Apache Project Website Checks

Checking Project Websites for required and disallowed content

This script periodically crawls all Apache project and podling websites to check them for a few specific links or text blocks that all projects are expected to have. The checks include verifying that all required links appear on a project homepage, along with an "image" check if project logo files are in apache.org/img

The script also checks for 3rd party resource references that might be in conflict with our privacy policy.

The Content-Security-Policy (Csp) check is a work in progress: it only checks that the default settings have not been over-ridden. It does not check if the host exceptions have been approved.

View the crawler code, website display code, validation checks details, and raw JSON data.
Last crawl time: Fri, 31 Oct 2025 06:10:46 GMT over 219 websites.

Related Whimsy Links

Site Check Of Type - Csp_check

Msg: Non-default CSP
Websites must not replace the default Content-Security-Policy
  • Click column badges to sort
    • Project Check Results
    196 23 0
    Accumulo OK
    ActiveMQ OK
    AGE OK
    Airavata OK
    Airflow Extras: https://www.youtube-nocookie.com https://www.youtube.com https://airflow.apache.org
    Allura OK
    Ambari OK
    Answer OK
    Ant OK
    APISIX Invalid: frame-src 'self' https://www.google.com https://app.netlify.com
    Portable Runtime (APR) OK
    Aries OK
    Arrow Invalid: default-src 'self' data: blob: 'unsafe-inline' https://www.apachecon.com/ https://www.communityovercode.org/ https://analytics.apache.org/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.apache.org/ https://www.apachecon.com/ https://*.kapa.ai/ https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.recaptcha.net/; script-src-elem 'self' 'unsafe-inline' https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://analytics.apache.org/ https://widget.kapa.ai/; style-src 'self' 'unsafe-inline' https://*.kapa.ai/ data:; frame-ancestors 'self'; frame-src 'self' data: blob: https://www.google.com/ https://www.recaptcha.net/; connect-src 'self' https://analytics.apache.org proxy.kapa.ai kapa-widget-proxy-la7.kapa.ai kapa-widget-proxy-la7dkmplpq-uc.a.run.app metrics.kapa.ai www.google.com recaptcha.net; img-src 'self' data: https://*.apache.org/ https://www.apachecon.com/ https://*.kapa.ai/ https://www.google.com https://*.gstatic.com/; worker-src 'self' data: blob:;
    AsterixDB OK
    Atlas OK
    Attic OK
    Avro OK
    Axis OK
    Beam Extras: https://play.beam.apache.org/ https://www.youtube.com/ https://drive.google.com/
    Bigtop OK
    BookKeeper OK
    Brand Management OK
    Brooklyn OK
    bRPC OK
    BuildStream OK
    BVal OK
    Calcite OK
    Camel Invalid: default-src 'self'; base-uri 'none'; form-action 'self'; frame-ancestors 'none'; upgrade-insecure-requests; connect-src https://*.algolia.net https://*.algolianet.com; img-src 'self' https://*.githubusercontent.com; child-src https://www.youtube-nocookie.com
    CarbonData OK
    Cassandra OK
    Causeway Invalid: default-src 'self' data: blob: 'unsafe-inline' https://www.apachecon.com/ https://www.communityovercode.org/ https://analytics.apache.org/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://*.apache.org/ https://apache.org/; style-src 'self' 'unsafe-inline' data: https://*.apache.org/ https://apache.org/; frame-ancestors 'self'; frame-src 'self' data: blob:; img-src 'self' data: https://*.apache.org/ https://apache.org/ https://www.apachecon.com/; worker-src 'self' data: blob:; connect-src https://*.algolia.net https://*.algolianet.com https://*.algolia.io;
    Cayenne Invalid: img-src https://*; frame-src youtube.com https://www.youtube.com;
    Celeborn OK
    Celix OK
    CloudStack OK
    Community Development OK
    Commons OK
    Conferences OK
    Cordova OK
    CouchDB OK
    Creadur OK
    cTAKES OK
    Curator OK
    CXF OK
    Daffodil OK
    DataFu OK
    DataFusion OK
    Data Privacy Invalid: default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/ ; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/ ; style-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/ ; frame-ancestors 'self'; frame-src https://*.apache.org 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/ ; worker-src 'self' data: blob:;
    DataSketches OK
    DB OK
    DeltaSpike OK
    DevLake OK
    Directory OK
    Diversity and Inclusion OK
    DolphinScheduler OK
    Doris OK
    Drill OK
    Druid OK
    Dubbo Invalid: frame-src *
    ECharts OK
    ECMA Relations OK
    Empire-db OK
    EventMesh OK
    Felix OK
    Fineract OK
    Flagon OK
    Flex OK
    Flink OK
    Fory OK
    FreeMarker OK
    Fundraising OK
    Geode OK
    Geronimo OK
    Gobblin OK
    Grails Extras: https://*.kapa.ai/ https://kapa-widget-proxy-la7dkmplpq-uc.a.run.app https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://hcaptcha.com https://*.hcaptcha.com
    Gravitino OK
    Groovy OK
    Guacamole OK
    Gump OK
    Hadoop OK
    HBase OK
    Helix OK
    HertzBeat OK
    Hive OK
    Hop OK
    HttpComponents OK
    HTTP Server OK
    Hudi Extras: https://*.kapa.ai/ https://kapa-widget-proxy-la7dkmplpq-uc.a.run.app/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://hcaptcha.com/ https://*.hcaptcha.com/ https://*.algolia.net/ https://*.algolianet.com/ https://*.algolia.io/ https://www.youtube-nocookie.com https://www.youtube.com
    Iceberg OK
    Ignite OK
    Impala OK
    Incubator OK
    Infrastructure OK
    InLong OK
    IoTDB Invalid: default-src data: blob: 'self' *.apache.org *.githubusercontent.com *.github.com *.algolia.net *.algolianet.com *.apachecon.com *.communityovercode.org 'unsafe-inline' 'unsafe-eval'; frame-src 'self' data: blob:; frame-ancestors 'self'; worker-src 'self' data: blob:; img-src 'self' blob: data: https: *.apache.org www.apachecon.com; style-src 'self' 'unsafe-inline' data:;
    Jackrabbit OK
    James OK
    Jena OK
    JMeter OK
    Johnzon OK
    JSPWiki OK
    Juneau OK
    Kafka Invalid: frame-src https://youtube.com https://www.youtube.com
    Karaf OK
    Knox OK
    Kudu OK
    Kvrocks OK
    Kylin OK
    Kyuubi OK
    Legal Affairs OK
    Libcloud OK
    Linkis OK
    Logging Services OK
    Lucene OK
    Lucene.Net OK
    MADlib OK
    Mahout OK
    ManifoldCF OK
    Marketing and Publicity OK
    Maven OK
    MINA OK
    MyFaces OK
    Mynewt Invalid: frame-src https://www.youtube-nocookie.com https://www.youtube.com
    NetBeans Invalid: default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/ ; script-src https://www.youtube.com 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/ ; style-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/ ; frame-ancestors 'self'; frame-src https://www.youtube.com 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/ ; worker-src 'self' data: blob:;
    NiFi OK
    Nutch OK
    NuttX OK
    OFBiz OK
    Olingo OK
    OpenDAL OK
    OpenJPA OK
    OpenMeetings OK
    OpenNLP OK
    OpenOffice OK
    OpenWebBeans OK
    OpenWhisk OK
    ORC OK
    Ozone OK
    Paimon OK
    Parquet OK
    PDFBox OK
    Pekko Invalid: default-src 'self' https://pekko.apache.org/ ; style-src 'self' https://pekko.apache.org/ 'unsafe-inline' ; script-src 'self' https://pekko.apache.org/ 'unsafe-inline' ; frame-src 'self' ;
    Perl OK
    Petri OK
    Phoenix OK
    Pig OK
    Pinot Invalid: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' giscus.app analytics.umami.is www.youtube.com; style-src 'self' 'unsafe-inline'; img-src * blob: data:; media-src *.s3.amazonaws.com; connect-src *; font-src 'self'; frame-src www.youtube.com youtube.com giscus.app youtu.be;
    PLC4X OK
    POI OK
    Public Affairs OK
    Pulsar Extras: https://*.algolia.net/ https://*.algolianet.com/ https://*.algolia.io/ https://*.shields.io/
    Qpid OK
    Ranger OK
    Ratis OK
    RocketMQ OK
    Roller OK
    Royale OK
    Rya OK
    Samza OK
    Santuario OK
    SDAP OK
    SeaTunnel OK
    Security Team OK
    Sedona Invalid: frame-src 'self' https://forms.hsforms.com https://calendar.google.com https://nbviewer.org
    Serf OK
    ServiceComb OK
    ServiceMix OK
    ShardingSphere OK
    ShenYu OK
    Shiro OK
    SINGA OK
    SIS OK
    SkyWalking Invalid: frame-src 'self' https://www.google.com https://app.netlify.com
    Sling OK
    Solr OK
    SpamAssassin OK
    Spark Extras: https://*.algolia.net/ https://*.algolianet.com/ https://*.algolia.io/
    Steve OK
    Storm OK
    StormCrawler OK
    StreamPark OK
    StreamPipes OK
    Struts OK
    Subversion OK
    Superset Invalid: default-src data: blob: 'self' *.apache.org widget.kapa.ai *.githubusercontent.com *.scarf.sh *.googleapis.com *.google.com *.run.app *.gstatic.com *.github.com *.algolia.net *.algolianet.com 'unsafe-inline' 'unsafe-eval'; frame-src *; frame-ancestors 'self' *.google.com https://sidebar.bugherd.com; form-action 'self'; worker-src blob:; img-src 'self' blob: data: https:; font-src 'self'; object-src 'none'
    Synapse OK
    Syncope OK
    SystemDS OK
    Travel Assistance OK
    Tapestry OK
    Tcl OK
    Teaclave OK
    Tez OK
    Thrift OK
    Tika OK
    TinkerPop OK
    Tomcat OK
    TomEE OK
    Tooling OK
    Traffic Server OK
    Training OK
    TsFile Invalid: default-src data: blob: 'self' *.apache.org *.githubusercontent.com *.github.com *.algolia.net *.algolianet.com *.apachecon.com *.communityovercode.org 'unsafe-inline' 'unsafe-eval'; frame-src 'self' data: blob:; frame-ancestors 'self'; worker-src 'self' data: blob:; img-src 'self' blob: data: https: *.apache.org www.apachecon.com; style-src 'self' 'unsafe-inline' data:;
    Turbine OK
    TVM OK
    UIMA OK
    Uniffle OK
    Unomi OK
    VCL OK
    Velocity OK
    Whimsy OK
    Wicket OK
    Web Services OK
    Xalan OK
    Xerces OK
    XML Graphics OK
    Yetus OK
    YuniKorn OK
    Zeppelin OK
    ZooKeeper OK

    Copyright © 2025, the Apache Software Foundation. Licensed under the Apache License, Version 2.0 | Privacy Policy
    Apache®, the names of Apache projects, and the multicolor feather logo are registered trademarks or trademarks of the Apache Software Foundation in the United States and/or other countries.