CSP demo
Current metatag: <meta http-equiv="Content-Security-Policy"
content="script-src 'none' ">
Iframe from another domain (Not possible to modify this site element but should be able to send pop up if granted permission.):
Iframe from same domain (with a child iframe in the same domain as this test):
Iframe from another domain with a child iframe in the same domain as this test: