CSP Browser Test

Content Security Policy Browser Test

JavaScript CSP Browser Test CSP Level 1

Note this test requires that you have JavaScript Enabled

CSP Supported

If you can read this, then the inline JavaScript below this line did not execute.
  //if CSP is supported this will not run
      var jsNode = document.getElementById("jsNode");
      jsNode.innerHTML = "<h3> CSP Not Supported</h3> Your browser does not support CSP, the inline script executed and replaced this div content";
      jsNode.className = "alert alert-danger";

Image CSP Browser Test CSP Level 1

This test attempts to load an image: https://unsplash.it/200/200

<img src="https://unsplash.it/200/200" alt="CSP Should Block This Image From Loading" id="cspImg">
CSP Should Block This Image From Loading

If you see a gray box above then the image loading failed (presumably due to CSP, but it could also fail for other reasons such as the server being down).

JavaScript Hash Test CSP Level 2

CSP Level 2 does allow execution of inline scripts if a Hash is present in the script-src directive.

CSP Level 2 Inline Hash Not Supported

JavaScript Unsafe Hashes Test CSP Level 3

CSP Level 3 unsafe-hashes within script-src directive.

CSP Level 3 Inline Hash Not Supported