| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| X-Content-Type-Options | nosniff |
| Set-Cookie | NFS_USER_ID=bb89f457-413a-416d-a67c-4347ed8d3368; Max-Age=15811200; Expires=Tue, 21 Oct 2025 01:31:22 GMT; Path=/; Secure |
| Strict-Transport-Security | max-age=15768000; includeSubDomains; preload |
| Cf-Ray | 93391f181e4e9f6a-AMS |
| Date | Mon, 21 Apr 2025 01:31:22 GMT |
| X-Xss-Protection | 1; mode=block |
| X-Permitted-Cross-Domain-Policies | master-only |
| Content-Security-Policy | block-all-mixed-content ;upgrade-insecure-requests ;default-src 'self' adventori.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.abtasty.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.abtasty.com *.y-track.com *.google-analytics.com *.googletagmanager.com www.googletagmanager.com vjs.zencdn.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ ui.onepay.decathlon.net *.paypal.com *.braintreegateway.com *.brightcove.net *.trylive.com *.googleapis.com sdk.privacy-center.org sdk.woosmap.com www.booxi.eu appmobile-bridge-js.s3-eu-west-1.amazonaws.com *.woosmap.com ui.onepay-qualification.decathlon.io cdn.tagcommander.com *.facebook.net *.dynatrace.com platform.commandersact.com *.commander1.com *.criteo.com *.criteo.net *.adnxs.com adventori.com www.googleadservices.com bat.bing.com *.salecycle.com *.doubleclick.net *.hotjar.com redirect3536.tagcommander.com *.oppwa.com oppwa.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net qanda.decathlon.com wurfl.io *.commandersact.com translate.google.com nxtck.com onepay-ui.decathlon.net *.contentsquare.net *.contentsquare.com www.youtube.com wss://*.hotjar.com *.loadbee.com *.decathlon.net via.batch.com *.dynamicyield.com *.klarnaservices.com *.onepay-v2-commons-prod-0ywm.decathlon.io screencapture.kampyle.com screencapture-cdn.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com md-scp.kampyle.com resources.digital-cloud-west.medallia.com pay.google.com/gp/p/js/pay.js applepay.cdn-apple.com rum.browser-intake-datadoghq.eu session-replay.browser-intake-datadoghq.eu logs.browser-intake-datadoghq.eu logs.browser-intake-datadoghq.com browser-intake-datadoghq.eu safesizepublic.ucscentral.com google.com/pay tags.creativecdn.com second-life-xps.secondlifebff-prod-bkpr.decathlon.io *.dotomi.com *.yieldify.com cdn.amplitude.com api.amplitude.com api2.amplitude.com pay.datatrans.com view.publitas.com scripts.publitas.com js.stripe.com *.js.stripe.com *.c360a.salesforce.com analytics.tiktok.com dsp.adfarm1.adition.com *.trbo.com c.imedia.cz www.glami.cz c.seznam.cz faqbot.co code.jquery.com *.mczbf.com *.members.cj.com heureka.cz glamipixel.com optimize.google.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com pagead2.googlesyndication.com s2.adform.net track.adform.net cm.adform.net decathlon-eu.chat.getzowie.com decathloncz.app.baqend.com mczbf.com kdukvh.com emjcd.com cj.dotomi.com c81418.csd.dotomi.com sjwoe.com members.cj.com waw.chat.getzowie.com/web/live-chat/ *.seznam.cz *.zbozi.cz spoluhraci.decathlon.cz app.dekovacka.cz;connect-src 'self' *.google-analytics.com *.analytics.google.com *.abtasty.com *.y-track.com *.woosmap.com *.brightcove.com *.brightcovecdn.com *.paypal.com *.braintree-api.com *.braintreegateway.com *.decathlon.net *.decathlon.com *.booxi.eu api.privacy-center.org www.facebook.com *.doubleclick.net bat.bing.com api.booxi.eu bf97725pbp.bf.dynatrace.com *.hotjar.com *.hotjar.io *.oppwa.com oppwa.com *.brightcove.net checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net qanda.decathlon.com booxi-api-be.appspot.com booxi-api.appspot.com sync.commander1.com *.boltdns.net *.akamaihd.net *.contentsquare.net tracking-api-4lasu2nlcq-ew.a.run.app *.googleapis.com wss://*.hotjar.com www.googletagmanager.com via.batch.com ws.batch.com *.dynamicyield.com *.dynamicyield.eu *.klarnaservices.com *.onepay-v2-commons-prod-0ywm.decathlon.io sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com md-scp.kampyle.com resources.digital-cloud-west.medallia.com analytics-fe.digital-cloud-west.medallia.com www.google.com/pay signin.easyence.tech google.com/pay pay.google.com ams.creativecdn.com rum.browser-intake-datadoghq.eu session-replay.browser-intake-datadoghq.eu logs.browser-intake-datadoghq.eu logs.browser-intake-datadoghq.com browser-intake-datadoghq.eu second-life-xps.secondlifebff-prod-bkpr.decathlon.io cdn.amplitude.com api.amplitude.com api2.amplitude.com api.stripe.com *.c360a.salesforce.com sslwidget.criteo.com measurement-api.criteo.com analytics.tiktok.com *.yieldify.com *.yieldify-production.com yieldify.connectorengine.com https://*.algolia.net https://*.algolianet.com https://*.algolia.io dsp.adfarm1.adition.com api.faqbot.co *.trbo.com fpc.decathlon.cz dl-becz-prod-api.azurewebsites.net *.chatbotize.com herochat-plugin.chatbotize.com decathlon-eu.chat.getzowie.com waw.chat.getzowie.com core-chat.chatbotize.com eu1.chat.getzowie.com decathlon-eu.chat.getzowie.com/web/live-chat/chatbotize-entrypoint.min.js spoluhraci.decathlon.cz adventori.com 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com vjs.zencdn.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ ui.onepay.decathlon.net *.trylive.com sdk.privacy-center.org sdk.woosmap.com www.booxi.eu appmobile-bridge-js.s3-eu-west-1.amazonaws.com ui.onepay-qualification.decathlon.io cdn.tagcommander.com *.facebook.net *.dynatrace.com platform.commandersact.com *.commander1.com *.criteo.com *.criteo.net *.adnxs.com www.googleadservices.com *.salecycle.com redirect3536.tagcommander.com wurfl.io *.commandersact.com translate.google.com nxtck.com onepay-ui.decathlon.net *.contentsquare.com www.youtube.com *.loadbee.com screencapture.kampyle.com screencapture-cdn.kampyle.com pay.google.com/gp/p/js/pay.js applepay.cdn-apple.com safesizepublic.ucscentral.com tags.creativecdn.com *.dotomi.com pay.datatrans.com view.publitas.com scripts.publitas.com js.stripe.com *.js.stripe.com c.imedia.cz www.glami.cz c.seznam.cz faqbot.co code.jquery.com *.mczbf.com *.members.cj.com heureka.cz glamipixel.com optimize.google.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com pagead2.googlesyndication.com s2.adform.net track.adform.net cm.adform.net decathloncz.app.baqend.com mczbf.com kdukvh.com emjcd.com cj.dotomi.com c81418.csd.dotomi.com sjwoe.com members.cj.com waw.chat.getzowie.com/web/live-chat/ *.seznam.cz *.zbozi.cz app.dekovacka.cz data: blob: *.cube-net.org *.cube-net.pub contents.mediadecathlon.com prod-wt.aws.y-track.com manager.tagcommander.com www.google.com www.google.es www.google.fr www.google.it www.google.nl www.google.be www.google.pl *.gstatic.com *.atdmt.com tag.goldenbees.fr *.crm4d.com *.adsrvr.org voucher.decathlon.net apigift.decathlon.com site.booxi.com www.mediadecathlon.com *.mediadecathlon.com *.googleadservices.com adservice.google.com icons.batch.com screencaptue-cdn.kampyle.com cdn-workshop-pop.decathlon.net onepay-widget.decathlon.net bcboltbde696aa-a.akamaihd.net onestore-cdn.decathlon.net www.decathlon.cz sync.adotmob.com delejcotebavi.decathlon.cz *.kdukvh.com *.emjcd.com *.cj.dotomi.com fonts.googleapis.com storage.googleapis.com/sl-front-xp-bucket-4v-tmoq/account/ storage.googleapis.com/sphere-assets-prod-71-hbfe/ fonts.gstatic.com secure.brightcove.com *.youtube.com saas.trylive.com/ site.booxi.eu/ reviews.decathlon.com c.paypal.com checkout.paypal.com www.paypal.com reviews-collect-eu.satisphere.decathlon.net www.pinterest.com *.creativecdn.com hooks.stripe.com gum.criteo.com fledge.eu.criteo.com csxd.contentsquare.net decathlon-cz-cs.custhelp.com decathlon-cz-cz--tst2.custhelp.com kontakt.decathlon.cz;img-src 'self' data: blob: *.decathlon.com *.cube-net.org *.cube-net.pub contents.mediadecathlon.com *.google-analytics.com *.googletagmanager.com *.brightcove.com *.brightcove.net *.brightcovecdn.com *.paypal.com prod-wt.aws.y-track.com manager.tagcommander.com *.googleapis.com *.abtasty.com *.woosmap.com www.facebook.com www.google.com www.google.es www.google.fr www.google.it www.google.nl www.google.be www.google.pl *.doubleclick.net bat.bing.com *.gstatic.com sync.commander1.com *.atdmt.com tag.goldenbees.fr *.crm4d.com *.adsrvr.org *.adnxs.com sdk.privacy-center.org checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net voucher.decathlon.net apigift.decathlon.com site.booxi.com www.mediadecathlon.com *.boltdns.net *.mediadecathlon.com *.contentsquare.net *.googleadservices.com adservice.google.com wss://*.hotjar.com via.batch.com ws.batch.com icons.batch.com *.onepay-v2-commons-prod-0ywm.decathlon.io screencaptue-cdn.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com cdn-workshop-pop.decathlon.net *.dotomi.com *.yieldify.com *.yieldify-production.com pay.datatrans.com onepay-widget.decathlon.net *.dynamicyield.com *.klarnaservices.com bcboltbde696aa-a.akamaihd.net *.criteo.com analytics.tiktok.com ams.creativecdn.com onestore-cdn.decathlon.net www.decathlon.cz sync.adotmob.com www.glami.cz c.seznam.cz delejcotebavi.decathlon.cz *.trbo.com faqbot.co api.faqbot.co *.kdukvh.com *.emjcd.com *.cj.dotomi.com glamipixel.com s2.adform.net track.adform.net cm.adform.net *.chatbotize.com decathloncz.app.baqend.com cj.dotomi.com c81418.csd.dotomi.com *.seznam.cz *.zbozi.cz app.dekovacka.cz;style-src 'self' 'unsafe-inline' www.booxi.eu fonts.googleapis.com *.decathlon.com *.oppwa.com oppwa.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.abtasty.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.mediadecathlon.com wss://*.hotjar.com scripts.publitas.com *.klarnacdn.net *.onepay-v2-commons-prod-0ywm.decathlon.io screencaptue-cdn.kampyle.com nebula-cdn.kampyle.com md-scp.kampyle.com resources.digital-cloud-west.medallia.com second-life-xps.secondlifebff-prod-bkpr.decathlon.io storage.googleapis.com/sl-front-xp-bucket-4v-tmoq/account/ storage.googleapis.com/sphere-assets-prod-71-hbfe/ onepay-widget.decathlon.net pay.datatrans.com *.dynamicyield.com *.dynamicyield.eu *.criteo.com optimize.google.com *.chatbotize.com decathloncz.app.baqend.com;font-src 'self' data: *.decathlon.com fonts.gstatic.com *.yieldify-production.com *.oppwa.com oppwa.com *.abtasty.com qanda.decathlon.com *.googleapis.com *.gstatic.com *.klarnacdn.net *.onepay-v2-commons-prod-0ywm.decathlon.io nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com cdn-workshop-pop.decathlon.net second-life-xps.secondlifebff-prod-bkpr.decathlon.io *.dynamicyield.com *.dynamicyield.eu sjwoe.com mczbf.com *.chatbotize.com decathloncz.app.baqend.com;object-src view.publitas.com;base-uri 'self';worker-src 'self' blob: via.batch.com;media-src 'self' blob: secure.brightcove.com *.brightcove.com *.brightcove.net *.boltdns.net *.mediadecathlon.com *.criteo.com bcboltbde696aa-a.akamaihd.net;frame-src 'self' *.youtube.com www.google.com/recaptcha/ saas.trylive.com/ site.booxi.eu/ reviews.decathlon.com www.facebook.com *.doubleclick.net *.atdmt.com c.paypal.com checkout.paypal.com www.paypal.com *.hotjar.com *.oppwa.com oppwa.com *.brightcove.net checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com qanda.decathlon.com reviews-collect-eu.satisphere.decathlon.net *.mediadecathlon.com view.publitas.com www.pinterest.com *.abtasty.com *.decathlon.net wss://*.hotjar.com screencapture.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com pay.google.com safesizepublic.ucscentral.com *.klarnaservices.com *.creativecdn.com pay.datatrans.com js.stripe.com *.js.stripe.com hooks.stripe.com gum.criteo.com fledge.eu.criteo.com www.googletagmanager.com csxd.contentsquare.net *.yieldify.com decathlon-cz-cs.custhelp.com decathlon-cz-cz--tst2.custhelp.com kontakt.decathlon.cz *.trbo.com optimize.google.com *.chatbotize.com waw.chat.getzowie.com decathlon-eu.chat.getzowie.com *.zbozi.cz spoluhraci.decathlon.cz app.dekovacka.cz;frame-ancestors 'self'; |
| Cf-Cache-Status | DYNAMIC |
| Link | <https://contents.mediadecathlon.com>; rel=preconnect, </client/style/vtmn-tailwind.e7e7f3889c92df13f251.css>; rel=preload; as=style, </client/style/vtmn-style.88921bae214f13da8115.css>; rel=preload; as=style, </client/style/vtmn-new-visual-identity.baf19d8b0ed007285903.css>; rel=preload; as=style, </client/style/style.61b34b2150bf75241692.css>; rel=preload; as=style, </client/app/client.67b68aa32873b91efe8f.js>; rel=preload; as=script |
| Referrer-Policy | no-referrer-when-downgrade |
| X-Frame-Options | SAMEORIGIN |
| Cache-Control | max-age=0, reload, no-cache, no-store, must-revalidate |
| Server | cloudflare |
| Connection | keep-alive |
| Vary | Accept-Encoding |
| Content-Type | text/html; charset=utf-8 |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar