Content-Security-Policy Analysis for https://teams.new

Open Cached · just now

19 directives

Content-Security-Policy

Content-Security-Policy: block-all-mixed-content ; base-uri 'self' *.protection.outlook.com; child-src 'self' https: data: blob:; connect-src 'self' blob: https: data: wss://*.delve.office.com:443 wss://*.dc.trouter.io:443 wss://*.trouter.io:443 wss://*.broadcast.skype.com:443 wss://*.tip.skype.net:443 wss://*.cortana.ai:443 wss://*.customspeech.ai:443 wss://*.cts.speech.microsoft.com:443 wss://speech.platform.bing.com:443 wss://*.teams.microsoft.com:443 wss://*.ecdn.microsoft.com:443 wss://*.pptservicescast.officeapps.live.com wss://pptservicescast.officeapps.live.com wss://pptservicescast.gcc.osi.office365.us wss://pptservicescast.osi.office365.us wss://*.pptservicescast.edog.officeapps.live.com wss://pptservicescast.edog.officeapps.live.com wss://*.stateservice.officeapps.live.com wss://stateservice.officeapps.live.com wss://stateservice.gcc.osi.office365.us wss://stateservice.osi.office365.us wss://*.stateservice.edog.officeapps.live.com wss://*.hivestreaming.com:443 wss://*.kollective.app:443 wss://*.kollectivecd.com:443 wss://127.0.0.1:9002 wss://127.0.0.1:9001 ws://localhost:* wss://view-localhost:* wss://*.svc.ms wss://augloop.office.com wss://augloop-dogfood.officeppe.com; default-src *.office.net; prefetch-src statics.teams.microsoft.com sunrise.teams.microsoft.com *.live.net *.office.net *.office365.us; font-src 'self' data: *.delve.office.com *.teams.microsoft.com *.office.net *.office365.us amp.azure.net c.s-microsoft.com edge.skype.net fonts.gstatic.com sxt.cdn.skype.com static2.sharepointonline.com secure.skypeassets.com spoprod-a.akamaihd.net www.microsoft.com fs.microsoft.com; form-action https:; frame-ancestors 'self' login.microsoftonline.com; frame-src blob: data: https: mailto: ms-appx-web: ms-excel: ms-powerpoint: ms-visio: ms-word: onenote: pdf: local.teams.office.com:* local.teams.live.com:* localhost:* msteams: sip: sips: ms-whiteboard-preview:; img-src 'self' blob: data: https:; manifest-src 'self'; media-src 'self' *.microsoft.com *.skype.com blob: data: skypevideo: *.giphy.com *.office.net *.office365.us gateway.zscaler.net gateway.zscalerone.net gateway.zscalertwo.net gateway.zscalerthree.net gateway.zscloud.net login.zscalerone.net statics.teams.microsoft.com sunrise.teams.microsoft.com eus-streaming-video-rt-microsoft-com.akamaized.net statics-marketingsites-eus-ms-com.akamaized.net prod-video-cms-rt-microsoft-com.akamaized.net premium-teamsespams-uswe.streaming.media.azure.net teamsespams-uswe.streaming.media.azure.net; object-src 'none'; script-src *.protection.outlook.com 'nonce-pXEXrEcROBieGkf08lHiyg==' 'report-sample' 'self' 'unsafe-eval' blob: *.office.net *.office365.us *.cms.rt.microsoft.com *.delve.office.com mcasproxy.azureedge.net *.teams.microsoft.com *.onenote.com *.presence.skype.com *.trouter.io sdk.ecdn.microsoft.com sdk.msit.ecdn.microsoft.com amp.azure.net apis.google.com accounts.google.com/gsi/client appsforoffice.microsoft.com az725175.vo.msecnd.net bat.bing.com c64.assets-yammer.com config.edge.skype.com devspaces.skype.com download.hivestreaming.com *.kontiki.com *.kollective.app *.kollectivecd.com edge.skype.net gateway.zscaler.net gateway.zscalerone.net gateway.zscalertwo.net gateway.zscalerthree.net gateway.zscloud.net latest-swx.cdn.skype.com login.microsoftonline.com login.zscalerone.net midgardbranches.blob.core.windows.net scx-dev.tip.skype.net shellprod.msocdn.com swx.cdn.skype.com web.vortex.data.microsoft.com www.microsoft.com/videoplayer/js/ teams.events.data.microsoft.com browser.events.data.microsoft.com amsglob0cdnstream14.azureedge.net www.bing.com r.bing.com r.msftstatic.com *.virtualearth.net teams.cdn.rampcorp.com; style-src 'self' 'unsafe-inline' amp.azure.net edge.skype.net shellprod.msocdn.com statics.teams.microsoft.com sunrise.teams.microsoft.com *.office.net *.office365.us *.protection.outlook.com www.microsoft.com www.bing.com r.bing.com r.msftstatic.com; worker-src 'self' blob:; report-uri https://csp.microsoft.com/report/teams-web-r4?v=versionedbuildfe-1-0-0-2025070703&env=prod; trusted-types dompurify gapi#gapi goog#html @1js/lpc-common-web#webpack @1js/midgard-bootstrapper#webpack @1js/lpc-teams-bootstrapper#webpack @1js/midgard-trusted-types adaptivecards#markdownPassthroughPolicy adaptivecards#restoreContentsPolicy adaptivecards#deprecatedExportedFunctionPolicy 'allow-duplicates';

block-all-mixed-content Source —

(no sources)

base-uri Keyword —

'self'

base-uri Host

Microsoft 365

*.protection.outlook.com

child-src Keyword —

'self'

child-src Scheme —

https:

child-src Scheme —

data:

child-src Scheme —

blob:

connect-src Keyword —

'self'

connect-src Scheme —

blob:

connect-src Scheme —

https:

connect-src Scheme —

data:

connect-src Host

Microsoft 365

wss://*.delve.office.com:443

ASN | Microsoft

connect-src Host —

wss://*.dc.trouter.io:443

connect-src Host —

wss://*.trouter.io:443

connect-src Host —

wss://*.broadcast.skype.com:443

connect-src Host —

wss://*.tip.skype.net:443

connect-src Host —

wss://*.cortana.ai:443

connect-src Host —

wss://*.customspeech.ai:443

ASN | Microsoft

connect-src Host —

wss://*.cts.speech.microsoft.com:443

connect-src Host

Bing

wss://speech.platform.bing.com:443

ASN | Microsoft

connect-src Host —

wss://*.teams.microsoft.com:443

ASN | Microsoft

connect-src Host —

wss://*.ecdn.microsoft.com:443

connect-src Host —

wss://*.pptservicescast.officeapps.live.com

ASN | Microsoft

connect-src Host —

wss://pptservicescast.officeapps.live.com

ASN | Microsoft

connect-src Host —

wss://pptservicescast.gcc.osi.office365.us

ASN | MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation

connect-src Host —

wss://pptservicescast.osi.office365.us

ASN | MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation

connect-src Host —

wss://*.pptservicescast.edog.officeapps.live.com

ASN | Microsoft

connect-src Host —

wss://pptservicescast.edog.officeapps.live.com

ASN | Microsoft

connect-src Host —

wss://*.stateservice.officeapps.live.com

connect-src Host —

wss://stateservice.officeapps.live.com

connect-src Host —

wss://stateservice.gcc.osi.office365.us

connect-src Host —

wss://stateservice.osi.office365.us

connect-src Host —

wss://*.stateservice.edog.officeapps.live.com

connect-src Host

Hive Streaming

wss://*.hivestreaming.com:443

ASN | Microsoft

connect-src Host

Kollective

wss://*.kollective.app:443

ASN | Cloudflare

connect-src Host

Kollective

wss://*.kollectivecd.com:443

connect-src Host —

wss://127.0.0.1:9002

connect-src Host —

wss://127.0.0.1:9001

connect-src Host —

ws://localhost:*

connect-src Host —

wss://view-localhost:*

connect-src Host —

wss://*.svc.ms

connect-src Host

Microsoft 365

wss://augloop.office.com

ASN | Microsoft

connect-src Host —

wss://augloop-dogfood.officeppe.com

ASN | Microsoft

default-src Host

Microsoft 365

*.office.net

prefetch-src Host —

statics.teams.microsoft.com

ASN | Microsoft

prefetch-src Host —

sunrise.teams.microsoft.com

ASN | Microsoft

prefetch-src Host —

*.live.net

prefetch-src Host

Microsoft 365

*.office.net

prefetch-src Host —

*.office365.us

ASN | MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation

font-src Keyword —

'self'

font-src Scheme —

data:

font-src Host

Microsoft 365

*.delve.office.com

ASN | Microsoft

font-src Host —

*.teams.microsoft.com

ASN | Microsoft

font-src Host

Microsoft 365

*.office.net

font-src Host —

*.office365.us

ASN | MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation

font-src Host —

amp.azure.net

ASN | Microsoft

font-src Host —

c.s-microsoft.com

ASN | Akamai

font-src Host —

edge.skype.net

ASN | Microsoft

font-src Host

Google Fonts

fonts.gstatic.com

ASN | Google

font-src Host —

sxt.cdn.skype.com

font-src Host

Microsoft SharePoint

static2.sharepointonline.com

ASN | Akamai

font-src Host —

secure.skypeassets.com

ASN | Akamai

font-src Host

Akamai

spoprod-a.akamaihd.net

ASN | Akamai

font-src Host —

www.microsoft.com

ASN | Akamai

font-src Host —

fs.microsoft.com

ASN | Akamai

form-action Scheme —

https:

frame-ancestors Keyword —

'self'

frame-ancestors Host

Microsoft Entra ID

ASN | Microsoft

frame-src Scheme —

blob:

frame-src Scheme —

data:

frame-src Scheme —

https:

frame-src Scheme —

mailto:

frame-src Scheme —

ms-appx-web:

frame-src Scheme —

ms-excel:

frame-src Scheme —

ms-powerpoint:

frame-src Scheme —

ms-visio:

frame-src Scheme —

ms-word:

frame-src Scheme —

onenote:

frame-src Scheme —

pdf:

frame-src Host

Microsoft 365

local.teams.office.com:*

frame-src Host —

local.teams.live.com:*

frame-src Host —

localhost:*

frame-src Scheme —

msteams:

frame-src Scheme —

sip:

frame-src Scheme —

sips:

frame-src Scheme —

ms-whiteboard-preview:

img-src Keyword —

'self'

img-src Scheme —

blob:

img-src Scheme —

data:

img-src Scheme —

https:

manifest-src Keyword —

'self'

media-src Keyword —

'self'

media-src Host —

*.microsoft.com

ASN | Microsoft

media-src Host —

*.skype.com

ASN | Microsoft

media-src Scheme —

blob:

media-src Scheme —

data:

media-src Scheme —

skypevideo:

media-src Host

GIPHY

*.giphy.com

ASN | Fastly

media-src Host

Microsoft 365

*.office.net

media-src Host —

*.office365.us

ASN | MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation

media-src Host

Zscaler

gateway.zscaler.net

ASN | ZSCALER-SJC1 - ZSCALER

media-src Host

Zscaler

gateway.zscalerone.net

ASN | ZSCALER-SJC1 - ZSCALER

media-src Host

Zscaler

gateway.zscalertwo.net

ASN | ZSCALER-SJC1 - ZSCALER

media-src Host

Zscaler

gateway.zscalerthree.net

ASN | ZSCALER-SJC1 - ZSCALER

media-src Host

Zscaler

gateway.zscloud.net

ASN | ZSCALER-SJC1 - ZSCALER

media-src Host

Zscaler

ASN | ZSCALER-SJC1 - ZSCALER

media-src Host —

statics.teams.microsoft.com

ASN | Microsoft

media-src Host —

sunrise.teams.microsoft.com

ASN | Microsoft

media-src Host

Akamai

eus-streaming-video-rt-microsoft-com.akamaized.net

ASN | Akamai

media-src Host

Akamai

statics-marketingsites-eus-ms-com.akamaized.net

ASN | Akamai

media-src Host

Akamai

prod-video-cms-rt-microsoft-com.akamaized.net

ASN | Akamai

media-src Host —

premium-teamsespams-uswe.streaming.media.azure.net

media-src Host —

teamsespams-uswe.streaming.media.azure.net

object-src Keyword —

'none'

script-src Host

Microsoft 365

*.protection.outlook.com

script-src Nonce —

'nonce-pXEXrEcROBieGkf08lHiyg=='

script-src Keyword —

'report-sample'

script-src Keyword —

'self'

script-src Keyword —

'unsafe-eval'

script-src Scheme —

blob:

script-src Host

Microsoft 365

*.office.net

script-src Host —

*.office365.us

ASN | MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation

script-src Host —

*.cms.rt.microsoft.com

script-src Host

Microsoft 365

*.delve.office.com

ASN | Microsoft

script-src Host

AzureFrontDoor

mcasproxy.azureedge.net

script-src Host —

*.teams.microsoft.com

ASN | Microsoft

script-src Host —

*.onenote.com

ASN | Akamai

script-src Host —

*.presence.skype.com

ASN | Microsoft

script-src Host —

*.trouter.io

script-src Host —

sdk.ecdn.microsoft.com

script-src Host —

sdk.msit.ecdn.microsoft.com

script-src Host —

amp.azure.net

ASN | Microsoft

script-src Host

Google API JS Client

apis.google.com

ASN | Google

script-src Host

Google Sign-In

accounts.google.com/gsi/client

ASN | Google

script-src Host —

appsforoffice.microsoft.com

ASN | Microsoft

script-src Host

Microsoft Azure

az725175.vo.msecnd.net

script-src Host

Microsoft Advertising

bat.bing.com

ASN | Microsoft

script-src Host —

c64.assets-yammer.com

ASN | Microsoft

script-src Host —

config.edge.skype.com

ASN | Microsoft

script-src Host —

devspaces.skype.com

ASN | Microsoft

script-src Host

Hive Streaming

download.hivestreaming.com

ASN | Microsoft

script-src Host —

*.kontiki.com

ASN | Cloudflare

script-src Host

Kollective

*.kollective.app

ASN | Cloudflare

script-src Host

Kollective

*.kollectivecd.com

script-src Host —

edge.skype.net

ASN | Microsoft

script-src Host

Zscaler

gateway.zscaler.net

ASN | ZSCALER-SJC1 - ZSCALER

script-src Host

Zscaler

gateway.zscalerone.net

ASN | ZSCALER-SJC1 - ZSCALER

script-src Host

Zscaler

gateway.zscalertwo.net

ASN | ZSCALER-SJC1 - ZSCALER

script-src Host

Zscaler

gateway.zscalerthree.net

ASN | ZSCALER-SJC1 - ZSCALER

script-src Host

Zscaler

gateway.zscloud.net

ASN | ZSCALER-SJC1 - ZSCALER

script-src Host —

latest-swx.cdn.skype.com

script-src Host

Microsoft Entra ID

ASN | Microsoft

script-src Host

Zscaler

ASN | ZSCALER-SJC1 - ZSCALER

script-src Host

Azure Blob Storage

midgardbranches.blob.core.windows.net

ASN | Microsoft

script-src Host —

scx-dev.tip.skype.net

script-src Host —

shellprod.msocdn.com

ASN | Akamai

script-src Host —

swx.cdn.skype.com

script-src Host —

web.vortex.data.microsoft.com

script-src Host —

www.microsoft.com/videoplayer/js/

ASN | Akamai

script-src Host —

teams.events.data.microsoft.com

ASN | Microsoft

script-src Host —

browser.events.data.microsoft.com

ASN | Microsoft

script-src Host

AzureFrontDoor

amsglob0cdnstream14.azureedge.net

script-src Host

Bing

www.bing.com

ASN | Akamai

script-src Host

Bing

r.bing.com

ASN | Akamai

script-src Host —

r.msftstatic.com

ASN | Microsoft

script-src Host —

*.virtualearth.net

ASN | Microsoft

script-src Host —

teams.cdn.rampcorp.com

ASN | Microsoft

style-src Keyword —

'self'

style-src Keyword —

'unsafe-inline'

style-src Host —

amp.azure.net

ASN | Microsoft

style-src Host —

edge.skype.net

ASN | Microsoft

style-src Host —

shellprod.msocdn.com

ASN | Akamai

style-src Host —

statics.teams.microsoft.com

ASN | Microsoft

style-src Host —

sunrise.teams.microsoft.com

ASN | Microsoft

style-src Host

Microsoft 365

*.office.net

style-src Host —

*.office365.us

ASN | MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation

style-src Host

Microsoft 365

*.protection.outlook.com

style-src Host —

www.microsoft.com

ASN | Akamai

style-src Host

Bing

www.bing.com

ASN | Akamai

style-src Host

Bing

r.bing.com

ASN | Akamai

style-src Host —

r.msftstatic.com

ASN | Microsoft

worker-src Keyword —

'self'

worker-src Scheme —

blob:

report-uri Host —

https://csp.microsoft.com/report/teams-web-r4?v=versionedbuildfe-1-0-0-2025070703&env=prod

ASN | Microsoft

trusted-types Host —

dompurify

trusted-types Host —

gapi#gapi

trusted-types Host —

goog#html

trusted-types Host —

@1js/lpc-common-web#webpack

trusted-types Host —

@1js/midgard-bootstrapper#webpack

trusted-types Host —

@1js/lpc-teams-bootstrapper#webpack

trusted-types Host —

@1js/midgard-trusted-types

trusted-types Host —

adaptivecards#markdownPassthroughPolicy

trusted-types Host —

adaptivecards#restoreContentsPolicy

trusted-types Host —

adaptivecards#deprecatedExportedFunctionPolicy

trusted-types Keyword —

'allow-duplicates'

Content-Security-Policy-Report-Only

No report-only CSP headers found.