Interactive Demos

See browser security
in action

Real attack scenarios. Real browser security headers. Watch how modern web security features detect, block, and report threats — all powered by Report URI.

Start with CSP → Get a free account

Choose a demo

Each demo shows a real attack or browser behaviour — first unprotected, then with the appropriate security header in place.

🛡️
Content Security Policy

Four attack scenarios showing how CSP prevents script injection, Magecart skimmers, form hijacking, and XSS — with live violation reports.

1 · Script Injection 2 · Magecart Skimmer 3 · Form Hijacking 4 · XSS via User Input
4 scenarios Start demo →
🔏
CSP Integrity

See how the 'report-sha256' CSP keyword sends the hash of every loaded script to Report URI — giving you cryptographic proof of exactly what code ran on your page.

1 scenario View demo →
🪪
Integrity Policy

See how Integrity-Policy makes SRI mandatory — blocking any script loaded without an integrity attribute and reporting the violation to Report URI.

1 scenario View demo →
🎛️
Permissions Policy

See how Permissions Policy restricts access to powerful browser features like camera, microphone and geolocation — and reports any attempts to use them.

1 scenario View demo →
📡
Network Error Logging

Watch the browser automatically report DNS failures, connection errors, and broken requests — without any JavaScript required.

1 scenario View demo →
🏝️
COEP & COOP

Cross-Origin Embedder Policy and Cross-Origin Opener Policy isolate your page from untrusted cross-origin content, protecting against Spectre-style side-channel attacks.

2 scenarios View demo →
📋
Deprecation Reporting

Discover deprecated API usage in production — in real user sessions — without instrumenting your code. The browser reports it automatically.

1 scenario View demo →
🛑
Intervention Reporting

See when the browser silently overrides your code to protect users — such as ignoring preventDefault() on passive scroll listeners.

1 scenario View demo →
💥
Crash Reporting

The browser reports tab crashes, out-of-memory events, and unresponsive pages automatically — no JavaScript required, even when the tab is dead.

Chrome only View demo →

How it works

Every violation report generated by these demos is sent live to a Report URI account.

Trigger a violation

Each demo loads content or runs code that a security header would block.

🚫

Browser blocks it

Switch to protected mode and the security header stops the attack — shown live on screen.

📊

Report URI logs it

The browser sends a violation report to Report URI, giving you full visibility of every blocked attempt.

🔔

Get notified

Report URI alerts you to new threats via email, Slack, or webhooks so you can act fast.

Start collecting reports for free →