Script Violations
These tests attempt to load external JavaScript files, which violates the script-src 'self' directive.
Load External Script (CDN)
Create Element with Inline Handler
Execute eval()
Style Violations
These tests attempt to load external stylesheets, which violates the style-src 'self' directive.
Load External Stylesheet
Image Violations
These tests attempt to load images from external sources, which violates the img-src 'self' data: directive.
Load External Image
Font Violations
This test attempts to load an external font, which violates the font-src 'self' directive.
Load External Font
Connection Violations
These tests attempt to make AJAX/fetch requests to external domains, which violates the connect-src 'self' directive.
Fetch External API
XHR to External Domain
Check Report Dashboard
After triggering violations above, view them in the CSP Report Dashboard.
View Dashboard
Note: Violations are automatically reported to the CSP endpoint. Check your browser's console to see blocked resources. The reports may take a moment to appear in the dashboard.
Results will appear here...