Welcome to the CSP Playground. Here you can define your own Content-Security Policy and test it against various code injections. The attack string will be reflected on the rendered page without encoding. Please note that certain CSPs might break some of the functionality/design on this page (bootstrap etc.)