This script periodically crawls all Apache project and podling websites to check them for a few specific links or text blocks that all projects are expected to have. The checks include verifying that all required links appear on a project homepage, along with an "image" check if project logo files are in apache.org/img
The script also checks for 3rd party resource references that might be in conflict with our privacy policy.
The Content-Security-Policy (Csp) check is a work in progress: it only checks that the default settings have not been over-ridden. It does not check if the host exceptions have been approved.
View the crawler code, website display code, validation checks details, and raw JSON data.
Last crawl time: Tue, 24 Mar 2026 20:10:17 GMT over 28 websites.
Found \d+ external resources
| Podling | Check Results 20 7 1 |
|---|---|
| Amoro | Found 0 external resources: {} |
| Auron | Found 0 external resources: {} |
| Baremaps | Found 0 external resources: {} |
| BifroMQ | Found 1 external resources: {"ERROR Refused to load the stylesheet 'https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700;800&family=JetBrains+Mono:wght@400;500;600&display=swap' because it violates the following Content Security Policy directive: \"style-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback."=>1} |
| Burr | Found 1 external resources: {"ERROR Refused to load the stylesheet 'https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700;800&family=JetBrains+Mono:wght@400;500&display=swap' because it violates the following Content Security Policy directive: \"style-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback."=>1} |
| Caldera | |
| Casbin | Found 65 external resources: {"ERROR Refused to load the script 'https://www.googletagmanager.com/gtag/js?id=G-8S2TKCJ27X' because it violates the following Content Security Policy directive: \"script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback."=>1, ""=>32, "ERROR Refused to load the image 'https://cdn.casbin.org/language/go-logo-1.svg' because it violates the following Content Security Policy directive: \"default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback."=>1, "ERROR Refused to load the image 'https://cdn.casbin.org/language/jee-3.svg' because it violates the following Content Security Policy directive: \"default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback."=>1, "ERROR Refused to load the image 'https://cdn.casbin.org/language/c.svg' because it violates the following Content Security Policy directive: \"default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback."=>1, "ERROR Refused to load the image 'https://cdn.casbin.org/language/nodejs-1.svg' because it violates the following Content Security Policy directive: \"default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback."=>1, "ERROR Refused to load the image 'https://cdn.casbin.org/language/logo-javascript.svg' because it violates the following Content Security Policy directive: \"default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback."=>1, "ERROR Refused to load the image 'https://cdn.casbin.org/language/PHP-logo.svg' because it violates the following Content Security Policy directive: \"default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback."=>1, "ERROR Refused to load the image 'https://cdn.casbin.org/language/laravel-2.svg' because it violates the following Content Security Policy directive: \"default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback."=>1, "ERROR Refused to load the image 'https://cdn.casbin.org/language/python-5.svg' because it violates the following Content Security Policy directive: \"default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback."=>1, "ERROR Refused to load the image 'https://cdn.casbin.org/language/dotnet-logo.svg' because it violates the following Content Security Policy directive: \"default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback."=>1, "ERROR Refused to load the image 'https://cdn.casbin.org/language/delphi-2.svg' because it violates the following Content Security Policy directive: \"default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback."=>1, "ERROR Refused to load the image 'https://cdn.casbin.org/language/rust.svg' because it violates the following Content Security Policy directive: \"default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback."=>1, "ERROR Refused to load the image 'https://cdn.casbin.org/language/ruby.svg' because it violates the following Content Security Policy directive: \"default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback."=>1, "ERROR Refused to load the image 'https://cdn.casbin.org/language/swift-15.svg' because it violates the following Content Security Policy directive: \"default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback."=>1, "ERROR Refused to load the image 'https://cdn.casbin.org/language/lua-5.svg' because it violates the following Content Security Policy directive: \"default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback."=>1, "ERROR Refused to load the image 'https://cdn.casbin.org/language/dart.svg' because it violates the following Content Security Policy directive: \"default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback."=>1, "ERROR Refused to load the image 'https://cdn.casbin.org/language/elixir-lang-icon.svg' because it violates the following Content Security Policy directive: \"default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback."=>1, "ERROR Refused to load the image 'https://cdn.casbin.org/language/kubernets.svg' because it violates the following Content Security Policy directive: \"default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback."=>1, "ERROR Refused to load the image 'https://img.shields.io/github/stars/casbin/casbin?label=Casbin&style=social' because it violates the following Content Security Policy directive: \"default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback."=>1, "ERROR Refused to load the image 'https://img.shields.io/github/stars/casbin/jcasbin?label=jCasbin&style=social' because it violates the following Content Security Policy directive: \"default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback."=>1, "ERROR Refused to load the image 'https://img.shields.io/github/stars/casbin/node-casbin?label=Node-Casbin&style=social' because it violates the following Content Security Policy directive: \"default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback."=>1, "ERROR Refused to load the image 'https://img.shields.io/github/stars/php-casbin/php-casbin?label=PHP-Casbin&style=social' because it violates the following Content Security Policy directive: \"default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback."=>1, "ERROR Refused to load the image 'https://img.shields.io/github/stars/casbin/pycasbin?label=PyCasbin&style=social' because it violates the following Content Security Policy directive: \"default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback."=>1, "ERROR Refused to load the image 'https://img.shields.io/github/stars/casbin/Casbin.NET?label=Casbin.NET&style=social' because it violates the following Content Security Policy directive: \"default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback."=>1, "ERROR Refused to load the image 'https://img.shields.io/github/stars/casbin/casbin-cpp?label=Casbin-CPP&style=social' because it violates the following Content Security Policy directive: \"default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback."=>1, "ERROR Refused to load the image 'https://img.shields.io/github/stars/casbin/casbin-rs?label=Casbin-RS&style=social' because it violates the following Content Security Policy directive: \"default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback."=>1, "ERROR Refused to load the image 'https://img.shields.io/twitter/follow/casbinHQ?style=social' because it violates the following Content Security Policy directive: \"default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback."=>1, "ERROR Refused to load the script 'https://hm.baidu.com/hm.js?2c0ffc6f8d49e98d964d59d7aa4cbf34' because it violates the following Content Security Policy directive: \"script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback."=>1, "ERROR Refused to load media from 'https://cdn.casbin.org/video/background.mp4' because it violates the following Content Security Policy directive: \"default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'media-src' was not explicitly set, so 'default-src' is used as a fallback."=>1, "ERROR Refused to frame 'https://editor.casbin.org/' because it violates the following Content Security Policy directive: \"frame-src 'self' data: blob: https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\"."=>1, "ERROR Refused to load the script 'https://probe.gdevelop.cn/probe.js' because it violates the following Content Security Policy directive: \"script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback."=>1, "ERROR Refused to load the script 'https://www.clarity.ms/tag/3j9jin33qx' because it violates the following Content Security Policy directive: \"script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback."=>1, "ERROR Refused to load the script 'https://static.hotjar.com/c/hotjar-1689878.js?sv=6' because it violates the following Content Security Policy directive: \"script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback."=>1} |
| Cloudberry | Found 0 external resources: {} |
| Fesod | Found 0 external resources: {} |
| Fluss | Found 0 external resources: {} |
| GeaFlow | Found 1 external resources: {"ERROR Refused to load the image 'https://mdn.alipayobjects.com/huamei_p63okt/afts/img/DdvESa5TfhQAAAAAAAAAAAAADh8WAQFr/original' because it violates the following Content Security Policy directive: \"default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback."=>1} |
| GraphAr | Found 0 external resources: {} |
| Hamilton | Found 0 external resources: {} |
| HugeGraph | Found 0 external resources: {} |
| Iggy | Found 0 external resources: {} |
| KIE | Found 0 external resources: {} |
| Livy | Found 0 external resources: {} |
| OpenServerless | Found 0 external resources: {} |
| Otava | Found 1 external resources: {"ERROR Refused to load the stylesheet 'https://cdn.jsdelivr.net/npm/katex@0.16.11/dist/katex.min.css' because it violates the following Content Security Policy directive: \"style-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback."=>1} |
| OzHera | Found 0 external resources: {} |
| Pegasus | Found 0 external resources: {} |
| Pony Mail | Found 0 external resources: {} |
| PouchDB | Found 0 external resources: {} |
| ResilientDB | Found 0 external resources: {} |
| Seata | Found 0 external resources: {} |
| Texera | Found 0 external resources: {} |
| Toree | Found 5 external resources: {"WARN Mixed Content: The page at 'https://toree.apache.org/' was loaded over HTTPS, but requested an insecure element 'http://blog.ibmjstart.net/wp-content/uploads/2016/07/vis-comparision1.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html"=>2, "ERROR Refused to load the image 'https://blog.ibmjstart.net/wp-content/uploads/2016/07/vis-comparision1.png' because it violates the following Content Security Policy directive: \"default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback."=>1, ""=>1, "ERROR Refused to load the stylesheet 'https://fonts.googleapis.com/css?family=Patua+One' because it violates the following Content Security Policy directive: \"style-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback."=>1} |
| XTable | Found 3 external resources: {"ERROR Refused to load the script 'https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js' because it violates the following Content Security Policy directive: \"script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback."=>1, ""=>1, "ERROR Refused to load the script 'https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js?site=65402b66d39d6454e51fabed' because it violates the following Content Security Policy directive: \"script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback."=>1} |