Test Content-Security-Policy directives with an isolated iframe. Enter a CSP below and raw HTML to see how browsers enforce the policy.
No cookies, no tracking, no analytics. Is that ok?