Internet Storm Center
Training
Certification
Cyber Security Graduate School
Security Awareness Training
Computer Forensics
Penetration Testing
IT Audit
Software Security
This page tests various features of XMLHttpRequest to check if your browser is compliant with the latest draft standard. This page will only make sense if Javascript is not blocked.
We also test some cookie protections. The page will set three cookies:
- "Normal"
- "org" (domain of this cookie is set to .org)
- "incidents" (domain of this cookie is set to incidents.org)
The value will change with each reload to make it easier to detect changes. The value is just a unix timestamp. (right now: 1330184137)
| Cookie Name | Cooie Value |
|---|
| Feature | Result |
|---|---|
| Simple request to make sure it is working at all | loadFragmentInToElement("/xhrtest2.html?test1","test1","",""); |
| Testing Same Origin ("failed" is good here!) | loadFragmentInToElement("http://iscnx.sans.org/xhrtest2.html?test2","test2","",""); |
| Setting X-MyHeader (should work) | loadFragmentInToElement("/xhrtest2.html?test3","test3","X-MyHeader","test"); |
| Setting Cookie (should work) | loadFragmentInToElement("/xhrtest2.html?test4","test4","Set-Coookie","testcookie=testvalue"); |
| Setting forbidden header Accept-Charset | |
| Setting forbidden header Accept-Encoding | |
| Setting forbidden header Content-Length | |
| Setting forbidden header Expect | |
| Setting forbidden header Date | |
| Setting forbidden header Host | |
| Setting forbidden header Keep-Alive | |
| Setting forbidden header Referer | |
| Setting forbidden header TE | |
| Setting forbidden header Transfer-Encoding | |
| Setting forbidden header Upgrade | |
| Setting forbidden header Connection | |
| Setting forbidden header Content-Transfer-Encoding | |
| Setting forbidden header Via | |
| Setting forbidden header Range |
