CSP Violation Demonstration

What This Page Does

This page attempts to load an external JavaScript library from:

https://cdn.jsdelivr.net/npm/lodash@4.17.21/lodash.min.js

Script Status

Checking if external script loaded...

Expected Behavior

Without CSP: The external script loads successfully.

With default-src 'self' CSP: The browser blocks the external script and logs a violation in the DevTools Console.

How to Test

  1. Open your browser's DevTools Console (F12)
  2. Look for CSP violation errors in red
  3. The error will show the blocked URI and violated directive

Example CSP Violation Error:

Refused to load the script 'https://cdn.jsdelivr.net/...'
because it violates the following Content Security Policy
directive: "script-src 'self'"
🚀 This content is served through the SaaS Zone (aymeric.cfd)