| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| X-Content-Type-Options | nosniff |
| X-Xss-Protection | 1; mode=block |
| Server | cloudflare |
| Cache-Control | max-age=0, reload, no-cache, no-store, must-revalidate |
| Vary | Accept-Encoding |
| Content-Security-Policy | block-all-mixed-content ;upgrade-insecure-requests ;default-src 'self' adventori.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.abtasty.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.abtasty.com *.y-track.com *.google-analytics.com *.googletagmanager.com www.googletagmanager.com vjs.zencdn.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ ui.onepay.decathlon.net *.paypal.com *.braintreegateway.com *.brightcove.net *.trylive.com *.googleapis.com sdk.privacy-center.org sdk.woosmap.com www.booxi.eu appmobile-bridge-js.s3-eu-west-1.amazonaws.com *.woosmap.com ui.onepay-qualification.decathlon.io cdn.tagcommander.com *.facebook.net *.dynatrace.com platform.commandersact.com *.commander1.com *.criteo.com *.criteo.net *.adnxs.com adventori.com www.googleadservices.com bat.bing.com *.salecycle.com *.doubleclick.net *.hotjar.com redirect3536.tagcommander.com *.oppwa.com oppwa.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net qanda.decathlon.com wurfl.io *.commandersact.com translate.google.com nxtck.com onepay-ui.decathlon.net *.contentsquare.net *.contentsquare.com www.youtube.com wss://*.hotjar.com *.loadbee.com *.decathlon.net via.batch.com *.dynamicyield.com *.klarnaservices.com *.onepay-v2-commons-prod-0ywm.decathlon.io screencapture.kampyle.com screencapture-cdn.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com md-scp.kampyle.com resources.digital-cloud-west.medallia.com pay.google.com/gp/p/js/pay.js applepay.cdn-apple.com rum.browser-intake-datadoghq.eu session-replay.browser-intake-datadoghq.eu logs.browser-intake-datadoghq.eu logs.browser-intake-datadoghq.com browser-intake-datadoghq.eu safesizepublic.ucscentral.com google.com/pay tags.creativecdn.com second-life-xps.secondlifebff-prod-bkpr.decathlon.io *.dotomi.com *.yieldify.com cdn.amplitude.com api.amplitude.com api2.amplitude.com pay.datatrans.com view.publitas.com scripts.publitas.com js.stripe.com *.js.stripe.com *.c360a.salesforce.com analytics.tiktok.com *.iadvize.com app.sealmetrics.com script.google.com widget.fitanalytics.com *.adition.com *.pinimg.com *.akafms.net *.akamaihd.net *.akstat.io *.algolia.io *.algolianet.com *.algolia.net *.bing.com *.boltdns.net *.cloudfront.net *.jsdelivr.net *.fitanalytics.com *.googleusercontent.com *.s3.eu-west-1.amazonaws.com api.vid-adblocker.com cdnjs.cloudflare.com spain-tradetrackerscript.decathlon.net *.tradetracker.net *.indigitall.com p.teads.tv afiliacion.decathlon.es *.sunmedia.tv *.efike.co pay.google.com px.reprise-kleup.com/tre payment.direct.ingenico.com payment.direct.worldline-solutions.com *.trustedshops.com widgets.trustedshops.com pagead2.googlesyndication.com/pagead/ consentag.eu *.ctnsnet.com caast.tv *.caast.tv ct.pinterest.com www.dwin1.com *.awin1.com *.zenaps.com the.sciencebehindecommerce.com s2.adform.net track.adform.net *.semseoymas.com *.ssm.codes ssm.codes *.spxl.socy.es;connect-src 'self' *.google-analytics.com *.analytics.google.com *.abtasty.com *.y-track.com *.woosmap.com *.brightcove.com *.brightcovecdn.com *.paypal.com *.braintree-api.com *.braintreegateway.com *.decathlon.net *.decathlon.com *.booxi.eu api.privacy-center.org www.facebook.com *.doubleclick.net bat.bing.com api.booxi.eu bf97725pbp.bf.dynatrace.com *.hotjar.com *.hotjar.io *.oppwa.com oppwa.com *.brightcove.net checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net qanda.decathlon.com booxi-api-be.appspot.com booxi-api.appspot.com sync.commander1.com *.boltdns.net *.akamaihd.net *.contentsquare.net tracking-api-4lasu2nlcq-ew.a.run.app *.googleapis.com wss://*.hotjar.com www.googletagmanager.com via.batch.com ws.batch.com *.dynamicyield.com *.dynamicyield.eu *.klarnaservices.com *.onepay-v2-commons-prod-0ywm.decathlon.io sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com md-scp.kampyle.com resources.digital-cloud-west.medallia.com analytics-fe.digital-cloud-west.medallia.com www.google.com/pay signin.easyence.tech google.com/pay pay.google.com ams.creativecdn.com rum.browser-intake-datadoghq.eu session-replay.browser-intake-datadoghq.eu logs.browser-intake-datadoghq.eu logs.browser-intake-datadoghq.com browser-intake-datadoghq.eu second-life-xps.secondlifebff-prod-bkpr.decathlon.io cdn.amplitude.com api.amplitude.com api2.amplitude.com api.stripe.com *.c360a.salesforce.com sslwidget.criteo.com measurement-api.criteo.com analytics.tiktok.com *.yieldify.com *.yieldify-production.com yieldify.connectorengine.com https://*.algolia.net https://*.algolianet.com https://*.algolia.io wss://*.iadvize.com *.iadvize.com *.sealmetrics.com *.algolia.io *.algolianet.com *.algolia.net direct.dy-api.eu api.vid-adblocker.com cdnjs.cloudflare.com *.fitanalytics.com script.google.com script.googleusercontent.com *.indigitall.com *.teads.tv afiliacion.decathlon.es applepay.cdn-apple.com fpc.decathlon.es wss://*.twilio.com *.trackingplan.com config.trackingplan.com api.trackingplan.com *.trustedshops.com api.trustbadge.etrusted.com api.trustedshops.com shops-si.trustedshops.com trustbadge.api.etrusted.com widgets.trustedshops.com pagead2.googlesyndication.com adservice.google.com/pagead/ www.google.com/pagead/landing i.ctnsnet.com caast.tv *.caast.tv wss://*.caast.tv *.mux.com ct.pinterest.com the.sciencebehindecommerce.com *.wepowerconnections.com payment.direct.worldline-solutions.com *.adform.net *.googlesyndication.com *.ssm.codes ssm.codes *.ssmas.com *.id5-sync.com *.spxl.socy.es stories.adsocy.com p1.socy.es;img-src 'self' data: blob: *.decathlon.com *.cube-net.org *.cube-net.pub contents.mediadecathlon.com *.google-analytics.com *.googletagmanager.com *.brightcove.com *.brightcove.net *.brightcovecdn.com *.paypal.com prod-wt.aws.y-track.com manager.tagcommander.com *.googleapis.com *.abtasty.com *.woosmap.com www.facebook.com www.google.com www.google.es www.google.fr www.google.it www.google.nl www.google.be www.google.pl *.doubleclick.net bat.bing.com *.gstatic.com sync.commander1.com *.atdmt.com tag.goldenbees.fr *.crm4d.com *.adsrvr.org *.adnxs.com sdk.privacy-center.org checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net voucher.decathlon.net apigift.decathlon.com site.booxi.com www.mediadecathlon.com *.boltdns.net *.mediadecathlon.com *.contentsquare.net *.googleadservices.com adservice.google.com wss://*.hotjar.com via.batch.com ws.batch.com icons.batch.com *.onepay-v2-commons-prod-0ywm.decathlon.io screencaptue-cdn.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com cdn-workshop-pop.decathlon.net *.dotomi.com *.yieldify.com *.yieldify-production.com pay.datatrans.com onepay-widget.decathlon.net *.dynamicyield.com *.klarnaservices.com bcboltbde696aa-a.akamaihd.net *.criteo.com analytics.tiktok.com ams.creativecdn.com onestore-cdn.decathlon.net *.iadvize.com sync.adotmob.com *.pinimg.com data.decathlon.es *.cloudfront.net *.algolia.io *.algolianet.com *.algolia.net *.sunmedia.tv *.googleusercontent.com *.fitanalytics.com *.sealmetrics.com cdnjs.cloudflare.com st-filebanking.igstatic.com pixel.efike.co *.tradetracker.net urldefense.com *.teads.tv afiliacion.decathlon.es *.efike.co *.zemanta.com ks.invibes.com widgets.trustedshops.com pixel-autofeed-custom-endpoint.uc.r.appspot.com ade.googlesyndication.com *.caast.tv ct.pinterest.com *.awin1.com *.zenaps.com track.adform.net *.ssm.codes ssm.codes *.ssmas.com *.id5-sync.com *.cdn.socy.cloud;style-src 'self' 'unsafe-inline' www.booxi.eu fonts.googleapis.com *.decathlon.com *.oppwa.com oppwa.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.abtasty.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.mediadecathlon.com wss://*.hotjar.com scripts.publitas.com *.klarnacdn.net *.onepay-v2-commons-prod-0ywm.decathlon.io screencaptue-cdn.kampyle.com nebula-cdn.kampyle.com md-scp.kampyle.com resources.digital-cloud-west.medallia.com second-life-xps.secondlifebff-prod-bkpr.decathlon.io storage.googleapis.com/sl-front-xp-bucket-4v-tmoq/account/ storage.googleapis.com/sphere-assets-prod-71-hbfe/ onepay-widget.decathlon.net pay.datatrans.com *.dynamicyield.com *.dynamicyield.eu *.criteo.com *.iadvize.com data.decathlon.es *.cloudfront.net *.algolia.io *.algolianet.com *.algolia.net *.fitanalytics.com booxi-api-be.appspot.com afiliacion.decathlon.es;font-src 'self' data: *.decathlon.com fonts.gstatic.com *.yieldify-production.com *.oppwa.com oppwa.com *.abtasty.com qanda.decathlon.com *.googleapis.com *.gstatic.com *.klarnacdn.net *.onepay-v2-commons-prod-0ywm.decathlon.io onepay-widget.decathlon.net nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com cdn-workshop-pop.decathlon.net second-life-xps.secondlifebff-prod-bkpr.decathlon.io *.dynamicyield.com *.dynamicyield.eu *.brightcove.com *.decathlon.es *.iadvize.com blob: cdn.jsdelivr.net cdnjs.cloudflare.com *.fitanalytics.com maxcdn.bootstrapcdn.com players.brightcove.net static-cdn.mydecathlon.com vjs.zencdn.net data.decathlon.es *.cloudfront.net afiliacion.decathlon.es s3-eu-west-1.amazonaws.com/dktexpimgcat *.trustedshops.com;object-src view.publitas.com;base-uri 'self';worker-src 'self' blob: via.batch.com 'unsafe-eval' 'unsafe-inline' *.decathlon.es afiliacion.decathlon.es;media-src 'self' blob: secure.brightcove.com *.brightcove.com *.brightcove.net *.boltdns.net *.mediadecathlon.com *.criteo.com bcboltbde696aa-a.akamaihd.net *.akafms.net *.akamaihd.net *.decathlon.es brightcove.hs.llnwd.net brightcove.vo.llnwd.net media.alltricks.com pixel.efike.co players.brightcove.net *.iadvize.com data.decathlon.es *.cloudfront.net *.algolia.io *.algolianet.com *.algolia.net p.teads.tv afiliacion.decathlon.es track.adform.net *.mux.com *.caast.tv;frame-src 'self' *.youtube.com www.google.com/recaptcha/ saas.trylive.com/ site.booxi.eu/ reviews.decathlon.com www.facebook.com *.doubleclick.net *.atdmt.com c.paypal.com checkout.paypal.com www.paypal.com *.hotjar.com *.oppwa.com oppwa.com *.brightcove.net checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com qanda.decathlon.com reviews-collect-eu.satisphere.decathlon.net *.mediadecathlon.com view.publitas.com www.pinterest.com *.abtasty.com *.decathlon.net wss://*.hotjar.com screencapture.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com pay.google.com safesizepublic.ucscentral.com *.klarnaservices.com *.creativecdn.com pay.datatrans.com js.stripe.com *.js.stripe.com hooks.stripe.com gum.criteo.com fledge.eu.criteo.com www.googletagmanager.com csxd.contentsquare.net *.yieldify.com *.iadvize.com *.cloudfront.net *.algolia.io *.algolianet.com *.algolia.net *.sunmedia.tv decathlon-es-es--tst2.custhelp.com serviciousuario.decathlon.es return.celeritastransporte.com qa-assistant.abtasty.com www.pinterest.fr www.pinterest.es afiliacion.decathlon.es data: applepay.cdn-apple.com serveiusuari.decathlon.es payment.direct.ingenico.com payment.direct.worldline-solutions.com consentag.eu caast.tv *.caast.tv *.zenaps.com *.awin1.com;frame-ancestors 'self'; |
| Dkt-Ecom-Origin | cube |
| Connection | keep-alive |
| Link | <https://contents.mediadecathlon.com>; rel=preconnect, </client/style/vtmn-tailwind.8bc058a65fa82dc9d023.css>; rel=preload; as=style, </client/style/vtmn-style.88921bae214f13da8115.css>; rel=preload; as=style, </client/style/vtmn-new-visual-identity.baf19d8b0ed007285903.css>; rel=preload; as=style, </client/style/style.7621e6621e21af91fc97.css>; rel=preload; as=style, </client/app/client.c8eb24b290d69ace9901.js>; rel=preload; as=script |
| Set-Cookie | NFS_USER_ID=d41ed896-90d1-45e8-93d6-7e421b636a72; Max-Age=15811199; Expires=Sat, 18 Oct 2025 16:47:59 GMT; Path=/; Secure |
| Report-To | {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=kktAqISQqhLS4LUkHJye.OT9M8XFwHyX6NYwHwEmEwE-1744994880-1.0.1.1-x6L1sNRKseCC8FVBrUfykoK.Msc5Cg2j79Rldv2cvhYQ79mL8guBTbpF5oBg_YFssxufQkC3lc1JEjyuHeRTIBQkTE5bkJ6wY4NUvqBDw_SXmwhUhMzEWlbHrgXmA32sAsEbGANIvx5SGZ3CbytxIMFb4nOSLDMS4Vzll8gvV1s"}],"group":"cf-csp-endpoint","max_age":86400} |
| X-Permitted-Cross-Domain-Policies | master-only |
| Content-Security-Policy-Report-Only | script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=kktAqISQqhLS4LUkHJye.OT9M8XFwHyX6NYwHwEmEwE-1744994880-1.0.1.1-x6L1sNRKseCC8FVBrUfykoK.Msc5Cg2j79Rldv2cvhYQ79mL8guBTbpF5oBg_YFssxufQkC3lc1JEjyuHeRTIBQkTE5bkJ6wY4NUvqBDw_SXmwhUhMzEWlbHrgXmA32sAsEbGANIvx5SGZ3CbytxIMFb4nOSLDMS4Vzll8gvV1s; report-to cf-csp-endpoint |
| Date | Fri, 18 Apr 2025 16:48:00 GMT |
| Dkt-Ecom-Xp | legacy |
| Referrer-Policy | no-referrer-when-downgrade |
| X-Frame-Options | SAMEORIGIN |
| Strict-Transport-Security | max-age=15768000; includeSubDomains; preload |
| Content-Type | text/html; charset=utf-8 |
| Cf-Ray | 9325a5af79c3760b-AMS |
| Cf-Cache-Status | DYNAMIC |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar