DNS Gurus
Cached · just now
10 directives

Content-Security-Policy

upgrade-insecure-requests Source
(no sources)
default-src Keyword
'self'
default-src Host
https://*.apple.com
ASN | Apple
img-src Keyword
'self'
img-src Host
https://*.apple.com
ASN | Apple
img-src Host
https://*.mzstatic.com
ASN | Apple
img-src Scheme
data:
img-src Scheme
blob:
img-src Scheme
artwork:
style-src Keyword
'self'
style-src Host
https://*.apple.com
ASN | Apple
style-src Keyword
'unsafe-inline'
script-src Keyword
'self'
script-src Host
https://*.apple.com
ASN | Apple
script-src Keyword
'unsafe-eval'
connect-src Keyword
'self'
connect-src Host
https://*.apple.com
ASN | Apple
connect-src Host
https://*.mzstatic.com
ASN | Apple
connect-src Host
https://mediaservices.cdn-apple.com
ASN | Akamai
connect-src Host
https://*.push.apple.com
connect-src Host
wss://*.push.apple.com
media-src Keyword
'self'
media-src Scheme
https:
media-src Scheme
http:
media-src Scheme
blob:
child-src Keyword
'self'
child-src Host
https://*.apple.com
ASN | Apple
child-src Scheme
musics:
child-src Scheme
blob:
child-src Scheme
itms:
child-src Scheme
itmss:
child-src Scheme
itms-podcasts:
child-src Scheme
itms-podcast:
child-src Scheme
podcast:
child-src Scheme
podcasts:
frame-ancestors Keyword
'none'
report-uri Host
/api/csp-report

Content-Security-Policy-Report-Only

No report-only CSP headers found.