- Scan ID:
- a595e052-fbc7-45f8-84d5-115ebd0e3f06Finished
- Submitted URL:
- https://decathlon.plRedirected
- Report Finished:
Risks · 0 found
Practices that may pose security risks
Security Headers · 7 found
HTTP response headers that can harden the security of a web application
Learn more...| Name | Value | Support | Info |
|---|---|---|---|
| Strict-Transport-Security | max-age=15768000; includeSubDomains; preload | Good | Declare that a website is only accessible over a secure connection (HTTPS). Click to learn more... |
| X-Frame-Options | SAMEORIGIN | Good | Indicate whether a browser should be allowed to render a page in a <frame>, <iframe>, <embed> or <object>. Click to learn more... |
| X-Content-Type-Options | nosniff | Good | Indicate that the MIME types advertised in the Content-Type headers should be followed and not be changed. Click to learn more... |
| Content-Security-Policy | block-all-mixed-content; upgrade-insecure-requests; default-src 'self' *.criteo.com *.criteo.net adventori.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.abtasty.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.abtasty.com *.y-track.com *.google-analytics.com *.googletagmanager.com www.googletagmanager.com vjs.zencdn.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ ui.onepay.decathlon.net *.paypal.com *.braintreegateway.com *.brightcove.net *.trylive.com *.googleapis.com sdk.privacy-center.org sdk.woosmap.com www.booxi.eu appmobile-bridge-js.s3-eu-west-1.amazonaws.com *.woosmap.com ui.onepay-qualification.decathlon.io cdn.tagcommander.com *.facebook.net *.dynatrace.com platform.commandersact.com *.commander1.com *.criteo.com *.criteo.net *.adnxs.com adventori.com www.googleadservices.com bat.bing.com *.salecycle.com *.doubleclick.net *.hotjar.com redirect3536.tagcommander.com *.oppwa.com oppwa.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net qanda.decathlon.com wurfl.io *.commandersact.com translate.google.com nxtck.com onepay-ui.decathlon.net *.contentsquare.net *.contentsquare.com www.youtube.com wss://*.hotjar.com *.loadbee.com *.decathlon.net via.batch.com *.dynamicyield.com *.klarnaservices.com *.onepay-v2-commons-prod-0ywm.decathlon.io screencapture.kampyle.com screencapture-cdn.kampyle.com resources.digital-cloud.medallia.eu sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com md-scp.kampyle.com resources.digital-cloud-west.medallia.com pay.google.com/gp/p/js/pay.js applepay.cdn-apple.com rum.browser-intake-datadoghq.eu session-replay.browser-intake-datadoghq.eu logs.browser-intake-datadoghq.eu logs.browser-intake-datadoghq.com browser-intake-datadoghq.eu safesizepublic.ucscentral.com google.com/pay creativecdn.com *.creativecdn.com second-life-xps.secondlifebff-prod-bkpr.decathlon.io *.dotomi.com cdn.amplitude.com api.amplitude.com api2.amplitude.com pay.datatrans.com view.publitas.com scripts.publitas.com js.stripe.com *.js.stripe.com www.snrcdn.net *.cube-net.org *.cube-net.pub *.decathlon.com *.decathlon.pl *.facebook.com *.googleadservices.com *.gstatic.com connect.facebook.net *.adform.net *.app.baqend.com *.ceneo.pl *.convertiser.com *.custhelp.com *.easyence.com *.hotjar.io *.przelewy24.pl *.rtbhouse.com *.searchnode.io *.tagcommander.com *.trustcommander.net *.useinsider.com appserver-develop.app.inteliwi.se bht.loyaltypoint.pl brightcove.hs.llnwd.net brightcove.vo.llnwd.net browser.sentry-cdn.com cdn.jsdelivr.net converti.se decathlon.behtar.io pay.google.com pixel.wp.pl s3-eu-west-1.amazonaws.com trustmate.io urldefense.proofpoint.com www.google.com trafficscanner.pl ib.adnxs.com *.adventori.com *.adition.com *.searchnode.net web.snrbox.com synerise.decathlon.pl *.oxitpl.com *.lamoda.pl *.bnpparibas.pl proxy.synerise.com ocdn.eu *.fitanalytics.com api-shipx-pl.easypack24.net act-eu.rd.linksynergy.com snrlink-page.com *.tradedoubler.com *.chatbotize.com *.googleoptimize.com *.trbo.com optimize.google.com abtshield.com pragmaticbox.com ad.pragmaticbox.com *.tiktok.com *.abtshield.com unpkg.com euob.healthroundprince.com obseu.healthroundprince.com *.chat.getzowie.com core-chat.chatbotize.com rt.inistrack.net app.revhunter.tech cdn.inis360.com; connect-src 'self' *.google-analytics.com *.analytics.google.com *.abtasty.com *.y-track.com *.woosmap.com *.brightcove.com *.brightcovecdn.com *.paypal.com *.braintree-api.com *.braintreegateway.com *.decathlon.net *.decathlon.com *.booxi.eu api.privacy-center.org www.facebook.com *.doubleclick.net bat.bing.com api.booxi.eu bf97725pbp.bf.dynatrace.com *.hotjar.com *.hotjar.io *.oppwa.com oppwa.com *.brightcove.net checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net qanda.decathlon.com booxi-api-be.appspot.com booxi-api.appspot.com sync.commander1.com *.boltdns.net *.akamaihd.net *.contentsquare.net tracking-api-4lasu2nlcq-ew.a.run.app *.googleapis.com wss://*.hotjar.com www.googletagmanager.com via.batch.com ws.batch.com *.dynamicyield.com *.dynamicyield.eu *.klarnaservices.com *.onepay-v2-commons-prod-0ywm.decathlon.io resources.digital-cloud.medallia.eu ubt-lb.digital-cloud.medallia.eu sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com md-scp.kampyle.com resources.digital-cloud-west.medallia.com www.google.com/pay signin.easyence.tech google.com/pay pay.google.com *.creativecdn.com rum.browser-intake-datadoghq.eu session-replay.browser-intake-datadoghq.eu logs.browser-intake-datadoghq.eu logs.browser-intake-datadoghq.com browser-intake-datadoghq.eu second-life-xps.secondlifebff-prod-bkpr.decathlon.io cdn.amplitude.com api.amplitude.com api2.amplitude.com api.stripe.com *.synerise.com proxy.synerise.com *.lamoda.pl ocdn.eu *.fitanalytics.com api-shipx-pl.easypack24.net act-eu.rd.linksynergy.com *.tradedoubler.com appserver-develop.app.inteliwi.se appserver.app.inteliwi.se inteliwise-eu.s3.amazonaws.com *.chatbotize.com *.googleoptimize.com *.oxitpl.com *.trbo.com fpc.decathlon.pl optimize.google.com abtshield.com pragmaticbox.com *.tiktok.com *.criteo.com *.criteo.net adventori.com 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com vjs.zencdn.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ ui.onepay.decathlon.net *.trylive.com sdk.privacy-center.org sdk.woosmap.com www.booxi.eu appmobile-bridge-js.s3-eu-west-1.amazonaws.com ui.onepay-qualification.decathlon.io cdn.tagcommander.com *.facebook.net *.dynatrace.com platform.commandersact.com *.commander1.com *.adnxs.com www.googleadservices.com *.salecycle.com redirect3536.tagcommander.com wurfl.io *.commandersact.com translate.google.com nxtck.com onepay-ui.decathlon.net *.contentsquare.com www.youtube.com *.loadbee.com screencapture.kampyle.com screencapture-cdn.kampyle.com pay.google.com/gp/p/js/pay.js applepay.cdn-apple.com safesizepublic.ucscentral.com creativecdn.com *.dotomi.com pay.datatrans.com view.publitas.com scripts.publitas.com js.stripe.com *.js.stripe.com www.snrcdn.net *.cube-net.org *.cube-net.pub *.decathlon.pl *.facebook.com *.googleadservices.com *.gstatic.com connect.facebook.net *.adform.net *.app.baqend.com *.ceneo.pl *.convertiser.com *.custhelp.com *.easyence.com *.przelewy24.pl *.rtbhouse.com *.searchnode.io *.tagcommander.com *.trustcommander.net *.useinsider.com bht.loyaltypoint.pl brightcove.hs.llnwd.net brightcove.vo.llnwd.net browser.sentry-cdn.com cdn.jsdelivr.net converti.se decathlon.behtar.io pixel.wp.pl s3-eu-west-1.amazonaws.com trustmate.io urldefense.proofpoint.com www.google.com trafficscanner.pl ib.adnxs.com *.adventori.com *.adition.com *.searchnode.net web.snrbox.com synerise.decathlon.pl *.bnpparibas.pl snrlink-page.com ad.pragmaticbox.com *.abtshield.com unpkg.com euob.healthroundprince.com obseu.healthroundprince.com *.chat.getzowie.com core-chat.chatbotize.com rt.inistrack.net app.revhunter.tech cdn.inis360.com data: blob: contents.mediadecathlon.com prod-wt.aws.y-track.com manager.tagcommander.com www.google.es www.google.fr www.google.it www.google.nl www.google.be www.google.pl *.atdmt.com tag.goldenbees.fr *.crm4d.com *.adsrvr.org voucher.decathlon.net apigift.decathlon.com site.booxi.com www.mediadecathlon.com *.mediadecathlon.com adservice.google.com icons.batch.com screencaptue-cdn.kampyle.com cdn-workshop-pop.decathlon.net onepay-widget.decathlon.net bcboltbde696aa-a.akamaihd.net *.tenor.com *.openstreetmap.org *.seadform.net *.trackjs.com inteliwise-client.s3.amazonaws.com mystore.decathlon.com www.google-analytics.com prod-js.aws.y-track.com sync.adotmob.com match.adsrvr.org p.crm4d.com *.snrcdn.net rtb-csync.smartadserver.com simage2.pubmatic.com pixel.rubiconproject.com r.casalemedia.com sync-t1.taboola.com ads.yahoo.com ups.analytics.yahoo.com criteo-sync.teads.tv x.bidswitch.net eb2.3lift.custom sync.outbrain.com contextual.media.net ad.360yield.com cotads.adscale.de s.ad.smaato.net c.bing.com pixel.advertising.com match.sharethrough.com visitor.omnitagjs.com us-u.openx.net sync-criteo.ads.yieldmo.com sp.analytics.yahoo.com idsync.rlcdn.com partner.mediawallahscript.com dis.criteo.com gum.criteo.com ih.adscale.de eb2.3lift.com *.emxdgt.com fonts.googleapis.com storage.googleapis.com/sl-front-xp-bucket-4v-tmoq/account/ storage.googleapis.com/sphere-assets-prod-71-hbfe/ widget.fitanalytics.com customizations.fitanalytics.com fonts.gstatic.com *.decathlon.pt decathlon.pt *.baqend.com www.decathlon.pl ws: secure.brightcove.com *.akafms.net *.youtube.com saas.trylive.com/ site.booxi.eu/ reviews.decathlon.com c.paypal.com checkout.paypal.com www.paypal.com reviews-collect-eu.satisphere.decathlon.net www.pinterest.com hooks.stripe.com; img-src 'self' data: blob: *.decathlon.com *.cube-net.org *.cube-net.pub contents.mediadecathlon.com *.google-analytics.com *.googletagmanager.com *.brightcove.com *.brightcove.net *.brightcovecdn.com *.paypal.com prod-wt.aws.y-track.com manager.tagcommander.com *.googleapis.com *.abtasty.com *.woosmap.com www.facebook.com www.google.com www.google.es www.google.fr www.google.it www.google.nl www.google.be www.google.pl *.doubleclick.net bat.bing.com *.gstatic.com sync.commander1.com *.atdmt.com tag.goldenbees.fr *.crm4d.com *.adsrvr.org *.adnxs.com sdk.privacy-center.org checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net voucher.decathlon.net apigift.decathlon.com site.booxi.com www.mediadecathlon.com *.boltdns.net *.mediadecathlon.com *.contentsquare.net *.googleadservices.com adservice.google.com wss://*.hotjar.com via.batch.com ws.batch.com icons.batch.com *.onepay-v2-commons-prod-0ywm.decathlon.io screencaptue-cdn.kampyle.com resources.digital-cloud.medallia.eu udc-neb.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com cdn-workshop-pop.decathlon.net *.dotomi.com pay.datatrans.com onepay-widget.decathlon.net *.dynamicyield.com *.klarnaservices.com bcboltbde696aa-a.akamaihd.net *.decathlon.pl *.facebook.com *.tenor.com connect.facebook.net *.adform.net *.app.baqend.com *.ceneo.pl *.commander1.com *.commandersact.com *.convertiser.com *.custhelp.com *.easyence.com *.hotjar.com *.hotjar.io *.openstreetmap.org *.przelewy24.pl *.rtbhouse.com *.seadform.net *.tagcommander.com *.trackjs.com *.trustcommander.net *.useinsider.com appmobile-bridge-js.s3-eu-west-1.amazonaws.com brightcove.hs.llnwd.net brightcove.vo.llnwd.net converti.se inteliwise-client.s3.amazonaws.com inteliwise-eu.s3.amazonaws.com mystore.decathlon.com pixel.wp.pl s3-eu-west-1.amazonaws.com trustmate.io ui.onepay-qualification.decathlon.io www.google-analytics.com www.googletagmanager.com www.youtube.com onepay-ui.decathlon.net prod-js.aws.y-track.com trafficscanner.pl sync.adotmob.com match.adsrvr.org p.crm4d.com synerise.decathlon.pl *.bnpparibas.pl *.fitanalytics.com snrlink-page.com *.snrcdn.net *.chatbotize.com rtb-csync.smartadserver.com simage2.pubmatic.com pixel.rubiconproject.com r.casalemedia.com sync-t1.taboola.com ads.yahoo.com ups.analytics.yahoo.com criteo-sync.teads.tv x.bidswitch.net eb2.3lift.custom sync.outbrain.com contextual.media.net ad.360yield.com cotads.adscale.de s.ad.smaato.net c.bing.com pixel.advertising.com match.sharethrough.com visitor.omnitagjs.com us-u.openx.net sync-criteo.ads.yieldmo.com sp.analytics.yahoo.com idsync.rlcdn.com partner.mediawallahscript.com dis.criteo.com gum.criteo.com ih.adscale.de eb2.3lift.com optimize.google.com *.emxdgt.com rt.inistrack.net app.revhunter.tech cdn.inis360.com; style-src 'self' 'unsafe-inline' www.booxi.eu fonts.googleapis.com *.decathlon.com *.oppwa.com oppwa.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.abtasty.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.mediadecathlon.com wss://*.hotjar.com scripts.publitas.com *.klarnacdn.net *.onepay-v2-commons-prod-0ywm.decathlon.io resources.digital-cloud.medallia.eu screencaptue-cdn.kampyle.com nebula-cdn.kampyle.com md-scp.kampyle.com resources.digital-cloud-west.medallia.com second-life-xps.secondlifebff-prod-bkpr.decathlon.io storage.googleapis.com/sl-front-xp-bucket-4v-tmoq/account/ storage.googleapis.com/sphere-assets-prod-71-hbfe/ onepay-widget.decathlon.net pay.datatrans.com *.dynamicyield.com *.dynamicyield.eu www.snrcdn.net *.cube-net.org *.cube-net.pub *.decathlon.pl *.app.baqend.com *.useinsider.com trustmate.io *.lamoda.pl widget.fitanalytics.com customizations.fitanalytics.com *.fitanalytics.com *.chatbotize.com optimize.google.com; font-src 'self' data: *.decathlon.com fonts.gstatic.com *.oppwa.com oppwa.com *.abtasty.com qanda.decathlon.com *.googleapis.com *.gstatic.com *.klarnacdn.net *.onepay-v2-commons-prod-0ywm.decathlon.io resources.digital-cloud.medallia.eu nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com cdn-workshop-pop.decathlon.net second-life-xps.secondlifebff-prod-bkpr.decathlon.io *.dynamicyield.com *.dynamicyield.eu *.decathlon.pt decathlon.pt trafficscanner.pl *.baqend.com www.decathlon.pl *.lamoda.pl *.fitanalytics.com *.chatbotize.com optimize.google.com; object-src view.publitas.com; base-uri 'self'; worker-src 'self' blob: via.batch.com *.cube-net.org *.cube-net.pub *.decathlon.pl ws:; media-src 'self' blob: secure.brightcove.com *.brightcove.com *.brightcove.net *.boltdns.net *.mediadecathlon.com *.criteo.com bcboltbde696aa-a.akamaihd.net *.akafms.net *.akamaihd.net *.cube-net.org *.cube-net.pub *.decathlon.com *.decathlon.pl brightcove.hs.llnwd.net brightcove.vo.llnwd.net data: optimize.google.com; frame-src 'self' *.youtube.com www.google.com/recaptcha/ saas.trylive.com/ site.booxi.eu/ reviews.decathlon.com www.facebook.com *.doubleclick.net *.atdmt.com c.paypal.com checkout.paypal.com www.paypal.com *.hotjar.com *.oppwa.com oppwa.com *.brightcove.net checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com qanda.decathlon.com reviews-collect-eu.satisphere.decathlon.net *.mediadecathlon.com view.publitas.com www.pinterest.com *.abtasty.com *.decathlon.net wss://*.hotjar.com screencapture.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud.medallia.eu resources.digital-cloud-west.medallia.com pay.google.com safesizepublic.ucscentral.com *.klarnaservices.com creativecdn.com *.creativecdn.com pay.datatrans.com js.stripe.com *.js.stripe.com hooks.stripe.com *.cube-net.org *.cube-net.pub *.decathlon.com *.decathlon.pl *.dynatrace.com *.facebook.com *.adform.net *.custhelp.com *.hotjar.io *.tagcommander.com *.useinsider.com converti.se www.youtube.com www.google.com *.paypal.com *.bnpparibas.pl *.tradedoubler.com *.chatbotize.com *.criteo.com *.chat.getzowie.com core-chat.chatbotize.com rt.inistrack.net app.revhunter.tech cdn.inis360.com; frame-ancestors 'self' *.cube-net.org *.cube-net.pub *.decathlon.com *.decathlon.pl *.facebook.com; | Good | Control resources the user agent is allowed to load for a given page. Click to learn more... |
| Referrer-Policy | no-referrer-when-downgrade | Good | Control how much referrer information should be included with requests. Click to learn more... |
| Clear-Site-Data | — | Good | Control the data stored by a client browser for their origins. Click to learn more... |
| X-Permitted-Cross-Domain-Policies | master-only | Good | Control whether a web client such as Adobe Flash Player or Adobe Acrobat has permission to handle data across domains. Click to learn more... |
| Permissions-Policy | — | New | Allow and deny the use of browser features in a document or iframe. Click to learn more... |
| Cross-Origin-Embedder-Policy | — | New | Configure embedding cross-origin resources into the document. Click to learn more... |
| Cross-Origin-Opener-Policy | — | New | Ensure a top-level document does not share a browsing context group with cross-origin documents. Click to learn more... |
| Cross-Origin-Resource-Policy | — | New | Request that the browser blocks no-cors cross-origin/cross-site requests to the given resource. Click to learn more... |
| X-XSS-Protection | 1; mode=block | Deprecated | Deprecated. Stops pages from loading when they detect reflected cross-site scripting (XSS) attacks. Click to learn more... |
| Feature-Policy | — | Deprecated | Deprecated. Replaced by the Permissions-Policy header. Click to learn more... |
| Expect-CT | — | Deprecated | Deprecated. Opt in to reporting and/or enforcement of Certificate Transparency requirements. Click to learn more... |
| Public-Key-Pins | — | Deprecated | Deprecated. Allows HTTPS websites to resist impersonation by attackers using mis-issued or otherwise fraudulent certificates. Click to learn more... |
Security Violations · 0 found
Requests or resources offending security policies
Certificates · 2 found
SSL/TLS Certificates enable websites to encrypt transactions between the client and the server and provide server identity verification
| Subject | Issue date | Expiry date |
|---|---|---|
| www.decathlon.pl | Sep 27, 2024, 14:34:51 | Dec 26, 2024, 14:34:50 |
| wedia-group.com | Sep 30, 2024, 11:02:34 | Dec 29, 2024, 11:02:33 |