🛡️ CSP Violation Test Page

Click buttons below to trigger various Content Security Policy violations

Active CSP Policy:

default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; connect-src 'self'; report-uri https://nordev.net/csp-report;

Script Violations

These tests attempt to load external JavaScript files, which violates the script-src 'self' directive.

Style Violations

These tests attempt to load external stylesheets, which violates the style-src 'self' directive.

Image Violations

These tests attempt to load images from external sources, which violates the img-src 'self' data: directive.

Font Violations

This test attempts to load an external font, which violates the font-src 'self' directive.

Connection Violations

These tests attempt to make AJAX/fetch requests to external domains, which violates the connect-src 'self' directive.

Check Report Logs

After triggering violations above, reports are sent to the listener at nordev.net/csp-report. View them via: journalctl -u csp-listener -f on liveoak4.
Note: Violations are automatically reported to the CSP endpoint. Check your browser's console to see blocked resources. The reports may take a moment to appear in the dashboard.
Results will appear here...