Skip to content

Appendix A Test Sites

claustromaniac edited this page May 21, 2019 · 11 revisions

Here is a list of various websites in which to test your browser. You should enable Javascript (JS) on these sites for the tests to present a worst-case scenario. In reality, you should control JS and XSS (cross site scripting) on sites with extensions such as NoScript, uMatrix, uBlock Origin, among others, to reduce the possibility of fingerprinting attacks.

If you would like to submit a test page to be added to this list, please post the details here for consideration, thanks.

:star: Shameless Self Promotion

  • TorZillaPrint -
    • GitHub -
    • A work-in-progress: for Firefox and Tor Browser (read the readme)
    • I got tired of testing things (and remembering where they all where) over numerous sites, and some tests were missing, so this is my solution
    • Any JS wizards wishing to help out would be highly welcomed :kiss:

:small_orange_diamond: Fingerprinting

These are good sources to grab information on your results in one hit, but do not read too much into their entropy figures - see this comment

:small_orange_diamond: Multiple Tests [single page]

  • Privacycheck -
  • Whoer -
  • Do I Leak? -
  • IP/DNS Leak -
  • IP Duh -
  • Zscaler -
    • Security overview from phishing & malware & botnet connections, XSS, various exe/virus delivery mechanisms etc

:small_orange_diamond: Multiple Tests [multi-page]

:small_orange_diamond: Encryption / Ciphers / SSL/TLS / Certificates

  • BadSSL -
  • DCSec -
  • Qualys SSL Labs -
  • Fortify -
  • How's My SSL -
  • GRC Fingerprint -
    • EV [Extended Validation] / SSL Interception check [Do you see a bright green padlock?]

:small_orange_diamond: Mozilla's Safe Browsing, Tracking Protection GitHub

  • Attack -
  • Blocked -
  • Malware -
  • Phishing -
  • Tracking -

:small_orange_diamond: Other

1 This test is a PoC (proof of concept). You will need layout.css.visited_links_enabled set as true. You will also need a normal window (not a Private Browsing one). The PoC only covers a handful of sites, and many of those will not "leak" as the code is checking HTTP and the site has moved to HTTPS - i.e the full URL has changed. For best results:

You can’t perform that action at this time.