chromium/third_party/blink/web_tests/http/tests/security/contentSecurityPolicy/1.1/meta-outside-head.html

<!DOCTYPE html>
<html>
<head>
    <script>
        if (window.testRunner)
            testRunner.dumpAsText();
    </script>
</head>
<body>
    <p>This test checks that Content Security Policy delivered via a meta element is not enforced if the element is outside the document's head.</p>
    <meta http-equiv="Content-Security-Policy" content="script-src 'none'">
    <script>
        alert("PASS (1/1)");
    </script>
</body>
</html>