Open
Cached
·
just now
30
directives
Content-Security-Policy
Content-Security-Policy: frame-ancestors 'self' https://*.azure.com https://*.dynamics.com https://*.microsoft.com https://*.office.com https://*.powerapps.com https://*.powerappsportals.com https://*.powerautomate.com https://*.powerbi.com https://*.powerplatform.com https://*.powerva.microsoft.com https://*.sharepoint.com https://*.spoppe.com https://copilotstudio.preview.microsoft.com https://teams.cloud.microsoft https://teams.microsoft.com https://*.cloud.microsoft; manifest-src 'self' https://*.powerapps.com https://make.preview.powerapps.com https://make.powerapps.com https://*.dynamics.com; style-src 'self' 'unsafe-inline' https://*.content.powerapps.com https://*.static.powerapps.com https://vsa.services.microsoft.com https://*.services.microsoft.com; img-src 'self' blob: data: *; font-src 'self' https://*.cdn.office.net https://*.content.powerapps.com https://*.microsoft.com https://*.sharepointonline.com https://*.static.powerapps.com https://content.powerapps.com https://fonts.gstatic.com https://static.powerapps.com https://use.typekit.net/ https://vsa.services.microsoft.com data:; base-uri 'self'; worker-src 'self' blob:; media-src 'none'; object-src 'none'; form-action https://*.dynamics.com https://*.mcas.ms; frame-src https://*.access.mcas.ms https://*.ces.microsoftcloud.com https://*.dynamics.com https://*.microsoft.com https://*.msidentity.com https://*.office.com https://*.powerapps.com https://*.powerautomate.com https://*.powerbi.com https://*.preview.powerappsportals.com https://*.sharepoint.com https://*.windows.net https://amcdn.msftauth.net https://login.microsoftonline.com https://make.gov.powerapps.us https://microsoft.onmicrosoft-com.access.mcas.ms https://www.yammer.com https://www.youtube.com https://yammer.com https://athena-ui.trafficmanager.net https://*.vo.msecnd.net https://app-gen-proxy-api.azure-api.net https://frwusappgen.azure-api.net; script-src 'self' blob: 'unsafe-eval' https://*.azure.com https://*.cdn.office.net https://*.content.powerapps.com https://*.microsoft.com https://*.msftauth.net https://*.office365.com https://*.powerapps.com https://*.static.powerapps.com https://login.microsoftonline.com https://make.gov.powerapps.us https://make.powerapps.com https://www.youtube.com 'sha256-7/tGvenYqqFJBrpOBXB/3zJCx68M/0pr/RL2YLeDQL4=' 'sha256-HJxn72LTLJMPGsE+oNGolGTmMzipPKn6pEgaGJHBVeA=' 'sha256-SLBhg/3E0nZKlCQvsNyJznePAqCPUJXeoyiIiFbKnzk=' 'sha256-Y8ROvxe2EtM+CP6juXdpZrzRfG2REm4jAfvSebn7pGU='; default-src 'self' https://*.content.powerapps.com https://*.static.powerapps.com https://content.powerapps.com https://static.powerapps.com; connect-src 'self' blob: data: https://*.azure-apihub.net https://*.azure-api.net https://*.azure.com https://*.azure-apim.net https://*.blob.core.windows.net https://*.clarity.ms https://*.crm.dynamics.com https://*.botframework.com https://*.cloud.microsoft https://*.dynamics.com https://*.live.com https://*.microsoft.com https://*.microsoftcloud.com https://*.msedge.net https://*.msn.com https://*.office.com https://*.cdn.office.net https://*.office365.com https://*.officeppe.com https://*.powerapps.com https://*.powerplatform.com https://*.preview.powerappsportals.com https://*.skype.com https://*.skype.net https://*.web.core.windows.net/ https://api.appcenter.ms https://api.figma.com https://api.powerbi.com https://dc.services.visualstudio.com https://gov.api.bap.microsoft.us https://gov.api.powerapps.us https://login.microsoftonline.com https://noam.events.data.microsoft.com https://outlook.office365.com https://r4.res.office365.com https://config.centro.core.microsoft/config https://world.ces.microsoftcloud.com https://vsa.services.microsoft.com https://*.augloop.svc.cloud.microsoft https://api.powerplatformusercontent.com https://*.api.powerplatformusercontent.com https://augloop.svc.cloud.microsoft https://app-gen-proxy-api.azure-api.net wss://augloop.svc.cloud.microsoft wss://*.augloop.svc.cloud.microsoft wss://*.augloop.svc.cloud.dev.microsoft wss://*.azure.com wss://*.botframework.com wss://*.officeppe.com wss://*.office.com wss://make.gov.powerapps.us https://*.gateway.prod.island.powerapps.com wss://*.gateway.prod.island.powerapps.com wss://directline.botframework.com https://*.service.signalr.net wss://*.service.signalr.net; report-uri https://csp.microsoft.com/report/PPUX-Hosting;
frame-ancestors
Keyword
—
'self'
manifest-src
Keyword
—
'self'
style-src
Keyword
—
'self'
style-src
Keyword
—
'unsafe-inline'
style-src
Host
—
img-src
Keyword
—
'self'
img-src
Scheme
—
blob:
img-src
Scheme
—
data:
img-src
Host
—
*
font-src
Keyword
—
'self'
font-src
Scheme
—
data:
base-uri
Keyword
—
'self'
worker-src
Keyword
—
'self'
worker-src
Scheme
—
blob:
media-src
Keyword
—
'none'
object-src
Keyword
—
'none'
form-action
Host
—
frame-src
Host
—
frame-src
Host
—
script-src
Keyword
—
'self'
script-src
Scheme
—
blob:
script-src
Keyword
—
'unsafe-eval'
script-src
Host
—
script-src
Hash
—
'sha256-7/tGvenYqqFJBrpOBXB/3zJCx68M/0pr/RL2YLeDQL4='
script-src
Hash
—
'sha256-HJxn72LTLJMPGsE+oNGolGTmMzipPKn6pEgaGJHBVeA='
script-src
Hash
—
'sha256-SLBhg/3E0nZKlCQvsNyJznePAqCPUJXeoyiIiFbKnzk='
script-src
Hash
—
'sha256-Y8ROvxe2EtM+CP6juXdpZrzRfG2REm4jAfvSebn7pGU='
default-src
Keyword
—
'self'
connect-src
Keyword
—
'self'
connect-src
Scheme
—
blob:
connect-src
Scheme
—
data:
connect-src
Host
—
connect-src
Host
—
connect-src
Host
—
connect-src
Host
—
connect-src
Host
—
connect-src
Host
—
connect-src
Host
—
connect-src
Host
—
connect-src
Host
—
connect-src
Host
—
connect-src
Host
—
connect-src
Host
—
connect-src
Host
—
connect-src
Host
—
Content-Security-Policy-Report-Only
Content-Security-Policy-Report-Only: frame-ancestors 'self' https://*.azure.com https://*.dynamics.com https://*.microsoft.com https://*.office.com https://*.powerapps.com https://*.powerappsportals.com https://*.powerautomate.com https://*.powerbi.com https://*.powerplatform.com https://*.powerva.microsoft.com https://*.sharepoint.com https://*.spoppe.com https://copilotstudio.preview.microsoft.com https://teams.cloud.microsoft https://teams.microsoft.com https://*.cloud.microsoft; manifest-src 'self' https://*.powerapps.com https://make.preview.powerapps.com https://make.powerapps.com https://*.dynamics.com; style-src 'self' 'unsafe-inline' https://*.content.powerapps.com https://*.static.powerapps.com https://vsa.services.microsoft.com https://*.services.microsoft.com; img-src 'self' blob: data: *; font-src 'self' https://*.cdn.office.net https://*.content.powerapps.com https://*.microsoft.com https://*.sharepointonline.com https://*.static.powerapps.com https://content.powerapps.com https://fonts.gstatic.com https://static.powerapps.com https://use.typekit.net/ https://vsa.services.microsoft.com data:; base-uri 'self'; worker-src 'self' blob:; media-src 'none'; object-src 'none'; form-action https://*.dynamics.com https://*.mcas.ms; frame-src https://*.access.mcas.ms https://*.ces.microsoftcloud.com https://*.dynamics.com https://*.microsoft.com https://*.msidentity.com https://*.office.com https://*.powerapps.com https://*.powerautomate.com https://*.powerbi.com https://*.sharepoint.com https://*.windows.net https://amcdn.msftauth.net https://login.microsoftonline.com https://make.gov.powerapps.us https://microsoft.onmicrosoft-com.access.mcas.ms https://www.yammer.com https://www.youtube.com https://yammer.com https://athena-ui.trafficmanager.net https://*.vo.msecnd.net https://app-gen-proxy-api.azure-api.net; script-src 'self' blob: 'unsafe-eval' https://*.azure.com https://*.cdn.office.net https://*.content.powerapps.com https://*.microsoft.com https://*.msftauth.net https://*.office365.com https://*.powerapps.com https://*.static.powerapps.com https://login.microsoftonline.com https://make.gov.powerapps.us https://make.powerapps.com https://www.youtube.com 'sha256-7/tGvenYqqFJBrpOBXB/3zJCx68M/0pr/RL2YLeDQL4=' 'sha256-HJxn72LTLJMPGsE+oNGolGTmMzipPKn6pEgaGJHBVeA=' 'sha256-SLBhg/3E0nZKlCQvsNyJznePAqCPUJXeoyiIiFbKnzk=' 'sha256-Y8ROvxe2EtM+CP6juXdpZrzRfG2REm4jAfvSebn7pGU='; default-src 'self' https://*.content.powerapps.com https://*.static.powerapps.com https://content.powerapps.com https://static.powerapps.com; connect-src blob: data: https://*.azure-apihub.net https://*.azure-api.net https://*.azure.com https://*.azure-apim.net https://*.blob.core.windows.net https://*.clarity.ms https://*.crm.dynamics.com https://*.botframework.com https://*.cloud.microsoft https://*.dynamics.com https://*.live.com https://*.microsoft.com https://*.microsoftcloud.com https://*.msedge.net https://*.msn.com https://*.office.com https://*.cdn.office.net https://*.office365.com https://*.officeppe.com https://*.powerapps.com https://*.powerplatform.com https://*.skype.com https://*.skype.net https://*.web.core.windows.net/ https://api.appcenter.ms https://api.figma.com https://api.powerbi.com https://dc.services.visualstudio.com https://gov.api.bap.microsoft.us https://gov.api.powerapps.us https://login.microsoftonline.com https://noam.events.data.microsoft.com https://outlook.office365.com https://r4.res.office365.com https://config.centro.core.microsoft/config https://world.ces.microsoftcloud.com https://vsa.services.microsoft.com https://*.augloop.svc.cloud.microsoft https://api.powerplatformusercontent.com https://*.api.powerplatformusercontent.com https://augloop.svc.cloud.microsoft https://app-gen-proxy-api.azure-api.net wss://augloop.svc.cloud.microsoft wss://*.augloop.svc.cloud.microsoft wss://*.azure.com wss://*.botframework.com wss://*.officeppe.com wss://*.office.com wss://make.gov.powerapps.us https://*.gateway.prod.island.powerapps.com wss://*.gateway.prod.island.powerapps.com wss://directline.botframework.com https://*.service.signalr.net wss://*.service.signalr.net; report-uri https://csp.microsoft.com/report/PPUX-Hosting;
frame-ancestors
Keyword
—
'self'
manifest-src
Keyword
—
'self'
style-src
Keyword
—
'self'
style-src
Keyword
—
'unsafe-inline'
style-src
Host
—
img-src
Keyword
—
'self'
img-src
Scheme
—
blob:
img-src
Scheme
—
data:
img-src
Host
—
*
font-src
Keyword
—
'self'
font-src
Scheme
—
data:
base-uri
Keyword
—
'self'
worker-src
Keyword
—
'self'
worker-src
Scheme
—
blob:
media-src
Keyword
—
'none'
object-src
Keyword
—
'none'
form-action
Host
—
frame-src
Host
—
frame-src
Host
—
script-src
Keyword
—
'self'
script-src
Scheme
—
blob:
script-src
Keyword
—
'unsafe-eval'
script-src
Host
—
script-src
Hash
—
'sha256-7/tGvenYqqFJBrpOBXB/3zJCx68M/0pr/RL2YLeDQL4='
script-src
Hash
—
'sha256-HJxn72LTLJMPGsE+oNGolGTmMzipPKn6pEgaGJHBVeA='
script-src
Hash
—
'sha256-SLBhg/3E0nZKlCQvsNyJznePAqCPUJXeoyiIiFbKnzk='
script-src
Hash
—
'sha256-Y8ROvxe2EtM+CP6juXdpZrzRfG2REm4jAfvSebn7pGU='
default-src
Keyword
—
'self'
connect-src
Scheme
—
blob:
connect-src
Scheme
—
data:
connect-src
Host
—
connect-src
Host
—
connect-src
Host
—
connect-src
Host
—
connect-src
Host
—
connect-src
Host
—
connect-src
Host
—
connect-src
Host
—
connect-src
Host
—
connect-src
Host
—
connect-src
Host
—
connect-src
Host
—
connect-src
Host
—