This page tests the require-trusted-types-for 'script' CSP directive.
The policy is set via the HTTP Content-Security-Policy-Report-Only header. Check the console for reports.
Clicking the button will attempt to inject HTML using innerHTML, which should be blocked or reported if Trusted Types are enforced for script sinks.