chromium/third_party/blink/web_tests/http/tests/security/contentSecurityPolicy/sandbox-allow-scripts-in-http-header-control.html

<!DOCTYPE html>
<iframe src="resources/sandbox.php?sandbox=allow-scripts%20allow-same-origin"></iframe>
<script>
if (window.testRunner)
    testRunner.dumpAsText();

window.onload = function() {
    var frame = document.getElementsByTagName("iframe")[0];
    var secret = frame.contentWindow.secret;
    if (secret)
        console.log("PASS: Iframe was not in a unique origin");
    else
        console.log("FAIL: Iframe was in a unique origin");
};
</script>