How to detect Content Security Policy (CSP)

Question

I noticed that GitHub and Facebook are both implementing this policy now, which restricts third party scripts from being run within their experience/site.

Is there a

Answer 1

You can try to catch a CSP violation error using an event "securitypolicyviolation"

From: https://developer.mozilla.org/en-US/docs/Web/API/SecurityPolicyViolationEvent

example:

document.addEventListener("securitypolicyviolation", (e) => {
  console.log(e.blockedURI);    
  console.log(e.violatedDirective);    
  console.log(e.originalPolicy);
});