1. PASS postMessage API
2. PASS JSON.parse API
3. FAIL toStaticHTML API
4. PASS httpOnly cookie API
5. PASS X-Frame-Options
6. FAIL X-Content-Type-Options
7. FAIL Block reflected XSS
8. PASS Block location spoofing
9. PASS Block JSON hijacking
10. PASS Block XSS in CSS
11. FAIL Sandbox attribute
12. FAIL Origin header
13. FAIL Strict Transport Security
14. PASS Block cross-origin CSS attacks
15. FAIL Content Security Policy
16. PASS Cross Origin Resource Sharing
17. FAIL Block visited link sniffing
Bookmarks