Content-Security-Policy Analysis for https://expresslane.apple.com

Open Cached · just now

5 directives

Content-Security-Policy

Content-Security-Policy: frame-ancestors 'self' https://starshot.scilliance.com https://portal.scilliance.com, default-src 'self' *.apple.com *.cdn-apple.com *.apple-mapkit.com *.autonavi.com blob:; img-src *.apple.com *.cdn-apple.com *.apple-mapkit.com *.autonavi.com *.apple.com.cn  data: 'unsafe-inline'; script-src 'unsafe-inline'   'unsafe-eval' *.apple.com *.cdn-apple.com *.apple-mapkit.com *.autonavi.com blob:; frame-src *.cardinalcommerce.com *.apple.com *.cdn-apple.com *.apple-mapkit.com; style-src 'unsafe-inline' *.apple.com *.cdn-apple.com *.apple-mapkit.com *.autonavi.com

frame-ancestors Keyword —

'self'

frame-ancestors Host —

https://starshot.scilliance.com

frame-ancestors Host —

https://portal.scilliance.com,

frame-ancestors Host —

default-src

frame-ancestors Keyword —

'self'

frame-ancestors Host —

*.apple.com

frame-ancestors Host —

*.cdn-apple.com

frame-ancestors Host —

*.apple-mapkit.com

frame-ancestors Host —

*.autonavi.com

frame-ancestors Scheme —

blob:

img-src Host —

*.apple.com

img-src Host —

*.cdn-apple.com

img-src Host —

*.apple-mapkit.com

img-src Host —

*.autonavi.com

img-src Host —

*.apple.com.cn

img-src Scheme —

data:

img-src Keyword —

'unsafe-inline'

script-src Keyword —

'unsafe-inline'

script-src Keyword —

'unsafe-eval'

script-src Host —

*.apple.com

script-src Host —

*.cdn-apple.com

script-src Host —

*.apple-mapkit.com

script-src Host —

*.autonavi.com

script-src Scheme —

blob:

frame-src Host —

*.cardinalcommerce.com

ASN | Cloudflare

frame-src Host —

*.apple.com

frame-src Host —

*.cdn-apple.com

frame-src Host —

*.apple-mapkit.com

style-src Keyword —

'unsafe-inline'

style-src Host —

*.apple.com

style-src Host —

*.cdn-apple.com

style-src Host —

*.apple-mapkit.com

style-src Host —

*.autonavi.com

Content-Security-Policy-Report-Only

No report-only CSP headers found.