CSP 'strict-dynamic' testbed

Your browser does not seem to support the 'strict-dynamic' CSP source expression. You will see CSP violations in the console and the API examples on this page will most likely be broken.

To try out 'strict-dynamic' install Chrome Canary or Chrome Beta and enable Experimental Web Platform features in chrome://flags.

The CSP for all examples on this page is: Content-Security-Policy: object-src 'none'; script-src 'nonce-$NONCE' 'strict-dynamic' 'unsafe-eval'

Popular APIs

Google Maps

Twitter timeline

Facebook page plugin

Google charts


ReCAPTCHA fallback

Share widgets

Twitter share button

Facebook 'like' button

Google+ button

AddThis button

Analytics APIs

These APIs don't render any contents so frames will be empty. If they cause any CSP violations errors will be shown in the console.

Google Analytics

Google Analytics (AMP)

Google Tag Manager