Content Security Policy Test

Back to Tools

This page tests various security features added in Firefox 4. While you may of course use other browsers, and some of these security features may be found in other browsers, it will work best with Firefox 4.

Below this line, you will find various javascript snippets, that are disabled due to the CSP on this page. In particular, we test "eval()" and inline javascript.

If CSP is not supported by your browser, then you will see four popups. With CSP support, you will see only one.

Tests

  1. An alert included as inline javascript (blocked by CSP)
  2. An alert created by an 'eval' function inline (blocked by CSP)
  3. An alert included from a file served by isc.sans.edu (allowed)
  4. An alert created by an eval in the same external file (blocked by CSP)
Reload page without content security policy