This script periodically crawls all Apache project and podling websites to check them for a few specific links or text blocks that all projects are expected to have. The checks include verifying that all required links appear on a project homepage, along with an "image" check if project logo files are in apache.org/img
The script also checks for 3rd party resource references that might be in conflict with our privacy policy.
The Content-Security-Policy (Csp) check is a work in progress: it only checks that the default settings have not been over-ridden. It does not check if the host exceptions have been approved.
View the crawler code, website display code, validation checks details, and raw JSON data.
Last crawl time: Fri, 31 Oct 2025 20:12:07 GMT over 219 websites.
| Check Type | Check Results | Check Description |
|---|---|---|
| Uri | https://beam.apache.org/ | |
| Foundation | The Apache Software Foundation | |
| Events |
URL expected to match regular expression:
^https?://((www\.)?apache\.org/events/current-event|events\.apache\.org|www\.apachecon\.com/event-images/snippet\.js)
Projects SHOULD include a link to any current CommunityOverCode event, or to the events.apache.org site, as provided by VP, Conferences. |
|
| License | https://www.apache.org/licenses/ | |
| Thanks | https://www.apache.org/foundation/thanks.html | |
| Security | https://www.apache.org/security/ | |
| Sponsorship | https://www.apache.org/foundation/sponsorship.html | |
| Trademarks | Apache Beam, Apache, Beam, the Beam logo, and the Apache feather logo are either registered trademarks or trademarks of The Apache Software Foundation. All other products or name brands are trademarks of their respective holders, including The Apache Software Foundation. | |
| Copyright | © The Apache Software Foundation | |
| Privacy | https://beam.apache.org/privacy_policy |
URL expected to match regular expression:
\Ahttps://privacy\.apache\.org/policies/privacy-policy-public\.html\z
|
\Ahttps?://(?:www\.)?apache\.org/foundation/policies/privacy\.html\z
All websites must link to the Privacy Policy. |
| Resources | Found 15 external resources: {"ERROR Refused to load the stylesheet 'https://fonts.googleapis.com/css?family=Roboto:100,300,400,500,700' because it violates the following Content Security Policy directive: \"style-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/ https://play.beam.apache.org/ https://www.youtube.com/ https://drive.google.com/\". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback."=>1, ""=>7, "ERROR Refused to load the script 'https://code.jquery.com/jquery-2.2.4.min.js' because it violates the following Content Security Policy directive: \"script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/ https://play.beam.apache.org/ https://www.youtube.com/ https://drive.google.com/\". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback."=>1, "ERROR Refused to load the stylesheet 'https://use.fontawesome.com/releases/v5.4.1/css/all.css' because it violates the following Content Security Policy directive: \"style-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/ https://play.beam.apache.org/ https://www.youtube.com/ https://drive.google.com/\". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback."=>1, "ERROR Refused to load the stylesheet 'https://unpkg.com/swiper@8/swiper-bundle.min.css' because it violates the following Content Security Policy directive: \"style-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/ https://play.beam.apache.org/ https://www.youtube.com/ https://drive.google.com/\". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback."=>1, "ERROR Refused to load the script 'https://platform.twitter.com/widgets.js' because it violates the following Content Security Policy directive: \"script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/ https://play.beam.apache.org/ https://www.youtube.com/ https://drive.google.com/\". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback."=>1, "ERROR Refused to load the script 'https://static.hotjar.com/c/hotjar-2182187.js?sv=6' because it violates the following Content Security Policy directive: \"script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/ https://play.beam.apache.org/ https://www.youtube.com/ https://drive.google.com/\". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback."=>1, "ERROR Refused to load the script 'https://cse.google.com/cse.js?cx=012923275103528129024:4emlchv9wzi' because it violates the following Content Security Policy directive: \"script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.apachecon.com/ https://www.communityovercode.org/ https://*.apache.org/ https://apache.org/ https://*.scarf.sh/ https://play.beam.apache.org/ https://www.youtube.com/ https://drive.google.com/\". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback."=>2} |
Text of a link expected to match regular expression:
Found \d+ external resources
Websites must not link to externally hosted resources |
| Image | beam-1.svg | |
| Csp_check | Extras: https://play.beam.apache.org/ https://www.youtube.com/ https://drive.google.com/ |
Msg:
Non-default CSP
Websites must not replace the default Content-Security-Policy |