| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| Link | <https://contents.mediadecathlon.com>; rel=preconnect, </client/style/vtmn-tailwind.4a6c8ec1a66ab9cf781a.css>; rel=preload; as=style, </client/style/vtmn-style.88921bae214f13da8115.css>; rel=preload; as=style, </client/style/vtmn-new-visual-identity.baf19d8b0ed007285903.css>; rel=preload; as=style, </client/style/style.76a89403dfe3c103dc71.css>; rel=preload; as=style, </client/app/client.22ff320ab4eae5144246.js>; rel=preload; as=script |
| Referrer-Policy | no-referrer-when-downgrade |
| X-Frame-Options | SAMEORIGIN |
| Strict-Transport-Security | max-age=15768000; includeSubDomains; preload |
| Date | Wed, 16 Apr 2025 20:19:55 GMT |
| Content-Type | text/html; charset=utf-8 |
| X-Permitted-Cross-Domain-Policies | master-only |
| Server | cloudflare |
| Cf-Ray | 9316615e2c010bc0-AMS |
| Connection | keep-alive |
| Vary | Accept-Encoding |
| X-Xss-Protection | 1; mode=block |
| Set-Cookie | NFS_USER_ID=cd92be7a-b7aa-447e-9e61-d08c39218354; Max-Age=15811200; Expires=Thu, 16 Oct 2025 20:19:55 GMT; Path=/; Secure |
| Content-Security-Policy | block-all-mixed-content ;upgrade-insecure-requests ;default-src 'self' adventori.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.abtasty.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.abtasty.com *.y-track.com *.google-analytics.com *.googletagmanager.com www.googletagmanager.com vjs.zencdn.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ ui.onepay.decathlon.net *.paypal.com *.braintreegateway.com *.brightcove.net *.trylive.com *.googleapis.com sdk.privacy-center.org sdk.woosmap.com www.booxi.eu appmobile-bridge-js.s3-eu-west-1.amazonaws.com *.woosmap.com ui.onepay-qualification.decathlon.io cdn.tagcommander.com *.facebook.net *.dynatrace.com platform.commandersact.com *.commander1.com *.criteo.com *.criteo.net *.adnxs.com adventori.com www.googleadservices.com bat.bing.com *.salecycle.com *.doubleclick.net *.hotjar.com redirect3536.tagcommander.com *.oppwa.com oppwa.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net qanda.decathlon.com wurfl.io *.commandersact.com translate.google.com nxtck.com onepay-ui.decathlon.net *.contentsquare.net *.contentsquare.com www.youtube.com wss://*.hotjar.com *.loadbee.com *.decathlon.net via.batch.com *.dynamicyield.com *.klarnaservices.com *.onepay-v2-commons-prod-0ywm.decathlon.io screencapture.kampyle.com screencapture-cdn.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com md-scp.kampyle.com resources.digital-cloud-west.medallia.com pay.google.com/gp/p/js/pay.js applepay.cdn-apple.com rum.browser-intake-datadoghq.eu session-replay.browser-intake-datadoghq.eu logs.browser-intake-datadoghq.eu logs.browser-intake-datadoghq.com browser-intake-datadoghq.eu safesizepublic.ucscentral.com google.com/pay tags.creativecdn.com second-life-xps.secondlifebff-prod-bkpr.decathlon.io *.dotomi.com cdn.amplitude.com api.amplitude.com api2.amplitude.com pay.datatrans.com view.publitas.com scripts.publitas.com js.stripe.com *.js.stripe.com *.c360a.salesforce.com analytics.tiktok.com p.teads.tv t.contentsquare.net contentsquare.com admo.tv capture.trackjs.com widgets.trustedshops.com *.adition.com sdk.teester.com *.iadvize.com *.cloudflare.com *.jsdelivr.net *.amazonaws.com *.valiuz.com *.valiuz.io unpkg.com *.numerized.com numerized.fr numerized.com *.pinimg.com *.mopinion.com *.tradelab.fr *.rakuten.com *.yimg.com s.kk-resources.com *.mediarithmics.com *.trustedshops.com *.segment.com *.target2sell.com player.vimeo.com intljs.rmtag.com *.trackjs.com use.fontawesome.com *.smartsuppchat.com *.flagship.com app.contentsquare.com www.mobsuccess.com ad.atdmt.com *.hotjar.io party.spockee.io *.cloudfront.net aac.artengo-tennis.com widget.spockee.io decathlon.script.admo.tv *.tokbox.com *.opentok.com *.deafiline.net swrap.tradedoubler.com *.spockee.io d3o3q2c2a135bm.cloudfront.net d1qsuwoy74mm6g.cloudfront.net script.google.com script.googleusercontent.com *.linksynergy.com act-eu.rd.linksynergy.com dtm.decathlon.fr c81418.csd.dotomi.com login-ds.dotomi.com dtm.decathlon.co.uk *.decathlon.fr *.decathlon.co.uk pay.google.com s.kelkoogroup.net caast.tv *.caast.tv *.bambuser.com bambuser-calls.livekit.cloud message-server-hbma4acmea-ew.a.run.app lvseucalls.page.link ads-engagement.presage.io ct.pinterest.com;connect-src 'self' *.google-analytics.com *.analytics.google.com *.abtasty.com *.y-track.com *.woosmap.com *.brightcove.com *.brightcovecdn.com *.paypal.com *.braintree-api.com *.braintreegateway.com *.decathlon.net *.decathlon.com *.booxi.eu api.privacy-center.org www.facebook.com *.doubleclick.net bat.bing.com api.booxi.eu bf97725pbp.bf.dynatrace.com *.hotjar.com *.hotjar.io *.oppwa.com oppwa.com *.brightcove.net checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net qanda.decathlon.com booxi-api-be.appspot.com booxi-api.appspot.com sync.commander1.com *.boltdns.net *.akamaihd.net *.contentsquare.net tracking-api-4lasu2nlcq-ew.a.run.app *.googleapis.com wss://*.hotjar.com www.googletagmanager.com via.batch.com ws.batch.com *.dynamicyield.com *.dynamicyield.eu *.klarnaservices.com *.onepay-v2-commons-prod-0ywm.decathlon.io sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com md-scp.kampyle.com resources.digital-cloud-west.medallia.com analytics-fe.digital-cloud-west.medallia.com www.google.com/pay signin.easyence.tech google.com/pay pay.google.com ams.creativecdn.com rum.browser-intake-datadoghq.eu session-replay.browser-intake-datadoghq.eu logs.browser-intake-datadoghq.eu logs.browser-intake-datadoghq.com browser-intake-datadoghq.eu second-life-xps.secondlifebff-prod-bkpr.decathlon.io cdn.amplitude.com api.amplitude.com api2.amplitude.com api.stripe.com *.c360a.salesforce.com sslwidget.criteo.com measurement-api.criteo.com analytics.tiktok.com capture.trackjs.com *.api.gouv.fr *.amazonaws.com *.iadvize.com *.valiuz.com *.valiuz.io *.luckyorange.com *.luckyorange.net *.mopinion.com *.numerized.com numerized.fr numerized.com api.teester.com tracking-api-qk77g3b4wa-ew.a.run.app transaction-api-qk77g3b4wa-ew.a.run.app *.segment.com *.target2sell.com *.tradelab.fr wss://*.visitors.live vimeo.com *.yimg.com *.webgeoservices.com app.contentsquare.com decision.flagship.io cookie-matching.mediarithmics.com ib.adnxs.com manifest.prod.boltdns.net wss://xmpp-ha-alb.iadvize.com api.spockee.io aac.artengo-tennis.com wss://*.iadvize.com decathlon.mypangee.com decathlon.admo.tv www.google.com adservice.google.com t.teads.tv cm.teads.tv *.tokbox.com *.opentok.com *.spockee.io d3o3q2c2a135bm.cloudfront.net daxg4zxtk3miz.cloudfront.net script.google.com script.googleusercontent.com *.linksynergy.com player.teester.com image.teester.com sdk.teester.com decathlon-ttpx.com sheets.googleapis.com tracking-api-fr-4lasu2nlcq-ew.a.run.app fpc.decathlon.fr *.loadbee.com maintenance.decathlon.fr s.kelkoogroup.net s.kk-resources.com ws://*.spockee.io *.twilio.com wss://*.twilio.com lp.decathlon.fr caast.tv *.caast.tv wss://*.caast.tv *.mux.com *.bambuser.com bambuser-calls.livekit.cloud message-server-hbma4acmea-ew.a.run.app *.kaminoretail.dev *.kaminoretail.io ct.pinterest.com;img-src 'self' data: blob: *.decathlon.com *.cube-net.org *.cube-net.pub contents.mediadecathlon.com *.google-analytics.com *.googletagmanager.com *.brightcove.com *.brightcove.net *.brightcovecdn.com *.paypal.com prod-wt.aws.y-track.com manager.tagcommander.com *.googleapis.com *.abtasty.com *.woosmap.com www.facebook.com www.google.com www.google.es www.google.fr www.google.it www.google.nl www.google.be www.google.pl *.doubleclick.net bat.bing.com *.gstatic.com sync.commander1.com *.atdmt.com tag.goldenbees.fr *.crm4d.com *.adsrvr.org *.adnxs.com sdk.privacy-center.org checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net voucher.decathlon.net apigift.decathlon.com site.booxi.com www.mediadecathlon.com *.boltdns.net *.mediadecathlon.com *.contentsquare.net *.googleadservices.com adservice.google.com wss://*.hotjar.com via.batch.com ws.batch.com icons.batch.com *.onepay-v2-commons-prod-0ywm.decathlon.io screencaptue-cdn.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com cdn-workshop-pop.decathlon.net *.dotomi.com pay.datatrans.com onepay-widget.decathlon.net *.dynamicyield.com *.klarnaservices.com bcboltbde696aa-a.akamaihd.net *.criteo.com analytics.tiktok.com ams.creativecdn.com img.youtube.com capture.trackjs.com *.amazonaws.com *.bing.com *.flagship.com *.iadvize.com *.valiuz.com *.valiuz.io *.linksynergy.com *.mopinion.com prod.y-medialink.com *.pinimg.com ext-inv-cdn.presage.io widgets.trustedshops.com *.mediaforge.com *.rakuten.com *.segment.com *.target2sell.com *.tradelab.fr *.yahoo.com *.omnitagjs.com consent.jrs5.com sync.adotmob.com idsync.rlcdn.com consent.nxtck.com consent.dc-storm.com nxtck.com t.teads.tv cm.teads.tv l.teads.tv *.hotjar.com *.hotjar.io www.mobsuccess.com aac.artengo-tennis.com *.deafiline.net swrap.tradedoubler.com daxg4zxtk3miz.cloudfront.net image.teester.com play-lh.googleusercontent.com marketing.net.idealo-partner.com dtm.decathlon.fr c81418.csd.dotomi.com login-ds.dotomi.com dtm.decathlon.co.uk *.loadbee.com s.kelkoogroup.net s.kk-resources.com spockee-cdn.s3.ca-central-1.amazonaws.com *.caast.tv i.ytimg.com ads-engagement.presage.io *.bambuser.com presage.io ct.pinterest.com;style-src 'self' 'unsafe-inline' www.booxi.eu fonts.googleapis.com *.decathlon.com *.oppwa.com oppwa.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.abtasty.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.mediadecathlon.com wss://*.hotjar.com scripts.publitas.com *.klarnacdn.net *.onepay-v2-commons-prod-0ywm.decathlon.io screencaptue-cdn.kampyle.com nebula-cdn.kampyle.com md-scp.kampyle.com resources.digital-cloud-west.medallia.com second-life-xps.secondlifebff-prod-bkpr.decathlon.io storage.googleapis.com/sl-front-xp-bucket-4v-tmoq/account/ storage.googleapis.com/sphere-assets-prod-71-hbfe/ onepay-widget.decathlon.net pay.datatrans.com *.dynamicyield.com *.dynamicyield.eu *.criteo.com *.amazonaws.com unpkg.com *.mopinion.com use.fontawesome.com static.iadvize.com cdnjs.cloudflare.com aac.artengo-tennis.com *.deafiline.net *.iadvize.com *.loadbee.com;font-src 'self' data: *.decathlon.com fonts.gstatic.com *.oppwa.com oppwa.com *.abtasty.com qanda.decathlon.com *.googleapis.com *.gstatic.com *.klarnacdn.net *.onepay-v2-commons-prod-0ywm.decathlon.io nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com cdn-workshop-pop.decathlon.net second-life-xps.secondlifebff-prod-bkpr.decathlon.io *.dynamicyield.com *.dynamicyield.eu *.amazonaws.com *.mopinion.com *.trustedshops.com use.fontawesome.com static.iadvize.com cdnjs.cloudflare.com *.deafiline.net *.loadbee.com;object-src view.publitas.com;base-uri 'self' pay.google.com;worker-src 'self' blob: via.batch.com 'unsafe-eval' 'unsafe-inline' decathlon.deafiline.net push-app-dev.deafiline.net push-app-dev.deafiline.net:1440 ws: player.teester.com image.teester.com;media-src 'self' blob: secure.brightcove.com *.brightcove.com *.brightcove.net *.boltdns.net *.mediadecathlon.com *.criteo.com bcboltbde696aa-a.akamaihd.net *.amazonaws.com *.akamaihd.net *.akafms.net *.deafiline.net player.teester.com *.mux.com *.caast.tv *.bambuser.com;frame-src 'self' *.youtube.com www.google.com/recaptcha/ saas.trylive.com/ site.booxi.eu/ reviews.decathlon.com www.facebook.com *.doubleclick.net *.atdmt.com c.paypal.com checkout.paypal.com www.paypal.com *.hotjar.com *.oppwa.com oppwa.com *.brightcove.net checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com qanda.decathlon.com reviews-collect-eu.satisphere.decathlon.net *.mediadecathlon.com view.publitas.com www.pinterest.com *.abtasty.com *.decathlon.net wss://*.hotjar.com screencapture.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com pay.google.com safesizepublic.ucscentral.com *.klarnaservices.com *.creativecdn.com pay.datatrans.com js.stripe.com *.js.stripe.com hooks.stripe.com gum.criteo.com fledge.eu.criteo.com www.googletagmanager.com csxd.contentsquare.net decathlon-fr-fr--tst2.custhelp.com *.calameo.com halc.iadvize.com *.vimeo.com unequestion.decathlon.fr widget.activites.decathlon.fr *.hotjar.io *.cloudfront.net repair-hub.decathlon.net emersya.com decathlon.deafiline.net www.google.com app.livestorm.co video.eko.com www.shape3d.com d1di987mdgym2l.cloudfront.net player.teester.com image.teester.com www.pinterest.fr *.loadbee.com s.kelkoogroup.net s.kk-resources.com *.spockee.io d2smzkbxwgpfsi.cloudfront.net caast.tv *.caast.tv www.youtube-nocookie.com www.youtube.com gagnezvosbillets-paris2024.decathlon.fr www.trouver-ma-piece.decathlon.fr *.bambuser.com p.teads.tv fledge.teads.tv ct.pinterest.com;frame-ancestors 'self'; |
| X-Content-Type-Options | nosniff |
| Cache-Control | max-age=0, reload, no-cache, no-store, must-revalidate |
| Cf-Cache-Status | DYNAMIC |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar