef81d9958a0c158c5.js
cdn.shopify.com/shopifycloud/checkout-web/assets/
0
20 KB
Other
General
Full URL
https://cdn.shopify.com/shopifycloud/checkout-web/assets/681.esm.en.f62ef81d9958a0c158c5.js
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/checkouts/internal/preloads.js?locale=en-US
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.60.200 , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
Origin
https://www.heartloom.us
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:04 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains; preload
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-east1
server-timing
imagery;dur=59.016, imageryFetch;dur=33.323, cfRequestDuration;dur=44.000149
alt-svc
h3=":443"; ma=86400
content-length
19484
x-xss-protection
1; mode=block
x-request-id
56bea073-d135-49eb-91d2-cfc1c39936b0-1711682374
last-modified
Fri, 29 Mar 2024 03:19:34 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HSbB47VjEjxA84jJrefOb67daVej6n0mTwQ6AjrdWzlNIxwp9WSL5I8WHHFtM%2BKmEnynkBHdl%2BfuenEE6tY%2BO8bKZEyEiUhmcczVUtLYMuPj3vJRuzR9sOoAkOQFsuLgmw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/checkout-web/assets/681.esm.en.f62ef81d9958a0c158c5.js>; rel="canonical"
cf-ray
86da26846a394bcd-BUF
app.esm.en.643e3614d65a1465aef0.js
cdn.shopify.com/shopifycloud/checkout-web/assets/
0
244 KB
Other
General
Full URL
https://cdn.shopify.com/shopifycloud/checkout-web/assets/app.esm.en.643e3614d65a1465aef0.js
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/checkouts/internal/preloads.js?locale=en-US
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.60.200 , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
Origin
https://www.heartloom.us
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:04 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains; preload
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-east1
server-timing
imagery;dur=82.648, imageryFetch;dur=38.032, cfRequestDuration;dur=174.999952
alt-svc
h3=":443"; ma=86400
content-length
249261
x-xss-protection
1; mode=block
x-request-id
1007308f-664d-4574-abc3-0a269b99281a-1711990984
last-modified
Mon, 01 Apr 2024 17:03:04 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K4zrzp7Q2ZYS600TWUFRYLbJsgvxx4l2x%2BUQbF4MnRnytivXu8cdDtly7KrAyL3S9ohQKrCFxrwhZENZvrsvw5vInsEn51Wwd0YLMtP%2F%2Ff2XypAbkDF1gspkWl%2BWDN3OAA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/checkout-web/assets/app.esm.en.643e3614d65a1465aef0.js>; rel="canonical"
cf-ray
86da2684da874bcd-BUF
751.esm.en.0334e5e46742322a83e8.js
cdn.shopify.com/shopifycloud/checkout-web/assets/
0
970 B
Other
General
Full URL
https://cdn.shopify.com/shopifycloud/checkout-web/assets/751.esm.en.0334e5e46742322a83e8.js
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/checkouts/internal/preloads.js?locale=en-US
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.60.200 , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
Origin
https://www.heartloom.us
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:04 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-central1
content-encoding
br
server-timing
imagery;dur=27.220, imageryFetch;dur=26.752, cfRequestDuration;dur=39.999962
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
bf592106-0d2e-4f8b-9d49-9c2e918fcc3e-1710780777
last-modified
Mon, 18 Mar 2024 16:52:57 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nBEBEU71x4OYjOiDfQHShOFKKQfflpvLGxgueyCP%2FHezrZAMc3%2BXJK9DXoEoKN%2FWLpbgbn81mL8SdX9YBKTlvyC5HiovMnrGJZItpEkXUaKxMKj0UTtezM%2FiOLupFA%2BYqg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000, immutable
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/checkout-web/assets/751.esm.en.0334e5e46742322a83e8.js>; rel="canonical"
cf-ray
86da26869b534bcd-BUF
trace
www.cloudflare.com/cdn-cgi/
305 B
411 B
XHR
General
Full URL
https://www.cloudflare.com/cdn-cgi/trace
Requested by
Host: heartloom-com.myshopify.com
URL: https://heartloom-com.myshopify.com/cdn/shopifycloud/shopify/assets/shop_events_listener-61fa9e0a912c675e178777d2b27f6cbd482f8912a6b0aa31fa3515985a8cd626.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.123.96 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1b2382f390d3e507bd2f09a4539192407a5e854a80ac3278fefcb29ba81b9048
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cloudflare
x-frame-options
DENY
content-type
text/plain
access-control-allow-origin
*
cache-control
no-cache
cf-ray
86da2686fb1336c9-YYZ
expires
Thu, 01 Jan 1970 00:00:01 GMT
836.esm.en.1fdbc8e0cac376e65f04.js
cdn.shopify.com/shopifycloud/checkout-web/assets/
0
8 KB
Other
General
Full URL
https://cdn.shopify.com/shopifycloud/checkout-web/assets/836.esm.en.1fdbc8e0cac376e65f04.js
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/checkouts/internal/preloads.js?locale=en-US
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.60.200 , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
Origin
https://www.heartloom.us
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:04 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains; preload
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-central1
server-timing
imagery;dur=61.347, imageryFetch;dur=22.469, cfRequestDuration;dur=39.999962
alt-svc
h3=":443"; ma=86400
content-length
7753
x-xss-protection
1; mode=block
x-request-id
25f0b8ac-1a56-46ff-8d76-74d6768015f7-1711514704
last-modified
Wed, 27 Mar 2024 04:45:04 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Cvlw3J6KzuxPDY6K1mhRTRbHoMfwBvGzuCzbcEG8tA2hWoan3SmnzWPNo7AHzkIdEElVJhkKXw8QMfigiOMeaivp5Zcsvkt9i0Jzy%2F6wTL%2FMcka0a93yDk%2BPazBUx3vGRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/checkout-web/assets/836.esm.en.1fdbc8e0cac376e65f04.js>; rel="canonical"
cf-ray
86da2686fb7d4bcd-BUF
202.esm.en.8791eba0c4d819b11e20.js
cdn.shopify.com/shopifycloud/checkout-web/assets/
0
33 KB
Other
General
Full URL
https://cdn.shopify.com/shopifycloud/checkout-web/assets/202.esm.en.8791eba0c4d819b11e20.js
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/checkouts/internal/preloads.js?locale=en-US
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.60.200 , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
Origin
https://www.heartloom.us
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:04 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains; preload
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-east1
server-timing
imagery;dur=43.911, imageryFetch;dur=25.064, cfRequestDuration;dur=44.000149
alt-svc
h3=":443"; ma=86400
content-length
33014
x-xss-protection
1; mode=block
x-request-id
6fb000de-a083-4e90-94ed-3f4702f33303-1711633351
last-modified
Thu, 28 Mar 2024 13:42:31 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mDpIR7T%2FTmd61AhOZzDZQ9nH7xlL%2B6SX4%2FPTmDS0Vo93SR5NxXi7xHMtC9jXdjedhUHglOD4E8KUUiH4wxUeZ03exa2ThEDb%2BB07pyTioereKOYenZXLed1cXcyHXmXDrQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/checkout-web/assets/202.esm.en.8791eba0c4d819b11e20.js>; rel="canonical"
cf-ray
86da26875ba84bcd-BUF
100.esm.en.cb201b24f2a38735c6d8.js
cdn.shopify.com/shopifycloud/checkout-web/assets/
0
2 KB
Other
General
Full URL
https://cdn.shopify.com/shopifycloud/checkout-web/assets/100.esm.en.cb201b24f2a38735c6d8.js
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/checkouts/internal/preloads.js?locale=en-US
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.60.200 , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
Origin
https://www.heartloom.us
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:04 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-central1
content-encoding
br
server-timing
imagery;dur=20.881, imageryFetch;dur=20.340, cfRequestDuration;dur=46.000004
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
598069f4-162a-416c-9363-54fb199afd49-1710780777
last-modified
Mon, 18 Mar 2024 16:52:58 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DuwcI4ggR%2FAHsih0PhBMFkdPMACqodSUW4Gs4xJfRE3CxCxibQhCle%2Fcl2LhUfFMDBXg%2BqcWrOzr6lgvcGZVesbWGIlQxB7zBCyCCAtGm487%2FhDHb8zJZNoFnvziNCvw%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000, immutable
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/checkout-web/assets/100.esm.en.cb201b24f2a38735c6d8.js>; rel="canonical"
cf-ray
86da2687cbe44bcd-BUF
OnePage.esm.en.5b491caafc59df8d7db7.js
cdn.shopify.com/shopifycloud/checkout-web/assets/
0
248 KB
Other
General
Full URL
https://cdn.shopify.com/shopifycloud/checkout-web/assets/OnePage.esm.en.5b491caafc59df8d7db7.js
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/checkouts/internal/preloads.js?locale=en-US
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.60.200 , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
Origin
https://www.heartloom.us
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:05 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains; preload
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-central1
server-timing
imagery;dur=75.732, imageryFetch;dur=36.061, cfRequestDuration;dur=253.999949
alt-svc
h3=":443"; ma=86400
content-length
253150
x-xss-protection
1; mode=block
x-request-id
9d6127f5-9c2c-40b7-a7e7-25ade7a95140-1711990984
last-modified
Mon, 01 Apr 2024 17:03:05 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lotiVMsJi0ClSx1JMTf1y5%2BjXYtp90mliMRzrlSFxPxYdVWp0ZufgmrDvZRFJRvTAYrAOmq3%2FoAOIWHqyZP9xIwX1%2BGpdCRFrcqy3Uv47StjOOFIb8Q3TbOdITKkUjAmEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/checkout-web/assets/OnePage.esm.en.5b491caafc59df8d7db7.js>; rel="canonical"
cf-ray
86da26883c164bcd-BUF
625.esm.en.2c262ab76c9364628ad5.css
cdn.shopify.com/shopifycloud/checkout-web/assets/
0
24 KB
Other
General
Full URL
https://cdn.shopify.com/shopifycloud/checkout-web/assets/625.esm.en.2c262ab76c9364628ad5.css
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/checkouts/internal/preloads.js?locale=en-US
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.60.200 , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
Origin
https://www.heartloom.us
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:05 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains; preload
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-central1,gcp-us-east1
server-timing
imagery;dur=54.008, imageryFetch;dur=25.893, cfRequestDuration;dur=29.999971
alt-svc
h3=":443"; ma=86400
content-length
23634
x-xss-protection
1; mode=block
x-request-id
22b97aee-a39b-4743-a3e3-ce9f5cf94990-1711633352
last-modified
Thu, 28 Mar 2024 13:42:32 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CJ8z9SxYWrtTYzrDvKLNBcM0MsMxgBLzbd71MfrVCM4IV8cAw%2FAamN39xFQghhfT3HEou2bd5EL7yk0ZljEYGPXxGo8X9oFz9yZlna7MSkRbe0vWQyTLVsaUSg4QyHFb2g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/checkout-web/assets/625.esm.en.2c262ab76c9364628ad5.css>; rel="canonical"
cf-ray
86da268a3d5b4bcd-BUF
app.esm.en.cfbb45fd8786be5943fa.css
cdn.shopify.com/shopifycloud/checkout-web/assets/
0
2 KB
Other
General
Full URL
https://cdn.shopify.com/shopifycloud/checkout-web/assets/app.esm.en.cfbb45fd8786be5943fa.css
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/checkouts/internal/preloads.js?locale=en-US
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.60.200 , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
Origin
https://www.heartloom.us
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:05 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-central1,gcp-us-central1
content-encoding
br
server-timing
imagery;dur=26.965, imageryFetch;dur=26.297, cfRequestDuration;dur=29.000044
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
f82adf41-d434-4a45-b310-f9d2de3b3f28-1710199904
last-modified
Mon, 11 Mar 2024 23:31:44 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GRzWSHAWHqm%2BEnpTUeKeMRikVrWwNjZ70tW%2FMCQDrUn%2FIrDMX6oSZdScnAmwRBE0fl1bHAcWLQQsrCPsvN%2BgVjBm4zO205lS2JHIJ1kfREF3rKBtqXR%2B9arA4RxoMFL3aA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000, immutable
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/checkout-web/assets/app.esm.en.cfbb45fd8786be5943fa.css>; rel="canonical"
cf-ray
86da268a9d894bcd-BUF
836.esm.en.e65d8773b9b947357a59.css
cdn.shopify.com/shopifycloud/checkout-web/assets/
0
6 KB
Other
General
Full URL
https://cdn.shopify.com/shopifycloud/checkout-web/assets/836.esm.en.e65d8773b9b947357a59.css
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/checkouts/internal/preloads.js?locale=en-US
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.60.200 , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
Origin
https://www.heartloom.us
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:05 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains; preload
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-central1,gcp-us-east1
server-timing
imagery;dur=32.860, imageryFetch;dur=22.126, cfRequestDuration;dur=29.000044
alt-svc
h3=":443"; ma=86400
content-length
5862
x-xss-protection
1; mode=block
x-request-id
a7b4d7f5-a8d3-4883-9ff7-0f9036fc9179-1711114961
last-modified
Fri, 22 Mar 2024 13:42:41 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R8%2BTYUdhvBeQrvitq7qJtDplaiM2YHpU0k8aeva73Tf7gSwa8NSCoz77A1DPOWkuTq3ANQJgLcwspWMN7odbtPKdtKsKXk%2FF7ObYmkiKo92VFEnu%2BbNgb8iA8M79Q64auw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/checkout-web/assets/836.esm.en.e65d8773b9b947357a59.css>; rel="canonical"
cf-ray
86da268aedb94bcd-BUF
268.esm.en.c0e343a1f804f608cd5b.css
cdn.shopify.com/shopifycloud/checkout-web/assets/
0
9 KB
Other
General
Full URL
https://cdn.shopify.com/shopifycloud/checkout-web/assets/268.esm.en.c0e343a1f804f608cd5b.css
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/checkouts/internal/preloads.js?locale=en-US
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.60.200 , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
Origin
https://www.heartloom.us
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:05 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains; preload
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-central1,gcp-us-central1
server-timing
imagery;dur=31.724, imageryFetch;dur=22.693, cfRequestDuration;dur=72.000027
alt-svc
h3=":443"; ma=86400
content-length
8360
x-xss-protection
1; mode=block
x-request-id
d4e8f435-e944-4ca7-86c0-eaa8937bd9d7-1711722374
last-modified
Fri, 29 Mar 2024 14:26:14 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c9Uhq0Eu7e5zwfpx%2Bz82MdUeoVRzP2P0pLGdiPxm8GxOcUDMf%2BPUdr1mbierhz2P0WEPzVsNfuNrFiFtJNHj8B0Vbc4fjJUElgGEHe6E8spyF2a%2BowqEFoUh3j8uBGTCUw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/shopifycloud/checkout-web/assets/268.esm.en.c0e343a1f804f608cd5b.css>; rel="canonical"
cf-ray
86da268b3dd84bcd-BUF
HL_logo_2c2b2a_x320.png
cdn.shopify.com/s/files/1/0239/6631/files/
0
27 KB
Other
General
Full URL
https://cdn.shopify.com/s/files/1/0239/6631/files/HL_logo_2c2b2a_x320.png?v=1614317518
Requested by
Host: www.heartloom.us
URL: https://www.heartloom.us/checkouts/internal/preloads.js?locale=en-US
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.60.200 , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
Origin
https://www.heartloom.us
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:05 GMT
content-security-policy
sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains; preload
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-east1
source-type
image/png
server-timing
imagery;dur=120.546, imageryFetch;dur=65.674, imageryProcess;dur=53.584;desc="image", cfRequestDuration;dur=44.000149
source-length
1512725
content-length
26454
x-xss-protection
1; mode=block
x-request-id
ecd1fc87-97ba-48a5-8a2f-10939c8084b6-1709762477
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 06 Mar 2024 22:01:17 GMT
server
cloudflare
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0E3hw7jE4oGYP2JVyODqO4gc7p97cAuXZYj%2B99balQZSxMKAzq2j0XEBfW3zA294h36KISA9DzCkaRBxene2JKzqCCgVgaAhgHC%2FwQXnflqK8klF%2BI%2B55IchgxVyuCrXiA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/0239/6631/files/HL_logo_2c2b2a_x320.png>; rel="canonical"
cf-ray
86da268bde334bcd-BUF
track-analytics
a.klaviyo.com/onsite/ Frame
0
0
Preflight
General
Full URL
https://a.klaviyo.com/onsite/track-analytics?company_id=LCPxjh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:2bb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' login.bigcommerce.com *.mybigcommerce.com admin.shopify.com klaviyo.file.force.com klaviyo.lightning.force.com klaviyo.my.salesforce.com; script-src 'report-sample' 'strict-dynamic' 'unsafe-eval' https://cdn.ampproject.org/; base-uri 'none'; object-src 'none'; report-uri /csp/
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.heartloom.us
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
OPTIONS
access-control-allow-origin
*
access-control-max-age
86400
allow
POST, OPTIONS
cf-cache-status
DYNAMIC
cf-ray
86da26969d8d4bc6-BUF
content-encoding
gzip
content-language
en-us
content-security-policy
frame-ancestors 'self' login.bigcommerce.com *.mybigcommerce.com admin.shopify.com klaviyo.file.force.com klaviyo.lightning.force.com klaviyo.my.salesforce.com; script-src 'report-sample' 'strict-dynamic' 'unsafe-eval' https://cdn.ampproject.org/; base-uri 'none'; object-src 'none'; report-uri /csp/
content-type
text/html; charset=utf-8
date
Mon, 01 Apr 2024 17:03:07 GMT
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Language, Cookie, Accept-Encoding
x-content-type-options
nosniff
x-robots-tag
noindex, nofollow
track-analytics
a.klaviyo.com/onsite/ Frame
0
0
Preflight
General
Full URL
https://a.klaviyo.com/onsite/track-analytics?company_id=LCPxjh
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:2bb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' login.bigcommerce.com *.mybigcommerce.com admin.shopify.com klaviyo.file.force.com klaviyo.lightning.force.com klaviyo.my.salesforce.com; base-uri 'none'; object-src 'none'; script-src 'report-sample' 'strict-dynamic' 'unsafe-eval' https://cdn.ampproject.org/; report-uri /csp/
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.heartloom.us
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
OPTIONS
access-control-allow-origin
*
access-control-max-age
86400
allow
POST, OPTIONS
cf-cache-status
DYNAMIC
cf-ray
86da26969d8e4bc6-BUF
content-encoding
gzip
content-language
en-us
content-security-policy
frame-ancestors 'self' login.bigcommerce.com *.mybigcommerce.com admin.shopify.com klaviyo.file.force.com klaviyo.lightning.force.com klaviyo.my.salesforce.com; base-uri 'none'; object-src 'none'; script-src 'report-sample' 'strict-dynamic' 'unsafe-eval' https://cdn.ampproject.org/; report-uri /csp/
content-type
text/html; charset=utf-8
date
Mon, 01 Apr 2024 17:03:07 GMT
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Language, Cookie, Accept-Encoding
x-content-type-options
nosniff
x-robots-tag
noindex, nofollow
track-analytics
a.klaviyo.com/onsite/
50 B
337 B
XHR
General
Full URL
https://a.klaviyo.com/onsite/track-analytics?company_id=LCPxjh
Requested by
Host: heartloom-com.myshopify.com
URL: https://heartloom-com.myshopify.com/cdn/shopifycloud/shopify/assets/shop_events_listener-61fa9e0a912c675e178777d2b27f6cbd482f8912a6b0aa31fa3515985a8cd626.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:2bb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf09db36a73dce64a30c34ad16fbc105bb5b3785c06cd871f6fbb3b8d8de7709
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'strict-dynamic' 'unsafe-eval' https://cdn.ampproject.org/; base-uri 'none'; object-src 'none'; frame-ancestors 'self' login.bigcommerce.com *.mybigcommerce.com admin.shopify.com klaviyo.file.force.com klaviyo.lightning.force.com klaviyo.my.salesforce.com; report-uri /csp/
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
application/json
accept
application/json
Referer
https://www.heartloom.us/
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-security-policy
script-src 'report-sample' 'strict-dynamic' 'unsafe-eval' https://cdn.ampproject.org/; base-uri 'none'; object-src 'none'; frame-ancestors 'self' login.bigcommerce.com *.mybigcommerce.com admin.shopify.com klaviyo.file.force.com klaviyo.lightning.force.com klaviyo.my.salesforce.com; report-uri /csp/
content-length
50
server
cloudflare
allow
POST, OPTIONS
vary
Accept-Language, Cookie, Accept-Encoding
content-language
en-us
access-control-allow-origin
*
access-control-allow-methods
POST
content-type
application/json
access-control-max-age
86400
access-control-allow-credentials
true
cf-ray
86da26970ddd4bc6-BUF
access-control-allow-headers
x-robots-tag
noindex, nofollow
track-analytics
a.klaviyo.com/onsite/
50 B
465 B
XHR
General
Full URL
https://a.klaviyo.com/onsite/track-analytics?company_id=LCPxjh
Requested by
Host: heartloom-com.myshopify.com
URL: https://heartloom-com.myshopify.com/cdn/shopifycloud/shopify/assets/shop_events_listener-61fa9e0a912c675e178777d2b27f6cbd482f8912a6b0aa31fa3515985a8cd626.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:2bb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf09db36a73dce64a30c34ad16fbc105bb5b3785c06cd871f6fbb3b8d8de7709
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'strict-dynamic' 'unsafe-eval' https://cdn.ampproject.org/; object-src 'none'; frame-ancestors 'self' login.bigcommerce.com *.mybigcommerce.com admin.shopify.com klaviyo.file.force.com klaviyo.lightning.force.com klaviyo.my.salesforce.com; base-uri 'none'; report-uri /csp/
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
application/json
accept
application/json
Referer
https://www.heartloom.us/
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-security-policy
script-src 'report-sample' 'strict-dynamic' 'unsafe-eval' https://cdn.ampproject.org/; object-src 'none'; frame-ancestors 'self' login.bigcommerce.com *.mybigcommerce.com admin.shopify.com klaviyo.file.force.com klaviyo.lightning.force.com klaviyo.my.salesforce.com; base-uri 'none'; report-uri /csp/
content-length
50
server
cloudflare
allow
POST, OPTIONS
vary
Accept-Language, Cookie, Accept-Encoding
content-language
en-us
access-control-allow-origin
*
access-control-allow-methods
POST
content-type
application/json
access-control-max-age
86400
access-control-allow-credentials
true
cf-ray
86da26971dde4bc6-BUF
access-control-allow-headers
x-robots-tag
noindex, nofollow
8812a69a-1eea-4e75-8a37-9807ef177755.png
d3k81ch9hvuctc.cloudfront.net/company/LCPxjh/images/
1 MB
1 MB
Image
General
Full URL
https://d3k81ch9hvuctc.cloudfront.net/company/LCPxjh/images/8812a69a-1eea-4e75-8a37-9807ef177755.png
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.161.213.124 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-161-213-124.yul62.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
25e91bfd4349d3dfef66494d436706632a52bd853bc99a7a382840f80cc377e8

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
null
Date
Mon, 01 Apr 2024 17:03:08 GMT
Via
1.1 f0d805e341a04f5774e9d3de6f38e1e8.cloudfront.net (CloudFront)
Last-Modified
Tue, 07 Apr 2020 15:15:41 GMT
Server
AmazonS3
X-Amz-Cf-Pop
YUL62-P1
ETag
"a3407bd16e4de00cac20fe8a803220f8"
X-Cache
RefreshHit from cloudfront
Content-Type
image/png
Cache-Control
public, max-age=60
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1512725
X-Amz-Cf-Id
dwPZXS-yRhHk_VGhlgoKlzyj-iVurv8NpL77Z8Xy3Da9Sfu1QG0_9Q==
2f046979-bb10-42bd-8e79-41c75da30943.jpeg
d3k81ch9hvuctc.cloudfront.net/company/LCPxjh/images/
60 KB
60 KB
Image
General
Full URL
https://d3k81ch9hvuctc.cloudfront.net/company/LCPxjh/images/2f046979-bb10-42bd-8e79-41c75da30943.jpeg
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.161.213.124 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-161-213-124.yul62.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
04151a6695d2dc6a092689c79f0995e5b0d5275bd7e9c60fd50f47105442ec66

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Mon, 01 Apr 2024 17:03:08 GMT
x-amz-version-id
tPIZUSMB7OBUivTxGmhzaUkS_ziRNDdc
Via
1.1 4abd8708c8464a6586e6829348c23522.cloudfront.net (CloudFront)
Last-Modified
Fri, 13 Aug 2021 14:37:06 GMT
Server
AmazonS3
X-Amz-Cf-Pop
YUL62-P1
ETag
"5bfba86eb1ac13d958ecd59ebf9ad64a"
X-Cache
Miss from cloudfront
Content-Type
image/jpeg
Cache-Control
public,%20max-age=60
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
61125
X-Amz-Cf-Id
Zk-ohIXXY5rCo1Nrwk5Qseu26up5GAVqGp845NWG_zLA1UPIkkTOrA==
8c5e2cd2-b6cc-449d-b94f-717157c1de78.jpeg
d3k81ch9hvuctc.cloudfront.net/company/LCPxjh/images/
471 KB
472 KB
Image
General
Full URL
https://d3k81ch9hvuctc.cloudfront.net/company/LCPxjh/images/8c5e2cd2-b6cc-449d-b94f-717157c1de78.jpeg
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.161.213.124 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-161-213-124.yul62.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
45eb4caf53421ff9aac4d3d7047699d3eaab96d4470680800c243c743c0d86b7

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Mon, 01 Apr 2024 17:03:08 GMT
x-amz-version-id
jdTannaH4RjwfNU2QzmcNoFzTXRj3wmI
Via
1.1 f084ab450a6c71ebe23f8602cefd27ae.cloudfront.net (CloudFront)
Last-Modified
Fri, 08 Mar 2024 18:01:04 GMT
Server
AmazonS3
X-Amz-Cf-Pop
YUL62-P1
ETag
"40543fe0da5d8fe7f74256015bf271cf"
x-amz-server-side-encryption
AES256
X-Cache
Miss from cloudfront
Content-Type
image/jpeg
Cache-Control
public,max-age=2592000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
482411
X-Amz-Cf-Id
x-ZtmMLEZ-DpSAp9L-6i_ul7UALkN019SnMyxbwdZVpDpzQBTmofEg==
AvenirLTStd-Book.woff
cdn.shopify.com/s/files/1/0239/6631/files/
15 KB
15 KB
Font
General
Full URL
https://cdn.shopify.com/s/files/1/0239/6631/files/AvenirLTStd-Book.woff?v=1655917788
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.60.200 , Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
cdn.shopify.com
Software
cloudflare /
Resource Hash
7dcaf8db84cd74691d7f72463fa048aa0082152b1d84b6360ab4df22ab2ddce7
Security Headers
Name Value
Content-Security-Policy sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.heartloom.us/
Origin
https://www.heartloom.us
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 01 Apr 2024 17:03:07 GMT
content-security-policy
sandbox allow-scripts allow-forms allow-modals allow-popups allow-downloads allow-top-navigation-by-user-activation
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains; preload
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-dc
gcp-us-east1,gcp-us-east1
server-timing
imagery;dur=154.568, imageryFetch;dur=68.922, imageryProcess;dur=85.316;desc="font", cfRequestDuration;dur=47.000170
alt-svc
h3=":443"; ma=86400
content-length
14948
x-xss-protection
1; mode=block
x-request-id
9e4f68cf-673b-4733-ae34-8a774ebeba03-1709781824
last-modified
Thu, 07 Mar 2024 03:23:44 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=epfBegnhQfcXtKLYO%2BubkQhd1qpHQMc6MXZvgDrNtFA4nm4Yg7j8yImMkzxpVKmaJVLJX3G6%2BJARB2CcX2C4uz1%2BQBnQWeXvoetJtz2asuenqRI9kwaUXqTX1FDZzHomSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31557600
accept-ranges
bytes
timing-allow-origin
*
link
<https://cdn.shopify.com/s/files/1/0239/6631/files/AvenirLTStd-Book.woff>; rel="canonical"
cf-ray
86da2696cc664bcd-BUF

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
cdn.xotiny.com
URL
https://cdn.xotiny.com/assets/shop/Heartloom.us/gallery/main.min.css?v=1710528898805
Domain
heartloom-com.myshopify.com
URL
https://heartloom-com.myshopify.com/cdn/shop/files/11_045_Heartloom%20Official%20Website_09268_242dj9w_marisa_dress_F_edi_762b2f50-4205-427d-b951-a95e0704db9b.jpg?v=1710515810
Domain
heartloom-com.myshopify.com
URL
https://heartloom-com.myshopify.com/cdn/shop/files/03_233_Heartloom%20Official%20Website_09178_242d16v_willow_dress_H_edi_a0e959da-c3f2-42e7-afff-e1aded0ba6ee.jpg?v=1710515680

Verdicts & Comments Add Verdict or Comment

90 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| onpagereveal function| gtag object| dataLayer object| google_tag_manager object| google_tag_data function| _extends function| _typeof function| _instanceof function| _classCallCheck function| _defineProperties function| _createClass function| LazyLoad boolean| CIG_LOADED object| cozyCache object| Shopify object| ShopifyPay object| __st boolean| ShopifyPaypalV4VisibilityTracking object| Theme function| fbq function| _fbq object| loyaltylion object| lion object| _klOnsite object| klaviyo boolean| klaviyoReviewsProductDesignMode object| _gaq object| meta string| attr object| ShopifyAnalytics object| trekkie object| BOOMR object| _gat object| gaGlobal object| headerJSON object| FoursixtyEmbed number| _zid function| $ function| jQuery object| __twttrf object| twitterFetcher function| Spinner string| magisto_server function| swymCallbackFn object| SwymCallbacks object| _learnq string| __klKey object| webpackChunk_loyaltylion_tonks object| webpackChunk_klaviyo_onsite_modules object| core object| SENTRY_RELEASE object| tidioChatApi function| get_real_link object| __SKIM_JS_GLOBAL__ object| skimlinksAPI function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill function| presentAfterpay object| evImgs number| xoUpdate boolean| xoMultiLang string| xoDfLang string| xogMoneyFormat object| Cozy function| floatToString function| attributeToString object| yotpoWidgetsContainer object| Yotpo object| webPixelsManager number| BOOMR_onload number| visuallyReady object| currentAfterpayAttractWidget function| afterpayAttractWidget object| AfterpayAttractWidget boolean| routeInterceptedXHR boolean| routeInterceptedFetch boolean| routeInterceptedRecalculate boolean| routeSkipInterceptation boolean| routeWidgetInitialized boolean| routeIdSentToCartAttributes boolean| routeInterceptedCheckoutHooks boolean| routeWidgetOptimisticLock object| fullPageZoom3 function| incubateJquery object| Grin

26 Cookies

Domain/Path Name / Value
heartloom.us/ Name: PHPSESSID
Value: 61kgugjbl1rllkj0fj4grun075
www.heartloom.us/ Name: PHPSESSID
Value: u0vr50micn9ps8u2o96k980s4b
www.heartloom.us/ Name: path
Value: %2F
www.heartloom.us/ Name: SameSite
Value: Lax
www.heartloom.us/ Name: localization
Value: US
www.heartloom.us/ Name: cart_currency
Value: USD
www.heartloom.us/ Name: _cmp_a
Value: %257B%2522purposes%2522%253A%257B%2522a%2522%253Atrue%252C%2522p%2522%253Atrue%252C%2522m%2522%253Atrue%252C%2522t%2522%253Atrue%257D%252C%2522display_banner%2522%253Afalse%252C%2522sale_of_data_region%2522%253Afalse%257D
www.heartloom.us/ Name: domain
Value: heartloom.com
www.heartloom.us/ Name: _tracking_consent
Value: %257B%2522reg%2522%253A%2522CCPA%2522%252C%2522region%2522%253A%2522USVA%2522%252C%2522con%2522%253A%257B%2522CMP%2522%253A%257B%2522m%2522%253A%2522%2522%252C%2522a%2522%253A%2522%2522%252C%2522p%2522%253A%2522%2522%252C%2522s%2522%253A%2522%2522%257D%257D%252C%2522v%2522%253A%25222.1%2522%257D
www.heartloom.us/ Name: Domain
Value: heartloom.com
www.heartloom.us/ Name: Path
Value: %2F
www.heartloom.us/ Name: _shopify_y
Value: f2ee448b-6eff-4b5e-aae1-3d06d8a50a80
www.heartloom.us/ Name: _shopify_s
Value: ca977f15-98af-4e97-bdb0-e6b335d17f10
www.heartloom.us/ Name: _orig_referrer
Value: https%253A%252F%252Fwww.heartloom.com
www.heartloom.us/ Name: _landing_page
Value: %252F
www.heartloom.us/ Name: __utma
Value: 1.32622710.1711990982.1711990982.1711990982.1
www.heartloom.us/ Name: __utmc
Value: 1
www.heartloom.us/ Name: __utmz
Value: 1.1711990982.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
www.heartloom.us/ Name: __utmt
Value: 1
www.heartloom.us/ Name: __utmb
Value: 1.1.10.1711990982
.heartloom.us/ Name: _fbp
Value: fb.1.1711990982263.417467486
www.heartloom.us/ Name: shopify_pay_redirect
Value: pending
www.heartloom.us/ Name: keep_alive
Value: 5b187e3d-cb02-461e-9039-3c945f6246d0
www.heartloom.us/ Name: __kla_id
Value: eyJjaWQiOiJPV0ZpTUdFd01UVXROMlEwTXkwME9UZG1MV0ZpT0RJdE5qZ3lOREUyTWpCa00ySXoiLCIkcmVmZXJyZXIiOnsidHMiOjE3MTE5OTA5ODQsInZhbHVlIjoiIiwiZmlyc3RfcGFnZSI6Imh0dHBzOi8vd3d3LmhlYXJ0bG9vbS51cy8ifSwiJGxhc3RfcmVmZXJyZXIiOnsidHMiOjE3MTE5OTA5ODQsInZhbHVlIjoiIiwiZmlyc3RfcGFnZSI6Imh0dHBzOi8vd3d3LmhlYXJ0bG9vbS51cy8ifX0=
www.heartloom.us/ Name: expires
Value: Mon%2C%2015%20Apr%202024%2017%3A03%3A04%20GMT
www.heartloom.us/ Name: Expires
Value: Mon%2C%2001-Apr-24%2017%3A33%3A04%20GMT

9 Console Messages

Source Level URL
Text
other warning URL: https://heartloom-com.myshopify.com/cdn/shop/t/40/assets/atlantic.js?v=9202be5cf395bef2c061c135f811b3e6(Line 46)
Message:
Failed parsing 'srcset' attribute value since it has an unknown descriptor.
other warning URL: https://heartloom-com.myshopify.com/cdn/shop/t/40/assets/atlantic.js?v=9202be5cf395bef2c061c135f811b3e6(Line 46)
Message:
Dropped srcset candidate "//heartloom-com.myshopify.com/cdn/shop/files/11_045_Heartloom"
other warning URL: https://heartloom-com.myshopify.com/cdn/shop/t/40/assets/atlantic.js?v=9202be5cf395bef2c061c135f811b3e6(Line 46)
Message:
Failed parsing 'srcset' attribute value since it has an unknown descriptor.
other warning URL: https://heartloom-com.myshopify.com/cdn/shop/t/40/assets/atlantic.js?v=9202be5cf395bef2c061c135f811b3e6(Line 46)
Message:
Dropped srcset candidate "//heartloom-com.myshopify.com/cdn/shop/files/03_233_Heartloom"
other warning URL: https://connect.facebook.net/signals/config/747724335749985?v=2.9.151&r=stable&domain=www.heartloom.us&hme=8ce74e881727851b4427183947937854816d72704925561b9de6420cd43214ee&ex_m=66%2C111%2C98%2C102%2C57%2C3%2C92%2C65%2C15%2C90%2C83%2C48%2C50%2C157%2C160%2C171%2C167%2C168%2C170%2C28%2C93%2C49%2C72%2C169%2C152%2C155%2C164%2C165%2C172%2C120%2C14%2C47%2C176%2C175%2C122%2C17%2C32%2C36%2C1%2C40%2C61%2C62%2C63%2C67%2C87%2C16%2C13%2C89%2C86%2C85%2C99%2C101%2C35%2C100%2C29%2C25%2C153%2C156%2C129%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C53%2C58%2C60%2C70%2C94%2C26%2C71%2C8%2C7%2C75%2C45%2C20%2C96%2C95%2C9%2C19%2C18%2C77%2C82%2C44%2C43%2C81%2C37%2C39%2C80%2C52%2C78%2C31%2C41%2C34%2C69%2C0%2C88%2C4%2C84%2C76%2C79%2C2%2C33%2C59%2C38%2C97%2C42%2C74%2C64%2C103%2C56%2C55%2C30%2C91%2C54%2C51%2C46%2C73%2C68%2C23%2C104(Line 97)
Message:
Unrecognized feature: 'attribution-reporting'.
javascript error URL: https://www.heartloom.us/cdn/shopifycloud/consent-tracking-api/v0.1/consent-tracking-api.js
Message:
Failed to load module script: Expected a JavaScript module script but the server responded with a MIME type of "text/html". Strict MIME type checking is enforced for module scripts per HTML spec.
network error URL: https://str.rise-ai.com/?shop=Heartloom.us.myshopify.com
Message:
Failed to load resource: the server responded with a status of 500 ()
network error URL: https://strn.rise-ai.com/?shop=Heartloom.us.myshopify.com
Message:
Failed to load resource: the server responded with a status of 500 ()
javascript warning URL: about:blank
Message:
The resource https://widget-v4.tidiochat.com/fonts/mulish_SGhgqk3wotYKNnBQ.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.klaviyo.com
cdn-widgetsrepository.yotpo.com
cdn.shopify.com
cdn.xotiny.com
code.tidio.co
connect.facebook.net
cozygallery.addons.business
d38xvr37kwwhcm.cloudfront.net
d3k81ch9hvuctc.cloudfront.net
fast.a.klaviyo.com
fonts.googleapis.com
foursixty.com
full-page-zoom.product-image-zoom.com
geolocation-recommendations.shopifyapps.com
heartloom-com.myshopify.com
heartloom.us
p.skimresources.com
r.skimresources.com
s.skimresources.com
sdk.loyaltylion.net
shop.app
shopify-widget.route.com
static-forms.klaviyo.com
static-tracking.klaviyo.com
static-us.afterpay.com
static.klaviyo.com
stats.g.doubleclick.net
str.rise-ai.com
strn.rise-ai.com
t.skimresources.com
widget-v4.tidiochat.com
www.cloudflare.com
www.facebook.com
www.googletagmanager.com
www.heartloom.com
www.heartloom.us
cdn.xotiny.com
heartloom-com.myshopify.com
104.16.123.96
104.26.8.183
151.101.130.133
151.101.130.202
151.101.194.133
157.230.5.204
172.67.208.248
172.67.223.1
185.146.173.20
23.227.38.74
23.227.60.200
2600:1408:9000:7a0::1d72
2600:9000:21a2:e800:18:94b4:d1c0:93a1
2600:9000:269f:3800:16:77a1:11c0:93a1
2600:9000:26a0:4000:15:decf:f580:21
2606:4700:10::6816:2cbd
2606:4700:10::ac43:18ba
2606:4700:20::681a:88b
2606:4700:3035::ac43:d0f8
2606:4700::6812:2bb
2607:f8b0:4004:c06::5f
2607:f8b0:4004:c19::61
2607:f8b0:4004:c19::9c
2620:127:f00f:e::
2a03:2880:f003:100:face:b00c:0:3
2a03:2880:f103:181:face:b00c:0:25de
3.161.213.124
3.162.3.82
35.190.59.101
35.190.91.160
35.201.67.47
50.116.10.10
03ce23d4612c2232456abed4cf9ab8248f78d9a6f8d7737af868e3ab9daeeb5e
04151a6695d2dc6a092689c79f0995e5b0d5275bd7e9c60fd50f47105442ec66
047e3259b6f0b42d781532fa122b2d8de9aed187d766fd45efcf119450eeb4c4
0632b6e1331dae7fa54bce9e3670e372bcb26662ea48e8977d9b46beecac90b3
06fb1b30d6507f8270fb4c8af35342c42e1f2ad96ff27367476c44e1ae5ee3fe
07c386c100e2cfe0e5056d0e07ca939863e09cc132596e8f021631ef7aa0e1d6
0eb003cfda97f0e075fe3cd63918ef76ece725ead2f7bae5aa28dc871b1e5bd5
0efe7788691893e5c5076c492b49d8adcd238f096ebf47e3cce2bb040213e3ad
12c7687514ca85ba2157ed61914ac526bb9dd15cb5a2a2d9e4d88f919349284f
16c6ee167da6dcccbc1f9f3905254d50ada6468d878d567107e8a4976830b5e7
18846b6ef4c09cd1e9103b7f02c8c3dbdc0dd055053a49345e669505174cd5f2
1af2d8276db028d2211aea121ed23d6bacbfeea8a4b525bc61614f35050cab76
1b2382f390d3e507bd2f09a4539192407a5e854a80ac3278fefcb29ba81b9048
1ba49e8383e2329fe4f6e2a33172420fefd5bee26ce915cef9315f5b09c54cf8
1c0b396bd4d054b94abae1eb6a1bd6ba47beb35525c57a217c77a862ff06d83f
25e91bfd4349d3dfef66494d436706632a52bd853bc99a7a382840f80cc377e8
2a005a5efa483fb32863633beedaaa1c3e41325fb405d642bb2b471a4d3f68b6
2b94731d440087668033de043ac96ec34fca2186bb8c5acf1196106df93b1be4
3135174a6ef944fc6d05d72278b6c2b2efed9b650c00b28a4ddbc674418ceafc
3212465f3ca80d2cd2058c1e26f2ed4a1c1777aa02528f06f7a93fea936789b6
3273996622afec9de3fde1cdde7686ad7e8a0c67b0073df16e84c8e099d6d898
3306f65a2e14b828de17e6ed0119cba80ae77c55d6b7850d10aff753c0faddaf
33c87f4c78ed5f6f37d7d52dd6168eee200579bbfc3a292e573847f74eee67f7
381b37762970831071baa2916dcb4008f0039de83e6db97e20085b3c61daff54
39e839dcf185402ff417b9fb0116d05a03fa22603f86d5f1b18b820d0f7dac17
3c56dcfe3c59504834a78fcf9827646d79d5b3fb11318d1ed70fa1ecbcc85240
3d4f19e27ee9a32aa646c33e89666ff5b295cfd9d96cb4a983edb4ae3c011dbd
4370a53666b645f488a469001b6846eba9ce7f4285595854f5e5847e7ded637f
45eb4caf53421ff9aac4d3d7047699d3eaab96d4470680800c243c743c0d86b7
46bf2d75a804c668983b5ace7260096ea60eb954cf6f81af8b5407544ca0e074
4b04b47fabc5e6adaaa18f3805cb4c43399cbd4aa95484fb5c1441a8dfbf6e01
4e0b5352b340f4167dcf1512023ea86fea12a9a1224b21a29f8aff5468cfc7b0
51e4ac4d06a938bd13eee8c404bc41e123167ecc95388321176b6ffd37c77b5d
577db921a554af3596942d3c48b5c91feaac8c767e183d518a8de8de86e5c7d8
5cb995a2bd1d47e0b1623e6668cccee91977b113aa481bb7518942aff02bb57c
5e2bd0b04ec54791db1404e0ea8de0a128eae0ff9e4ee7445bd1c36042fb2174
6181cd98fe270c2826d416574446841f86778bc45a0ab0bdd0c667b4e70fd6e8
61fa9e0a912c675e178777d2b27f6cbd482f8912a6b0aa31fa3515985a8cd626
62d881d47f3c1043edd73da0ddf1e4c605a8d31aa9f46e50bd2efbd95a7bd7d1
70520fbe73005adb01fa3727abaeea916eaacbb59039ca6c6d8db02a939ba09a
7570cd8f44031f13f92a393607bab34cedde1d42d3513dfeb8c1e9c693390f0b
77672f1be3db5e04a2d00a5f0729d7dc1ffb9b4562b3465dfae4dcb9caf36974
7843ff1e8eedf4a35abba44e3ac8b8194b0e0564c82bc4f454a50b88a6b05674
7dcaf8db84cd74691d7f72463fa048aa0082152b1d84b6360ab4df22ab2ddce7
82d95166489d2a35ba899e41d152e0f83d166f6c2ec532ae20bdf63ce777c27c
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
853a0c138c979a06c8247f6dc0a1ddf2b161d4641135f677d1fdf9d63564f5a4
8576a8df9dda73acda35a1029ba73984c9cbb81bd34e1f1508ed4492c54c9504
8653c5e322bc43c3579906cbbf8f28b8bf32768250299964510bbabc18ac803e
8845773549841757fe5a3f9b68640bbd1e9c9c223ad82a7af1ec81c5f5d8944b
8abbf914086c67f92d961eea336d01f054f3e50c41eff33df1917a70c13a0962
8cc2354045c3c945d3f6a8ffcd538cf3b90185f5e9ecc97fcea6b46adc297227
8f7fd6fca039038246ba6e6919f5a31e3cb5b2f9d0c4263bffbd9ede2c292eb4
91a00daaf7946b0621ca8d03cf68f6950a6825c9ab9ba3a4b6aad129a610ebb3
935fc3bfd905f426f7043ab48d1dae7f931ee270fa874f970f19f72f10f2b863
9b5179ea2a77fe69b294fbd2ed504eacbfbe048ede58967b43af2ca537144b1f
9b5de900c3925f45e9d04e9d476f8e9aa5e0e050c457a81fc02c3fb2b58e9cd3
9bb941c9b7a4f9de59a527a2327594a06875855bd7586a54b3b2eac8611ffa3a
9f951eb7d8d53973c719de211f807d63af81c644e5b9a6ae72661ac408d472f6
a24b456d7e02dcad9b2fd77b90dbeab996ecfe0a1bfaab59c12d478893d830b1
a2d444786d996da5634fbbaeeffe6104ee672440dfa6cdcaebfb27dceaaf9c0f
aa03b89682a1f628e945d75327d8d602161b73c35d7159a34e6b2d01af15e4ca
acbb80fb8d967121130a1faf91ed3465632af545c50c7bcdee5b92eb304295f5
b0af070cfe3f5cf7c92f9e2a5da2665ee07ed2aad63bb408f8d6672f894a5996
b192888daacbe9f989be92a65ee554906a2d2164af88de998029c4ba6151ecbf
b5612f69b7e9bc926acd5b28953653996ec75e6de73fdb110f3598c28754a610
b8cd90329cd1c01ece6d7198416368323c1c7fb2a8a4abb412415369e844b30a
b8dc428785cf4b6552754379b1e3d10e1741e11c19518c53834c3fd69688d6f1
ba8c622a526c1aa0abd49942dd4c0f3bee0ce24d7817363f8054eb5e6291b4fc
bb8d8f1ac92076838afbc5d039b1f60ad83c1dcb38911112059afeae7dc4583d
c33ac6bac0d25dcb6f29eca048dfb3fcc7e0e50ef3df9aecb3f5375f7b1300b9
c343c1ab10c23d9c66c7a1ba5ffe25e9649c3c798c352a238e855549692bc28f
c3d094c88acfa1297f6fa9e415cb35c9cff58689a9b37ed4be3ad05673a15773
c700fb7899afe827a2f9b570df5b22ec50eb5142f1ae8ee34e8fa698814beaf7
cdf0ab28d0c95fcc230f5e5a17f1745b90c014c1de11e19ef4b50c9ad1322295
cf09db36a73dce64a30c34ad16fbc105bb5b3785c06cd871f6fbb3b8d8de7709
d0cdc10b35992ab861de9750f38a038f1183f24fbcf0bb0a5138a5b841035c9a
d32eb598d06797c30eb0ab0f472c07bb6798f03654f4829a964a70d5c4dec9da
d4600958388d125d2aedc233fcc9959f8575973da61f05550fb1807d00cadae4
d6d57310f272af7d4a55f5def437419867ea9f1a8b439e849d566fdc13bc7570
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dde0e5dcc0037e98076e82c445a8b524779b1e860625996f478c0463aafa6fe2
e1e4cd57a78ac3172222361815de957bff32eb2d4db4c51f3148daafc022955f
e3b0416e0fbd3ac62ffb662565d7148a2e22512819a9f00b24bb7c7080c8dd73
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e88f5a0e5bb978d89b3fea2db2119b625ab87d404701f3cfa87cce9ec817d168
eb4aed858662d5ac05bb83a35a790113f89a2187f414d300fc3349c18985ca5f
ec468b50abcf417882375e005572494b30d22e883f7eb3c2a59510da6328670d
f0d33d03f394141d2412eb25a303937df18f4755e96a13e7f060476bcf8a28c1
f4b3a3ea7bee850d3e9af1b3c0384248858c315ab5edd49db42dee76ac6e32e0
f5478093cbd10c6f050a10a8b06ea68f587a3b237718cd1a1b1f9b8b37ccff4a
fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf