CloudFlare

HTTP/1.1 403 Forbidden
Date: Fri, 27 Sep 2024 09:31:50 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 5893
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8c9a7baa38b52af1-LAX

BMR: Centre de rénovation, Quincaillerie et Matériaux | BMR

HTTP/1.1 200 OK
Date: Thu, 03 Oct 2024 10:31:16 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
vary: Accept-Encoding
set-cookie: PHPSESSID=ah9tgdo1blfmnt92lnv011u6ed; expires=Thu, 10-Oct-2024 10:31:00 GMT; Max-Age=604800; path=/; domain=www.bmr.ca; secure; HttpOnly; SameSite=Lax
set-cookie: groupbmr_gtm_customerPersonalStore=%7B%22storeNumber%22%3A%22269%22%2C%22storeName%22%3A%22Centre%20de%20R%5Cu00e9novation%20G.%20Doyon%20%28Bromont%29%22%2C%22storeZone%22%3A%22Estrie%22%2C%22storeType%22%3A%22independent%22%2C%22ispuEnabled%22%3A%221%22%7D; expires=Fri, 03-Oct-2025 10:31:00 GMT; Max-Age=31536000; path=/; domain=.www.bmr.ca; SameSite=Lax
set-cookie: X-Magento-Vary=fd167ca59742b07c596df5638d609dd27c262b37afe59e3d80b6fccd29d9e1bc; expires=Thu, 10-Oct-2024 10:31:00 GMT; Max-Age=604800; path=/; secure; HttpOnly; SameSite=Lax
report-to: {"group":"report-endpoint","max_age":10886400,"endpoints":[{"url":"\/csp-report.php"}]}
content-security-policy-report-only: font-src fonts.gstatic.com data: *.hotjar.com *.hotjar.io *.cloudfront.net data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.punchout2go.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.googletagmanager.com esqa.moneris.com www3.moneris.com *.dotdigital-pages.com *.dotdigital.com *.punchout2go.com data: e.bmr.co *.fls.doubleclick.net *.cloudfront.net *.hotjar.com *.hotjar.io insight.adsrvr.org www.facebook.net www.facebook.com *.google.ca *.moneris.com *.issuu.com notifications.wisepops.com wisepops.net *.addtoany.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.googleapis.com *.gstatic.com *.google.com *.googleusercontent.com *.trackedlink.net 'self' blob: data: www.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net  *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com maps.gstatic.com maps.googleapis.com www.bmr.ca *.hotjar.com *.hotjar.io *.cloudfront.net insight.adsrvr.org www.facebook.net www.facebook.com *.paypalobjects.com adserve.atedra.com cdn.wisepops.com tracking.wisepops.com dx4nr741tfc02.cloudfront.net wisp-production-storage.s3.amazonaws.com cdn.wisepops.net cdn.cookielaw.org *.flippenterprise.net *.wishabi.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com *.google.com *.ggpht.com *.googleusercontent.com *.googletagmanager.com esqa.moneris.com www3.moneris.com polyfill.io *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal *.punchout2go.com data: e.bmr.co js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net *.g.doubleclick.net ssl.google-analytics.com www.google.com maps.googleapis.com s.yimg.com *.hotjar.com *.hotjar.io *.cloudfront.net r2-t.trackedlink.net connect.facebook.net connect.facebook.com www.gstatic.com z.moatads.com cdn.wisepops.com loader.wisepops.com app.getwisp.co wisepops.net cdn.wisepops.net plausible.io cdn.cookielaw.org *.addtoany.com *.wishabi.com *.flippenterprise.net *.flipp.com *.flippback.com 'self' blob: https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.punchout2go.com www.gstatic.com *.hotjar.com *.hotjar.io *.cloudfront.net cdn.cookielaw.org *.flippenterprise.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.gstatic.com *.google.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io insights.algolia.io *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com bam.nr-data.net bam-cell.nr-data.net *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.hotjar.com *.hotjar.io s.yimg.com maps.googleapis.com www.facebook.com ct.pinterest.com activity.wisepops.com popup.wisepops.com tracking.wisepops.com app.getwisp.co wisepops.net plausible.io cdn.cookielaw.org *.flippenterprise.net *.flippback.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /csp-report.php; report-to report-endpoint;
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-magento-cache-debug: MISS
pragma: no-cache
expires: -1
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 8ccc42f3282167af-SJC

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:7d:c3:be:11:33:4d:e9:0d:d4:59:df:59:17:0d:29
        Signature Algorithm: ecdsa-with-SHA256
        Issuer: C=US, O=Google Trust Services, CN=WE1
        Validity
            Not Before: Aug 13 00:23:12 2024 GMT
            Not After : Nov 11 00:23:11 2024 GMT
        Subject: CN=bmr.ca
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:60:25:25:4f:26:80:4d:04:fc:05:7a:bc:3a:62:
                    2c:9f:0e:f6:b0:79:a2:86:39:17:58:a5:28:43:6f:
                    ec:14:5c:17:b3:66:b1:c3:0b:2a:9e:8c:49:84:3e:
                    d3:6a:b3:78:01:8d:2a:c0:7e:63:4b:b7:79:66:b6:
                    d3:73:db:4b:5b
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                E6:9A:1A:DD:30:65:77:9D:DC:58:2B:A7:60:D3:7E:C0:DA:34:D5:CF
            X509v3 Authority Key Identifier: 
                90:77:92:35:67:C4:FF:A8:CC:A9:E6:7B:D9:80:79:7B:CC:93:F9:38
            Authority Information Access: 
                OCSP - URI:http://o.pki.goog/s/we1/Kn0
                CA Issuers - URI:http://i.pki.goog/we1.crt
            X509v3 Subject Alternative Name: 
                DNS:bmr.ca, DNS:*.bmr.ca
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
            X509v3 CRL Distribution Points: 
                Full Name:
                  URI:http://c.pki.goog/we1/dpcZcgUNPbE.crl
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : EE:CD:D0:64:D5:DB:1A:CE:C5:5C:B7:9D:B4:CD:13:A2:
                                32:87:46:7C:BC:EC:DE:C3:51:48:59:46:71:1F:B5:9B
                    Timestamp : Aug 13 01:23:13.553 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:B7:DA:8C:08:90:6B:09:4C:C0:5C:6C:
                                A9:40:BC:D0:BF:BB:21:53:A7:15:95:8A:02:C2:16:2E:
                                9E:61:88:AF:40:02:21:00:EE:F8:E5:C8:1A:57:74:B1:
                                20:A1:3C:F5:A0:51:ED:2B:FA:6C:43:73:F1:D6:9C:E2:
                                8B:84:5B:A5:40:4B:B1:96
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : DA:B6:BF:6B:3F:B5:B6:22:9F:9B:C2:BB:5C:6B:E8:70:
                                91:71:6C:BB:51:84:85:34:BD:A4:3D:30:48:D7:FB:AB
                    Timestamp : Aug 13 01:23:13.614 2024 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:68:35:CB:22:50:F6:0D:AB:9E:F1:9D:98:
                                8E:E2:E9:28:5F:ED:45:87:AA:D1:97:B2:FF:61:2C:56:
                                75:EC:5D:0C:02:21:00:D2:61:65:97:56:80:6C:7B:22:
                                4A:C9:BC:62:ED:09:6F:C7:0B:2F:85:74:A9:07:4F:B8:
                                66:57:97:FF:5D:84:B4
    Signature Algorithm: ecdsa-with-SHA256
    Signature Value:
        30:45:02:20:10:c0:9b:7b:70:0b:d9:2d:01:0f:05:11:55:25:
        8c:a3:d5:9a:14:28:bb:13:57:59:9d:de:1f:25:fa:83:36:03:
        02:21:00:86:a7:7b:73:cc:8d:f1:57:3d:6c:ef:5b:80:7a:45:
        56:e2:23:1f:2c:ec:ab:13:d3:b2:c0:d7:92:11:3f:10:3f

HTTP/1.1 400 Bad Request
Server: cloudflare
Date: Sun, 15 Sep 2024 12:14:18 GMT
Content-Type: text/html
Content-Length: 655
Connection: close
CF-RAY: -

HTTP/1.1 403 Forbidden
Date: Sat, 21 Sep 2024 10:05:30 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 5893
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8c693cb6bd4f2b77-LAX

HTTP/1.1 400 Bad Request
Server: cloudflare
Date: Tue, 17 Sep 2024 09:02:11 GMT
Content-Type: text/html
Content-Length: 655
Connection: close
CF-RAY: -

HTTP/1.1 403 Forbidden
Date: Sun, 22 Sep 2024 03:48:04 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 5895
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8c6f51377ec8670f-AMS

HTTP/1.1 400 Bad Request
Server: cloudflare
Date: Wed, 02 Oct 2024 15:57:31 GMT
Content-Type: text/html
Content-Length: 155
Connection: close
CF-RAY: -

<html>
<head><title>400 Bad Request</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<hr><center>cloudflare</center>
</body>
</html>

CloudFlare

HTTP/1.1 403 Forbidden
Date: Tue, 24 Sep 2024 19:12:03 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 5892
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 8c851573188cd5a3-AMS

CloudFlare

HTTP/1.1 400 Bad Request
Server: cloudflare
Date: Mon, 23 Sep 2024 07:44:17 GMT
Content-Type: text/html
Content-Length: 655
Connection: close
CF-RAY: -

HTTP/1.1 403 Forbidden
Date: Tue, 01 Oct 2024 08:42:10 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 16
Connection: close
X-Frame-Options: SAMEORIGIN
Referrer-Policy: same-origin
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Server: cloudflare
CF-RAY: 8cbb28665c0a1003-LAX

error code: 1003