Content-Security-Policy Analysis for https://onenote.com

Open Cached · 2h ago

18 directives

Content-Security-Policy

Content-Security-Policy: script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' 'wasm-unsafe-eval' *.cdn.office.net *.public.onecdn.static.microsoft *.office.com aadcdn.msauth.net aadcdn.msftauth.net blob: https: https://a-ring.msedge.net https://amcdn.msauth.net https://amcdn.msftauth.net https://b-ring.msedge.net https://graph.microsoft.com https://gtm-dyn-direct.office365.com https://js.monitor.azure.com https://k-ring.msedge.net https://outlook.live.com https://outlook.office.com https://ow1.res.office365.com https://partner.dev.oasis.microsoft.com https://r4.res.office365.com https://s-ring.msedge.net https://web.vortex.data.microsoft.com https://webshell.suite.office.com https://webshell.suite.officeppe.com res.cdn.office.net;style-src 'report-sample' 'self' 'unsafe-inline' *.cdn.office.net *.fluidpreview.office.net *.microsoft.com https://www.microsoft.com/ res-dev.cdn.officeppe.net res.public.onecdn.static.microsoft;default-src 'self' *.cdn.office.net *.public.onecdn.static.microsoft cdn.fluidpreview.office.net https://midgardbranches.blob.core.windows.net res-dev.cdn.officeppe.net res.cdn.office.net res.public.onecdn.static.microsoft;img-src 'self' *.augloop.svc.cloud.microsoft *.cdn.office.net *.clipchamp.com *.create.microsoft.com *.loki.delve.office.com *.oasis.microsoft.com *.onecdn.static.microsoft *.osi.office.net *.osi.officeppe.net *.public.onecdn.static.microsoft *.s-microsoft.com *.sharepointonline.com *.svc.ms aadcdn.msftauthimages.net az787822.vo.msecnd.net blob: browser.events.data.microsoft.com cdn.create.microsoft.com cdn.designerapp.osi.office.net cdn.hubblecontent.osi.office.net clipchamp.df.onecdn.static.microsoft clipchamp.public.onecdn.static.microsoft content.lifecycle.office.net content.lifecycle.officeppe.net content.powerapps.com copilotstudio.preview.microsoft.com data: designer.cloud.microsoft designer.microsoft.com designerapp.edog.officeapps.live.com designerapp.officeapps.live.com forms.office.com https://outlook.office.com https://sdfpilot.outlook.com https://webshell.suite.office.com m365.cloud.microsoft measure.office.com media.licdn.com outlook-1.cdn.office.net pmservices.cp.microsoft.com powerautomate.microsoft.com preview.content.powerapps.com prod.msocdn.com prodapiicons.cdn.powerappscdn.net res-1.cdn.office.net res-dev.cdn.officeppe.net res.cdn.office.net res.public.onecdn.static.microsoft.com secure.aadcdn.microsoftonline-p.com spoprod-a.akamaihd.net static2.sharepointonline.com staticresources.payments.microsoft.com statics.teams.cdn.office.net substrate.office.com tip1apiicons.cdn.powerappscdn.net tip2apiicons.cdn.powerappscdn.net www.microsoft365.com;connect-src 'self' *.augloop.svc.cloud.microsoft *.cdn.office.net *.collabhubrtc.officeapps.live.com *.public.onecdn.static.microsoft *.microsoft.com *.office.com *.office365.com *.officeapps.live.com *.rtc.svc.cloud.microsoft *.sharepoint-df.com *.sharepoint.com *.svc.ms arc-emea.msn.com arc.msn.com blob: data: https: https://admin.microsoft.com https://api.onedrive.com https://artifacts.dev.azure.com https://browser.events.data.microsoft.com https://browser.pipe.aria.microsoft.com https://cdn.config.centro.core.microsoft https://clients.config.gcc.office.net https://clients.config.office.net https://config.edge.skype.com https://config.edge.skype.net https://consentreceiverfd-prod.azurefd.net https://eu-mobile.events.data.microsoft.com https://eu-office.events.data.microsoft.com https://graph.microsoft.com https://login.microsoftonline.com https://my.microsoftpersonalcontent.com https://nleditor.osi.officeppe.net https://odc.edog.officeapps.live.com https://outlook.cloud.microsoft https://petrol-int.office.microsoft.com https://petrol.office.microsoft.com https://pp1.prd.bmc.teams.microsoft.com https://teams.cloud.microsoft https://titles.prod.mos.microsoft.com res-dev.cdn.officeppe.net res.cdn.office.net wss: wss://*.augloop.office.com wss://*.augloop-gcc.office.com wss://*.dogfood.augloop.svc.cloud.microsoft wss://*.gcc.augloop.svc.cloud.microsoft wss://*.trouter.teams.microsoft.com wss://augloop.office.com wss://augloop.svc.cloud.microsoft wss://gcc.augloop.svc.cloud.microsoft wss://substrate.office.com;font-src 'self' 'unsafe-inline' *.azureedge.net *.cdn.office.net *.public.onecdn.static.microsoft *.fluidpreview.office.net *.sharepointonline.com cdn.create.microsoft.com data: fs.microsoft.com https://c.s-microsoft.com prod.msocdn.com res-dev.cdn.officeppe.net res.cdn.office.net res.public.onecdn.static.microsoft sharepointonline.com spoprod-a.akamaihd.net;frame-ancestors 'self' data: https://support.office.com;frame-src 'self' * *.cdn.office.net *.oasis.microsoft.com *.office.com *.officeapps.live.com *.sharepoint-df.com *.sharepoint.com blob: https://amcdn.msftauth.net https://create.cloud.microsoft https://create.microsoft.com https://login.live.com https://login.microsoftonline.com https://microsoft-onmicrosoft-com.access.mcas.ms https://my.microsoftpersonalcontent.com https://onedrive.live.com https://webshell.suite.officeppe.com https://www.odwebp.svc.ms ms-excel: ms-powerpoint: ms-word: onenote:;upgrade-insecure-requests;media-src 'self' https://*.sharepoint-df.com https://*.sharepoint.com blob: data: *.cdn.office.net *.azureedge.net *.core.windows.net *.clipchamp.com *.oasis.microsoft.com *.create.microsoft.com;manifest-src 'self';child-src blob:;object-src 'none';form-action https://*;worker-src 'self' blob:;trusted-types 'allow-duplicates' 1DSScriptURL @1js/midgard-trusted-types @azure/ms-rest-js#xml.browser @centro/floodgate @centro/hvc-loader @fluidx/loop @fluidx/loop#loop-app @fluidx/loop#loop-page-container @fluidx/loop#odsp-driver @fluidx/loop#office-fluid-container @microsoft/1ds-getcollectorurlsnippet-js#sanitize-html @msstream/azuremediaplayer#worker-noop @msstream/one-player#noop-create-html @msteams/embed-client @msstream/one-player#sanitize-html MeControlScriptURL cdn-url#oneshell default domPurifyHTML domUtilsTrustedTypePolicy dompurify html2canvas html2canvas-feedback nextjs nextjs#bundler ocvPolicy officebrowserfeedback#domUtils safe-xml#oneshell sccChatTrustedTypesPolicy sccEntityDrawerTrustedTypesPolicy script-url#webpack shellInfoPolicy;report-uri https://csp.microsoft.com/report/OfficeAppHome-PROD;report-to AppHomeReportToEndpoint

script-src Keyword —

'report-sample'

script-src Keyword —

'self'

script-src Keyword —

'unsafe-eval'

script-src Keyword —

'unsafe-inline'

script-src Keyword —

'wasm-unsafe-eval'

script-src Host

Microsoft 365

*.cdn.office.net

script-src Host —

*.public.onecdn.static.microsoft

script-src Host

Microsoft 365

*.office.com

ASN | Microsoft

script-src Host —

aadcdn.msauth.net

ASN | Microsoft

script-src Host —

aadcdn.msftauth.net

ASN | Akamai

script-src Scheme —

blob:

script-src Scheme —

https:

script-src Host —

https://a-ring.msedge.net

ASN | Microsoft

script-src Host —

https://amcdn.msauth.net

ASN | Microsoft

script-src Host —

https://amcdn.msftauth.net

ASN | Microsoft

script-src Host —

https://b-ring.msedge.net

ASN | Microsoft

script-src Host —

https://graph.microsoft.com

ASN | Microsoft

script-src Host

Microsoft 365

https://gtm-dyn-direct.office365.com

ASN | Microsoft

script-src Host

Azure Monitor

https://js.monitor.azure.com

ASN | Microsoft

script-src Host —

https://k-ring.msedge.net

ASN | Microsoft

script-src Host —

https://outlook.live.com

ASN | Microsoft

script-src Host

Microsoft 365

https://outlook.office.com

ASN | Microsoft

script-src Host

Microsoft 365

https://ow1.res.office365.com

ASN | Akamai

script-src Host —

https://partner.dev.oasis.microsoft.com

ASN | Microsoft

script-src Host

Microsoft 365

https://r4.res.office365.com

ASN | Akamai

script-src Host —

https://s-ring.msedge.net

ASN | Microsoft

script-src Host —

https://web.vortex.data.microsoft.com

script-src Host

Microsoft 365

https://webshell.suite.office.com

ASN | Microsoft

script-src Host —

https://webshell.suite.officeppe.com

ASN | Microsoft

script-src Host

Microsoft 365

res.cdn.office.net

ASN | Akamai

style-src Keyword —

'report-sample'

style-src Keyword —

'self'

style-src Keyword —

'unsafe-inline'

style-src Host

Microsoft 365

*.cdn.office.net

style-src Host

Microsoft 365

*.fluidpreview.office.net

ASN | Microsoft

style-src Host —

*.microsoft.com

ASN | Microsoft

style-src Host —

https://www.microsoft.com/

ASN | Akamai

style-src Host —

res-dev.cdn.officeppe.net

ASN | Akamai

style-src Host —

res.public.onecdn.static.microsoft

ASN | Akamai

default-src Keyword —

'self'

default-src Host

Microsoft 365

*.cdn.office.net

default-src Host —

*.public.onecdn.static.microsoft

default-src Host

Microsoft 365

cdn.fluidpreview.office.net

ASN | Akamai

default-src Host

Azure Blob Storage

https://midgardbranches.blob.core.windows.net

ASN | Microsoft

default-src Host —

res-dev.cdn.officeppe.net

ASN | Akamai

default-src Host

Microsoft 365

res.cdn.office.net

ASN | Akamai

default-src Host —

res.public.onecdn.static.microsoft

ASN | Akamai

img-src Keyword —

'self'

img-src Host —

*.augloop.svc.cloud.microsoft

ASN | Microsoft

img-src Host

Microsoft 365

*.cdn.office.net

img-src Host —

*.clipchamp.com

ASN | Microsoft

img-src Host —

*.create.microsoft.com

ASN | Microsoft

img-src Host

Microsoft 365

*.loki.delve.office.com

ASN | Microsoft

img-src Host —

*.oasis.microsoft.com

img-src Host —

*.onecdn.static.microsoft

img-src Host

Microsoft 365

*.osi.office.net

img-src Host —

*.osi.officeppe.net

img-src Host —

*.public.onecdn.static.microsoft

img-src Host —

*.s-microsoft.com

img-src Host

Microsoft SharePoint

*.sharepointonline.com

ASN | Microsoft

img-src Host —

*.svc.ms

img-src Host —

aadcdn.msftauthimages.net

ASN | Microsoft

img-src Host

Microsoft Azure

az787822.vo.msecnd.net

img-src Scheme —

blob:

img-src Host —

browser.events.data.microsoft.com

ASN | Microsoft

img-src Host —

cdn.create.microsoft.com

ASN | Akamai

img-src Host

Microsoft 365

cdn.designerapp.osi.office.net

ASN | Akamai

img-src Host

Microsoft 365

cdn.hubblecontent.osi.office.net

ASN | Akamai

img-src Host —

clipchamp.df.onecdn.static.microsoft

ASN | Microsoft

img-src Host —

clipchamp.public.onecdn.static.microsoft

ASN | Microsoft

img-src Host

Microsoft 365

content.lifecycle.office.net

ASN | Microsoft

img-src Host —

content.lifecycle.officeppe.net

ASN | Microsoft

img-src Host —

content.powerapps.com

ASN | Microsoft

img-src Host —

copilotstudio.preview.microsoft.com

ASN | Microsoft

img-src Scheme —

data:

img-src Host —

designer.cloud.microsoft

ASN | Akamai

img-src Host —

designer.microsoft.com

ASN | Akamai

img-src Host —

designerapp.edog.officeapps.live.com

ASN | Microsoft

img-src Host —

designerapp.officeapps.live.com

ASN | Microsoft

img-src Host

Microsoft 365

forms.office.com

ASN | Microsoft

img-src Host

Microsoft 365

https://outlook.office.com

ASN | Microsoft

img-src Host

Microsoft 365

https://sdfpilot.outlook.com

ASN | Microsoft

img-src Host

Microsoft 365

https://webshell.suite.office.com

ASN | Microsoft

img-src Host —

m365.cloud.microsoft

ASN | Microsoft

img-src Host

Microsoft 365

measure.office.com

img-src Host

media.licdn.com

ASN | Fastly

img-src Host

Microsoft 365

outlook-1.cdn.office.net

ASN | Akamai

img-src Host —

pmservices.cp.microsoft.com

ASN | Microsoft

img-src Host —

powerautomate.microsoft.com

ASN | Microsoft

img-src Host —

preview.content.powerapps.com

ASN | Microsoft

img-src Host —

prod.msocdn.com

img-src Host —

prodapiicons.cdn.powerappscdn.net

ASN | Microsoft

img-src Host

Microsoft 365

res-1.cdn.office.net

ASN | Akamai

img-src Host —

res-dev.cdn.officeppe.net

ASN | Akamai

img-src Host

Microsoft 365

res.cdn.office.net

ASN | Akamai

img-src Host —

res.public.onecdn.static.microsoft.com

img-src Host —

secure.aadcdn.microsoftonline-p.com

ASN | Microsoft

img-src Host

Akamai

spoprod-a.akamaihd.net

ASN | Akamai

img-src Host

Microsoft SharePoint

static2.sharepointonline.com

ASN | Akamai

img-src Host —

staticresources.payments.microsoft.com

ASN | Microsoft

img-src Host

Microsoft 365

statics.teams.cdn.office.net

ASN | Akamai

img-src Host

Microsoft 365

substrate.office.com

ASN | Microsoft

img-src Host —

tip1apiicons.cdn.powerappscdn.net

ASN | Microsoft

img-src Host —

tip2apiicons.cdn.powerappscdn.net

ASN | Microsoft

img-src Host —

www.microsoft365.com

ASN | Microsoft

connect-src Keyword —

'self'

connect-src Host —

*.augloop.svc.cloud.microsoft

ASN | Microsoft

connect-src Host

Microsoft 365

*.cdn.office.net

connect-src Host —

*.collabhubrtc.officeapps.live.com

connect-src Host —

*.public.onecdn.static.microsoft

connect-src Host —

*.microsoft.com

ASN | Microsoft

connect-src Host

Microsoft 365

*.office.com

ASN | Microsoft

connect-src Host

Microsoft 365

*.office365.com

ASN | Microsoft

connect-src Host —

*.officeapps.live.com

ASN | Microsoft

connect-src Host —

*.rtc.svc.cloud.microsoft

connect-src Host —

*.sharepoint-df.com

ASN | Microsoft

connect-src Host

Microsoft SharePoint

*.sharepoint.com

ASN | Microsoft

connect-src Host —

*.svc.ms

connect-src Host —

arc-emea.msn.com

ASN | Microsoft

connect-src Host —

arc.msn.com

ASN | Microsoft

connect-src Scheme —

blob:

connect-src Scheme —

data:

connect-src Scheme —

https:

connect-src Host —

https://admin.microsoft.com

ASN | Microsoft

connect-src Host —

https://api.onedrive.com

ASN | Microsoft

connect-src Host

Microsoft Azure

https://artifacts.dev.azure.com

ASN | Microsoft

connect-src Host —

https://browser.events.data.microsoft.com

ASN | Microsoft

connect-src Host —

https://browser.pipe.aria.microsoft.com

ASN | Microsoft

connect-src Host —

https://cdn.config.centro.core.microsoft

ASN | Akamai

connect-src Host

Microsoft 365

https://clients.config.gcc.office.net

ASN | Microsoft

connect-src Host

Microsoft 365

https://clients.config.office.net

ASN | Microsoft

connect-src Host —

https://config.edge.skype.com

ASN | Microsoft

connect-src Host —

https://config.edge.skype.net

ASN | Microsoft

connect-src Host

AzureFrontDoor

https://consentreceiverfd-prod.azurefd.net

ASN | Microsoft

connect-src Host —

https://eu-mobile.events.data.microsoft.com

ASN | Microsoft

connect-src Host —

https://eu-office.events.data.microsoft.com

ASN | Microsoft

connect-src Host —

https://graph.microsoft.com

ASN | Microsoft

connect-src Host

Microsoft Entra ID

https://login.microsoftonline.com

ASN | Microsoft

connect-src Host —

https://my.microsoftpersonalcontent.com

ASN | Microsoft

connect-src Host —

https://nleditor.osi.officeppe.net

ASN | Microsoft

connect-src Host —

https://odc.edog.officeapps.live.com

ASN | Microsoft

connect-src Host —

https://outlook.cloud.microsoft

ASN | Microsoft

connect-src Host —

https://petrol-int.office.microsoft.com

ASN | Microsoft

connect-src Host —

https://petrol.office.microsoft.com

ASN | Microsoft

connect-src Host —

https://pp1.prd.bmc.teams.microsoft.com

ASN | Microsoft

connect-src Host —

https://teams.cloud.microsoft

ASN | Microsoft

connect-src Host —

https://titles.prod.mos.microsoft.com

ASN | Microsoft

connect-src Host —

res-dev.cdn.officeppe.net

ASN | Akamai

connect-src Host

Microsoft 365

res.cdn.office.net

ASN | Akamai

connect-src Scheme —

wss:

connect-src Host

Microsoft 365

wss://*.augloop.office.com

ASN | Microsoft

connect-src Host

Microsoft 365

wss://*.augloop-gcc.office.com

ASN | MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation

connect-src Host —

wss://*.dogfood.augloop.svc.cloud.microsoft

ASN | Microsoft

connect-src Host —

wss://*.gcc.augloop.svc.cloud.microsoft

ASN | MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation

connect-src Host —

wss://*.trouter.teams.microsoft.com

connect-src Host

Microsoft 365

wss://augloop.office.com

ASN | Microsoft

connect-src Host —

wss://augloop.svc.cloud.microsoft

ASN | Microsoft

connect-src Host —

wss://gcc.augloop.svc.cloud.microsoft

ASN | MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation

connect-src Host

Microsoft 365

wss://substrate.office.com

ASN | Microsoft

font-src Keyword —

'self'

font-src Keyword —

'unsafe-inline'

font-src Host

AzureFrontDoor

*.azureedge.net

font-src Host

Microsoft 365

*.cdn.office.net

font-src Host —

*.public.onecdn.static.microsoft

font-src Host

Microsoft 365

*.fluidpreview.office.net

ASN | Microsoft

font-src Host

Microsoft SharePoint

*.sharepointonline.com

ASN | Microsoft

font-src Host —

cdn.create.microsoft.com

ASN | Akamai

font-src Scheme —

data:

font-src Host —

fs.microsoft.com

ASN | Akamai

font-src Host —

https://c.s-microsoft.com

ASN | Akamai

font-src Host —

prod.msocdn.com

font-src Host —

res-dev.cdn.officeppe.net

ASN | Akamai

font-src Host

Microsoft 365

res.cdn.office.net

ASN | Akamai

font-src Host —

res.public.onecdn.static.microsoft

ASN | Akamai

font-src Host

Microsoft SharePoint

sharepointonline.com

ASN | Microsoft

font-src Host

Akamai

spoprod-a.akamaihd.net

ASN | Akamai

frame-ancestors Keyword —

'self'

frame-ancestors Scheme —

data:

frame-ancestors Host

Microsoft 365

https://support.office.com

ASN | Microsoft

frame-src Keyword —

'self'

frame-src Host —

frame-src Host

Microsoft 365

*.cdn.office.net

frame-src Host —

*.oasis.microsoft.com

frame-src Host

Microsoft 365

*.office.com

ASN | Microsoft

frame-src Host —

*.officeapps.live.com

ASN | Microsoft

frame-src Host —

*.sharepoint-df.com

ASN | Microsoft

frame-src Host

Microsoft SharePoint

*.sharepoint.com

ASN | Microsoft

frame-src Scheme —

blob:

frame-src Host —

https://amcdn.msftauth.net

ASN | Microsoft

frame-src Host —

https://create.cloud.microsoft

ASN | Microsoft

frame-src Host —

https://create.microsoft.com

ASN | Microsoft

frame-src Host —

https://login.live.com

ASN | Microsoft

frame-src Host

Microsoft Entra ID

https://login.microsoftonline.com

ASN | Microsoft

frame-src Host —

https://microsoft-onmicrosoft-com.access.mcas.ms

ASN | Microsoft

frame-src Host —

https://my.microsoftpersonalcontent.com

ASN | Microsoft

frame-src Host —

https://onedrive.live.com

ASN | Microsoft

frame-src Host —

https://webshell.suite.officeppe.com

ASN | Microsoft

frame-src Host —

https://www.odwebp.svc.ms

ASN | Microsoft

frame-src Scheme —

ms-excel:

frame-src Scheme —

ms-powerpoint:

frame-src Scheme —

ms-word:

frame-src Scheme —

onenote:

upgrade-insecure-requests Source —

(no sources)

media-src Keyword —

'self'

media-src Host —

https://*.sharepoint-df.com

ASN | Microsoft

media-src Host

Microsoft SharePoint

https://*.sharepoint.com

ASN | Microsoft

media-src Scheme —

blob:

media-src Scheme —

data:

media-src Host

Microsoft 365

*.cdn.office.net

media-src Host

AzureFrontDoor

*.azureedge.net

media-src Host —

*.core.windows.net

media-src Host —

*.clipchamp.com

ASN | Microsoft

media-src Host —

*.oasis.microsoft.com

media-src Host —

*.create.microsoft.com

ASN | Microsoft

manifest-src Keyword —

'self'

child-src Scheme —

blob:

object-src Keyword —

'none'

form-action Host —

https://*

worker-src Keyword —

'self'

worker-src Scheme —

blob:

trusted-types Keyword —

'allow-duplicates'

trusted-types Host —

1DSScriptURL

trusted-types Host —

@1js/midgard-trusted-types

trusted-types Host —

@azure/ms-rest-js#xml.browser

trusted-types Host —

@centro/floodgate

trusted-types Host —

@centro/hvc-loader

trusted-types Host —

@fluidx/loop

trusted-types Host —

@fluidx/loop#loop-app

trusted-types Host —

@fluidx/loop#loop-page-container

trusted-types Host —

@fluidx/loop#odsp-driver

trusted-types Host —

@fluidx/loop#office-fluid-container

trusted-types Host —

@microsoft/1ds-getcollectorurlsnippet-js#sanitize-html

trusted-types Host —

@msstream/azuremediaplayer#worker-noop

trusted-types Host —

@msstream/one-player#noop-create-html

trusted-types Host —

@msteams/embed-client

trusted-types Host —

@msstream/one-player#sanitize-html

trusted-types Host —

MeControlScriptURL

trusted-types Host —

cdn-url#oneshell

trusted-types Host —

default

trusted-types Host —

domPurifyHTML

trusted-types Host —

domUtilsTrustedTypePolicy

trusted-types Host —

dompurify

trusted-types Host —

html2canvas

trusted-types Host —

html2canvas-feedback

trusted-types Host —

nextjs

trusted-types Host —

nextjs#bundler

trusted-types Host —

ocvPolicy

trusted-types Host —

officebrowserfeedback#domUtils

trusted-types Host —

safe-xml#oneshell

trusted-types Host —

sccChatTrustedTypesPolicy

trusted-types Host —

sccEntityDrawerTrustedTypesPolicy

trusted-types Host —

script-url#webpack

trusted-types Host —

shellInfoPolicy

report-uri Host —

https://csp.microsoft.com/report/OfficeAppHome-PROD

ASN | Microsoft

report-to Host —

AppHomeReportToEndpoint

Content-Security-Policy-Report-Only

No report-only CSP headers found.