Content-Security-Policy Analysis for https://make.preview.powerautomate.com

Open Cached · just now

19 directives

Content-Security-Policy

Content-Security-Policy: base-uri 'self'; object-src 'self'; worker-src data: blob: 'self'; media-src 'none'; manifest-src 'self'; font-src 'self' data: https://*.content.powerapps.com https://*.static.powerapps.com https://static2.sharepointonline.com https://*.cdn.office.net https://appsforoffice.microsoft.com https://spoprod-a.akamaihd.net; style-src 'self' 'unsafe-inline' https://*.content.powerapps.com https://*.static.powerapps.com https://*.cdn.office.net https://vsa.services.microsoft.com https://mfpembedcdnmsit.azureedge.net; child-src 'self' blob: ms-powerautomateregapp: ms-powerautomate: ms-powerautomatedesigner: https://make.preview.powerapps.com https://webshell.suite.office.com https://microsoft-onmicrosoft-com https://*.access.mcas.ms https://*.microsoft.com/ https://login.microsoftonline.com https://amcdn.msftauth.net https://outlook.office.com https://*.ces.microsoftcloud.com https://*.powerbi.com https://dogfoodartifacts.azureedge.net https://*.powerplatformusercontent.com https://bapfeblobprodsy.blob.core.windows.net https://bapfeblobprodml.blob.core.windows.net https://bapfeblobprodcq.blob.core.windows.net https://bapfeblobprodrio.blob.core.windows.net https://bapfeblobprodyt.blob.core.windows.net https://bapfeblobprodyq.blob.core.windows.net https://bapfeblobprodpn.blob.core.windows.net https://bapfeblobprodhk.blob.core.windows.net https://bapfeblobprodbl.blob.core.windows.net https://bapfeblobprodpa.blob.core.windows.net https://bapfeblobprodmr.blob.core.windows.net https://bapfeblobprodfra.blob.core.windows.net https://bapfeblobprodber.blob.core.windows.net https://bapfeblobprodkw.blob.core.windows.net https://bapfeblobprodos.blob.core.windows.net https://bapfeblobproddb.blob.core.windows.net https://bapfeblobprodjnb.blob.core.windows.net https://bapfeblobprodcpt.blob.core.windows.net https://bapfeblobprodsg.blob.core.windows.net https://bapfeblobprodma.blob.core.windows.net https://bapfeblobproddxb.blob.core.windows.net https://bapfeblobprodauh.blob.core.windows.net https://bapfeblobprodln.blob.core.windows.net https://bapfeblobprodcw.blob.core.windows.net https://bapfeblobprodam.blob.core.windows.net https://bapfeblobprodby.blob.core.windows.net https://bapfeblobprodzrh.blob.core.windows.net https://bapfeblobprodgva.blob.core.windows.net https://bapfeblobprodeno.blob.core.windows.net https://bapfeblobprodwno.blob.core.windows.net https://bapfeblobprodsgp.blob.core.windows.net https://bapfeblobprodskr.blob.core.windows.net https://bapfeblobprodckr.blob.core.windows.net https://bapfeblobprodcse.blob.core.windows.net https://bapfeblobprodcy.blob.core.windows.net https://bapfeblobprodmw.blob.core.windows.net https://az818438.vo.msecnd.net https://d365integstorageprodwus2.blob.core.windows.net; script-src 'self' 'wasm-unsafe-eval' https://*.content.powerapps.com https://*.static.powerapps.com https://*.cdn.office.net https://wcpstatic.microsoft.com https://*.msftauth.net https://*.res.office365.com https://*.monitor.azure.com https://*.flow.microsoft.com https://vsa.services.microsoft.com https://mfpembedcdnmsit.azureedge.net https://appsforoffice.microsoft.com https://cdn.jsdelivr.net/npm/[email protected] 'sha256-jnYvS9ayivPvQuFz+rpUvHU8Vu6HQw3VmQKmywwbVvA=' 'sha256-TRsq5vkmHlqVgkpiE7RBLWrt6Punq9JsRG+VubnDdAI=' 'sha256-FiSjMm6vNWfT04RjabSkbGAO5ImEUFrt87OoehycFs4=' 'sha256-wODu+VfY8ND+vPVOUkzkfC/1jpkO6aSN5rGEBoSdnys='; report-uri https://csp.microsoft.com/report/PowerAutomate-MakerPortal;

base-uri Keyword —

'self'

object-src Keyword —

'self'

worker-src Scheme —

data:

worker-src Scheme —

blob:

worker-src Keyword —

'self'

media-src Keyword —

'none'

manifest-src Keyword —

'self'

font-src Keyword —

'self'

font-src Scheme —

data:

font-src Host —

https://*.content.powerapps.com

ASN | Microsoft

font-src Host —

https://*.static.powerapps.com

ASN | Microsoft

font-src Host

Microsoft SharePoint

https://static2.sharepointonline.com

ASN | Akamai

font-src Host

Microsoft 365

https://*.cdn.office.net

font-src Host —

https://appsforoffice.microsoft.com

ASN | Microsoft

font-src Host

Akamai

https://spoprod-a.akamaihd.net

ASN | Akamai

style-src Keyword —

'self'

style-src Keyword —

'unsafe-inline'

style-src Host —

https://*.content.powerapps.com

ASN | Microsoft

style-src Host —

https://*.static.powerapps.com

ASN | Microsoft

style-src Host

Microsoft 365

https://*.cdn.office.net

style-src Host —

https://vsa.services.microsoft.com

ASN | Microsoft

style-src Host

AzureFrontDoor

https://mfpembedcdnmsit.azureedge.net

ASN | Microsoft

child-src Keyword —

'self'

child-src Scheme —

blob:

child-src Scheme —

ms-powerautomateregapp:

child-src Scheme —

ms-powerautomate:

child-src Scheme —

ms-powerautomatedesigner:

child-src Host —

https://make.preview.powerapps.com

ASN | Microsoft

child-src Host

Microsoft 365

https://webshell.suite.office.com

ASN | Microsoft

child-src Host —

https://microsoft-onmicrosoft-com

child-src Host —

https://*.access.mcas.ms

ASN | Microsoft

child-src Host —

https://*.microsoft.com/

ASN | Microsoft

child-src Host

Microsoft Entra ID

https://login.microsoftonline.com

ASN | Microsoft

child-src Host —

https://amcdn.msftauth.net

ASN | Microsoft

child-src Host

Microsoft 365

https://outlook.office.com

ASN | Microsoft

child-src Host —

https://*.ces.microsoftcloud.com

child-src Host

Microsoft Power BI

https://*.powerbi.com

ASN | Microsoft

child-src Host

AzureFrontDoor

https://dogfoodartifacts.azureedge.net

child-src Host —

https://*.powerplatformusercontent.com

child-src Host

Azure Blob Storage

https://bapfeblobprodsy.blob.core.windows.net

ASN | Microsoft

child-src Host

Azure Blob Storage

https://bapfeblobprodml.blob.core.windows.net

ASN | Microsoft

child-src Host

Azure Blob Storage

https://bapfeblobprodcq.blob.core.windows.net

ASN | Microsoft

child-src Host

Azure Blob Storage

https://bapfeblobprodrio.blob.core.windows.net

ASN | Microsoft

child-src Host

Azure Blob Storage

https://bapfeblobprodyt.blob.core.windows.net

ASN | Microsoft

child-src Host

Azure Blob Storage

https://bapfeblobprodyq.blob.core.windows.net

ASN | Microsoft

child-src Host

Azure Blob Storage

https://bapfeblobprodpn.blob.core.windows.net

ASN | Microsoft

child-src Host

Azure Blob Storage

https://bapfeblobprodhk.blob.core.windows.net

ASN | Microsoft

child-src Host

Azure Blob Storage

https://bapfeblobprodbl.blob.core.windows.net

ASN | Microsoft

child-src Host

Azure Blob Storage

https://bapfeblobprodpa.blob.core.windows.net

ASN | Microsoft

child-src Host

Azure Blob Storage

https://bapfeblobprodmr.blob.core.windows.net

ASN | Microsoft

child-src Host

Azure Blob Storage

https://bapfeblobprodfra.blob.core.windows.net

ASN | Microsoft

child-src Host

Azure Blob Storage

https://bapfeblobprodber.blob.core.windows.net

ASN | Microsoft

child-src Host

Azure Blob Storage

https://bapfeblobprodkw.blob.core.windows.net

ASN | Microsoft

child-src Host

Azure Blob Storage

https://bapfeblobprodos.blob.core.windows.net

ASN | Microsoft

child-src Host

Azure Blob Storage

https://bapfeblobproddb.blob.core.windows.net

ASN | Microsoft

child-src Host

Azure Blob Storage

https://bapfeblobprodjnb.blob.core.windows.net

ASN | Microsoft

child-src Host

Azure Blob Storage

https://bapfeblobprodcpt.blob.core.windows.net

ASN | Microsoft

child-src Host

Azure Blob Storage

https://bapfeblobprodsg.blob.core.windows.net

ASN | Microsoft

child-src Host

Azure Blob Storage

https://bapfeblobprodma.blob.core.windows.net

ASN | Microsoft

child-src Host

Azure Blob Storage

https://bapfeblobproddxb.blob.core.windows.net

ASN | Microsoft

child-src Host

Azure Blob Storage

https://bapfeblobprodauh.blob.core.windows.net

ASN | Microsoft

child-src Host

Azure Blob Storage

https://bapfeblobprodln.blob.core.windows.net

ASN | Microsoft

child-src Host

Azure Blob Storage

https://bapfeblobprodcw.blob.core.windows.net

ASN | Microsoft

child-src Host

Azure Blob Storage

https://bapfeblobprodam.blob.core.windows.net

ASN | Microsoft

child-src Host

Azure Blob Storage

https://bapfeblobprodby.blob.core.windows.net

ASN | Microsoft

child-src Host

Azure Blob Storage

https://bapfeblobprodzrh.blob.core.windows.net

ASN | Microsoft

child-src Host

Azure Blob Storage

https://bapfeblobprodgva.blob.core.windows.net

ASN | Microsoft

child-src Host

Azure Blob Storage

https://bapfeblobprodeno.blob.core.windows.net

ASN | Microsoft

child-src Host

Azure Blob Storage

https://bapfeblobprodwno.blob.core.windows.net

ASN | Microsoft

child-src Host

Azure Blob Storage

https://bapfeblobprodsgp.blob.core.windows.net

ASN | Microsoft

child-src Host

Azure Blob Storage

https://bapfeblobprodskr.blob.core.windows.net

ASN | Microsoft

child-src Host

Azure Blob Storage

https://bapfeblobprodckr.blob.core.windows.net

ASN | Microsoft

child-src Host

Azure Blob Storage

https://bapfeblobprodcse.blob.core.windows.net

ASN | Microsoft

child-src Host

Azure Blob Storage

https://bapfeblobprodcy.blob.core.windows.net

ASN | Microsoft

child-src Host

Azure Blob Storage

https://bapfeblobprodmw.blob.core.windows.net

ASN | Microsoft

child-src Host

Microsoft Azure

https://az818438.vo.msecnd.net

ASN | Microsoft

child-src Host

Azure Blob Storage

https://d365integstorageprodwus2.blob.core.windows.net

ASN | Microsoft

script-src Keyword —

'self'

script-src Keyword —

'wasm-unsafe-eval'

script-src Host —

https://*.content.powerapps.com

ASN | Microsoft

script-src Host —

https://*.static.powerapps.com

ASN | Microsoft

script-src Host

Microsoft 365

https://*.cdn.office.net

script-src Host —

https://wcpstatic.microsoft.com

ASN | Microsoft

script-src Host —

https://*.msftauth.net

script-src Host

Microsoft 365

https://*.res.office365.com

script-src Host

Azure Monitor

https://*.monitor.azure.com

script-src Host —

https://*.flow.microsoft.com

ASN | Microsoft

script-src Host —

https://vsa.services.microsoft.com

ASN | Microsoft

script-src Host

AzureFrontDoor

https://mfpembedcdnmsit.azureedge.net

ASN | Microsoft

script-src Host —

https://appsforoffice.microsoft.com

ASN | Microsoft

script-src Host

jsDelivr

https://cdn.jsdelivr.net/npm/[email protected]

ASN | Cloudflare

script-src Hash —

'sha256-jnYvS9ayivPvQuFz+rpUvHU8Vu6HQw3VmQKmywwbVvA='

script-src Hash —

'sha256-TRsq5vkmHlqVgkpiE7RBLWrt6Punq9JsRG+VubnDdAI='

script-src Hash —

'sha256-FiSjMm6vNWfT04RjabSkbGAO5ImEUFrt87OoehycFs4='

script-src Hash —

'sha256-wODu+VfY8ND+vPVOUkzkfC/1jpkO6aSN5rGEBoSdnys='

report-uri Host —

https://csp.microsoft.com/report/PowerAutomate-MakerPortal

ASN | Microsoft

Content-Security-Policy-Report-Only

Content-Security-Policy-Report-Only: base-uri 'self'; media-src 'none'; object-src 'self'; manifest-src 'self'; style-src 'self' 'unsafe-inline' https://*.content.powerapps.com https://*.static.powerapps.com https://*.cdn.office.net https://vsa.services.microsoft.com https://mfpembedcdnmsit.azureedge.net; script-src 'self' blob: https://wcpstatic.microsoft.com https://shell.cdn.office.net https://res.cdn.office.net https://r4.res.office365.com https://amcdn.msftauth.net https://js.monitor.azure.com https://vsa.services.microsoft.com https://api.flow.microsoft.com https://preview.content.powerapps.com 'sha256-CnzmUY9XDWPjkAgzDPEHLlm4gygKztleRupzQDsr608=' 'sha256-JEwSVBrCE741EV9rbuu3EqBV+pc2dpFhRHIV6+9J0mY=' 'sha256-+2jm5SNRB4WubmMQDChnXjseeCIhj34lMFWKhVn1qBE=' 'sha256-y7y27Uq4p88K6EhwSUfbhCk9VakghnU/hORgjhopExY=' 'sha256-yt+SNVxRkIi6H6yb7ndFuZM1esMX9esg3UpRHaTsyVk=' 'sha256-jnYvS9ayivPvQuFz+rpUvHU8Vu6HQw3VmQKmywwbVvA=' 'sha256-TRsq5vkmHlqVgkpiE7RBLWrt6Punq9JsRG+VubnDdAI=' 'sha256-FiSjMm6vNWfT04RjabSkbGAO5ImEUFrt87OoehycFs4=' 'sha256-wODu+VfY8ND+vPVOUkzkfC/1jpkO6aSN5rGEBoSdnys='; font-src 'self' data: https://*.content.powerapps.com https://*.static.powerapps.com https://static2.sharepointonline.com https://*.cdn.office.net https://appsforoffice.microsoft.com https://spoprod-a.akamaihd.net; form-action 'self'; report-uri https://csp.microsoft.com/report/PowerAutomate-MakerPortal;

base-uri Keyword —

'self'

media-src Keyword —

'none'

object-src Keyword —

'self'

manifest-src Keyword —

'self'

style-src Keyword —

'self'

style-src Keyword —

'unsafe-inline'