Test Website A

test-website-a.pages.dev — 7 tests

See also: Test Website B

De-AMP Content-Disposition: attachment Bypass

Tests that AMP pages served with Content-Disposition: attachment are downloaded, not De-AMPed.

de-amp-download/

De-AMP Sec-Fetch-Site Bypass

Tests whether De-AMP redirects preserve the cross-site hop in the Sec-Fetch-Site header.

de-amp/

Server-Side Redirect

Tests browser behavior on a server-side 302 redirect to a cross-site destination (lobste.rs).

server-redirect/

Storage Access API

Tests whether a cross-site iframe can regain access to its first-party cookies via the Storage Access API.

storage-access/

Storage Quota Fingerprinting

Tests whether storage quota APIs leak different values in normal vs. private browsing, enabling incognito detection. Covers both the modern navigator.storage API and the legacy webkitTemporaryStorage API.

storage-quota-fingerprint/

Third-Party Cookies

Tests whether a cross-site iframe can read cookies set when its origin was top-level.

third-party-cookies/

window.name Clearing

Tests whether the browser clears window.name on cross-origin navigations.

window-name-clearing/