diff --git a/scripts/playx-verify-token-callback-test.php b/scripts/playx-verify-token-callback-test.php
index db0b64c..eeddcfe 100644
--- a/scripts/playx-verify-token-callback-test.php
+++ b/scripts/playx-verify-token-callback-test.php
@@ -94,9 +94,6 @@ if ($payload === false) {
     exit(1);
 }
 
-$escapedPayload = str_replace("'", "'\\''", $payload);
-$escapedSig = str_replace("'", "'\\''", $signature);
-
 echo "--- 等价 curl（Linux / macOS / Git Bash）---\n";
 echo "curl -sS -X POST '" . $url . "' \\\n";
 echo "  -H 'Content-Type: application/json' \\\n";
@@ -110,10 +107,12 @@ echo "canonical={$canonical}\n\n";
 $body = $payload;
 $ctx = stream_context_create([
     'http' => [
-        'method'  => 'POST',
-        'header'  => "Content-Type: application/json\r\nX-Request-Signature: {$signature}\r\n",
-        'content' => $body,
-        'timeout' => 15,
+        'method'        => 'POST',
+        'header'        => "Content-Type: application/json\r\nX-Request-Signature: {$signature}\r\n",
+        'content'       => $body,
+        'timeout'       => 15,
+        // 4xx/5xx 仍返回响应体，便于查看对端错误说明（否则 file_get_contents 直接 false）
+        'ignore_errors' => true,
     ],
     'ssl' => [
         'verify_peer'      => true,
@@ -128,4 +127,20 @@ if ($result === false) {
     exit(1);
 }
 
+$statusLine = isset($http_response_header[0]) ? $http_response_header[0] : '';
+echo "--- HTTP 响应行 ---\n";
+echo $statusLine . "\n";
+if (isset($http_response_header[1])) {
+    echo "--- 响应头（节选）---\n";
+    $max = min(12, count($http_response_header));
+    for ($i = 1; $i < $max; $i++) {
+        echo $http_response_header[$i] . "\n";
+    }
+}
+echo "--- 响应体 ---\n";
 echo $result . "\n";
+
+if (!preg_match('/\b200\b/', $statusLine)) {
+    fwrite(STDERR, "\n提示：非 2xx 时请根据响应体与对端核对签名字符串、Body 字段是否与回调网关约定一致。\n");
+    exit(2);
+}