neocities csp examples

content-security-policy: upgrade-insecure-requests; default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; connect-src 'self'; form-action 'self'; img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; font-src * data:; object-src *; media-src *; frame-src *;

[blocked] some interactiable widgets that you embed via a script tag (connect-src)

cusdis does not show at all due to its usage of fetch():

same for goatconter's javascript widget. see the console.

[blocked] some interactiable widgets that you embed via a script tag (form-action)

via htmlcommentbox. while it shows, commenting is broken due to its usage of form

Widget is loading comments...

hotlinking images (img-src)

dabric

non-interactiable widgets that you embed via a script tag (script-src)

google fonts (style-src, font-src)

Hello, world

youtube iframe embed (frame-src)