This script periodically crawls all Apache project and podling websites to check them for a few specific links or text blocks that all projects are expected to have. The checks include verifying that all required links appear on a project homepage, along with an "image" check if project logo files are in apache.org/img
The script also checks for 3rd party resource references that might be in conflict with our privacy policy.
The Content-Security-Policy (Csp) check is a work in progress: it only checks that the default settings have not been over-ridden. It does not check if the host exceptions have been approved.
View the crawler code, website display code, validation checks details, and raw JSON data.
Last crawl time: Sun, 03 May 2026 12:11:45 GMT over 28 websites.
Found \d+ external resources
| Podling | Check Results 18 9 1 |
|---|---|
| Amoro | Found 0 external resources: {} |
| Auron | Found 0 external resources: {} |
| Baremaps | Found 0 external resources: {} |
| BifroMQ | Found 1 external resources: {"ERROR Refused to load the stylesheet 'https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700;800&family=JetBrains+Mono:wght@400;500;600&display=swap' because it violates the following Content Security Policy directive: \"style-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback."=>1} |
| Burr | Found 17 external resources: {"ERROR Refused to load the image 'https://www.google.com/s2/favicons?domain=peanutrobotics.com&sz=64' because it violates the following Content Security Policy directive: \"default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback."=>2, ""=>8, "ERROR Refused to load the image 'https://www.google.com/s2/favicons?domain=watto.ai&sz=64' because it violates the following Content Security Policy directive: \"default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback."=>2, "ERROR Refused to load the image 'https://www.google.com/s2/favicons?domain=paxton.ai&sz=64' because it violates the following Content Security Policy directive: \"default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback."=>2, "ERROR Refused to load the image 'https://www.google.com/s2/favicons?domain=provectus.com&sz=64' because it violates the following Content Security Policy directive: \"default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback."=>2, "ERROR Refused to load the stylesheet 'https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700;800&family=JetBrains+Mono:wght@400;500&display=swap' because it violates the following Content Security Policy directive: \"style-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback."=>1} |
| Caldera | |
| Casbin | Found 0 external resources: {} |
| Cloudberry | Found 0 external resources: {} |
| Fesod | Found 0 external resources: {} |
| Fluss | Found 1 external resources: {"ERROR Refused to load the script 'https://widget.kapa.ai/kapa-widget.bundle.js' because it violates the following Content Security Policy directive: \"script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/ https://www.youtube-nocookie.com https://www.youtube.com https://*.algolia.net/ https://*.algolianet.com/ https://*.algolia.io/ https://calendar.google.com\". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback."=>1} |
| GeaFlow | Found 1 external resources: {"ERROR Refused to load the image 'https://mdn.alipayobjects.com/huamei_p63okt/afts/img/DdvESa5TfhQAAAAAAAAAAAAADh8WAQFr/original' because it violates the following Content Security Policy directive: \"default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback."=>1} |
| GraphAr | Found 0 external resources: {} |
| Hamilton | Found 0 external resources: {} |
| HugeGraph | Found 0 external resources: {} |
| Iggy | Found 0 external resources: {} |
| KIE | Found 0 external resources: {} |
| Livy | Found 0 external resources: {} |
| OpenServerless | Found 6 external resources: {"WARN jQuery.Deferred exception: e.forEach is not a function TypeError: e.forEach is not a function"=>1, " at e.Builder.<anonymous> (https://openserverless.apache.org/js/main.min.90902a026ed2aee7ed45d85797f4c790b240ba148ac6f8a6f194cb1981ffecf5.js:13:83662)"=>1, " at e (https://openserverless.apache.org/js/lunr-2.3.9.min.js:6:145)"=>1, " at Object.<anonymous> (https://openserverless.apache.org/js/main.min.90902a026ed2aee7ed45d85797f4c790b240ba148ac6f8a6f194cb1981ffecf5.js:13:83479)"=>1, " at e (https://openserverless.apache.org/js/jquery-3.7.1.min.js:2:27028)"=>1, " at t (https://openserverless.apache.org/js/jquery-3.7.1.min.js:2:27330) "=>1} |
| Otava | Found 1 external resources: {"ERROR Refused to load the stylesheet 'https://cdn.jsdelivr.net/npm/katex@0.16.11/dist/katex.min.css' because it violates the following Content Security Policy directive: \"style-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback."=>1} |
| OzHera | Found 0 external resources: {} |
| Pegasus | Found 0 external resources: {} |
| Pony Mail | Found 0 external resources: {} |
| PouchDB | Found 13 external resources: {"ERROR Refused to load the script 'https://ssl.google-analytics.com/ga.js' because it violates the following Content Security Policy directive: \"script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback."=>1, ""=>6, "ERROR Refused to load the stylesheet 'https://fonts.googleapis.com/css?family=Lato:400,700|Open+Sans:400,700' because it violates the following Content Security Policy directive: \"style-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback."=>1, "ERROR Refused to load the image 'https://gravatar.com/avatar/da81e745b26ae8ca53fc77538599510f' because it violates the following Content Security Policy directive: \"default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback."=>2, "ERROR Refused to load the script 'https://code.jquery.com/jquery.min.js' because it violates the following Content Security Policy directive: \"script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback."=>1, "ERROR Refused to load the script 'https://netdna.bootstrapcdn.com/bootstrap/3.1.1/js/bootstrap.min.js' because it violates the following Content Security Policy directive: \"script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback."=>1, "ERROR Refused to load the script 'https://cdn.jsdelivr.net/npm/pouchdb/dist/pouchdb.min.js' because it violates the following Content Security Policy directive: \"script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback."=>1} |
| ResilientDB | Found 0 external resources: {} |
| Seata | Found 0 external resources: {} |
| Texera | Found 0 external resources: {} |
| Toree | Found 5 external resources: {"WARN Mixed Content: The page at 'https://toree.apache.org/' was loaded over HTTPS, but requested an insecure element 'http://blog.ibmjstart.net/wp-content/uploads/2016/07/vis-comparision1.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html"=>2, "ERROR Refused to load the image 'https://blog.ibmjstart.net/wp-content/uploads/2016/07/vis-comparision1.png' because it violates the following Content Security Policy directive: \"default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback."=>1, ""=>1, "ERROR Refused to load the stylesheet 'https://fonts.googleapis.com/css?family=Patua+One' because it violates the following Content Security Policy directive: \"style-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback."=>1} |
| XTable | Found 3 external resources: {"ERROR Refused to load the script 'https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js' because it violates the following Content Security Policy directive: \"script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback."=>1, ""=>1, "ERROR Refused to load the script 'https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js?site=65402b66d39d6454e51fabed' because it violates the following Content Security Policy directive: \"script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/\". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback."=>1} |