Content-Security-Policy Analysis for https://maven.apache.org

Open Cached · just now

6 directives

Content-Security-Policy

Content-Security-Policy: default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/  ; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/  ; style-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/  ; frame-ancestors 'self'; frame-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/  ; worker-src 'self' data: blob:;

default-src Keyword —

'self'

default-src Scheme —

data:

default-src Scheme —

blob:

default-src Keyword —

'unsafe-inline'

default-src Keyword —

'unsafe-eval'

default-src Host —

https://www.apachecon.com/

default-src Host —

https://www.communityovercode.org/

ASN | Automattic

default-src Host —

https://*.apache.org/

default-src Host —

https://apache.org/

default-src Host —

https://*.scarf.sh/

script-src Keyword —

'self'

script-src Scheme —

data:

script-src Scheme —

blob:

script-src Keyword —

'unsafe-inline'

script-src Keyword —

'unsafe-eval'

script-src Host —

https://www.apachecon.com/

script-src Host —

https://www.communityovercode.org/

ASN | Automattic

script-src Host —

https://*.apache.org/

script-src Host —

https://apache.org/

script-src Host —

https://*.scarf.sh/

style-src Keyword —

'self'

style-src Scheme —

data:

style-src Scheme —

blob:

style-src Keyword —

'unsafe-inline'

style-src Keyword —

'unsafe-eval'

style-src Host —

https://www.apachecon.com/

style-src Host —

https://www.communityovercode.org/

ASN | Automattic

style-src Host —

https://*.apache.org/

style-src Host —

https://apache.org/

style-src Host —

https://*.scarf.sh/

frame-ancestors Keyword —

'self'

frame-src Keyword —

'self'

frame-src Scheme —

data:

frame-src Scheme —

blob:

frame-src Keyword —

'unsafe-inline'

frame-src Keyword —

'unsafe-eval'

frame-src Host —

https://www.apachecon.com/

frame-src Host —

https://www.communityovercode.org/

ASN | Automattic

frame-src Host —

https://*.apache.org/

frame-src Host —

https://apache.org/

frame-src Host —

https://*.scarf.sh/

worker-src Keyword —

'self'

worker-src Scheme —

data:

worker-src Scheme —

blob:

Content-Security-Policy-Report-Only

No report-only CSP headers found.