Content Security Policy (CSP) test page

Page for testing Content Security Policy (CSP) headers. See https://bugzil.la/1800890.

Examples

  • Block images except the third-party one: img-src suboptimal.co.uk
  • Block scripts except the main_frame inline one: Loading...

Results

Test Description
Failed ✕ Image (data URI)
Failed ✕ Image (first-party)
Failed ✕ Image (third-party)
Video (data URI)
Video (first-party)
Video (third-party)
Loading... Script (inline)
Loading... Script (data URI)
Loading... Script (first-party)
Loading... Script (third-party)
Iframe (about:blank via inline script)
Iframe (blob URI via inline script)
Iframe (data URI)
Iframe (first-party)
Iframe (third-party)
Loading... WebSocket (first-party via inline script)
Loading... WebSocket (third-party via inline script)
Loading... WebSocket (third-party via about:blank iframe via inline script)
Loading... WebSocket (third-party via blob URI iframe via inline script)
Loading... WebSocket (third-party via blob URI WebWorker via inline script)