CSP Test Site
Endpoint
Mechanism
report-uri
report-to
report-uri is widely supported but deprecated. report-to works in Chrome; partial/no support in Firefox and Safari.
Mode
report-only
enforce
Integrity
Script hash reporting (report-sha256, Chrome only)
Apply Settings
Trigger Violations
script-src
style-src
img-src
font-src
connect-src
frame-src
media-src
object-src
base-uri
form-action
Script Integrity
Load external script
Loads an external script to generate hash reports. Requires report-to mechanism and integrity enabled. Chrome only as of early 2026.
Ready. Click a button to trigger a CSP violation.