🚨 Content Security Policy (CSP) Demonstration

⚠️ Current CSP Mode: WEAK

CSP Header: default-src 'self' 'unsafe-inline' 'unsafe-eval' *

Description: Weak CSP - allows inline scripts and eval

Test Different CSP Configurations:

XSS Test Buttons (click to test CSP effectiveness):

External Resource Tests:

Try loading external JavaScript:

CSP Vulnerability Analysis:

What you should see: