diff --git a/components/script/dom/document.rs b/components/script/dom/document.rs
index b775bdd4582..0d39a12c15e 100644
--- a/components/script/dom/document.rs
+++ b/components/script/dom/document.rs
@@ -4017,13 +4017,18 @@ impl Document {
                 .get_attribute(&ns!(), &local_name!("nonce"))
                 .map(|attr| Cow::Owned(attr.value().to_string())),
         };
-        // TODO: Instead of ignoring violations, report them.
-        self.get_csp_list()
-            .map(|c| {
-                c.should_elements_inline_type_behavior_be_blocked(&element, type_, source)
-                    .0
-            })
-            .unwrap_or(csp::CheckResult::Allowed)
+        let (result, violations) = match self.get_csp_list() {
+            None => {
+                return csp::CheckResult::Allowed;
+            },
+            Some(csp_list) => {
+                csp_list.should_elements_inline_type_behavior_be_blocked(&element, type_, source)
+            },
+        };
+
+        self.global().report_csp_violations(violations);
+
+        result
     }
 
     /// Prevent any JS or layout from running until the corresponding call to
diff --git a/components/script/dom/eventtarget.rs b/components/script/dom/eventtarget.rs
index ea76bbf2a8b..1a5aafb0ae7 100644
--- a/components/script/dom/eventtarget.rs
+++ b/components/script/dom/eventtarget.rs
@@ -11,6 +11,7 @@ use std::mem;
 use std::ops::{Deref, DerefMut};
 use std::rc::Rc;
 
+use content_security_policy as csp;
 use deny_public_fields::DenyPublicFields;
 use dom_struct::dom_struct;
 use fnv::FnvHasher;
@@ -551,9 +552,25 @@ impl EventTarget {
         url: ServoUrl,
         line: usize,
         ty: &str,
-        source: DOMString,
+        source: &str,
     ) {
-        let handler = InternalRawUncompiledHandler { source, line, url };
+        if let Some(element) = self.downcast::<Element>() {
+            let doc = element.owner_document();
+            if doc.should_elements_inline_type_behavior_be_blocked(
+                element.upcast(),
+                csp::InlineCheckType::ScriptAttribute,
+                source,
+            ) == csp::CheckResult::Blocked
+            {
+                return;
+            }
+        };
+
+        let handler = InternalRawUncompiledHandler {
+            source: DOMString::from(source),
+            line,
+            url,
+        };
         self.set_inline_event_listener(
             Atom::from(ty),
             Some(InlineEventListener::Uncompiled(handler)),
diff --git a/components/script/dom/globalscope.rs b/components/script/dom/globalscope.rs
index e56f4693e35..2582291ed87 100644
--- a/components/script/dom/globalscope.rs
+++ b/components/script/dom/globalscope.rs
@@ -3450,12 +3450,15 @@ impl GlobalScope {
 
     pub(crate) fn report_csp_violations(&self, violations: Vec<Violation>) {
         for violation in violations {
-            let sample = match violation.resource {
-                ViolationResource::Inline { .. } | ViolationResource::Url(_) => None,
-                ViolationResource::TrustedTypePolicy { sample } => Some(sample),
+            let (sample, resource) = match violation.resource {
+                ViolationResource::Inline { .. } => (None, "inline".to_owned()),
+                ViolationResource::Url(url) => (None, url.into()),
+                ViolationResource::TrustedTypePolicy { sample } => {
+                    (Some(sample), "trusted-types-policy".to_owned())
+                },
             };
             let report = CSPViolationReportBuilder::default()
-                .resource("eval".to_owned())
+                .resource(resource)
                 .sample(sample)
                 .effective_directive(violation.directive.name)
                 .build(self);
diff --git a/components/script/dom/htmlbodyelement.rs b/components/script/dom/htmlbodyelement.rs
index ba3316f889b..5cd877cdf82 100644
--- a/components/script/dom/htmlbodyelement.rs
+++ b/components/script/dom/htmlbodyelement.rs
@@ -201,13 +201,14 @@ impl VirtualMethods for HTMLBodyElement {
                     &local_name!("onresize") |
                     &local_name!("onunload") |
                     &local_name!("onerror") => {
+                        let source = &**attr.value();
                         let evtarget = window.upcast::<EventTarget>(); // forwarded event
                         let source_line = 1; //TODO(#9604) obtain current JS execution line
                         evtarget.set_event_handler_uncompiled(
                             window.get_url(),
                             source_line,
                             &name[2..],
-                            DOMString::from((**attr.value()).to_owned()),
+                            source,
                         );
                         false
                     },
diff --git a/components/script/dom/htmlelement.rs b/components/script/dom/htmlelement.rs
index 14c85603740..0cdfebf5342 100644
--- a/components/script/dom/htmlelement.rs
+++ b/components/script/dom/htmlelement.rs
@@ -1084,14 +1084,14 @@ impl VirtualMethods for HTMLElement {
         let element = self.as_element();
         match (attr.local_name(), mutation) {
             (name, AttributeMutation::Set(_)) if name.starts_with("on") => {
+                let source = &**attr.value();
                 let evtarget = self.upcast::<EventTarget>();
                 let source_line = 1; //TODO(#9604) get current JS execution line
                 evtarget.set_event_handler_uncompiled(
                     self.owner_window().get_url(),
                     source_line,
                     &name[2..],
-                    // FIXME(ajeffrey): Convert directly from AttrValue to DOMString
-                    DOMString::from(&**attr.value()),
+                    source,
                 );
             },
             (&local_name!("form"), mutation) if self.is_form_associated_custom_element() => {
diff --git a/tests/wpt/include.ini b/tests/wpt/include.ini
index 6cafe653196..fdbd71b9ee6 100644
--- a/tests/wpt/include.ini
+++ b/tests/wpt/include.ini
@@ -13,6 +13,8 @@ skip: true
     skip: true
 [content-security-policy]
   skip: false
+  [embedded-enforcement]
+    skip: true
 [cors]
   skip: false
 [css]
diff --git a/tests/wpt/meta/content-security-policy/base-uri/report-uri-does-not-respect-base-uri.sub.html.ini b/tests/wpt/meta/content-security-policy/base-uri/report-uri-does-not-respect-base-uri.sub.html.ini
index efaa0fc8ca4..e3d7c23eef2 100644
--- a/tests/wpt/meta/content-security-policy/base-uri/report-uri-does-not-respect-base-uri.sub.html.ini
+++ b/tests/wpt/meta/content-security-policy/base-uri/report-uri-does-not-respect-base-uri.sub.html.ini
@@ -1,6 +1,3 @@
 [report-uri-does-not-respect-base-uri.sub.html]
-  [Event is fired]
-    expected: FAIL
-
   [Violation report status OK.]
     expected: FAIL
diff --git a/tests/wpt/meta/content-security-policy/default-src/default-src-inline-blocked.sub.html.ini b/tests/wpt/meta/content-security-policy/default-src/default-src-inline-blocked.sub.html.ini
deleted file mode 100644
index c2b9c5f26c7..00000000000
--- a/tests/wpt/meta/content-security-policy/default-src/default-src-inline-blocked.sub.html.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-[default-src-inline-blocked.sub.html]
-  [Expecting logs: ["violated-directive=script-src-elem","violated-directive=script-src-elem"\]]
-    expected: FAIL
diff --git a/tests/wpt/meta/content-security-policy/default-src/default-src-strict_dynamic_and_unsafe_inline.html.ini b/tests/wpt/meta/content-security-policy/default-src/default-src-strict_dynamic_and_unsafe_inline.html.ini
deleted file mode 100644
index e1b9ec3f770..00000000000
--- a/tests/wpt/meta/content-security-policy/default-src/default-src-strict_dynamic_and_unsafe_inline.html.ini
+++ /dev/null
@@ -1,4 +0,0 @@
-[default-src-strict_dynamic_and_unsafe_inline.html]
-  expected: TIMEOUT
-  [Should fire a security policy violation for the inline block]
-    expected: NOTRUN
diff --git a/tests/wpt/meta/content-security-policy/embedded-enforcement/allow_csp_from-header.html.ini b/tests/wpt/meta/content-security-policy/embedded-enforcement/allow_csp_from-header.html.ini
deleted file mode 100644
index 3cf8d56a5d6..00000000000
--- a/tests/wpt/meta/content-security-policy/embedded-enforcement/allow_csp_from-header.html.ini
+++ /dev/null
@@ -1,25 +0,0 @@
-[allow_csp_from-header.html]
-  expected: TIMEOUT
-  [Same origin iframes with an empty Allow-CSP-From header get blocked.]
-    expected: FAIL
-
-  [Same origin iframes without Allow-CSP-From header gets blocked.]
-    expected: FAIL
-
-  [Same origin iframes are blocked if Allow-CSP-From does not match origin.]
-    expected: FAIL
-
-  [Cross origin iframe with an empty Allow-CSP-From header gets blocked.]
-    expected: FAIL
-
-  [Cross origin iframe without Allow-CSP-From header gets blocked.]
-    expected: FAIL
-
-  [Iframe with improper Allow-CSP-From header gets blocked.]
-    expected: FAIL
-
-  [Star Allow-CSP-From header enforces EmbeddingCSP.]
-    expected: TIMEOUT
-
-  [Allow-CSP-From header enforces EmbeddingCSP.]
-    expected: TIMEOUT
diff --git a/tests/wpt/meta/content-security-policy/embedded-enforcement/blocked-iframe-are-cross-origin.html.ini b/tests/wpt/meta/content-security-policy/embedded-enforcement/blocked-iframe-are-cross-origin.html.ini
deleted file mode 100644
index 31c147a6ece..00000000000
--- a/tests/wpt/meta/content-security-policy/embedded-enforcement/blocked-iframe-are-cross-origin.html.ini
+++ /dev/null
@@ -1,6 +0,0 @@
-[blocked-iframe-are-cross-origin.html]
-  [Document blocked by embedded enforcement and its parent are cross-origin]
-    expected: FAIL
-
-  [Two same-origin iframes must appear as cross-origin when one is blocked]
-    expected: FAIL
diff --git a/tests/wpt/meta/content-security-policy/embedded-enforcement/change-csp-attribute-and-history-navigation.html.ini b/tests/wpt/meta/content-security-policy/embedded-enforcement/change-csp-attribute-and-history-navigation.html.ini
deleted file mode 100644
index c8205878128..00000000000
--- a/tests/wpt/meta/content-security-policy/embedded-enforcement/change-csp-attribute-and-history-navigation.html.ini
+++ /dev/null
@@ -1,6 +0,0 @@
-[change-csp-attribute-and-history-navigation.html]
-  [Iframe csp attribute changed before history navigation of local scheme.]
-    expected: FAIL
-
-  [Iframe csp attribute changed before history navigation of network scheme.]
-    expected: FAIL
diff --git a/tests/wpt/meta/content-security-policy/embedded-enforcement/idlharness.window.js.ini b/tests/wpt/meta/content-security-policy/embedded-enforcement/idlharness.window.js.ini
deleted file mode 100644
index 551c76a0058..00000000000
--- a/tests/wpt/meta/content-security-policy/embedded-enforcement/idlharness.window.js.ini
+++ /dev/null
@@ -1,6 +0,0 @@
-[idlharness.window.html]
-  [HTMLIFrameElement interface: attribute csp]
-    expected: FAIL
-
-  [HTMLIFrameElement interface: document.createElement("iframe") must inherit property "csp" with the proper type]
-    expected: FAIL
diff --git a/tests/wpt/meta/content-security-policy/embedded-enforcement/iframe-csp-attribute.html.ini b/tests/wpt/meta/content-security-policy/embedded-enforcement/iframe-csp-attribute.html.ini
deleted file mode 100644
index 000df37abc1..00000000000
--- a/tests/wpt/meta/content-security-policy/embedded-enforcement/iframe-csp-attribute.html.ini
+++ /dev/null
@@ -1,12 +0,0 @@
-[iframe-csp-attribute.html]
-  [<iframe> has a 'csp' attibute which is an empty string if undefined.]
-    expected: FAIL
-
-  [<iframe>'s csp attribute is always a string.]
-    expected: FAIL
-
-  [<iframe>'s 'csp content attribute reflects the IDL attribute.]
-    expected: FAIL
-
-  [<iframe>'s IDL attribute reflects the DOM attribute.]
-    expected: FAIL
diff --git a/tests/wpt/meta/content-security-policy/embedded-enforcement/required-csp-header-cascade.html.ini b/tests/wpt/meta/content-security-policy/embedded-enforcement/required-csp-header-cascade.html.ini
deleted file mode 100644
index 19ac0a5a7e6..00000000000
--- a/tests/wpt/meta/content-security-policy/embedded-enforcement/required-csp-header-cascade.html.ini
+++ /dev/null
@@ -1,27 +0,0 @@
-[required-csp-header-cascade.html]
-  [Test same origin: Test same policy for both iframes]
-    expected: FAIL
-
-  [Test same origin: Test more restrictive policy on second iframe]
-    expected: FAIL
-
-  [Test same origin: Test less restrictive policy on second iframe]
-    expected: FAIL
-
-  [Test same origin: Test no policy on second iframe]
-    expected: FAIL
-
-  [Test same origin: Test no policy on first iframe]
-    expected: FAIL
-
-  [Test same origin: Test invalid policy on first iframe (bad directive name)]
-    expected: FAIL
-
-  [Test same origin: Test invalid policy on first iframe (report directive)]
-    expected: FAIL
-
-  [Test same origin: Test invalid policy on second iframe (bad directive name)]
-    expected: FAIL
-
-  [Test same origin: Test invalid policy on second iframe (report directive)]
-    expected: FAIL
diff --git a/tests/wpt/meta/content-security-policy/embedded-enforcement/required_csp-header.html.ini b/tests/wpt/meta/content-security-policy/embedded-enforcement/required_csp-header.html.ini
deleted file mode 100644
index 784d7df63b8..00000000000
--- a/tests/wpt/meta/content-security-policy/embedded-enforcement/required_csp-header.html.ini
+++ /dev/null
@@ -1,141 +0,0 @@
-[required_csp-header.html]
-  [Test Required-CSP value on `csp` change: Sec-Required-CSP is not sent if `csp` attribute is not set on <iframe>.]
-    expected: FAIL
-
-  [Test same origin: Send Sec-Required-CSP when `csp` attribute of <iframe> is not empty.]
-    expected: FAIL
-
-  [Test same origin redirect: Send Sec-Required-CSP when `csp` attribute of <iframe> is not empty.]
-    expected: FAIL
-
-  [Test cross origin redirect: Send Sec-Required-CSP when `csp` attribute of <iframe> is not empty.]
-    expected: FAIL
-
-  [Test cross origin redirect of cross origin iframe: Send Sec-Required-CSP when `csp` attribute of <iframe> is not empty.]
-    expected: FAIL
-
-  [Test Required-CSP value on `csp` change: Send Sec-Required-CSP when `csp` attribute of <iframe> is not empty.]
-    expected: FAIL
-
-  [Test same origin: Send Sec-Required-CSP Header on change of `src` attribute on iframe.]
-    expected: FAIL
-
-  [Test same origin redirect: Send Sec-Required-CSP Header on change of `src` attribute on iframe.]
-    expected: FAIL
-
-  [Test cross origin redirect: Send Sec-Required-CSP Header on change of `src` attribute on iframe.]
-    expected: FAIL
-
-  [Test cross origin redirect of cross origin iframe: Send Sec-Required-CSP Header on change of `src` attribute on iframe.]
-    expected: FAIL
-
-  [Test Required-CSP value on `csp` change: Send Sec-Required-CSP Header on change of `src` attribute on iframe.]
-    expected: FAIL
-
-  [Test same origin: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - gibberish csp]
-    expected: FAIL
-
-  [Test same origin redirect: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - gibberish csp]
-    expected: FAIL
-
-  [Test cross origin redirect: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - gibberish csp]
-    expected: FAIL
-
-  [Test cross origin redirect of cross origin iframe: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - gibberish csp]
-    expected: FAIL
-
-  [Test Required-CSP value on `csp` change: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - gibberish csp]
-    expected: FAIL
-
-  [Test same origin: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - unknown policy name]
-    expected: FAIL
-
-  [Test same origin redirect: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - unknown policy name]
-    expected: FAIL
-
-  [Test cross origin redirect: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - unknown policy name]
-    expected: FAIL
-
-  [Test cross origin redirect of cross origin iframe: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - unknown policy name]
-    expected: FAIL
-
-  [Test Required-CSP value on `csp` change: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - unknown policy name]
-    expected: FAIL
-
-  [Test same origin: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - unknown policy name in multiple directives]
-    expected: FAIL
-
-  [Test same origin redirect: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - unknown policy name in multiple directives]
-    expected: FAIL
-
-  [Test cross origin redirect: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - unknown policy name in multiple directives]
-    expected: FAIL
-
-  [Test cross origin redirect of cross origin iframe: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - unknown policy name in multiple directives]
-    expected: FAIL
-
-  [Test Required-CSP value on `csp` change: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - unknown policy name in multiple directives]
-    expected: FAIL
-
-  [Test same origin: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - misspeled 'none']
-    expected: FAIL
-
-  [Test same origin redirect: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - misspeled 'none']
-    expected: FAIL
-
-  [Test cross origin redirect: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - misspeled 'none']
-    expected: FAIL
-
-  [Test cross origin redirect of cross origin iframe: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - misspeled 'none']
-    expected: FAIL
-
-  [Test Required-CSP value on `csp` change: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - misspeled 'none']
-    expected: FAIL
-
-  [Test same origin: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - query values in path]
-    expected: FAIL
-
-  [Test same origin redirect: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - query values in path]
-    expected: FAIL
-
-  [Test cross origin redirect: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - query values in path]
-    expected: FAIL
-
-  [Test cross origin redirect of cross origin iframe: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - query values in path]
-    expected: FAIL
-
-  [Test Required-CSP value on `csp` change: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - query values in path]
-    expected: FAIL
-
-  [Test same origin: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - missing semicolon]
-    expected: FAIL
-
-  [Test same origin redirect: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - missing semicolon]
-    expected: FAIL
-
-  [Test cross origin redirect: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - missing semicolon]
-    expected: FAIL
-
-  [Test cross origin redirect of cross origin iframe: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - missing semicolon]
-    expected: FAIL
-
-  [Test Required-CSP value on `csp` change: Wrong but allowed value of `csp` should still trigger sending Sec-Required-CSP Header - missing semicolon]
-    expected: FAIL
-
-  [Test Required-CSP value on `csp` change: Wrong and dangerous value of `csp` should not trigger sending Sec-Required-CSP Header - comma separated]
-    expected: FAIL
-
-  [Test Required-CSP value on `csp` change: Wrong and dangerous value of `csp` should not trigger sending Sec-Required-CSP Header - invalid characters in directive names]
-    expected: FAIL
-
-  [Test Required-CSP value on `csp` change: Wrong and dangerous value of `csp` should not trigger sending Sec-Required-CSP Header - invalid character in directive name]
-    expected: FAIL
-
-  [Test Required-CSP value on `csp` change: Wrong and dangerous value of `csp` should not trigger sending Sec-Required-CSP Header - report-uri present]
-    expected: FAIL
-
-  [Test Required-CSP value on `csp` change: Wrong and dangerous value of `csp` should not trigger sending Sec-Required-CSP Header - report-to present]
-    expected: FAIL
-
-  [Test Required-CSP value on `csp` change: Sec-Required-CSP is not sent if `csp` attribute is longer than 4096 bytes]
-    expected: FAIL
diff --git a/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-general.html.ini b/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-general.html.ini
deleted file mode 100644
index 17be9612c26..00000000000
--- a/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-general.html.ini
+++ /dev/null
@@ -1,21 +0,0 @@
-[subsumption_algorithm-general.html]
-  [Iframe with empty returned CSP should be blocked.]
-    expected: FAIL
-
-  [Iframe with less restricting CSP should be blocked.]
-    expected: FAIL
-
-  [Iframe with a different CSP should be blocked.]
-    expected: FAIL
-
-  [Host wildcard *.a.com does not match a.com]
-    expected: FAIL
-
-  [Iframe should block if intersection allows sources which are not in required_csp.]
-    expected: FAIL
-
-  [Iframe should block if intersection allows sources which are not in required_csp (other ordering).]
-    expected: FAIL
-
-  [Removed plugin-types directive should be ignored 3.]
-    expected: FAIL
diff --git a/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-hashes.html.ini b/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-hashes.html.ini
deleted file mode 100644
index 52a06599411..00000000000
--- a/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-hashes.html.ini
+++ /dev/null
@@ -1,18 +0,0 @@
-[subsumption_algorithm-hashes.html]
-  [Returned should not include hashes not present in required csp.]
-    expected: FAIL
-
-  [Hashes do not have to be present in returned csp but must not allow all inline behavior.]
-    expected: FAIL
-
-  [Other expressions have to be subsumed.]
-    expected: FAIL
-
-  [Required csp must allow 'sha256-abc123'.]
-    expected: FAIL
-
-  [Effective policy is properly found where 'sha256-abc123' is not subsumed.]
-    expected: FAIL
-
-  ['sha256-abc123' is not subsumed by 'sha256-abc456'.]
-    expected: FAIL
diff --git a/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-hosts.html.ini b/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-hosts.html.ini
deleted file mode 100644
index d45034b98bb..00000000000
--- a/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-hosts.html.ini
+++ /dev/null
@@ -1,12 +0,0 @@
-[subsumption_algorithm-host_sources-hosts.html]
-  [Host must match.]
-    expected: FAIL
-
-  [Hosts without wildcards must match.]
-    expected: FAIL
-
-  [More specific subdomain should not match.]
-    expected: FAIL
-
-  [Specified host should not match a wildcard host.]
-    expected: FAIL
diff --git a/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-paths.html.ini b/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-paths.html.ini
deleted file mode 100644
index a209654a16a..00000000000
--- a/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-paths.html.ini
+++ /dev/null
@@ -1,9 +0,0 @@
-[subsumption_algorithm-host_sources-paths.html]
-  [Returned CSP must specify a path.]
-    expected: FAIL
-
-  [Empty path is not subsumed by specified paths.]
-    expected: FAIL
-
-  [That should not be true when required csp specifies a specific page.]
-    expected: FAIL
diff --git a/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-ports.html.ini b/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-ports.html.ini
deleted file mode 100644
index 71eee1cc3a6..00000000000
--- a/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-ports.html.ini
+++ /dev/null
@@ -1,12 +0,0 @@
-[subsumption_algorithm-host_sources-ports.html]
-  [Specified ports must match.]
-    expected: FAIL
-
-  [Returned CSP should be subsumed if the port is specified but is not default for a more secure scheme.]
-    expected: FAIL
-
-  [Wildcard port should not be subsumed by a default port.]
-    expected: FAIL
-
-  [Wildcard port should not be subsumed by a spcified port.]
-    expected: FAIL
diff --git a/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-protocols.html.ini b/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-protocols.html.ini
deleted file mode 100644
index 7667e7f2f15..00000000000
--- a/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-host_sources-protocols.html.ini
+++ /dev/null
@@ -1,12 +0,0 @@
-[subsumption_algorithm-host_sources-protocols.html]
-  [`https` is more restrictive than `http`.]
-    expected: FAIL
-
-  [`http:` does not subsume other protocols.]
-    expected: FAIL
-
-  [If scheme source is present in returned csp, it must be specified in required csp too.]
-    expected: FAIL
-
-  [All scheme sources must be subsumed.]
-    expected: FAIL
diff --git a/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-nonces.html.ini b/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-nonces.html.ini
deleted file mode 100644
index beac34a684b..00000000000
--- a/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-nonces.html.ini
+++ /dev/null
@@ -1,9 +0,0 @@
-[subsumption_algorithm-nonces.html]
-  [A nonce has to be returned if required by the embedder.]
-    expected: FAIL
-
-  [Nonce intersection is still done on exact match - matching nonces.]
-    expected: FAIL
-
-  [Other expressions still have to be subsumed - negative test]
-    expected: FAIL
diff --git a/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-none.html.ini b/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-none.html.ini
deleted file mode 100644
index 32ef4ddd0df..00000000000
--- a/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-none.html.ini
+++ /dev/null
@@ -1,21 +0,0 @@
-[subsumption_algorithm-none.html]
-  [Required policy that allows `none` does not subsume empty list of policies.]
-    expected: FAIL
-
-  [Required csp with effective `none` does not subsume a host source expression.]
-    expected: FAIL
-
-  [Required csp with `none` does not subsume a host source expression.]
-    expected: FAIL
-
-  [Required csp with effective `none` does not subsume `none` of another directive.]
-    expected: FAIL
-
-  [Required csp with `none` does not subsume `none` of another directive.]
-    expected: FAIL
-
-  [Required csp with `none` does not subsume `none` of different directives.]
-    expected: FAIL
-
-  [Both required and returned csp are `none` for only one directive.]
-    expected: FAIL
diff --git a/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-self.html.ini b/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-self.html.ini
deleted file mode 100644
index 6fc6208a3db..00000000000
--- a/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-self.html.ini
+++ /dev/null
@@ -1,6 +0,0 @@
-[subsumption_algorithm-self.html]
-  [Returned CSP must not allow 'self' if required CSP does not.]
-    expected: FAIL
-
-  [Returned 'self' should not be subsumed by a more secure version of origin's url.]
-    expected: FAIL
diff --git a/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-source_list-wildcards.html.ini b/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-source_list-wildcards.html.ini
deleted file mode 100644
index bb05e009d9e..00000000000
--- a/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-source_list-wildcards.html.ini
+++ /dev/null
@@ -1,45 +0,0 @@
-[subsumption_algorithm-source_list-wildcards.html]
-  [Wildcard does not subsume empty list.]
-    expected: FAIL
-
-  [Empty source list does not subsume a wildcard source list.]
-    expected: FAIL
-
-  ['none' does not subsume a wildcard source list.]
-    expected: FAIL
-
-  [Wildcard source list does not subsume `data:` scheme source expression.]
-    expected: FAIL
-
-  [Wildcard source list does not subsume `blob:` scheme source expression.]
-    expected: FAIL
-
-  [Source expressions do not subsume effective nonce expressions.]
-    expected: FAIL
-
-  [Wildcard source list is not subsumed by a host expression.]
-    expected: FAIL
-
-  [Wildcard list with keywords is not subsumed by a wildcard list.]
-    expected: FAIL
-
-  [Wildcard list with 'unsafe-hashes' is not subsumed by a wildcard list.]
-    expected: FAIL
-
-  [Wildcard list with 'unsafe-inline' is not subsumed by a wildcard list.]
-    expected: FAIL
-
-  [Wildcard list with 'unsafe-eval' is not subsumed by a wildcard list.]
-    expected: FAIL
-
-  [Wildcard list with 'unsafe-eval' is not subsumed by list with a single expression.]
-    expected: FAIL
-
-  [The same as above but for 'unsafe-inline'.]
-    expected: FAIL
-
-  [`data:` is not subsumed by a wildcard list.]
-    expected: FAIL
-
-  [`blob:` is not subsumed by a wildcard list.]
-    expected: FAIL
diff --git a/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-strict_dynamic.html.ini b/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-strict_dynamic.html.ini
deleted file mode 100644
index 1ac21eb5c3f..00000000000
--- a/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-strict_dynamic.html.ini
+++ /dev/null
@@ -1,9 +0,0 @@
-[subsumption_algorithm-strict_dynamic.html]
-  ['strict-dynamic' is effective only for `script-src`.]
-    expected: FAIL
-
-  ['strict-dynamic' is properly handled for finding effective policy.]
-    expected: FAIL
-
-  ['strict-dynamic' has to be allowed by required csp if it is present in returned csp.]
-    expected: FAIL
diff --git a/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-unsafe_eval.html.ini b/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-unsafe_eval.html.ini
deleted file mode 100644
index e5f8147c981..00000000000
--- a/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-unsafe_eval.html.ini
+++ /dev/null
@@ -1,12 +0,0 @@
-[subsumption_algorithm-unsafe_eval.html]
-  [No other keyword has the same effect as 'unsafe-eval'.]
-    expected: FAIL
-
-  [Other expressions have to be subsumed.]
-    expected: FAIL
-
-  [Required csp must allow 'unsafe-eval'.]
-    expected: FAIL
-
-  [Effective policy is properly found where 'unsafe-eval' is not subsumed.]
-    expected: FAIL
diff --git a/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-unsafe_hashes.html.ini b/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-unsafe_hashes.html.ini
deleted file mode 100644
index be8fe1e17a1..00000000000
--- a/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-unsafe_hashes.html.ini
+++ /dev/null
@@ -1,12 +0,0 @@
-[subsumption_algorithm-unsafe_hashes.html]
-  [No other keyword has the same effect as 'unsafe-hashes'.]
-    expected: FAIL
-
-  [Other expressions have to be subsumed.]
-    expected: FAIL
-
-  [Required csp must allow 'unsafe-hashes'.]
-    expected: FAIL
-
-  [Effective policy is properly found where 'unsafe-hashes' is not subsumed.]
-    expected: FAIL
diff --git a/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-unsafe_inline.html.ini b/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-unsafe_inline.html.ini
deleted file mode 100644
index 7921da71005..00000000000
--- a/tests/wpt/meta/content-security-policy/embedded-enforcement/subsumption_algorithm-unsafe_inline.html.ini
+++ /dev/null
@@ -1,18 +0,0 @@
-[subsumption_algorithm-unsafe_inline.html?9-last]
-  [Required csp allows `strict-dynamic`, but retuned csp does.]
-    expected: FAIL
-
-  [Required csp does not allow `unsafe-inline`, but retuned csp does.]
-    expected: FAIL
-
-  [Returned csp allows a nonce.]
-    expected: FAIL
-
-  [Returned csp allows a hash.]
-    expected: FAIL
-
-  [Effective returned csp allows 'unsafe-inline']
-    expected: FAIL
-
-
-[subsumption_algorithm-unsafe_inline.html?1-8]
diff --git a/tests/wpt/meta/content-security-policy/frame-ancestors/frame-ancestors-path-ignored.window.js.ini b/tests/wpt/meta/content-security-policy/frame-ancestors/frame-ancestors-path-ignored.window.js.ini
new file mode 100644
index 00000000000..493d04ea590
--- /dev/null
+++ b/tests/wpt/meta/content-security-policy/frame-ancestors/frame-ancestors-path-ignored.window.js.ini
@@ -0,0 +1,3 @@
+[frame-ancestors-path-ignored.window.html]
+  [A 'frame-ancestors' CSP directive with a URL that includes a path should be ignored.]
+    expected: FAIL
diff --git a/tests/wpt/meta/content-security-policy/frame-src/frame-src-cross-origin-same-document-navigation.window.js.ini b/tests/wpt/meta/content-security-policy/frame-src/frame-src-cross-origin-same-document-navigation.window.js.ini
index 84d3f383610..b22b217fc25 100644
--- a/tests/wpt/meta/content-security-policy/frame-src/frame-src-cross-origin-same-document-navigation.window.js.ini
+++ b/tests/wpt/meta/content-security-policy/frame-src/frame-src-cross-origin-same-document-navigation.window.js.ini
@@ -1,3 +1,4 @@
 [frame-src-cross-origin-same-document-navigation.window.html]
+  expected: OK
   [frame-src-cross-origin-same-document-navigation]
     expected: FAIL
diff --git a/tests/wpt/meta/content-security-policy/generic/304-response-should-update-csp.sub.html.ini b/tests/wpt/meta/content-security-policy/generic/304-response-should-update-csp.sub.html.ini
index 50fb992352a..f4f10d1a85c 100644
--- a/tests/wpt/meta/content-security-policy/generic/304-response-should-update-csp.sub.html.ini
+++ b/tests/wpt/meta/content-security-policy/generic/304-response-should-update-csp.sub.html.ini
@@ -1,7 +1,6 @@
 [304-response-should-update-csp.sub.html]
-  expected: TIMEOUT
   [Test that the first frame does not use nonce def]
-    expected: NOTRUN
+    expected: FAIL
 
   [Test that the second frame does not use nonce abc]
-    expected: NOTRUN
+    expected: FAIL
diff --git a/tests/wpt/meta/content-security-policy/generic/directive-name-case-insensitive.sub.html.ini b/tests/wpt/meta/content-security-policy/generic/directive-name-case-insensitive.sub.html.ini
deleted file mode 100644
index 69bab8d00c4..00000000000
--- a/tests/wpt/meta/content-security-policy/generic/directive-name-case-insensitive.sub.html.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-[directive-name-case-insensitive.sub.html]
-  [Test that the www2 image throws a violation event]
-    expected: FAIL
diff --git a/tests/wpt/meta/content-security-policy/media-src/media-src-7_1_2.sub.html.ini b/tests/wpt/meta/content-security-policy/media-src/media-src-7_1_2.sub.html.ini
index 78c6e629154..cb39752b7cf 100644
--- a/tests/wpt/meta/content-security-policy/media-src/media-src-7_1_2.sub.html.ini
+++ b/tests/wpt/meta/content-security-policy/media-src/media-src-7_1_2.sub.html.ini
@@ -1,3 +1,4 @@
 [media-src-7_1_2.sub.html]
+  expected: TIMEOUT
   [Test that securitypolicyviolation events are fired]
-    expected: FAIL
+    expected: TIMEOUT
diff --git a/tests/wpt/meta/content-security-policy/media-src/media-src-7_2_2.sub.html.ini b/tests/wpt/meta/content-security-policy/media-src/media-src-7_2_2.sub.html.ini
index 7985a3a7478..790f54981cc 100644
--- a/tests/wpt/meta/content-security-policy/media-src/media-src-7_2_2.sub.html.ini
+++ b/tests/wpt/meta/content-security-policy/media-src/media-src-7_2_2.sub.html.ini
@@ -2,6 +2,3 @@
   expected: TIMEOUT
   [Disallowed audio source element]
     expected: NOTRUN
-
-  [Test that securitypolicyviolation events are fired]
-    expected: FAIL
diff --git a/tests/wpt/meta/content-security-policy/media-src/media-src-blocked.sub.html.ini b/tests/wpt/meta/content-security-policy/media-src/media-src-blocked.sub.html.ini
index afee3a14784..8ea44b08e0b 100644
--- a/tests/wpt/meta/content-security-policy/media-src/media-src-blocked.sub.html.ini
+++ b/tests/wpt/meta/content-security-policy/media-src/media-src-blocked.sub.html.ini
@@ -1,8 +1,5 @@
 [media-src-blocked.sub.html]
   expected: TIMEOUT
-  [Disallowed async video src]
-    expected: FAIL
-
   [Disallowed async video source element]
     expected: TIMEOUT
 
diff --git a/tests/wpt/meta/content-security-policy/parsing/invalid-directive.html.ini b/tests/wpt/meta/content-security-policy/parsing/invalid-directive.html.ini
deleted file mode 100644
index 8d9f04e0f62..00000000000
--- a/tests/wpt/meta/content-security-policy/parsing/invalid-directive.html.ini
+++ /dev/null
@@ -1,4 +0,0 @@
-[invalid-directive.html]
-  expected: TIMEOUT
-  [Even if an unknown directive is specified, img-src is honored.]
-    expected: TIMEOUT
diff --git a/tests/wpt/meta/content-security-policy/reporting-api/report-to-directive-allowed-in-meta.https.sub.html.ini b/tests/wpt/meta/content-security-policy/reporting-api/report-to-directive-allowed-in-meta.https.sub.html.ini
index 507866f56bd..950bcfb5a23 100644
--- a/tests/wpt/meta/content-security-policy/reporting-api/report-to-directive-allowed-in-meta.https.sub.html.ini
+++ b/tests/wpt/meta/content-security-policy/reporting-api/report-to-directive-allowed-in-meta.https.sub.html.ini
@@ -1,7 +1,4 @@
 [report-to-directive-allowed-in-meta.https.sub.html]
-  [Event is fired]
-    expected: FAIL
-
   [Report is observable to ReportingObserver]
     expected: FAIL
 
diff --git a/tests/wpt/meta/content-security-policy/reporting-api/reporting-api-report-to-only-sends-reports-to-first-endpoint.https.sub.html.ini b/tests/wpt/meta/content-security-policy/reporting-api/reporting-api-report-to-only-sends-reports-to-first-endpoint.https.sub.html.ini
deleted file mode 100644
index b364374296d..00000000000
--- a/tests/wpt/meta/content-security-policy/reporting-api/reporting-api-report-to-only-sends-reports-to-first-endpoint.https.sub.html.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-[reporting-api-report-to-only-sends-reports-to-first-endpoint.https.sub.html]
-  [Event is fired]
-    expected: FAIL
diff --git a/tests/wpt/meta/content-security-policy/reporting-api/reporting-api-report-to-overrides-report-uri-1.https.sub.html.ini b/tests/wpt/meta/content-security-policy/reporting-api/reporting-api-report-to-overrides-report-uri-1.https.sub.html.ini
deleted file mode 100644
index 430f81a94a9..00000000000
--- a/tests/wpt/meta/content-security-policy/reporting-api/reporting-api-report-to-overrides-report-uri-1.https.sub.html.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-[reporting-api-report-to-overrides-report-uri-1.https.sub.html]
-  [Event is fired]
-    expected: FAIL
diff --git a/tests/wpt/meta/content-security-policy/reporting-api/reporting-api-report-to-overrides-report-uri-2.https.sub.html.ini b/tests/wpt/meta/content-security-policy/reporting-api/reporting-api-report-to-overrides-report-uri-2.https.sub.html.ini
deleted file mode 100644
index b33bec4e299..00000000000
--- a/tests/wpt/meta/content-security-policy/reporting-api/reporting-api-report-to-overrides-report-uri-2.https.sub.html.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-[reporting-api-report-to-overrides-report-uri-2.https.sub.html]
-  [Event is fired]
-    expected: FAIL
diff --git a/tests/wpt/meta/content-security-policy/reporting-api/reporting-api-sends-reports-on-violation.https.sub.html.ini b/tests/wpt/meta/content-security-policy/reporting-api/reporting-api-sends-reports-on-violation.https.sub.html.ini
index 6aca7743484..2e2c16c80c7 100644
--- a/tests/wpt/meta/content-security-policy/reporting-api/reporting-api-sends-reports-on-violation.https.sub.html.ini
+++ b/tests/wpt/meta/content-security-policy/reporting-api/reporting-api-sends-reports-on-violation.https.sub.html.ini
@@ -1,7 +1,4 @@
 [reporting-api-sends-reports-on-violation.https.sub.html]
-  [Event is fired]
-    expected: FAIL
-
   [Report is observable to ReportingObserver]
     expected: FAIL
 
diff --git a/tests/wpt/meta/content-security-policy/script-src-attr-elem/script-src-attr-blocked-src-allowed.html.ini b/tests/wpt/meta/content-security-policy/script-src-attr-elem/script-src-attr-blocked-src-allowed.html.ini
deleted file mode 100644
index 7d63c9c4aa8..00000000000
--- a/tests/wpt/meta/content-security-policy/script-src-attr-elem/script-src-attr-blocked-src-allowed.html.ini
+++ /dev/null
@@ -1,4 +0,0 @@
-[script-src-attr-blocked-src-allowed.html]
-  expected: TIMEOUT
-  [Should fire a security policy violation event]
-    expected: NOTRUN
diff --git a/tests/wpt/meta/content-security-policy/script-src-attr-elem/script-src-elem-allowed-attr-blocked.html.ini b/tests/wpt/meta/content-security-policy/script-src-attr-elem/script-src-elem-allowed-attr-blocked.html.ini
deleted file mode 100644
index 26cdda4bcb0..00000000000
--- a/tests/wpt/meta/content-security-policy/script-src-attr-elem/script-src-elem-allowed-attr-blocked.html.ini
+++ /dev/null
@@ -1,4 +0,0 @@
-[script-src-elem-allowed-attr-blocked.html]
-  expected: TIMEOUT
-  [Should fire a security policy violation for the attribute]
-    expected: NOTRUN
diff --git a/tests/wpt/meta/content-security-policy/script-src-attr-elem/script-src-elem-blocked-attr-allowed.html.ini b/tests/wpt/meta/content-security-policy/script-src-attr-elem/script-src-elem-blocked-attr-allowed.html.ini
deleted file mode 100644
index dbcc0e32fea..00000000000
--- a/tests/wpt/meta/content-security-policy/script-src-attr-elem/script-src-elem-blocked-attr-allowed.html.ini
+++ /dev/null
@@ -1,4 +0,0 @@
-[script-src-elem-blocked-attr-allowed.html]
-  expected: TIMEOUT
-  [Should fire a security policy violation for the attribute]
-    expected: NOTRUN
diff --git a/tests/wpt/meta/content-security-policy/script-src-attr-elem/script-src-elem-blocked-src-allowed.html.ini b/tests/wpt/meta/content-security-policy/script-src-attr-elem/script-src-elem-blocked-src-allowed.html.ini
deleted file mode 100644
index 2b588c54a1b..00000000000
--- a/tests/wpt/meta/content-security-policy/script-src-attr-elem/script-src-elem-blocked-src-allowed.html.ini
+++ /dev/null
@@ -1,4 +0,0 @@
-[script-src-elem-blocked-src-allowed.html]
-  expected: TIMEOUT
-  [Should fire a spv event]
-    expected: NOTRUN
diff --git a/tests/wpt/meta/content-security-policy/script-src-attr-elem/strict-dynamic-elem-blocked-src-allowed.sub.html.ini b/tests/wpt/meta/content-security-policy/script-src-attr-elem/strict-dynamic-elem-blocked-src-allowed.sub.html.ini
deleted file mode 100644
index d9d532f939f..00000000000
--- a/tests/wpt/meta/content-security-policy/script-src-attr-elem/strict-dynamic-elem-blocked-src-allowed.sub.html.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-[strict-dynamic-elem-blocked-src-allowed.sub.html]
-  [Should fire a security policy violation event]
-    expected: FAIL
diff --git a/tests/wpt/meta/content-security-policy/script-src/injected-inline-script-blocked.sub.html.ini b/tests/wpt/meta/content-security-policy/script-src/injected-inline-script-blocked.sub.html.ini
deleted file mode 100644
index a238a868a00..00000000000
--- a/tests/wpt/meta/content-security-policy/script-src/injected-inline-script-blocked.sub.html.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-[injected-inline-script-blocked.sub.html]
-  [Expecting logs: ["violated-directive=script-src-elem","blocked-uri=inline"\]]
-    expected: FAIL
diff --git a/tests/wpt/meta/content-security-policy/script-src/script-src-1_1.html.ini b/tests/wpt/meta/content-security-policy/script-src/script-src-1_1.html.ini
deleted file mode 100644
index 539ba1d3fe6..00000000000
--- a/tests/wpt/meta/content-security-policy/script-src/script-src-1_1.html.ini
+++ /dev/null
@@ -1,7 +0,0 @@
-[script-src-1_1.html]
-  expected: TIMEOUT
-  [Inline event handler]
-    expected: FAIL
-
-  [Should fire policy violation events]
-    expected: NOTRUN
diff --git a/tests/wpt/meta/content-security-policy/script-src/script-src-1_2.html.ini b/tests/wpt/meta/content-security-policy/script-src/script-src-1_2.html.ini
deleted file mode 100644
index 3b78af2b156..00000000000
--- a/tests/wpt/meta/content-security-policy/script-src/script-src-1_2.html.ini
+++ /dev/null
@@ -1,7 +0,0 @@
-[script-src-1_2.html]
-  expected: TIMEOUT
-  [Inline event handler]
-    expected: FAIL
-
-  [Should fire policy violation events]
-    expected: NOTRUN
diff --git a/tests/wpt/meta/content-security-policy/script-src/script-src-1_2_1.html.ini b/tests/wpt/meta/content-security-policy/script-src/script-src-1_2_1.html.ini
deleted file mode 100644
index b67e9008738..00000000000
--- a/tests/wpt/meta/content-security-policy/script-src/script-src-1_2_1.html.ini
+++ /dev/null
@@ -1,4 +0,0 @@
-[script-src-1_2_1.html]
-  expected: TIMEOUT
-  [Test that securitypolicyviolation event is fired]
-    expected: NOTRUN
diff --git a/tests/wpt/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_different_nonce.html.ini b/tests/wpt/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_different_nonce.html.ini
index 64a53f8c449..33ba231777c 100644
--- a/tests/wpt/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_different_nonce.html.ini
+++ b/tests/wpt/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_different_nonce.html.ini
@@ -1,4 +1,3 @@
 [script-src-strict_dynamic_double_policy_different_nonce.html]
-  expected: TIMEOUT
   [Unnonced script injected via `appendChild` is not allowed with `strict-dynamic` + a nonce-only double policy.]
-    expected: TIMEOUT
+    expected: FAIL
diff --git a/tests/wpt/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_honor_source_expressions.sub.html.ini b/tests/wpt/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_honor_source_expressions.sub.html.ini
index 6a8346f0e25..c9d74462151 100644
--- a/tests/wpt/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_honor_source_expressions.sub.html.ini
+++ b/tests/wpt/meta/content-security-policy/script-src/script-src-strict_dynamic_double_policy_honor_source_expressions.sub.html.ini
@@ -1,4 +1,3 @@
 [script-src-strict_dynamic_double_policy_honor_source_expressions.sub.html]
-  expected: TIMEOUT
   [Non-allowed script injected via `appendChild` is not permitted with `strict-dynamic` + a nonce+allowed double policy.]
-    expected: TIMEOUT
+    expected: FAIL
diff --git a/tests/wpt/meta/content-security-policy/script-src/script-src-strict_dynamic_meta_tag.html.ini b/tests/wpt/meta/content-security-policy/script-src/script-src-strict_dynamic_meta_tag.html.ini
index eaee0eea6e0..77fdfb89f19 100644
--- a/tests/wpt/meta/content-security-policy/script-src/script-src-strict_dynamic_meta_tag.html.ini
+++ b/tests/wpt/meta/content-security-policy/script-src/script-src-strict_dynamic_meta_tag.html.ini
@@ -1,5 +1,5 @@
 [script-src-strict_dynamic_meta_tag.html]
-  expected: TIMEOUT
+  expected: ERROR
   [Script injected via `appendChild` populated via `textContent` is allowed with `strict-dynamic`.]
     expected: TIMEOUT
 
diff --git a/tests/wpt/meta/content-security-policy/script-src/script-src-strict_dynamic_non_parser_inserted.html.ini b/tests/wpt/meta/content-security-policy/script-src/script-src-strict_dynamic_non_parser_inserted.html.ini
index f25fbbe74d1..ca8b9d7bd1f 100644
--- a/tests/wpt/meta/content-security-policy/script-src/script-src-strict_dynamic_non_parser_inserted.html.ini
+++ b/tests/wpt/meta/content-security-policy/script-src/script-src-strict_dynamic_non_parser_inserted.html.ini
@@ -1,5 +1,5 @@
 [script-src-strict_dynamic_non_parser_inserted.html]
-  expected: TIMEOUT
+  expected: ERROR
   [Script injected via `appendChild` populated via `textContent` is allowed with `strict-dynamic`.]
     expected: TIMEOUT
 
diff --git a/tests/wpt/meta/content-security-policy/script-src/script-src-strict_dynamic_non_parser_inserted_incorrect_nonce.html.ini b/tests/wpt/meta/content-security-policy/script-src/script-src-strict_dynamic_non_parser_inserted_incorrect_nonce.html.ini
deleted file mode 100644
index 95e07a69fd6..00000000000
--- a/tests/wpt/meta/content-security-policy/script-src/script-src-strict_dynamic_non_parser_inserted_incorrect_nonce.html.ini
+++ /dev/null
@@ -1,4 +0,0 @@
-[script-src-strict_dynamic_non_parser_inserted_incorrect_nonce.html]
-  expected: TIMEOUT
-  [All the expected CSP violation reports have been fired.]
-    expected: TIMEOUT
diff --git a/tests/wpt/meta/content-security-policy/script-src/scripthash-unicode-normalization.sub.html.ini b/tests/wpt/meta/content-security-policy/script-src/scripthash-unicode-normalization.sub.html.ini
deleted file mode 100644
index 9884e4545fd..00000000000
--- a/tests/wpt/meta/content-security-policy/script-src/scripthash-unicode-normalization.sub.html.ini
+++ /dev/null
@@ -1,4 +0,0 @@
-[scripthash-unicode-normalization.sub.html]
-  expected: TIMEOUT
-  [Should fire securitypolicyviolation]
-    expected: NOTRUN
diff --git a/tests/wpt/meta/content-security-policy/script-src/scriptnonce-and-scripthash.sub.html.ini b/tests/wpt/meta/content-security-policy/script-src/scriptnonce-and-scripthash.sub.html.ini
deleted file mode 100644
index ebb9846200d..00000000000
--- a/tests/wpt/meta/content-security-policy/script-src/scriptnonce-and-scripthash.sub.html.ini
+++ /dev/null
@@ -1,4 +0,0 @@
-[scriptnonce-and-scripthash.sub.html]
-  expected: TIMEOUT
-  [Expecting alerts: ["PASS (1/3)","PASS (2/3)","PASS (3/3)"\]]
-    expected: TIMEOUT
diff --git a/tests/wpt/meta/content-security-policy/script-src/scriptnonce-ignore-unsafeinline.sub.html.ini b/tests/wpt/meta/content-security-policy/script-src/scriptnonce-ignore-unsafeinline.sub.html.ini
deleted file mode 100644
index a002d68b3a0..00000000000
--- a/tests/wpt/meta/content-security-policy/script-src/scriptnonce-ignore-unsafeinline.sub.html.ini
+++ /dev/null
@@ -1,4 +0,0 @@
-[scriptnonce-ignore-unsafeinline.sub.html]
-  expected: TIMEOUT
-  [Expecting alerts: ["PASS (1/2)","PASS (2/2)", "violated-directive=script-src-elem"\]]
-    expected: TIMEOUT
diff --git a/tests/wpt/meta/content-security-policy/securitypolicyviolation/script-sample-no-opt-in.html.ini b/tests/wpt/meta/content-security-policy/securitypolicyviolation/script-sample-no-opt-in.html.ini
index a7ebd4aff51..b12f81377d1 100644
--- a/tests/wpt/meta/content-security-policy/securitypolicyviolation/script-sample-no-opt-in.html.ini
+++ b/tests/wpt/meta/content-security-policy/securitypolicyviolation/script-sample-no-opt-in.html.ini
@@ -1,5 +1,5 @@
 [script-sample-no-opt-in.html]
-  expected: ERROR
+  expected: TIMEOUT
   [Inline script should not have a sample.]
     expected: TIMEOUT
 
diff --git a/tests/wpt/meta/content-security-policy/securitypolicyviolation/script-sample.html.ini b/tests/wpt/meta/content-security-policy/securitypolicyviolation/script-sample.html.ini
index d5f06d70c53..f4c315396f6 100644
--- a/tests/wpt/meta/content-security-policy/securitypolicyviolation/script-sample.html.ini
+++ b/tests/wpt/meta/content-security-policy/securitypolicyviolation/script-sample.html.ini
@@ -1,5 +1,5 @@
 [script-sample.html]
-  expected: ERROR
+  expected: TIMEOUT
   [Inline script should have a sample.]
     expected: TIMEOUT
 
diff --git a/tests/wpt/meta/content-security-policy/unsafe-hashes/script_event_handlers_denied_missing_unsafe_hashes.html.ini b/tests/wpt/meta/content-security-policy/unsafe-hashes/script_event_handlers_denied_missing_unsafe_hashes.html.ini
deleted file mode 100644
index 1b173ed7507..00000000000
--- a/tests/wpt/meta/content-security-policy/unsafe-hashes/script_event_handlers_denied_missing_unsafe_hashes.html.ini
+++ /dev/null
@@ -1,4 +0,0 @@
-[script_event_handlers_denied_missing_unsafe_hashes.html]
-  expected: TIMEOUT
-  [Test that the inline event handler is not allowed to run]
-    expected: NOTRUN
diff --git a/tests/wpt/meta/content-security-policy/unsafe-hashes/script_event_handlers_denied_wrong_hash.html.ini b/tests/wpt/meta/content-security-policy/unsafe-hashes/script_event_handlers_denied_wrong_hash.html.ini
deleted file mode 100644
index 85499b57550..00000000000
--- a/tests/wpt/meta/content-security-policy/unsafe-hashes/script_event_handlers_denied_wrong_hash.html.ini
+++ /dev/null
@@ -1,4 +0,0 @@
-[script_event_handlers_denied_wrong_hash.html]
-  expected: TIMEOUT
-  [Test that the inline event handler is not allowed to run]
-    expected: NOTRUN