Content-Security-Policy Analysis for https://atve.tv.apple.com

Open Cached · just now

10 directives

Content-Security-Policy

Content-Security-Policy: default-src 'self'; script-src 'self' *.titanos.tv *.comcast.com 'unsafe-eval'; connect-src 'self' *.apple.com *.cdn-apple.com *.mzstatic.com *.irdeto.com events.applemusic.com http://*:9009 http://*:56792 http://*:9888 ws://*:9888 ws://*:56792 ws://*:10415 ws://*:10016 ws://127.0.0.1:3473 data: blob:; img-src 'self' *.apple.com *.cdn-apple.com *.mzstatic.com events.applemusic.com android-webview-video-poster: data: blob:; style-src 'self' 'unsafe-inline'; object-src 'self'; worker-src 'self' blob:; media-src 'self' *.apple.com *.cdn-apple.com blob:; font-src 'self' *.cdn-apple.com; child-src 'self' *.apple.com *.cdn-apple.com *.mzstatic.com data: blob:

default-src Keyword —

'self'

script-src Keyword —

'self'

script-src Host —

*.titanos.tv

script-src Host —

*.comcast.com

script-src Keyword —

'unsafe-eval'

connect-src Keyword —

'self'

connect-src Host —

*.apple.com

connect-src Host —

*.cdn-apple.com

connect-src Host —

*.mzstatic.com

connect-src Host —

*.irdeto.com

ASN | Cloudflare

connect-src Host —

events.applemusic.com

ASN | Akamai

connect-src Host —

http://*:9009

connect-src Host —

http://*:56792

connect-src Host —

http://*:9888

connect-src Host —

ws://*:9888

connect-src Host —

ws://*:56792

connect-src Host —

ws://*:10415

connect-src Host —

ws://*:10016

connect-src Host —

ws://127.0.0.1:3473

connect-src Scheme —

data:

connect-src Scheme —

blob:

img-src Keyword —

'self'

img-src Host —

*.apple.com

img-src Host —

*.cdn-apple.com

img-src Host —

*.mzstatic.com

img-src Host —

events.applemusic.com

ASN | Akamai

img-src Scheme —

android-webview-video-poster:

img-src Scheme —

data:

img-src Scheme —

blob:

style-src Keyword —

'self'

style-src Keyword —

'unsafe-inline'

object-src Keyword —

'self'

worker-src Keyword —

'self'

worker-src Scheme —

blob:

media-src Keyword —

'self'

media-src Host —

*.apple.com

media-src Host —

*.cdn-apple.com

media-src Scheme —

blob:

font-src Keyword —

'self'

font-src Host —

*.cdn-apple.com

child-src Keyword —

'self'

child-src Host —

*.apple.com

child-src Host —

*.cdn-apple.com

child-src Host —

*.mzstatic.com

child-src Scheme —

data:

child-src Scheme —

blob:

Content-Security-Policy-Report-Only

No report-only CSP headers found.