CSP Test Site

Endpoint

Mechanism

report-uri report-to

report-uri is widely supported but deprecated. report-to works in Chrome; partial/no support in Firefox and Safari.

Mode

report-only enforce

Integrity

Script hash reporting (report-sha256, Chrome only)

Trigger Violations

Enable integrity and report-to above, then click Apply Settings to load an external script for hash reporting.

Requires report-to mechanism and integrity enabled. Chrome only (if supported). Check Application > Reporting API in DevTools.

Ready. Click a button to trigger a CSP violation.