www.lego.com Open in urlscan Pro
95.101.111.152 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://stores.lego.com/
Effective URL:
https://www.lego.com/de-de/stores
Submission: On October 31 via api (October 31st 2024, 5:02:37 am UTC) from US — Scanned from DE

Summary HTTP 88 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 12 IPs in 4 countries across 7 domains to perform 88 HTTP transactions. The main IP is 95.101.111.152, located in Frankfurt am Main, Germany and belongs to AKAMAI-ASN1, NL. The main domain is www.lego.com. The Cisco Umbrella rank of the primary domain is 39041.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on June 28th 2024. Valid for: a year.

This is the only time www.lego.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	23.38.98.114 23.38.98.114	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 60	95.101.111.152 95.101.111.152	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
9	52.222.214.114 52.222.214.114	16509 (AMAZON-02) (AMAZON-02)
1 2	2600:9000:276... 2600:9000:2761:4600:19:9f8c:2a40:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2602:816:5001... 2602:816:5001::39	54113 (FASTLY) (FASTLY)
2	2a00:1450:400... 2a00:1450:4001:811::200a	15169 (GOOGLE) (GOOGLE)
1	2600:9000:20e... 2600:9000:20eb:8800:1e:c28d:f140:93a1	16509 (AMAZON-02) (AMAZON-02)
2	104.17.215.66 104.17.215.66	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	162.247.243.29 162.247.243.29	54113 (FASTLY) (FASTLY)
4	172.217.18.106 172.217.18.106	15169 (GOOGLE) (GOOGLE)
3	2a02:26f0:350... 2a02:26f0:3500:18::1724:a29f	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	16.170.145.170 16.170.145.170	16509 (AMAZON-02) (AMAZON-02)
1	2a02:26f0:350... 2a02:26f0:3500:18::1724:a299	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
88	12

1 23.38.98.114 (Frankfurt am Main, Germany) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-38-98-114.deploy.static.akamaitechnologies.com

stores.lego.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

60 95.101.111.152 (Frankfurt am Main, Germany) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)
PTR: a95-101-111-152.deploy.static.akamaitechnologies.com

www.lego.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 52.222.214.114 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-214-114.fra56.r.cloudfront.net

assets.lego.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2761:4600:19:9f8c:2a40:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

identity.lego.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2602:816:5001::39 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:811::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

maps.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20eb:8800:1e:c28d:f140:93a1 (United States)

ASN16509 (AMAZON-02, US)

allowed-countries.scout.services.lego.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.17.215.66 (None, )

ASN13335 (CLOUDFLARENET, US)

lego.report-uri.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 162.247.243.29 (United States)

ASN54113 (FASTLY, US)

bam.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.217.18.106 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s42-in-f10.1e100.net

maps.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:3500:18::1724:a29f (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

legocrm.my.site.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 16.170.145.170 (Stockholm, Sweden)

ASN16509 (AMAZON-02, US)
PTR: ec2-16-170-145-170.eu-north-1.compute.amazonaws.com

legocrm.my.salesforce-scrt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:18::1724:a299 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

legocrm.my.site.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
73	lego.com 3 redirects stores.lego.com www.lego.com — Cisco Umbrella Rank: 39041 assets.lego.com — Cisco Umbrella Rank: 50569 identity.lego.com — Cisco Umbrella Rank: 54244 allowed-countries.scout.services.lego.com — Cisco Umbrella Rank: 56057	1 MB
6	googleapis.com maps.googleapis.com — Cisco Umbrella Rank: 445	275 KB
4	site.com legocrm.my.site.com — Cisco Umbrella Rank: 62058	26 KB
2	salesforce-scrt.com legocrm.my.salesforce-scrt.com — Cisco Umbrella Rank: 68201	20 KB
2	nr-data.net bam.nr-data.net — Cisco Umbrella Rank: 245	959 B
2	report-uri.com lego.report-uri.com — Cisco Umbrella Rank: 47089	1 KB
2	newrelic.com js-agent.newrelic.com — Cisco Umbrella Rank: 592	26 KB
88	7

	Domain	Requested by
60	www.lego.com	1 redirects www.lego.com
9	assets.lego.com	www.lego.com
6	maps.googleapis.com	www.lego.com
4	legocrm.my.site.com	www.lego.com
2	legocrm.my.salesforce-scrt.com	www.lego.com
2	bam.nr-data.net	www.lego.com
2	lego.report-uri.com	www.lego.com
2	js-agent.newrelic.com	www.lego.com
2	identity.lego.com	1 redirects www.lego.com
1	allowed-countries.scout.services.lego.com	www.lego.com
1	stores.lego.com	1 redirects
88	11

This site contains links to these domains. Also see Links.

Domain
kids.lego.com
education.lego.com
ideas.lego.com
learningthroughplay.com
www.facebook.com
twitter.com
www.instagram.com
m.youtube.com

Subject Issuer	Validity	Valid
www.lego.com DigiCert TLS RSA SHA256 2020 CA1	`2024-06-28` - `2025-06-28`	a year	crt.sh
assets.lego.com Amazon RSA 2048 M02	`2023-12-06` - `2025-01-04`	a year	crt.sh
identity.lego.com Amazon RSA 2048 M02	`2024-05-19` - `2025-06-17`	a year	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA 2024 Q1	`2024-03-21` - `2025-04-22`	a year	crt.sh
upload.video.google.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
allowed-countries.scout.services.lego.com Amazon RSA 2048 M03	`2024-07-22` - `2025-08-20`	a year	crt.sh
report-uri.com E5	`2024-09-18` - `2024-12-17`	3 months	crt.sh
*.nr-data.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-07-12` - `2025-08-12`	a year	crt.sh
prod.cdn.salesforce-experience.com DigiCert Global G3 TLS ECC SHA384 2020 CA1	`2024-03-06` - `2025-03-04`	a year	crt.sh
scrt01.uengage1.sfdc-cehfhs.svc.sfdcfc.net DigiCert TLS RSA SHA256 2020 CA1	`2024-03-31` - `2025-03-31`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://www.lego.com/de-de/stores
Frame ID: 2D63D7693B111BDDCBDBD2A07648A78E
Requests: 69 HTTP requests in this frame

Frame: https://identity.lego.com/connect/checksession
Frame ID: AA702F91A169113F5597B932F78E3B04
Requests: 1 HTTP requests in this frame

Frame: https://www.lego.com/identity/callback
Frame ID: 3C4CF1527E8631EA495D5B6775C7C7D7
Requests: 17 HTTP requests in this frame

Frame: https://legocrm.my.site.com/ESWEnhancedMessaging1690463241492/assets/htdocs/sitecontext.min.html?parent_domain=https%3A%2F%2Fwww.lego.com
Frame ID: 076004820AEDCC1743CAB4DEDD550E35
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

LEGO® Stores

Page URL History Show full URLs

http://stores.lego.com/ HTTP 307
https://stores.lego.com/ HTTP 302
https://www.lego.com/stores HTTP 302
https://www.lego.com/de-de/stores Page URL

Detected technologies

Google Maps (Maps) Expand

Overall confidence: 100%
Detected patterns

//maps\.google(?:apis)?\.com/maps/api/js

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Page Statistics

88
Requests

100 %
HTTPS

46 %
IPv6

7
Domains

11
Subdomains

12
IPs

4
Countries

1561 kB
Transfer

6609 kB
Size

11
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: https://kids.lego.com/
Title: Spiel und Spaß

Search URL Search Domain Scan URL

URL: http://education.lego.com/
Title: LEGO Education

Search URL Search Domain Scan URL

URL: https://ideas.lego.com/
Title: LEGO Ideas

Search URL Search Domain Scan URL

URL: https://learningthroughplay.com/
Title: LEGO Foundation

Search URL Search Domain Scan URL

URL: https://www.facebook.com/LEGOGermany/

Search URL Search Domain Scan URL

URL: https://twitter.com/LEGO_Group

Search URL Search Domain Scan URL

URL: https://www.instagram.com/legogermany_official/

Search URL Search Domain Scan URL

URL: https://m.youtube.com/user/LEGO

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://stores.lego.com/ HTTP 307
https://stores.lego.com/ HTTP 302
https://www.lego.com/stores HTTP 302
https://www.lego.com/de-de/stores Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 28

https://identity.lego.com/connect/authorize?appContext=false&adultexperience=true&hideheader=true&scope=openid+email+profile+dob&response_type=id_token+token&client_id=316ad352-6573-4df0-b707-e7230ab7e0c7&redirect_uri=https%3A%2F%2Fwww.lego.com%2Fidentity%2Fcallback&ui_locales=en-US&state=Y0QxVxYYk6F7Bh_E&nonce=vl8E2bJ9VF4oE4dO&prompt=none HTTP 302
https://www.lego.com/identity/callback

88 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request stores Show response
www.lego.com/de-de/
Redirect Chain

http://stores.lego.com/
https://stores.lego.com/
https://www.lego.com/stores
https://www.lego.com/de-de/stores

781 KB
149 KB

620ms
620ms

Document
text/html

95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lego.com/de-de/stores

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

ba7b31690d5797b3d94a242419085c3681945a98c6b04c1de06f3e0f4e7244ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cache-control: public, max-age=57
content-encoding: gzip
content-security-policy-report-only: default-src 'self' *.lego.com;font-src 'self' fonts.gstatic.com *.legocrm.my.salesforce.com *.lego.com;img-src 'self' *.lego.com data: *.bazaarvoice.com *.akamaihd.net connect.facebook.net www.facebook.com *.doubleclick.net bat.bing.com www.googletagmanager.com bam-cell.nr-data.net *.adyen.com maps.googleapis.com maps.gstatic.com www.paypalobjects.com *.force.com *.salesforce.com *.visualforce.com blob: *.fwpixel.com *.fwcdn3.com *.fireworktv.com;style-src 'self' *.lego.com lego.ugc.bazaarvoice.com *.adyen.com fonts.googleapis.com *.force.com *.salesforce.com *.salesforce-sites.com *.my.site.com 'unsafe-inline';media-src 'self' *.lego.com mpsnare.iesnare.com *.fireworktv.com;connect-src 'self' *.lego.com bat.bing.com dpm.demdex.net lasteventf-tm.everesttech.net www.facebook.com adservice.google.com *.doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.salesforce-scrt.com *.bazaarvoice.com maps.googleapis.com *.decibelinsight.net *.decibel.com blob: *.s3.eu-central-1.amazonaws.com fireworkapi1.com *.fireworkapi1.com wss://fireworkapi1.com *.fwpixel.com fireworkanalytics.com fireworkadservices1.com *.agora.io *.sd-rtn.com *.fwcdn3.com *.live-video.net wss://104-166-161-30.edge.agora.io:* wss://104-166-161-30.edge.sd-rtn.com:* wss://104-166-161-32.edge.agora.io:* wss://104-166-161-32.edge.sd-rtn.com:* wss://104-166-161-53.edge.agora.io:* wss://104-166-161-53.edge.sd-rtn.com:*;script-src 'self' *.lego.com www.everestjs.net assets.adobedtm.com *.doubleclick.net www.googletagmanager.com www.googleadservices.com connect.facebook.net bat.bing.com analytics.analytics-egain.com js-agent.newrelic.com bam-cell.nr-data.net d3tdkvfstzj7gy.cloudfront.net maps-api-ssl.google.com maps.googleapis.com cnstrc.com *.iovation.com *.iesnare.com www.paypal.com *.adyen.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.my.site.com *.decibelinsight.net *.decibel.com blob: *.fwcdn3.com 'nonce-RUDonatOWlWnlUDRbEiR0Zh8W+GhT8xJ2p6sBY1QNLc=';frame-src 'self' *.lego.com *.adyen.com google.com www.sandbox.paypal.com *.doubleclick.net tpc.googlesyndication.com *.salesforce.com *.force.com *.salesforce-sites.com *.salesforce-scrt.com *.my.site.com connect.facebook.net facebook.com;form-action 'self' *.force.com *.salesforce.com www.paypal.com connect.facebook.net;object-src 'none';base-uri 'self';worker-src blob:;report-uri https://lego.report-uri.com/r/t/csp/wizard
content-type: text/html; charset=utf-8
date: Thu, 31 Oct 2024 05:02:32 GMT
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
surrogate-control: no-store
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

Redirect headers

cache-control: max-age=0, no-cache, no-store
content-encoding: gzip
content-security-policy-report-only: default-src 'self' *.lego.com;font-src 'self' fonts.gstatic.com *.legocrm.my.salesforce.com *.lego.com;img-src 'self' *.lego.com data: *.bazaarvoice.com *.akamaihd.net connect.facebook.net www.facebook.com *.doubleclick.net bat.bing.com www.googletagmanager.com bam-cell.nr-data.net *.adyen.com maps.googleapis.com maps.gstatic.com www.paypalobjects.com *.force.com *.salesforce.com *.visualforce.com blob: *.fwpixel.com *.fwcdn3.com *.fireworktv.com;style-src 'self' *.lego.com lego.ugc.bazaarvoice.com *.adyen.com fonts.googleapis.com *.force.com *.salesforce.com *.salesforce-sites.com *.my.site.com 'unsafe-inline';media-src 'self' *.lego.com mpsnare.iesnare.com *.fireworktv.com;connect-src 'self' *.lego.com bat.bing.com dpm.demdex.net lasteventf-tm.everesttech.net www.facebook.com adservice.google.com *.doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.salesforce-scrt.com *.bazaarvoice.com maps.googleapis.com *.decibelinsight.net *.decibel.com blob: *.s3.eu-central-1.amazonaws.com fireworkapi1.com *.fireworkapi1.com wss://fireworkapi1.com *.fwpixel.com fireworkanalytics.com fireworkadservices1.com *.agora.io *.sd-rtn.com *.fwcdn3.com *.live-video.net wss://104-166-161-30.edge.agora.io:* wss://104-166-161-30.edge.sd-rtn.com:* wss://104-166-161-32.edge.agora.io:* wss://104-166-161-32.edge.sd-rtn.com:* wss://104-166-161-53.edge.agora.io:* wss://104-166-161-53.edge.sd-rtn.com:*;script-src 'self' *.lego.com www.everestjs.net assets.adobedtm.com *.doubleclick.net www.googletagmanager.com www.googleadservices.com connect.facebook.net bat.bing.com analytics.analytics-egain.com js-agent.newrelic.com bam-cell.nr-data.net d3tdkvfstzj7gy.cloudfront.net maps-api-ssl.google.com maps.googleapis.com cnstrc.com *.iovation.com *.iesnare.com www.paypal.com *.adyen.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.my.site.com *.decibelinsight.net *.decibel.com blob: *.fwcdn3.com 'nonce-VidqnsS1M/YXLMoqUOnuFB14A4FSbbjvtzx1kcuGMfw=';frame-src 'self' *.lego.com *.adyen.com google.com www.sandbox.paypal.com *.doubleclick.net tpc.googlesyndication.com *.salesforce.com *.force.com *.salesforce-sites.com *.salesforce-scrt.com *.my.site.com connect.facebook.net facebook.com;form-action 'self' *.force.com *.salesforce.com www.paypal.com connect.facebook.net;object-src 'none';base-uri 'self';worker-src blob:;report-uri https://lego.report-uri.com/r/t/csp/wizard
content-type: text/plain;charset=UTF-8
date: Thu, 31 Oct 2024 05:02:31 GMT
expires: Thu, 31 Oct 2024 05:02:31 GMT
location: /de-de/stores
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
surrogate-control: no-store
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H2 200 CeraPro-Regular.woff2
assets.lego.com/fonts/v3/cera-pro/ 46 KB
46 KB 42ms
8ms Font
font/woff2 52.222.214.114
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.lego.com/fonts/v3/cera-pro/CeraPro-Regular.woff2
Requested by: Host: www.lego.com
URL: https://www.lego.com/de-de/stores
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-114.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8b366c1d4e063ef5b4ffad8c273b375643ec801ea3463a9fc1b31cbc3c5e1e7f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.lego.com
Referer: https://www.lego.com/

Response headers

etag: "bd818dce28b0e42919636be4fd356e51"
age: 60642
x-cache: Hit from cloudfront
x-amz-cf-id: -WH5Ue20yvzx11rozykMXdjlLG4IbffwdkDv-3GuPWebTcWAF_Ekgw==
date: Wed, 30 Oct 2024 12:11:51 GMT
content-type: font/woff2
vary: Accept-Encoding
last-modified: Wed, 23 Oct 2024 12:06:01 GMT
cache-control: max-age=31536000, public
via: 1.1 29f7132906866b79866659848b3a3b68.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 46852
x-amz-cf-pop: FRA56-P3
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 newrelic.js Show response
www.lego.com/ 111 KB
26 KB 16ms
16ms Script
application/javascript 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lego.com/newrelic.js

Requested by

Host: www.lego.com
URL: https://www.lego.com/de-de/stores

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

8b72f78c410b7a135448aa0772466867c39cdab2b688f5173ebc91dbe87de7c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.lego.com/de-de/stores

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=1217341
content-encoding: gzip
etag: W/"1bda1-19200662c48"
referrer-policy: strict-origin-when-cross-origin
content-security-policy-report-only: default-src 'self' *.lego.com;font-src 'self' fonts.gstatic.com *.legocrm.my.salesforce.com *.lego.com;img-src 'self' *.lego.com data: *.bazaarvoice.com *.akamaihd.net connect.facebook.net www.facebook.com *.doubleclick.net bat.bing.com www.googletagmanager.com bam-cell.nr-data.net *.adyen.com maps.googleapis.com maps.gstatic.com www.paypalobjects.com *.force.com *.salesforce.com *.visualforce.com blob: *.fwpixel.com *.fwcdn3.com *.fireworktv.com;style-src 'self' *.lego.com lego.ugc.bazaarvoice.com *.adyen.com fonts.googleapis.com *.force.com *.salesforce.com *.salesforce-sites.com *.my.site.com 'unsafe-inline';media-src 'self' *.lego.com mpsnare.iesnare.com *.fireworktv.com;connect-src 'self' *.lego.com bat.bing.com dpm.demdex.net lasteventf-tm.everesttech.net www.facebook.com adservice.google.com *.doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.salesforce-scrt.com *.bazaarvoice.com maps.googleapis.com *.decibelinsight.net *.decibel.com blob: *.s3.eu-central-1.amazonaws.com fireworkapi1.com *.fireworkapi1.com wss://fireworkapi1.com *.fwpixel.com fireworkanalytics.com fireworkadservices1.com *.agora.io *.sd-rtn.com *.fwcdn3.com *.live-video.net wss://104-166-161-30.edge.agora.io:* wss://104-166-161-30.edge.sd-rtn.com:* wss://104-166-161-32.edge.agora.io:* wss://104-166-161-32.edge.sd-rtn.com:* wss://104-166-161-53.edge.agora.io:* wss://104-166-161-53.edge.sd-rtn.com:*;script-src 'self' *.lego.com www.everestjs.net assets.adobedtm.com *.doubleclick.net www.googletagmanager.com www.googleadservices.com connect.facebook.net bat.bing.com analytics.analytics-egain.com js-agent.newrelic.com bam-cell.nr-data.net d3tdkvfstzj7gy.cloudfront.net maps-api-ssl.google.com maps.googleapis.com cnstrc.com *.iovation.com *.iesnare.com www.paypal.com *.adyen.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.my.site.com *.decibelinsight.net *.decibel.com blob: *.fwcdn3.com 'nonce-eRZVsHlzZJ+FpFFzZ8cFARrOGxMBrT/elFeUMK/8Ao0=';frame-src 'self' *.lego.com *.adyen.com google.com www.sandbox.paypal.com *.doubleclick.net tpc.googlesyndication.com *.salesforce.com *.force.com *.salesforce-sites.com *.salesforce-scrt.com *.my.site.com connect.facebook.net facebook.com;form-action 'self' *.force.com *.salesforce.com www.paypal.com connect.facebook.net;object-src 'none';base-uri 'self';worker-src blob:;report-uri https://lego.report-uri.com/r/t/csp/wizard
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 24257
date: Thu, 31 Oct 2024 05:02:32 GMT
x-xss-protection: 1; mode=block
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 17 Sep 2024 14:32:29 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H2 200 36a42b2b11ec6fa7.css
www.lego.com/_next/static/css/ 143 KB
24 KB 17ms
17ms Stylesheet
text/css 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lego.com/_next/static/css/36a42b2b11ec6fa7.css

Requested by

Host: www.lego.com
URL: https://www.lego.com/de-de/stores

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

1c5d9446fc27b14579ed8d1e36b214868d50867e945855735a3d61b448a9e7b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.lego.com/de-de/stores

Response headers

surrogate-control: no-store
content-encoding: gzip
etag: W/"23c88-192b9f6df68"
x-content-type-options: nosniff
date: Thu, 31 Oct 2024 05:02:32 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 23 Oct 2024 15:20:17 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=30884964
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
content-security-policy-report-only: default-src 'self' *.lego.com;font-src 'self' fonts.gstatic.com *.legocrm.my.salesforce.com *.lego.com;img-src 'self' *.lego.com data: *.bazaarvoice.com *.akamaihd.net connect.facebook.net www.facebook.com *.doubleclick.net bat.bing.com www.googletagmanager.com bam-cell.nr-data.net *.adyen.com maps.googleapis.com maps.gstatic.com www.paypalobjects.com *.force.com *.salesforce.com *.visualforce.com blob: *.fwpixel.com *.fwcdn3.com *.fireworktv.com;style-src 'self' *.lego.com lego.ugc.bazaarvoice.com *.adyen.com fonts.googleapis.com *.force.com *.salesforce.com *.salesforce-sites.com *.my.site.com 'unsafe-inline';media-src 'self' *.lego.com mpsnare.iesnare.com *.fireworktv.com;connect-src 'self' *.lego.com bat.bing.com dpm.demdex.net lasteventf-tm.everesttech.net www.facebook.com adservice.google.com *.doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.salesforce-scrt.com *.bazaarvoice.com maps.googleapis.com *.decibelinsight.net *.decibel.com blob: *.s3.eu-central-1.amazonaws.com fireworkapi1.com *.fireworkapi1.com wss://fireworkapi1.com *.fwpixel.com fireworkanalytics.com fireworkadservices1.com *.agora.io *.sd-rtn.com *.fwcdn3.com *.live-video.net wss://104-166-161-30.edge.agora.io:* wss://104-166-161-30.edge.sd-rtn.com:* wss://104-166-161-32.edge.agora.io:* wss://104-166-161-32.edge.sd-rtn.com:* wss://104-166-161-53.edge.agora.io:* wss://104-166-161-53.edge.sd-rtn.com:*;script-src 'self' *.lego.com www.everestjs.net assets.adobedtm.com *.doubleclick.net www.googletagmanager.com www.googleadservices.com connect.facebook.net bat.bing.com analytics.analytics-egain.com js-agent.newrelic.com bam-cell.nr-data.net d3tdkvfstzj7gy.cloudfront.net maps-api-ssl.google.com maps.googleapis.com cnstrc.com *.iovation.com *.iesnare.com www.paypal.com *.adyen.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.my.site.com *.decibelinsight.net *.decibel.com blob: *.fwcdn3.com 'nonce-L5jRNGkBu7TGaAiWgPoe3gDQ5hCwkesvtzJu6JtHdmI=';frame-src 'self' *.lego.com *.adyen.com google.com www.sandbox.paypal.com *.doubleclick.net tpc.googlesyndication.com *.salesforce.com *.force.com *.salesforce-sites.com *.salesforce-scrt.com *.my.site.com connect.facebook.net facebook.com;form-action 'self' *.force.com *.salesforce.com www.paypal.com connect.facebook.net;object-src 'none';base-uri 'self';worker-src blob:;report-uri https://lego.report-uri.com/r/t/csp/wizard
accept-ranges: bytes
content-length: 22050
x-xss-protection: 1; mode=block

GET
H2 200 webpack-9dcaf0addb8bd1a6.js Show response
www.lego.com/_next/static/chunks/ 10 KB
7 KB 30ms
25ms Script
application/javascript 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lego.com/_next/static/chunks/webpack-9dcaf0addb8bd1a6.js

Requested by

Host: www.lego.com
URL: https://www.lego.com/de-de/stores

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

1f791b3037b2ebcd9cdd397985ae5cee277f49f30188d08f05ef26d6334d6156

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.lego.com/de-de/stores

Response headers

surrogate-control: no-store
content-encoding: gzip
etag: W/"26ef-192d92c5fe8"
x-content-type-options: nosniff
date: Thu, 31 Oct 2024 05:02:32 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 29 Oct 2024 16:46:57 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31469466
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
content-security-policy-report-only: default-src 'self' *.lego.com;font-src 'self' fonts.gstatic.com *.legocrm.my.salesforce.com *.lego.com;img-src 'self' *.lego.com data: *.bazaarvoice.com *.akamaihd.net connect.facebook.net www.facebook.com *.doubleclick.net bat.bing.com www.googletagmanager.com bam-cell.nr-data.net *.adyen.com maps.googleapis.com maps.gstatic.com www.paypalobjects.com *.force.com *.salesforce.com *.visualforce.com blob: *.fwpixel.com *.fwcdn3.com *.fireworktv.com;style-src 'self' *.lego.com lego.ugc.bazaarvoice.com *.adyen.com fonts.googleapis.com *.force.com *.salesforce.com *.salesforce-sites.com *.my.site.com 'unsafe-inline';media-src 'self' *.lego.com mpsnare.iesnare.com *.fireworktv.com;connect-src 'self' *.lego.com bat.bing.com dpm.demdex.net lasteventf-tm.everesttech.net www.facebook.com adservice.google.com *.doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.salesforce-scrt.com *.bazaarvoice.com maps.googleapis.com *.decibelinsight.net *.decibel.com blob: *.s3.eu-central-1.amazonaws.com fireworkapi1.com *.fireworkapi1.com wss://fireworkapi1.com *.fwpixel.com fireworkanalytics.com fireworkadservices1.com *.agora.io *.sd-rtn.com *.fwcdn3.com *.live-video.net wss://104-166-161-30.edge.agora.io:* wss://104-166-161-30.edge.sd-rtn.com:* wss://104-166-161-32.edge.agora.io:* wss://104-166-161-32.edge.sd-rtn.com:* wss://104-166-161-53.edge.agora.io:* wss://104-166-161-53.edge.sd-rtn.com:*;script-src 'self' *.lego.com www.everestjs.net assets.adobedtm.com *.doubleclick.net www.googletagmanager.com www.googleadservices.com connect.facebook.net bat.bing.com analytics.analytics-egain.com js-agent.newrelic.com bam-cell.nr-data.net d3tdkvfstzj7gy.cloudfront.net maps-api-ssl.google.com maps.googleapis.com cnstrc.com *.iovation.com *.iesnare.com www.paypal.com *.adyen.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.my.site.com *.decibelinsight.net *.decibel.com blob: *.fwcdn3.com 'nonce-edG+DAN1/3tEX6viH+5cmvd+Ft91k1X6PUidbGcL1/4=';frame-src 'self' *.lego.com *.adyen.com google.com www.sandbox.paypal.com *.doubleclick.net tpc.googlesyndication.com *.salesforce.com *.force.com *.salesforce-sites.com *.salesforce-scrt.com *.my.site.com connect.facebook.net facebook.com;form-action 'self' *.force.com *.salesforce.com www.paypal.com connect.facebook.net;object-src 'none';base-uri 'self';worker-src blob:;report-uri https://lego.report-uri.com/r/t/csp/wizard
accept-ranges: bytes
content-length: 4703
x-xss-protection: 1; mode=block

GET
H2 200 framework-895245ddb8ded7aa.js Show response
www.lego.com/_next/static/chunks/ 138 KB
47 KB 34ms
29ms Script
application/javascript 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lego.com/_next/static/chunks/framework-895245ddb8ded7aa.js

Requested by

Host: www.lego.com
URL: https://www.lego.com/de-de/stores

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

eb0e63b87ec0f72593b405383f8f4e423e87e3916b6afc78b927006aa921fd92

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.lego.com/de-de/stores

Response headers

surrogate-control: no-store
content-encoding: gzip
etag: W/"228ab-191c80f8510"
x-content-type-options: nosniff
date: Thu, 31 Oct 2024 05:02:32 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Fri, 06 Sep 2024 15:59:06 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=30807522
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
content-security-policy-report-only: default-src 'self' *.lego.com;font-src 'self' fonts.gstatic.com *.legocrm.my.salesforce.com *.lego.com;img-src 'self' *.lego.com data: *.bazaarvoice.com *.akamaihd.net connect.facebook.net www.facebook.com *.doubleclick.net bat.bing.com www.googletagmanager.com bam-cell.nr-data.net *.adyen.com maps.googleapis.com maps.gstatic.com www.paypalobjects.com *.force.com *.salesforce.com *.visualforce.com blob: *.fwpixel.com *.fwcdn3.com *.fireworktv.com;style-src 'self' *.lego.com lego.ugc.bazaarvoice.com *.adyen.com fonts.googleapis.com *.force.com *.salesforce.com *.salesforce-sites.com *.my.site.com 'unsafe-inline';media-src 'self' *.lego.com mpsnare.iesnare.com *.fireworktv.com;connect-src 'self' *.lego.com bat.bing.com dpm.demdex.net lasteventf-tm.everesttech.net www.facebook.com adservice.google.com *.doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.salesforce-scrt.com *.bazaarvoice.com maps.googleapis.com *.decibelinsight.net *.decibel.com blob: *.s3.eu-central-1.amazonaws.com fireworkapi1.com *.fireworkapi1.com wss://fireworkapi1.com *.fwpixel.com fireworkanalytics.com fireworkadservices1.com *.agora.io *.sd-rtn.com *.fwcdn3.com *.live-video.net wss://104-166-161-30.edge.agora.io:* wss://104-166-161-30.edge.sd-rtn.com:* wss://104-166-161-32.edge.agora.io:* wss://104-166-161-32.edge.sd-rtn.com:* wss://104-166-161-53.edge.agora.io:* wss://104-166-161-53.edge.sd-rtn.com:*;script-src 'self' *.lego.com www.everestjs.net assets.adobedtm.com *.doubleclick.net www.googletagmanager.com www.googleadservices.com connect.facebook.net bat.bing.com analytics.analytics-egain.com js-agent.newrelic.com bam-cell.nr-data.net d3tdkvfstzj7gy.cloudfront.net maps-api-ssl.google.com maps.googleapis.com cnstrc.com *.iovation.com *.iesnare.com www.paypal.com *.adyen.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.my.site.com *.decibelinsight.net *.decibel.com blob: *.fwcdn3.com 'nonce-u1tniiZuNDha9WQTMU8rwYBvFi0tn2eI3cbtXcoVeRU=';frame-src 'self' *.lego.com *.adyen.com google.com www.sandbox.paypal.com *.doubleclick.net tpc.googlesyndication.com *.salesforce.com *.force.com *.salesforce-sites.com *.salesforce-scrt.com *.my.site.com connect.facebook.net facebook.com;form-action 'self' *.force.com *.salesforce.com www.paypal.com connect.facebook.net;object-src 'none';base-uri 'self';worker-src blob:;report-uri https://lego.report-uri.com/r/t/csp/wizard
accept-ranges: bytes
content-length: 45531
x-xss-protection: 1; mode=block

GET
H2 200 main-9aece1aa182f842b.js Show response
www.lego.com/_next/static/chunks/ 58 KB
19 KB 35ms
31ms Script
application/javascript 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lego.com/_next/static/chunks/main-9aece1aa182f842b.js

Requested by

Host: www.lego.com
URL: https://www.lego.com/de-de/stores

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

cbe1f12a684d8f2eecd6cd871264adf7c5a09a7b68c37b719e3e82a1271a4320

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.lego.com/de-de/stores

Response headers

surrogate-control: no-store
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31319610
content-encoding: gzip
pragma: no-cache
etag: W/"e7cb-183c769d3a8"
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 19230
date: Thu, 31 Oct 2024 05:02:32 GMT
x-xss-protection: 1; mode=block
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 11 Oct 2022 14:19:05 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H2 200 _app-4c8b509286683cbb.js Show response
www.lego.com/_next/static/chunks/pages/ 1 MB
317 KB 36ms
32ms Script
application/javascript 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lego.com/_next/static/chunks/pages/_app-4c8b509286683cbb.js

Requested by

Host: www.lego.com
URL: https://www.lego.com/de-de/stores

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

2cd0e23e5ece69741cc0f2901a301c0ff6e3925dbdf40e18f3f79913e64b0d62

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.lego.com/de-de/stores

Response headers

surrogate-control: no-store
content-encoding: gzip
etag: W/"125d9e-192d92c5fe8"
x-content-type-options: nosniff
date: Thu, 31 Oct 2024 05:02:32 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 29 Oct 2024 16:46:57 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31469790
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
content-security-policy-report-only: default-src 'self' *.lego.com;font-src 'self' fonts.gstatic.com *.legocrm.my.salesforce.com *.lego.com;img-src 'self' *.lego.com data: *.bazaarvoice.com *.akamaihd.net connect.facebook.net www.facebook.com *.doubleclick.net bat.bing.com www.googletagmanager.com bam-cell.nr-data.net *.adyen.com maps.googleapis.com maps.gstatic.com www.paypalobjects.com *.force.com *.salesforce.com *.visualforce.com blob: *.fwpixel.com *.fwcdn3.com *.fireworktv.com;style-src 'self' *.lego.com lego.ugc.bazaarvoice.com *.adyen.com fonts.googleapis.com *.force.com *.salesforce.com *.salesforce-sites.com *.my.site.com 'unsafe-inline';media-src 'self' *.lego.com mpsnare.iesnare.com *.fireworktv.com;connect-src 'self' *.lego.com bat.bing.com dpm.demdex.net lasteventf-tm.everesttech.net www.facebook.com adservice.google.com *.doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.salesforce-scrt.com *.bazaarvoice.com maps.googleapis.com *.decibelinsight.net *.decibel.com blob: *.s3.eu-central-1.amazonaws.com fireworkapi1.com *.fireworkapi1.com wss://fireworkapi1.com *.fwpixel.com fireworkanalytics.com fireworkadservices1.com *.agora.io *.sd-rtn.com *.fwcdn3.com *.live-video.net wss://104-166-161-30.edge.agora.io:* wss://104-166-161-30.edge.sd-rtn.com:* wss://104-166-161-32.edge.agora.io:* wss://104-166-161-32.edge.sd-rtn.com:* wss://104-166-161-53.edge.agora.io:* wss://104-166-161-53.edge.sd-rtn.com:*;script-src 'self' *.lego.com www.everestjs.net assets.adobedtm.com *.doubleclick.net www.googletagmanager.com www.googleadservices.com connect.facebook.net bat.bing.com analytics.analytics-egain.com js-agent.newrelic.com bam-cell.nr-data.net d3tdkvfstzj7gy.cloudfront.net maps-api-ssl.google.com maps.googleapis.com cnstrc.com *.iovation.com *.iesnare.com www.paypal.com *.adyen.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.my.site.com *.decibelinsight.net *.decibel.com blob: *.fwcdn3.com 'nonce-zI0OsQUbkDHsFLtN2KzepWt7jmAPPm1I24e/1pRHHlE=';frame-src 'self' *.lego.com *.adyen.com google.com www.sandbox.paypal.com *.doubleclick.net tpc.googlesyndication.com *.salesforce.com *.force.com *.salesforce-sites.com *.salesforce-scrt.com *.my.site.com connect.facebook.net facebook.com;form-action 'self' *.force.com *.salesforce.com www.paypal.com connect.facebook.net;object-src 'none';base-uri 'self';worker-src blob:;report-uri https://lego.report-uri.com/r/t/csp/wizard
accept-ranges: bytes
content-length: 322006
x-xss-protection: 1; mode=block

GET
H2 200 7949-d8fb6691a2f446d5.js Show response
www.lego.com/_next/static/chunks/ 11 KB
6 KB 46ms
42ms Script
application/javascript 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lego.com/_next/static/chunks/7949-d8fb6691a2f446d5.js

Requested by

Host: www.lego.com
URL: https://www.lego.com/de-de/stores

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

d4610f3f81dda0b658e3fa0e0f703eb37c650ce3716d0655fa418116dfecfca2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.lego.com/de-de/stores

Response headers

surrogate-control: no-store
content-encoding: gzip
etag: W/"2b7a-1920b1a9b10"
x-content-type-options: nosniff
date: Thu, 31 Oct 2024 05:02:32 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Thu, 19 Sep 2024 16:25:46 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=30800399
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
content-security-policy-report-only: default-src 'self' *.lego.com;font-src 'self' fonts.gstatic.com *.legocrm.my.salesforce.com *.lego.com;img-src 'self' *.lego.com data: *.bazaarvoice.com *.akamaihd.net connect.facebook.net www.facebook.com *.doubleclick.net bat.bing.com www.googletagmanager.com bam-cell.nr-data.net *.adyen.com maps.googleapis.com maps.gstatic.com www.paypalobjects.com *.force.com *.salesforce.com *.visualforce.com blob: *.fwpixel.com *.fwcdn3.com *.fireworktv.com;style-src 'self' *.lego.com lego.ugc.bazaarvoice.com *.adyen.com fonts.googleapis.com *.force.com *.salesforce.com *.salesforce-sites.com *.my.site.com 'unsafe-inline';media-src 'self' *.lego.com mpsnare.iesnare.com *.fireworktv.com;connect-src 'self' *.lego.com bat.bing.com dpm.demdex.net lasteventf-tm.everesttech.net www.facebook.com adservice.google.com *.doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.salesforce-scrt.com *.bazaarvoice.com maps.googleapis.com *.decibelinsight.net *.decibel.com blob: *.s3.eu-central-1.amazonaws.com fireworkapi1.com *.fireworkapi1.com wss://fireworkapi1.com *.fwpixel.com fireworkanalytics.com fireworkadservices1.com *.agora.io *.sd-rtn.com *.fwcdn3.com *.live-video.net wss://104-166-161-30.edge.agora.io:* wss://104-166-161-30.edge.sd-rtn.com:* wss://104-166-161-32.edge.agora.io:* wss://104-166-161-32.edge.sd-rtn.com:* wss://104-166-161-53.edge.agora.io:* wss://104-166-161-53.edge.sd-rtn.com:*;script-src 'self' *.lego.com www.everestjs.net assets.adobedtm.com *.doubleclick.net www.googletagmanager.com www.googleadservices.com connect.facebook.net bat.bing.com analytics.analytics-egain.com js-agent.newrelic.com bam-cell.nr-data.net d3tdkvfstzj7gy.cloudfront.net maps-api-ssl.google.com maps.googleapis.com cnstrc.com *.iovation.com *.iesnare.com www.paypal.com *.adyen.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.my.site.com *.decibelinsight.net *.decibel.com blob: *.fwcdn3.com 'nonce-W//yKy9EvmaN9Iz9Epn22f7m21+AxO2qm8zDtoRjN/g=';frame-src 'self' *.lego.com *.adyen.com google.com www.sandbox.paypal.com *.doubleclick.net tpc.googlesyndication.com *.salesforce.com *.force.com *.salesforce-sites.com *.salesforce-scrt.com *.my.site.com connect.facebook.net facebook.com;form-action 'self' *.force.com *.salesforce.com www.paypal.com connect.facebook.net;object-src 'none';base-uri 'self';worker-src blob:;report-uri https://lego.report-uri.com/r/t/csp/wizard
accept-ranges: bytes
content-length: 3718
x-xss-protection: 1; mode=block

GET
H2 200 1636-0d1ccbd01c96e493.js Show response
www.lego.com/_next/static/chunks/ 10 KB
5 KB 47ms
43ms Script
application/javascript 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lego.com/_next/static/chunks/1636-0d1ccbd01c96e493.js

Requested by

Host: www.lego.com
URL: https://www.lego.com/de-de/stores

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

d63aa57b977b1b178cd1e75b526f8c461308b66a9b6c85c7bf6e301fc5577cb1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.lego.com/de-de/stores

Response headers

surrogate-control: no-store
content-encoding: gzip
etag: W/"264d-19252e96728"
x-content-type-options: nosniff
date: Thu, 31 Oct 2024 05:02:32 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Thu, 03 Oct 2024 15:04:41 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31459574
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
content-security-policy-report-only: default-src 'self' *.lego.com;font-src 'self' fonts.gstatic.com *.legocrm.my.salesforce.com *.lego.com;img-src 'self' *.lego.com data: *.bazaarvoice.com *.akamaihd.net connect.facebook.net www.facebook.com *.doubleclick.net bat.bing.com www.googletagmanager.com bam-cell.nr-data.net *.adyen.com maps.googleapis.com maps.gstatic.com www.paypalobjects.com *.force.com *.salesforce.com *.visualforce.com blob: *.fwpixel.com *.fwcdn3.com *.fireworktv.com;style-src 'self' *.lego.com lego.ugc.bazaarvoice.com *.adyen.com fonts.googleapis.com *.force.com *.salesforce.com *.salesforce-sites.com *.my.site.com 'unsafe-inline';media-src 'self' *.lego.com mpsnare.iesnare.com *.fireworktv.com;connect-src 'self' *.lego.com bat.bing.com dpm.demdex.net lasteventf-tm.everesttech.net www.facebook.com adservice.google.com *.doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.salesforce-scrt.com *.bazaarvoice.com maps.googleapis.com *.decibelinsight.net *.decibel.com blob: *.s3.eu-central-1.amazonaws.com fireworkapi1.com *.fireworkapi1.com wss://fireworkapi1.com *.fwpixel.com fireworkanalytics.com fireworkadservices1.com *.agora.io *.sd-rtn.com *.fwcdn3.com *.live-video.net wss://104-166-161-30.edge.agora.io:* wss://104-166-161-30.edge.sd-rtn.com:* wss://104-166-161-32.edge.agora.io:* wss://104-166-161-32.edge.sd-rtn.com:* wss://104-166-161-53.edge.agora.io:* wss://104-166-161-53.edge.sd-rtn.com:*;script-src 'self' *.lego.com www.everestjs.net assets.adobedtm.com *.doubleclick.net www.googletagmanager.com www.googleadservices.com connect.facebook.net bat.bing.com analytics.analytics-egain.com js-agent.newrelic.com bam-cell.nr-data.net d3tdkvfstzj7gy.cloudfront.net maps-api-ssl.google.com maps.googleapis.com cnstrc.com *.iovation.com *.iesnare.com www.paypal.com *.adyen.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.my.site.com *.decibelinsight.net *.decibel.com blob: *.fwcdn3.com 'nonce-MNg77qBazor+iAu8tJGEm2rW35+9auqB08WNF0MsZHk=';frame-src 'self' *.lego.com *.adyen.com google.com www.sandbox.paypal.com *.doubleclick.net tpc.googlesyndication.com *.salesforce.com *.force.com *.salesforce-sites.com *.salesforce-scrt.com *.my.site.com connect.facebook.net facebook.com;form-action 'self' *.force.com *.salesforce.com www.paypal.com connect.facebook.net;object-src 'none';base-uri 'self';worker-src blob:;report-uri https://lego.report-uri.com/r/t/csp/wizard
accept-ranges: bytes
content-length: 2895
x-xss-protection: 1; mode=block

GET
H2 200 7732-8b60572761aac3d2.js Show response
www.lego.com/_next/static/chunks/ 14 KB
7 KB 47ms
43ms Script
application/javascript 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lego.com/_next/static/chunks/7732-8b60572761aac3d2.js

Requested by

Host: www.lego.com
URL: https://www.lego.com/de-de/stores

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

2c1be6e9e071114cb6b2e6bf90f96b13b8979905c589e26093364fea1926d346

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.lego.com/de-de/stores

Response headers

surrogate-control: no-store
content-encoding: gzip
etag: W/"3719-192d4a77bd8"
x-content-type-options: nosniff
date: Thu, 31 Oct 2024 05:02:32 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Mon, 28 Oct 2024 19:43:19 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31385298
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
content-security-policy-report-only: default-src 'self' *.lego.com;font-src 'self' fonts.gstatic.com *.legocrm.my.salesforce.com *.lego.com;img-src 'self' *.lego.com data: *.bazaarvoice.com *.akamaihd.net connect.facebook.net www.facebook.com *.doubleclick.net bat.bing.com www.googletagmanager.com bam-cell.nr-data.net *.adyen.com maps.googleapis.com maps.gstatic.com www.paypalobjects.com *.force.com *.salesforce.com *.visualforce.com blob: *.fwpixel.com *.fwcdn3.com *.fireworktv.com;style-src 'self' *.lego.com lego.ugc.bazaarvoice.com *.adyen.com fonts.googleapis.com *.force.com *.salesforce.com *.salesforce-sites.com *.my.site.com 'unsafe-inline';media-src 'self' *.lego.com mpsnare.iesnare.com *.fireworktv.com;connect-src 'self' *.lego.com bat.bing.com dpm.demdex.net lasteventf-tm.everesttech.net www.facebook.com adservice.google.com *.doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.salesforce-scrt.com *.bazaarvoice.com maps.googleapis.com *.decibelinsight.net *.decibel.com blob: *.s3.eu-central-1.amazonaws.com fireworkapi1.com *.fireworkapi1.com wss://fireworkapi1.com *.fwpixel.com fireworkanalytics.com fireworkadservices1.com *.agora.io *.sd-rtn.com *.fwcdn3.com *.live-video.net wss://104-166-161-30.edge.agora.io:* wss://104-166-161-30.edge.sd-rtn.com:* wss://104-166-161-32.edge.agora.io:* wss://104-166-161-32.edge.sd-rtn.com:* wss://104-166-161-53.edge.agora.io:* wss://104-166-161-53.edge.sd-rtn.com:*;script-src 'self' *.lego.com www.everestjs.net assets.adobedtm.com *.doubleclick.net www.googletagmanager.com www.googleadservices.com connect.facebook.net bat.bing.com analytics.analytics-egain.com js-agent.newrelic.com bam-cell.nr-data.net d3tdkvfstzj7gy.cloudfront.net maps-api-ssl.google.com maps.googleapis.com cnstrc.com *.iovation.com *.iesnare.com www.paypal.com *.adyen.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.my.site.com *.decibelinsight.net *.decibel.com blob: *.fwcdn3.com 'nonce-VwiE2zPf9jVhWM9Nb+bkZX7V9iD5iBA85iJn0sewaNI=';frame-src 'self' *.lego.com *.adyen.com google.com www.sandbox.paypal.com *.doubleclick.net tpc.googlesyndication.com *.salesforce.com *.force.com *.salesforce-sites.com *.salesforce-scrt.com *.my.site.com connect.facebook.net facebook.com;form-action 'self' *.force.com *.salesforce.com www.paypal.com connect.facebook.net;object-src 'none';base-uri 'self';worker-src blob:;report-uri https://lego.report-uri.com/r/t/csp/wizard
accept-ranges: bytes
content-length: 5124
x-xss-protection: 1; mode=block

GET
H2 200 stores-49b6336511885037.js Show response
www.lego.com/_next/static/chunks/pages/%5Blocale%5D/ 4 KB
4 KB 51ms
47ms Script
application/javascript 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lego.com/_next/static/chunks/pages/%5Blocale%5D/stores-49b6336511885037.js

Requested by

Host: www.lego.com
URL: https://www.lego.com/de-de/stores

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

2240acedb471a2382d102e1f2ac14b69e3644774b2bb7c0c7174581c4b687e3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.lego.com/de-de/stores

Response headers

surrogate-control: no-store
content-encoding: gzip
etag: W/"eac-192d4a77bd8"
x-content-type-options: nosniff
date: Thu, 31 Oct 2024 05:02:32 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Mon, 28 Oct 2024 19:43:19 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31385325
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
content-security-policy-report-only: default-src 'self' *.lego.com;font-src 'self' fonts.gstatic.com *.legocrm.my.salesforce.com *.lego.com;img-src 'self' *.lego.com data: *.bazaarvoice.com *.akamaihd.net connect.facebook.net www.facebook.com *.doubleclick.net bat.bing.com www.googletagmanager.com bam-cell.nr-data.net *.adyen.com maps.googleapis.com maps.gstatic.com www.paypalobjects.com *.force.com *.salesforce.com *.visualforce.com blob: *.fwpixel.com *.fwcdn3.com *.fireworktv.com;style-src 'self' *.lego.com lego.ugc.bazaarvoice.com *.adyen.com fonts.googleapis.com *.force.com *.salesforce.com *.salesforce-sites.com *.my.site.com 'unsafe-inline';media-src 'self' *.lego.com mpsnare.iesnare.com *.fireworktv.com;connect-src 'self' *.lego.com bat.bing.com dpm.demdex.net lasteventf-tm.everesttech.net www.facebook.com adservice.google.com *.doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.salesforce-scrt.com *.bazaarvoice.com maps.googleapis.com *.decibelinsight.net *.decibel.com blob: *.s3.eu-central-1.amazonaws.com fireworkapi1.com *.fireworkapi1.com wss://fireworkapi1.com *.fwpixel.com fireworkanalytics.com fireworkadservices1.com *.agora.io *.sd-rtn.com *.fwcdn3.com *.live-video.net wss://104-166-161-30.edge.agora.io:* wss://104-166-161-30.edge.sd-rtn.com:* wss://104-166-161-32.edge.agora.io:* wss://104-166-161-32.edge.sd-rtn.com:* wss://104-166-161-53.edge.agora.io:* wss://104-166-161-53.edge.sd-rtn.com:*;script-src 'self' *.lego.com www.everestjs.net assets.adobedtm.com *.doubleclick.net www.googletagmanager.com www.googleadservices.com connect.facebook.net bat.bing.com analytics.analytics-egain.com js-agent.newrelic.com bam-cell.nr-data.net d3tdkvfstzj7gy.cloudfront.net maps-api-ssl.google.com maps.googleapis.com cnstrc.com *.iovation.com *.iesnare.com www.paypal.com *.adyen.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.my.site.com *.decibelinsight.net *.decibel.com blob: *.fwcdn3.com 'nonce-50RfQsvL3eMmf8PN3N9MkxnN7Lgp9T6Kzes4NLSX/2I=';frame-src 'self' *.lego.com *.adyen.com google.com www.sandbox.paypal.com *.doubleclick.net tpc.googlesyndication.com *.salesforce.com *.force.com *.salesforce-sites.com *.salesforce-scrt.com *.my.site.com connect.facebook.net facebook.com;form-action 'self' *.force.com *.salesforce.com www.paypal.com connect.facebook.net;object-src 'none';base-uri 'self';worker-src blob:;report-uri https://lego.report-uri.com/r/t/csp/wizard
accept-ranges: bytes
content-length: 1467
x-xss-protection: 1; mode=block

GET
H2 200 _buildManifest.js Show response
www.lego.com/_next/static/bX9wJe9dk5bJq8_n849C7/ 18 KB
6 KB 48ms
44ms Script
application/javascript 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lego.com/_next/static/bX9wJe9dk5bJq8_n849C7/_buildManifest.js

Requested by

Host: www.lego.com
URL: https://www.lego.com/de-de/stores

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

23439ff56447e76ff7f6fcc7cca971aa52f6f3c1ce7dbf8cb087ba2904f47ad6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.lego.com/de-de/stores

Response headers

surrogate-control: no-store
content-encoding: gzip
etag: W/"4725-192d92c5fe8"
x-content-type-options: nosniff
date: Thu, 31 Oct 2024 05:02:32 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 29 Oct 2024 16:46:57 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31469444
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
content-security-policy-report-only: default-src 'self' *.lego.com;font-src 'self' fonts.gstatic.com *.legocrm.my.salesforce.com *.lego.com;img-src 'self' *.lego.com data: *.bazaarvoice.com *.akamaihd.net connect.facebook.net www.facebook.com *.doubleclick.net bat.bing.com www.googletagmanager.com bam-cell.nr-data.net *.adyen.com maps.googleapis.com maps.gstatic.com www.paypalobjects.com *.force.com *.salesforce.com *.visualforce.com blob: *.fwpixel.com *.fwcdn3.com *.fireworktv.com;style-src 'self' *.lego.com lego.ugc.bazaarvoice.com *.adyen.com fonts.googleapis.com *.force.com *.salesforce.com *.salesforce-sites.com *.my.site.com 'unsafe-inline';media-src 'self' *.lego.com mpsnare.iesnare.com *.fireworktv.com;connect-src 'self' *.lego.com bat.bing.com dpm.demdex.net lasteventf-tm.everesttech.net www.facebook.com adservice.google.com *.doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.salesforce-scrt.com *.bazaarvoice.com maps.googleapis.com *.decibelinsight.net *.decibel.com blob: *.s3.eu-central-1.amazonaws.com fireworkapi1.com *.fireworkapi1.com wss://fireworkapi1.com *.fwpixel.com fireworkanalytics.com fireworkadservices1.com *.agora.io *.sd-rtn.com *.fwcdn3.com *.live-video.net wss://104-166-161-30.edge.agora.io:* wss://104-166-161-30.edge.sd-rtn.com:* wss://104-166-161-32.edge.agora.io:* wss://104-166-161-32.edge.sd-rtn.com:* wss://104-166-161-53.edge.agora.io:* wss://104-166-161-53.edge.sd-rtn.com:*;script-src 'self' *.lego.com www.everestjs.net assets.adobedtm.com *.doubleclick.net www.googletagmanager.com www.googleadservices.com connect.facebook.net bat.bing.com analytics.analytics-egain.com js-agent.newrelic.com bam-cell.nr-data.net d3tdkvfstzj7gy.cloudfront.net maps-api-ssl.google.com maps.googleapis.com cnstrc.com *.iovation.com *.iesnare.com www.paypal.com *.adyen.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.my.site.com *.decibelinsight.net *.decibel.com blob: *.fwcdn3.com 'nonce-SotD8JtslWnc6QIatA+z7QtVF8RnbLjs/sD59BVx37c=';frame-src 'self' *.lego.com *.adyen.com google.com www.sandbox.paypal.com *.doubleclick.net tpc.googlesyndication.com *.salesforce.com *.force.com *.salesforce-sites.com *.salesforce-scrt.com *.my.site.com connect.facebook.net facebook.com;form-action 'self' *.force.com *.salesforce.com www.paypal.com connect.facebook.net;object-src 'none';base-uri 'self';worker-src blob:;report-uri https://lego.report-uri.com/r/t/csp/wizard
accept-ranges: bytes
content-length: 4086
x-xss-protection: 1; mode=block

GET
H2 200 _ssgManifest.js Show response
www.lego.com/_next/static/bX9wJe9dk5bJq8_n849C7/ 77 B
2 KB 48ms
44ms Script
application/javascript 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lego.com/_next/static/bX9wJe9dk5bJq8_n849C7/_ssgManifest.js

Requested by

Host: www.lego.com
URL: https://www.lego.com/de-de/stores

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.lego.com/de-de/stores

Response headers

surrogate-control: no-store
content-encoding: gzip
etag: W/"4d-192d92c5fe8"
x-content-type-options: nosniff
date: Thu, 31 Oct 2024 05:02:32 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 29 Oct 2024 16:46:57 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31469505
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
content-security-policy-report-only: default-src 'self' *.lego.com;font-src 'self' fonts.gstatic.com *.legocrm.my.salesforce.com *.lego.com;img-src 'self' *.lego.com data: *.bazaarvoice.com *.akamaihd.net connect.facebook.net www.facebook.com *.doubleclick.net bat.bing.com www.googletagmanager.com bam-cell.nr-data.net *.adyen.com maps.googleapis.com maps.gstatic.com www.paypalobjects.com *.force.com *.salesforce.com *.visualforce.com blob: *.fwpixel.com *.fwcdn3.com *.fireworktv.com;style-src 'self' *.lego.com lego.ugc.bazaarvoice.com *.adyen.com fonts.googleapis.com *.force.com *.salesforce.com *.salesforce-sites.com *.my.site.com 'unsafe-inline';media-src 'self' *.lego.com mpsnare.iesnare.com *.fireworktv.com;connect-src 'self' *.lego.com bat.bing.com dpm.demdex.net lasteventf-tm.everesttech.net www.facebook.com adservice.google.com *.doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.salesforce-scrt.com *.bazaarvoice.com maps.googleapis.com *.decibelinsight.net *.decibel.com blob: *.s3.eu-central-1.amazonaws.com fireworkapi1.com *.fireworkapi1.com wss://fireworkapi1.com *.fwpixel.com fireworkanalytics.com fireworkadservices1.com *.agora.io *.sd-rtn.com *.fwcdn3.com *.live-video.net wss://104-166-161-30.edge.agora.io:* wss://104-166-161-30.edge.sd-rtn.com:* wss://104-166-161-32.edge.agora.io:* wss://104-166-161-32.edge.sd-rtn.com:* wss://104-166-161-53.edge.agora.io:* wss://104-166-161-53.edge.sd-rtn.com:*;script-src 'self' *.lego.com www.everestjs.net assets.adobedtm.com *.doubleclick.net www.googletagmanager.com www.googleadservices.com connect.facebook.net bat.bing.com analytics.analytics-egain.com js-agent.newrelic.com bam-cell.nr-data.net d3tdkvfstzj7gy.cloudfront.net maps-api-ssl.google.com maps.googleapis.com cnstrc.com *.iovation.com *.iesnare.com www.paypal.com *.adyen.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.my.site.com *.decibelinsight.net *.decibel.com blob: *.fwcdn3.com 'nonce-s1zS+nySjvjnbiXdUwzTK6r+93rY4F7fPDAGwrUjJV0=';frame-src 'self' *.lego.com *.adyen.com google.com www.sandbox.paypal.com *.doubleclick.net tpc.googlesyndication.com *.salesforce.com *.force.com *.salesforce-sites.com *.salesforce-scrt.com *.my.site.com connect.facebook.net facebook.com;form-action 'self' *.force.com *.salesforce.com www.paypal.com connect.facebook.net;object-src 'none';base-uri 'self';worker-src blob:;report-uri https://lego.report-uri.com/r/t/csp/wizard
accept-ranges: bytes
content-length: 61
x-xss-protection: 1; mode=block

GET
H2 200 _middlewareManifest.js Show response
www.lego.com/_next/static/bX9wJe9dk5bJq8_n849C7/ 108 B
2 KB 48ms
44ms Script
application/javascript 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lego.com/_next/static/bX9wJe9dk5bJq8_n849C7/_middlewareManifest.js

Requested by

Host: www.lego.com
URL: https://www.lego.com/de-de/stores

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

81a190e5f3d97c468124a58cdada8235d90df6a3f599a146d94360d6c37ebce7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.lego.com/de-de/stores

Response headers

surrogate-control: no-store
content-encoding: gzip
etag: W/"6c-192d92e2cd8"
x-content-type-options: nosniff
date: Thu, 31 Oct 2024 05:02:32 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 29 Oct 2024 16:48:55 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31469532
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
content-security-policy-report-only: default-src 'self' *.lego.com;font-src 'self' fonts.gstatic.com *.legocrm.my.salesforce.com *.lego.com;img-src 'self' *.lego.com data: *.bazaarvoice.com *.akamaihd.net connect.facebook.net www.facebook.com *.doubleclick.net bat.bing.com www.googletagmanager.com bam-cell.nr-data.net *.adyen.com maps.googleapis.com maps.gstatic.com www.paypalobjects.com *.force.com *.salesforce.com *.visualforce.com blob: *.fwpixel.com *.fwcdn3.com *.fireworktv.com;style-src 'self' *.lego.com lego.ugc.bazaarvoice.com *.adyen.com fonts.googleapis.com *.force.com *.salesforce.com *.salesforce-sites.com *.my.site.com 'unsafe-inline';media-src 'self' *.lego.com mpsnare.iesnare.com *.fireworktv.com;connect-src 'self' *.lego.com bat.bing.com dpm.demdex.net lasteventf-tm.everesttech.net www.facebook.com adservice.google.com *.doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.salesforce-scrt.com *.bazaarvoice.com maps.googleapis.com *.decibelinsight.net *.decibel.com blob: *.s3.eu-central-1.amazonaws.com fireworkapi1.com *.fireworkapi1.com wss://fireworkapi1.com *.fwpixel.com fireworkanalytics.com fireworkadservices1.com *.agora.io *.sd-rtn.com *.fwcdn3.com *.live-video.net wss://104-166-161-30.edge.agora.io:* wss://104-166-161-30.edge.sd-rtn.com:* wss://104-166-161-32.edge.agora.io:* wss://104-166-161-32.edge.sd-rtn.com:* wss://104-166-161-53.edge.agora.io:* wss://104-166-161-53.edge.sd-rtn.com:*;script-src 'self' *.lego.com www.everestjs.net assets.adobedtm.com *.doubleclick.net www.googletagmanager.com www.googleadservices.com connect.facebook.net bat.bing.com analytics.analytics-egain.com js-agent.newrelic.com bam-cell.nr-data.net d3tdkvfstzj7gy.cloudfront.net maps-api-ssl.google.com maps.googleapis.com cnstrc.com *.iovation.com *.iesnare.com www.paypal.com *.adyen.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.my.site.com *.decibelinsight.net *.decibel.com blob: *.fwcdn3.com 'nonce-eJb+t8xDYQxhD1DnZ3M7U7cpeMqB9jrnTimwtvnheEY=';frame-src 'self' *.lego.com *.adyen.com google.com www.sandbox.paypal.com *.doubleclick.net tpc.googlesyndication.com *.salesforce.com *.force.com *.salesforce-sites.com *.salesforce-scrt.com *.my.site.com connect.facebook.net facebook.com;form-action 'self' *.force.com *.salesforce.com www.paypal.com connect.facebook.net;object-src 'none';base-uri 'self';worker-src blob:;report-uri https://lego.report-uri.com/r/t/csp/wizard
accept-ranges: bytes
content-length: 78
x-xss-protection: 1; mode=block

GET
H2 200 account-0060a67786d24d55d3007f070b4ca626.png
www.lego.com/_next/static/images/ 1 KB
3 KB 31ms
30ms Image
image/png 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.lego.com/_next/static/images/account-0060a67786d24d55d3007f070b4ca626.png

Requested by

Host: www.lego.com
URL: https://www.lego.com/de-de/stores

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

492f93fed69c656dd6f28a02543015a32253b16ecbb43eda76f95fd4e1d704e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.lego.com/de-de/stores

Response headers

surrogate-control: no-store
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=27
pragma: no-cache
etag: W/"439-192d92c5fe8"
content-security-policy-report-only: default-src 'self' *.lego.com;font-src 'self' fonts.gstatic.com *.legocrm.my.salesforce.com *.lego.com;img-src 'self' *.lego.com data: *.bazaarvoice.com *.akamaihd.net connect.facebook.net www.facebook.com *.doubleclick.net bat.bing.com www.googletagmanager.com bam-cell.nr-data.net *.adyen.com maps.googleapis.com maps.gstatic.com www.paypalobjects.com *.force.com *.salesforce.com *.visualforce.com blob: *.fwpixel.com *.fwcdn3.com *.fireworktv.com;style-src 'self' *.lego.com lego.ugc.bazaarvoice.com *.adyen.com fonts.googleapis.com *.force.com *.salesforce.com *.salesforce-sites.com *.my.site.com 'unsafe-inline';media-src 'self' *.lego.com mpsnare.iesnare.com *.fireworktv.com;connect-src 'self' *.lego.com bat.bing.com dpm.demdex.net lasteventf-tm.everesttech.net www.facebook.com adservice.google.com *.doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.salesforce-scrt.com *.bazaarvoice.com maps.googleapis.com *.decibelinsight.net *.decibel.com blob: *.s3.eu-central-1.amazonaws.com fireworkapi1.com *.fireworkapi1.com wss://fireworkapi1.com *.fwpixel.com fireworkanalytics.com fireworkadservices1.com *.agora.io *.sd-rtn.com *.fwcdn3.com *.live-video.net wss://104-166-161-30.edge.agora.io:* wss://104-166-161-30.edge.sd-rtn.com:* wss://104-166-161-32.edge.agora.io:* wss://104-166-161-32.edge.sd-rtn.com:* wss://104-166-161-53.edge.agora.io:* wss://104-166-161-53.edge.sd-rtn.com:*;script-src 'self' *.lego.com www.everestjs.net assets.adobedtm.com *.doubleclick.net www.googletagmanager.com www.googleadservices.com connect.facebook.net bat.bing.com analytics.analytics-egain.com js-agent.newrelic.com bam-cell.nr-data.net d3tdkvfstzj7gy.cloudfront.net maps-api-ssl.google.com maps.googleapis.com cnstrc.com *.iovation.com *.iesnare.com www.paypal.com *.adyen.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.my.site.com *.decibelinsight.net *.decibel.com blob: *.fwcdn3.com 'nonce-8V4G3e0W9gJU/Lpnfz7ld787RWvENbNH/JgWeSy5flk=';frame-src 'self' *.lego.com *.adyen.com google.com www.sandbox.paypal.com *.doubleclick.net tpc.googlesyndication.com *.salesforce.com *.force.com *.salesforce-sites.com *.salesforce-scrt.com *.my.site.com connect.facebook.net facebook.com;form-action 'self' *.force.com *.salesforce.com www.paypal.com connect.facebook.net;object-src 'none';base-uri 'self';worker-src blob:;report-uri https://lego.report-uri.com/r/t/csp/wizard
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 1081
date: Thu, 31 Oct 2024 05:02:32 GMT
x-xss-protection: 1; mode=block
content-type: image/png
last-modified: Tue, 29 Oct 2024 16:46:57 GMT
x-frame-options: SAMEORIGIN

GET
H2 200 insidersOut-1007c87df3063963a6a3f7de243ac98e.svg
www.lego.com/_next/static/images/ 261 B
2 KB 32ms
32ms Image
image/svg+xml 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.lego.com/_next/static/images/insidersOut-1007c87df3063963a6a3f7de243ac98e.svg

Requested by

Host: www.lego.com
URL: https://www.lego.com/de-de/stores

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

695bd8a3ed844209ded42ea80af9ed0a804661f471b4a9fe39843b7ce454f9bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.lego.com/de-de/stores

Response headers

surrogate-control: no-store
content-encoding: gzip
etag: W/"105-192d92c5fe8"
x-content-type-options: nosniff
date: Thu, 31 Oct 2024 05:02:32 GMT
content-type: image/svg+xml
last-modified: Tue, 29 Oct 2024 16:46:57 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=27
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
content-security-policy-report-only: default-src 'self' *.lego.com;font-src 'self' fonts.gstatic.com *.legocrm.my.salesforce.com *.lego.com;img-src 'self' *.lego.com data: *.bazaarvoice.com *.akamaihd.net connect.facebook.net www.facebook.com *.doubleclick.net bat.bing.com www.googletagmanager.com bam-cell.nr-data.net *.adyen.com maps.googleapis.com maps.gstatic.com www.paypalobjects.com *.force.com *.salesforce.com *.visualforce.com blob: *.fwpixel.com *.fwcdn3.com *.fireworktv.com;style-src 'self' *.lego.com lego.ugc.bazaarvoice.com *.adyen.com fonts.googleapis.com *.force.com *.salesforce.com *.salesforce-sites.com *.my.site.com 'unsafe-inline';media-src 'self' *.lego.com mpsnare.iesnare.com *.fireworktv.com;connect-src 'self' *.lego.com bat.bing.com dpm.demdex.net lasteventf-tm.everesttech.net www.facebook.com adservice.google.com *.doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.salesforce-scrt.com *.bazaarvoice.com maps.googleapis.com *.decibelinsight.net *.decibel.com blob: *.s3.eu-central-1.amazonaws.com fireworkapi1.com *.fireworkapi1.com wss://fireworkapi1.com *.fwpixel.com fireworkanalytics.com fireworkadservices1.com *.agora.io *.sd-rtn.com *.fwcdn3.com *.live-video.net wss://104-166-161-30.edge.agora.io:* wss://104-166-161-30.edge.sd-rtn.com:* wss://104-166-161-32.edge.agora.io:* wss://104-166-161-32.edge.sd-rtn.com:* wss://104-166-161-53.edge.agora.io:* wss://104-166-161-53.edge.sd-rtn.com:*;script-src 'self' *.lego.com www.everestjs.net assets.adobedtm.com *.doubleclick.net www.googletagmanager.com www.googleadservices.com connect.facebook.net bat.bing.com analytics.analytics-egain.com js-agent.newrelic.com bam-cell.nr-data.net d3tdkvfstzj7gy.cloudfront.net maps-api-ssl.google.com maps.googleapis.com cnstrc.com *.iovation.com *.iesnare.com www.paypal.com *.adyen.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.my.site.com *.decibelinsight.net *.decibel.com blob: *.fwcdn3.com 'nonce-XJ3x+2Bcucw2NtCOoFrdl9S1hbovxfxVfDFnhaKkbjQ=';frame-src 'self' *.lego.com *.adyen.com google.com www.sandbox.paypal.com *.doubleclick.net tpc.googlesyndication.com *.salesforce.com *.force.com *.salesforce-sites.com *.salesforce-scrt.com *.my.site.com connect.facebook.net facebook.com;form-action 'self' *.force.com *.salesforce.com www.paypal.com connect.facebook.net;object-src 'none';base-uri 'self';worker-src blob:;report-uri https://lego.report-uri.com/r/t/csp/wizard
accept-ranges: bytes
content-length: 209
x-xss-protection: 1; mode=block

GET
H2 200 brand-lego.svg
assets.lego.com/logos/v4.5.0/ 5 KB
3 KB 22ms
7ms Image
image/svg+xml 52.222.214.114
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.lego.com/logos/v4.5.0/brand-lego.svg
Requested by: Host: www.lego.com
URL: https://www.lego.com/de-de/stores
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-114.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e692c130a90f4e348fc484cce8e13d43e5275fef4cec1a3878b8e3d96071a6e0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.lego.com/

Response headers

x-amz-cf-pop: FRA56-P3
cache-control: max-age=31536000, public
content-encoding: gzip
etag: W/"57bacd0c848bc3271c6d1e1052b82530"
age: 60641
via: 1.1 eaedf92fd05c53aa96f20b6322b473e6.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: mk4K3eqXFLtmYIElvS6akXA7O2eLnvzgVWCqBbz--R2q6VI3ssBP9g==
date: Wed, 30 Oct 2024 12:11:51 GMT
content-type: image/svg+xml
vary: Accept-Encoding, Origin
server: AmazonS3
last-modified: Wed, 23 Oct 2024 12:11:19 GMT
x-amz-server-side-encryption: AES256

GET
H2 200 facebook-895fba5a20c4facacb9655dade1d256c.svg
www.lego.com/_next/static/images/ 1 KB
3 KB 18ms
17ms Image
image/svg+xml 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.lego.com/_next/static/images/facebook-895fba5a20c4facacb9655dade1d256c.svg

Requested by

Host: www.lego.com
URL: https://www.lego.com/de-de/stores

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

8ee7ad9e16a2ba29e59ef1904ba7cc7eae49551ded00014aa3860f40ce546d33

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.lego.com/de-de/stores

Response headers

surrogate-control: no-store
content-encoding: gzip
etag: W/"5a7-192d92c5fe8"
x-content-type-options: nosniff
date: Thu, 31 Oct 2024 05:02:32 GMT
content-type: image/svg+xml
last-modified: Tue, 29 Oct 2024 16:46:57 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=52
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
content-security-policy-report-only: default-src 'self' *.lego.com;font-src 'self' fonts.gstatic.com *.legocrm.my.salesforce.com *.lego.com;img-src 'self' *.lego.com data: *.bazaarvoice.com *.akamaihd.net connect.facebook.net www.facebook.com *.doubleclick.net bat.bing.com www.googletagmanager.com bam-cell.nr-data.net *.adyen.com maps.googleapis.com maps.gstatic.com www.paypalobjects.com *.force.com *.salesforce.com *.visualforce.com blob: *.fwpixel.com *.fwcdn3.com *.fireworktv.com;style-src 'self' *.lego.com lego.ugc.bazaarvoice.com *.adyen.com fonts.googleapis.com *.force.com *.salesforce.com *.salesforce-sites.com *.my.site.com 'unsafe-inline';media-src 'self' *.lego.com mpsnare.iesnare.com *.fireworktv.com;connect-src 'self' *.lego.com bat.bing.com dpm.demdex.net lasteventf-tm.everesttech.net www.facebook.com adservice.google.com *.doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.salesforce-scrt.com *.bazaarvoice.com maps.googleapis.com *.decibelinsight.net *.decibel.com blob: *.s3.eu-central-1.amazonaws.com fireworkapi1.com *.fireworkapi1.com wss://fireworkapi1.com *.fwpixel.com fireworkanalytics.com fireworkadservices1.com *.agora.io *.sd-rtn.com *.fwcdn3.com *.live-video.net wss://104-166-161-30.edge.agora.io:* wss://104-166-161-30.edge.sd-rtn.com:* wss://104-166-161-32.edge.agora.io:* wss://104-166-161-32.edge.sd-rtn.com:* wss://104-166-161-53.edge.agora.io:* wss://104-166-161-53.edge.sd-rtn.com:*;script-src 'self' *.lego.com www.everestjs.net assets.adobedtm.com *.doubleclick.net www.googletagmanager.com www.googleadservices.com connect.facebook.net bat.bing.com analytics.analytics-egain.com js-agent.newrelic.com bam-cell.nr-data.net d3tdkvfstzj7gy.cloudfront.net maps-api-ssl.google.com maps.googleapis.com cnstrc.com *.iovation.com *.iesnare.com www.paypal.com *.adyen.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.my.site.com *.decibelinsight.net *.decibel.com blob: *.fwcdn3.com 'nonce-7XZKl1zZNqh+PlijibAcKrOGThhGgODTVV4Ry5xwh/o=';frame-src 'self' *.lego.com *.adyen.com google.com www.sandbox.paypal.com *.doubleclick.net tpc.googlesyndication.com *.salesforce.com *.force.com *.salesforce-sites.com *.salesforce-scrt.com *.my.site.com connect.facebook.net facebook.com;form-action 'self' *.force.com *.salesforce.com www.paypal.com connect.facebook.net;object-src 'none';base-uri 'self';worker-src blob:;report-uri https://lego.report-uri.com/r/t/csp/wizard
accept-ranges: bytes
content-length: 550
x-xss-protection: 1; mode=block

GET
H2 200 twitter-4bee8e762dd6042960b804964fd64103.svg
www.lego.com/_next/static/images/ 532 B
3 KB 66ms
66ms Image
image/svg+xml 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.lego.com/_next/static/images/twitter-4bee8e762dd6042960b804964fd64103.svg

Requested by

Host: www.lego.com
URL: https://www.lego.com/de-de/stores

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

d3d566990585fe960360cfd0c6cfa0de938fa84b4e061c90bdaf0f72e4a333a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.lego.com/de-de/stores

Response headers

surrogate-control: no-store
content-encoding: gzip
etag: W/"214-192d92c5fe8"
x-content-type-options: nosniff
date: Thu, 31 Oct 2024 05:02:32 GMT
content-type: image/svg+xml
last-modified: Tue, 29 Oct 2024 16:46:57 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=57
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
content-security-policy-report-only: default-src 'self' *.lego.com;font-src 'self' fonts.gstatic.com *.legocrm.my.salesforce.com *.lego.com;img-src 'self' *.lego.com data: *.bazaarvoice.com *.akamaihd.net connect.facebook.net www.facebook.com *.doubleclick.net bat.bing.com www.googletagmanager.com bam-cell.nr-data.net *.adyen.com maps.googleapis.com maps.gstatic.com www.paypalobjects.com *.force.com *.salesforce.com *.visualforce.com blob: *.fwpixel.com *.fwcdn3.com *.fireworktv.com;style-src 'self' *.lego.com lego.ugc.bazaarvoice.com *.adyen.com fonts.googleapis.com *.force.com *.salesforce.com *.salesforce-sites.com *.my.site.com 'unsafe-inline';media-src 'self' *.lego.com mpsnare.iesnare.com *.fireworktv.com;connect-src 'self' *.lego.com bat.bing.com dpm.demdex.net lasteventf-tm.everesttech.net www.facebook.com adservice.google.com *.doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.salesforce-scrt.com *.bazaarvoice.com maps.googleapis.com *.decibelinsight.net *.decibel.com blob: *.s3.eu-central-1.amazonaws.com fireworkapi1.com *.fireworkapi1.com wss://fireworkapi1.com *.fwpixel.com fireworkanalytics.com fireworkadservices1.com *.agora.io *.sd-rtn.com *.fwcdn3.com *.live-video.net wss://104-166-161-30.edge.agora.io:* wss://104-166-161-30.edge.sd-rtn.com:* wss://104-166-161-32.edge.agora.io:* wss://104-166-161-32.edge.sd-rtn.com:* wss://104-166-161-53.edge.agora.io:* wss://104-166-161-53.edge.sd-rtn.com:*;script-src 'self' *.lego.com www.everestjs.net assets.adobedtm.com *.doubleclick.net www.googletagmanager.com www.googleadservices.com connect.facebook.net bat.bing.com analytics.analytics-egain.com js-agent.newrelic.com bam-cell.nr-data.net d3tdkvfstzj7gy.cloudfront.net maps-api-ssl.google.com maps.googleapis.com cnstrc.com *.iovation.com *.iesnare.com www.paypal.com *.adyen.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.my.site.com *.decibelinsight.net *.decibel.com blob: *.fwcdn3.com 'nonce-B4bvr6Fxp1FkZcBM8dmhYD9sNGbHYVLJqoTGR/IyOO0=';frame-src 'self' *.lego.com *.adyen.com google.com www.sandbox.paypal.com *.doubleclick.net tpc.googlesyndication.com *.salesforce.com *.force.com *.salesforce-sites.com *.salesforce-scrt.com *.my.site.com connect.facebook.net facebook.com;form-action 'self' *.force.com *.salesforce.com www.paypal.com connect.facebook.net;object-src 'none';base-uri 'self';worker-src blob:;report-uri https://lego.report-uri.com/r/t/csp/wizard
accept-ranges: bytes
content-length: 367
x-xss-protection: 1; mode=block

GET
H2 200 instagram-e47f0d4b15ff76083b415be91e96f43b.svg
www.lego.com/_next/static/images/ 3 KB
3 KB 48ms
45ms Image
image/svg+xml 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.lego.com/_next/static/images/instagram-e47f0d4b15ff76083b415be91e96f43b.svg

Requested by

Host: www.lego.com
URL: https://www.lego.com/de-de/stores

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

b2ffdb7e6780631cc1476372ffdef6fd3fa5d5f0a51f66110fde0b8969f14c8d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.lego.com/de-de/stores

Response headers

surrogate-control: no-store
content-encoding: gzip
etag: W/"bc2-192d92c5fe8"
x-content-type-options: nosniff
date: Thu, 31 Oct 2024 05:02:32 GMT
content-type: image/svg+xml
last-modified: Tue, 29 Oct 2024 16:46:57 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=33
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
content-security-policy-report-only: default-src 'self' *.lego.com;font-src 'self' fonts.gstatic.com *.legocrm.my.salesforce.com *.lego.com;img-src 'self' *.lego.com data: *.bazaarvoice.com *.akamaihd.net connect.facebook.net www.facebook.com *.doubleclick.net bat.bing.com www.googletagmanager.com bam-cell.nr-data.net *.adyen.com maps.googleapis.com maps.gstatic.com www.paypalobjects.com *.force.com *.salesforce.com *.visualforce.com blob: *.fwpixel.com *.fwcdn3.com *.fireworktv.com;style-src 'self' *.lego.com lego.ugc.bazaarvoice.com *.adyen.com fonts.googleapis.com *.force.com *.salesforce.com *.salesforce-sites.com *.my.site.com 'unsafe-inline';media-src 'self' *.lego.com mpsnare.iesnare.com *.fireworktv.com;connect-src 'self' *.lego.com bat.bing.com dpm.demdex.net lasteventf-tm.everesttech.net www.facebook.com adservice.google.com *.doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.salesforce-scrt.com *.bazaarvoice.com maps.googleapis.com *.decibelinsight.net *.decibel.com blob: *.s3.eu-central-1.amazonaws.com fireworkapi1.com *.fireworkapi1.com wss://fireworkapi1.com *.fwpixel.com fireworkanalytics.com fireworkadservices1.com *.agora.io *.sd-rtn.com *.fwcdn3.com *.live-video.net wss://104-166-161-30.edge.agora.io:* wss://104-166-161-30.edge.sd-rtn.com:* wss://104-166-161-32.edge.agora.io:* wss://104-166-161-32.edge.sd-rtn.com:* wss://104-166-161-53.edge.agora.io:* wss://104-166-161-53.edge.sd-rtn.com:*;script-src 'self' *.lego.com www.everestjs.net assets.adobedtm.com *.doubleclick.net www.googletagmanager.com www.googleadservices.com connect.facebook.net bat.bing.com analytics.analytics-egain.com js-agent.newrelic.com bam-cell.nr-data.net d3tdkvfstzj7gy.cloudfront.net maps-api-ssl.google.com maps.googleapis.com cnstrc.com *.iovation.com *.iesnare.com www.paypal.com *.adyen.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.my.site.com *.decibelinsight.net *.decibel.com blob: *.fwcdn3.com 'nonce-wKoCUNGCZ1EGtzaLDm20Ic+URkBHcZ75sK67TZs7Exo=';frame-src 'self' *.lego.com *.adyen.com google.com www.sandbox.paypal.com *.doubleclick.net tpc.googlesyndication.com *.salesforce.com *.force.com *.salesforce-sites.com *.salesforce-scrt.com *.my.site.com connect.facebook.net facebook.com;form-action 'self' *.force.com *.salesforce.com www.paypal.com connect.facebook.net;object-src 'none';base-uri 'self';worker-src blob:;report-uri https://lego.report-uri.com/r/t/csp/wizard
accept-ranges: bytes
content-length: 1019
x-xss-protection: 1; mode=block

GET
H2 200 youtube-c51b2c62583921aae813fdc55df5f9d2.svg
www.lego.com/_next/static/images/ 1 KB
3 KB 48ms
45ms Image
image/svg+xml 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.lego.com/_next/static/images/youtube-c51b2c62583921aae813fdc55df5f9d2.svg

Requested by

Host: www.lego.com
URL: https://www.lego.com/de-de/stores

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

0fd26d5347883a1efa127f23590d63d52d26f011280961c6241f5d61d4c92490

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.lego.com/de-de/stores

Response headers

surrogate-control: no-store
content-encoding: gzip
etag: W/"412-192d92c5fe8"
x-content-type-options: nosniff
date: Thu, 31 Oct 2024 05:02:32 GMT
content-type: image/svg+xml
last-modified: Tue, 29 Oct 2024 16:46:57 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=17
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
content-security-policy-report-only: default-src 'self' *.lego.com;font-src 'self' fonts.gstatic.com *.legocrm.my.salesforce.com *.lego.com;img-src 'self' *.lego.com data: *.bazaarvoice.com *.akamaihd.net connect.facebook.net www.facebook.com *.doubleclick.net bat.bing.com www.googletagmanager.com bam-cell.nr-data.net *.adyen.com maps.googleapis.com maps.gstatic.com www.paypalobjects.com *.force.com *.salesforce.com *.visualforce.com blob: *.fwpixel.com *.fwcdn3.com *.fireworktv.com;style-src 'self' *.lego.com lego.ugc.bazaarvoice.com *.adyen.com fonts.googleapis.com *.force.com *.salesforce.com *.salesforce-sites.com *.my.site.com 'unsafe-inline';media-src 'self' *.lego.com mpsnare.iesnare.com *.fireworktv.com;connect-src 'self' *.lego.com bat.bing.com dpm.demdex.net lasteventf-tm.everesttech.net www.facebook.com adservice.google.com *.doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.salesforce-scrt.com *.bazaarvoice.com maps.googleapis.com *.decibelinsight.net *.decibel.com blob: *.s3.eu-central-1.amazonaws.com fireworkapi1.com *.fireworkapi1.com wss://fireworkapi1.com *.fwpixel.com fireworkanalytics.com fireworkadservices1.com *.agora.io *.sd-rtn.com *.fwcdn3.com *.live-video.net wss://104-166-161-30.edge.agora.io:* wss://104-166-161-30.edge.sd-rtn.com:* wss://104-166-161-32.edge.agora.io:* wss://104-166-161-32.edge.sd-rtn.com:* wss://104-166-161-53.edge.agora.io:* wss://104-166-161-53.edge.sd-rtn.com:*;script-src 'self' *.lego.com www.everestjs.net assets.adobedtm.com *.doubleclick.net www.googletagmanager.com www.googleadservices.com connect.facebook.net bat.bing.com analytics.analytics-egain.com js-agent.newrelic.com bam-cell.nr-data.net d3tdkvfstzj7gy.cloudfront.net maps-api-ssl.google.com maps.googleapis.com cnstrc.com *.iovation.com *.iesnare.com www.paypal.com *.adyen.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.my.site.com *.decibelinsight.net *.decibel.com blob: *.fwcdn3.com 'nonce-PPQg4ivlPM/7MAuwhbv5mko6kPJaeKKWALXTpN0Quaw=';frame-src 'self' *.lego.com *.adyen.com google.com www.sandbox.paypal.com *.doubleclick.net tpc.googlesyndication.com *.salesforce.com *.force.com *.salesforce-sites.com *.salesforce-scrt.com *.my.site.com connect.facebook.net facebook.com;form-action 'self' *.force.com *.salesforce.com www.paypal.com connect.facebook.net;object-src 'none';base-uri 'self';worker-src blob:;report-uri https://lego.report-uri.com/r/t/csp/wizard
accept-ranges: bytes
content-length: 479
x-xss-protection: 1; mode=block

GET
H2 200 checksession Show response
identity.lego.com/connect/ Frame AA70 12 KB
13 KB 56ms
9ms Document
text/html 2600:9000:2761:4600:19:9f8c:2a40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://identity.lego.com/connect/checksession

Requested by

Host: www.lego.com
URL: https://www.lego.com/de-de/stores

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2761:4600:19:9f8c:2a40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

53057dc9152f37cb198b8575778397d7786d804d851c5ac0b4d353dc232200ca

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; script-src 'sha256-fa5rxHhZ799izGRP38+h4ud5QXNT0SFaFlh4eqDumBI='; frame-ancestors https:; form-action 'self'; report-to csp-endpoint
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.lego.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

age: 2174
cache-control: public, max-age=3600
content-security-policy: default-src 'none'; script-src 'sha256-fa5rxHhZ799izGRP38+h4ud5QXNT0SFaFlh4eqDumBI='; frame-ancestors https:; form-action 'self'; report-to csp-endpoint
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Thu, 31 Oct 2024 04:26:18 GMT
expect-ct: enforce, max-age=86400
feature-policy: autoplay 'none'; camera 'none'; encrypted-media 'none'; fullscreen 'none'; geolocation 'none'; microphone 'none'; midi 'none'; payment 'none'; vr 'none';
permissions-policy: autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), microphone=(), midi=(), payment=(), vr=()
referrer-policy: no-referrer
report-to: {"group":"csp-endpoint","max_age":3600,"endpoints":[{"url":"/api/v1/report"}]}
strict-transport-security: max-age=63072000; includeSubDomains
via: 1.1 d6f2ecdfd53b40c1776d655bd15fdeb0.cloudfront.net (CloudFront)
x-amz-cf-id: dJf5Tb8UYyCL74KBv2ykSggKd4wy_6ZrLGaxauGy3yhq_tAizq6gNg==
x-amz-cf-pop: FRA60-P8
x-cache: Hit from cloudfront
x-content-type-options: nosniff
x-correlation-id: Root=1-672306ea-2c1b64db7fae86b37c83b8e0
x-robots-tag: noindex, noarchive

GET
H2 200 CeraPro-Medium.woff2
assets.lego.com/fonts/v3/cera-pro/ 46 KB
46 KB 10ms
9ms Font
font/woff2 52.222.214.114
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.lego.com/fonts/v3/cera-pro/CeraPro-Medium.woff2
Requested by: Host: www.lego.com
URL: https://www.lego.com/_next/static/css/36a42b2b11ec6fa7.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-114.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: bed96a75857452e5f79b8e237eaf6498a7540e6d83955ba5903354905b7b2a5a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.lego.com
Referer: https://www.lego.com/

Response headers

cache-control: max-age=31536000, public
etag: "561288a6b423c7c1faac8255747dd732"
age: 448476
via: 1.1 29f7132906866b79866659848b3a3b68.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
x-cache: Hit from cloudfront
content-length: 46764
x-amz-cf-id: Ds0Vs3EeSTn-h1Fuy6M2BR8wA-819r_Egw0I8GY1acK12A9XUptN3g==
date: Wed, 30 Oct 2024 12:11:51 GMT
content-type: font/woff2
last-modified: Wed, 23 Oct 2024 12:06:01 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256

GET
H2 200 CeraPro-RegularItalic.woff2
assets.lego.com/fonts/v3/cera-pro/ 48 KB
48 KB 12ms
11ms Font
font/woff2 52.222.214.114
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.lego.com/fonts/v3/cera-pro/CeraPro-RegularItalic.woff2
Requested by: Host: www.lego.com
URL: https://www.lego.com/_next/static/css/36a42b2b11ec6fa7.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-114.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1f48836e1e3a41405f75eb0450bb1272eba23d05f68dedcaf13e10ad3a3bd09d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.lego.com
Referer: https://www.lego.com/

Response headers

etag: "4a1fb48b778ea171e643ddbc237661dd"
age: 60642
x-cache: Hit from cloudfront
x-amz-cf-id: MrEfTHJO_3KXz6dE_8jCKnWiFRta1pX5NyVzzK72fadjAgranX0LiA==
date: Wed, 30 Oct 2024 12:11:51 GMT
content-type: font/woff2
vary: Accept-Encoding
last-modified: Wed, 23 Oct 2024 12:06:01 GMT
cache-control: max-age=31536000, public
via: 1.1 29f7132906866b79866659848b3a3b68.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 48844
x-amz-cf-pop: FRA56-P3
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 CeraPro-Bold.woff2
assets.lego.com/fonts/v3/cera-pro/ 45 KB
46 KB 18ms
17ms Font
font/woff2 52.222.214.114
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.lego.com/fonts/v3/cera-pro/CeraPro-Bold.woff2
Requested by: Host: www.lego.com
URL: https://www.lego.com/_next/static/css/36a42b2b11ec6fa7.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-114.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7845a286d9b1a1d71bf603d1ba585f8a2ee8b6c5a294c2d88cd239982df9556f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.lego.com
Referer: https://www.lego.com/

Response headers

etag: "f9bac5cd373511f7b8b02862984933c8"
age: 60642
x-cache: Hit from cloudfront
x-amz-cf-id: X6vXUOWO_KxkNe6DZSxjVsxLR2vUMb7g4yH1_r1yqQszpJnLC-AtWg==
date: Wed, 30 Oct 2024 12:11:51 GMT
content-type: font/woff2
vary: Accept-Encoding
last-modified: Wed, 23 Oct 2024 12:06:00 GMT
cache-control: max-age=31536000, public
via: 1.1 29f7132906866b79866659848b3a3b68.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 46304
x-amz-cf-pop: FRA56-P3
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 nr-spa-1.250.0.min.js Show response
js-agent.newrelic.com/ 86 KB
26 KB 31ms
8ms Script
application/javascript 2602:816:5001::39
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/nr-spa-1.250.0.min.js

Requested by

Host: www.lego.com
URL: https://www.lego.com/newrelic.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2602:816:5001::39 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

8aaf0af04baf8eaa35b1ac46ed02d131a8d3c44896b92a45fa1555c70ebc94c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.lego.com
Referer: https://www.lego.com/

Response headers

strict-transport-security: max-age=300
cache-control: public, max-age=31536000, stale-while-revalidate=86400, stale-if-error=86400
content-encoding: br
etag: "6e3b65f7f44fa4b3bf86d1f0187490ce"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
x-cache: HIT
content-length: 26346
date: Thu, 31 Oct 2024 05:02:32 GMT
last-modified: Tue, 09 Jan 2024 19:15:56 GMT
content-type: application/javascript
x-served-by: cache-fra-eddf8230030-FRA
x-cache-hits: 30770
vary: Accept-Encoding

GET
H2 200 js Show response
maps.googleapis.com/maps/api/ 385 KB
121 KB 79ms
46ms Script
text/javascript 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps/api/js?key=AIzaSyDVqKkx3lRp_hsAwyH0_1D9qQJm9Jz4nWk&language=de&libraries=places

Requested by

Host: www.lego.com
URL: https://www.lego.com/newrelic.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

475ff9dfc3d067cad2d60dd8ca5d9da2f08e678867e81149b6595758a92a283b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.lego.com/

Response headers

cache-control: public, max-age=1800, stale-while-revalidate=3600
timing-allow-origin: *
content-encoding: gzip
etag: 9cfb70f2
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 123616
date: Thu, 31 Oct 2024 05:02:32 GMT
x-xss-protection: 0
content-type: text/javascript; charset=UTF-8
vary: Origin, X-Origin, Referer
server: scaffolding on HTTPServer2
x-frame-options: SAMEORIGIN

GET
H2 200 / Show response
allowed-countries.scout.services.lego.com/ 35 B
320 B 42ms
11ms Fetch
application/json 2600:9000:20eb:8800:1e:c28d:f140:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://allowed-countries.scout.services.lego.com/
Requested by: Host: www.lego.com
URL: https://www.lego.com/newrelic.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:8800:1e:c28d:f140:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: CloudFront /
Resource Hash: edcb1c415935b1cf49e2e56980d7eba638bda72a23a8997157e1590b1eef14d0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.lego.com/

Response headers

via: 1.1 7a18a0a1d9929dae345690b88b08dd5e.cloudfront.net (CloudFront)
access-control-allow-origin: https://www.lego.com
x-cache: FunctionGeneratedResponse from cloudfront
content-length: 35
x-amz-cf-id: Ay-2iDDuK4CRd49MklWnoMUA_D5WywTM1J_1e1PANox8IczmiYHlCQ==
date: Thu, 31 Oct 2024 05:02:32 GMT
content-type: application/json
x-amz-cf-pop: FRA2-C1
server: CloudFront
vary: Origin

GET
H2

200

callback Show response
www.lego.com/identity/ Frame 3C4C
Redirect Chain

https://identity.lego.com/connect/authorize?appContext=false&adultexperience=true&hideheader=true&scope=openid+email+profile+dob&response_type=id_token+token&client_id=316ad352-6573-4df0-b707-e7230...
https://www.lego.com/identity/callback

519 KB
133 KB

19ms
19ms

Document
text/html

95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lego.com/identity/callback

Requested by

Host: www.lego.com
URL: https://www.lego.com/newrelic.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

5e1c2d251d283b063e737a2c2d2b927ca5a946710e5b9f24f77d776f9b11662c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cache-control: public, max-age=7
content-encoding: gzip
content-length: 133880
content-security-policy-report-only: default-src 'self' *.lego.com;font-src 'self' fonts.gstatic.com *.legocrm.my.salesforce.com *.lego.com;img-src 'self' *.lego.com data: *.bazaarvoice.com *.akamaihd.net connect.facebook.net www.facebook.com *.doubleclick.net bat.bing.com www.googletagmanager.com bam-cell.nr-data.net *.adyen.com maps.googleapis.com maps.gstatic.com www.paypalobjects.com *.force.com *.salesforce.com *.visualforce.com blob: *.fwpixel.com *.fwcdn3.com *.fireworktv.com;style-src 'self' *.lego.com lego.ugc.bazaarvoice.com *.adyen.com fonts.googleapis.com *.force.com *.salesforce.com *.salesforce-sites.com *.my.site.com 'unsafe-inline';media-src 'self' *.lego.com mpsnare.iesnare.com *.fireworktv.com;connect-src 'self' *.lego.com bat.bing.com dpm.demdex.net lasteventf-tm.everesttech.net www.facebook.com adservice.google.com *.doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.salesforce-scrt.com *.bazaarvoice.com maps.googleapis.com *.decibelinsight.net *.decibel.com blob: *.s3.eu-central-1.amazonaws.com fireworkapi1.com *.fireworkapi1.com wss://fireworkapi1.com *.fwpixel.com fireworkanalytics.com fireworkadservices1.com *.agora.io *.sd-rtn.com *.fwcdn3.com *.live-video.net wss://104-166-161-30.edge.agora.io:* wss://104-166-161-30.edge.sd-rtn.com:* wss://104-166-161-32.edge.agora.io:* wss://104-166-161-32.edge.sd-rtn.com:* wss://104-166-161-53.edge.agora.io:* wss://104-166-161-53.edge.sd-rtn.com:*;script-src 'self' *.lego.com www.everestjs.net assets.adobedtm.com *.doubleclick.net www.googletagmanager.com www.googleadservices.com connect.facebook.net bat.bing.com analytics.analytics-egain.com js-agent.newrelic.com bam-cell.nr-data.net d3tdkvfstzj7gy.cloudfront.net maps-api-ssl.google.com maps.googleapis.com cnstrc.com *.iovation.com *.iesnare.com www.paypal.com *.adyen.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.my.site.com *.decibelinsight.net *.decibel.com blob: *.fwcdn3.com 'nonce-/3AZ2oDr5Nrj+HZEE4IjJTmHUaQY8PUzSmX/WiS+50g=';frame-src 'self' *.lego.com *.adyen.com google.com www.sandbox.paypal.com *.doubleclick.net tpc.googlesyndication.com *.salesforce.com *.force.com *.salesforce-sites.com *.salesforce-scrt.com *.my.site.com connect.facebook.net facebook.com;form-action 'self' *.force.com *.salesforce.com www.paypal.com connect.facebook.net;object-src 'none';base-uri 'self';worker-src blob:;report-uri https://lego.report-uri.com/r/t/csp/wizard
content-type: text/html; charset=utf-8
date: Thu, 31 Oct 2024 05:02:32 GMT
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
surrogate-control: no-store
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

Redirect headers

cache-control: no-store, no-cache, max-age=0
content-length: 0
content-security-policy: default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'none'; form-action 'self';
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Thu, 31 Oct 2024 05:02:32 GMT
expect-ct: enforce, max-age=63072000
feature-policy: autoplay 'none'; camera 'none'; encrypted-media 'none'; fullscreen 'none'; geolocation 'none'; microphone 'none'; midi 'none'; payment 'none'; vr 'none';
location: https://www.lego.com/identity/callback#error=login_required&state=Y0QxVxYYk6F7Bh_E&session_state=Bh68QRsUxV7JbIXh8q6CPpWI4QtJjlQyB-ChCMnFm0g.A8872F16015470AD3DF96825DD8FF709
permissions-policy: autoplay=(), camera=(), encrypted-media=(), fullscreen=(), geolocation=(), microphone=(), midi=(), payment=(), vr=()
pragma: no-cache
referrer-policy: no-referrer
report-to: {"group":"csp-endpoint","max_age":3600,"endpoints":[{"url":"/api/v1/report"}]}
server: LEGO-Identity
strict-transport-security: max-age=63072000; includeSubDomains
via: 1.1 d6f2ecdfd53b40c1776d655bd15fdeb0.cloudfront.net (CloudFront)
x-amz-cf-id: 9srI39jTnU-YxeSuFz9H1sgwhZRr64hDEmlPmn75GvXGifmIPn0iQA==
x-amz-cf-pop: FRA60-P8
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-robots-tag: noindex, noarchive

GET
H2 200 9132-e5416a5a07f41a70.js Show response
www.lego.com/_next/static/chunks/ 26 KB
12 KB 18ms
18ms Script
application/javascript 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lego.com/_next/static/chunks/9132-e5416a5a07f41a70.js

Requested by

Host: www.lego.com
URL: https://www.lego.com/newrelic.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

7ca0c03a6ab16dbb6c58d160c614a7ac6bfb70371fd6010277250e3663165094

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.lego.com/de-de/stores

Response headers

surrogate-control: no-store
content-encoding: gzip
etag: W/"6709-191ec33b3a8"
x-content-type-options: nosniff
date: Thu, 31 Oct 2024 05:02:32 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Fri, 13 Sep 2024 16:24:57 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=30631709
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
content-security-policy-report-only: default-src 'self' *.lego.com;font-src 'self' fonts.gstatic.com *.legocrm.my.salesforce.com *.lego.com;img-src 'self' *.lego.com data: *.bazaarvoice.com *.akamaihd.net connect.facebook.net www.facebook.com *.doubleclick.net bat.bing.com www.googletagmanager.com bam-cell.nr-data.net *.adyen.com maps.googleapis.com maps.gstatic.com www.paypalobjects.com *.force.com *.salesforce.com *.visualforce.com blob: *.fwpixel.com *.fwcdn3.com *.fireworktv.com;style-src 'self' *.lego.com lego.ugc.bazaarvoice.com *.adyen.com fonts.googleapis.com *.force.com *.salesforce.com *.salesforce-sites.com *.my.site.com 'unsafe-inline';media-src 'self' *.lego.com mpsnare.iesnare.com *.fireworktv.com;connect-src 'self' *.lego.com bat.bing.com dpm.demdex.net lasteventf-tm.everesttech.net www.facebook.com adservice.google.com *.doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.salesforce-scrt.com *.bazaarvoice.com maps.googleapis.com *.decibelinsight.net *.decibel.com blob: *.s3.eu-central-1.amazonaws.com fireworkapi1.com *.fireworkapi1.com wss://fireworkapi1.com *.fwpixel.com fireworkanalytics.com fireworkadservices1.com *.agora.io *.sd-rtn.com *.fwcdn3.com *.live-video.net wss://104-166-161-30.edge.agora.io:* wss://104-166-161-30.edge.sd-rtn.com:* wss://104-166-161-32.edge.agora.io:* wss://104-166-161-32.edge.sd-rtn.com:* wss://104-166-161-53.edge.agora.io:* wss://104-166-161-53.edge.sd-rtn.com:*;script-src 'self' *.lego.com www.everestjs.net assets.adobedtm.com *.doubleclick.net www.googletagmanager.com www.googleadservices.com connect.facebook.net bat.bing.com analytics.analytics-egain.com js-agent.newrelic.com bam-cell.nr-data.net d3tdkvfstzj7gy.cloudfront.net maps-api-ssl.google.com maps.googleapis.com cnstrc.com *.iovation.com *.iesnare.com www.paypal.com *.adyen.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.my.site.com *.decibelinsight.net *.decibel.com blob: *.fwcdn3.com 'nonce-LnXenuKc4Am1JclxrMdKhVbYOt+SKIs8zGDEeGZ202c=';frame-src 'self' *.lego.com *.adyen.com google.com www.sandbox.paypal.com *.doubleclick.net tpc.googlesyndication.com *.salesforce.com *.force.com *.salesforce-sites.com *.salesforce-scrt.com *.my.site.com connect.facebook.net facebook.com;form-action 'self' *.force.com *.salesforce.com www.paypal.com connect.facebook.net;object-src 'none';base-uri 'self';worker-src blob:;report-uri https://lego.report-uri.com/r/t/csp/wizard
accept-ranges: bytes
content-length: 10311
x-xss-protection: 1; mode=block

GET
H2 200 6502.6f45250d2ea42c79.js Show response
www.lego.com/_next/static/chunks/ 60 KB
21 KB 19ms
18ms Script
application/javascript 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lego.com/_next/static/chunks/6502.6f45250d2ea42c79.js

Requested by

Host: www.lego.com
URL: https://www.lego.com/newrelic.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

12ce77e934df463891f63dab5fe44a450dfe4594c9d166565781e896c40182cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.lego.com/de-de/stores

Response headers

surrogate-control: no-store
content-encoding: gzip
etag: W/"f0b6-191fb612f40"
x-content-type-options: nosniff
date: Thu, 31 Oct 2024 05:02:32 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Mon, 16 Sep 2024 15:08:56 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=29912063
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
content-security-policy-report-only: default-src 'self' *.lego.com;font-src 'self' fonts.gstatic.com *.legocrm.my.salesforce.com *.lego.com;img-src 'self' *.lego.com data: *.bazaarvoice.com *.akamaihd.net connect.facebook.net www.facebook.com *.doubleclick.net bat.bing.com www.googletagmanager.com bam-cell.nr-data.net *.adyen.com maps.googleapis.com maps.gstatic.com www.paypalobjects.com *.force.com *.salesforce.com *.visualforce.com blob: *.fwpixel.com *.fwcdn3.com *.fireworktv.com;style-src 'self' *.lego.com lego.ugc.bazaarvoice.com *.adyen.com fonts.googleapis.com *.force.com *.salesforce.com *.salesforce-sites.com *.my.site.com 'unsafe-inline';media-src 'self' *.lego.com mpsnare.iesnare.com *.fireworktv.com;connect-src 'self' *.lego.com bat.bing.com dpm.demdex.net lasteventf-tm.everesttech.net www.facebook.com adservice.google.com *.doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.salesforce-scrt.com *.bazaarvoice.com maps.googleapis.com *.decibelinsight.net *.decibel.com blob: *.s3.eu-central-1.amazonaws.com fireworkapi1.com *.fireworkapi1.com wss://fireworkapi1.com *.fwpixel.com fireworkanalytics.com fireworkadservices1.com *.agora.io *.sd-rtn.com *.fwcdn3.com *.live-video.net wss://104-166-161-30.edge.agora.io:* wss://104-166-161-30.edge.sd-rtn.com:* wss://104-166-161-32.edge.agora.io:* wss://104-166-161-32.edge.sd-rtn.com:* wss://104-166-161-53.edge.agora.io:* wss://104-166-161-53.edge.sd-rtn.com:*;script-src 'self' *.lego.com www.everestjs.net assets.adobedtm.com *.doubleclick.net www.googletagmanager.com www.googleadservices.com connect.facebook.net bat.bing.com analytics.analytics-egain.com js-agent.newrelic.com bam-cell.nr-data.net d3tdkvfstzj7gy.cloudfront.net maps-api-ssl.google.com maps.googleapis.com cnstrc.com *.iovation.com *.iesnare.com www.paypal.com *.adyen.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.my.site.com *.decibelinsight.net *.decibel.com blob: *.fwcdn3.com 'nonce-IcAEhn989B6Of582qNbhAkCN+AdNY+luVKtF3RDe5uA=';frame-src 'self' *.lego.com *.adyen.com google.com www.sandbox.paypal.com *.doubleclick.net tpc.googlesyndication.com *.salesforce.com *.force.com *.salesforce-sites.com *.salesforce-scrt.com *.my.site.com connect.facebook.net facebook.com;form-action 'self' *.force.com *.salesforce.com www.paypal.com connect.facebook.net;object-src 'none';base-uri 'self';worker-src blob:;report-uri https://lego.report-uri.com/r/t/csp/wizard
accept-ranges: bytes
content-length: 19306
x-xss-protection: 1; mode=block

GET
H2 200 8835.ee7f540a3b4a617b.js Show response
www.lego.com/_next/static/chunks/ 189 B
2 KB 19ms
19ms Script
application/javascript 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lego.com/_next/static/chunks/8835.ee7f540a3b4a617b.js

Requested by

Host: www.lego.com
URL: https://www.lego.com/newrelic.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

c9a936326b042aee240252c3c2176805b1979a39f6873645ccf6b7b2aeb81b02

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.lego.com/de-de/stores

Response headers

surrogate-control: no-store
content-encoding: gzip
etag: W/"bd-187292c4988"
x-content-type-options: nosniff
date: Thu, 31 Oct 2024 05:02:32 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 28 Mar 2023 17:03:01 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=29492359
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
content-security-policy-report-only: default-src 'self' *.lego.com;font-src 'self' fonts.gstatic.com *.legocrm.my.salesforce.com *.lego.com;img-src 'self' *.lego.com data: *.bazaarvoice.com *.akamaihd.net connect.facebook.net www.facebook.com *.doubleclick.net bat.bing.com www.googletagmanager.com bam-cell.nr-data.net *.adyen.com maps.googleapis.com maps.gstatic.com www.paypalobjects.com *.force.com *.salesforce.com *.visualforce.com blob:;style-src 'self' *.lego.com lego.ugc.bazaarvoice.com *.adyen.com fonts.googleapis.com *.force.com *.salesforce.com 'unsafe-inline';media-src 'self' *.lego.com mpsnare.iesnare.com;connect-src 'self' *.lego.com bat.bing.com dpm.demdex.net track.webgains.com api.webgains.io lasteventf-tm.everesttech.net www.facebook.com adservice.google.com *.doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com *.force.com *.salesforce.com *.bazaarvoice.com maps.googleapis.com *.decibelinsight.net *.decibel.com blob:;script-src 'self' *.lego.com www.everestjs.net assets.adobedtm.com *.doubleclick.net www.googletagmanager.com www.googleadservices.com connect.facebook.net bat.bing.com track.webgains.com *.webgains.io analytics.analytics-egain.com js-agent.newrelic.com bam-cell.nr-data.net d3tdkvfstzj7gy.cloudfront.net maps-api-ssl.google.com maps.googleapis.com cnstrc.com *.iovation.com *.iesnare.com www.paypal.com *.adyen.com *.force.com *.salesforce.com *.salesforceliveagent.com collection.decibelinsight.net portal.decibel.com 'nonce-q1Jb420LzQ1h8luyPS7zrNTMlpk264Ltk+8jsSo3Evk=';frame-src 'self' *.lego.com *.adyen.com google.com www.sandbox.paypal.com *.doubleclick.net tpc.googlesyndication.com *.salesforce.com *.force.com connect.facebook.net facebook.com;form-action 'self' *.force.com *.salesforce.com www.paypal.com connect.facebook.net;object-src 'none';base-uri 'self';report-uri https://lego.report-uri.com/r/t/csp/wizard
accept-ranges: bytes
content-length: 179
x-xss-protection: 1; mode=block

GET
H2 200 arrow-99d46cc05583ff4670248c5d6bd3a14b.svg Show response
www.lego.com/_next/static/images/ 358 B
2 KB 22ms
21ms Fetch
image/svg+xml 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lego.com/_next/static/images/arrow-99d46cc05583ff4670248c5d6bd3a14b.svg

Requested by

Host: www.lego.com
URL: https://www.lego.com/newrelic.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

864433fb3cbb2354f9558dc71473c7241f37e882dc22b11f265e9495842734a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

traceparent: 00-8eaceafa3d631b9aada8baff213da265-14a2f3f39b920875-01
Referer: https://www.lego.com/de-de/stores
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjE3NDY4NzEiLCJhcCI6IjEwMzI0NzQ2OCIsImlkIjoiMTRhMmYzZjM5YjkyMDg3NSIsInRyIjoiOGVhY2VhZmEzZDYzMWI5YWFkYThiYWZmMjEzZGEyNjUiLCJ0aSI6MTczMDM1MDk1MjY3M319
tracestate: 1746871@nr=0-1-1746871-103247468-14a2f3f39b920875----1730350952673

Response headers

surrogate-control: no-store
content-encoding: gzip
etag: W/"166-192d92c5fe8"
x-content-type-options: nosniff
date: Thu, 31 Oct 2024 05:02:32 GMT
content-type: image/svg+xml
last-modified: Tue, 29 Oct 2024 16:46:57 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=19
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
content-security-policy-report-only: default-src 'self' *.lego.com;font-src 'self' fonts.gstatic.com *.legocrm.my.salesforce.com *.lego.com;img-src 'self' *.lego.com data: *.bazaarvoice.com *.akamaihd.net connect.facebook.net www.facebook.com *.doubleclick.net bat.bing.com www.googletagmanager.com bam-cell.nr-data.net *.adyen.com maps.googleapis.com maps.gstatic.com www.paypalobjects.com *.force.com *.salesforce.com *.visualforce.com blob: *.fwpixel.com *.fwcdn3.com *.fireworktv.com;style-src 'self' *.lego.com lego.ugc.bazaarvoice.com *.adyen.com fonts.googleapis.com *.force.com *.salesforce.com *.salesforce-sites.com *.my.site.com 'unsafe-inline';media-src 'self' *.lego.com mpsnare.iesnare.com *.fireworktv.com;connect-src 'self' *.lego.com bat.bing.com dpm.demdex.net lasteventf-tm.everesttech.net www.facebook.com adservice.google.com *.doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.salesforce-scrt.com *.bazaarvoice.com maps.googleapis.com *.decibelinsight.net *.decibel.com blob: *.s3.eu-central-1.amazonaws.com fireworkapi1.com *.fireworkapi1.com wss://fireworkapi1.com *.fwpixel.com fireworkanalytics.com fireworkadservices1.com *.agora.io *.sd-rtn.com *.fwcdn3.com *.live-video.net wss://104-166-161-30.edge.agora.io:* wss://104-166-161-30.edge.sd-rtn.com:* wss://104-166-161-32.edge.agora.io:* wss://104-166-161-32.edge.sd-rtn.com:* wss://104-166-161-53.edge.agora.io:* wss://104-166-161-53.edge.sd-rtn.com:*;script-src 'self' *.lego.com www.everestjs.net assets.adobedtm.com *.doubleclick.net www.googletagmanager.com www.googleadservices.com connect.facebook.net bat.bing.com analytics.analytics-egain.com js-agent.newrelic.com bam-cell.nr-data.net d3tdkvfstzj7gy.cloudfront.net maps-api-ssl.google.com maps.googleapis.com cnstrc.com *.iovation.com *.iesnare.com www.paypal.com *.adyen.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.my.site.com *.decibelinsight.net *.decibel.com blob: *.fwcdn3.com 'nonce-NGBlbgq7nyYZ1Y79U0UP0EvkHUInBlL98wJEdTQJq8g=';frame-src 'self' *.lego.com *.adyen.com google.com www.sandbox.paypal.com *.doubleclick.net tpc.googlesyndication.com *.salesforce.com *.force.com *.salesforce-sites.com *.salesforce-scrt.com *.my.site.com connect.facebook.net facebook.com;form-action 'self' *.force.com *.salesforce.com www.paypal.com connect.facebook.net;object-src 'none';base-uri 'self';worker-src blob:;report-uri https://lego.report-uri.com/r/t/csp/wizard
accept-ranges: bytes
content-length: 247
x-xss-protection: 1; mode=block

GET
H2 200 chevron-494b9b8af02694bff1d97365cdb90f47.svg Show response
www.lego.com/_next/static/images/ 191 B
2 KB 21ms
20ms Fetch
image/svg+xml 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lego.com/_next/static/images/chevron-494b9b8af02694bff1d97365cdb90f47.svg

Requested by

Host: www.lego.com
URL: https://www.lego.com/newrelic.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

b7d2971c3439be53484e5d6a7a0025a256ec58be8887882bd229a9383fe92c52

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

traceparent: 00-db6dcf7836d096286d7e9adc0cd90bcf-793747c30b150f88-01
Referer: https://www.lego.com/de-de/stores
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjE3NDY4NzEiLCJhcCI6IjEwMzI0NzQ2OCIsImlkIjoiNzkzNzQ3YzMwYjE1MGY4OCIsInRyIjoiZGI2ZGNmNzgzNmQwOTYyODZkN2U5YWRjMGNkOTBiY2YiLCJ0aSI6MTczMDM1MDk1MjY3NH19
tracestate: 1746871@nr=0-1-1746871-103247468-793747c30b150f88----1730350952674

Response headers

surrogate-control: no-store
content-encoding: gzip
etag: W/"bf-192d92c5fe8"
x-content-type-options: nosniff
date: Thu, 31 Oct 2024 05:02:32 GMT
content-type: image/svg+xml
last-modified: Tue, 29 Oct 2024 16:46:57 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=51
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
content-security-policy-report-only: default-src 'self' *.lego.com;font-src 'self' fonts.gstatic.com *.legocrm.my.salesforce.com *.lego.com;img-src 'self' *.lego.com data: *.bazaarvoice.com *.akamaihd.net connect.facebook.net www.facebook.com *.doubleclick.net bat.bing.com www.googletagmanager.com bam-cell.nr-data.net *.adyen.com maps.googleapis.com maps.gstatic.com www.paypalobjects.com *.force.com *.salesforce.com *.visualforce.com blob: *.fwpixel.com *.fwcdn3.com *.fireworktv.com;style-src 'self' *.lego.com lego.ugc.bazaarvoice.com *.adyen.com fonts.googleapis.com *.force.com *.salesforce.com *.salesforce-sites.com *.my.site.com 'unsafe-inline';media-src 'self' *.lego.com mpsnare.iesnare.com *.fireworktv.com;connect-src 'self' *.lego.com bat.bing.com dpm.demdex.net lasteventf-tm.everesttech.net www.facebook.com adservice.google.com *.doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.salesforce-scrt.com *.bazaarvoice.com maps.googleapis.com *.decibelinsight.net *.decibel.com blob: *.s3.eu-central-1.amazonaws.com fireworkapi1.com *.fireworkapi1.com wss://fireworkapi1.com *.fwpixel.com fireworkanalytics.com fireworkadservices1.com *.agora.io *.sd-rtn.com *.fwcdn3.com *.live-video.net wss://104-166-161-30.edge.agora.io:* wss://104-166-161-30.edge.sd-rtn.com:* wss://104-166-161-32.edge.agora.io:* wss://104-166-161-32.edge.sd-rtn.com:* wss://104-166-161-53.edge.agora.io:* wss://104-166-161-53.edge.sd-rtn.com:*;script-src 'self' *.lego.com www.everestjs.net assets.adobedtm.com *.doubleclick.net www.googletagmanager.com www.googleadservices.com connect.facebook.net bat.bing.com analytics.analytics-egain.com js-agent.newrelic.com bam-cell.nr-data.net d3tdkvfstzj7gy.cloudfront.net maps-api-ssl.google.com maps.googleapis.com cnstrc.com *.iovation.com *.iesnare.com www.paypal.com *.adyen.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.my.site.com *.decibelinsight.net *.decibel.com blob: *.fwcdn3.com 'nonce-g0pXjitinn0C9872UbkENkIAmv+Ik5IrNmPyDODB4UA=';frame-src 'self' *.lego.com *.adyen.com google.com www.sandbox.paypal.com *.doubleclick.net tpc.googlesyndication.com *.salesforce.com *.force.com *.salesforce-sites.com *.salesforce-scrt.com *.my.site.com connect.facebook.net facebook.com;form-action 'self' *.force.com *.salesforce.com www.paypal.com connect.facebook.net;object-src 'none';base-uri 'self';worker-src blob:;report-uri https://lego.report-uri.com/r/t/csp/wizard
accept-ranges: bytes
content-length: 170
x-xss-protection: 1; mode=block

GET
H2 200 pinpoint-8babc5caf8f97d05df486da918a90c84.svg Show response
www.lego.com/_next/static/images/ 580 B
2 KB 24ms
24ms Fetch
image/svg+xml 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lego.com/_next/static/images/pinpoint-8babc5caf8f97d05df486da918a90c84.svg

Requested by

Host: www.lego.com
URL: https://www.lego.com/newrelic.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

d740e2399385e4626532b9856b8be7849caee596e280e306a0297628cdc883fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

traceparent: 00-d9f28bc5234461ebf1b2ea7033753b34-1be12666d95225e2-01
Referer: https://www.lego.com/de-de/stores
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjE3NDY4NzEiLCJhcCI6IjEwMzI0NzQ2OCIsImlkIjoiMWJlMTI2NjZkOTUyMjVlMiIsInRyIjoiZDlmMjhiYzUyMzQ0NjFlYmYxYjJlYTcwMzM3NTNiMzQiLCJ0aSI6MTczMDM1MDk1MjY3NH19
tracestate: 1746871@nr=0-1-1746871-103247468-1be12666d95225e2----1730350952674

Response headers

surrogate-control: no-store
content-encoding: gzip
etag: W/"244-192d92c5fe8"
x-content-type-options: nosniff
date: Thu, 31 Oct 2024 05:02:32 GMT
content-type: image/svg+xml
last-modified: Tue, 29 Oct 2024 16:46:57 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
content-security-policy-report-only: default-src 'self' *.lego.com;font-src 'self' fonts.gstatic.com *.legocrm.my.salesforce.com *.lego.com;img-src 'self' *.lego.com data: *.bazaarvoice.com *.akamaihd.net connect.facebook.net www.facebook.com *.doubleclick.net bat.bing.com www.googletagmanager.com bam-cell.nr-data.net *.adyen.com maps.googleapis.com maps.gstatic.com www.paypalobjects.com *.force.com *.salesforce.com *.visualforce.com blob: *.fwpixel.com *.fwcdn3.com *.fireworktv.com;style-src 'self' *.lego.com lego.ugc.bazaarvoice.com *.adyen.com fonts.googleapis.com *.force.com *.salesforce.com *.salesforce-sites.com *.my.site.com 'unsafe-inline';media-src 'self' *.lego.com mpsnare.iesnare.com *.fireworktv.com;connect-src 'self' *.lego.com bat.bing.com dpm.demdex.net lasteventf-tm.everesttech.net www.facebook.com adservice.google.com *.doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.salesforce-scrt.com *.bazaarvoice.com maps.googleapis.com *.decibelinsight.net *.decibel.com blob: *.s3.eu-central-1.amazonaws.com fireworkapi1.com *.fireworkapi1.com wss://fireworkapi1.com *.fwpixel.com fireworkanalytics.com fireworkadservices1.com *.agora.io *.sd-rtn.com *.fwcdn3.com *.live-video.net wss://104-166-161-30.edge.agora.io:* wss://104-166-161-30.edge.sd-rtn.com:* wss://104-166-161-32.edge.agora.io:* wss://104-166-161-32.edge.sd-rtn.com:* wss://104-166-161-53.edge.agora.io:* wss://104-166-161-53.edge.sd-rtn.com:*;script-src 'self' *.lego.com www.everestjs.net assets.adobedtm.com *.doubleclick.net www.googletagmanager.com www.googleadservices.com connect.facebook.net bat.bing.com analytics.analytics-egain.com js-agent.newrelic.com bam-cell.nr-data.net d3tdkvfstzj7gy.cloudfront.net maps-api-ssl.google.com maps.googleapis.com cnstrc.com *.iovation.com *.iesnare.com www.paypal.com *.adyen.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.my.site.com *.decibelinsight.net *.decibel.com blob: *.fwcdn3.com 'nonce-FbcF90lEHCG7+l1yo+HDRiNX09lgYAB0F1TzagyEzhw=';frame-src 'self' *.lego.com *.adyen.com google.com www.sandbox.paypal.com *.doubleclick.net tpc.googlesyndication.com *.salesforce.com *.force.com *.salesforce-sites.com *.salesforce-scrt.com *.my.site.com connect.facebook.net facebook.com;form-action 'self' *.force.com *.salesforce.com www.paypal.com connect.facebook.net;object-src 'none';base-uri 'self';worker-src blob:;report-uri https://lego.report-uri.com/r/t/csp/wizard
accept-ranges: bytes
content-length: 313
x-xss-protection: 1; mode=block

GET
H2 200 cross-d270714807a15ba4e54f03bd39d89ab8.svg Show response
www.lego.com/_next/static/images/ 304 B
2 KB 26ms
25ms Fetch
image/svg+xml 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lego.com/_next/static/images/cross-d270714807a15ba4e54f03bd39d89ab8.svg

Requested by

Host: www.lego.com
URL: https://www.lego.com/newrelic.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

a49f3a4c7fe78003fffc607ac6f2612cc7f91b058ea7cb02e679aec896bb9e27

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

traceparent: 00-02a60292e4527226dac8915a32cd73cc-73f00a2141e57966-01
Referer: https://www.lego.com/de-de/stores
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjE3NDY4NzEiLCJhcCI6IjEwMzI0NzQ2OCIsImlkIjoiNzNmMDBhMjE0MWU1Nzk2NiIsInRyIjoiMDJhNjAyOTJlNDUyNzIyNmRhYzg5MTVhMzJjZDczY2MiLCJ0aSI6MTczMDM1MDk1MjY3NH19
tracestate: 1746871@nr=0-1-1746871-103247468-73f00a2141e57966----1730350952674

Response headers

surrogate-control: no-store
content-encoding: gzip
etag: W/"130-192d92c5fe8"
x-content-type-options: nosniff
date: Thu, 31 Oct 2024 05:02:32 GMT
content-type: image/svg+xml
last-modified: Tue, 29 Oct 2024 16:46:57 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=29
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
content-security-policy-report-only: default-src 'self' *.lego.com;font-src 'self' fonts.gstatic.com *.legocrm.my.salesforce.com *.lego.com;img-src 'self' *.lego.com data: *.bazaarvoice.com *.akamaihd.net connect.facebook.net www.facebook.com *.doubleclick.net bat.bing.com www.googletagmanager.com bam-cell.nr-data.net *.adyen.com maps.googleapis.com maps.gstatic.com www.paypalobjects.com *.force.com *.salesforce.com *.visualforce.com blob: *.fwpixel.com *.fwcdn3.com *.fireworktv.com;style-src 'self' *.lego.com lego.ugc.bazaarvoice.com *.adyen.com fonts.googleapis.com *.force.com *.salesforce.com *.salesforce-sites.com *.my.site.com 'unsafe-inline';media-src 'self' *.lego.com mpsnare.iesnare.com *.fireworktv.com;connect-src 'self' *.lego.com bat.bing.com dpm.demdex.net lasteventf-tm.everesttech.net www.facebook.com adservice.google.com *.doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.salesforce-scrt.com *.bazaarvoice.com maps.googleapis.com *.decibelinsight.net *.decibel.com blob: *.s3.eu-central-1.amazonaws.com fireworkapi1.com *.fireworkapi1.com wss://fireworkapi1.com *.fwpixel.com fireworkanalytics.com fireworkadservices1.com *.agora.io *.sd-rtn.com *.fwcdn3.com *.live-video.net wss://104-166-161-30.edge.agora.io:* wss://104-166-161-30.edge.sd-rtn.com:* wss://104-166-161-32.edge.agora.io:* wss://104-166-161-32.edge.sd-rtn.com:* wss://104-166-161-53.edge.agora.io:* wss://104-166-161-53.edge.sd-rtn.com:*;script-src 'self' *.lego.com www.everestjs.net assets.adobedtm.com *.doubleclick.net www.googletagmanager.com www.googleadservices.com connect.facebook.net bat.bing.com analytics.analytics-egain.com js-agent.newrelic.com bam-cell.nr-data.net d3tdkvfstzj7gy.cloudfront.net maps-api-ssl.google.com maps.googleapis.com cnstrc.com *.iovation.com *.iesnare.com www.paypal.com *.adyen.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.my.site.com *.decibelinsight.net *.decibel.com blob: *.fwcdn3.com 'nonce-gUk0wCR4UGzGnSLr3NaOeTnDwQIVkiDha6vAfxqwNz8=';frame-src 'self' *.lego.com *.adyen.com google.com www.sandbox.paypal.com *.doubleclick.net tpc.googlesyndication.com *.salesforce.com *.force.com *.salesforce-sites.com *.salesforce-scrt.com *.my.site.com connect.facebook.net facebook.com;form-action 'self' *.force.com *.salesforce.com www.paypal.com connect.facebook.net;object-src 'none';base-uri 'self';worker-src blob:;report-uri https://lego.report-uri.com/r/t/csp/wizard
accept-ranges: bytes
content-length: 210
x-xss-protection: 1; mode=block

GET
H2 200 search-dd01108764ce7ddd9a32f4982206bed6.svg Show response
www.lego.com/_next/static/images/ 918 B
3 KB 26ms
26ms Fetch
image/svg+xml 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lego.com/_next/static/images/search-dd01108764ce7ddd9a32f4982206bed6.svg

Requested by

Host: www.lego.com
URL: https://www.lego.com/newrelic.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

6eaaf848f310fe8fa193f76881773c6238dc3d8944fd8f5e9015d9a494dea8b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

traceparent: 00-bf6ef3986058548f2df2d88902335aed-4227f8b9a7f6b778-01
Referer: https://www.lego.com/de-de/stores
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjE3NDY4NzEiLCJhcCI6IjEwMzI0NzQ2OCIsImlkIjoiNDIyN2Y4YjlhN2Y2Yjc3OCIsInRyIjoiYmY2ZWYzOTg2MDU4NTQ4ZjJkZjJkODg5MDIzMzVhZWQiLCJ0aSI6MTczMDM1MDk1MjY3NH19
tracestate: 1746871@nr=0-1-1746871-103247468-4227f8b9a7f6b778----1730350952674

Response headers

surrogate-control: no-store
content-encoding: gzip
etag: W/"396-192d92c5fe8"
x-content-type-options: nosniff
date: Thu, 31 Oct 2024 05:02:32 GMT
content-type: image/svg+xml
last-modified: Tue, 29 Oct 2024 16:46:57 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=53
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
content-security-policy-report-only: default-src 'self' *.lego.com;font-src 'self' fonts.gstatic.com *.legocrm.my.salesforce.com *.lego.com;img-src 'self' *.lego.com data: *.bazaarvoice.com *.akamaihd.net connect.facebook.net www.facebook.com *.doubleclick.net bat.bing.com www.googletagmanager.com bam-cell.nr-data.net *.adyen.com maps.googleapis.com maps.gstatic.com www.paypalobjects.com *.force.com *.salesforce.com *.visualforce.com blob: *.fwpixel.com *.fwcdn3.com *.fireworktv.com;style-src 'self' *.lego.com lego.ugc.bazaarvoice.com *.adyen.com fonts.googleapis.com *.force.com *.salesforce.com *.salesforce-sites.com *.my.site.com 'unsafe-inline';media-src 'self' *.lego.com mpsnare.iesnare.com *.fireworktv.com;connect-src 'self' *.lego.com bat.bing.com dpm.demdex.net lasteventf-tm.everesttech.net www.facebook.com adservice.google.com *.doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.salesforce-scrt.com *.bazaarvoice.com maps.googleapis.com *.decibelinsight.net *.decibel.com blob: *.s3.eu-central-1.amazonaws.com fireworkapi1.com *.fireworkapi1.com wss://fireworkapi1.com *.fwpixel.com fireworkanalytics.com fireworkadservices1.com *.agora.io *.sd-rtn.com *.fwcdn3.com *.live-video.net wss://104-166-161-30.edge.agora.io:* wss://104-166-161-30.edge.sd-rtn.com:* wss://104-166-161-32.edge.agora.io:* wss://104-166-161-32.edge.sd-rtn.com:* wss://104-166-161-53.edge.agora.io:* wss://104-166-161-53.edge.sd-rtn.com:*;script-src 'self' *.lego.com www.everestjs.net assets.adobedtm.com *.doubleclick.net www.googletagmanager.com www.googleadservices.com connect.facebook.net bat.bing.com analytics.analytics-egain.com js-agent.newrelic.com bam-cell.nr-data.net d3tdkvfstzj7gy.cloudfront.net maps-api-ssl.google.com maps.googleapis.com cnstrc.com *.iovation.com *.iesnare.com www.paypal.com *.adyen.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.my.site.com *.decibelinsight.net *.decibel.com blob: *.fwcdn3.com 'nonce-6OuEaidG7nEIiB36lng2auzudQJWct52fSPD08im4ks=';frame-src 'self' *.lego.com *.adyen.com google.com www.sandbox.paypal.com *.doubleclick.net tpc.googlesyndication.com *.salesforce.com *.force.com *.salesforce-sites.com *.salesforce-scrt.com *.my.site.com connect.facebook.net facebook.com;form-action 'self' *.force.com *.salesforce.com www.paypal.com connect.facebook.net;object-src 'none';base-uri 'self';worker-src blob:;report-uri https://lego.report-uri.com/r/t/csp/wizard
accept-ranges: bytes
content-length: 484
x-xss-protection: 1; mode=block

GET
H2 200 account-090c5d3f358caeb1b23cf4bb7fcbadc2.svg Show response
www.lego.com/_next/static/images/ 1015 B
3 KB 38ms
38ms Fetch
image/svg+xml 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lego.com/_next/static/images/account-090c5d3f358caeb1b23cf4bb7fcbadc2.svg

Requested by

Host: www.lego.com
URL: https://www.lego.com/newrelic.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

5ce2545ab7cac8c5d8fff37ccda9a4ca9d21f6fde6da509f638f6be251a97bc7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

traceparent: 00-0222dab6d0ff9a7790d70784c6d02113-6c43b6f36221f265-01
Referer: https://www.lego.com/de-de/stores
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjE3NDY4NzEiLCJhcCI6IjEwMzI0NzQ2OCIsImlkIjoiNmM0M2I2ZjM2MjIxZjI2NSIsInRyIjoiMDIyMmRhYjZkMGZmOWE3NzkwZDcwNzg0YzZkMDIxMTMiLCJ0aSI6MTczMDM1MDk1MjY3NX19
tracestate: 1746871@nr=0-1-1746871-103247468-6c43b6f36221f265----1730350952675

Response headers

surrogate-control: no-store
content-encoding: gzip
etag: W/"3f7-192d92c5fe8"
x-content-type-options: nosniff
date: Thu, 31 Oct 2024 05:02:32 GMT
content-type: image/svg+xml
last-modified: Tue, 29 Oct 2024 16:46:57 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=27
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
content-security-policy-report-only: default-src 'self' *.lego.com;font-src 'self' fonts.gstatic.com *.legocrm.my.salesforce.com *.lego.com;img-src 'self' *.lego.com data: *.bazaarvoice.com *.akamaihd.net connect.facebook.net www.facebook.com *.doubleclick.net bat.bing.com www.googletagmanager.com bam-cell.nr-data.net *.adyen.com maps.googleapis.com maps.gstatic.com www.paypalobjects.com *.force.com *.salesforce.com *.visualforce.com blob: *.fwpixel.com *.fwcdn3.com *.fireworktv.com;style-src 'self' *.lego.com lego.ugc.bazaarvoice.com *.adyen.com fonts.googleapis.com *.force.com *.salesforce.com *.salesforce-sites.com *.my.site.com 'unsafe-inline';media-src 'self' *.lego.com mpsnare.iesnare.com *.fireworktv.com;connect-src 'self' *.lego.com bat.bing.com dpm.demdex.net lasteventf-tm.everesttech.net www.facebook.com adservice.google.com *.doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.salesforce-scrt.com *.bazaarvoice.com maps.googleapis.com *.decibelinsight.net *.decibel.com blob: *.s3.eu-central-1.amazonaws.com fireworkapi1.com *.fireworkapi1.com wss://fireworkapi1.com *.fwpixel.com fireworkanalytics.com fireworkadservices1.com *.agora.io *.sd-rtn.com *.fwcdn3.com *.live-video.net wss://104-166-161-30.edge.agora.io:* wss://104-166-161-30.edge.sd-rtn.com:* wss://104-166-161-32.edge.agora.io:* wss://104-166-161-32.edge.sd-rtn.com:* wss://104-166-161-53.edge.agora.io:* wss://104-166-161-53.edge.sd-rtn.com:*;script-src 'self' *.lego.com www.everestjs.net assets.adobedtm.com *.doubleclick.net www.googletagmanager.com www.googleadservices.com connect.facebook.net bat.bing.com analytics.analytics-egain.com js-agent.newrelic.com bam-cell.nr-data.net d3tdkvfstzj7gy.cloudfront.net maps-api-ssl.google.com maps.googleapis.com cnstrc.com *.iovation.com *.iesnare.com www.paypal.com *.adyen.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.my.site.com *.decibelinsight.net *.decibel.com blob: *.fwcdn3.com 'nonce-7KWZnD78/rufNQDhC+Yn74BmzV1x+wdi/cYlSUzDo3o=';frame-src 'self' *.lego.com *.adyen.com google.com www.sandbox.paypal.com *.doubleclick.net tpc.googlesyndication.com *.salesforce.com *.force.com *.salesforce-sites.com *.salesforce-scrt.com *.my.site.com connect.facebook.net facebook.com;form-action 'self' *.force.com *.salesforce.com www.paypal.com connect.facebook.net;object-src 'none';base-uri 'self';worker-src blob:;report-uri https://lego.report-uri.com/r/t/csp/wizard
accept-ranges: bytes
content-length: 491
x-xss-protection: 1; mode=block

GET
H2 200 wishlist-c558e82002523c6ca49f83762c3a53af.svg Show response
www.lego.com/_next/static/images/ 569 B
3 KB 37ms
36ms Fetch
image/svg+xml 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lego.com/_next/static/images/wishlist-c558e82002523c6ca49f83762c3a53af.svg

Requested by

Host: www.lego.com
URL: https://www.lego.com/newrelic.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

5b9af9b5b88f5d0b41c78a72e73f5bc2a4861343ccef1ecfdb827515c0683349

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

traceparent: 00-7a5e496cf6a7c3db7d1e56d6d8bcc362-bb7c9830b4cebd7d-01
Referer: https://www.lego.com/de-de/stores
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjE3NDY4NzEiLCJhcCI6IjEwMzI0NzQ2OCIsImlkIjoiYmI3Yzk4MzBiNGNlYmQ3ZCIsInRyIjoiN2E1ZTQ5NmNmNmE3YzNkYjdkMWU1NmQ2ZDhiY2MzNjIiLCJ0aSI6MTczMDM1MDk1MjY3NX19
tracestate: 1746871@nr=0-1-1746871-103247468-bb7c9830b4cebd7d----1730350952675

Response headers

surrogate-control: no-store
content-encoding: gzip
etag: W/"239-192d92c5fe8"
x-content-type-options: nosniff
date: Thu, 31 Oct 2024 05:02:32 GMT
content-type: image/svg+xml
last-modified: Tue, 29 Oct 2024 16:46:57 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=25
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
content-security-policy-report-only: default-src 'self' *.lego.com;font-src 'self' fonts.gstatic.com *.legocrm.my.salesforce.com *.lego.com;img-src 'self' *.lego.com data: *.bazaarvoice.com *.akamaihd.net connect.facebook.net www.facebook.com *.doubleclick.net bat.bing.com www.googletagmanager.com bam-cell.nr-data.net *.adyen.com maps.googleapis.com maps.gstatic.com www.paypalobjects.com *.force.com *.salesforce.com *.visualforce.com blob: *.fwpixel.com *.fwcdn3.com *.fireworktv.com;style-src 'self' *.lego.com lego.ugc.bazaarvoice.com *.adyen.com fonts.googleapis.com *.force.com *.salesforce.com *.salesforce-sites.com *.my.site.com 'unsafe-inline';media-src 'self' *.lego.com mpsnare.iesnare.com *.fireworktv.com;connect-src 'self' *.lego.com bat.bing.com dpm.demdex.net lasteventf-tm.everesttech.net www.facebook.com adservice.google.com *.doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.salesforce-scrt.com *.bazaarvoice.com maps.googleapis.com *.decibelinsight.net *.decibel.com blob: *.s3.eu-central-1.amazonaws.com fireworkapi1.com *.fireworkapi1.com wss://fireworkapi1.com *.fwpixel.com fireworkanalytics.com fireworkadservices1.com *.agora.io *.sd-rtn.com *.fwcdn3.com *.live-video.net wss://104-166-161-30.edge.agora.io:* wss://104-166-161-30.edge.sd-rtn.com:* wss://104-166-161-32.edge.agora.io:* wss://104-166-161-32.edge.sd-rtn.com:* wss://104-166-161-53.edge.agora.io:* wss://104-166-161-53.edge.sd-rtn.com:*;script-src 'self' *.lego.com www.everestjs.net assets.adobedtm.com *.doubleclick.net www.googletagmanager.com www.googleadservices.com connect.facebook.net bat.bing.com analytics.analytics-egain.com js-agent.newrelic.com bam-cell.nr-data.net d3tdkvfstzj7gy.cloudfront.net maps-api-ssl.google.com maps.googleapis.com cnstrc.com *.iovation.com *.iesnare.com www.paypal.com *.adyen.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.my.site.com *.decibelinsight.net *.decibel.com blob: *.fwcdn3.com 'nonce-aGPHQszg8tYx6UAi3vTee1UNZ3TRH5YX37ol9e/iVec=';frame-src 'self' *.lego.com *.adyen.com google.com www.sandbox.paypal.com *.doubleclick.net tpc.googlesyndication.com *.salesforce.com *.force.com *.salesforce-sites.com *.salesforce-scrt.com *.my.site.com connect.facebook.net facebook.com;form-action 'self' *.force.com *.salesforce.com www.paypal.com connect.facebook.net;object-src 'none';base-uri 'self';worker-src blob:;report-uri https://lego.report-uri.com/r/t/csp/wizard
accept-ranges: bytes
content-length: 357
x-xss-protection: 1; mode=block

GET
H2 200 bag-300d8ef320c96b29e4f3828b90fbdfb8.svg Show response
www.lego.com/_next/static/images/ 761 B
3 KB 32ms
31ms Fetch
image/svg+xml 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lego.com/_next/static/images/bag-300d8ef320c96b29e4f3828b90fbdfb8.svg

Requested by

Host: www.lego.com
URL: https://www.lego.com/newrelic.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

3994cb66e263fe0d699d807f5e017f6eb8b30de8023ca5b16366063b43ddc179

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

traceparent: 00-19420f51135172bd9391e60fae508946-803c1ef0480b923a-01
Referer: https://www.lego.com/de-de/stores
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjE3NDY4NzEiLCJhcCI6IjEwMzI0NzQ2OCIsImlkIjoiODAzYzFlZjA0ODBiOTIzYSIsInRyIjoiMTk0MjBmNTExMzUxNzJiZDkzOTFlNjBmYWU1MDg5NDYiLCJ0aSI6MTczMDM1MDk1MjY3NX19
tracestate: 1746871@nr=0-1-1746871-103247468-803c1ef0480b923a----1730350952675

Response headers

surrogate-control: no-store
content-encoding: gzip
etag: W/"2f9-192d92c5fe8"
x-content-type-options: nosniff
date: Thu, 31 Oct 2024 05:02:32 GMT
content-type: image/svg+xml
last-modified: Tue, 29 Oct 2024 16:46:57 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=3
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
content-security-policy-report-only: default-src 'self' *.lego.com;font-src 'self' fonts.gstatic.com *.legocrm.my.salesforce.com *.lego.com;img-src 'self' *.lego.com data: *.bazaarvoice.com *.akamaihd.net connect.facebook.net www.facebook.com *.doubleclick.net bat.bing.com www.googletagmanager.com bam-cell.nr-data.net *.adyen.com maps.googleapis.com maps.gstatic.com www.paypalobjects.com *.force.com *.salesforce.com *.visualforce.com blob: *.fwpixel.com *.fwcdn3.com *.fireworktv.com;style-src 'self' *.lego.com lego.ugc.bazaarvoice.com *.adyen.com fonts.googleapis.com *.force.com *.salesforce.com *.salesforce-sites.com *.my.site.com 'unsafe-inline';media-src 'self' *.lego.com mpsnare.iesnare.com *.fireworktv.com;connect-src 'self' *.lego.com bat.bing.com dpm.demdex.net lasteventf-tm.everesttech.net www.facebook.com adservice.google.com *.doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.salesforce-scrt.com *.bazaarvoice.com maps.googleapis.com *.decibelinsight.net *.decibel.com blob: *.s3.eu-central-1.amazonaws.com fireworkapi1.com *.fireworkapi1.com wss://fireworkapi1.com *.fwpixel.com fireworkanalytics.com fireworkadservices1.com *.agora.io *.sd-rtn.com *.fwcdn3.com *.live-video.net wss://104-166-161-30.edge.agora.io:* wss://104-166-161-30.edge.sd-rtn.com:* wss://104-166-161-32.edge.agora.io:* wss://104-166-161-32.edge.sd-rtn.com:* wss://104-166-161-53.edge.agora.io:* wss://104-166-161-53.edge.sd-rtn.com:*;script-src 'self' *.lego.com www.everestjs.net assets.adobedtm.com *.doubleclick.net www.googletagmanager.com www.googleadservices.com connect.facebook.net bat.bing.com analytics.analytics-egain.com js-agent.newrelic.com bam-cell.nr-data.net d3tdkvfstzj7gy.cloudfront.net maps-api-ssl.google.com maps.googleapis.com cnstrc.com *.iovation.com *.iesnare.com www.paypal.com *.adyen.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.my.site.com *.decibelinsight.net *.decibel.com blob: *.fwcdn3.com 'nonce-lDXhFmeCKTcbFQEuh/6a4wXMyCLr6F6QZjitiZ0jnZQ=';frame-src 'self' *.lego.com *.adyen.com google.com www.sandbox.paypal.com *.doubleclick.net tpc.googlesyndication.com *.salesforce.com *.force.com *.salesforce-sites.com *.salesforce-scrt.com *.my.site.com connect.facebook.net facebook.com;form-action 'self' *.force.com *.salesforce.com www.paypal.com connect.facebook.net;object-src 'none';base-uri 'self';worker-src blob:;report-uri https://lego.report-uri.com/r/t/csp/wizard
accept-ranges: bytes
content-length: 462
x-xss-protection: 1; mode=block

GET
H2 200 favicon-32x32.png
www.lego.com/ 2 KB
4 KB 22ms
22ms Other
image/png 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lego.com/favicon-32x32.png

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

4441197109e31f53a0ce2103fac8a315e3ffd5bec98f5c3c5769d0244eab8e85

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.lego.com/de-de/stores

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=1090750
etag: W/"749-19200662c48"
content-security-policy-report-only: default-src 'self' *.lego.com;font-src 'self' fonts.gstatic.com *.legocrm.my.salesforce.com *.lego.com;img-src 'self' *.lego.com data: *.bazaarvoice.com *.akamaihd.net connect.facebook.net www.facebook.com *.doubleclick.net bat.bing.com www.googletagmanager.com bam-cell.nr-data.net *.adyen.com maps.googleapis.com maps.gstatic.com www.paypalobjects.com *.force.com *.salesforce.com *.visualforce.com blob: *.fwpixel.com *.fwcdn3.com *.fireworktv.com;style-src 'self' *.lego.com lego.ugc.bazaarvoice.com *.adyen.com fonts.googleapis.com *.force.com *.salesforce.com *.salesforce-sites.com *.my.site.com 'unsafe-inline';media-src 'self' *.lego.com mpsnare.iesnare.com *.fireworktv.com;connect-src 'self' *.lego.com bat.bing.com dpm.demdex.net lasteventf-tm.everesttech.net www.facebook.com adservice.google.com *.doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.salesforce-scrt.com *.bazaarvoice.com maps.googleapis.com *.decibelinsight.net *.decibel.com blob: *.s3.eu-central-1.amazonaws.com fireworkapi1.com *.fireworkapi1.com wss://fireworkapi1.com *.fwpixel.com fireworkanalytics.com fireworkadservices1.com *.agora.io *.sd-rtn.com *.fwcdn3.com *.live-video.net wss://104-166-161-30.edge.agora.io:* wss://104-166-161-30.edge.sd-rtn.com:* wss://104-166-161-32.edge.agora.io:* wss://104-166-161-32.edge.sd-rtn.com:* wss://104-166-161-53.edge.agora.io:* wss://104-166-161-53.edge.sd-rtn.com:*;script-src 'self' *.lego.com www.everestjs.net assets.adobedtm.com *.doubleclick.net www.googletagmanager.com www.googleadservices.com connect.facebook.net bat.bing.com analytics.analytics-egain.com js-agent.newrelic.com bam-cell.nr-data.net d3tdkvfstzj7gy.cloudfront.net maps-api-ssl.google.com maps.googleapis.com cnstrc.com *.iovation.com *.iesnare.com www.paypal.com *.adyen.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.my.site.com *.decibelinsight.net *.decibel.com blob: *.fwcdn3.com 'nonce-SgSl/1AgteloC8RwDweh8h2zRXxF9MZDYyYP//jn3HA=';frame-src 'self' *.lego.com *.adyen.com google.com www.sandbox.paypal.com *.doubleclick.net tpc.googlesyndication.com *.salesforce.com *.force.com *.salesforce-sites.com *.salesforce-scrt.com *.my.site.com connect.facebook.net facebook.com;form-action 'self' *.force.com *.salesforce.com www.paypal.com connect.facebook.net;object-src 'none';base-uri 'self';worker-src blob:;report-uri https://lego.report-uri.com/r/t/csp/wizard
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 1865
date: Thu, 31 Oct 2024 05:02:32 GMT
x-xss-protection: 1; mode=block
content-type: image/png
last-modified: Tue, 17 Sep 2024 14:32:29 GMT
x-frame-options: SAMEORIGIN

GET
H2 200 StoresBackground-e9b243aa547f22d98e2b3bc7e2acd8ee.jpg
www.lego.com/_next/static/images/ 87 KB
89 KB 464ms
464ms Image
image/jpeg 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.lego.com/_next/static/images/StoresBackground-e9b243aa547f22d98e2b3bc7e2acd8ee.jpg

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

63d7835785729bae49c97bd348d38d1921df961e0d5366e4f74d377791f3c4e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.lego.com/de-de/stores

Response headers

surrogate-control: no-store
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=60
pragma: no-cache
etag: W/"15d14-192d92c5fe8"
content-security-policy-report-only: default-src 'self' *.lego.com;font-src 'self' fonts.gstatic.com *.legocrm.my.salesforce.com *.lego.com;img-src 'self' *.lego.com data: *.bazaarvoice.com *.akamaihd.net connect.facebook.net www.facebook.com *.doubleclick.net bat.bing.com www.googletagmanager.com bam-cell.nr-data.net *.adyen.com maps.googleapis.com maps.gstatic.com www.paypalobjects.com *.force.com *.salesforce.com *.visualforce.com blob: *.fwpixel.com *.fwcdn3.com *.fireworktv.com;style-src 'self' *.lego.com lego.ugc.bazaarvoice.com *.adyen.com fonts.googleapis.com *.force.com *.salesforce.com *.salesforce-sites.com *.my.site.com 'unsafe-inline';media-src 'self' *.lego.com mpsnare.iesnare.com *.fireworktv.com;connect-src 'self' *.lego.com bat.bing.com dpm.demdex.net lasteventf-tm.everesttech.net www.facebook.com adservice.google.com *.doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.salesforce-scrt.com *.bazaarvoice.com maps.googleapis.com *.decibelinsight.net *.decibel.com blob: *.s3.eu-central-1.amazonaws.com fireworkapi1.com *.fireworkapi1.com wss://fireworkapi1.com *.fwpixel.com fireworkanalytics.com fireworkadservices1.com *.agora.io *.sd-rtn.com *.fwcdn3.com *.live-video.net wss://104-166-161-30.edge.agora.io:* wss://104-166-161-30.edge.sd-rtn.com:* wss://104-166-161-32.edge.agora.io:* wss://104-166-161-32.edge.sd-rtn.com:* wss://104-166-161-53.edge.agora.io:* wss://104-166-161-53.edge.sd-rtn.com:*;script-src 'self' *.lego.com www.everestjs.net assets.adobedtm.com *.doubleclick.net www.googletagmanager.com www.googleadservices.com connect.facebook.net bat.bing.com analytics.analytics-egain.com js-agent.newrelic.com bam-cell.nr-data.net d3tdkvfstzj7gy.cloudfront.net maps-api-ssl.google.com maps.googleapis.com cnstrc.com *.iovation.com *.iesnare.com www.paypal.com *.adyen.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.my.site.com *.decibelinsight.net *.decibel.com blob: *.fwcdn3.com 'nonce-gewM39h2ZvaHldUg/dwXhdoBhSo1/w5LOd1J6tFwmtI=';frame-src 'self' *.lego.com *.adyen.com google.com www.sandbox.paypal.com *.doubleclick.net tpc.googlesyndication.com *.salesforce.com *.force.com *.salesforce-sites.com *.salesforce-scrt.com *.my.site.com connect.facebook.net facebook.com;form-action 'self' *.force.com *.salesforce.com www.paypal.com connect.facebook.net;object-src 'none';base-uri 'self';worker-src blob:;report-uri https://lego.report-uri.com/r/t/csp/wizard
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 89364
date: Thu, 31 Oct 2024 05:02:33 GMT
x-xss-protection: 1; mode=block
content-type: image/jpeg
last-modified: Tue, 29 Oct 2024 16:46:57 GMT
x-frame-options: SAMEORIGIN

POST
H3 429 wizard
lego.report-uri.com/r/t/csp/ 11 B
584 B 66ms
34ms Other
text/plain 104.17.215.66
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://lego.report-uri.com/r/t/csp/wizard

Requested by

Host: www.lego.com
URL: https://www.lego.com/newrelic.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.215.66 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e0d16bf5e01d2ff730972fa1fe313ada0ee57d21f79add57d2d70d7fe47a2aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: application/csp-report
Referer: https://www.lego.com/

Response headers

strict-transport-security: max-age=63113904; includeSubDomains; preload
nel: {"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
report-to: {"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
cf-ray: 8db117eee9e12c2d-FRA
alt-svc: h3=":443"; ma=86400
content-length: 11
date: Thu, 31 Oct 2024 05:02:32 GMT
content-type: text/plain
vary: Accept-Encoding
server: cloudflare

POST
H/1.1 200 df07c5d304 Show response
bam.nr-data.net/1/ 179 B
620 B 150ms
116ms XHR
text/plain 162.247.243.29
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/1/df07c5d304?a=103247242&sa=1&v=1.250.0&t=Unnamed%20Transaction&rst=1550&ck=0&s=2d6736850c12c9dd&ref=https://www.lego.com/de-de/stores&hr=0&af=err,xhr,stn,ins,spa&be=1032&fe=268&dc=259&fsh=1&perf=%7B%22timing%22:%7B%22of%22:1730350951201,%22n%22:0,%22f%22:412,%22dn%22:412,%22dne%22:412,%22c%22:412,%22s%22:412,%22ce%22:412,%22rq%22:413,%22rp%22:1032,%22rpe%22:1055,%22di%22:1148,%22ds%22:1291,%22de%22:1291,%22dc%22:1299,%22l%22:1299,%22le%22:1300%7D,%22navigation%22:%7B%7D%7D&fp=1214&fcp=1214
Requested by: Host: www.lego.com
URL: https://www.lego.com/newrelic.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.243.29 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e01e3df94087aa77d2da0fff9dff64b6892f8d7a5d429960afee7f020a90ebae

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.lego.com/

Response headers

access-control-expose-headers: Date
timing-allow-origin: https://www.lego.com
cross-origin-resource-policy: cross-origin
Connection: keep-alive
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
access-control-allow-origin: https://www.lego.com
Content-Length: 179
date: Thu, 31 Oct 2024 05:02:32 GMT
content-type: text/plain
x-served-by: cache-fra-etou8220117-FRA

GET
H2 200 gen_204 Show response
maps.googleapis.com/maps/api/mapsjs/ 3 B
225 B 59ms
58ms XHR
application/json 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true

Requested by

Host: www.lego.com
URL: https://www.lego.com/newrelic.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.lego.com/

Response headers

cache-control: private
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
content-encoding: gzip
x-content-type-options: nosniff
access-control-allow-origin: https://www.lego.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23
date: Thu, 31 Oct 2024 05:02:32 GMT
x-xss-protection: 0
content-type: application/json; charset=UTF-8
vary: Origin, X-Origin, Referer
server: scaffolding on HTTPServer2
x-frame-options: SAMEORIGIN

GET
H3 200 common.js Show response
maps.googleapis.com/maps-api-v3/api/js/58/11a/intl/de_ALL/ 267 KB
56 KB 17ms
16ms Script
text/javascript 172.217.18.106
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps-api-v3/api/js/58/11a/intl/de_ALL/common.js

Requested by

Host: www.lego.com
URL: https://www.lego.com/newrelic.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.106 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f10.1e100.net

Software

sffe /

Resource Hash

415683bd714195a6f4c3c6d729c1e8f5061a26b5edf54cc5ac1317ad3309d7e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.lego.com/

Response headers

content-encoding: br
age: 43302
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
x-content-type-options: nosniff
expires: Thu, 30 Oct 2025 17:00:50 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 30 Oct 2024 17:00:50 GMT
last-modified: Tue, 29 Oct 2024 22:44:00 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
accept-ranges: bytes
content-length: 56957
x-xss-protection: 0
server: sffe

GET
H3 200 util.js Show response
maps.googleapis.com/maps-api-v3/api/js/58/11a/intl/de_ALL/ 191 KB
58 KB 18ms
18ms Script
text/javascript 172.217.18.106
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps-api-v3/api/js/58/11a/intl/de_ALL/util.js

Requested by

Host: www.lego.com
URL: https://www.lego.com/newrelic.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.106 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f10.1e100.net

Software

sffe /

Resource Hash

f997e0f2a67fae6c99b9466b56e583964feecb57b1635eaf35b4c8fbcc510919

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.lego.com/

Response headers

content-encoding: br
age: 43302
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
x-content-type-options: nosniff
expires: Thu, 30 Oct 2025 17:00:50 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 30 Oct 2024 17:00:50 GMT
last-modified: Tue, 29 Oct 2024 22:44:00 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
accept-ranges: bytes
content-length: 59598
x-xss-protection: 0
server: sffe

GET
H3 200 controls.js Show response
maps.googleapis.com/maps-api-v3/api/js/58/11a/intl/de_ALL/ 99 KB
26 KB 30ms
30ms Script
text/javascript 172.217.18.106
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps-api-v3/api/js/58/11a/intl/de_ALL/controls.js

Requested by

Host: www.lego.com
URL: https://www.lego.com/newrelic.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.106 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f10.1e100.net

Software

sffe /

Resource Hash

c65a4e113463e270a4ee54aa3b0a7f3396f438474af4e78c29dbeaca6da295e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.lego.com/

Response headers

content-encoding: br
age: 43298
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
x-content-type-options: nosniff
expires: Thu, 30 Oct 2025 17:00:54 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 30 Oct 2024 17:00:54 GMT
last-modified: Tue, 29 Oct 2024 22:44:00 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
accept-ranges: bytes
content-length: 26659
x-xss-protection: 0
server: sffe

GET
H3 200 places_impl.js Show response
maps.googleapis.com/maps-api-v3/api/js/58/11a/intl/de_ALL/ 45 KB
14 KB 28ms
28ms Script
text/javascript 172.217.18.106
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps-api-v3/api/js/58/11a/intl/de_ALL/places_impl.js

Requested by

Host: www.lego.com
URL: https://www.lego.com/newrelic.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.106 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f10.1e100.net

Software

sffe /

Resource Hash

c23d1728cfd67f7ebd8e289c2f7ea84648c77bf3bac25de63c60aa8e85db151f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.lego.com/

Response headers

content-encoding: br
age: 43296
report-to: {"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
x-content-type-options: nosniff
expires: Thu, 30 Oct 2025 17:00:56 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 30 Oct 2024 17:00:56 GMT
last-modified: Tue, 29 Oct 2024 22:44:00 GMT
content-type: text/javascript
vary: Accept-Encoding, Origin
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="maps-api-js"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
accept-ranges: bytes
content-length: 14122
x-xss-protection: 0
server: sffe

GET
H2 200 newrelic.js Show response
www.lego.com/ Frame 3C4C 111 KB
0 16ms
16ms Script
application/javascript 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lego.com/newrelic.js

Requested by

Host: www.lego.com
URL: https://www.lego.com/identity/callback

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

8b72f78c410b7a135448aa0772466867c39cdab2b688f5173ebc91dbe87de7c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.lego.com/identity/callback

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=1217341
content-encoding: gzip
etag: W/"1bda1-19200662c48"
referrer-policy: strict-origin-when-cross-origin
content-security-policy-report-only: default-src 'self' *.lego.com;font-src 'self' fonts.gstatic.com *.legocrm.my.salesforce.com *.lego.com;img-src 'self' *.lego.com data: *.bazaarvoice.com *.akamaihd.net connect.facebook.net www.facebook.com *.doubleclick.net bat.bing.com www.googletagmanager.com bam-cell.nr-data.net *.adyen.com maps.googleapis.com maps.gstatic.com www.paypalobjects.com *.force.com *.salesforce.com *.visualforce.com blob: *.fwpixel.com *.fwcdn3.com *.fireworktv.com;style-src 'self' *.lego.com lego.ugc.bazaarvoice.com *.adyen.com fonts.googleapis.com *.force.com *.salesforce.com *.salesforce-sites.com *.my.site.com 'unsafe-inline';media-src 'self' *.lego.com mpsnare.iesnare.com *.fireworktv.com;connect-src 'self' *.lego.com bat.bing.com dpm.demdex.net lasteventf-tm.everesttech.net www.facebook.com adservice.google.com *.doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.salesforce-scrt.com *.bazaarvoice.com maps.googleapis.com *.decibelinsight.net *.decibel.com blob: *.s3.eu-central-1.amazonaws.com fireworkapi1.com *.fireworkapi1.com wss://fireworkapi1.com *.fwpixel.com fireworkanalytics.com fireworkadservices1.com *.agora.io *.sd-rtn.com *.fwcdn3.com *.live-video.net wss://104-166-161-30.edge.agora.io:* wss://104-166-161-30.edge.sd-rtn.com:* wss://104-166-161-32.edge.agora.io:* wss://104-166-161-32.edge.sd-rtn.com:* wss://104-166-161-53.edge.agora.io:* wss://104-166-161-53.edge.sd-rtn.com:*;script-src 'self' *.lego.com www.everestjs.net assets.adobedtm.com *.doubleclick.net www.googletagmanager.com www.googleadservices.com connect.facebook.net bat.bing.com analytics.analytics-egain.com js-agent.newrelic.com bam-cell.nr-data.net d3tdkvfstzj7gy.cloudfront.net maps-api-ssl.google.com maps.googleapis.com cnstrc.com *.iovation.com *.iesnare.com www.paypal.com *.adyen.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.my.site.com *.decibelinsight.net *.decibel.com blob: *.fwcdn3.com 'nonce-eRZVsHlzZJ+FpFFzZ8cFARrOGxMBrT/elFeUMK/8Ao0=';frame-src 'self' *.lego.com *.adyen.com google.com www.sandbox.paypal.com *.doubleclick.net tpc.googlesyndication.com *.salesforce.com *.force.com *.salesforce-sites.com *.salesforce-scrt.com *.my.site.com connect.facebook.net facebook.com;form-action 'self' *.force.com *.salesforce.com www.paypal.com connect.facebook.net;object-src 'none';base-uri 'self';worker-src blob:;report-uri https://lego.report-uri.com/r/t/csp/wizard
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 24257
date: Thu, 31 Oct 2024 05:02:32 GMT
x-xss-protection: 1; mode=block
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 17 Sep 2024 14:32:29 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H2 304 36a42b2b11ec6fa7.css
www.lego.com/_next/static/css/ Frame 3C4C 143 KB
212 B 25ms
22ms Stylesheet
text/css 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lego.com/_next/static/css/36a42b2b11ec6fa7.css

Requested by

Host: www.lego.com
URL: https://www.lego.com/identity/callback

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

1c5d9446fc27b14579ed8d1e36b214868d50867e945855735a3d61b448a9e7b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

If-None-Match: W/"23c88-192b9f6df68"
Referer: https://www.lego.com/identity/callback
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
If-Modified-Since: Wed, 23 Oct 2024 15:20:17 GMT

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=30884964
etag: W/"23c88-192b9f6df68"
x-content-type-options: nosniff
date: Thu, 31 Oct 2024 05:02:32 GMT
x-xss-protection: 1; mode=block
content-type: text/css; charset=UTF-8
last-modified: Wed, 23 Oct 2024 15:20:17 GMT

GET
H2 200 cf93c172289f3e41.css
www.lego.com/_next/static/css/ Frame 3C4C 450 B
3 KB 25ms
23ms Stylesheet
text/css 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lego.com/_next/static/css/cf93c172289f3e41.css

Requested by

Host: www.lego.com
URL: https://www.lego.com/identity/callback

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

8a7686a940955b091daf23fab867de6544edb6b54f6703418978578c3016d38d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.lego.com/identity/callback

Response headers

surrogate-control: no-store
content-encoding: gzip
etag: W/"1c2-191e087bdb0"
x-content-type-options: nosniff
date: Thu, 31 Oct 2024 05:02:32 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 11 Sep 2024 10:01:18 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=29504074
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
content-security-policy-report-only: default-src 'self' *.lego.com;font-src 'self' fonts.gstatic.com *.legocrm.my.salesforce.com *.lego.com;img-src 'self' *.lego.com data: *.bazaarvoice.com *.akamaihd.net connect.facebook.net www.facebook.com *.doubleclick.net bat.bing.com www.googletagmanager.com bam-cell.nr-data.net *.adyen.com maps.googleapis.com maps.gstatic.com www.paypalobjects.com *.force.com *.salesforce.com *.visualforce.com blob: *.fwpixel.com *.fwcdn3.com *.fireworktv.com;style-src 'self' *.lego.com lego.ugc.bazaarvoice.com *.adyen.com fonts.googleapis.com *.force.com *.salesforce.com *.salesforce-sites.com *.my.site.com 'unsafe-inline';media-src 'self' *.lego.com mpsnare.iesnare.com *.fireworktv.com;connect-src 'self' *.lego.com bat.bing.com dpm.demdex.net lasteventf-tm.everesttech.net www.facebook.com adservice.google.com *.doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.salesforce-scrt.com *.bazaarvoice.com maps.googleapis.com *.decibelinsight.net *.decibel.com blob: *.s3.eu-central-1.amazonaws.com fireworkapi1.com *.fireworkapi1.com wss://fireworkapi1.com *.fwpixel.com fireworkanalytics.com fireworkadservices1.com *.agora.io *.sd-rtn.com *.fwcdn3.com *.live-video.net wss://104-166-161-30.edge.agora.io:* wss://104-166-161-30.edge.sd-rtn.com:* wss://104-166-161-32.edge.agora.io:* wss://104-166-161-32.edge.sd-rtn.com:* wss://104-166-161-53.edge.agora.io:* wss://104-166-161-53.edge.sd-rtn.com:*;script-src 'self' *.lego.com www.everestjs.net assets.adobedtm.com *.doubleclick.net www.googletagmanager.com www.googleadservices.com connect.facebook.net bat.bing.com analytics.analytics-egain.com js-agent.newrelic.com bam-cell.nr-data.net d3tdkvfstzj7gy.cloudfront.net maps-api-ssl.google.com maps.googleapis.com cnstrc.com *.iovation.com *.iesnare.com www.paypal.com *.adyen.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.my.site.com *.decibelinsight.net *.decibel.com blob: *.fwcdn3.com 'nonce-TiXudyze3P1g5/FE93RPB0x/cZkRVB2tKIGXcu2Hbls=';frame-src 'self' *.lego.com *.adyen.com google.com www.sandbox.paypal.com *.doubleclick.net tpc.googlesyndication.com *.salesforce.com *.force.com *.salesforce-sites.com *.salesforce-scrt.com *.my.site.com connect.facebook.net facebook.com;form-action 'self' *.force.com *.salesforce.com www.paypal.com connect.facebook.net;object-src 'none';base-uri 'self';worker-src blob:;report-uri https://lego.report-uri.com/r/t/csp/wizard
accept-ranges: bytes
content-length: 324
x-xss-protection: 1; mode=block

GET
H2 304 webpack-9dcaf0addb8bd1a6.js Show response
www.lego.com/_next/static/chunks/ Frame 3C4C 10 KB
221 B 35ms
27ms Script
application/javascript 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lego.com/_next/static/chunks/webpack-9dcaf0addb8bd1a6.js

Requested by

Host: www.lego.com
URL: https://www.lego.com/identity/callback

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

1f791b3037b2ebcd9cdd397985ae5cee277f49f30188d08f05ef26d6334d6156

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

If-None-Match: W/"26ef-192d92c5fe8"
Referer: https://www.lego.com/identity/callback
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
If-Modified-Since: Tue, 29 Oct 2024 16:46:57 GMT

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31469466
etag: W/"26ef-192d92c5fe8"
x-content-type-options: nosniff
date: Thu, 31 Oct 2024 05:02:32 GMT
x-xss-protection: 1; mode=block
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 29 Oct 2024 16:46:57 GMT

GET
H2 304 framework-895245ddb8ded7aa.js Show response
www.lego.com/_next/static/chunks/ Frame 3C4C 138 KB
221 B 36ms
27ms Script
application/javascript 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lego.com/_next/static/chunks/framework-895245ddb8ded7aa.js

Requested by

Host: www.lego.com
URL: https://www.lego.com/identity/callback

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

eb0e63b87ec0f72593b405383f8f4e423e87e3916b6afc78b927006aa921fd92

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

If-None-Match: W/"228ab-191c80f8510"
Referer: https://www.lego.com/identity/callback
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
If-Modified-Since: Fri, 06 Sep 2024 15:59:06 GMT

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=30807522
etag: W/"228ab-191c80f8510"
x-content-type-options: nosniff
date: Thu, 31 Oct 2024 05:02:32 GMT
x-xss-protection: 1; mode=block
content-type: application/javascript; charset=UTF-8
last-modified: Fri, 06 Sep 2024 15:59:06 GMT

GET
H2 304 main-9aece1aa182f842b.js Show response
www.lego.com/_next/static/chunks/ Frame 3C4C 58 KB
221 B 36ms
28ms Script
application/javascript 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lego.com/_next/static/chunks/main-9aece1aa182f842b.js

Requested by

Host: www.lego.com
URL: https://www.lego.com/identity/callback

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

cbe1f12a684d8f2eecd6cd871264adf7c5a09a7b68c37b719e3e82a1271a4320

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

If-None-Match: W/"e7cb-183c769d3a8"
Referer: https://www.lego.com/identity/callback
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
If-Modified-Since: Tue, 11 Oct 2022 14:19:05 GMT

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31319610
etag: W/"e7cb-183c769d3a8"
x-content-type-options: nosniff
date: Thu, 31 Oct 2024 05:02:32 GMT
x-xss-protection: 1; mode=block
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 11 Oct 2022 14:19:05 GMT

GET
H2 304 _app-4c8b509286683cbb.js Show response
www.lego.com/_next/static/chunks/pages/ Frame 3C4C 1 MB
222 B 37ms
28ms Script
application/javascript 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lego.com/_next/static/chunks/pages/_app-4c8b509286683cbb.js

Requested by

Host: www.lego.com
URL: https://www.lego.com/identity/callback

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

2cd0e23e5ece69741cc0f2901a301c0ff6e3925dbdf40e18f3f79913e64b0d62

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

If-None-Match: W/"125d9e-192d92c5fe8"
Referer: https://www.lego.com/identity/callback
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
If-Modified-Since: Tue, 29 Oct 2024 16:46:57 GMT

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31469790
etag: W/"125d9e-192d92c5fe8"
x-content-type-options: nosniff
date: Thu, 31 Oct 2024 05:02:32 GMT
x-xss-protection: 1; mode=block
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 29 Oct 2024 16:46:57 GMT

GET
H2 200 callback-55796c46db1c8a90.js Show response
www.lego.com/_next/static/chunks/pages/identity/ Frame 3C4C 54 KB
26 KB 39ms
31ms Script
application/javascript 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lego.com/_next/static/chunks/pages/identity/callback-55796c46db1c8a90.js

Requested by

Host: www.lego.com
URL: https://www.lego.com/identity/callback

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

940247ef8ca92438f4141a3d61227340105c3f12648f211eacafddc31cb3eb6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.lego.com/identity/callback

Response headers

surrogate-control: no-store
content-encoding: gzip
etag: W/"d96b-192d4a77bd8"
x-content-type-options: nosniff
date: Thu, 31 Oct 2024 05:02:32 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Mon, 28 Oct 2024 19:43:19 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31385038
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
content-security-policy-report-only: default-src 'self' *.lego.com;font-src 'self' fonts.gstatic.com *.legocrm.my.salesforce.com *.lego.com;img-src 'self' *.lego.com data: *.bazaarvoice.com *.akamaihd.net connect.facebook.net www.facebook.com *.doubleclick.net bat.bing.com www.googletagmanager.com bam-cell.nr-data.net *.adyen.com maps.googleapis.com maps.gstatic.com www.paypalobjects.com *.force.com *.salesforce.com *.visualforce.com blob: *.fwpixel.com *.fwcdn3.com *.fireworktv.com;style-src 'self' *.lego.com lego.ugc.bazaarvoice.com *.adyen.com fonts.googleapis.com *.force.com *.salesforce.com *.salesforce-sites.com *.my.site.com 'unsafe-inline';media-src 'self' *.lego.com mpsnare.iesnare.com *.fireworktv.com;connect-src 'self' *.lego.com bat.bing.com dpm.demdex.net lasteventf-tm.everesttech.net www.facebook.com adservice.google.com *.doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.salesforce-scrt.com *.bazaarvoice.com maps.googleapis.com *.decibelinsight.net *.decibel.com blob: *.s3.eu-central-1.amazonaws.com fireworkapi1.com *.fireworkapi1.com wss://fireworkapi1.com *.fwpixel.com fireworkanalytics.com fireworkadservices1.com *.agora.io *.sd-rtn.com *.fwcdn3.com *.live-video.net wss://104-166-161-30.edge.agora.io:* wss://104-166-161-30.edge.sd-rtn.com:* wss://104-166-161-32.edge.agora.io:* wss://104-166-161-32.edge.sd-rtn.com:* wss://104-166-161-53.edge.agora.io:* wss://104-166-161-53.edge.sd-rtn.com:*;script-src 'self' *.lego.com www.everestjs.net assets.adobedtm.com *.doubleclick.net www.googletagmanager.com www.googleadservices.com connect.facebook.net bat.bing.com analytics.analytics-egain.com js-agent.newrelic.com bam-cell.nr-data.net d3tdkvfstzj7gy.cloudfront.net maps-api-ssl.google.com maps.googleapis.com cnstrc.com *.iovation.com *.iesnare.com www.paypal.com *.adyen.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.my.site.com *.decibelinsight.net *.decibel.com blob: *.fwcdn3.com 'nonce-p1ho8d27PMBc9JJm4t3G7L3+NSDATFb2MFZj+Y8FxWo=';frame-src 'self' *.lego.com *.adyen.com google.com www.sandbox.paypal.com *.doubleclick.net tpc.googlesyndication.com *.salesforce.com *.force.com *.salesforce-sites.com *.salesforce-scrt.com *.my.site.com connect.facebook.net facebook.com;form-action 'self' *.force.com *.salesforce.com www.paypal.com connect.facebook.net;object-src 'none';base-uri 'self';worker-src blob:;report-uri https://lego.report-uri.com/r/t/csp/wizard
accept-ranges: bytes
content-length: 23849
x-xss-protection: 1; mode=block

GET
H2 304 _buildManifest.js Show response
www.lego.com/_next/static/bX9wJe9dk5bJq8_n849C7/ Frame 3C4C 18 KB
221 B 37ms
29ms Script
application/javascript 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lego.com/_next/static/bX9wJe9dk5bJq8_n849C7/_buildManifest.js

Requested by

Host: www.lego.com
URL: https://www.lego.com/identity/callback

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

23439ff56447e76ff7f6fcc7cca971aa52f6f3c1ce7dbf8cb087ba2904f47ad6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

If-None-Match: W/"4725-192d92c5fe8"
Referer: https://www.lego.com/identity/callback
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
If-Modified-Since: Tue, 29 Oct 2024 16:46:57 GMT

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31469444
etag: W/"4725-192d92c5fe8"
x-content-type-options: nosniff
date: Thu, 31 Oct 2024 05:02:32 GMT
x-xss-protection: 1; mode=block
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 29 Oct 2024 16:46:57 GMT

GET
H2 304 _ssgManifest.js Show response
www.lego.com/_next/static/bX9wJe9dk5bJq8_n849C7/ Frame 3C4C 77 B
219 B 38ms
30ms Script
application/javascript 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lego.com/_next/static/bX9wJe9dk5bJq8_n849C7/_ssgManifest.js

Requested by

Host: www.lego.com
URL: https://www.lego.com/identity/callback

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

If-None-Match: W/"4d-192d92c5fe8"
Referer: https://www.lego.com/identity/callback
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
If-Modified-Since: Tue, 29 Oct 2024 16:46:57 GMT

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31469505
etag: W/"4d-192d92c5fe8"
x-content-type-options: nosniff
date: Thu, 31 Oct 2024 05:02:32 GMT
x-xss-protection: 1; mode=block
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 29 Oct 2024 16:46:57 GMT

GET
H2 304 _middlewareManifest.js Show response
www.lego.com/_next/static/bX9wJe9dk5bJq8_n849C7/ Frame 3C4C 108 B
219 B 38ms
30ms Script
application/javascript 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lego.com/_next/static/bX9wJe9dk5bJq8_n849C7/_middlewareManifest.js

Requested by

Host: www.lego.com
URL: https://www.lego.com/identity/callback

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

81a190e5f3d97c468124a58cdada8235d90df6a3f599a146d94360d6c37ebce7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

If-None-Match: W/"6c-192d92e2cd8"
Referer: https://www.lego.com/identity/callback
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
If-Modified-Since: Tue, 29 Oct 2024 16:48:55 GMT

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31469532
etag: W/"6c-192d92e2cd8"
x-content-type-options: nosniff
date: Thu, 31 Oct 2024 05:02:32 GMT
x-xss-protection: 1; mode=block
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 29 Oct 2024 16:48:55 GMT

GET
H2 200 CeraPro-Bold.woff2
assets.lego.com/fonts/v3/cera-pro/ Frame 3C4C 45 KB
0 18ms
17ms Font
font/woff2 52.222.214.114
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.lego.com/fonts/v3/cera-pro/CeraPro-Bold.woff2
Requested by: Host: www.lego.com
URL: https://www.lego.com/_next/static/css/36a42b2b11ec6fa7.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-114.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer

Response headers

etag: "f9bac5cd373511f7b8b02862984933c8"
age: 60642
x-cache: Hit from cloudfront
x-amz-cf-id: X6vXUOWO_KxkNe6DZSxjVsxLR2vUMb7g4yH1_r1yqQszpJnLC-AtWg==
date: Wed, 30 Oct 2024 12:11:51 GMT
content-type: font/woff2
vary: Accept-Encoding
last-modified: Wed, 23 Oct 2024 12:06:00 GMT
cache-control: max-age=31536000, public
via: 1.1 29f7132906866b79866659848b3a3b68.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 46304
x-amz-cf-pop: FRA56-P3
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 CeraPro-Medium.woff2
assets.lego.com/fonts/v3/cera-pro/ Frame 3C4C 46 KB
0 10ms
9ms Font
font/woff2 52.222.214.114
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.lego.com/fonts/v3/cera-pro/CeraPro-Medium.woff2
Requested by: Host: www.lego.com
URL: https://www.lego.com/_next/static/css/36a42b2b11ec6fa7.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-114.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer

Response headers

cache-control: max-age=31536000, public
etag: "561288a6b423c7c1faac8255747dd732"
age: 448476
via: 1.1 29f7132906866b79866659848b3a3b68.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
x-cache: Hit from cloudfront
content-length: 46764
x-amz-cf-id: Ds0Vs3EeSTn-h1Fuy6M2BR8wA-819r_Egw0I8GY1acK12A9XUptN3g==
date: Wed, 30 Oct 2024 12:11:51 GMT
content-type: font/woff2
last-modified: Wed, 23 Oct 2024 12:06:01 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256

GET
H2 200 CeraPro-Regular.woff2
assets.lego.com/fonts/v3/cera-pro/ Frame 3C4C 46 KB
0 42ms
8ms Font
font/woff2 52.222.214.114
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.lego.com/fonts/v3/cera-pro/CeraPro-Regular.woff2
Requested by: Host: www.lego.com
URL: https://www.lego.com/identity/callback
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-114.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer

Response headers

etag: "bd818dce28b0e42919636be4fd356e51"
age: 60642
x-cache: Hit from cloudfront
x-amz-cf-id: -WH5Ue20yvzx11rozykMXdjlLG4IbffwdkDv-3GuPWebTcWAF_Ekgw==
date: Wed, 30 Oct 2024 12:11:51 GMT
content-type: font/woff2
vary: Accept-Encoding
last-modified: Wed, 23 Oct 2024 12:06:01 GMT
cache-control: max-age=31536000, public
via: 1.1 29f7132906866b79866659848b3a3b68.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 46852
x-amz-cf-pop: FRA56-P3
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 CeraPro-RegularItalic.woff2
assets.lego.com/fonts/v3/cera-pro/ Frame 3C4C 48 KB
0 12ms
11ms Font
font/woff2 52.222.214.114
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.lego.com/fonts/v3/cera-pro/CeraPro-RegularItalic.woff2
Requested by: Host: www.lego.com
URL: https://www.lego.com/_next/static/css/36a42b2b11ec6fa7.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-114.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer

Response headers

etag: "4a1fb48b778ea171e643ddbc237661dd"
age: 60642
x-cache: Hit from cloudfront
x-amz-cf-id: MrEfTHJO_3KXz6dE_8jCKnWiFRta1pX5NyVzzK72fadjAgranX0LiA==
date: Wed, 30 Oct 2024 12:11:51 GMT
content-type: font/woff2
vary: Accept-Encoding
last-modified: Wed, 23 Oct 2024 12:06:01 GMT
cache-control: max-age=31536000, public
via: 1.1 29f7132906866b79866659848b3a3b68.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 48844
x-amz-cf-pop: FRA56-P3
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 nr-spa-1.250.0.min.js Show response
js-agent.newrelic.com/ Frame 3C4C 86 KB
0 31ms
8ms Script
application/javascript 2602:816:5001::39
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/nr-spa-1.250.0.min.js

Requested by

Host: www.lego.com
URL: https://www.lego.com/newrelic.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2602:816:5001::39 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

8aaf0af04baf8eaa35b1ac46ed02d131a8d3c44896b92a45fa1555c70ebc94c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.lego.com
Referer: https://www.lego.com/

Response headers

strict-transport-security: max-age=300
cache-control: public, max-age=31536000, stale-while-revalidate=86400, stale-if-error=86400
content-encoding: br
etag: "6e3b65f7f44fa4b3bf86d1f0187490ce"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
x-cache: HIT
content-length: 26346
date: Thu, 31 Oct 2024 05:02:32 GMT
last-modified: Tue, 09 Jan 2024 19:15:56 GMT
content-type: application/javascript
x-served-by: cache-fra-eddf8230030-FRA
x-cache-hits: 30770
vary: Accept-Encoding

POST
H2 200 Login Show response
www.lego.com/api/graphql/ 987 B
1 KB 305ms
286ms Fetch
application/json 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lego.com/api/graphql/Login

Requested by

Host: www.lego.com
URL: https://www.lego.com/newrelic.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

61ef536470135f920d32a1006235f621cc341d646f4d4bb2c04a132a74a9ced9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

lid
visitor-guid: d1db036d-674f-4ee4-9236-f032f61bcb8a
authorization
Referer: https://www.lego.com/de-de/stores
x-lego-request-id: 1a9e5db1-01b4-46c6-b192-7e8e1087410f-app-shop-c-26bee914
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjE3NDY4NzEiLCJhcCI6IjEwMzI0NzQ2OCIsImlkIjoiYTVmZDg3ZmI5MGJlNGNlZSIsInRyIjoiYzQ1YWNkODc2ODQ4MWM5ODE0MWRhYmYyNzVkNGE5ZWQiLCJ0aSI6MTczMDM1MDk1Mjk4MH19
true-client-ip: 80.255.10.205
fff-id: 322df3ae-38fd-4b67-b26a-2eee1d144a48
traceparent: 00-c45acd8768481c98141dabf275d4a9ed-a5fd87fb90be4cee-01
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
accept: */*
content-type: application/json
session-cookie-id: 3taqMBvc4UEnZPaBZaLJr
x-locale: de-DE
tracestate: 1746871@nr=0-1-1746871-103247468-a5fd87fb90be4cee----1730350952980

Response headers

access-control-max-age: 86400
content-encoding: gzip
etag: W/"3db-ah79FUUSPemQvUXnHjoBaiIts0c"
x-content-type-options: nosniff
access-control-allow-methods: GET,POST,PUT,DELETE,HEAD,OPTIONS
expires: Thu, 31 Oct 2024 05:02:33 GMT
date: Thu, 31 Oct 2024 05:02:33 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
access-control-allow-headers
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
access-control-allow-credentials: true
access-control-allow-origin: https://www.lego.com
content-length: 784
x-xss-protection: 1; mode=block

POST
H2 200 UserQuery Show response
www.lego.com/api/graphql/ 2 KB
1 KB 108ms
106ms Fetch
application/json 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lego.com/api/graphql/UserQuery

Requested by

Host: www.lego.com
URL: https://www.lego.com/newrelic.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

e5e0bd18dea6be89d2179c9dd664e0119b8e07283962cb39020453ce77f2a8f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

lid
visitor-guid: d1db036d-674f-4ee4-9236-f032f61bcb8a
authorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7InB1YiI6e30sInB2dCI6IjRESWxyUUNseHIwS3B5MW9aUzhnUjkwdXFkUExxTEJ0R0t6U09HQlZOL1NKMnltYUg2akcyTW5POHArMElmOThGZzNicHkwRGVMTHNCbzRLTllPcnFCRVQva21zbFR0T0xVVDIvaXVRVGRtZnBRVXU5RWhHVDdxYTlhQ0NCUXErZmJGemFiTFZES1dqa3hQWVNyejdUQThvaWxzbEhuYkhCSTV0TkxXazRhL0h1a1Bya09wbGtXY3RCbGdyMWVOMnRXZDR3MXIwdE40WXhTUDEzaDl5TTJSdnAxY2xrUSsvM1BMZWlwTTE4VSttL1VIejZGRFdnNkNJcWtlcFdCcmh3YVFlb25XbkhGVytkWFcvN3ppMml2d0J0SGJtN2Z0Yng4REY1RUYrT0g3SE5TenVzQlFrVVE5dXBYM2hRVm9sbTZkVkY2RzlTME1IY3M4d0h0QlJaUzBiNjduWFJkd0hkaGdocjRjQXQ2Zzl4WGN1c0czbUN5cWM4ZGF0M2s0ZmlsdXN2UThqMjhYN0VMWU1rUFhUb3I1ZklDdFJmdGNpdW1FTFMyMm81TXdZaEhvdm4zR1VaNUlTaDJCMk84bHQwZ0xHTWFxZDZZdGxpUjIwQ3B4dVpxRzZ3aG12TWtKalVkYjdLcHZLK2FobGVZcnkyN3l6dlY4TVo4SkdBQWxQSjdVbWxIazVxNW5qY0FxQ3JxYk5sUWxsMnZQeWV2WVlJc0Npa1VUMzdBb1hCM2ppNy8ycnBXd0FvVW5LZW1FOS5HemhjSFlWUGtKUHNQTjFEa0JVVWN3PT0ifSwiaWF0IjoxNzMwMzUwOTUzLCJleHAiOjE3MzAzNjE3NTJ9._HiuWVLDZrLILFBD_fNWyibV8UEHtvv8rQD0ax3jds4
Referer: https://www.lego.com/de-de/stores
x-lego-request-id: 1a9e5db1-01b4-46c6-b192-7e8e1087410f-app-shop-c-26bee914
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjE3NDY4NzEiLCJhcCI6IjEwMzI0NzQ2OCIsImlkIjoiNDNkMzdlZGNlMDM3ZWMwYiIsInRyIjoiM2Q5NTI4Y2I4ODg3Y2E2MThlNTBiZTdiMTg2NzhjNmUiLCJ0aSI6MTczMDM1MDk1MzMwNX19
true-client-ip: 80.255.10.205
fff-id: 322df3ae-38fd-4b67-b26a-2eee1d144a48
traceparent: 00-3d9528cb8887ca618e50be7b18678c6e-43d37edce037ec0b-01
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
accept: */*
content-type: application/json
session-cookie-id: 3taqMBvc4UEnZPaBZaLJr
x-locale: de-DE
tracestate: 1746871@nr=0-1-1746871-103247468-43d37edce037ec0b----1730350953305

Response headers

access-control-max-age: 86400
content-encoding: gzip
etag: W/"71d-FlFeoptjmePK4IYa1lEVHS+9E20"
x-content-type-options: nosniff
access-control-allow-methods: GET,POST,PUT,DELETE,HEAD,OPTIONS
expires: Thu, 31 Oct 2024 05:02:33 GMT
date: Thu, 31 Oct 2024 05:02:33 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
access-control-allow-headers
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
access-control-allow-credentials: true
access-control-allow-origin: https://www.lego.com
content-length: 818
x-xss-protection: 1; mode=block

POST
H2 200 UserConsentPreferences Show response
www.lego.com/api/graphql/ 531 B
927 B 218ms
216ms Fetch
application/json 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lego.com/api/graphql/UserConsentPreferences

Requested by

Host: www.lego.com
URL: https://www.lego.com/newrelic.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

abb86a21e48e346fee8291f937987ccdc7faffe9c3fe85e0810b32cc85522ffc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

lid
visitor-guid: d1db036d-674f-4ee4-9236-f032f61bcb8a
authorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7InB1YiI6e30sInB2dCI6IjRESWxyUUNseHIwS3B5MW9aUzhnUjkwdXFkUExxTEJ0R0t6U09HQlZOL1NKMnltYUg2akcyTW5POHArMElmOThGZzNicHkwRGVMTHNCbzRLTllPcnFCRVQva21zbFR0T0xVVDIvaXVRVGRtZnBRVXU5RWhHVDdxYTlhQ0NCUXErZmJGemFiTFZES1dqa3hQWVNyejdUQThvaWxzbEhuYkhCSTV0TkxXazRhL0h1a1Bya09wbGtXY3RCbGdyMWVOMnRXZDR3MXIwdE40WXhTUDEzaDl5TTJSdnAxY2xrUSsvM1BMZWlwTTE4VSttL1VIejZGRFdnNkNJcWtlcFdCcmh3YVFlb25XbkhGVytkWFcvN3ppMml2d0J0SGJtN2Z0Yng4REY1RUYrT0g3SE5TenVzQlFrVVE5dXBYM2hRVm9sbTZkVkY2RzlTME1IY3M4d0h0QlJaUzBiNjduWFJkd0hkaGdocjRjQXQ2Zzl4WGN1c0czbUN5cWM4ZGF0M2s0ZmlsdXN2UThqMjhYN0VMWU1rUFhUb3I1ZklDdFJmdGNpdW1FTFMyMm81TXdZaEhvdm4zR1VaNUlTaDJCMk84bHQwZ0xHTWFxZDZZdGxpUjIwQ3B4dVpxRzZ3aG12TWtKalVkYjdLcHZLK2FobGVZcnkyN3l6dlY4TVo4SkdBQWxQSjdVbWxIazVxNW5qY0FxQ3JxYk5sUWxsMnZQeWV2WVlJc0Npa1VUMzdBb1hCM2ppNy8ycnBXd0FvVW5LZW1FOS5HemhjSFlWUGtKUHNQTjFEa0JVVWN3PT0ifSwiaWF0IjoxNzMwMzUwOTUzLCJleHAiOjE3MzAzNjE3NTJ9._HiuWVLDZrLILFBD_fNWyibV8UEHtvv8rQD0ax3jds4
Referer: https://www.lego.com/de-de/stores
x-lego-request-id: cdcce491-7a51-4fe8-92d9-5f595ca97bbd-app-shop-c-26bee914
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjE3NDY4NzEiLCJhcCI6IjEwMzI0NzQ2OCIsImlkIjoiMmJkNWI0OWZhYTY4ZjczZCIsInRyIjoiNDA1Nzc3MDJkNDlkMGY3MDI2NjU5NjBjMzYxZmI1NzMiLCJ0aSI6MTczMDM1MDk1MzMwN319
true-client-ip: 80.255.10.205
fff-id: 322df3ae-38fd-4b67-b26a-2eee1d144a48
traceparent: 00-40577702d49d0f702665960c361fb573-2bd5b49faa68f73d-01
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
accept: */*
content-type: application/json
session-cookie-id: 3taqMBvc4UEnZPaBZaLJr
x-locale: de-DE
tracestate: 1746871@nr=0-1-1746871-103247468-2bd5b49faa68f73d----1730350953307

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
access-control-max-age: 86400
cache-control: max-age=0, no-cache, no-store
etag: W/"213-VQCykkXjX8PNXS5HHZoYfW4e+o4"
pragma: no-cache
access-control-allow-credentials: true
x-content-type-options: nosniff
access-control-allow-methods: GET,POST,PUT,DELETE,HEAD,OPTIONS
expires: Thu, 31 Oct 2024 05:02:33 GMT
access-control-allow-origin: https://www.lego.com
content-length: 531
date: Thu, 31 Oct 2024 05:02:33 GMT
x-xss-protection: 1; mode=block
content-type: application/json; charset=utf-8
access-control-allow-headers

POST
H2 200 StoreEvents Show response
www.lego.com/api/graphql/ 2 KB
948 B 59ms
57ms Fetch
application/json 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lego.com/api/graphql/StoreEvents

Requested by

Host: www.lego.com
URL: https://www.lego.com/newrelic.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

11be6e0e4e5ecef9ade90fbb75149750630de9190348129a95bc2f23496f0fe1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

lid
visitor-guid: d1db036d-674f-4ee4-9236-f032f61bcb8a
authorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7InB1YiI6e30sInB2dCI6IjRESWxyUUNseHIwS3B5MW9aUzhnUjkwdXFkUExxTEJ0R0t6U09HQlZOL1NKMnltYUg2akcyTW5POHArMElmOThGZzNicHkwRGVMTHNCbzRLTllPcnFCRVQva21zbFR0T0xVVDIvaXVRVGRtZnBRVXU5RWhHVDdxYTlhQ0NCUXErZmJGemFiTFZES1dqa3hQWVNyejdUQThvaWxzbEhuYkhCSTV0TkxXazRhL0h1a1Bya09wbGtXY3RCbGdyMWVOMnRXZDR3MXIwdE40WXhTUDEzaDl5TTJSdnAxY2xrUSsvM1BMZWlwTTE4VSttL1VIejZGRFdnNkNJcWtlcFdCcmh3YVFlb25XbkhGVytkWFcvN3ppMml2d0J0SGJtN2Z0Yng4REY1RUYrT0g3SE5TenVzQlFrVVE5dXBYM2hRVm9sbTZkVkY2RzlTME1IY3M4d0h0QlJaUzBiNjduWFJkd0hkaGdocjRjQXQ2Zzl4WGN1c0czbUN5cWM4ZGF0M2s0ZmlsdXN2UThqMjhYN0VMWU1rUFhUb3I1ZklDdFJmdGNpdW1FTFMyMm81TXdZaEhvdm4zR1VaNUlTaDJCMk84bHQwZ0xHTWFxZDZZdGxpUjIwQ3B4dVpxRzZ3aG12TWtKalVkYjdLcHZLK2FobGVZcnkyN3l6dlY4TVo4SkdBQWxQSjdVbWxIazVxNW5qY0FxQ3JxYk5sUWxsMnZQeWV2WVlJc0Npa1VUMzdBb1hCM2ppNy8ycnBXd0FvVW5LZW1FOS5HemhjSFlWUGtKUHNQTjFEa0JVVWN3PT0ifSwiaWF0IjoxNzMwMzUwOTUzLCJleHAiOjE3MzAzNjE3NTJ9._HiuWVLDZrLILFBD_fNWyibV8UEHtvv8rQD0ax3jds4
Referer: https://www.lego.com/de-de/stores
x-lego-request-id: 9942f5ef-0913-4360-8f11-a097cd743132-app-shop-c-26bee914
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjE3NDY4NzEiLCJhcCI6IjEwMzI0NzQ2OCIsImlkIjoiMWQ3NTU1YmYxZjc1ZjU1ZSIsInRyIjoiMDQzZTAxYWMzYWRkMThiMDNiODBhMjg5YTJhZGE1MmIiLCJ0aSI6MTczMDM1MDk1MzMxMH19
true-client-ip: 80.255.10.205
fff-id: 322df3ae-38fd-4b67-b26a-2eee1d144a48
traceparent: 00-043e01ac3add18b03b80a289a2ada52b-1d7555bf1f75f55e-01
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
accept: */*
content-type: application/json
session-cookie-id: 3taqMBvc4UEnZPaBZaLJr
x-locale: de-DE
tracestate: 1746871@nr=0-1-1746871-103247468-1d7555bf1f75f55e----1730350953310

Response headers

access-control-max-age: 86400
content-encoding: gzip
etag: W/"629-vHvvF4FXumRiEg2qiNcFcpWfOTg"
x-content-type-options: nosniff
access-control-allow-methods: GET,POST,PUT,DELETE,HEAD,OPTIONS
expires: Thu, 31 Oct 2024 05:02:33 GMT
date: Thu, 31 Oct 2024 05:02:33 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
access-control-allow-headers
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
access-control-allow-credentials: true
access-control-allow-origin: https://www.lego.com
content-length: 534
x-xss-protection: 1; mode=block

POST
H2 200 StoreExperience Show response
www.lego.com/api/graphql/ 5 KB
2 KB 61ms
61ms Fetch
application/json 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lego.com/api/graphql/StoreExperience

Requested by

Host: www.lego.com
URL: https://www.lego.com/newrelic.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

394fa4c874a6a28dfb7480e83af6d0d81caca2b48551664ff6276df71651af79

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

lid
visitor-guid: d1db036d-674f-4ee4-9236-f032f61bcb8a
authorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7InB1YiI6e30sInB2dCI6IjRESWxyUUNseHIwS3B5MW9aUzhnUjkwdXFkUExxTEJ0R0t6U09HQlZOL1NKMnltYUg2akcyTW5POHArMElmOThGZzNicHkwRGVMTHNCbzRLTllPcnFCRVQva21zbFR0T0xVVDIvaXVRVGRtZnBRVXU5RWhHVDdxYTlhQ0NCUXErZmJGemFiTFZES1dqa3hQWVNyejdUQThvaWxzbEhuYkhCSTV0TkxXazRhL0h1a1Bya09wbGtXY3RCbGdyMWVOMnRXZDR3MXIwdE40WXhTUDEzaDl5TTJSdnAxY2xrUSsvM1BMZWlwTTE4VSttL1VIejZGRFdnNkNJcWtlcFdCcmh3YVFlb25XbkhGVytkWFcvN3ppMml2d0J0SGJtN2Z0Yng4REY1RUYrT0g3SE5TenVzQlFrVVE5dXBYM2hRVm9sbTZkVkY2RzlTME1IY3M4d0h0QlJaUzBiNjduWFJkd0hkaGdocjRjQXQ2Zzl4WGN1c0czbUN5cWM4ZGF0M2s0ZmlsdXN2UThqMjhYN0VMWU1rUFhUb3I1ZklDdFJmdGNpdW1FTFMyMm81TXdZaEhvdm4zR1VaNUlTaDJCMk84bHQwZ0xHTWFxZDZZdGxpUjIwQ3B4dVpxRzZ3aG12TWtKalVkYjdLcHZLK2FobGVZcnkyN3l6dlY4TVo4SkdBQWxQSjdVbWxIazVxNW5qY0FxQ3JxYk5sUWxsMnZQeWV2WVlJc0Npa1VUMzdBb1hCM2ppNy8ycnBXd0FvVW5LZW1FOS5HemhjSFlWUGtKUHNQTjFEa0JVVWN3PT0ifSwiaWF0IjoxNzMwMzUwOTUzLCJleHAiOjE3MzAzNjE3NTJ9._HiuWVLDZrLILFBD_fNWyibV8UEHtvv8rQD0ax3jds4
Referer: https://www.lego.com/de-de/stores
x-lego-request-id: 379949d4-f8cc-42c5-b497-964dd3d99362-app-shop-c-26bee914
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjE3NDY4NzEiLCJhcCI6IjEwMzI0NzQ2OCIsImlkIjoiMzk3YjVhNTRkNzc1MWNhZCIsInRyIjoiOTQ1ZTZmYWQ2YjQ5OTFmMTY4YzcwMWY0YTIyNmE3NmEiLCJ0aSI6MTczMDM1MDk1MzMxMX19
true-client-ip: 80.255.10.205
fff-id: 322df3ae-38fd-4b67-b26a-2eee1d144a48
traceparent: 00-945e6fad6b4991f168c701f4a226a76a-397b5a54d7751cad-01
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
accept: */*
content-type: application/json
session-cookie-id: 3taqMBvc4UEnZPaBZaLJr
x-locale: de-DE
tracestate: 1746871@nr=0-1-1746871-103247468-397b5a54d7751cad----1730350953311

Response headers

access-control-max-age: 86400
content-encoding: gzip
etag: W/"15c6-R+4jHAoApb9eVvr5PsGXlZ9C0zU"
x-content-type-options: nosniff
access-control-allow-methods: GET,POST,PUT,DELETE,HEAD,OPTIONS
expires: Thu, 31 Oct 2024 05:02:33 GMT
date: Thu, 31 Oct 2024 05:02:33 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
access-control-allow-headers
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
access-control-allow-credentials: true
access-control-allow-origin: https://www.lego.com
content-length: 1470
x-xss-protection: 1; mode=block

POST
H2 200 ConsentModalSettings Show response
www.lego.com/api/graphql/ 8 KB
3 KB 52ms
51ms Fetch
application/json 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lego.com/api/graphql/ConsentModalSettings

Requested by

Host: www.lego.com
URL: https://www.lego.com/newrelic.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

95548f1bced2baae7dfc9d6a5e5a098a7288fa2cdda9b55ed553965ed6828a88

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

lid
visitor-guid: d1db036d-674f-4ee4-9236-f032f61bcb8a
authorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7InB1YiI6e30sInB2dCI6IjRESWxyUUNseHIwS3B5MW9aUzhnUjkwdXFkUExxTEJ0R0t6U09HQlZOL1NKMnltYUg2akcyTW5POHArMElmOThGZzNicHkwRGVMTHNCbzRLTllPcnFCRVQva21zbFR0T0xVVDIvaXVRVGRtZnBRVXU5RWhHVDdxYTlhQ0NCUXErZmJGemFiTFZES1dqa3hQWVNyejdUQThvaWxzbEhuYkhCSTV0TkxXazRhL0h1a1Bya09wbGtXY3RCbGdyMWVOMnRXZDR3MXIwdE40WXhTUDEzaDl5TTJSdnAxY2xrUSsvM1BMZWlwTTE4VSttL1VIejZGRFdnNkNJcWtlcFdCcmh3YVFlb25XbkhGVytkWFcvN3ppMml2d0J0SGJtN2Z0Yng4REY1RUYrT0g3SE5TenVzQlFrVVE5dXBYM2hRVm9sbTZkVkY2RzlTME1IY3M4d0h0QlJaUzBiNjduWFJkd0hkaGdocjRjQXQ2Zzl4WGN1c0czbUN5cWM4ZGF0M2s0ZmlsdXN2UThqMjhYN0VMWU1rUFhUb3I1ZklDdFJmdGNpdW1FTFMyMm81TXdZaEhvdm4zR1VaNUlTaDJCMk84bHQwZ0xHTWFxZDZZdGxpUjIwQ3B4dVpxRzZ3aG12TWtKalVkYjdLcHZLK2FobGVZcnkyN3l6dlY4TVo4SkdBQWxQSjdVbWxIazVxNW5qY0FxQ3JxYk5sUWxsMnZQeWV2WVlJc0Npa1VUMzdBb1hCM2ppNy8ycnBXd0FvVW5LZW1FOS5HemhjSFlWUGtKUHNQTjFEa0JVVWN3PT0ifSwiaWF0IjoxNzMwMzUwOTUzLCJleHAiOjE3MzAzNjE3NTJ9._HiuWVLDZrLILFBD_fNWyibV8UEHtvv8rQD0ax3jds4
Referer: https://www.lego.com/de-de/stores
x-lego-request-id: ddb63e7a-4b9c-4633-9f55-7ed964309cac-app-shop-c-26bee914
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjE3NDY4NzEiLCJhcCI6IjEwMzI0NzQ2OCIsImlkIjoiMDAzMTc0NTU2NWIzODZjZiIsInRyIjoiYTVhMGIzNTE2YWY5MzdiYWRlODBjZDJjMjZmYTVjNzMiLCJ0aSI6MTczMDM1MDk1MzMxMn19
true-client-ip: 80.255.10.205
fff-id: 322df3ae-38fd-4b67-b26a-2eee1d144a48
traceparent: 00-a5a0b3516af937bade80cd2c26fa5c73-0031745565b386cf-01
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
accept: */*
content-type: application/json
session-cookie-id: 3taqMBvc4UEnZPaBZaLJr
x-locale: de-DE
tracestate: 1746871@nr=0-1-1746871-103247468-0031745565b386cf----1730350953312

Response headers

access-control-max-age: 86400
content-encoding: gzip
etag: W/"1edd-lgclaMpgqJpIe22E8QU7Od3dX0o"
x-content-type-options: nosniff
access-control-allow-methods: GET,POST,PUT,DELETE,HEAD,OPTIONS
expires: Thu, 31 Oct 2024 05:02:33 GMT
date: Thu, 31 Oct 2024 05:02:33 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
access-control-allow-headers
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
access-control-allow-credentials: true
access-control-allow-origin: https://www.lego.com
content-length: 2561
x-xss-protection: 1; mode=block

GET
H2 200 LEGO-HalloweenHunt-StorePage-1280x720.jpg
www.lego.com/cdn/cs/set/assets/blt77f65440293565b6/ 13 KB
14 KB 16ms
14ms Image
image/webp 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.lego.com/cdn/cs/set/assets/blt77f65440293565b6/LEGO-HalloweenHunt-StorePage-1280x720.jpg?fit=crop&format=webply&quality=80&width=415&height=276&dpr=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

CloudFront /

Resource Hash

e2a554d2527c671d1197736a534b0e66e6188aa16dcea144a227996aba1014fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.lego.com/de-de/stores

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=172800
etag: "s63q9tf9wvxwFkgnw2GcRtFkFYRB9QcBKTQxXF6u/hQ"
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 13736
x-amz-cf-id: gOAKODkgPC2BwpFbTFXAvYhFoVnL5v0XhF7HhSvZOWDHkteEfNWM5g==
date: Thu, 31 Oct 2024 05:02:33 GMT
x-xss-protection: 1; mode=block
content-type: image/webp
content-disposition: inline; attachment; filename="LEGO-HalloweenHunt-StorePage-1280x720.webp
server: CloudFront
x-amz-cf-pop: FRA56-P12
x-frame-options: deny

GET
H2 200 LEGO-MT-Halloween-StorePage_1280x720.jpg
www.lego.com/cdn/cs/set/assets/bltee2620f820d345d4/ 5 KB
6 KB 14ms
13ms Image
image/webp 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.lego.com/cdn/cs/set/assets/bltee2620f820d345d4/LEGO-MT-Halloween-StorePage_1280x720.jpg?fit=crop&format=webply&quality=80&width=415&height=276&dpr=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

CloudFront /

Resource Hash

a5050194e67e35cab9fb7da17540175b1c1361e383a66d715f16e24fdd83b60c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.lego.com/de-de/stores

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=172800
etag: "DKn+gaEqC5qbAWFPmF+LW5BMYhCrt9oBpxEm+7wIvRg"
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 5276
x-amz-cf-id: CX9N4LpatL3Mue95XX8cgIo2-vWG8geZARxM61fE4lDGP2UI-1R7qA==
date: Thu, 31 Oct 2024 05:02:33 GMT
x-xss-protection: 1; mode=block
content-type: image/webp
content-disposition: inline; attachment; filename="LEGO-MT-Halloween-StorePage_1280x720.webp
server: CloudFront
x-amz-cf-pop: FRA56-P12
x-frame-options: deny

GET
H2 200 bootstrap.min.js Show response
legocrm.my.site.com/ESWEnhancedMessaging1690463241492/assets/js/ 75 KB
20 KB 87ms
41ms Script
application/javascript 2a02:26f0:3500:18::1724:a29f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://legocrm.my.site.com/ESWEnhancedMessaging1690463241492/assets/js/bootstrap.min.js

Requested by

Host: www.lego.com
URL: https://www.lego.com/newrelic.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:18::1724:a29f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

c0f44ea618fadb76f123cceb96390bb45bda54dd9de8158cafcba87133faedf4

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.lego.com/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains
cache-control: public, max-age=45
content-encoding: gzip
etag: "30ce4f5c72--gzip"
x-content-type-options: nosniff
referrer-policy: origin-when-cross-origin
content-length: 20162
date: Thu, 31 Oct 2024 05:02:33 GMT
x-origin-cache-control: max-age=60,immutable,public
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
akamai-grn: 0.9fa02417.1730350953.16255ba6

HEAD
H2 200 stores
www.lego.com/de-de/ 0
0 20ms
19ms Fetch 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lego.com/de-de/stores?age-gate=grown_up

Requested by

Host: www.lego.com
URL: https://www.lego.com/newrelic.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

traceparent: 00-48c0e1704e05f39774a291c4c7f00bdb-6fe8919bb86335a9-01
x-middleware-preflight: 1
Referer: https://www.lego.com/de-de/stores
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjE3NDY4NzEiLCJhcCI6IjEwMzI0NzQ2OCIsImlkIjoiNmZlODkxOWJiODYzMzVhOSIsInRyIjoiNDhjMGUxNzA0ZTA1ZjM5Nzc0YTI5MWM0YzdmMDBiZGIiLCJ0aSI6MTczMDM1MDk1MzQ5NX19
tracestate: 1746871@nr=0-1-1746871-103247468-6fe8919bb86335a9----1730350953495

Response headers

surrogate-control: no-store
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=60
pragma: no-cache
content-security-policy-report-only: default-src 'self' *.lego.com;font-src 'self' fonts.gstatic.com *.legocrm.my.salesforce.com *.lego.com;img-src 'self' *.lego.com data: *.bazaarvoice.com *.akamaihd.net connect.facebook.net www.facebook.com *.doubleclick.net bat.bing.com www.googletagmanager.com bam-cell.nr-data.net *.adyen.com maps.googleapis.com maps.gstatic.com www.paypalobjects.com *.force.com *.salesforce.com *.visualforce.com blob: *.fwpixel.com *.fwcdn3.com *.fireworktv.com;style-src 'self' *.lego.com lego.ugc.bazaarvoice.com *.adyen.com fonts.googleapis.com *.force.com *.salesforce.com *.salesforce-sites.com *.my.site.com 'unsafe-inline';media-src 'self' *.lego.com mpsnare.iesnare.com *.fireworktv.com;connect-src 'self' *.lego.com bat.bing.com dpm.demdex.net lasteventf-tm.everesttech.net www.facebook.com adservice.google.com *.doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.salesforce-scrt.com *.bazaarvoice.com maps.googleapis.com *.decibelinsight.net *.decibel.com blob: *.s3.eu-central-1.amazonaws.com fireworkapi1.com *.fireworkapi1.com wss://fireworkapi1.com *.fwpixel.com fireworkanalytics.com fireworkadservices1.com *.agora.io *.sd-rtn.com *.fwcdn3.com *.live-video.net wss://104-166-161-30.edge.agora.io:* wss://104-166-161-30.edge.sd-rtn.com:* wss://104-166-161-32.edge.agora.io:* wss://104-166-161-32.edge.sd-rtn.com:* wss://104-166-161-53.edge.agora.io:* wss://104-166-161-53.edge.sd-rtn.com:*;script-src 'self' *.lego.com www.everestjs.net assets.adobedtm.com *.doubleclick.net www.googletagmanager.com www.googleadservices.com connect.facebook.net bat.bing.com analytics.analytics-egain.com js-agent.newrelic.com bam-cell.nr-data.net d3tdkvfstzj7gy.cloudfront.net maps-api-ssl.google.com maps.googleapis.com cnstrc.com *.iovation.com *.iesnare.com www.paypal.com *.adyen.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.my.site.com *.decibelinsight.net *.decibel.com blob: *.fwcdn3.com 'nonce-RoYDPdGzGUWn5OGyaA4ecPHZoloYaTcneu/JBq3zmJY=';frame-src 'self' *.lego.com *.adyen.com google.com www.sandbox.paypal.com *.doubleclick.net tpc.googlesyndication.com *.salesforce.com *.force.com *.salesforce-sites.com *.salesforce-scrt.com *.my.site.com connect.facebook.net facebook.com;form-action 'self' *.force.com *.salesforce.com www.paypal.com connect.facebook.net;object-src 'none';base-uri 'self';worker-src blob:;report-uri https://lego.report-uri.com/r/t/csp/wizard
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
content-length: 0
date: Thu, 31 Oct 2024 05:02:33 GMT
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN

GET
H2 200 brick-75c5dd2553e06cbefcb607e8ab89f8ee.png
www.lego.com/_next/static/images/ 420 B
3 KB 51ms
50ms Image
image/png 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.lego.com/_next/static/images/brick-75c5dd2553e06cbefcb607e8ab89f8ee.png

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

37f6ff4a7fe1c992e3cfc604e536a372d76b2ee2b7e256de0715e5a48164070f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.lego.com/de-de/stores?age-gate=grown_up

Response headers

surrogate-control: no-store
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=11
pragma: no-cache
etag: W/"1a4-192d92c5fe8"
content-security-policy-report-only: default-src 'self' *.lego.com;font-src 'self' fonts.gstatic.com *.legocrm.my.salesforce.com *.lego.com;img-src 'self' *.lego.com data: *.bazaarvoice.com *.akamaihd.net connect.facebook.net www.facebook.com *.doubleclick.net bat.bing.com www.googletagmanager.com bam-cell.nr-data.net *.adyen.com maps.googleapis.com maps.gstatic.com www.paypalobjects.com *.force.com *.salesforce.com *.visualforce.com blob: *.fwpixel.com *.fwcdn3.com *.fireworktv.com;style-src 'self' *.lego.com lego.ugc.bazaarvoice.com *.adyen.com fonts.googleapis.com *.force.com *.salesforce.com *.salesforce-sites.com *.my.site.com 'unsafe-inline';media-src 'self' *.lego.com mpsnare.iesnare.com *.fireworktv.com;connect-src 'self' *.lego.com bat.bing.com dpm.demdex.net lasteventf-tm.everesttech.net www.facebook.com adservice.google.com *.doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.salesforce-scrt.com *.bazaarvoice.com maps.googleapis.com *.decibelinsight.net *.decibel.com blob: *.s3.eu-central-1.amazonaws.com fireworkapi1.com *.fireworkapi1.com wss://fireworkapi1.com *.fwpixel.com fireworkanalytics.com fireworkadservices1.com *.agora.io *.sd-rtn.com *.fwcdn3.com *.live-video.net wss://104-166-161-30.edge.agora.io:* wss://104-166-161-30.edge.sd-rtn.com:* wss://104-166-161-32.edge.agora.io:* wss://104-166-161-32.edge.sd-rtn.com:* wss://104-166-161-53.edge.agora.io:* wss://104-166-161-53.edge.sd-rtn.com:*;script-src 'self' *.lego.com www.everestjs.net assets.adobedtm.com *.doubleclick.net www.googletagmanager.com www.googleadservices.com connect.facebook.net bat.bing.com analytics.analytics-egain.com js-agent.newrelic.com bam-cell.nr-data.net d3tdkvfstzj7gy.cloudfront.net maps-api-ssl.google.com maps.googleapis.com cnstrc.com *.iovation.com *.iesnare.com www.paypal.com *.adyen.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.my.site.com *.decibelinsight.net *.decibel.com blob: *.fwcdn3.com 'nonce-4XhDbFWmOY14xqJ57Q9LyKE/bj9D6yJWMG0/eDtKyCw=';frame-src 'self' *.lego.com *.adyen.com google.com www.sandbox.paypal.com *.doubleclick.net tpc.googlesyndication.com *.salesforce.com *.force.com *.salesforce-sites.com *.salesforce-scrt.com *.my.site.com connect.facebook.net facebook.com;form-action 'self' *.force.com *.salesforce.com www.paypal.com connect.facebook.net;object-src 'none';base-uri 'self';worker-src blob:;report-uri https://lego.report-uri.com/r/t/csp/wizard
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 420
date: Thu, 31 Oct 2024 05:02:33 GMT
x-xss-protection: 1; mode=block
content-type: image/png
last-modified: Tue, 29 Oct 2024 16:46:57 GMT
x-frame-options: SAMEORIGIN

GET
H2 200 bag-64332d5344748c48b220ffe9cf4bbee5.png
www.lego.com/_next/static/images/ 917 B
3 KB 35ms
34ms Image
image/png 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.lego.com/_next/static/images/bag-64332d5344748c48b220ffe9cf4bbee5.png

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

f38706f81647cb53a88d2da330919f1bdfd2ba14f9fd2a8d9c0874f6ee4c9b71

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.lego.com/de-de/stores?age-gate=grown_up

Response headers

surrogate-control: no-store
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=14
pragma: no-cache
etag: W/"395-192d92c5fe8"
content-security-policy-report-only: default-src 'self' *.lego.com;font-src 'self' fonts.gstatic.com *.legocrm.my.salesforce.com *.lego.com;img-src 'self' *.lego.com data: *.bazaarvoice.com *.akamaihd.net connect.facebook.net www.facebook.com *.doubleclick.net bat.bing.com www.googletagmanager.com bam-cell.nr-data.net *.adyen.com maps.googleapis.com maps.gstatic.com www.paypalobjects.com *.force.com *.salesforce.com *.visualforce.com blob: *.fwpixel.com *.fwcdn3.com *.fireworktv.com;style-src 'self' *.lego.com lego.ugc.bazaarvoice.com *.adyen.com fonts.googleapis.com *.force.com *.salesforce.com *.salesforce-sites.com *.my.site.com 'unsafe-inline';media-src 'self' *.lego.com mpsnare.iesnare.com *.fireworktv.com;connect-src 'self' *.lego.com bat.bing.com dpm.demdex.net lasteventf-tm.everesttech.net www.facebook.com adservice.google.com *.doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.salesforce-scrt.com *.bazaarvoice.com maps.googleapis.com *.decibelinsight.net *.decibel.com blob: *.s3.eu-central-1.amazonaws.com fireworkapi1.com *.fireworkapi1.com wss://fireworkapi1.com *.fwpixel.com fireworkanalytics.com fireworkadservices1.com *.agora.io *.sd-rtn.com *.fwcdn3.com *.live-video.net wss://104-166-161-30.edge.agora.io:* wss://104-166-161-30.edge.sd-rtn.com:* wss://104-166-161-32.edge.agora.io:* wss://104-166-161-32.edge.sd-rtn.com:* wss://104-166-161-53.edge.agora.io:* wss://104-166-161-53.edge.sd-rtn.com:*;script-src 'self' *.lego.com www.everestjs.net assets.adobedtm.com *.doubleclick.net www.googletagmanager.com www.googleadservices.com connect.facebook.net bat.bing.com analytics.analytics-egain.com js-agent.newrelic.com bam-cell.nr-data.net d3tdkvfstzj7gy.cloudfront.net maps-api-ssl.google.com maps.googleapis.com cnstrc.com *.iovation.com *.iesnare.com www.paypal.com *.adyen.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.my.site.com *.decibelinsight.net *.decibel.com blob: *.fwcdn3.com 'nonce-24Aei1xeC9WRSuohTXTufoQ8H495pJOfr4uZhz/1lNA=';frame-src 'self' *.lego.com *.adyen.com google.com www.sandbox.paypal.com *.doubleclick.net tpc.googlesyndication.com *.salesforce.com *.force.com *.salesforce-sites.com *.salesforce-scrt.com *.my.site.com connect.facebook.net facebook.com;form-action 'self' *.force.com *.salesforce.com www.paypal.com connect.facebook.net;object-src 'none';base-uri 'self';worker-src blob:;report-uri https://lego.report-uri.com/r/t/csp/wizard
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 917
date: Thu, 31 Oct 2024 05:02:33 GMT
x-xss-protection: 1; mode=block
content-type: image/png
last-modified: Tue, 29 Oct 2024 16:46:57 GMT
x-frame-options: SAMEORIGIN

GET
H2 200 support-7b7f286fd0d7d367bc9c1240968fc787.png
www.lego.com/_next/static/images/ 973 B
3 KB 47ms
46ms Image
image/png 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.lego.com/_next/static/images/support-7b7f286fd0d7d367bc9c1240968fc787.png

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

cd3e081b37155580bd134c585b5025a290e3f205f12dfd8853789d2acf3ac7c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.lego.com/de-de/stores?age-gate=grown_up

Response headers

surrogate-control: no-store
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=10
pragma: no-cache
etag: W/"3cd-192d92c5fe8"
content-security-policy-report-only: default-src 'self' *.lego.com;font-src 'self' fonts.gstatic.com *.legocrm.my.salesforce.com *.lego.com;img-src 'self' *.lego.com data: *.bazaarvoice.com *.akamaihd.net connect.facebook.net www.facebook.com *.doubleclick.net bat.bing.com www.googletagmanager.com bam-cell.nr-data.net *.adyen.com maps.googleapis.com maps.gstatic.com www.paypalobjects.com *.force.com *.salesforce.com *.visualforce.com blob: *.fwpixel.com *.fwcdn3.com *.fireworktv.com;style-src 'self' *.lego.com lego.ugc.bazaarvoice.com *.adyen.com fonts.googleapis.com *.force.com *.salesforce.com *.salesforce-sites.com *.my.site.com 'unsafe-inline';media-src 'self' *.lego.com mpsnare.iesnare.com *.fireworktv.com;connect-src 'self' *.lego.com bat.bing.com dpm.demdex.net lasteventf-tm.everesttech.net www.facebook.com adservice.google.com *.doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.salesforce-scrt.com *.bazaarvoice.com maps.googleapis.com *.decibelinsight.net *.decibel.com blob: *.s3.eu-central-1.amazonaws.com fireworkapi1.com *.fireworkapi1.com wss://fireworkapi1.com *.fwpixel.com fireworkanalytics.com fireworkadservices1.com *.agora.io *.sd-rtn.com *.fwcdn3.com *.live-video.net wss://104-166-161-30.edge.agora.io:* wss://104-166-161-30.edge.sd-rtn.com:* wss://104-166-161-32.edge.agora.io:* wss://104-166-161-32.edge.sd-rtn.com:* wss://104-166-161-53.edge.agora.io:* wss://104-166-161-53.edge.sd-rtn.com:*;script-src 'self' *.lego.com www.everestjs.net assets.adobedtm.com *.doubleclick.net www.googletagmanager.com www.googleadservices.com connect.facebook.net bat.bing.com analytics.analytics-egain.com js-agent.newrelic.com bam-cell.nr-data.net d3tdkvfstzj7gy.cloudfront.net maps-api-ssl.google.com maps.googleapis.com cnstrc.com *.iovation.com *.iesnare.com www.paypal.com *.adyen.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.my.site.com *.decibelinsight.net *.decibel.com blob: *.fwcdn3.com 'nonce-MarLEbXu9a0fbWOyGsZKwSmUdWUK/hKR0ErbxMjvDts=';frame-src 'self' *.lego.com *.adyen.com google.com www.sandbox.paypal.com *.doubleclick.net tpc.googlesyndication.com *.salesforce.com *.force.com *.salesforce-sites.com *.salesforce-scrt.com *.my.site.com connect.facebook.net facebook.com;form-action 'self' *.force.com *.salesforce.com www.paypal.com connect.facebook.net;object-src 'none';base-uri 'self';worker-src blob:;report-uri https://lego.report-uri.com/r/t/csp/wizard
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 973
date: Thu, 31 Oct 2024 05:02:33 GMT
x-xss-protection: 1; mode=block
content-type: image/png
last-modified: Tue, 29 Oct 2024 16:46:57 GMT
x-frame-options: SAMEORIGIN

GET
H2 200 play-zone-836c3b1ed616c867f2eb2191ed007403.webp
www.lego.com/_next/static/images/ 22 KB
24 KB 45ms
45ms Image
image/webp 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.lego.com/_next/static/images/play-zone-836c3b1ed616c867f2eb2191ed007403.webp

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

1fb461abc19ff29c15093a157e603a4ab20d4cfeb6305301ca3363f5d54eb5bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.lego.com/de-de/stores?age-gate=grown_up

Response headers

surrogate-control: no-store
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=6
pragma: no-cache
etag: W/"5764-192d92c5fe8"
content-security-policy-report-only: default-src 'self' *.lego.com;font-src 'self' fonts.gstatic.com *.legocrm.my.salesforce.com *.lego.com;img-src 'self' *.lego.com data: *.bazaarvoice.com *.akamaihd.net connect.facebook.net www.facebook.com *.doubleclick.net bat.bing.com www.googletagmanager.com bam-cell.nr-data.net *.adyen.com maps.googleapis.com maps.gstatic.com www.paypalobjects.com *.force.com *.salesforce.com *.visualforce.com blob: *.fwpixel.com *.fwcdn3.com *.fireworktv.com;style-src 'self' *.lego.com lego.ugc.bazaarvoice.com *.adyen.com fonts.googleapis.com *.force.com *.salesforce.com *.salesforce-sites.com *.my.site.com 'unsafe-inline';media-src 'self' *.lego.com mpsnare.iesnare.com *.fireworktv.com;connect-src 'self' *.lego.com bat.bing.com dpm.demdex.net lasteventf-tm.everesttech.net www.facebook.com adservice.google.com *.doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.salesforce-scrt.com *.bazaarvoice.com maps.googleapis.com *.decibelinsight.net *.decibel.com blob: *.s3.eu-central-1.amazonaws.com fireworkapi1.com *.fireworkapi1.com wss://fireworkapi1.com *.fwpixel.com fireworkanalytics.com fireworkadservices1.com *.agora.io *.sd-rtn.com *.fwcdn3.com *.live-video.net wss://104-166-161-30.edge.agora.io:* wss://104-166-161-30.edge.sd-rtn.com:* wss://104-166-161-32.edge.agora.io:* wss://104-166-161-32.edge.sd-rtn.com:* wss://104-166-161-53.edge.agora.io:* wss://104-166-161-53.edge.sd-rtn.com:*;script-src 'self' *.lego.com www.everestjs.net assets.adobedtm.com *.doubleclick.net www.googletagmanager.com www.googleadservices.com connect.facebook.net bat.bing.com analytics.analytics-egain.com js-agent.newrelic.com bam-cell.nr-data.net d3tdkvfstzj7gy.cloudfront.net maps-api-ssl.google.com maps.googleapis.com cnstrc.com *.iovation.com *.iesnare.com www.paypal.com *.adyen.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.my.site.com *.decibelinsight.net *.decibel.com blob: *.fwcdn3.com 'nonce-6xMh7TmXtg71mL88yHCS1nbigTDJeK2EHpBvuS3pubY=';frame-src 'self' *.lego.com *.adyen.com google.com www.sandbox.paypal.com *.doubleclick.net tpc.googlesyndication.com *.salesforce.com *.force.com *.salesforce-sites.com *.salesforce-scrt.com *.my.site.com connect.facebook.net facebook.com;form-action 'self' *.force.com *.salesforce.com www.paypal.com connect.facebook.net;object-src 'none';base-uri 'self';worker-src blob:;report-uri https://lego.report-uri.com/r/t/csp/wizard
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 22372
date: Thu, 31 Oct 2024 05:02:33 GMT
x-xss-protection: 1; mode=block
content-type: image/webp
last-modified: Tue, 29 Oct 2024 16:46:57 GMT
x-frame-options: SAMEORIGIN

GET
H2 200 favicon-32x32.png
www.lego.com/ 2 KB
0 0ms
0ms Other
image/png 95.101.111.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.lego.com/favicon-32x32.png

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.111.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-152.deploy.static.akamaitechnologies.com

Software

Resource Hash

4441197109e31f53a0ce2103fac8a315e3ffd5bec98f5c3c5769d0244eab8e85

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.lego.com/de-de/stores?age-gate=grown_up

Response headers

cache-control: public, max-age=1090750
etag: W/"749-19200662c48"
content-security-policy-report-only: default-src 'self' *.lego.com;font-src 'self' fonts.gstatic.com *.legocrm.my.salesforce.com *.lego.com;img-src 'self' *.lego.com data: *.bazaarvoice.com *.akamaihd.net connect.facebook.net www.facebook.com *.doubleclick.net bat.bing.com www.googletagmanager.com bam-cell.nr-data.net *.adyen.com maps.googleapis.com maps.gstatic.com www.paypalobjects.com *.force.com *.salesforce.com *.visualforce.com blob: *.fwpixel.com *.fwcdn3.com *.fireworktv.com;style-src 'self' *.lego.com lego.ugc.bazaarvoice.com *.adyen.com fonts.googleapis.com *.force.com *.salesforce.com *.salesforce-sites.com *.my.site.com 'unsafe-inline';media-src 'self' *.lego.com mpsnare.iesnare.com *.fireworktv.com;connect-src 'self' *.lego.com bat.bing.com dpm.demdex.net lasteventf-tm.everesttech.net www.facebook.com adservice.google.com *.doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.salesforce-scrt.com *.bazaarvoice.com maps.googleapis.com *.decibelinsight.net *.decibel.com blob: *.s3.eu-central-1.amazonaws.com fireworkapi1.com *.fireworkapi1.com wss://fireworkapi1.com *.fwpixel.com fireworkanalytics.com fireworkadservices1.com *.agora.io *.sd-rtn.com *.fwcdn3.com *.live-video.net wss://104-166-161-30.edge.agora.io:* wss://104-166-161-30.edge.sd-rtn.com:* wss://104-166-161-32.edge.agora.io:* wss://104-166-161-32.edge.sd-rtn.com:* wss://104-166-161-53.edge.agora.io:* wss://104-166-161-53.edge.sd-rtn.com:*;script-src 'self' *.lego.com www.everestjs.net assets.adobedtm.com *.doubleclick.net www.googletagmanager.com www.googleadservices.com connect.facebook.net bat.bing.com analytics.analytics-egain.com js-agent.newrelic.com bam-cell.nr-data.net d3tdkvfstzj7gy.cloudfront.net maps-api-ssl.google.com maps.googleapis.com cnstrc.com *.iovation.com *.iesnare.com www.paypal.com *.adyen.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.my.site.com *.decibelinsight.net *.decibel.com blob: *.fwcdn3.com 'nonce-SgSl/1AgteloC8RwDweh8h2zRXxF9MZDYyYP//jn3HA=';frame-src 'self' *.lego.com *.adyen.com google.com www.sandbox.paypal.com *.doubleclick.net tpc.googlesyndication.com *.salesforce.com *.force.com *.salesforce-sites.com *.salesforce-scrt.com *.my.site.com connect.facebook.net facebook.com;form-action 'self' *.force.com *.salesforce.com www.paypal.com connect.facebook.net;object-src 'none';base-uri 'self';worker-src blob:;report-uri https://lego.report-uri.com/r/t/csp/wizard
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 1865
date: Thu, 31 Oct 2024 05:02:32 GMT
x-xss-protection: 1; mode=block
content-type: image/png
last-modified: Tue, 17 Sep 2024 14:32:29 GMT
x-frame-options: SAMEORIGIN

GET
H2 200 bootstrap.min.css
legocrm.my.site.com/ESWEnhancedMessaging1690463241492/assets/styles/ 14 KB
3 KB 42ms
41ms Stylesheet
text/css 2a02:26f0:3500:18::1724:a29f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://legocrm.my.site.com/ESWEnhancedMessaging1690463241492/assets/styles/bootstrap.min.css

Requested by

Host: www.lego.com
URL: https://www.lego.com/newrelic.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:18::1724:a29f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

41ca0e04d63231071bb869db572c42910eb2dfbf8a031507098335e6e644680a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.lego.com/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains
cache-control: public, max-age=1
content-encoding: gzip
etag: "b41f311131--gzip"
origin-trial: AhF0CFIKisg+QZcMOO1kPVkD9iTw2dNL70IIkolxErMm0SFOkAwM8DqJk/f3op6Tt2uphjYo6y6Au/x61Tjg/wIAAABZeyJvcmlnaW4iOiJodHRwczovL3NpdGUuY29tOjQ0MyIsImZlYXR1cmUiOiJUcGNkIiwiZXhwaXJ5IjoxNzM1MzQzOTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
x-content-type-options: nosniff
referrer-policy: origin-when-cross-origin
content-length: 2473
date: Thu, 31 Oct 2024 05:02:33 GMT
x-origin-cache-control: max-age=60,immutable,public
content-type: text/css; charset=UTF-8
vary: Accept-Encoding
akamai-grn: 0.9fa02417.1730350953.16255d0e

GET
H2 200 embedded-service-config Show response
legocrm.my.salesforce-scrt.com/embeddedservice/v1/ 19 KB
19 KB 740ms
58ms XHR
application/json 16.170.145.170
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://legocrm.my.salesforce-scrt.com/embeddedservice/v1/embedded-service-config?orgId=00D09000007VlAB&esConfigName=Enhanced_Messaging&language=de

Requested by

Host: www.lego.com
URL: https://www.lego.com/newrelic.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

16.170.145.170 Stockholm, Sweden, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-16-170-145-170.eu-north-1.compute.amazonaws.com

Software

Resource Hash

1ae9890ec678dd378b5107877c0615f4d879cfacef497182dab13a2790c06e13

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.lego.com/

Response headers

x-scrt-correlation-id: 0ea2fb2ec81550c8
strict-transport-security: max-age=31536000 ; includeSubDomains
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
x-content-type-options: nosniff
access-control-allow-methods: GET
expires: 0
access-control-allow-origin: https://www.lego.com
date: Thu, 31 Oct 2024 05:02:34 GMT
x-xss-protection: 1; mode=block
content-type: application/json;charset=utf-8
x-frame-options: DENY

GET
H2 200 businesshours Show response
legocrm.my.salesforce-scrt.com/embeddedservice/v1/ 204 B
502 B 712ms
30ms XHR
application/json 16.170.145.170
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://legocrm.my.salesforce-scrt.com/embeddedservice/v1/businesshours?orgId=00D09000007VlAB&esConfigName=Enhanced_Messaging

Requested by

Host: www.lego.com
URL: https://www.lego.com/newrelic.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

16.170.145.170 Stockholm, Sweden, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-16-170-145-170.eu-north-1.compute.amazonaws.com

Software

Resource Hash

baacad79ea4403df62af21499e261eae45556a14ce8ee79db338ea011cfafde7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.lego.com/

Response headers

x-scrt-correlation-id: d0fe8ff39dac14dd
strict-transport-security: max-age=31536000 ; includeSubDomains
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
x-content-type-options: nosniff
access-control-allow-methods: GET
expires: 0
access-control-allow-origin: https://www.lego.com
date: Thu, 31 Oct 2024 05:02:34 GMT
x-xss-protection: 1; mode=block
content-type: application/json;charset=utf-8
x-frame-options: DENY

GET
H2 200 sitecontext.min.html
legocrm.my.site.com/ESWEnhancedMessaging1690463241492/assets/htdocs/ Frame 0760 0
0 57ms
32ms Document
text/html 2a02:26f0:3500:18::1724:a299
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://legocrm.my.site.com/ESWEnhancedMessaging1690463241492/assets/htdocs/sitecontext.min.html?parent_domain=https%3A%2F%2Fwww.lego.com

Requested by

Host: www.lego.com
URL: https://www.lego.com/newrelic.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:18::1724:a299 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests; img-src * blob: data:; frame-ancestors lego.com *.lego.com legocrm--c.vf.force.com;
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.lego.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

akamai-grn: 0.99a02417.1730350954.c8ef98dc
cache-control: public, max-age=15
content-encoding: gzip
content-length: 187
content-security-policy: upgrade-insecure-requests; img-src * blob: data:; frame-ancestors lego.com *.lego.com legocrm--c.vf.force.com;
content-type: text/html; charset=UTF-8
date: Thu, 31 Oct 2024 05:02:34 GMT
origin-trial: AhF0CFIKisg+QZcMOO1kPVkD9iTw2dNL70IIkolxErMm0SFOkAwM8DqJk/f3op6Tt2uphjYo6y6Au/x61Tjg/wIAAABZeyJvcmlnaW4iOiJodHRwczovL3NpdGUuY29tOjQ0MyIsImZlYXR1cmUiOiJUcGNkIiwiZXhwaXJ5IjoxNzM1MzQzOTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
referrer-policy: origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-origin-cache-control: max-age=60,immutable,public

POST
H3 429 wizard
lego.report-uri.com/r/t/csp/ 11 B
548 B 22ms
21ms Other
text/plain 104.17.215.66
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://lego.report-uri.com/r/t/csp/wizard

Requested by

Host: www.lego.com
URL: https://www.lego.com/newrelic.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.215.66 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e0d16bf5e01d2ff730972fa1fe313ada0ee57d21f79add57d2d70d7fe47a2aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: application/csp-report
Referer: https://www.lego.com/

Response headers

strict-transport-security: max-age=63113904; includeSubDomains; preload
nel: {"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
report-to: {"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
cf-ray: 8db117f94f662c2d-FRA
alt-svc: h3=":443"; ma=86400
content-length: 11
date: Thu, 31 Oct 2024 05:02:34 GMT
content-type: text/plain
vary: Accept-Encoding
server: cloudflare

POST
H/1.1 200 df07c5d304 Show response
bam.nr-data.net/events/1/ 24 B
339 B 118ms
117ms XHR
image/gif 162.247.243.29
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/events/1/df07c5d304?a=103247242&sa=1&v=1.250.0&t=Unnamed%20Transaction&rst=3241&ck=0&s=2d6736850c12c9dd&ref=https://www.lego.com/de-de/stores&hr=0
Requested by: Host: www.lego.com
URL: https://www.lego.com/newrelic.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.243.29 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.lego.com/

Response headers

Connection: keep-alive
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
access-control-allow-origin: https://www.lego.com
Content-Length: 24
date: Thu, 31 Oct 2024 05:02:34 GMT
content-type: image/gif
x-served-by: cache-fra-etou8220117-FRA

GET
H2 200 inert.min.js Show response
legocrm.my.site.com/ESWEnhancedMessaging1690463241492/assets/js/ 7 KB
3 KB 34ms
31ms Script
application/javascript 2a02:26f0:3500:18::1724:a29f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://legocrm.my.site.com/ESWEnhancedMessaging1690463241492/assets/js/inert.min.js

Requested by

Host: www.lego.com
URL: https://www.lego.com/newrelic.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:18::1724:a29f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

aff5ba73419fed47f9c1daf8ebc000fc4bbe80758086ec9362578ebe003caa8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.lego.com/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains
akamai-grn: 0.9fa02417.1730350954.1625669b
cache-control: public, max-age=37
content-encoding: gzip
etag: "b87e734187--gzip"
origin-trial: AhF0CFIKisg+QZcMOO1kPVkD9iTw2dNL70IIkolxErMm0SFOkAwM8DqJk/f3op6Tt2uphjYo6y6Au/x61Tjg/wIAAABZeyJvcmlnaW4iOiJodHRwczovL3NpdGUuY29tOjQ0MyIsImZlYXR1cmUiOiJUcGNkIiwiZXhwaXJ5IjoxNzM1MzQzOTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
x-content-type-options: nosniff
referrer-policy: origin-when-cross-origin
content-length: 2234
x-xss-protection: 1; mode=block
date: Thu, 31 Oct 2024 05:02:34 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
x-origin-cache-control: max-age=60,immutable,public

Verdicts & Comments Add Verdict or Comment

26 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

11 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.lego.com/de-de	1970-01-21 09:17:34	Name: lct-opt-out-ac Value: true
.lego.com/	1970-01-21 02:51:39	Name: locale Value: de-DE
.lego.com/	1970-01-21 02:51:39	Name: country Value: DE
.lego.com/	1969-12-31 23:59:59	Name: session_cookie_id Value: 3taqMBvc4UEnZPaBZaLJr
.lego.com/	1970-01-21 09:24:46	Name: USER_GUID Value: d1db036d-674f-4ee4-9236-f032f61bcb8a
.lego.com/	1970-01-21 09:24:46	Name: fff_id Value: 322df3ae-38fd-4b67-b26a-2eee1d144a48
www.lego.com/	1969-12-31 23:59:59	Name: SNOWPLOW_BROWSER_TRACKER_OPT_OUT_COOKIE Value: true
identity.lego.com/	1970-01-21 00:49:15	Name: AWSALBTG Value: NidEmBUtnbjbeDKJJ14NCWgN0KFbFj3p8vHsC8QD2WJgmpyo/g28D+XbyZdms88iKiz8gC8yxl10pjrdw2slBOBDTxA9qNgU9xAOwPxcraQjPHv51HYm3dt07ot0LEvHciOrd+HxkQS6MXcNG2H9SyWsiD2olbSophT2LbpQQ8f7
identity.lego.com/	1970-01-21 00:49:15	Name: AWSALBTGCORS Value: NidEmBUtnbjbeDKJJ14NCWgN0KFbFj3p8vHsC8QD2WJgmpyo/g28D+XbyZdms88iKiz8gC8yxl10pjrdw2slBOBDTxA9qNgU9xAOwPxcraQjPHv51HYm3dt07ot0LEvHciOrd+HxkQS6MXcNG2H9SyWsiD2olbSophT2LbpQQ8f7
www.lego.com/	1970-01-21 09:24:46	Name: gqauth Value: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7InB1YiI6e30sInB2dCI6IjRESWxyUUNseHIwS3B5MW9aUzhnUjkwdXFkUExxTEJ0R0t6U09HQlZOL1NKMnltYUg2akcyTW5POHArMElmOThGZzNicHkwRGVMTHNCbzRLTllPcnFCRVQva21zbFR0T0xVVDIvaXVRVGRtZnBRVXU5RWhHVDdxYTlhQ0NCUXErZmJGemFiTFZES1dqa3hQWVNyejdUQThvaWxzbEhuYkhCSTV0TkxXazRhL0h1a1Bya09wbGtXY3RCbGdyMWVOMnRXZDR3MXIwdE40WXhTUDEzaDl5TTJSdnAxY2xrUSsvM1BMZWlwTTE4VSttL1VIejZGRFdnNkNJcWtlcFdCcmh3YVFlb25XbkhGVytkWFcvN3ppMml2d0J0SGJtN2Z0Yng4REY1RUYrT0g3SE5TenVzQlFrVVE5dXBYM2hRVm9sbTZkVkY2RzlTME1IY3M4d0h0QlJaUzBiNjduWFJkd0hkaGdocjRjQXQ2Zzl4WGN1c0czbUN5cWM4ZGF0M2s0ZmlsdXN2UThqMjhYN0VMWU1rUFhUb3I1ZklDdFJmdGNpdW1FTFMyMm81TXdZaEhvdm4zR1VaNUlTaDJCMk84bHQwZ0xHTWFxZDZZdGxpUjIwQ3B4dVpxRzZ3aG12TWtKalVkYjdLcHZLK2FobGVZcnkyN3l6dlY4TVo4SkdBQWxQSjdVbWxIazVxNW5qY0FxQ3JxYk5sUWxsMnZQeWV2WVlJc0Npa1VUMzdBb1hCM2ppNy8ycnBXd0FvVW5LZW1FOS5HemhjSFlWUGtKUHNQTjFEa0JVVWN3PT0ifSwiaWF0IjoxNzMwMzUwOTUzLCJleHAiOjE3MzAzNjE3NTJ9._HiuWVLDZrLILFBD_fNWyibV8UEHtvv8rQD0ax3jds4
.lego.com/	1969-12-31 23:59:59	Name: search_session Value: {"timestamp":1730350953706,"data":{"id":1}}

17 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Feature-Policy header: Unrecognized feature: 'vr'.
security	warning	Message: Error with Feature-Policy header: Some features are specified in both Feature-Policy and Permissions-Policy header: autoplay, camera, encrypted-media, fullscreen, geolocation, microphone, midi, payment. Values defined in Permissions-Policy header will be used.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'vr'.
security	error	URL: https://www.lego.com/newrelic.js(Line 1084) Message: [Report Only] Refused to connect to 'https://bam.nr-data.net/1/df07c5d304?a=103247242&sa=1&v=1.250.0&t=Unnamed%20Transaction&rst=1550&ck=0&s=2d6736850c12c9dd&ref=https://www.lego.com/de-de/stores&hr=0&af=err,xhr,stn,ins,spa&be=1032&fe=268&dc=259&fsh=1&perf=%7B%22timing%22:%7B%22of%22:1730350951201,%22n%22:0,%22f%22:412,%22dn%22:412,%22dne%22:412,%22c%22:412,%22s%22:412,%22ce%22:412,%22rq%22:413,%22rp%22:1032,%22rpe%22:1055,%22di%22:1148,%22ds%22:1291,%22de%22:1291,%22dc%22:1299,%22l%22:1299,%22le%22:1300%7D,%22navigation%22:%7B%7D%7D&fp=1214&fcp=1214' because it violates the following Content Security Policy directive: "connect-src 'self' .lego.com bat.bing.com dpm.demdex.net lasteventf-tm.everesttech.net www.facebook.com adservice.google.com .doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com .force.com .salesforce.com .salesforceliveagent.com .salesforce-sites.com .salesforce-scrt.com .bazaarvoice.com maps.googleapis.com .decibelinsight.net .decibel.com blob: .s3.eu-central-1.amazonaws.com fireworkapi1.com .fireworkapi1.com wss://fireworkapi1.com .fwpixel.com fireworkanalytics.com fireworkadservices1.com .agora.io .sd-rtn.com .fwcdn3.com .live-video.net wss://104-166-161-30.edge.agora.io: wss://104-166-161-30.edge.sd-rtn.com:* wss://104-166-161-32.edge.agora.io:* wss://104-166-161-32.edge.sd-rtn.com:* wss://104-166-161-53.edge.agora.io:* wss://104-166-161-53.edge.sd-rtn.com:*".
network	error	URL: https://lego.report-uri.com/r/t/csp/wizard Message: Failed to load resource: the server responded with a status of 429 ()
security	error	URL: https://www.lego.com/newrelic.js(Line 1084) Message: [Report Only] Refused to connect to 'https://bam.nr-data.net/events/1/df07c5d304?a=103247242&sa=1&v=1.250.0&t=Unnamed%20Transaction&rst=3241&ck=0&s=2d6736850c12c9dd&ref=https://www.lego.com/de-de/stores&hr=0' because it violates the following Content Security Policy directive: "connect-src 'self' .lego.com bat.bing.com dpm.demdex.net lasteventf-tm.everesttech.net www.facebook.com adservice.google.com .doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com .force.com .salesforce.com .salesforceliveagent.com .salesforce-sites.com .salesforce-scrt.com .bazaarvoice.com maps.googleapis.com .decibelinsight.net .decibel.com blob: .s3.eu-central-1.amazonaws.com fireworkapi1.com .fireworkapi1.com wss://fireworkapi1.com .fwpixel.com fireworkanalytics.com fireworkadservices1.com .agora.io .sd-rtn.com .fwcdn3.com .live-video.net wss://104-166-161-30.edge.agora.io: wss://104-166-161-30.edge.sd-rtn.com:* wss://104-166-161-32.edge.agora.io:* wss://104-166-161-32.edge.sd-rtn.com:* wss://104-166-161-53.edge.agora.io:* wss://104-166-161-53.edge.sd-rtn.com:*".
network	error	URL: https://lego.report-uri.com/r/t/csp/wizard Message: Failed to load resource: the server responded with a status of 429 ()
security	error	URL: https://js-agent.newrelic.com/nr-spa-1.250.0.min.js(Line 1) Message: [Report Only] Refused to connect to 'https://bam.nr-data.net/jserrors/1/df07c5d304?a=103247242&sa=1&v=1.250.0&t=Unnamed%20Transaction&rst=6775&ck=0&s=2d6736850c12c9dd&ref=https://www.lego.com/de-de/stores&hr=0' because it violates the following Content Security Policy directive: "connect-src 'self' .lego.com bat.bing.com dpm.demdex.net lasteventf-tm.everesttech.net www.facebook.com adservice.google.com .doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com .force.com .salesforce.com .salesforceliveagent.com .salesforce-sites.com .salesforce-scrt.com .bazaarvoice.com maps.googleapis.com .decibelinsight.net .decibel.com blob: .s3.eu-central-1.amazonaws.com fireworkapi1.com .fireworkapi1.com wss://fireworkapi1.com .fwpixel.com fireworkanalytics.com fireworkadservices1.com .agora.io .sd-rtn.com .fwcdn3.com .live-video.net wss://104-166-161-30.edge.agora.io: wss://104-166-161-30.edge.sd-rtn.com:* wss://104-166-161-32.edge.agora.io:* wss://104-166-161-32.edge.sd-rtn.com:* wss://104-166-161-53.edge.agora.io:* wss://104-166-161-53.edge.sd-rtn.com:*".
security	error	URL: https://js-agent.newrelic.com/nr-spa-1.250.0.min.js(Line 1) Message: [Report Only] Refused to connect to 'https://bam.nr-data.net/jserrors/1/df07c5d304?a=103247242&sa=1&v=1.250.0&t=Unnamed%20Transaction&rst=6775&ck=0&s=2d6736850c12c9dd&ref=https://www.lego.com/de-de/stores&hr=0' because it violates the following Content Security Policy directive: "connect-src 'self' .lego.com bat.bing.com dpm.demdex.net lasteventf-tm.everesttech.net www.facebook.com adservice.google.com .doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com .force.com .salesforce.com .salesforceliveagent.com .salesforce-sites.com .salesforce-scrt.com .bazaarvoice.com maps.googleapis.com .decibelinsight.net .decibel.com blob: .s3.eu-central-1.amazonaws.com fireworkapi1.com .fireworkapi1.com wss://fireworkapi1.com .fwpixel.com fireworkanalytics.com fireworkadservices1.com .agora.io .sd-rtn.com .fwcdn3.com .live-video.net wss://104-166-161-30.edge.agora.io: wss://104-166-161-30.edge.sd-rtn.com:* wss://104-166-161-32.edge.agora.io:* wss://104-166-161-32.edge.sd-rtn.com:* wss://104-166-161-53.edge.agora.io:* wss://104-166-161-53.edge.sd-rtn.com:*".
security	error	URL: https://js-agent.newrelic.com/nr-spa-1.250.0.min.js(Line 1) Message: [Report Only] Refused to connect to 'https://bam.nr-data.net/events/1/df07c5d304?a=103247242&sa=1&v=1.250.0&t=Unnamed%20Transaction&rst=6776&ck=0&s=2d6736850c12c9dd&ref=https://www.lego.com/de-de/stores&hr=0' because it violates the following Content Security Policy directive: "connect-src 'self' .lego.com bat.bing.com dpm.demdex.net lasteventf-tm.everesttech.net www.facebook.com adservice.google.com .doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com .force.com .salesforce.com .salesforceliveagent.com .salesforce-sites.com .salesforce-scrt.com .bazaarvoice.com maps.googleapis.com .decibelinsight.net .decibel.com blob: .s3.eu-central-1.amazonaws.com fireworkapi1.com .fireworkapi1.com wss://fireworkapi1.com .fwpixel.com fireworkanalytics.com fireworkadservices1.com .agora.io .sd-rtn.com .fwcdn3.com .live-video.net wss://104-166-161-30.edge.agora.io: wss://104-166-161-30.edge.sd-rtn.com:* wss://104-166-161-32.edge.agora.io:* wss://104-166-161-32.edge.sd-rtn.com:* wss://104-166-161-53.edge.agora.io:* wss://104-166-161-53.edge.sd-rtn.com:*".
security	error	URL: https://js-agent.newrelic.com/nr-spa-1.250.0.min.js(Line 1) Message: [Report Only] Refused to connect to 'https://bam.nr-data.net/events/1/df07c5d304?a=103247242&sa=1&v=1.250.0&t=Unnamed%20Transaction&rst=6776&ck=0&s=2d6736850c12c9dd&ref=https://www.lego.com/de-de/stores&hr=0' because it violates the following Content Security Policy directive: "connect-src 'self' .lego.com bat.bing.com dpm.demdex.net lasteventf-tm.everesttech.net www.facebook.com adservice.google.com .doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com .force.com .salesforce.com .salesforceliveagent.com .salesforce-sites.com .salesforce-scrt.com .bazaarvoice.com maps.googleapis.com .decibelinsight.net .decibel.com blob: .s3.eu-central-1.amazonaws.com fireworkapi1.com .fireworkapi1.com wss://fireworkapi1.com .fwpixel.com fireworkanalytics.com fireworkadservices1.com .agora.io .sd-rtn.com .fwcdn3.com .live-video.net wss://104-166-161-30.edge.agora.io: wss://104-166-161-30.edge.sd-rtn.com:* wss://104-166-161-32.edge.agora.io:* wss://104-166-161-32.edge.sd-rtn.com:* wss://104-166-161-53.edge.agora.io:* wss://104-166-161-53.edge.sd-rtn.com:*".
security	error	URL: https://js-agent.newrelic.com/nr-spa-1.250.0.min.js(Line 1) Message: [Report Only] Refused to connect to 'https://bam.nr-data.net/events/1/df07c5d304?a=103247242&sa=1&v=1.250.0&t=Unnamed%20Transaction&rst=6777&ck=0&s=2d6736850c12c9dd&ref=https://www.lego.com/de-de/stores&hr=0' because it violates the following Content Security Policy directive: "connect-src 'self' .lego.com bat.bing.com dpm.demdex.net lasteventf-tm.everesttech.net www.facebook.com adservice.google.com .doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com .force.com .salesforce.com .salesforceliveagent.com .salesforce-sites.com .salesforce-scrt.com .bazaarvoice.com maps.googleapis.com .decibelinsight.net .decibel.com blob: .s3.eu-central-1.amazonaws.com fireworkapi1.com .fireworkapi1.com wss://fireworkapi1.com .fwpixel.com fireworkanalytics.com fireworkadservices1.com .agora.io .sd-rtn.com .fwcdn3.com .live-video.net wss://104-166-161-30.edge.agora.io: wss://104-166-161-30.edge.sd-rtn.com:* wss://104-166-161-32.edge.agora.io:* wss://104-166-161-32.edge.sd-rtn.com:* wss://104-166-161-53.edge.agora.io:* wss://104-166-161-53.edge.sd-rtn.com:*".
security	error	URL: https://js-agent.newrelic.com/nr-spa-1.250.0.min.js(Line 1) Message: [Report Only] Refused to connect to 'https://bam.nr-data.net/events/1/df07c5d304?a=103247242&sa=1&v=1.250.0&t=Unnamed%20Transaction&rst=6777&ck=0&s=2d6736850c12c9dd&ref=https://www.lego.com/de-de/stores&hr=0' because it violates the following Content Security Policy directive: "connect-src 'self' .lego.com bat.bing.com dpm.demdex.net lasteventf-tm.everesttech.net www.facebook.com adservice.google.com .doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com .force.com .salesforce.com .salesforceliveagent.com .salesforce-sites.com .salesforce-scrt.com .bazaarvoice.com maps.googleapis.com .decibelinsight.net .decibel.com blob: .s3.eu-central-1.amazonaws.com fireworkapi1.com .fireworkapi1.com wss://fireworkapi1.com .fwpixel.com fireworkanalytics.com fireworkadservices1.com .agora.io .sd-rtn.com .fwcdn3.com .live-video.net wss://104-166-161-30.edge.agora.io: wss://104-166-161-30.edge.sd-rtn.com:* wss://104-166-161-32.edge.agora.io:* wss://104-166-161-32.edge.sd-rtn.com:* wss://104-166-161-53.edge.agora.io:* wss://104-166-161-53.edge.sd-rtn.com:*".
security	error	URL: https://js-agent.newrelic.com/nr-spa-1.250.0.min.js(Line 1) Message: [Report Only] Refused to connect to 'https://bam.nr-data.net/jserrors/1/df07c5d304?a=103247242&sa=1&v=1.250.0&t=Unnamed%20Transaction&rst=6778&ck=0&s=2d6736850c12c9dd&ref=https://www.lego.com/de-de/stores&hr=0' because it violates the following Content Security Policy directive: "connect-src 'self' .lego.com bat.bing.com dpm.demdex.net lasteventf-tm.everesttech.net www.facebook.com adservice.google.com .doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com .force.com .salesforce.com .salesforceliveagent.com .salesforce-sites.com .salesforce-scrt.com .bazaarvoice.com maps.googleapis.com .decibelinsight.net .decibel.com blob: .s3.eu-central-1.amazonaws.com fireworkapi1.com .fireworkapi1.com wss://fireworkapi1.com .fwpixel.com fireworkanalytics.com fireworkadservices1.com .agora.io .sd-rtn.com .fwcdn3.com .live-video.net wss://104-166-161-30.edge.agora.io: wss://104-166-161-30.edge.sd-rtn.com:* wss://104-166-161-32.edge.agora.io:* wss://104-166-161-32.edge.sd-rtn.com:* wss://104-166-161-53.edge.agora.io:* wss://104-166-161-53.edge.sd-rtn.com:*".
security	error	URL: https://js-agent.newrelic.com/nr-spa-1.250.0.min.js(Line 1) Message: [Report Only] Refused to connect to 'https://bam.nr-data.net/jserrors/1/df07c5d304?a=103247242&sa=1&v=1.250.0&t=Unnamed%20Transaction&rst=6778&ck=0&s=2d6736850c12c9dd&ref=https://www.lego.com/de-de/stores&hr=0' because it violates the following Content Security Policy directive: "connect-src 'self' .lego.com bat.bing.com dpm.demdex.net lasteventf-tm.everesttech.net www.facebook.com adservice.google.com .doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com .force.com .salesforce.com .salesforceliveagent.com .salesforce-sites.com .salesforce-scrt.com .bazaarvoice.com maps.googleapis.com .decibelinsight.net .decibel.com blob: .s3.eu-central-1.amazonaws.com fireworkapi1.com .fireworkapi1.com wss://fireworkapi1.com .fwpixel.com fireworkanalytics.com fireworkadservices1.com .agora.io .sd-rtn.com .fwcdn3.com .live-video.net wss://104-166-161-30.edge.agora.io: wss://104-166-161-30.edge.sd-rtn.com:* wss://104-166-161-32.edge.agora.io:* wss://104-166-161-32.edge.sd-rtn.com:* wss://104-166-161-53.edge.agora.io:* wss://104-166-161-53.edge.sd-rtn.com:*".
security	error	URL: https://js-agent.newrelic.com/nr-spa-1.250.0.min.js(Line 1) Message: [Report Only] Refused to connect to 'https://bam.nr-data.net/ins/1/df07c5d304?a=103247242&sa=1&v=1.250.0&t=Unnamed%20Transaction&rst=6779&ck=0&s=2d6736850c12c9dd&ref=https://www.lego.com/de-de/stores&hr=0' because it violates the following Content Security Policy directive: "connect-src 'self' .lego.com bat.bing.com dpm.demdex.net lasteventf-tm.everesttech.net www.facebook.com adservice.google.com .doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com .force.com .salesforce.com .salesforceliveagent.com .salesforce-sites.com .salesforce-scrt.com .bazaarvoice.com maps.googleapis.com .decibelinsight.net .decibel.com blob: .s3.eu-central-1.amazonaws.com fireworkapi1.com .fireworkapi1.com wss://fireworkapi1.com .fwpixel.com fireworkanalytics.com fireworkadservices1.com .agora.io .sd-rtn.com .fwcdn3.com .live-video.net wss://104-166-161-30.edge.agora.io: wss://104-166-161-30.edge.sd-rtn.com:* wss://104-166-161-32.edge.agora.io:* wss://104-166-161-32.edge.sd-rtn.com:* wss://104-166-161-53.edge.agora.io:* wss://104-166-161-53.edge.sd-rtn.com:*".
security	error	URL: https://js-agent.newrelic.com/nr-spa-1.250.0.min.js(Line 1) Message: [Report Only] Refused to connect to 'https://bam.nr-data.net/ins/1/df07c5d304?a=103247242&sa=1&v=1.250.0&t=Unnamed%20Transaction&rst=6779&ck=0&s=2d6736850c12c9dd&ref=https://www.lego.com/de-de/stores&hr=0' because it violates the following Content Security Policy directive: "connect-src 'self' .lego.com bat.bing.com dpm.demdex.net lasteventf-tm.everesttech.net www.facebook.com adservice.google.com .doubleclick.net bam-cell.nr-data.net services.postcodeanywhere.co.uk wss://mpsnare.iesnare.com mpsnare.iesnare.com www.sandbox.paypal.com www.paypal.com legopre-prod.egain.cloud ac.cnstrc.com .force.com .salesforce.com .salesforceliveagent.com .salesforce-sites.com .salesforce-scrt.com .bazaarvoice.com maps.googleapis.com .decibelinsight.net .decibel.com blob: .s3.eu-central-1.amazonaws.com fireworkapi1.com .fireworkapi1.com wss://fireworkapi1.com .fwpixel.com fireworkanalytics.com fireworkadservices1.com .agora.io .sd-rtn.com .fwcdn3.com .live-video.net wss://104-166-161-30.edge.agora.io: wss://104-166-161-30.edge.sd-rtn.com:* wss://104-166-161-32.edge.agora.io:* wss://104-166-161-32.edge.sd-rtn.com:* wss://104-166-161-53.edge.agora.io:* wss://104-166-161-53.edge.sd-rtn.com:*".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

allowed-countries.scout.services.lego.com
assets.lego.com
bam.nr-data.net
identity.lego.com
js-agent.newrelic.com
lego.report-uri.com
legocrm.my.salesforce-scrt.com
legocrm.my.site.com
maps.googleapis.com
stores.lego.com
www.lego.com
104.17.215.66
16.170.145.170
162.247.243.29
172.217.18.106
23.38.98.114
2600:9000:20eb:8800:1e:c28d:f140:93a1
2600:9000:2761:4600:19:9f8c:2a40:93a1
2602:816:5001::39
2a00:1450:4001:811::200a
2a02:26f0:3500:18::1724:a299
2a02:26f0:3500:18::1724:a29f
52.222.214.114
95.101.111.152
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
0fd26d5347883a1efa127f23590d63d52d26f011280961c6241f5d61d4c92490
11be6e0e4e5ecef9ade90fbb75149750630de9190348129a95bc2f23496f0fe1
12ce77e934df463891f63dab5fe44a450dfe4594c9d166565781e896c40182cf
1ae9890ec678dd378b5107877c0615f4d879cfacef497182dab13a2790c06e13
1c5d9446fc27b14579ed8d1e36b214868d50867e945855735a3d61b448a9e7b2
1f48836e1e3a41405f75eb0450bb1272eba23d05f68dedcaf13e10ad3a3bd09d
1f791b3037b2ebcd9cdd397985ae5cee277f49f30188d08f05ef26d6334d6156
1fb461abc19ff29c15093a157e603a4ab20d4cfeb6305301ca3363f5d54eb5bc
2240acedb471a2382d102e1f2ac14b69e3644774b2bb7c0c7174581c4b687e3b
23439ff56447e76ff7f6fcc7cca971aa52f6f3c1ce7dbf8cb087ba2904f47ad6
2c1be6e9e071114cb6b2e6bf90f96b13b8979905c589e26093364fea1926d346
2cd0e23e5ece69741cc0f2901a301c0ff6e3925dbdf40e18f3f79913e64b0d62
37f6ff4a7fe1c992e3cfc604e536a372d76b2ee2b7e256de0715e5a48164070f
394fa4c874a6a28dfb7480e83af6d0d81caca2b48551664ff6276df71651af79
3994cb66e263fe0d699d807f5e017f6eb8b30de8023ca5b16366063b43ddc179
415683bd714195a6f4c3c6d729c1e8f5061a26b5edf54cc5ac1317ad3309d7e2
41ca0e04d63231071bb869db572c42910eb2dfbf8a031507098335e6e644680a
4441197109e31f53a0ce2103fac8a315e3ffd5bec98f5c3c5769d0244eab8e85
475ff9dfc3d067cad2d60dd8ca5d9da2f08e678867e81149b6595758a92a283b
492f93fed69c656dd6f28a02543015a32253b16ecbb43eda76f95fd4e1d704e0
53057dc9152f37cb198b8575778397d7786d804d851c5ac0b4d353dc232200ca
5b9af9b5b88f5d0b41c78a72e73f5bc2a4861343ccef1ecfdb827515c0683349
5ce2545ab7cac8c5d8fff37ccda9a4ca9d21f6fde6da509f638f6be251a97bc7
5e1c2d251d283b063e737a2c2d2b927ca5a946710e5b9f24f77d776f9b11662c
61ef536470135f920d32a1006235f621cc341d646f4d4bb2c04a132a74a9ced9
63d7835785729bae49c97bd348d38d1921df961e0d5366e4f74d377791f3c4e3
695bd8a3ed844209ded42ea80af9ed0a804661f471b4a9fe39843b7ce454f9bb
6eaaf848f310fe8fa193f76881773c6238dc3d8944fd8f5e9015d9a494dea8b5
6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e
7845a286d9b1a1d71bf603d1ba585f8a2ee8b6c5a294c2d88cd239982df9556f
7ca0c03a6ab16dbb6c58d160c614a7ac6bfb70371fd6010277250e3663165094
7e0d16bf5e01d2ff730972fa1fe313ada0ee57d21f79add57d2d70d7fe47a2aa
81a190e5f3d97c468124a58cdada8235d90df6a3f599a146d94360d6c37ebce7
864433fb3cbb2354f9558dc71473c7241f37e882dc22b11f265e9495842734a6
8a7686a940955b091daf23fab867de6544edb6b54f6703418978578c3016d38d
8aaf0af04baf8eaa35b1ac46ed02d131a8d3c44896b92a45fa1555c70ebc94c9
8b366c1d4e063ef5b4ffad8c273b375643ec801ea3463a9fc1b31cbc3c5e1e7f
8b72f78c410b7a135448aa0772466867c39cdab2b688f5173ebc91dbe87de7c4
8ee7ad9e16a2ba29e59ef1904ba7cc7eae49551ded00014aa3860f40ce546d33
940247ef8ca92438f4141a3d61227340105c3f12648f211eacafddc31cb3eb6e
95548f1bced2baae7dfc9d6a5e5a098a7288fa2cdda9b55ed553965ed6828a88
a49f3a4c7fe78003fffc607ac6f2612cc7f91b058ea7cb02e679aec896bb9e27
a5050194e67e35cab9fb7da17540175b1c1361e383a66d715f16e24fdd83b60c
abb86a21e48e346fee8291f937987ccdc7faffe9c3fe85e0810b32cc85522ffc
aff5ba73419fed47f9c1daf8ebc000fc4bbe80758086ec9362578ebe003caa8f
b2ffdb7e6780631cc1476372ffdef6fd3fa5d5f0a51f66110fde0b8969f14c8d
b7d2971c3439be53484e5d6a7a0025a256ec58be8887882bd229a9383fe92c52
ba7b31690d5797b3d94a242419085c3681945a98c6b04c1de06f3e0f4e7244ce
baacad79ea4403df62af21499e261eae45556a14ce8ee79db338ea011cfafde7
bed96a75857452e5f79b8e237eaf6498a7540e6d83955ba5903354905b7b2a5a
c0f44ea618fadb76f123cceb96390bb45bda54dd9de8158cafcba87133faedf4
c23d1728cfd67f7ebd8e289c2f7ea84648c77bf3bac25de63c60aa8e85db151f
c65a4e113463e270a4ee54aa3b0a7f3396f438474af4e78c29dbeaca6da295e5
c9a936326b042aee240252c3c2176805b1979a39f6873645ccf6b7b2aeb81b02
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cbe1f12a684d8f2eecd6cd871264adf7c5a09a7b68c37b719e3e82a1271a4320
cd3e081b37155580bd134c585b5025a290e3f205f12dfd8853789d2acf3ac7c4
d3d566990585fe960360cfd0c6cfa0de938fa84b4e061c90bdaf0f72e4a333a6
d4610f3f81dda0b658e3fa0e0f703eb37c650ce3716d0655fa418116dfecfca2
d63aa57b977b1b178cd1e75b526f8c461308b66a9b6c85c7bf6e301fc5577cb1
d740e2399385e4626532b9856b8be7849caee596e280e306a0297628cdc883fd
e01e3df94087aa77d2da0fff9dff64b6892f8d7a5d429960afee7f020a90ebae
e2a554d2527c671d1197736a534b0e66e6188aa16dcea144a227996aba1014fa
e5e0bd18dea6be89d2179c9dd664e0119b8e07283962cb39020453ce77f2a8f0
e692c130a90f4e348fc484cce8e13d43e5275fef4cec1a3878b8e3d96071a6e0
eb0e63b87ec0f72593b405383f8f4e423e87e3916b6afc78b927006aa921fd92
edcb1c415935b1cf49e2e56980d7eba638bda72a23a8997157e1590b1eef14d0
f38706f81647cb53a88d2da330919f1bdfd2ba14f9fd2a8d9c0874f6ee4c9b71
f997e0f2a67fae6c99b9466b56e583964feecb57b1635eaf35b4c8fbcc510919

www.lego.com Open in urlscan Pro 95.101.111.152 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

88 Requests

100 %HTTPS

46 %IPv6

7 Domains

11 Subdomains

12 IPs

4 Countries

1561 kBTransfer

6609 kBSize

11 Cookies

8 Outgoing links

Page URL History

Redirected requests

88 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.lego.com Open in urlscan Pro
95.101.111.152 Public Scan

Screenshot
Live screenshot

Full Image

88
Requests

100 %
HTTPS

46 %
IPv6

7
Domains

11
Subdomains

12
IPs

4
Countries

1561 kB
Transfer

6609 kB
Size

11
Cookies

88 HTTP transactions
0 data transactions