| Header Name | Header Data |
|---|---|
| HTTP status code | 200 |
| Content-Security-Policy | block-all-mixed-content ;upgrade-insecure-requests ;default-src 'self' adventori.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.abtasty.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.abtasty.com *.y-track.com *.google-analytics.com *.googletagmanager.com www.googletagmanager.com vjs.zencdn.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ ui.onepay.decathlon.net *.paypal.com *.braintreegateway.com *.brightcove.net *.trylive.com *.googleapis.com sdk.privacy-center.org sdk.woosmap.com www.booxi.eu appmobile-bridge-js.s3-eu-west-1.amazonaws.com *.woosmap.com ui.onepay-qualification.decathlon.io cdn.tagcommander.com *.facebook.net *.dynatrace.com platform.commandersact.com *.commander1.com *.criteo.com *.criteo.net *.adnxs.com adventori.com www.googleadservices.com bat.bing.com *.salecycle.com *.doubleclick.net *.hotjar.com redirect3536.tagcommander.com *.oppwa.com oppwa.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net qanda.decathlon.com wurfl.io *.commandersact.com translate.google.com nxtck.com onepay-ui.decathlon.net *.contentsquare.net *.contentsquare.com www.youtube.com wss://*.hotjar.com *.loadbee.com *.decathlon.net via.batch.com *.dynamicyield.com *.klarnaservices.com *.onepay-v2-commons-prod-0ywm.decathlon.io screencapture.kampyle.com screencapture-cdn.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com md-scp.kampyle.com resources.digital-cloud-west.medallia.com pay.google.com/gp/p/js/pay.js applepay.cdn-apple.com rum.browser-intake-datadoghq.eu session-replay.browser-intake-datadoghq.eu logs.browser-intake-datadoghq.eu logs.browser-intake-datadoghq.com browser-intake-datadoghq.eu safesizepublic.ucscentral.com google.com/pay tags.creativecdn.com second-life-xps.secondlifebff-prod-bkpr.decathlon.io *.dotomi.com cdn.amplitude.com api.amplitude.com api2.amplitude.com pay.datatrans.com view.publitas.com scripts.publitas.com js.stripe.com *.js.stripe.com *.c360a.salesforce.com analytics.tiktok.com *.cube-net.org *.cube-net.pub *.decathlon.com *.facebook.com *.googleadservices.com *.gstatic.com *.preprod.decathlon.com connect.facebook.net *.adform.net *.app.baqend.com *.ceneo.pl *.convertiser.com *.custhelp.com *.decathlon.pt *.easyence.com *.privacy-center.org *.rtbhouse.com *.tagcommander.com *.trustcommander.net *.useinsider.com appserver-develop.app.inteliwi.se brightcove.hs.llnwd.net brightcove.vo.llnwd.net browser.sentry-cdn.com cdn.jsdelivr.net d3e54v103j8qbb.cloudfront.net decathlon.pt s3-eu-west-1.amazonaws.com trustmate.io urldefense.proofpoint.com www.google-analytics.com www.paypal.com www.snrcdn.net prod-js.aws.y-track.com www.google.com *.inside-graph.com www.dwin1.com ui.swogo.net *.sharethis.com cdn.userway.org *.retailrocket.net player.vimeo.com dsp.adfarm1.adition.com api.pushpushgo.com s-eu-1.pushpushgo.com cdn.pushpushgo.com *.speedcurve.com cdn.onlive.site *.zenaps.com *.sciencebehindecommerce.com static.zdassets.com *.zdassets.com *.zendesk.com api.smooch.io onlive-site-default-rtdb.europe-west1.firebasedatabase.app s-euw1c-nss-2203.europe-west1.firebasedatabase.app *.europe-west1.firebasedatabase.app player.live-video.net webrtc.github.io/adapter/adapter-latest.js ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js *.lemonpi.io;connect-src 'self' *.google-analytics.com *.analytics.google.com *.abtasty.com *.y-track.com *.woosmap.com *.brightcove.com *.brightcovecdn.com *.paypal.com *.braintree-api.com *.braintreegateway.com *.decathlon.net *.decathlon.com *.booxi.eu api.privacy-center.org www.facebook.com *.doubleclick.net bat.bing.com api.booxi.eu bf97725pbp.bf.dynatrace.com *.hotjar.com *.hotjar.io *.oppwa.com oppwa.com *.brightcove.net checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net qanda.decathlon.com booxi-api-be.appspot.com booxi-api.appspot.com sync.commander1.com *.boltdns.net *.akamaihd.net *.contentsquare.net tracking-api-4lasu2nlcq-ew.a.run.app *.googleapis.com wss://*.hotjar.com www.googletagmanager.com via.batch.com ws.batch.com *.dynamicyield.com *.dynamicyield.eu *.klarnaservices.com *.onepay-v2-commons-prod-0ywm.decathlon.io sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com md-scp.kampyle.com resources.digital-cloud-west.medallia.com analytics-fe.digital-cloud-west.medallia.com www.google.com/pay signin.easyence.tech google.com/pay pay.google.com ams.creativecdn.com rum.browser-intake-datadoghq.eu session-replay.browser-intake-datadoghq.eu logs.browser-intake-datadoghq.eu logs.browser-intake-datadoghq.com browser-intake-datadoghq.eu second-life-xps.secondlifebff-prod-bkpr.decathlon.io cdn.amplitude.com api.amplitude.com api2.amplitude.com api.stripe.com *.c360a.salesforce.com sslwidget.criteo.com measurement-api.criteo.com analytics.tiktok.com *.baqend.com *.inside-graph.com wss://*.inside-graph.com sentry.io api.swogo.net *.sharethis.com tracking.swogo.net api.userway.org *.decathlon.pt vimeo.com *.adform.net *.adnxs.com *.adsrvr.org *.atdmt.com *.ceneo.pl *.commander1.com *.commandersact.com *.convertiser.com *.crm4d.com *.cube-net.org *.cube-net.pub *.custhelp.com *.dynatrace.com *.easyence.com *.facebook.com *.facebook.net *.googleadservices.com *.googletagmanager.com *.gstatic.com *.mediadecathlon.com *.privacy-center.org *.retailrocket.net *.rtbhouse.com *.salecycle.com *.seadform.net *.tagcommander.com *.trackjs.com *.trustcommander.net *.trylive.com *.useinsider.com adventori.com api.pushpushgo.com appmobile-bridge-js.s3-eu-west-1.amazonaws.com appserver-develop.app.inteliwi.se brightcove.hs.llnwd.net brightcove.vo.llnwd.net browser.sentry-cdn.com cdn.jsdelivr.net cdn.pushpushgo.com cdn.tagcommander.com cdn.userway.org connect.facebook.net contents.mediadecathlon.com d3e54v103j8qbb.cloudfront.net decathlon.pt dsp.adfarm1.adition.com fonts.googleapis.com fonts.gstatic.com inteliwise-client.s3.amazonaws.com inteliwise-eu.s3.amazonaws.com manager.tagcommander.com nxtck.com platform.commandersact.com player.vimeo.com redirect3536.tagcommander.com s-eu-1.pushpushgo.com s3-eu-west-1.amazonaws.com s3.us-east-1.amazonaws.com sdk.privacy-center.org site.booxi.com static-a.pushpushgo.com sync.adotmob.com tag.goldenbees.fr translate.google.com trustmate.io ui.onepay-qualification.decathlon.io ui.swogo.net urldefense.proofpoint.com vjs.zencdn.net wurfl.io www.awin1.com www.dwin1.com www.google.be www.google.com www.google.com/recaptcha/ www.google.es www.google.fr www.google.it www.google.nl www.google.pl www.google.pt www.googleadservices.com www.gstatic.com/recaptcha/ www.mediadecathlon.com www.snrcdn.net www.youtube.com decathlonpt.app.baqend.com api.numerized.com *.speedcurve.com *.onlive.site onlive.site *.zenaps.com *.sciencebehindecommerce.com fpc.decathlon.pt api.smooch.io media.smooch.io wss://api.smooch.io *.zdassets.com *.zendesk.com mirakl-api.oxitpl.com *.millicast.com wss://live-west.millicast.com wss://api.onlive.site onlive-site.appspot.com webrtc.github.io s-euw1b-nss-208.europe-west1.firebasedatabase.app tao6h0wlhh.execute-api.eu-west-2.amazonaws.com onlive-site-default-rtdb.europe-west1.firebasedatabase.app firestore.googleapis.com ajax.googleapis.com identitytoolkit.googleapis.com code.iconify.design o1126177.ingest.sentry.io api.ipify.org geolocation-db.com httpbin.org player.live-video.net *.firebasedatabase.app wss://*.europe-west1.firebasedatabase.app api.iconify.design s-euw1c-nss-2203.europe-west1.firebasedatabase.app wss://s-euw1c-nss-2203.europe-west1.firebasedatabase.app *.lemonpi.io 'unsafe-inline' 'unsafe-eval' ui.onepay.decathlon.net sdk.woosmap.com www.booxi.eu *.criteo.com *.criteo.net onepay-ui.decathlon.net *.contentsquare.com *.loadbee.com screencapture.kampyle.com screencapture-cdn.kampyle.com pay.google.com/gp/p/js/pay.js applepay.cdn-apple.com safesizepublic.ucscentral.com tags.creativecdn.com *.dotomi.com pay.datatrans.com view.publitas.com scripts.publitas.com js.stripe.com *.js.stripe.com *.preprod.decathlon.com *.app.baqend.com www.google-analytics.com www.paypal.com prod-js.aws.y-track.com cdn.onlive.site static.zdassets.com *.europe-west1.firebasedatabase.app webrtc.github.io/adapter/adapter-latest.js ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js data: blob: prod-wt.aws.y-track.com voucher.decathlon.net apigift.decathlon.com adservice.google.com icons.batch.com screencaptue-cdn.kampyle.com cdn-workshop-pop.decathlon.net onepay-widget.decathlon.net bcboltbde696aa-a.akamaihd.net accounts.zdassets.com decathlon4400.zendesk.com https//static.zdassets.com storage.googleapis.com/sl-front-xp-bucket-4v-tmoq/account/ storage.googleapis.com/sphere-assets-prod-71-hbfe/ ws: secure.brightcove.com cdn.decathlon.pt www.decathlon.fr *.youtube.com saas.trylive.com/ site.booxi.eu/ reviews.decathlon.com c.paypal.com checkout.paypal.com reviews-collect-eu.satisphere.decathlon.net www.pinterest.com *.creativecdn.com hooks.stripe.com gum.criteo.com fledge.eu.criteo.com csxd.contentsquare.net vrbox.io *.calameo.com *.kipsta-barrio.com;img-src 'self' data: blob: *.decathlon.com *.cube-net.org *.cube-net.pub contents.mediadecathlon.com *.google-analytics.com *.googletagmanager.com *.brightcove.com *.brightcove.net *.brightcovecdn.com *.paypal.com prod-wt.aws.y-track.com manager.tagcommander.com *.googleapis.com *.abtasty.com *.woosmap.com www.facebook.com www.google.com www.google.es www.google.fr www.google.it www.google.nl www.google.be www.google.pl *.doubleclick.net bat.bing.com *.gstatic.com sync.commander1.com *.atdmt.com tag.goldenbees.fr *.crm4d.com *.adsrvr.org *.adnxs.com sdk.privacy-center.org checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net voucher.decathlon.net apigift.decathlon.com site.booxi.com www.mediadecathlon.com *.boltdns.net *.mediadecathlon.com *.contentsquare.net *.googleadservices.com adservice.google.com wss://*.hotjar.com via.batch.com ws.batch.com icons.batch.com *.onepay-v2-commons-prod-0ywm.decathlon.io screencaptue-cdn.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com cdn-workshop-pop.decathlon.net *.dotomi.com pay.datatrans.com onepay-widget.decathlon.net *.dynamicyield.com *.klarnaservices.com bcboltbde696aa-a.akamaihd.net *.criteo.com analytics.tiktok.com ams.creativecdn.com *.braintreegateway.com *.facebook.com *.y-track.com connect.facebook.net *.adform.net *.ceneo.pl *.commander1.com *.commandersact.com *.convertiser.com *.custhelp.com *.decathlon.net *.decathlon.pt *.easyence.com *.hotjar.com *.rtbhouse.com *.seadform.net *.tagcommander.com *.trackjs.com *.trustcommander.net *.useinsider.com appmobile-bridge-js.s3-eu-west-1.amazonaws.com brightcove.hs.llnwd.net brightcove.vo.llnwd.net decathlon.pt inteliwise-client.s3.amazonaws.com inteliwise-eu.s3.amazonaws.com s3-eu-west-1.amazonaws.com trustmate.io ui.onepay-qualification.decathlon.io ui.onepay.decathlon.net www.google-analytics.com www.googletagmanager.com www.paypal.com s3.us-east-1.amazonaws.com onepay-ui.decathlon.net prod-js.aws.y-track.com www.awin1.com *.inside-graph.com *.sharethis.com ui.swogo.net cdn.userway.org *.retailrocket.net sync.adotmob.com s-eu-1.pushpushgo.com cdn.pushpushgo.com static-a.pushpushgo.com *.app.baqend.com *.zenaps.com *.onlive.site static.zdassets.com accounts.zdassets.com decathlon4400.zendesk.com *.zdassets.com *.zendesk.com https//static.zdassets.com www.google.pt *.lemonpi.io;style-src 'self' 'unsafe-inline' www.booxi.eu fonts.googleapis.com *.decathlon.com *.oppwa.com oppwa.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.abtasty.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.mediadecathlon.com wss://*.hotjar.com scripts.publitas.com *.klarnacdn.net *.onepay-v2-commons-prod-0ywm.decathlon.io screencaptue-cdn.kampyle.com nebula-cdn.kampyle.com md-scp.kampyle.com resources.digital-cloud-west.medallia.com second-life-xps.secondlifebff-prod-bkpr.decathlon.io storage.googleapis.com/sl-front-xp-bucket-4v-tmoq/account/ storage.googleapis.com/sphere-assets-prod-71-hbfe/ onepay-widget.decathlon.net pay.datatrans.com *.dynamicyield.com *.dynamicyield.eu *.criteo.com *.cube-net.org *.cube-net.pub *.decathlon.net *.decathlon.pt *.useinsider.com cdn.jsdelivr.net decathlon.pt trustmate.io www.snrcdn.net *.inside-graph.com cdn.userway.org *.retailrocket.net;font-src 'self' data: *.decathlon.com fonts.gstatic.com *.oppwa.com oppwa.com *.abtasty.com qanda.decathlon.com *.googleapis.com *.gstatic.com *.klarnacdn.net *.onepay-v2-commons-prod-0ywm.decathlon.io nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com cdn-workshop-pop.decathlon.net second-life-xps.secondlifebff-prod-bkpr.decathlon.io *.dynamicyield.com *.dynamicyield.eu *.decathlon.pt decathlon.pt cdn.userway.org s-eu-1.pushpushgo.com cdn.pushpushgo.com *.app.baqend.com;object-src view.publitas.com;base-uri 'self';worker-src 'self' blob: via.batch.com 'unsafe-eval' 'unsafe-inline' *.cube-net.org *.cube-net.pub ws: api.pushpushgo.com s-eu-1.pushpushgo.com cdn.pushpushgo.com;media-src 'self' blob: secure.brightcove.com *.brightcove.com *.brightcove.net *.boltdns.net *.mediadecathlon.com *.criteo.com bcboltbde696aa-a.akamaihd.net *.cube-net.org *.cube-net.pub data: brightcove.hs.llnwd.net brightcove.vo.llnwd.net cdn.userway.org *.akamaihd.net cdn.decathlon.pt www.decathlon.fr;frame-src 'self' *.youtube.com www.google.com/recaptcha/ saas.trylive.com/ site.booxi.eu/ reviews.decathlon.com www.facebook.com *.doubleclick.net *.atdmt.com c.paypal.com checkout.paypal.com www.paypal.com *.hotjar.com *.oppwa.com oppwa.com *.brightcove.net checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com qanda.decathlon.com reviews-collect-eu.satisphere.decathlon.net *.mediadecathlon.com view.publitas.com www.pinterest.com *.abtasty.com *.decathlon.net wss://*.hotjar.com screencapture.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com pay.google.com safesizepublic.ucscentral.com *.klarnaservices.com *.creativecdn.com pay.datatrans.com js.stripe.com *.js.stripe.com hooks.stripe.com gum.criteo.com fledge.eu.criteo.com www.googletagmanager.com csxd.contentsquare.net *.cube-net.org *.cube-net.pub *.facebook.com *.preprod.decathlon.com *.adform.net *.brightcove.com *.custhelp.com *.decathlon.pt *.paypal.com *.tagcommander.com *.useinsider.com decathlon.pt www.youtube.com vrbox.io www.google.com *.calameo.com *.inside-graph.com cdn.userway.org player.vimeo.com *.googletagmanager.com *.zenaps.com *.onlive.site *.kipsta-barrio.com;frame-ancestors 'self' *.cube-net.org *.cube-net.pub *.facebook.com *.decathlon.pt; |
| X-Xss-Protection | 1; mode=block |
| Date | Sat, 19 Apr 2025 12:18:39 GMT |
| Content-Type | text/html; charset=utf-8 |
| Referrer-Policy | no-referrer-when-downgrade |
| X-Permitted-Cross-Domain-Policies | master-only |
| Cache-Control | max-age=0, reload, no-cache, no-store, must-revalidate |
| Cf-Cache-Status | DYNAMIC |
| Server | cloudflare |
| Cf-Ray | 932c58849db4e6d0-AMS |
| Connection | keep-alive |
| X-Frame-Options | SAMEORIGIN |
| X-Content-Type-Options | nosniff |
| Strict-Transport-Security | max-age=15768000; includeSubDomains; preload |
| Link | <https://contents.mediadecathlon.com>; rel=preconnect, </client/style/vtmn-tailwind.f44fc14ce8981f60e28f.css>; rel=preload; as=style, </client/style/vtmn-style.c103b59809997af484ca.css>; rel=preload; as=style, </client/style/vtmn-new-visual-identity.baf19d8b0ed007285903.css>; rel=preload; as=style, </client/style/style.7f36042c4110b6b5cffb.css>; rel=preload; as=style, </client/app/client.3143eba22276dfc11b7f.js>; rel=preload; as=script |
| Vary | Accept-Encoding |
| Set-Cookie | NFS_USER_ID=0f78bb55-ab44-4966-bf42-c30300f97598; Max-Age=15811200; Expires=Sun, 19 Oct 2025 12:18:39 GMT; Path=/; Secure |
By using SecurityHeaders.info, you can quickly identify missing or misconfigured headers and take steps to secure your website, improving both security and user confidence.
This tool is widely used by developers, security professionals, and organizations to ensure their websites adhere to best practices in web security.
We also have another analytic tool that is used for identifying popularity metrics, general information about the business, finding similar products and competitors, and much more.
Watch it now at TrustRadar