Over time, I have developed the following testbeds in order to experiment with security features and modern web technologies in different browsers:
preload-integrity and preload: Load a stylesheet with a
<link rel=preload as=style>tag and later refer to it with a
<link rel=stylesheet>tag with or without integrity. In the latter case, a bug in Chromium causes the preloaded resource to be fetched again. Edit: This has now been fixed.
sandbox-navigation: Try out the effects of various
allow-*directives on navigation initiated by sandboxed iframes.
referrer-opener: A collection of both well-known and lesser-known ways in which
window.openercan leak (all credit goes to html5sec.org). Available in the flavors (
never’ and ‘