🟩 FOREWORD

These are tests that are not specifically for fingerprinting purposes, which you can find in Appendix B

🟪 BROWSERS

• PrivacyTests.org | ^github - https://privacytests.org/
  • Not a test, but a regular independent report of how default browsers fare in various privacy tests

• Attack - https://itisatrap.org/firefox/its-an-attack.html
• Blocked - https://itisatrap.org/firefox/blocked.html
• Malware - https://itisatrap.org/firefox/unwanted.html
• Phishing - https://itisatrap.org/firefox/its-a-trap.html
• Tracking - https://itisatrap.org/firefox/its-a-tracker.html

^github

• BadSSL - https://badssl.com/
• How's My SSL - https://www.howsmyssl.com/
• Qualys SSL Labs - https://www.ssllabs.com/ssltest/viewMyClient.html

• CSS Exfil Vulnerability - https://www.mike-gualtieri.com/css-exfil-vulnerability-tester
• CSS History Leak ¹ - https://earthlng.github.io/testpages/visited_links.html
• CSS History Leak | ^github - https://frantzmiccoli.github.io/visited-captcha-history/
• DNS Leak - https://www.dnsleaktest.com/
• DNS Spoofability - https://www.grc.com/dns/dns.htm
• Do I Leak? - https://www.doileak.com/
• Evil Traps - https://eviltrap.site/
• Firefox Storage Test - https://firefox-storage-test.glitch.me/
• HTML5 - https://www.youtube.com/html5
• HTML5 Test - https://html5test.com/
• IP/DNS Leak - https://ipleak.net/
• IP Duh - https://ipduh.com/anonymity-check/
• IPv6 Leak - https://ipv6leak.com/
• Keyboard Events - https://w3c.github.io/uievents/tools/key-event-viewer.html
  • Hotkeys Testing - https://rawgit.com/jeresig/jquery.hotkeys/master/test-static-01.html
• Permissions | ^github - https://permission.site/
• Ping Spotter - https://armin.dev/apps/ping-spotter/
• Popup Killer - https://www.kephyr.com/popupkillertest/index.html
• Punycode | ^article - https://www.xn--80ak6aa92e.com/ (www . apple . com)
• Redirects - https://jigsaw.w3.org/HTTP/300/Overview.html
• Referer Headers - https://www.darklaunch.com/tools/test-referer
• rel=noopener - https://mathiasbynens.github.io/rel-noopener/
• XSinator - https://xsinator.com/testing.html

¹ This test is a PoC (proof of concept). You will need layout.css.visited_links_enabled set as true. You will also need a normal window (not a Private Browsing one). The PoC only covers a handful of sites. For best results:

• Open a normal window in a vanilla Firefox. Clear everything (Ctrl-Shift-Del).
• Go to some of the sites in the source: e.g. https://www.cnn.com/ and https://www.foxnews.com/
• Go to the test page and play a game (takes 30 seconds or so)