🚨 Content Security Policy (CSP) Demonstration

⚠️ Current CSP Mode: STRONG

CSP Header: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'

Description: Strong CSP - blocks most XSS attempts

Test Different CSP Configurations:

XSS Test Buttons (click to test CSP effectiveness):

External Resource Tests:

Try loading external JavaScript:

CSP Vulnerability Analysis:

What you should see: