๐Ÿ›ก๏ธ CSP is active โ€” violations are blocked and reported
โ† All demos ยท CSP Demo 2 of 4

Magecart Payment Skimmer

A card skimmer has been injected into the checkout page and is silently copying payment details to an attacker's server.

โšช Unprotected ๐ŸŸข Protected
Protected โ€” skimmer script was blocked before it could load

Checkout

Complete your purchase

โœ… Skimmer blocked. CSP prevented the skimmer script from loading. Your payment details are safe. The violation was reported to Report URI.
CSP header sent with this page
Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self' data:; connect-src 'self'; form-action 'self'; report-uri https://helios.report-uri.com/r/t/csp/enforce; report-to default
What CSP did

script-src 'self' blocked the skimmer from loading, and connect-src 'self' would have blocked any outbound data beacon even if the script had found another way to execute. Both violations were reported to Report URI in real time.

โ† Demo 1
1 2 3 4
Demo 3 โ†’
๐Ÿ›ก๏ธ CSP blocked 0 attempt(s)