Over time, I have developed the following testbeds in order to experiment with security features and modern web technologies in different browsers:
-
preload-integrity and preload: Load a stylesheet with a
<link rel=preload as=style>tag and later refer to it with a<link rel=stylesheet>tag with or without integrity. In the latter case, a bug in Chromium causes the preloaded resource to be fetched again. Edit: This has now been fixed. -
sandbox-navigation: Try out the effects of various
allow-*directives on navigation initiated by sandboxed iframes. -
referrer-opener: A collection of both well-known and lesser-known ways in which
document.referrerandwindow.openercan leak (all credit goes to html5sec.org). Available in the flavors (Referrer-Policy) ‘unsafe-url’, ‘no-referrer’, ‘never’ and ‘never, no-referrer’.