← Back to Home

CSP Violation Test Page

How Reporting API Works

The Reporting API requires HTTP headers (not meta tags):

  • Reporting-Endpoints: Defines where to send reports
  • Content-Security-Policy: Must include report-to directive

Headers Set for This Page

Reporting-Endpoints: csp-endpoint="https://webhook.site/3ee6737e-49e0-446f-bf08-9e3096e83dd2"
Content-Security-Policy: default-src 'self';
  script-src 'self' 'unsafe-inline';
  style-src 'self' 'unsafe-inline';
  report-to csp-endpoint

Reports are sent to the webhook.site endpoint above.

Check Chrome DevTools

  1. Open DevTools (F12)
  2. Go to Application tab
  3. Find Reporting API in the sidebar
  4. Click "Trigger Violations" below and watch reports appear

Reports may show as "Queued" or "Pending" if the endpoint doesn't respond.

Violations Captured (via securitypolicyviolation event)

No violations yet. Click the button above to trigger some.

Full violation details are logged to the browser console.