chromium/third_party/blink/web_tests/http/tests/security/contentSecurityPolicy/connect-src-anchor-ping.html

<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Security-Policy" content="connect-src http://127.0.0.1:8000">
<script>
if (window.testRunner) {
  testRunner.overridePreference("WebKitHyperlinkAuditingEnabled", 1);
  testRunner.dumpAsText();
  testRunner.waitUntilDone();
}
function onload() {
  if (window.testRunner) {
    anchor = document.getElementById('anchor');
    anchor.click();
  }
}
</script>
</head>
<body onload="onload();">
  <p>
    Tests whether "ping" attribute of an &lt;at&gt; / "anchor" tag is subject
    to CSP enforcement (via 'connect-src').
  </p>
  <p>
    <!-- Note that ping's URL has different origin from what was specified
         in the content-src content security policy in the header above. -->
    <a href="/resources/notify-done.html"
       ping="https://localhost:8443/resources/dummy.txt"
       id="anchor"
       >Link</a>
  </p>
</body>
</html>