Content-Security-Policy Analysis for https://itunespartner.apple.com

Open Cached · just now

10 directives

Content-Security-Policy

Content-Security-Policy: default-src 'self' *.apple.com; base-uri 'self'; script-src 'self' *.apple.com 'strict-dynamic' 'nonce-d5511e237078534a973680a8e9d97459' 'unsafe-eval'; style-src 'self' *.apple.com 'unsafe-inline'; img-src 'self' *.apple.com data: pineapple-coyote.s3.amazonaws.com data.securemetrics-apple.com; media-src 'self' *.apple.com blob: embed.apple.media pineapple-coyote.s3.amazonaws.com; frame-src 'self' *.apple.com embed.apple.media pineapple-coyote.s3.amazonaws.com; connect-src 'self' *.apple.com dpm.demdex.net data.securemetrics-apple.com; worker-src 'self' blob:; object-src 'none'

default-src Keyword —

'self'

default-src Host —

*.apple.com

base-uri Keyword —

'self'

script-src Keyword —

'self'

script-src Host —

*.apple.com

script-src Keyword —

'strict-dynamic'

script-src Nonce —

'nonce-d5511e237078534a973680a8e9d97459'

script-src Keyword —

'unsafe-eval'

style-src Keyword —

'self'

style-src Host —

*.apple.com

style-src Keyword —

'unsafe-inline'

img-src Keyword —

'self'

img-src Host —

*.apple.com

img-src Scheme —

data:

img-src Host

Amazon S3

pineapple-coyote.s3.amazonaws.com

img-src Host —

data.securemetrics-apple.com

media-src Keyword —

'self'

media-src Host —

*.apple.com

media-src Scheme —

blob:

media-src Host —

embed.apple.media

media-src Host

Amazon S3

pineapple-coyote.s3.amazonaws.com

frame-src Keyword —

'self'

frame-src Host —

*.apple.com

frame-src Host —

embed.apple.media

frame-src Host

Amazon S3

pineapple-coyote.s3.amazonaws.com

connect-src Keyword —

'self'

connect-src Host —

*.apple.com

connect-src Host

Adobe Audience Manager

dpm.demdex.net

connect-src Host —

data.securemetrics-apple.com

worker-src Keyword —

'self'

worker-src Scheme —

blob:

object-src Keyword —

'none'

Content-Security-Policy-Report-Only

No report-only CSP headers found.