Test Content Security Policy online — check CSP header enforcement, violation reporting, and Reporting API support.
The Reporting API requires HTTP headers (not meta tags):
Reporting-Endpoints: Defines where to send reportsContent-Security-Policy: Must include report-to directiveReporting-Endpoints: csp-endpoint="https://webhook.site/3ee6737e-49e0-446f-bf08-9e3096e83dd2" Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; report-to csp-endpoint
Reports are sent to the webhook.site endpoint above.
Reports may show as "Queued" or "Pending" if the endpoint doesn't respond.
No violations yet. Click the button above to trigger some.
Full violation details are logged to the browser console.