Open
Cached
·
just now
14
directives
Content-Security-Policy
No enforced CSP headers found.
Content-Security-Policy-Report-Only
Content-Security-Policy-Report-Only: base-uri 'none'; connect-src 'self' http://localhost:* https://*.azure.com https://*.azurewebsites.net https://*.cdn.office.net https://*.microsoft.com https://*.microsoftonline.com https://*.microsoftstore.com https://*.office.com https://*.officeapps.live.com https://*.omnichannelengagementhub.com https://*.skype.com https://*.xbox.com https://aka.ms https://alchemysage.azurefd.net https://amcdn.msftauth.net https://login.live.com https://mem.gfx.ms https://ocsdk-prod.azureedge.net https://translate.googleapis.com https://www.google-analytics.com ms-contact-support: ms-surface-app: ms-windows-store: ws://localhost:* wss://*.trouter.skype.com; default-src 'none'; font-src 'self' https://*.cdn.office.net https://*.microsoft.com https://*.s-microsoft.com https://*.sharepointonline.com https://ajax.aspnetcdn.com https://fonts.gstatic.com https://spoppe-b.azureedge.net https://support.content.office.net https://use.typekit.net; form-action 'self' https://*.azure.com https://*.microsoft.com data:; frame-ancestors 'self' https://*.office.com https://*.officeapps.live.com https://*.sharepoint.com https://*.sharepoint-df.com https://admin-ignite.microsoft.com https://admin-sdf.microsoft.com https://admin.microsoft.com https://df.excel.cloud.microsoft https://df.powerpoint.cloud.microsoft https://df.word.cloud.microsoft https://excel.cloud-dev.microsoft https://excel.cloud.microsoft https://onedrive.live.com https://outlook.live.com https://powerpoint.cloud-dev.microsoft https://powerpoint.cloud.microsoft https://support.microsoft.com https://support.office.live.com https://teams.microsoft.com https://word.cloud-dev.microsoft https://word.cloud.microsoft; frame-src 'self' https://*.microsoft.com https://*.omnichannelengagementhub.com https://*.prod.support.office.com https://*.support.office.com https://amcdn.msftauth.net https://login.live.com https://login.microsoftonline.com https://mem.gfx.ms https://support.office.com https://support-uat.microsoft.com; img-src 'self' blob: data: https://*.microsoft.com https://*.s-microsoft.com https://aadcdn.msftauth.net https://arc.msn.com https://c.bing.com https://cxcs.microsoft.net https://fonts.gstatic.com https://img-prod-cms-rt-microsoft-com.akamaized.net https://logincdn.msftauth.net https://msegprdfuncblob.blob.core.windows.net https://musicart.xboxlive.com https://res.cdn.office.net https://res-1.cdn.office.net https://res.public.onecdn.static.microsoft https://support.content.office.net https://translate.google.com https://yastatic.net; media-src 'self' data: https://*.akamaized.net; object-src 'none'; report-uri /api/csp/report; script-src 'unsafe-inline' 'self' https:; style-src 'unsafe-inline' 'self' https:; worker-src 'self' blob:
base-uri
Keyword
—
'none'
connect-src
Keyword
—
'self'
connect-src
Host
—
connect-src
Host
—
connect-src
Host
—
connect-src
Scheme
—
ms-contact-support:
connect-src
Scheme
—
ms-surface-app:
connect-src
Scheme
—
ms-windows-store:
connect-src
Host
—
connect-src
Host
—
default-src
Keyword
—
'none'
font-src
Keyword
—
'self'
font-src
Host
—
form-action
Keyword
—
'self'
form-action
Scheme
—
data:
frame-ancestors
Keyword
—
'self'
frame-src
Keyword
—
'self'
frame-src
Host
—
img-src
Keyword
—
'self'
img-src
Scheme
—
blob:
img-src
Scheme
—
data:
img-src
Host
—
media-src
Keyword
—
'self'
media-src
Scheme
—
data:
object-src
Keyword
—
'none'
report-uri
Host
—
script-src
Keyword
—
'unsafe-inline'
script-src
Keyword
—
'self'
script-src
Scheme
—
https:
style-src
Keyword
—
'unsafe-inline'
style-src
Keyword
—
'self'
style-src
Scheme
—
https:
worker-src
Keyword
—
'self'
worker-src
Scheme
—
blob: