Apache Project Website Checks

Checking Project Websites for required and disallowed content

This script periodically crawls all Apache project and podling websites to check them for a few specific links or text blocks that all projects are expected to have. The checks include verifying that all required links appear on a project homepage, along with an "image" check if project logo files are in apache.org/img

The script also checks for 3rd party resource references that might be in conflict with our privacy policy.

The Content-Security-Policy (Csp) check is a work in progress: it only checks that the default settings have not been over-ridden. It does not check if the host exceptions have been approved.

View the crawler code, website display code, validation checks details, and raw JSON data.
Last crawl time: Sat, 17 Jan 2026 10:10:05 GMT over 220 websites.

Related Whimsy Links

Site Check For Project - HertzBeat

Results for Project HertzBeat .
Check Results column is the actual text or URL found on the homepage for this check (when applicable).
Check Type Check Results Check Description
Uri https://hertzbeat.apache.org
Foundation https://hertzbeat.apache.org/img/icons/asf_logo.svg
Events https://www.apache.org/events/current-event.html
License https://www.apache.org/licenses/
Thanks https://www.apache.org/foundation/sponsors
Security https://hertzbeat.apache.org/docs/help/security_model
Sponsorship https://www.apache.org/foundation/sponsorship.html
Trademarks Apache HertzBeat™, HertzBeat™, and its feather logo are trademarks of The Apache Software Foundation.
Copyright Copyright © 2026 The Apache Software Foundation.
Privacy https://privacy.apache.org/policies/privacy-policy-public.html
Resources Found 6 external resources: {"widget.kapa.ai"=>1, "ERROR Refused to load the script 'https://analytics.apache.org/matomo.js' because it violates the following Content Security Policy directive: \"script-src 'self' 'unsafe-inline' 'unsafe-eval' widget.kapa.ai www.google.com https://hcaptcha.com https://*.hcaptcha.com https://www.gstatic.com\". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback."=>1, ""=>1, "ERROR Failed to load resource: net::ERR_FAILED"=>2, "fonts.googleapis.com"=>1} Text of a link expected to match regular expression: Found \d+ external resources
Websites must not link to externally hosted resources
Image hertzbeat-1.svg
Csp_check Invalid: default-src 'self' data: blob: *.apache.org *.kapa.ai *.githubusercontent.com *.googleapis.com *.google.com *.run.app *.gstatic.com *.github.com https://hcaptcha.com https://*.hcaptcha.com *.algolia.net *.algolianet.com *.apachecon.com *.communityovercode.org 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' widget.kapa.ai www.google.com https://hcaptcha.com https://*.hcaptcha.com https://www.gstatic.com; connect-src 'self' proxy.kapa.ai kapa-widget-proxy-la7dkmplpq-uc.a.run.app metrics.kapa.ai *.algolia.net *.algolianet.com https://hcaptcha.com https://*.hcaptcha.com www.google.com; frame-src 'self' * www.google.com https://hcaptcha.com https://*.hcaptcha.com; frame-ancestors 'self' *.google.com; worker-src 'self' data: blob:; img-src 'self' blob: data: https:; font-src 'self' data: blob:; object-src 'none' Text of a link expected to match regular expression: ^OK
Websites must not replace the default Content-Security-Policy

Copyright © 2026, the Apache Software Foundation. Licensed under the Apache License, Version 2.0 | Privacy Policy
Apache®, the names of Apache projects, and the logo are registered trademarks or trademarks of the Apache Software Foundation in the United States and/or other countries.