Skip to content

Instantly share code, notes, and snippets.

@ethangardner

ethangardner/content-security-policy.conf

Last active January 9, 2019 14:14
Show Gist options
  • Save ethangardner/55217c37548f7266d7ba5cf3d103840a to your computer and use it in GitHub Desktop.
Save ethangardner/55217c37548f7266d7ba5cf3d103840a to your computer and use it in GitHub Desktop.
Download ZIP
Sample content security policy generated by the Mozilla Laboratory plugin
Raw
content-security-policy.conf
default-src 'none'; connect-src 'self' http://a.teads.tv/page/13273/ad http://bid.contextweb.com/header/tag http://c.brightcove.com/services/mobile/streaming/index/master.m3u8 http://c.brightcove.com/services/mobile/streaming/index/rendition.m3u8 http://f1.media.brightcove.com/1/51745662001/5705104670001/51745662001_5705104670001_s-1.ts http://f1.media.brightcove.com/1/51745662001/5705104670001/51745662001_5705104670001_s-2.ts http://f1.media.brightcove.com/1/51745662001/5705104670001/51745662001_5705104670001_s-3.ts http://f1.media.brightcove.com/1/51745662001/5705104670001/51745662001_5705104670001_s-4.ts http://f1.media.brightcove.com/1/51745662001/5726670397001/51745662001_5726670397001_s-2.ts http://f1.media.brightcove.com/1/51745662001/5726674484001/51745662001_5726674484001_s-1.ts http://f1.media.brightcove.com/1/51745662001/5726674484001/51745662001_5726674484001_s-2.ts http://f1.media.brightcove.com/1/51745662001/5726674484001/51745662001_5726674484001_s-3.ts http://f1.media.brightcove.com/3/51745662001/4096237868001/51745662001_4096237868001_s-1.ts http://f1.media.brightcove.com/3/51745662001/4096237868001/51745662001_4096237868001_s-2.ts http://f1.media.brightcove.com/3/51745662001/4096237868001/51745662001_4096237868001_s-3.ts http://rum-collector-2.pingdom.net/img/beacon.gif http://surveygizmobeacon.s3.amazonaws.com/beaconconfigs/MjA3NzA2LTJiNjMyMzBhMjY4YTk5ZmUwM2RmZTg4MWVmZDU3N2U5YWE1NTc1MDcyYjRjZGY4Mzlh.json https://edge.api.brightcove.com/playback/v1/accounts/51745662001/videos/5705090218001 https://edge.api.brightcove.com/playback/v1/accounts/51745662001/videos/5706993893001 https://edge.api.brightcove.com/playback/v1/accounts/51745662001/videos/88141927001 https://performance.typekit.net/ https://securepubads.g.doubleclick.net/gampad/ads; font-src https://use.typekit.net; frame-src http://dis.us.criteo.com http://imasdk.googleapis.com http://sync.teads.tv http://tpc.googlesyndication.com https://bid.g.doubleclick.net https://googleads.g.doubleclick.net https://img.mediaplex.com; img-src 'self' data: http://b.scorecardresearch.com http://brightcove04.o.brightcove.com http://d1gbcz1optywnu.cloudfront.net http://f1.media.brightcove.com http://finehomebuilding.s3.tauntoncloud.com.s3-website-us-east-1.amazonaws.com http://ib.adnxs.com http://jadserve.postrelease.com http://metrics.brightcove.com http://ntvcld-a.akamaihd.net http://pagead2.googlesyndication.com http://pixel.keywee.co http://pixel.quantserve.com http://rum-collector.pingdom.net http://s3.amazonaws.com http://t.teads.tv https://a.dpmsrv.com https://p.typekit.net https://px.moatads.com https://s3.amazonaws.com https://www.facebook.com https://www.google-analytics.com https://www.google.com; script-src 'self' 'unsafe-inline' http://a.dpmsrv.com/dpmpxl/index.php http://ads-adseast.yldbt.com/m/e846/v1/init http://b.scorecardresearch.com/beacon.js http://cdn.teads.tv/media/format/v3/teads-format.min.js http://cdn.yldbt.com/js/yieldbot.intent.js http://d2bnxibecyz4h5.cloudfront.net/runtimejs/intercept/intercept.js http://dc8xl0ndzn2cb.cloudfront.net/js/finehomebuildingcom/v0/keywee.min.js http://dc8xl0ndzn2cb.cloudfront.net/sp.js http://edge.quantserve.com/quant.js http://ib.adnxs.com/jpt http://imasdk.googleapis.com/js/sdkloader/ima3.js http://jadserve.postrelease.com/t http://pagead2.googlesyndication.com/pagead/osd.js http://pagead2.googlesyndication.com/pagead/show_companion_ad.js http://players.brightcove.net/51745662001/H1B6JYG3b_default/index.min.js http://rules.quantcount.com/rules-p-d07fgYEfZvje6.js http://rum-static.pingdom.net/prum.min.js http://s.dpmsrv.com/dpm_b888b29826bb53dc531437e723738383d8339b56.min.js http://s.ntv.io/serve/load.js http://static.criteo.net/js/ld/ld.js http://sts.eccmp.com/sts/scripts/conversen-SDK.js http://tag.contextweb.com/getjs.static.js http://widget.criteo.com/event http://www.googleadservices.com/pagead/conversion.js http://www.googletagservices.com/tag/js/gpt.js https://a.dpmsrv.com/dpmpxl/index.php https://adservice.google.com/adsid/integrator.js https://ajax.googleapis.com/ajax/libs/jquery/1.12.2/jquery.min.js https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/1571633489809450 https://connect.facebook.net/signals/config/1821171921486206 https://googleads.g.doubleclick.net/pagead/viewthroughconversion/874810432/ https://s0.2mdn.net/instream/video/client.js https://securepubads.g.doubleclick.net/gampad/ads https://securepubads.g.doubleclick.net/gpt/pubads_impl_192.js https://securepubads.g.doubleclick.net/gpt/pubads_impl_rendering_192.js https://use.typekit.net/hjb2qap.js https://vjs.zencdn.net/vttjs/0.12.5/vtt.global.min.js https://www.google-analytics.com/analytics.js https://z.moatads.com/tauntoncontent9694032/moatcontent.js moz-extension://a41cc3c5-91c4-4a65-843a-20c08d687148/blob; style-src 'self' 'unsafe-inline'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment