| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| X-Frame-Options | SAMEORIGIN |
| Strict-Transport-Security | max-age=15768000; includeSubDomains; preload |
| Date | Sun, 20 Apr 2025 00:40:26 GMT |
| Vary | Accept-Encoding |
| X-Xss-Protection | 1; mode=block |
| Set-Cookie | PLAY_LANG=de; Max-Age=64000; Expires=Sun, 20 Apr 2025 18:27:06 GMT; Path=/; HTTPOnly |
| Content-Security-Policy | block-all-mixed-content ;upgrade-insecure-requests ;default-src 'self' adventori.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.abtasty.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.abtasty.com *.y-track.com *.google-analytics.com *.googletagmanager.com www.googletagmanager.com vjs.zencdn.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ ui.onepay.decathlon.net *.paypal.com *.braintreegateway.com *.brightcove.net *.trylive.com *.googleapis.com sdk.privacy-center.org sdk.woosmap.com www.booxi.eu appmobile-bridge-js.s3-eu-west-1.amazonaws.com *.woosmap.com ui.onepay-qualification.decathlon.io cdn.tagcommander.com *.facebook.net *.dynatrace.com platform.commandersact.com *.commander1.com *.criteo.com *.criteo.net *.adnxs.com adventori.com www.googleadservices.com bat.bing.com *.salecycle.com *.doubleclick.net *.hotjar.com redirect3536.tagcommander.com *.oppwa.com oppwa.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net qanda.decathlon.com wurfl.io *.commandersact.com translate.google.com nxtck.com onepay-ui.decathlon.net *.contentsquare.net *.contentsquare.com www.youtube.com wss://*.hotjar.com *.loadbee.com *.decathlon.net via.batch.com *.dynamicyield.com *.klarnaservices.com *.onepay-v2-commons-prod-0ywm.decathlon.io screencapture.kampyle.com screencapture-cdn.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com md-scp.kampyle.com resources.digital-cloud-west.medallia.com pay.google.com/gp/p/js/pay.js applepay.cdn-apple.com rum.browser-intake-datadoghq.eu session-replay.browser-intake-datadoghq.eu logs.browser-intake-datadoghq.eu logs.browser-intake-datadoghq.com browser-intake-datadoghq.eu safesizepublic.ucscentral.com google.com/pay tags.creativecdn.com second-life-xps.secondlifebff-prod-bkpr.decathlon.io *.dotomi.com cdn.amplitude.com api.amplitude.com api2.amplitude.com pay.datatrans.com view.publitas.com scripts.publitas.com js.stripe.com *.js.stripe.com *.c360a.salesforce.com analytics.tiktok.com *.zdassets.com *.cube-net.org *.cube-net.pub *.facebook.com *.googleadservices.com *.googleoptimize.com *.gstatic.com connect.facebook.net *.adform.net *.app.baqend.com *.bing.com *.cloudfront.net *.convertiser.com *.custhelp.com *.datadoghq.eu *.decathlon.ch *.easyence.com *.online-metrix.net *.retailrocket.net *.rtbhouse.com *.tagcommander.com *.trackjs.com *.trustcommander.net *.usabilla.com *.useinsider.com appserver-develop.app.inteliwi.se brightcove.hs.llnwd.net brightcove.vo.llnwd.net browser.sentry-cdn.com cdn.jsdelivr.net maps.googleapis.com s3-eu-west-1.amazonaws.com storage.googleapis.com trustmate.io ui.onepay.decathlon.io urldefense.proofpoint.com *.google.fr www.snrcdn.net *.google.com widget.intercom.io js.intercomcdn.com p.teads.tv h.online-metrix.net payment.datatrans.biz payment.datatrans.swiss payment.datatrans2.biz pay.sandbox.datatrans.com pilot.datatrans.biz *.mopinion.com client.crisp.chat settings.crisp.chat pagead2.googlesyndication.com cdn.weglot.com c.searchhub.io saas.searchhub.io;connect-src 'self' *.google-analytics.com *.analytics.google.com *.abtasty.com *.y-track.com *.woosmap.com *.brightcove.com *.brightcovecdn.com *.paypal.com *.braintree-api.com *.braintreegateway.com *.decathlon.net *.decathlon.com *.booxi.eu api.privacy-center.org www.facebook.com *.doubleclick.net bat.bing.com api.booxi.eu bf97725pbp.bf.dynatrace.com *.hotjar.com *.hotjar.io *.oppwa.com oppwa.com *.brightcove.net checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net qanda.decathlon.com booxi-api-be.appspot.com booxi-api.appspot.com sync.commander1.com *.boltdns.net *.akamaihd.net *.contentsquare.net tracking-api-4lasu2nlcq-ew.a.run.app *.googleapis.com wss://*.hotjar.com www.googletagmanager.com via.batch.com ws.batch.com *.dynamicyield.com *.dynamicyield.eu *.klarnaservices.com *.onepay-v2-commons-prod-0ywm.decathlon.io sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com md-scp.kampyle.com resources.digital-cloud-west.medallia.com analytics-fe.digital-cloud-west.medallia.com www.google.com/pay signin.easyence.tech google.com/pay pay.google.com ams.creativecdn.com rum.browser-intake-datadoghq.eu session-replay.browser-intake-datadoghq.eu logs.browser-intake-datadoghq.eu logs.browser-intake-datadoghq.com browser-intake-datadoghq.eu second-life-xps.secondlifebff-prod-bkpr.decathlon.io cdn.amplitude.com api.amplitude.com api2.amplitude.com api.stripe.com *.c360a.salesforce.com sslwidget.criteo.com measurement-api.criteo.com analytics.tiktok.com api-iam.intercom.io wss://nexus-websocket-a.intercom.io *.retailrocket.net tracking.retailrocket.net manifest.prod.boltdns.net api.usabilla.com t.teads.tv cm.teads.tv uploads.intercomcdn.com h.online-metrix.net *.mopinion.com fpc.decathlon.ch client.crisp.chat storage.crisp.chat wss://client.relay.crisp.chat wss://stream.relay.crisp.chat pagead2.googlesyndication.com api.weglot.com c.searchhub.io saas.searchhub.io;img-src 'self' data: blob: *.decathlon.com *.cube-net.org *.cube-net.pub contents.mediadecathlon.com *.google-analytics.com *.googletagmanager.com *.brightcove.com *.brightcove.net *.brightcovecdn.com *.paypal.com prod-wt.aws.y-track.com manager.tagcommander.com *.googleapis.com *.abtasty.com *.woosmap.com www.facebook.com www.google.com www.google.es www.google.fr www.google.it www.google.nl www.google.be www.google.pl *.doubleclick.net bat.bing.com *.gstatic.com sync.commander1.com *.atdmt.com tag.goldenbees.fr *.crm4d.com *.adsrvr.org *.adnxs.com sdk.privacy-center.org checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net voucher.decathlon.net apigift.decathlon.com site.booxi.com www.mediadecathlon.com *.boltdns.net *.mediadecathlon.com *.contentsquare.net *.googleadservices.com adservice.google.com wss://*.hotjar.com via.batch.com ws.batch.com icons.batch.com *.onepay-v2-commons-prod-0ywm.decathlon.io screencaptue-cdn.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com cdn-workshop-pop.decathlon.net *.dotomi.com pay.datatrans.com onepay-widget.decathlon.net *.dynamicyield.com *.klarnaservices.com bcboltbde696aa-a.akamaihd.net *.criteo.com analytics.tiktok.com ams.creativecdn.com *.zdassets.com *.braintreegateway.com *.facebook.com *.google.ch *.google.de *.y-track.com connect.facebook.net *.adform.net *.bing.com *.cloudfront.net *.commander1.com *.commandersact.com *.convertiser.com *.custhelp.com *.decathlon.ch *.easyence.com *.online-metrix.net *.retailrocket.net *.rtbhouse.com *.seadform.net *.tagcommander.com *.trackjs.com *.trustcommander.net *.usabilla.com *.useinsider.com appmobile-bridge-js.s3-eu-west-1.amazonaws.com brightcove.hs.llnwd.net brightcove.vo.llnwd.net inteliwise-client.s3.amazonaws.com inteliwise-eu.s3.amazonaws.com maps.googleapis.com s3-eu-west-1.amazonaws.com trustmate.io ui.onepay.decathlon.io *.google.fr *.googleoptimize.com onepay-ui.decathlon.net *.google.com *.intercomcdn.com *.intercomassets.com cf-images.eu-west-1.prod.boltdns.net t.teads.tv cm.teads.tv *.intercom-attachments-5.com *.intercom-attachments-6.com *.intercom-attachments-9.com *.mopinion.com client.crisp.chat image.crisp.chat storage.crisp.chat ade.googlesyndication.com cdn.weglot.com p.searchhub.io;style-src 'self' 'unsafe-inline' www.booxi.eu fonts.googleapis.com *.decathlon.com *.oppwa.com oppwa.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.abtasty.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.mediadecathlon.com wss://*.hotjar.com scripts.publitas.com *.klarnacdn.net *.onepay-v2-commons-prod-0ywm.decathlon.io screencaptue-cdn.kampyle.com nebula-cdn.kampyle.com md-scp.kampyle.com resources.digital-cloud-west.medallia.com second-life-xps.secondlifebff-prod-bkpr.decathlon.io storage.googleapis.com/sl-front-xp-bucket-4v-tmoq/account/ storage.googleapis.com/sphere-assets-prod-71-hbfe/ onepay-widget.decathlon.net pay.datatrans.com *.dynamicyield.com *.dynamicyield.eu *.criteo.com *.cube-net.org *.cube-net.pub *.decathlon.net *.cloudfront.net *.decathlon.ch *.retailrocket.net *.useinsider.com trustmate.io *.google-analytics.com www.snrcdn.net *.mopinion.com client.crisp.chat;font-src 'self' data: *.decathlon.com fonts.gstatic.com *.oppwa.com oppwa.com *.abtasty.com qanda.decathlon.com *.googleapis.com *.gstatic.com *.klarnacdn.net *.onepay-v2-commons-prod-0ywm.decathlon.io nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com cdn-workshop-pop.decathlon.net second-life-xps.secondlifebff-prod-bkpr.decathlon.io *.dynamicyield.com *.dynamicyield.eu js.intercomcdn.com *.mopinion.com client.crisp.chat;object-src view.publitas.com;base-uri 'self' *.cloudfront.net;worker-src 'self' blob: via.batch.com 'unsafe-eval' 'unsafe-inline' *.cube-net.org *.cube-net.pub ws:;media-src 'self' blob: secure.brightcove.com *.brightcove.com *.brightcove.net *.boltdns.net *.mediadecathlon.com *.criteo.com bcboltbde696aa-a.akamaihd.net *.akafms.net *.akamaihd.net *.cube-net.org *.cube-net.pub data: brightcove.hs.llnwd.net brightcove.vo.llnwd.net js.intercomcdn.com client.crisp.chat;frame-src 'self' *.youtube.com www.google.com/recaptcha/ saas.trylive.com/ site.booxi.eu/ reviews.decathlon.com www.facebook.com *.doubleclick.net *.atdmt.com c.paypal.com checkout.paypal.com www.paypal.com *.hotjar.com *.oppwa.com oppwa.com *.brightcove.net checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com qanda.decathlon.com reviews-collect-eu.satisphere.decathlon.net *.mediadecathlon.com view.publitas.com www.pinterest.com *.abtasty.com *.decathlon.net wss://*.hotjar.com screencapture.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com pay.google.com safesizepublic.ucscentral.com *.klarnaservices.com *.creativecdn.com pay.datatrans.com js.stripe.com *.js.stripe.com hooks.stripe.com gum.criteo.com fledge.eu.criteo.com www.googletagmanager.com csxd.contentsquare.net *.cube-net.org *.cube-net.pub *.decathlon.com *.facebook.com *.google.ch *.adform.net *.cloudfront.net *.custhelp.com *.decathlon.ch *.online-metrix.net *.paypal.com *.retailrocket.net *.salecycle.com *.tagcommander.com *.useinsider.com *.google.com intercom-sheets.com payment.datatrans.biz payment.datatrans.swiss payment.datatrans2.biz pay.sandbox.datatrans.com pilot.datatrans.biz *.mopinion.com game.crisp.chat;frame-ancestors 'self'; |
| Cache-Control | max-age=0, reload, no-cache, no-store, must-revalidate |
| Server | cloudflare |
| Content-Type | text/html; charset=utf-8 |
| X-Permitted-Cross-Domain-Policies | master-only |
| Cf-Cache-Status | DYNAMIC |
| Connection | keep-alive |
| Referrer-Policy | no-referrer-when-downgrade |
| X-Content-Type-Options | nosniff |
| Cf-Ray | 9330971fca24b90e-AMS |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar