Test default-src 'self' (via Fetch)
PENDING
Tests if fetching a resource from the same origin is allowed.
Test script-src 'self' https://cdnjs... 'unsafe-inline'
PENDING (CDN)PENDING (Inline)
Tests loading external scripts (CDN) and using inline event handlers (like onclick).
Test object-src 'none'
PENDING
Tests if embedding content with is blocked.
Test worker-src 'self' blob:
PENDING (Blob)PENDING (Self)
Tests creating Web Workers from Blob URLs and same-origin scripts.
Test connect-src 'self' https://example.com
PENDING (Self)PENDING (External)
PENDING (Blocked)
Tests network connections (Fetch/XHR) to allowed and blocked origins.
Test img-src 'self' https://via.placeholder.com data:
PENDING (Self)PENDING (External)
PENDING (Data)
Tests loading images from different allowed sources.
Test style-src 'self' 'unsafe-inline' https://fonts.g...
PENDING (Inline)PENDING (External CSS)
Tests applying inline styles and loading external stylesheets.
Test font-src 'self' https://fonts.gstatic.com
PENDING
This text uses Roboto font (if loaded).
Tests loading fonts from allowed external origins (requires the stylesheet test to pass first).
Test frame-src 'self'
PENDING (Self)PENDING (Blocked)
Tests embedding iframes from allowed and blocked origins.
Test base-uri 'self'
PENDING
Tests if setting the
Test form-action 'self'
Tests if form submissions are restricted to allowed origins.