Submitted URL: http://it.lush.com/
Effective URL: https://www.lush.com/it/it
Submission: On November 08 via api from US — Scanned from DE

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 41 HTTP transactions. The main IP is 2606:4700::6812:dd71, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.lush.com. The Cisco Umbrella rank of the primary domain is 266949.
TLS certificate: Issued by WE1 on October 15th 2024. Valid for: 3 months.
This is the only time www.lush.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 30 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a02:26f0:350... 20940 (AKAMAI-ASN1)
11 34.120.195.249 396982 (GOOGLE-CL...)
41 4
Apex Domain
Subdomains
Transfer
30 lush.com
it.lush.com
www.lush.com — Cisco Umbrella Rank: 266949
2 MB
11 sentry.io
o791023.ingest.sentry.io — Cisco Umbrella Rank: 417617
1 KB
1 cloudinary.com
res.cloudinary.com — Cisco Umbrella Rank: 2653
623 B
41 3
Domain Requested by
29 www.lush.com www.lush.com
11 o791023.ingest.sentry.io www.lush.com
1 res.cloudinary.com www.lush.com
1 it.lush.com 1 redirects
41 4

This site contains links to these domains. Also see Links.

Domain
forms.lush.com
weare.lush.com
ec.europa.eu
drive.google.com
areariservata.mygovernance.it
Subject Issuer Validity Valid
lush.com
WE1
2024-10-15 -
2025-01-14
3 months crt.sh
*.cloudinary.com
Go Daddy Secure Certificate Authority - G2
2023-12-18 -
2025-01-13
a year crt.sh
ingest.sentry.io
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-10-03 -
2025-07-29
10 months crt.sh

This page contains 1 frames:

Primary Page: https://www.lush.com/it/it
Frame ID: 8EC881F051F3C7E7732EF0171CC9785E
Requests: 44 HTTP requests in this frame

Screenshot

Page Title

LUSH Fresh Handmade Cosmetics | Vegetariani & Cruelty Free | LUSH

Page URL History Show full URLs

  1. http://it.lush.com/ HTTP 307
    https://it.lush.com/ HTTP 301
    https://www.lush.com/it/it Page URL

Detected technologies

Overall confidence: 80%
Detected patterns
  • <img[^>]+\.cloudinary\.com

Page Statistics

41
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

4
Subdomains

4
IPs

2
Countries

1666 kB
Transfer

4025 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://it.lush.com/ HTTP 307
    https://it.lush.com/ HTTP 301
    https://www.lush.com/it/it Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

41 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request it
www.lush.com/it/
Redirect Chain
  • http://it.lush.com/
  • https://it.lush.com/
  • https://www.lush.com/it/it
533 KB
95 KB
Document
General
Full URL
https://www.lush.com/it/it
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:dd71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
324cebb4440e0bf53418f0b8d7ef20e82640b693feef04cef87eb54609e285b0
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

age
2185
cache-control
public, max-age=0, must-revalidate
cf-cache-status
HIT
cf-ray
8df355fecd8ebb8c-FRA
content-encoding
gzip
content-type
text/html; charset=utf-8
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-origin
date
Fri, 08 Nov 2024 05:59:15 GMT
expires
Fri, 08 Nov 2024 09:59:15 GMT
last-modified
Fri, 08 Nov 2024 05:22:50 GMT
origin-agent-cluster
?1
permissions-policy
camera=(), microphone=(), geolocation=()
referrer-policy
origin-when-cross-origin
server
cloudflare
strict-transport-security
max-age=0; includeSubDomains
vary
Accept-Encoding
x-bot-verified
false
x-cache-tag
homepage,TWVudTo0OTE=,UGFnZTozMDE1,UGFnZToyMTgw,TWVudToyMTk=,TWVudToyMzc=
x-client-cache-control
public, max-age=0, must-revalidate
x-content-type-options
nosniff
x-dns-prefetch-control
on
x-download-options
noopen
x-edge-cache-stale-at
1731046970489
x-edge-cache-status
HIT
x-edge-origin-cache-control
public, s-maxage=3600, stale-while-revalidate=59
x-frame-options
DENY
x-origin-cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
x-xss-protection
0

Redirect headers

cf-ray
8df355fdfd01bb8c-FRA
content-length
0
content-type
text/plain;charset=UTF-8
date
Fri, 08 Nov 2024 05:59:14 GMT
location
https://www.lush.com/it/it
server
cloudflare
strict-transport-security
max-age=0; includeSubDomains
vary
Accept-Encoding
x-content-type-options
nosniff
x-robots-tag
noindex
Gourmand_new_NA_1.jpg
www.lush.com/cdn-cgi/image/width=1920,f=auto/https://res.cloudinary.com/lush/image/upload/v1724162713/collections/Hero%20Images/
565 KB
566 KB
Image
General
Full URL
https://www.lush.com/cdn-cgi/image/width=1920,f=auto/https://res.cloudinary.com/lush/image/upload/v1724162713/collections/Hero%20Images/Gourmand_new_NA_1.jpg
Requested by
Host: www.lush.com
URL: https://www.lush.com/it/it
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:dd71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
217274e9b5354ee1b80b8449cbab6cdfccfa85e40e454d26bc1c281c9c7c4316
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.lush.com/it/it

Response headers

cf-cache-status
HIT
etag
"cfS0MNMXUSG1kNXk_xO_IxwJUPp_fOabiIY6DV23sxDQ:977e22af0467257fe570d8b843426e60"
cf-bgj
imgq:85,h2pri
cf-resized
internal=ok/- q=0 n=59+241 c=0+0 v=2024.10.6 l=578978 f=false
x-content-type-options
nosniff
date
Fri, 08 Nov 2024 05:59:15 GMT
content-type
image/avif
last-modified
Tue, 20 Aug 2024 14:05:15 GMT
vary
Accept, Accept-Encoding
strict-transport-security
max-age=0; includeSubDomains
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
cache-control
public, max-age=2592000, no-transform, immutable
cf-ray
8df356006eacbb8c-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
578978
server
cloudflare
03ad1494b43d1cd7.css
www.lush.com/_next/static/css/
40 KB
9 KB
Stylesheet
General
Full URL
https://www.lush.com/_next/static/css/03ad1494b43d1cd7.css
Requested by
Host: www.lush.com
URL: https://www.lush.com/it/it
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:dd71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ff84544a870d4458a50c35a5d884c25597b3718d925ade365b2109b9df99fbdf
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.lush.com/it/it

Response headers

content-encoding
gzip
cf-cache-status
MISS
etag
W/"a06b-193012cea08"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-origin-cf-cache-status
MISS
expires
Sat, 08 Nov 2025 05:59:15 GMT
date
Fri, 08 Nov 2024 05:59:15 GMT
content-type
text/css; charset=UTF-8
last-modified
Wed, 06 Nov 2024 11:12:21 GMT
vary
Accept-Encoding
x-edge-cache-status
MISS
x-frame-options
DENY
strict-transport-security
max-age=0; includeSubDomains
cache-control
max-age=31536000
x-dns-prefetch-control
on
cross-origin-opener-policy
same-origin
x-bot-verified
false
cross-origin-resource-policy
same-origin
referrer-policy
origin-when-cross-origin
x-download-options
noopen
cf-ray
8df356006eabbb8c-FRA
permissions-policy
camera=(), microphone=(), geolocation=()
x-xss-protection
0
origin-agent-cluster
?1
server
cloudflare
x-edge-origin-cache-control
public, max-age=31536000
webpack-f9201d5637db0310.js
www.lush.com/_next/static/chunks/
8 KB
4 KB
Script
General
Full URL
https://www.lush.com/_next/static/chunks/webpack-f9201d5637db0310.js
Requested by
Host: www.lush.com
URL: https://www.lush.com/it/it
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:dd71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8aaa40a9615f16d21877770f76cf5c47a0eb3e5cc8b3b5974d5438bf60420a6c
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.lush.com/it/it

Response headers

content-encoding
gzip
cf-cache-status
MISS
etag
W/"1e77-193012cea08"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-origin-cf-cache-status
MISS
expires
Sat, 08 Nov 2025 05:59:15 GMT
date
Fri, 08 Nov 2024 05:59:15 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Wed, 06 Nov 2024 11:12:21 GMT
vary
Accept-Encoding
x-edge-cache-status
MISS
x-frame-options
DENY
strict-transport-security
max-age=0; includeSubDomains
cache-control
max-age=31536000
x-dns-prefetch-control
on
cross-origin-opener-policy
same-origin
x-bot-verified
false
cross-origin-resource-policy
same-origin
referrer-policy
origin-when-cross-origin
x-download-options
noopen
cf-ray
8df356008ec1bb8c-FRA
permissions-policy
camera=(), microphone=(), geolocation=()
x-xss-protection
0
origin-agent-cluster
?1
server
cloudflare
x-edge-origin-cache-control
public, max-age=31536000
framework-a6a5a404f5aeb5bf.js
www.lush.com/_next/static/chunks/
137 KB
44 KB
Script
General
Full URL
https://www.lush.com/_next/static/chunks/framework-a6a5a404f5aeb5bf.js
Requested by
Host: www.lush.com
URL: https://www.lush.com/it/it
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:dd71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eb90da616de46ef90f78f15b7d620472673a0443e257e56e3af7e9d4c019fb5c
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.lush.com/it/it

Response headers

content-encoding
gzip
cf-cache-status
MISS
etag
W/"22437-193012cea08"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-origin-cf-cache-status
MISS
expires
Sat, 08 Nov 2025 05:59:15 GMT
date
Fri, 08 Nov 2024 05:59:15 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Wed, 06 Nov 2024 11:12:21 GMT
vary
Accept-Encoding
x-edge-cache-status
MISS
x-frame-options
DENY
strict-transport-security
max-age=0; includeSubDomains
cache-control
max-age=31536000
x-dns-prefetch-control
on
cross-origin-opener-policy
same-origin
x-bot-verified
false
cross-origin-resource-policy
same-origin
referrer-policy
origin-when-cross-origin
x-download-options
noopen
cf-ray
8df356008ec3bb8c-FRA
permissions-policy
camera=(), microphone=(), geolocation=()
x-xss-protection
0
origin-agent-cluster
?1
server
cloudflare
x-edge-origin-cache-control
public, max-age=31536000
main-ea8bdaecac470876.js
www.lush.com/_next/static/chunks/
155 KB
45 KB
Script
General
Full URL
https://www.lush.com/_next/static/chunks/main-ea8bdaecac470876.js
Requested by
Host: www.lush.com
URL: https://www.lush.com/it/it
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:dd71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f51071a6c85a53caa449facfd5d5f7a3b43172123c18bfa27b943f7e870e9a6d
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.lush.com/it/it

Response headers

content-encoding
gzip
cf-cache-status
MISS
etag
W/"26c4f-193012cea08"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-origin-cf-cache-status
MISS
expires
Sat, 08 Nov 2025 05:59:15 GMT
date
Fri, 08 Nov 2024 05:59:15 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Wed, 06 Nov 2024 11:12:21 GMT
vary
Accept-Encoding
x-edge-cache-status
MISS
x-frame-options
DENY
strict-transport-security
max-age=0; includeSubDomains
cache-control
max-age=31536000
x-dns-prefetch-control
on
cross-origin-opener-policy
same-origin
x-bot-verified
false
cross-origin-resource-policy
same-origin
referrer-policy
origin-when-cross-origin
x-download-options
noopen
cf-ray
8df35600bee2bb8c-FRA
permissions-policy
camera=(), microphone=(), geolocation=()
x-xss-protection
0
origin-agent-cluster
?1
server
cloudflare
x-edge-origin-cache-control
public, max-age=31536000
_app-c37ee8da468fba5f.js
www.lush.com/_next/static/chunks/pages/
2 MB
392 KB
Script
General
Full URL
https://www.lush.com/_next/static/chunks/pages/_app-c37ee8da468fba5f.js
Requested by
Host: www.lush.com
URL: https://www.lush.com/it/it
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:dd71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9ccf625115c8fd977ee9b73d1e4c9cd449cb854ea90b0efebc4ddee40fe25c58
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.lush.com/it/it

Response headers

content-encoding
gzip
cf-cache-status
MISS
etag
W/"1a7a8a-193012cea08"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-origin-cf-cache-status
MISS
expires
Sat, 08 Nov 2025 05:59:15 GMT
date
Fri, 08 Nov 2024 05:59:15 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Wed, 06 Nov 2024 11:12:21 GMT
vary
Accept-Encoding
x-edge-cache-status
MISS
x-frame-options
DENY
strict-transport-security
max-age=0; includeSubDomains
cache-control
max-age=31536000
x-dns-prefetch-control
on
cross-origin-opener-policy
same-origin
x-bot-verified
false
cross-origin-resource-policy
same-origin
referrer-policy
origin-when-cross-origin
x-download-options
noopen
cf-ray
8df356015f3fbb8c-FRA
permissions-policy
camera=(), microphone=(), geolocation=()
x-xss-protection
0
origin-agent-cluster
?1
server
cloudflare
x-edge-origin-cache-control
public, max-age=31536000
%5Blanguage%5D-16a8ef904a47eecf.js
www.lush.com/_next/static/chunks/pages/%5Bchannel%5D/
18 KB
6 KB
Script
General
Full URL
https://www.lush.com/_next/static/chunks/pages/%5Bchannel%5D/%5Blanguage%5D-16a8ef904a47eecf.js
Requested by
Host: www.lush.com
URL: https://www.lush.com/it/it
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:dd71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8aba678f52eae943a0a2d867efdc89ca28cba3aa3b8dd76b28ede361d618d26e
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.lush.com/it/it

Response headers

content-encoding
gzip
cf-cache-status
MISS
etag
W/"46f6-193012cea08"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-origin-cf-cache-status
MISS
expires
Sat, 08 Nov 2025 05:59:15 GMT
date
Fri, 08 Nov 2024 05:59:15 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Wed, 06 Nov 2024 11:12:21 GMT
vary
Accept-Encoding
x-edge-cache-status
MISS
x-frame-options
DENY
strict-transport-security
max-age=0; includeSubDomains
cache-control
max-age=31536000
x-dns-prefetch-control
on
cross-origin-opener-policy
same-origin
x-bot-verified
false
cross-origin-resource-policy
same-origin
referrer-policy
origin-when-cross-origin
x-download-options
noopen
cf-ray
8df356015f40bb8c-FRA
permissions-policy
camera=(), microphone=(), geolocation=()
x-xss-protection
0
origin-agent-cluster
?1
server
cloudflare
x-edge-origin-cache-control
public, max-age=31536000
_buildManifest.js
www.lush.com/_next/static/production-75cf9bc7/
8 KB
2 KB
Script
General
Full URL
https://www.lush.com/_next/static/production-75cf9bc7/_buildManifest.js
Requested by
Host: www.lush.com
URL: https://www.lush.com/it/it
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:dd71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4db81d838daa9cb843b51924af26091fb362861071e0c2051ea3790bdf5ef0e7
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.lush.com/it/it

Response headers

content-encoding
gzip
cf-cache-status
MISS
etag
W/"203a-193012cea08"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-origin-cf-cache-status
MISS
expires
Sat, 08 Nov 2025 05:59:15 GMT
date
Fri, 08 Nov 2024 05:59:15 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Wed, 06 Nov 2024 11:12:21 GMT
vary
Accept-Encoding
x-edge-cache-status
MISS
x-frame-options
DENY
strict-transport-security
max-age=0; includeSubDomains
cache-control
max-age=31536000
x-dns-prefetch-control
on
cross-origin-opener-policy
same-origin
x-bot-verified
false
cross-origin-resource-policy
same-origin
referrer-policy
origin-when-cross-origin
x-download-options
noopen
cf-ray
8df356015f42bb8c-FRA
permissions-policy
camera=(), microphone=(), geolocation=()
x-xss-protection
0
origin-agent-cluster
?1
server
cloudflare
x-edge-origin-cache-control
public, max-age=31536000
_ssgManifest.js
www.lush.com/_next/static/production-75cf9bc7/
98 B
276 B
Script
General
Full URL
https://www.lush.com/_next/static/production-75cf9bc7/_ssgManifest.js
Requested by
Host: www.lush.com
URL: https://www.lush.com/it/it
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:dd71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b2fd9b656d77284af4908da0123c1e5a3b7e5e05e748971ffdedfc3b66f6c254
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.lush.com/it/it

Response headers

content-encoding
gzip
cf-cache-status
MISS
etag
W/"62-193012d7a90"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-origin-cf-cache-status
MISS
expires
Sat, 08 Nov 2025 05:59:15 GMT
date
Fri, 08 Nov 2024 05:59:15 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Wed, 06 Nov 2024 11:12:58 GMT
vary
Accept-Encoding
x-edge-cache-status
MISS
x-frame-options
DENY
strict-transport-security
max-age=0; includeSubDomains
cache-control
max-age=31536000
x-dns-prefetch-control
on
cross-origin-opener-policy
same-origin
x-bot-verified
false
cross-origin-resource-policy
same-origin
referrer-policy
origin-when-cross-origin
x-download-options
noopen
cf-ray
8df356016f4abb8c-FRA
permissions-policy
camera=(), microphone=(), geolocation=()
x-xss-protection
0
origin-agent-cluster
?1
server
cloudflare
x-edge-origin-cache-control
public, max-age=31536000
it.svg
res.cloudinary.com/lush/image/upload/f_auto,q_auto,fl_lossy,w_36/v1590069065/lush_com/site_assets/flags/flag_square/
80 B
623 B
Image
General
Full URL
https://res.cloudinary.com/lush/image/upload/f_auto,q_auto,fl_lossy,w_36/v1590069065/lush_com/site_assets/flags/flag_square/it.svg
Requested by
Host: www.lush.com
URL: https://www.lush.com/it/it
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:3500:89a::523 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Cloudinary /
Resource Hash
2eeb29ebf4cad59d941a28d70d99eb63cd90bb4cd958eeff4d5f505a05ba7a19
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.lush.com/

Response headers

x-request-id
e161a0d25d3d18af79088d1b54320a29
access-control-expose-headers
Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Robots-Tag,X-Content-Type-Options
etag
"1fc768ead1c1d8b3244f08029ef3c96c"
x-content-type-options
nosniff
server-timing
cld-akam;dur=10;start=2024-11-08T05:59:15.418Z;desc=hit,rtt;dur=37,content-info;desc="width=36,height=36,owidth=512,oheight=512,obytes=798"
date
Fri, 08 Nov 2024 05:59:15 GMT
content-type
image/webp
content-disposition
inline; filename="IT.webp"
vary
Accept,User-Agent,Save-Data
last-modified
Tue, 22 Jun 2021 10:23:24 GMT
strict-transport-security
max-age=604800
cache-control
private, no-transform, immutable, max-age=2592000
timing-allow-origin
*
accept-ranges
bytes
access-control-allow-origin
*
content-length
80
server
Cloudinary
scent_wellbeing_signage_72b12d74_26ea75b5.jpg
www.lush.com/cdn-cgi/image/width=1920,f=auto/https://unicorn.lush.com/media/file_upload/
98 KB
99 KB
Image
General
Full URL
https://www.lush.com/cdn-cgi/image/width=1920,f=auto/https://unicorn.lush.com/media/file_upload/scent_wellbeing_signage_72b12d74_26ea75b5.jpg
Requested by
Host: www.lush.com
URL: https://www.lush.com/it/it
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:dd71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f2c391ef951e8d194905d181fbe0ff8c8fc7e8108b79733421637d0e1af06c08
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.lush.com/it/it

Response headers

cf-cache-status
HIT
etag
"cfaSNMMbmChZKnyEJY5zVp3darp_fOabiIY6DV23sxDQ:b20af2fe4585193b87448d1fa10c0ac3"
cf-bgj
imgq:85,h2pri
cf-resized
internal=ok/h q=0 n=49+256 c=0+0 v=2024.10.6 l=100834 f=false
x-content-type-options
nosniff
date
Fri, 08 Nov 2024 05:59:15 GMT
content-type
image/avif
last-modified
Wed, 06 Nov 2024 11:46:23 GMT
vary
Accept, Accept-Encoding
strict-transport-security
max-age=0; includeSubDomains
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
cache-control
max-age=604800
via
1.1 91c2aa7e3369a817b01aa672c72e5ba0.cloudfront.net (CloudFront)
cf-ray
8df356006eadbb8c-FRA
accept-ranges
bytes
content-length
100834
server
cloudflare
email-decode.min.js
www.lush.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/
1 KB
808 B
Script
General
Full URL
https://www.lush.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: www.lush.com
URL: https://www.lush.com/it/it
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:dd71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.lush.com/it/it

Response headers

strict-transport-security
max-age=0; includeSubDomains
cache-control
max-age=172800, public
content-encoding
gzip
etag
W/"672528e6-4d7"
x-content-type-options
nosniff
cf-ray
8df356006eaebb8c-FRA
expires
Sun, 10 Nov 2024 05:59:15 GMT
date
Fri, 08 Nov 2024 05:59:15 GMT
content-type
application/javascript
last-modified
Fri, 01 Nov 2024 19:15:50 GMT
vary
Accept-Encoding
server
cloudflare
x-frame-options
DENY
truncated
/
80 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
987a066826a1b048ed62d0c39f420e6e822fe826f15c36011b2eac449c265f64

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.lush.com/

Response headers

Content-Type
image/svg+xml
truncated
/
42 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.lush.com/

Response headers

Content-Type
image/gif
truncated
/
43 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8f446bfab1596dbabd0a6f55db914102d1c99d330fd6a88aaadd6bd88cb4ba85

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/gif
Inter-Regular.ttf
www.lush.com/assets/fonts/inter/
303 KB
148 KB
Font
General
Full URL
https://www.lush.com/assets/fonts/inter/Inter-Regular.ttf
Requested by
Host: www.lush.com
URL: https://www.lush.com/_next/static/css/03ad1494b43d1cd7.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:dd71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3127f0b873387ee37e2040135a06e9e9c05030f509eb63689529becf28b50384
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.lush.com
Referer
https://www.lush.com/_next/static/css/03ad1494b43d1cd7.css

Response headers

content-encoding
gzip
cf-cache-status
MISS
etag
W/"4bbec-193012934d0"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
Fri, 08 Nov 2024 09:59:15 GMT
date
Fri, 08 Nov 2024 05:59:15 GMT
content-type
font/ttf
last-modified
Wed, 06 Nov 2024 11:08:18 GMT
vary
Accept-Encoding
x-frame-options
DENY
strict-transport-security
max-age=0; includeSubDomains
cache-control
public, max-age=14400
x-dns-prefetch-control
on
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-origin
referrer-policy
origin-when-cross-origin
x-download-options
noopen
cf-ray
8df356018f54bb8c-FRA
permissions-policy
camera=(), microphone=(), geolocation=()
x-xss-protection
0
origin-agent-cluster
?1
server
cloudflare
Inter-Bold.ttf
www.lush.com/assets/fonts/inter/
309 KB
158 KB
Font
General
Full URL
https://www.lush.com/assets/fonts/inter/Inter-Bold.ttf
Requested by
Host: www.lush.com
URL: https://www.lush.com/_next/static/css/03ad1494b43d1cd7.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:dd71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
412c068eab6f36e6807d630ff89127165e8e4d3e8653434cdfb56b60cdcc3a32
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.lush.com
Referer
https://www.lush.com/_next/static/css/03ad1494b43d1cd7.css

Response headers

content-encoding
gzip
cf-cache-status
MISS
etag
W/"4d4a8-193012934d0"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
Fri, 08 Nov 2024 09:59:15 GMT
date
Fri, 08 Nov 2024 05:59:15 GMT
content-type
font/ttf
last-modified
Wed, 06 Nov 2024 11:08:18 GMT
vary
Accept-Encoding
x-frame-options
DENY
strict-transport-security
max-age=0; includeSubDomains
cache-control
public, max-age=14400
x-dns-prefetch-control
on
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-origin
referrer-policy
origin-when-cross-origin
x-download-options
noopen
cf-ray
8df356018f55bb8c-FRA
permissions-policy
camera=(), microphone=(), geolocation=()
x-xss-protection
0
origin-agent-cluster
?1
server
cloudflare
LushHandwritten_WLat_Bd.woff
www.lush.com/assets/fonts/handwritten/
61 KB
61 KB
Font
General
Full URL
https://www.lush.com/assets/fonts/handwritten/LushHandwritten_WLat_Bd.woff
Requested by
Host: www.lush.com
URL: https://www.lush.com/_next/static/css/03ad1494b43d1cd7.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:dd71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b7416feb885da7a5501a2e64b066a25325186634c46a11669ba2c3e99fc22bed
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.lush.com
Referer
https://www.lush.com/_next/static/css/03ad1494b43d1cd7.css

Response headers

cf-cache-status
MISS
etag
W/"f3e8-193012934d0"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
Fri, 08 Nov 2024 09:59:15 GMT
date
Fri, 08 Nov 2024 05:59:15 GMT
content-type
font/woff
last-modified
Wed, 06 Nov 2024 11:08:18 GMT
vary
Accept-Encoding
x-frame-options
DENY
strict-transport-security
max-age=0; includeSubDomains
cache-control
public, max-age=14400
x-dns-prefetch-control
on
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-origin
referrer-policy
origin-when-cross-origin
x-download-options
noopen
cf-ray
8df356018f56bb8c-FRA
permissions-policy
camera=(), microphone=(), geolocation=()
accept-ranges
bytes
content-length
62440
x-xss-protection
0
origin-agent-cluster
?1
server
cloudflare
/
o791023.ingest.sentry.io/api/5800438/envelope/
2 B
300 B
Fetch
General
Full URL
https://o791023.ingest.sentry.io/api/5800438/envelope/?sentry_key=6f67d17ea2354e9885202e18fcb5a8a9&sentry_version=7&sentry_client=sentry.javascript.nextjs%2F8.31.0
Requested by
Host: www.lush.com
URL: https://www.lush.com/_next/static/chunks/pages/_app-c37ee8da468fba5f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
249.195.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.lush.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
access-control-expose-headers
x-sentry-error,x-sentry-rate-limits,retry-after
cross-origin-resource-policy
cross-origin
via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
date
Fri, 08 Nov 2024 05:59:15 GMT
content-type
application/json
vary
origin, access-control-request-method, access-control-request-headers
server
nginx
4181.10af6ccc4ad7e1e8.js
www.lush.com/_next/static/chunks/
5 KB
2 KB
Script
General
Full URL
https://www.lush.com/_next/static/chunks/4181.10af6ccc4ad7e1e8.js
Requested by
Host: www.lush.com
URL: https://www.lush.com/_next/static/chunks/webpack-f9201d5637db0310.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:dd71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c3680691927641808446be90eec015acb1658daf2514fee402778567a2d7cd1a
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.lush.com/it/it

Response headers

content-encoding
gzip
cf-cache-status
MISS
etag
W/"1487-193012cea08"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-origin-cf-cache-status
MISS
expires
Sat, 08 Nov 2025 05:59:16 GMT
date
Fri, 08 Nov 2024 05:59:16 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Wed, 06 Nov 2024 11:12:21 GMT
vary
Accept-Encoding
x-edge-cache-status
MISS
x-frame-options
DENY
strict-transport-security
max-age=0; includeSubDomains
cache-control
max-age=31536000
x-dns-prefetch-control
on
cross-origin-opener-policy
same-origin
x-bot-verified
false
cross-origin-resource-policy
same-origin
referrer-policy
origin-when-cross-origin
x-download-options
noopen
cf-ray
8df35604f947bb8c-FRA
permissions-policy
camera=(), microphone=(), geolocation=()
x-xss-protection
0
origin-agent-cluster
?1
server
cloudflare
x-edge-origin-cache-control
public, max-age=31536000
8026.313024be7da64ffc.js
www.lush.com/_next/static/chunks/
9 KB
4 KB
Script
General
Full URL
https://www.lush.com/_next/static/chunks/8026.313024be7da64ffc.js
Requested by
Host: www.lush.com
URL: https://www.lush.com/_next/static/chunks/webpack-f9201d5637db0310.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:dd71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b06eeead5cbf2a2e3b5fe59cec93943667517d23273c0fc2296d551250d3b5f9
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.lush.com/it/it

Response headers

content-encoding
gzip
cf-cache-status
MISS
etag
W/"227e-193012cea08"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-origin-cf-cache-status
MISS
expires
Sat, 08 Nov 2025 05:59:16 GMT
date
Fri, 08 Nov 2024 05:59:16 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Wed, 06 Nov 2024 11:12:21 GMT
vary
Accept-Encoding
x-edge-cache-status
MISS
x-frame-options
DENY
strict-transport-security
max-age=0; includeSubDomains
cache-control
max-age=31536000
x-dns-prefetch-control
on
cross-origin-opener-policy
same-origin
x-bot-verified
false
cross-origin-resource-policy
same-origin
referrer-policy
origin-when-cross-origin
x-download-options
noopen
cf-ray
8df356050948bb8c-FRA
permissions-policy
camera=(), microphone=(), geolocation=()
x-xss-protection
0
origin-agent-cluster
?1
server
cloudflare
x-edge-origin-cache-control
public, max-age=31536000
8088-953d99dc360dba89.js
www.lush.com/_next/static/chunks/
28 KB
11 KB
Script
General
Full URL
https://www.lush.com/_next/static/chunks/8088-953d99dc360dba89.js
Requested by
Host: www.lush.com
URL: https://www.lush.com/_next/static/chunks/webpack-f9201d5637db0310.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:dd71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bc581f8ee7c8f637d0a7c5f5521e0291aaef5d01d5d3eeae100c8abfaf11f717
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.lush.com/it/it

Response headers

content-encoding
gzip
cf-cache-status
MISS
etag
W/"6ee9-193012cea08"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-origin-cf-cache-status
MISS
expires
Sat, 08 Nov 2025 05:59:16 GMT
date
Fri, 08 Nov 2024 05:59:16 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Wed, 06 Nov 2024 11:12:21 GMT
vary
Accept-Encoding
x-edge-cache-status
MISS
x-frame-options
DENY
strict-transport-security
max-age=0; includeSubDomains
cache-control
max-age=31536000
x-dns-prefetch-control
on
cross-origin-opener-policy
same-origin
x-bot-verified
false
cross-origin-resource-policy
same-origin
referrer-policy
origin-when-cross-origin
x-download-options
noopen
cf-ray
8df35605094abb8c-FRA
permissions-policy
camera=(), microphone=(), geolocation=()
x-xss-protection
0
origin-agent-cluster
?1
server
cloudflare
x-edge-origin-cache-control
public, max-age=31536000
6521.387d3b21bfa0f1c7.js
www.lush.com/_next/static/chunks/
3 KB
1 KB
Script
General
Full URL
https://www.lush.com/_next/static/chunks/6521.387d3b21bfa0f1c7.js
Requested by
Host: www.lush.com
URL: https://www.lush.com/_next/static/chunks/webpack-f9201d5637db0310.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:dd71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b6303b2a3c6cd840f4ae9d5c98f258713d1be6a638d443e868eb606de5d10d55
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.lush.com/it/it

Response headers

content-encoding
gzip
cf-cache-status
MISS
etag
W/"bd7-193012cea08"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-origin-cf-cache-status
MISS
expires
Sat, 08 Nov 2025 05:59:16 GMT
date
Fri, 08 Nov 2024 05:59:16 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Wed, 06 Nov 2024 11:12:21 GMT
vary
Accept-Encoding
x-edge-cache-status
MISS
x-frame-options
DENY
strict-transport-security
max-age=0; includeSubDomains
cache-control
max-age=31536000
x-dns-prefetch-control
on
cross-origin-opener-policy
same-origin
x-bot-verified
false
cross-origin-resource-policy
same-origin
referrer-policy
origin-when-cross-origin
x-download-options
noopen
cf-ray
8df35605094bbb8c-FRA
permissions-policy
camera=(), microphone=(), geolocation=()
x-xss-protection
0
origin-agent-cluster
?1
server
cloudflare
x-edge-origin-cache-control
public, max-age=31536000
3357.0da1c0ecb54f67dc.js
www.lush.com/_next/static/chunks/
2 KB
1 KB
Script
General
Full URL
https://www.lush.com/_next/static/chunks/3357.0da1c0ecb54f67dc.js
Requested by
Host: www.lush.com
URL: https://www.lush.com/_next/static/chunks/webpack-f9201d5637db0310.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:dd71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
206260b9636c53403b12fdef458f1a845000e63cc5cc280e13ec1b53bd2aae67
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.lush.com/it/it

Response headers

content-encoding
gzip
cf-cache-status
MISS
etag
W/"881-193012cea08"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-origin-cf-cache-status
MISS
expires
Sat, 08 Nov 2025 05:59:16 GMT
date
Fri, 08 Nov 2024 05:59:16 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Wed, 06 Nov 2024 11:12:21 GMT
vary
Accept-Encoding
x-edge-cache-status
MISS
x-frame-options
DENY
strict-transport-security
max-age=0; includeSubDomains
cache-control
max-age=31536000
x-dns-prefetch-control
on
cross-origin-opener-policy
same-origin
x-bot-verified
false
cross-origin-resource-policy
same-origin
referrer-policy
origin-when-cross-origin
x-download-options
noopen
cf-ray
8df35605094cbb8c-FRA
permissions-policy
camera=(), microphone=(), geolocation=()
x-xss-protection
0
origin-agent-cluster
?1
server
cloudflare
x-edge-origin-cache-control
public, max-age=31536000
/
o791023.ingest.sentry.io/api/5800438/envelope/
2 B
56 B
Fetch
General
Full URL
https://o791023.ingest.sentry.io/api/5800438/envelope/?sentry_key=6f67d17ea2354e9885202e18fcb5a8a9&sentry_version=7&sentry_client=sentry.javascript.nextjs%2F8.31.0
Requested by
Host: www.lush.com
URL: https://www.lush.com/_next/static/chunks/pages/_app-c37ee8da468fba5f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
249.195.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.lush.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
access-control-expose-headers
x-sentry-error,x-sentry-rate-limits,retry-after
cross-origin-resource-policy
cross-origin
via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
date
Fri, 08 Nov 2024 05:59:16 GMT
content-type
application/json
vary
origin, access-control-request-method, access-control-request-headers
server
nginx
/
o791023.ingest.sentry.io/api/5800438/envelope/
41 B
98 B
Fetch
General
Full URL
https://o791023.ingest.sentry.io/api/5800438/envelope/?sentry_key=6f67d17ea2354e9885202e18fcb5a8a9&sentry_version=7&sentry_client=sentry.javascript.nextjs%2F8.31.0
Requested by
Host: www.lush.com
URL: https://www.lush.com/_next/static/chunks/pages/_app-c37ee8da468fba5f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
249.195.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
9c1d78023fcf9eaf324ccc2283b2399e544882f2de5358600d34ae3e9e9cf51d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.lush.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
access-control-expose-headers
x-sentry-error,x-sentry-rate-limits,retry-after
cross-origin-resource-policy
cross-origin
via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
41
date
Fri, 08 Nov 2024 05:59:16 GMT
content-type
application/json
vary
origin, access-control-request-method, access-control-request-headers
server
nginx
/
o791023.ingest.sentry.io/api/5800438/envelope/
41 B
95 B
Fetch
General
Full URL
https://o791023.ingest.sentry.io/api/5800438/envelope/?sentry_key=6f67d17ea2354e9885202e18fcb5a8a9&sentry_version=7&sentry_client=sentry.javascript.nextjs%2F8.31.0
Requested by
Host: www.lush.com
URL: https://www.lush.com/_next/static/chunks/pages/_app-c37ee8da468fba5f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
249.195.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
6e336184a91f9cc67129674ec0cfb6ada71e5808644cf59101d0a57babd32e2d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.lush.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
access-control-expose-headers
x-sentry-error,x-sentry-rate-limits,retry-after
cross-origin-resource-policy
cross-origin
via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
41
date
Fri, 08 Nov 2024 05:59:16 GMT
content-type
application/json
vary
origin, access-control-request-method, access-control-request-headers
server
nginx
/
o791023.ingest.sentry.io/api/5800438/envelope/
41 B
95 B
Fetch
General
Full URL
https://o791023.ingest.sentry.io/api/5800438/envelope/?sentry_key=6f67d17ea2354e9885202e18fcb5a8a9&sentry_version=7&sentry_client=sentry.javascript.nextjs%2F8.31.0
Requested by
Host: www.lush.com
URL: https://www.lush.com/_next/static/chunks/pages/_app-c37ee8da468fba5f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
249.195.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
eff68bf924cbde4bb64c598c3e168dad3f7b14b587dd0368c59a87c7ab562e6f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.lush.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
access-control-expose-headers
x-sentry-error,x-sentry-rate-limits,retry-after
cross-origin-resource-policy
cross-origin
via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
41
date
Fri, 08 Nov 2024 05:59:16 GMT
content-type
application/json
vary
origin, access-control-request-method, access-control-request-headers
server
nginx
/
o791023.ingest.sentry.io/api/5800438/envelope/
41 B
95 B
Fetch
General
Full URL
https://o791023.ingest.sentry.io/api/5800438/envelope/?sentry_key=6f67d17ea2354e9885202e18fcb5a8a9&sentry_version=7&sentry_client=sentry.javascript.nextjs%2F8.31.0
Requested by
Host: www.lush.com
URL: https://www.lush.com/_next/static/chunks/pages/_app-c37ee8da468fba5f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
249.195.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
5dd77e15dc98102def800c0527fa0a2812989a597ce739e7c1ed23cfd286f4c1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.lush.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
access-control-expose-headers
x-sentry-error,x-sentry-rate-limits,retry-after
cross-origin-resource-policy
cross-origin
via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
41
date
Fri, 08 Nov 2024 05:59:16 GMT
content-type
application/json
vary
origin, access-control-request-method, access-control-request-headers
server
nginx
/
o791023.ingest.sentry.io/api/5800438/envelope/
41 B
95 B
Fetch
General
Full URL
https://o791023.ingest.sentry.io/api/5800438/envelope/?sentry_key=6f67d17ea2354e9885202e18fcb5a8a9&sentry_version=7&sentry_client=sentry.javascript.nextjs%2F8.31.0
Requested by
Host: www.lush.com
URL: https://www.lush.com/_next/static/chunks/pages/_app-c37ee8da468fba5f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
249.195.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
029644515f96032a13f220dbd65e264540016852a71dbd9fcc2a25fba87451f5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.lush.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
access-control-expose-headers
x-sentry-error,x-sentry-rate-limits,retry-after
cross-origin-resource-policy
cross-origin
via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
41
date
Fri, 08 Nov 2024 05:59:16 GMT
content-type
application/json
vary
origin, access-control-request-method, access-control-request-headers
server
nginx
/
o791023.ingest.sentry.io/api/5800438/envelope/
41 B
95 B
Fetch
General
Full URL
https://o791023.ingest.sentry.io/api/5800438/envelope/?sentry_key=6f67d17ea2354e9885202e18fcb5a8a9&sentry_version=7&sentry_client=sentry.javascript.nextjs%2F8.31.0
Requested by
Host: www.lush.com
URL: https://www.lush.com/_next/static/chunks/pages/_app-c37ee8da468fba5f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
249.195.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
f0ea6857bda18aba6699a0a36980d4dd8467f336a91bd763cfa9cd309230d4db
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.lush.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
access-control-expose-headers
x-sentry-error,x-sentry-rate-limits,retry-after
cross-origin-resource-policy
cross-origin
via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
41
date
Fri, 08 Nov 2024 05:59:16 GMT
content-type
application/json
vary
origin, access-control-request-method, access-control-request-headers
server
nginx
/
o791023.ingest.sentry.io/api/5800438/envelope/
41 B
95 B
Fetch
General
Full URL
https://o791023.ingest.sentry.io/api/5800438/envelope/?sentry_key=6f67d17ea2354e9885202e18fcb5a8a9&sentry_version=7&sentry_client=sentry.javascript.nextjs%2F8.31.0
Requested by
Host: www.lush.com
URL: https://www.lush.com/_next/static/chunks/pages/_app-c37ee8da468fba5f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
249.195.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
7667ce62272510e7620cdf9a8f38c5589dbdb83b72d99dd944f9eed10b78af6a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.lush.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
access-control-expose-headers
x-sentry-error,x-sentry-rate-limits,retry-after
cross-origin-resource-policy
cross-origin
via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
41
date
Fri, 08 Nov 2024 05:59:16 GMT
content-type
application/json
vary
origin, access-control-request-method, access-control-request-headers
server
nginx
/
o791023.ingest.sentry.io/api/5800438/envelope/
41 B
95 B
Fetch
General
Full URL
https://o791023.ingest.sentry.io/api/5800438/envelope/?sentry_key=6f67d17ea2354e9885202e18fcb5a8a9&sentry_version=7&sentry_client=sentry.javascript.nextjs%2F8.31.0
Requested by
Host: www.lush.com
URL: https://www.lush.com/_next/static/chunks/pages/_app-c37ee8da468fba5f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
249.195.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
68d3040dfbd7c63e3f9d0c7d6840ead31be22058afbe3b415630507d31a4009d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.lush.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
access-control-expose-headers
x-sentry-error,x-sentry-rate-limits,retry-after
cross-origin-resource-policy
cross-origin
via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
41
date
Fri, 08 Nov 2024 05:59:16 GMT
content-type
application/json
vary
origin, access-control-request-method, access-control-request-headers
server
nginx
/
o791023.ingest.sentry.io/api/5800438/envelope/
41 B
95 B
Fetch
General
Full URL
https://o791023.ingest.sentry.io/api/5800438/envelope/?sentry_key=6f67d17ea2354e9885202e18fcb5a8a9&sentry_version=7&sentry_client=sentry.javascript.nextjs%2F8.31.0
Requested by
Host: www.lush.com
URL: https://www.lush.com/_next/static/chunks/pages/_app-c37ee8da468fba5f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
249.195.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
44ba55c79800786df55d8489e82a5a0a8a7554a08149088c3dcf4afb6a9ca860
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.lush.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
access-control-expose-headers
x-sentry-error,x-sentry-rate-limits,retry-after
cross-origin-resource-policy
cross-origin
via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
41
date
Fri, 08 Nov 2024 05:59:16 GMT
content-type
application/json
vary
origin, access-control-request-method, access-control-request-headers
server
nginx
get
www.lush.com/api/basket/
2 B
98 B
Fetch
General
Full URL
https://www.lush.com/api/basket/get?channel=it&language=IT
Requested by
Host: www.lush.com
URL: https://www.lush.com/_next/static/chunks/pages/_app-c37ee8da468fba5f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:dd71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

sentry-trace
260b526f7d994a21b4f96bf231193f61-a60ee4f0f75a63f2-0
Referer
https://www.lush.com/it/it
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
baggage
undefined

Response headers

strict-transport-security
max-age=0; includeSubDomains
x-dns-prefetch-control
on
cf-cache-status
DYNAMIC
etag
"bwc9mymkdm2"
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin
cf-ray
8df3560619f8bb8c-FRA
permissions-policy
camera=(), microphone=(), geolocation=()
content-length
2
date
Fri, 08 Nov 2024 05:59:16 GMT
content-type
application/json; charset=utf-8
vary
Accept-Encoding
server
cloudflare
x-frame-options
DENY
me
www.lush.com/api/auth/
0
45 B
Fetch
General
Full URL
https://www.lush.com/api/auth/me
Requested by
Host: www.lush.com
URL: https://www.lush.com/_next/static/chunks/pages/_app-c37ee8da468fba5f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:dd71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

sentry-trace
260b526f7d994a21b4f96bf231193f61-987d24b606244c54-0
Referer
https://www.lush.com/it/it
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
baggage
undefined

Response headers

strict-transport-security
max-age=0; includeSubDomains
x-dns-prefetch-control
on
cf-cache-status
DYNAMIC
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin
cf-ray
8df3560619fabb8c-FRA
permissions-policy
camera=(), microphone=(), geolocation=()
date
Fri, 08 Nov 2024 05:59:16 GMT
server
cloudflare
x-frame-options
DENY
favicon.ico
www.lush.com/
15 KB
2 KB
Other
General
Full URL
https://www.lush.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:dd71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d169a29a1e1f23f00cf79c64ba705cba145cfa4c8e6d7ddb8324a1cac7d66f07
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.lush.com/it/it

Response headers

content-encoding
gzip
cf-cache-status
MISS
etag
W/"3c2e-193012934d0"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
expires
Fri, 08 Nov 2024 09:59:16 GMT
date
Fri, 08 Nov 2024 05:59:16 GMT
content-type
image/x-icon
last-modified
Wed, 06 Nov 2024 11:08:18 GMT
vary
Accept-Encoding
x-frame-options
DENY
strict-transport-security
max-age=0; includeSubDomains
cache-control
public, max-age=14400
x-dns-prefetch-control
on
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-origin
referrer-policy
origin-when-cross-origin
x-download-options
noopen
cf-ray
8df356065a16bb8c-FRA
permissions-policy
camera=(), microphone=(), geolocation=()
x-xss-protection
0
origin-agent-cluster
?1
server
cloudflare
commerce-site-logo_22.png
www.lush.com/cdn-cgi/image/width=384,f=auto/https://res.cloudinary.com/lush/image/upload/v1664894325/lush_com/site_assets/
1 KB
2 KB
Image
General
Full URL
https://www.lush.com/cdn-cgi/image/width=384,f=auto/https://res.cloudinary.com/lush/image/upload/v1664894325/lush_com/site_assets/commerce-site-logo_22.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:dd71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ced77d81d63167288748bb43615e0151e5a5e56c368071703dc03252f117a628
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.lush.com/it/it

Response headers

cf-cache-status
HIT
etag
"cfLJvJpfFuMW8mYE2bjTA2amcZO93g2bghbGpsGnSaDQ:ae5bb89aaac7b0fe2455a5da9e7b125c"
cf-bgj
imgq:0,h2pri
cf-resized
internal=ram/m q=0 n=0+14 c=0+14 v=2024.10.5 l=1534 f=false
warning
cf-images 299 "original is 232B smaller"
x-content-type-options
nosniff
date
Fri, 08 Nov 2024 05:59:16 GMT
content-type
image/png
last-modified
Tue, 04 Oct 2022 14:38:46 GMT
vary
Accept, Accept-Encoding
priority
u=4;i=?0,cf-chb=(95;u=5;i=?0)
strict-transport-security
max-age=0; includeSubDomains
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
cache-control
public, max-age=2592000, no-transform, immutable
cf-ray
8df35606fa67bb8c-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
1534
server
cloudflare
%5Bslug%5D-6f0a54ef3905a9a8.js
www.lush.com/_next/static/chunks/pages/%5Bchannel%5D/%5Blanguage%5D/c/
0
4 KB
Other
General
Full URL
https://www.lush.com/_next/static/chunks/pages/%5Bchannel%5D/%5Blanguage%5D/c/%5Bslug%5D-6f0a54ef3905a9a8.js
Requested by
Host: www.lush.com
URL: https://www.lush.com/_next/static/chunks/main-ea8bdaecac470876.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:dd71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.lush.com/it/it

Response headers

content-encoding
gzip
cf-cache-status
MISS
etag
W/"29a1-193012cea08"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-origin-cf-cache-status
MISS
expires
Sat, 08 Nov 2025 05:59:16 GMT
date
Fri, 08 Nov 2024 05:59:16 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Wed, 06 Nov 2024 11:12:21 GMT
vary
Accept-Encoding
x-edge-cache-status
MISS
x-frame-options
DENY
strict-transport-security
max-age=0; includeSubDomains
cache-control
max-age=31536000
x-dns-prefetch-control
on
cross-origin-opener-policy
same-origin
x-bot-verified
false
cross-origin-resource-policy
same-origin
referrer-policy
origin-when-cross-origin
x-download-options
noopen
cf-ray
8df356070a70bb8c-FRA
permissions-policy
camera=(), microphone=(), geolocation=()
x-xss-protection
0
origin-agent-cluster
?1
server
cloudflare
x-edge-origin-cache-control
public, max-age=31536000
%5B...slug%5D-2a1197653e0b5a72.js
www.lush.com/_next/static/chunks/pages/%5Bchannel%5D/%5Blanguage%5D/p/
0
2 KB
Other
General
Full URL
https://www.lush.com/_next/static/chunks/pages/%5Bchannel%5D/%5Blanguage%5D/p/%5B...slug%5D-2a1197653e0b5a72.js
Requested by
Host: www.lush.com
URL: https://www.lush.com/_next/static/chunks/main-ea8bdaecac470876.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:dd71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.lush.com/it/it

Response headers

content-encoding
gzip
cf-cache-status
MISS
etag
W/"ed1-193012cea08"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-origin-cf-cache-status
MISS
expires
Sat, 08 Nov 2025 05:59:16 GMT
date
Fri, 08 Nov 2024 05:59:16 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Wed, 06 Nov 2024 11:12:21 GMT
vary
Accept-Encoding
x-edge-cache-status
MISS
x-frame-options
DENY
strict-transport-security
max-age=0; includeSubDomains
cache-control
max-age=31536000
x-dns-prefetch-control
on
cross-origin-opener-policy
same-origin
x-bot-verified
false
cross-origin-resource-policy
same-origin
referrer-policy
origin-when-cross-origin
x-download-options
noopen
cf-ray
8df356070a72bb8c-FRA
permissions-policy
camera=(), microphone=(), geolocation=()
x-xss-protection
0
origin-agent-cluster
?1
server
cloudflare
x-edge-origin-cache-control
public, max-age=31536000
gateway
www.lush.com/api/
15 KB
4 KB
Fetch
General
Full URL
https://www.lush.com/api/gateway
Requested by
Host: www.lush.com
URL: https://www.lush.com/_next/static/chunks/pages/_app-c37ee8da468fba5f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:dd71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1834a20ec64ec4bfbe1b3453aa71a6fa347cad7937480a3f6f4526c95c296c07
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

sentry-trace
260b526f7d994a21b4f96bf231193f61-94c2a8b2c44d1bd9-0
Referer
https://www.lush.com/it/it
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
accept
*/*
content-type
application/json
baggage
undefined

Response headers

strict-transport-security
max-age=0; includeSubDomains
x-dns-prefetch-control
on
content-encoding
gzip
cf-cache-status
DYNAMIC
referrer-policy
origin-when-cross-origin
x-content-type-options
nosniff
cf-ray
8df356071a80bb8c-FRA
permissions-policy
camera=(), microphone=(), geolocation=()
date
Fri, 08 Nov 2024 05:59:16 GMT
content-type
application/json
vary
Accept-Encoding
server
cloudflare
x-frame-options
DENY
%5Bslug%5D-6f0a54ef3905a9a8.js
www.lush.com/_next/static/chunks/pages/%5Bchannel%5D/%5Blanguage%5D/c/
10 KB
0
Script
General
Full URL
https://www.lush.com/_next/static/chunks/pages/%5Bchannel%5D/%5Blanguage%5D/c/%5Bslug%5D-6f0a54ef3905a9a8.js
Requested by
Host: www.lush.com
URL: https://www.lush.com/_next/static/chunks/main-ea8bdaecac470876.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:dd71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
18731bf3834ea551a72d75c55248864f42e2f88d6b94de7362384f0f9add3499
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.lush.com/it/it

Response headers

content-encoding
gzip
cf-cache-status
MISS
etag
W/"29a1-193012cea08"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-origin-cf-cache-status
MISS
expires
Sat, 08 Nov 2025 05:59:16 GMT
date
Fri, 08 Nov 2024 05:59:16 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Wed, 06 Nov 2024 11:12:21 GMT
vary
Accept-Encoding
x-edge-cache-status
MISS
x-frame-options
DENY
cache-control
max-age=31536000
x-dns-prefetch-control
on
cross-origin-opener-policy
same-origin
x-bot-verified
false
cross-origin-resource-policy
same-origin
referrer-policy
origin-when-cross-origin
x-download-options
noopen
cf-ray
8df356070a70bb8c-FRA
permissions-policy
camera=(), microphone=(), geolocation=()
x-xss-protection
0
origin-agent-cluster
?1
server
cloudflare
x-edge-origin-cache-control
public, max-age=31536000
%5B...slug%5D-2a1197653e0b5a72.js
www.lush.com/_next/static/chunks/pages/%5Bchannel%5D/%5Blanguage%5D/p/
4 KB
0
Script
General
Full URL
https://www.lush.com/_next/static/chunks/pages/%5Bchannel%5D/%5Blanguage%5D/p/%5B...slug%5D-2a1197653e0b5a72.js
Requested by
Host: www.lush.com
URL: https://www.lush.com/_next/static/chunks/main-ea8bdaecac470876.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:dd71 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8203ef517a27dbaf29ae80322350871cc858b6c280d208366883aabec25a695d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.lush.com/it/it

Response headers

content-encoding
gzip
cf-cache-status
MISS
etag
W/"ed1-193012cea08"
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-origin-cf-cache-status
MISS
expires
Sat, 08 Nov 2025 05:59:16 GMT
date
Fri, 08 Nov 2024 05:59:16 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Wed, 06 Nov 2024 11:12:21 GMT
vary
Accept-Encoding
x-edge-cache-status
MISS
x-frame-options
DENY
cache-control
max-age=31536000
x-dns-prefetch-control
on
cross-origin-opener-policy
same-origin
x-bot-verified
false
cross-origin-resource-policy
same-origin
referrer-policy
origin-when-cross-origin
x-download-options
noopen
cf-ray
8df356070a72bb8c-FRA
permissions-policy
camera=(), microphone=(), geolocation=()
x-xss-protection
0
origin-agent-cluster
?1
server
cloudflare
x-edge-origin-cache-control
public, max-age=31536000

Verdicts & Comments Add Verdict or Comment

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| _sentryDebugIds string| _sentryDebugIdIdentifier object| webpackChunk_N_E function| __next_set_public_path__ object| next object| __NEXT_DATA__ function| __SSG_MANIFEST_CB object| __NEXT_P object| _N_E object| __SENTRY__ object| SENTRY_RELEASE function| __NEXT_PRELOADREADY object| __MIDDLEWARE_MATCHERS object| __BUILD_MANIFEST object| __SSG_MANIFEST

1 Cookies

Domain/Path Name / Value
.lush.com/ Name: __cf_bm
Value: .QobZRxjLL4uSAXcWjhy7vlmXqho8d.CwkS4EnWXlWw-1731045554-1.0.1.1-Ldrtr9DoXXFsMAfw7xkXaPLcv_G_G47S1Ncy3sbnpMDCn8DumhDBbwlaxVZl6g6bdaXDKDBvCqg_MWTDzZ5bKA

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=0; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

it.lush.com
o791023.ingest.sentry.io
res.cloudinary.com
www.lush.com
2606:4700::6812:dd71
2a02:26f0:3500:89a::523
34.120.195.249
029644515f96032a13f220dbd65e264540016852a71dbd9fcc2a25fba87451f5
1834a20ec64ec4bfbe1b3453aa71a6fa347cad7937480a3f6f4526c95c296c07
18731bf3834ea551a72d75c55248864f42e2f88d6b94de7362384f0f9add3499
206260b9636c53403b12fdef458f1a845000e63cc5cc280e13ec1b53bd2aae67
217274e9b5354ee1b80b8449cbab6cdfccfa85e40e454d26bc1c281c9c7c4316
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2eeb29ebf4cad59d941a28d70d99eb63cd90bb4cd958eeff4d5f505a05ba7a19
3127f0b873387ee37e2040135a06e9e9c05030f509eb63689529becf28b50384
324cebb4440e0bf53418f0b8d7ef20e82640b693feef04cef87eb54609e285b0
412c068eab6f36e6807d630ff89127165e8e4d3e8653434cdfb56b60cdcc3a32
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
44ba55c79800786df55d8489e82a5a0a8a7554a08149088c3dcf4afb6a9ca860
4db81d838daa9cb843b51924af26091fb362861071e0c2051ea3790bdf5ef0e7
5dd77e15dc98102def800c0527fa0a2812989a597ce739e7c1ed23cfd286f4c1
68d3040dfbd7c63e3f9d0c7d6840ead31be22058afbe3b415630507d31a4009d
6e336184a91f9cc67129674ec0cfb6ada71e5808644cf59101d0a57babd32e2d
7667ce62272510e7620cdf9a8f38c5589dbdb83b72d99dd944f9eed10b78af6a
8203ef517a27dbaf29ae80322350871cc858b6c280d208366883aabec25a695d
8aaa40a9615f16d21877770f76cf5c47a0eb3e5cc8b3b5974d5438bf60420a6c
8aba678f52eae943a0a2d867efdc89ca28cba3aa3b8dd76b28ede361d618d26e
8f446bfab1596dbabd0a6f55db914102d1c99d330fd6a88aaadd6bd88cb4ba85
987a066826a1b048ed62d0c39f420e6e822fe826f15c36011b2eac449c265f64
9c1d78023fcf9eaf324ccc2283b2399e544882f2de5358600d34ae3e9e9cf51d
9ccf625115c8fd977ee9b73d1e4c9cd449cb854ea90b0efebc4ddee40fe25c58
b06eeead5cbf2a2e3b5fe59cec93943667517d23273c0fc2296d551250d3b5f9
b2fd9b656d77284af4908da0123c1e5a3b7e5e05e748971ffdedfc3b66f6c254
b6303b2a3c6cd840f4ae9d5c98f258713d1be6a638d443e868eb606de5d10d55
b7416feb885da7a5501a2e64b066a25325186634c46a11669ba2c3e99fc22bed
bc581f8ee7c8f637d0a7c5f5521e0291aaef5d01d5d3eeae100c8abfaf11f717
c3680691927641808446be90eec015acb1658daf2514fee402778567a2d7cd1a
ced77d81d63167288748bb43615e0151e5a5e56c368071703dc03252f117a628
d169a29a1e1f23f00cf79c64ba705cba145cfa4c8e6d7ddb8324a1cac7d66f07
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eb90da616de46ef90f78f15b7d620472673a0443e257e56e3af7e9d4c019fb5c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
eff68bf924cbde4bb64c598c3e168dad3f7b14b587dd0368c59a87c7ab562e6f
f0ea6857bda18aba6699a0a36980d4dd8467f336a91bd763cfa9cd309230d4db
f2c391ef951e8d194905d181fbe0ff8c8fc7e8108b79733421637d0e1af06c08
f51071a6c85a53caa449facfd5d5f7a3b43172123c18bfa27b943f7e870e9a6d
ff84544a870d4458a50c35a5d884c25597b3718d925ade365b2109b9df99fbdf