Media allowed
Source: https://csp-media-frontend-alexander-h.abzdev2.com
CSP Playground
Security headers in action
The page loads media only from the allowed media domain and executes time scripts only from the allowed scripts domain. Resources from the blocked domains should fail and appear as CSP errors in the console.
Main origin: https://csp-frontend-alexander-h.abzdev2.com
Media blocked
Source: https://csp-media-blocked-frontend-alexander-h.abzdev2.com
Time script allowed
Script source: https://csp-scripts-frontend-alexander-h.abzdev2.com
--:--:--
Time script blocked
Script source: https://csp-scripts-blocked-frontend-alexander-h.abzdev2.com
Script should be blocked