Protocols
TLS 1.3	Yes
TLS 1.2	Yes*
TLS 1.1	No
TLS 1.0	No
SSL 3	No
SSL 2	No
(*) Experimental: Server negotiated using No-SNI

Cipher Suites
# TLS 1.3 (suites in server-preferred order)
TLS_AES_128_GCM_SHA256 (0x1301)   ECDH x25519 (eq. 3072 bits RSA)   FS	128
TLS_AES_256_GCM_SHA384 (0x1302)   ECDH x25519 (eq. 3072 bits RSA)   FS	256
TLS_CHACHA20_POLY1305_SHA256 (0x1303)   ECDH x25519 (eq. 3072 bits RSA)   FS	256P
# TLS 1.2 (suites in server-preferred order)
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)   ECDH x25519 (eq. 3072 bits RSA)   FS	256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)   ECDH x25519 (eq. 3072 bits RSA)   FS	128
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)   ECDH x25519 (eq. 3072 bits RSA)   FS	256
(P) This server prefers ChaCha20 suites with clients that don't have AES-NI (e.g., Android devices)

Handshake Simulation
Android 4.4.2	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
Android 5.0.0	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
Android 6.0	RSA 2048 (SHA256)	TLS 1.2 > http/1.1	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
Android 7.0	RSA 2048 (SHA256)	TLS 1.2 > h2	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256   ECDH x25519  FS
Android 8.0	RSA 2048 (SHA256)	TLS 1.2 > h2	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256   ECDH x25519  FS
Android 8.1	-	TLS 1.3	TLS_AES_128_GCM_SHA256   ECDH x25519  FS
Android 9.0	-	TLS 1.3	TLS_AES_128_GCM_SHA256   ECDH x25519  FS
BingPreview Jan 2015	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
Chrome 49 / XP SP3	RSA 2048 (SHA256)	TLS 1.2 > h2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
Chrome 69 / Win 7  R	RSA 2048 (SHA256)	TLS 1.2 > h2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH x25519  FS
Chrome 70 / Win 10	-	TLS 1.3	TLS_AES_128_GCM_SHA256   ECDH x25519  FS
Chrome 80 / Win 10  R	-	TLS 1.3	TLS_AES_128_GCM_SHA256   ECDH x25519  FS
Firefox 31.3.0 ESR / Win 7	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
Firefox 47 / Win 7  R	RSA 2048 (SHA256)	TLS 1.2 > h2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
Firefox 49 / XP SP3	RSA 2048 (SHA256)	TLS 1.2 > h2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
Firefox 62 / Win 7  R	RSA 2048 (SHA256)	TLS 1.2 > h2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH x25519  FS
Firefox 73 / Win 10  R	-	TLS 1.3	TLS_AES_128_GCM_SHA256   ECDH x25519  FS
Googlebot Feb 2018	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH x25519  FS
IE 11 / Win 7  R	Server sent fatal alert: handshake_failure
IE 11 / Win 8.1  R	Server sent fatal alert: handshake_failure
IE 11 / Win Phone 8.1  R	Server sent fatal alert: handshake_failure
IE 11 / Win Phone 8.1 Update  R	Server sent fatal alert: handshake_failure
IE 11 / Win 10  R	RSA 2048 (SHA256)	TLS 1.2 > h2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
Edge 15 / Win 10  R	RSA 2048 (SHA256)	TLS 1.2 > h2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH x25519  FS
Edge 16 / Win 10  R	RSA 2048 (SHA256)	TLS 1.2 > h2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH x25519  FS
Edge 18 / Win 10  R	RSA 2048 (SHA256)	TLS 1.2 > h2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH x25519  FS
Edge 13 / Win Phone 10  R	RSA 2048 (SHA256)	TLS 1.2 > h2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
Java 8u161	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
Java 11.0.3	-	TLS 1.3	TLS_AES_128_GCM_SHA256   ECDH secp256r1  FS
Java 12.0.1	-	TLS 1.3	TLS_AES_128_GCM_SHA256   ECDH secp256r1  FS
OpenSSL 1.0.1l  R	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
OpenSSL 1.0.2s  R	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
OpenSSL 1.1.0k  R	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256   ECDH x25519  FS
OpenSSL 1.1.1c  R	-	TLS 1.3	TLS_AES_128_GCM_SHA256   ECDH x25519  FS
Safari 6 / iOS 6.0.1	Server sent fatal alert: handshake_failure
Safari 7 / iOS 7.1  R	Server sent fatal alert: handshake_failure
Safari 7 / OS X 10.9  R	Server sent fatal alert: handshake_failure
Safari 8 / iOS 8.4  R	Server sent fatal alert: handshake_failure
Safari 8 / OS X 10.10  R	Server sent fatal alert: handshake_failure
Safari 9 / iOS 9  R	RSA 2048 (SHA256)	TLS 1.2 > h2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
Safari 9 / OS X 10.11  R	RSA 2048 (SHA256)	TLS 1.2 > h2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
Safari 10 / iOS 10  R	RSA 2048 (SHA256)	TLS 1.2 > h2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
Safari 10 / OS X 10.12  R	RSA 2048 (SHA256)	TLS 1.2 > h2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
Safari 12.1.2 / MacOS 10.14.6 Beta  R	-	TLS 1.3	TLS_CHACHA20_POLY1305_SHA256   ECDH x25519  FS
Safari 12.1.1 / iOS 12.3.1  R	-	TLS 1.3	TLS_CHACHA20_POLY1305_SHA256   ECDH x25519  FS
Apple ATS 9 / iOS 9  R	RSA 2048 (SHA256)	TLS 1.2 > h2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
Yahoo Slurp Jan 2015	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
YandexBot Jan 2015	RSA 2048 (SHA256)	TLS 1.2	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   ECDH secp256r1  FS
# Not simulated clients (Protocol mismatch)
Android 2.3.7   No SNI 2	Protocol mismatch (not simulated)
Android 4.0.4	Protocol mismatch (not simulated)
Android 4.1.1	Protocol mismatch (not simulated)
Android 4.2.2	Protocol mismatch (not simulated)
Android 4.3	Protocol mismatch (not simulated)
Baidu Jan 2015	Protocol mismatch (not simulated)
IE 6 / XP   No FS 1   No SNI 2	Protocol mismatch (not simulated)
IE 7 / Vista	Protocol mismatch (not simulated)
IE 8 / XP   No FS 1   No SNI 2	Protocol mismatch (not simulated)
IE 8-10 / Win 7  R	Protocol mismatch (not simulated)
IE 10 / Win Phone 8.0	Protocol mismatch (not simulated)
Java 6u45   No SNI 2	Protocol mismatch (not simulated)
Java 7u25	Protocol mismatch (not simulated)
OpenSSL 0.9.8y	Protocol mismatch (not simulated)
Safari 5.1.9 / OS X 10.6.8	Protocol mismatch (not simulated)
Safari 6.0.4 / OS X 10.8.4  R	Protocol mismatch (not simulated)
Click here to expand
(1) Clients that do not support Forward Secrecy (FS) are excluded when determining support for it.
(2) No support for virtual SSL hosting (SNI). Connects to the default site if the server uses SNI.
(3) Only first connection attempt simulated. Browsers sometimes retry with a lower protocol version.
(R) Denotes a reference browser or client, with which we expect better effective security.
(All) We use defaults, but some platforms do not use their best protocols and features (e.g., Java 6 & 7, older IE).
(All) Certificate trust is not checked in handshake simulation, we only perform TLS handshake.

Protocol Details
Secure Renegotiation	Supported
Secure Client-Initiated Renegotiation	No
Insecure Client-Initiated Renegotiation	No
BEAST attack	Mitigated server-side (more info)
POODLE (SSLv3)	No, SSL 3 not supported (more info)
POODLE (TLS)	No (more info)
Zombie POODLE	No (more info)
GOLDENDOODLE	No (more info)
OpenSSL 0-Length	No (more info)
Sleeping POODLE	No (more info)
Downgrade attack prevention	Yes, TLS_FALLBACK_SCSV supported (more info)
SSL/TLS compression	No
RC4	No
Heartbeat (extension)	No
Heartbleed (vulnerability)	No (more info)
Ticketbleed (vulnerability)	No (more info)
OpenSSL CCS vuln. (CVE-2014-0224)	No (more info)
OpenSSL Padding Oracle vuln. (CVE-2016-2107)	No (more info)
ROBOT (vulnerability)	No (more info)
Forward Secrecy	Yes (with most browsers)   ROBUST (more info)
ALPN	Yes   h2 http/1.1
NPN	No
Session resumption (caching)	Yes
Session resumption (tickets)	Yes
OCSP stapling	No
Strict Transport Security (HSTS)	Yes max-age=31557600
HSTS Preloading	Not in: Chrome  Edge  Firefox  IE
Public Key Pinning (HPKP)	No (more info)
Public Key Pinning Report-Only	No
Public Key Pinning (Static)	No (more info)
Long handshake intolerance	No
TLS extension intolerance	No
TLS version intolerance	No
Incorrect SNI alerts	No
Uses common DH primes	No, DHE suites not supported
DH public server param (Ys) reuse	No, DHE suites not supported
ECDH public server param reuse	No
Supported Named Groups	x25519, secp256r1, secp384r1 (server preferred order)
SSL 2 handshake compatibility	No
0-RTT enabled	No

HTTP Requests

1 https://www.hammer-fitness.nl/  (HTTP/1.1 200 OK)
1
	Connection	close
	Content-Length	385899
	traceresponse	00-187af18786a30db21754e597cc7ae1a7-9cdbef85d684354f-01
	expires	Tue, 25 Nov 2025 12:36:08 GMT
	x-platform-server	i-018a343204ced6b25
	x-platform-server	i-018a343204ced6b25
	x-frame-options	SAMEORIGIN
	x-content-type-options	nosniff
	x-timer	S1763987768.451198,VS0,VE1410
	content-type	text/html; charset=UTF-8
	x-xss-protection	1; mode=block
	content-security-policy-report-only	style-src-elem w.vi.skadtec.com euc-widget.freshworks.com tags.srv.stackadapt.com static-tracking.klaviyo.com maxcdn.bootstrapcdn.com *.klarnaservices.com x.klarnacdn.net fonts.googleapis.com 'self' 'unsafe-inline' ff.kis.v2.scr.kaspersky-labs.com gc.kis.v2.scr.kaspersky-labs.com me.kis.v2.scr.kaspersky-labs.com static.trbo.com static.klaviyo.com cdn.jsdelivr.net; script-src-elem www.ladenzeile.de 3001.scriptcdn.net pix.hyj.mobi www.hammer.de euc-widget.freshworks.com t.adcell.com pagead2.googlesyndication.com connect.facebook.net analytics.tiktok.com collect.bannercrowd.net containertags.belboon.com bat.bing.com cdn.alevco.de neso.r.niwepa.com pluto.r.powuta.com s.kk-resources.com unpkg.com cdn-quick-ar.threedy.ai hammersport.trafft.com www.googletagmanager.com *.klarnaservices.com commerce.adobedtm.com maps.googleapis.com magento-recs-sdk.adobe.net *.cptrack.de secure.pay1.de www.google.com *.gstatic.com d.ratepay.com *.payments-amazon.com static-tracking.klaviyo.com static.klaviyo.com l.ecn-ldr.de *.trbo.com *.usercentrics.eu *.hammer.de www.googleadservices.com widgets.trustedshops.com *.ad-srv.net x.klarnacdn.net containertags.belboon.de *.hotjar.com *.adform.net ai.trk42.net *.retargeted.co pikkasrv.com analytics.bestofluck.io *.gsitrix.com tags.srv.stackadapt.com 'self' 'unsafe-inline' [Filtered]: app.usercentrics.eu blob: cdn.adt357.net cdn.jsdelivr.net content.cptrack.de eu-library.klarnaservices.com ff.kis.v2.scr.kaspersky-labs.com gc.kis.v2.scr.kaspersky-labs.com googleads.g.doubleclick.net infird.com me.kis.v2.scr.kaspersky-labs.com portal.threedy.ai secured-pixel.com static-na.payments-amazon.com static.getback.ch tm.ad-srv.net tm704.ad-srv.net tm710.ad-srv.net tm716.ad-srv.net tm717.ad-srv.net track.adform.net ubaslome.maynhtml.com valuesportal.com www.getback.ch www.google-analytics.com xeldurap.peazheut.com *.newrelic.com trk.cytelligence.io www.youtube.com rast.hammer-fitness.at bat.bing-int.com; font-src fonts.gstatic.com use.typekit.net https://fonts.gstatic.com *.gstatic.com data: ray.st w.vi.skadtec.com account.affilitizer.com cdn.scite.ai moz-extension: *.klarnacdn.net http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io d3dc1lgancj6l0.cloudfront.net *.fontawesome.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.facebook.com http://*.facebook.com https://*.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com www.hammer-fitness.at www.hammer-fitness.ch www.hammer-fitness.be www.hammer-fitness.nl www.hammer.de 'self' 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de browserstart.org link.shoplooks.com osak.com r.secprf2.com qimp.net hammer-fitness.at bat.bing.com vently.com tatrck.com monetoad.com de.kweriee.com as.ad4m.at yaketar.com findarios.com *.ddev.site jsctool.com *.sendinblue.com sibautomation.com *.trbo.com containertags.belboon.com roxxtraxx.de *.ad-srv.net td.doubleclick.net pluto.r.powuta.com hammersport.trafft.com r.adserver01.de player.flipsnack.com nakoona.com ptclk.com www.linkbux.com neso.r.niwepa.com r.linksprf.com hammer.de oponas.com t.adcell.com bcsgsrv.com hammer-fitness.ch adnx.de quick-ar.threedy.ai www.facebook.com hammer-fitness.nl c1.adform.net such.de caclk.com osm.klarnaservices.com t.hammer.de 127.0.0.1:20489 admin.rewardoo.com affiliate.grabasaving.com atlas.r.akipam.com browsak.com clcktrck.com discountheld.de duertry.com everydaysi.com gateway.zscloud.net go.adt246.net hipodi.com janus.r.jakuli.com r.perfsimpl.com rast.hammer.de shopbuttler.com support.google.com vently.org www.hammer.de www.pickalink.com www.searchfor.org xgs.bdo.gi:8090 yazary.com *.klarna.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.google.com/ http://*.facebook.com https://*.facebook.com secure.pay1.de payments.amazon.de www.jsctool.com js.playground.klarna.com www.xtento.com https://recaptcha.google.com/recaptcha/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.ftcdn.net *.behance.net *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com files.shoop.de www.google.pl www.google.nl www.google.dk www.google.lu www.google.com.hk www.google.mk www.google.ch www.google.no www.google.pt www.google.it www.google.es www.google.ae www.google.co.in www.google.com.bo *.ddev.site *.hammer.de *.hammer-fitness.at *.hammer-fitness.ch *.hammer-traning.se *.trbo.com widgets.trustedshops.com ai.trk42.net *.usercentrics.eu www.zenaps.com www.facebook.com bat.bing.net x.bidswitch.net bat.bing.com *.casalemedia.com www.google.de region1.analytics.google.com neso.r.niwepa.com s.ad.smaato.net pixel.rubiconproject.com sync.outbrain.com e1.emxdgt.com lh3.ggpht.com pluto.r.powuta.com translate.google.com www.hammerworkouts.de stats.g.doubleclick.net www.google.se w.vi.skadtec.com www.google.at server.seadform.net www.google.co.uk ad.yieldlab.net ih.adscale.de *.pubmatic.com *.openx.net *.adform.net *.smartadserver.com *.connectad.io *.loopme.me *.360yield.com *.1rx.io router.infolinks.com *.rmp.rakuten.com *.doubleclick.net unsafe-inline s.c.appier.net capi.connatix.com api.qrserver.com cdn.retailads.net cdn.valuesportal.com cnv.adt644.net connect.facebook.net d3k81ch9hvuctc.cloudfront.net dsum-sec.casalemedia.com lh3.google.com lh3.googleusercontent.com mitarchive.info my.productfruits.com ncr.preqservices.com s.kelkoogroup.net s3-eu-central-1.amazonaws.com st-filebanking.igstatic.com static.wixstatic.com t.adcell.com www.econda-monitor.de www.google.ba www.google.be www.google.bg www.google.ca www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.za www.google.com.au www.google.com.br www.google.com.do www.google.com.eg www.google.com.gi www.google.com.lb www.google.com.na www.google.com.om www.google.com.ph www.google.com.pk www.google.com.py www.google.com.tw www.google.com.ua www.google.com.vn www.google.cz www.google.ee www.google.fi www.google.fr www.google.gr www.google.hr www.google.hu www.google.ie www.google.jo www.google.li www.google.lt www.google.md www.google.ro www.google.rs www.google.ru www.google.si www.google.sk www.google.sn www.google.tn magefan.com cm.magefan.com maps.gstatic.com *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io http://*.linkedin.com https://*.linkedin.com http://*.facebook.com https://*.facebook.com http://www.google.com/ https://www.google.com/ http://www.google.de/ https://www.google.de/ https://www.googletagmanager.com http://www.googletagmanager.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com https://widgets.trustedshops.com/ cdn.pay1.de x.klarnacdn.net *.cloudfront.net m.media-amazon.com *.disqus.com https://img.youtube.com www.xtento.com cdn.xtento.com sync.inmobi.com blob: www.hammer-fitness.nl www.google.com.tr *.google-analytics.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de hammersport.trafft.com *.ddev.site *.hammer.de *.hammer-fitness.at *.hammer-fitness.ch *.hammer-traning.se *.sendinblue.com sibautomation.com *.emailsys1a.net *.trbo.com *.usercentrics.eu widgets.trustedshops.com content.cptrack.de t.adcell.com l.ecn-ldr.de containertags.belboon.de *.adform.net ai.trk42.net s.retargeted.co pix.hyj.mobi pikkasrv.com analytics.bestofluck.io *.gsitrix.com *.ad-srv.net trk.cytelligence.io tags.srv.stackadapt.com qvdt3feo.com cdn.alevco.de neso.r.niwepa.com pluto.r.powuta.com analytics.tiktok.com bat.bing.com collect.bannercrowd.net containertags.belboon.com connect.facebook.net cdn-quick-ar.threedy.ai s.kk-resources.com unsafe-inline bat.bing-int.com blob: cdn.adt357.net cdn.jsdelivr.net portal.threedy.ai static.getback.ch unpkg.com valuesportal.com www.getback.ch maps.googleapis.com *.klarna.com *.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://connect.facebook.net/ https://snap.licdn.com/li.lms-analytics/insight.min.js http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net api.userlike.com http://www.google.com/recaptcha/ https://widgets.trustedshops.com/ secure.pay1.de d.ratepay.com static-eu.payments-amazon.com x.klarnacdn.net cdn.klarna.com jsctool.com d.payla.io *.disqus.com *.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com tags.srv.stackadapt.com euc-widget.freshworks.com static-tracking.klaviyo.com *.klarnacdn.net https://static.klaviyo.com *.fontawesome.com d.ratepay.com d.payla.io dr.payla.io *.googleapis.com *.google.com *.gstatic.com maxcdn.bootstrapcdn.com static.trbo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com w.vi.skadtec.com www.hammerworkouts.de data: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.googleapis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.ddev.site *.hammer.de *.hammer-fitness.at *.hammer-fitness.ch *.hammer-traning.se *.sendinblue.com sibautomation.com maps.googleapis.com *.usercentrics.eu *.econda-monitor.de t.adcell.com *.gsitrix.com analytics.bestofluck.io tags.srv.stackadapt.com bat.bing.net bat.bing.com region1.analytics.google.com www.google.se stats.g.doubleclick.net region1.google-analytics.com analytics.tiktok.com api.retargeted.co www.facebook.com quick-ar.threedy.ai static.trbo.com api.bannercrowd.net s.kelkoogroup.net www.google.com euc-widget.freshworks.com api-js.datadome.co api.killadsapi.com salesviewer.org api.global-data-lab.com api.solarspireconsulting.com hammer.freshdesk.com api.datacloudstat.com api.socialsolutionapp.com adtonus.com api.adtraction.net api.ipify.org api.smartblocker.org api.trustedshops.com api.video-adblock.com blob: cnv.adt644.net code.jquery.com data: go.adt246.net my.productfruits.com ncrfiles.s3.us-central-1.wasabisys.com overbridgenet.com rktds.net update.adblock360.org www.google.dk www.google.no api.qrserver.com cdn.retailads.net cdn.valuesportal.com connect.facebook.net d3k81ch9hvuctc.cloudfront.net dsum-sec.casalemedia.com googleads.g.doubleclick.net lh3.google.com lh3.googleusercontent.com mitarchive.info ncr.preqservices.com s3-eu-central-1.amazonaws.com st-filebanking.igstatic.com static.wixstatic.com www.econda-monitor.de www.google.ba www.google.be www.google.bg www.google.ca www.google.co.kr www.google.co.ma www.google.co.nz www.google.co.th www.google.co.za www.google.com.au www.google.com.br www.google.com.do www.google.com.eg www.google.com.gi www.google.com.lb www.google.com.na www.google.com.om www.google.com.ph www.google.com.pk www.google.com.py www.google.com.tw www.google.com.ua www.google.com.vn www.google.cz www.google.ee www.google.fi www.google.fr www.google.gr www.google.hr www.google.hu www.google.ie www.google.jo www.google.li www.google.lt www.google.md www.google.ro www.google.rs www.google.ru www.google.si www.google.sk www.google.sn www.google.tn x.bidswitch.net *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com http://salesviewer.org/ userlike-cdn-widgets.s3-eu-west-1.amazonaws.com payments.amazon.de payments-eu.amazon.com d.ratepay.com jsctool.com eu.playground.klarnaevt.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com bat.bing-int.com analytics-ipv6.tiktokw.us google.com https://www.google.com/recaptcha/ 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';
	x-debug-info	eyJyZXRyaWVzIjowfQ==
	pragma	cache
	Accept-Ranges	bytes
	Age	199
	Date	Mon, 24 Nov 2025 12:39:29 GMT
	X-Served-By	cache-fra-eddf8230098-FRA, cache-fra-eddf8230160-FRA, cache-bur-kbur8200036-BUR
	X-Cache	MISS, HIT, MISS
	X-Cache-Hits	0, 1, 0
	Cache-Control	no-store, no-cache, must-revalidate, max-age=0
	Vary	Accept-Encoding,Cookie
	Strict-Transport-Security	max-age=31557600

Miscellaneous
Test date	Mon, 24 Nov 2025 12:39:21 UTC
Test duration	44.916 seconds
HTTP status code	200
HTTP server signature	-
Server hostname	-