WhiteGlove JavaScript Test Page

Inline Script

<script>...</script> embedded directly in the HTML.

Blocked

First-Party Script

<script src="first-party.js"> loaded from the same origin.

Blocked

Third-Party Script

<script src="cdn..."> loaded from an external domain.

Blocked

Cross-Origin Iframe

<iframe src="youtube.com/..."> blocked by frame-src 'none'.

Blocked

Object Embed (SVG)

<object data="test.svg"> blocked by object-src 'none'. Orange SVG = script ran inside it.

Blocked

Embed (SVG)

<embed src="test.svg"> blocked by object-src 'none'.

Blocked