Active CSP Header
default-src 'self'; script-src 'self' 'unsafe-inline'; img-src 'self' data: https:; frame-src 'none'
Inline Script (should run)
Waiting...
External Image (self-origin)
Blocked Frame Test
The iframe below should be blocked (frame-src: 'none'):
Connect Test
Waiting...