Content-Security-Policy Analysis for https://apps-qa.instructure.com

Open Cached · just now

15 directives

Content-Security-Policy

Content-Security-Policy: default-src 'self' instructure.okta.com *.oktacdn.com; connect-src 'self' instructure.okta.com instructure-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com instructure.kerberos.okta.com instructure.mtls.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: *.ingest.sentry.io; script-src 'unsafe-inline' 'nonce-qEtsakqD3CxIngHRLVY7vw' 'unsafe-eval' 'self' 'report-sample' instructure.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'self' 'report-sample' instructure.okta.com *.oktacdn.com; frame-src 'self' instructure.okta.com instructure-admin.okta.com login.okta.com *.vidyard.com com-okta-authenticator:; img-src 'self' instructure.okta.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: blob:; font-src 'self' instructure.okta.com data: *.oktacdn.com fonts.gstatic.com
Content-Security-Policy-Report-Only: default-src 'self' instructure.okta.com *.oktacdn.com; connect-src 'self' instructure.okta.com instructure-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com instructure.kerberos.okta.com instructure.mtls.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: *.ingest.sentry.io; script-src 'unsafe-inline' 'nonce-qEtsakqD3CxIngHRLVY7vw' 'unsafe-eval' 'self' 'report-sample' instructure.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'nonce-qEtsakqD3CxIngHRLVY7vw' 'self' 'report-sample' instructure.okta.com *.oktacdn.com; frame-src 'self' instructure.okta.com instructure-admin.okta.com login.okta.com *.vidyard.com com-okta-authenticator:; img-src 'self' instructure.okta.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com *.vidyard.com data: blob:; font-src 'self' instructure.okta.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' https://apps-qa.instructure.com

default-src Keyword —

'self'

default-src Host

Okta

instructure.okta.com

default-src Host —

*.oktacdn.com

connect-src Keyword —

'self'

connect-src Host

Okta

instructure.okta.com

connect-src Host

Okta

instructure-admin.okta.com

connect-src Host —

*.oktacdn.com

connect-src Host

Mixpanel

*.mixpanel.com

ASN | Google Cloud

connect-src Host

Mapbox

*.mapbox.com

connect-src Host

Okta

instructure.kerberos.okta.com

connect-src Host

Okta

instructure.mtls.okta.com

connect-src Host —

*.authenticatorlocalprod.com:8769

connect-src Host —

http://localhost:8769

connect-src Host —

http://127.0.0.1:8769

connect-src Host —

*.authenticatorlocalprod.com:65111

connect-src Host —

http://localhost:65111

connect-src Host —

http://127.0.0.1:65111

connect-src Host —

*.authenticatorlocalprod.com:65121

connect-src Host —

http://localhost:65121

connect-src Host —

http://127.0.0.1:65121

connect-src Host —

*.authenticatorlocalprod.com:65131

connect-src Host —

http://localhost:65131

connect-src Host —

http://127.0.0.1:65131

connect-src Host —

*.authenticatorlocalprod.com:65141

connect-src Host —

http://localhost:65141

connect-src Host —

http://127.0.0.1:65141

connect-src Host —

*.authenticatorlocalprod.com:65151

connect-src Host —

http://localhost:65151

connect-src Host —

http://127.0.0.1:65151

connect-src Host

Okta

https://oinmanager.okta.com

connect-src Scheme —

data:

connect-src Host

Sentry

*.ingest.sentry.io

script-src Keyword —

'unsafe-inline'

script-src Nonce —

'nonce-qEtsakqD3CxIngHRLVY7vw'

script-src Keyword —

'unsafe-eval'

script-src Keyword —

'self'

script-src Keyword —

'report-sample'

script-src Host

Okta

instructure.okta.com

script-src Host —

*.oktacdn.com

style-src Keyword —

'unsafe-inline'

style-src Keyword —

'self'

style-src Keyword —

'report-sample'

style-src Host

Okta

instructure.okta.com

style-src Host —

*.oktacdn.com

frame-src Keyword —

'self'

frame-src Host

Okta

instructure.okta.com

frame-src Host

Okta

instructure-admin.okta.com

frame-src Host

Okta

login.okta.com

frame-src Host

Vidyard

*.vidyard.com

ASN | Cloudflare

frame-src Scheme —

com-okta-authenticator:

img-src Keyword —

'self'

img-src Host

Okta

instructure.okta.com

img-src Host —

*.oktacdn.com

img-src Host

Mapbox

*.tiles.mapbox.com

img-src Host

Mapbox

*.mapbox.com

img-src Host

Vidyard

*.vidyard.com

ASN | Cloudflare

img-src Scheme —

data:

img-src Scheme —

blob:

font-src Keyword —

'self'

font-src Host

Okta

instructure.okta.com

font-src Scheme —

data:

font-src Host —

*.oktacdn.com

font-src Host

Google Fonts

fonts.gstatic.com

Content-Security-Policy-Report-Only

default-src Keyword —

'self'

default-src Host

Okta

instructure.okta.com

default-src Host —

*.oktacdn.com

connect-src Keyword —

'self'

connect-src Host

Okta

instructure.okta.com

connect-src Host

Okta

instructure-admin.okta.com

connect-src Host —

*.oktacdn.com

connect-src Host

Mixpanel

*.mixpanel.com

ASN | Google Cloud

connect-src Host

Mapbox

*.mapbox.com

connect-src Host

Okta

instructure.kerberos.okta.com

connect-src Host

Okta

instructure.mtls.okta.com

connect-src Host —

*.authenticatorlocalprod.com:8769

connect-src Host —

http://localhost:8769

connect-src Host —

http://127.0.0.1:8769

connect-src Host —

*.authenticatorlocalprod.com:65111

connect-src Host —

http://localhost:65111

connect-src Host —

http://127.0.0.1:65111

connect-src Host —

*.authenticatorlocalprod.com:65121

connect-src Host —

http://localhost:65121

connect-src Host —

http://127.0.0.1:65121

connect-src Host —

*.authenticatorlocalprod.com:65131

connect-src Host —

http://localhost:65131

connect-src Host —

http://127.0.0.1:65131

connect-src Host —

*.authenticatorlocalprod.com:65141

connect-src Host —

http://localhost:65141

connect-src Host —

http://127.0.0.1:65141

connect-src Host —

*.authenticatorlocalprod.com:65151

connect-src Host —

http://localhost:65151

connect-src Host —

http://127.0.0.1:65151

connect-src Host

Okta

https://oinmanager.okta.com

connect-src Scheme —

data:

connect-src Host

Sentry

*.ingest.sentry.io

script-src Keyword —

'unsafe-inline'

script-src Nonce —

'nonce-qEtsakqD3CxIngHRLVY7vw'

script-src Keyword —

'unsafe-eval'

script-src Keyword —

'self'

script-src Keyword —

'report-sample'

script-src Host

Okta

instructure.okta.com

script-src Host —

*.oktacdn.com

style-src Keyword —

'unsafe-inline'

style-src Nonce —

'nonce-qEtsakqD3CxIngHRLVY7vw'

style-src Keyword —

'self'

style-src Keyword —

'report-sample'

style-src Host

Okta

instructure.okta.com

style-src Host —

*.oktacdn.com

frame-src Keyword —

'self'

frame-src Host

Okta

instructure.okta.com

frame-src Host

Okta

instructure-admin.okta.com

frame-src Host

Okta

login.okta.com

frame-src Host

Vidyard

*.vidyard.com

ASN | Cloudflare

frame-src Scheme —

com-okta-authenticator:

img-src Keyword —

'self'

img-src Host

Okta

instructure.okta.com

img-src Host —

*.oktacdn.com

img-src Host

Mapbox

*.tiles.mapbox.com

img-src Host

Mapbox

*.mapbox.com

img-src Host

Vidyard

*.vidyard.com

ASN | Cloudflare

img-src Scheme —

data:

img-src Scheme —

blob:

font-src Keyword —

'self'

font-src Host

Okta

instructure.okta.com

font-src Scheme —

data:

font-src Host —

*.oktacdn.com

font-src Host

Google Fonts

fonts.gstatic.com

frame-ancestors Keyword —

'self'

frame-ancestors Host —

https://apps-qa.instructure.com