Content Security Policy violation example (external script)


This HTML file has a script-src 'unsafe-inline'; Content Security Policy and we are loading an external script (<script src="">) to force a SecurityPolicyViolationEvent.

Below, you can find the error details. We are able to capture them by adding a securitypolicyviolation listener.

Try opening this page on multiple browsers to see the differences on how the violation is implemented.

If you wanna test an eval violation, check this example instead.

Violation details