diff --git a/js-scripts/README.org b/js-scripts/README.org
new file mode 100644
index 0000000..b4b51cb
--- /dev/null
+++ b/js-scripts/README.org
@@ -0,0 +1,2 @@
+* js-scripts
+These are just scripts that I use to test XSS bugs and whatnot; I'm not very good and I have no idea what I am doing this so please ignore them.
diff --git a/js-scripts/queryJsonPlaceholder.js b/js-scripts/queryJsonPlaceholder.js
new file mode 100644
index 0000000..e8b7ea2
--- /dev/null
+++ b/js-scripts/queryJsonPlaceholder.js
@@ -0,0 +1,7 @@
+// Testing to see if I can make API calls on a site that has CSP headers. However,
+// this certain site does not have those headers on their error page, so by creating
+// an iframe on the document root with this source we can make an api call to another
+// service, maybe?
+fetch('https://jsonplaceholder.typicode.com/todos/1')
+  .then(response => response.json())
+  .then(json => console.log(json))