Do a test here.
It's a "suite of security tests that measure whether the browser supports JavaScript APIs that allow safe interactions between sites, and whether it follows industry best practices for blocking harmful interactions between sites".
Security - What are the Security Tests? - Browserscope
You can then compare your results with those of the main browsers.
Spoiler The safest:
Spoiler The unsafest:
NB: Some trolls-like sentences are included in this thread. Will you able to find them ?
Last edited by Renk; 14.11.10 at 20:14.
My score:
Spoiler Click >>>:
Can't comment on the troll-like sentences.
Is there any browser that passes all the checks?
"I just remembered something that happened a long time ago."
1. PASS postMessage API
2. PASS JSON.parse API
3. FAIL toStaticHTML API
4. PASS httpOnly cookie API
5. PASS X-Frame-Options
6. FAIL X-Content-Type-Options
7. FAIL Block reflected XSS
8. PASS Block location spoofing
9. PASS Block JSON hijacking
10. PASS Block XSS in CSS
11. FAIL Sandbox attribute
12. FAIL Origin header
13. FAIL Strict Transport Security
14. PASS Block cross-origin CSS attacks
15. FAIL Content Security Policy
16. PASS Cross Origin Resource Sharing
17. FAIL Block visited link sniffing
Here is my result of the test
1. PASS postMessage API
2. PASS JSON.parse API
3. FAIL toStaticHTML API
4. PASS httpOnly cookie API
5. PASS X-Frame-Options
6. FAIL X-Content-Type-Options
7. FAIL Block reflected XSS
8. PASS Block location spoofing
9. PASS Block JSON hijacking
10. PASS Block XSS in CSS
11. FAIL Sandbox attribute
12. FAIL Origin header
13. FAIL Strict Transport Security
14. PASS Block cross-origin CSS attacks
15. FAIL Content Security Policy
16. PASS Cross Origin Resource Sharing
17. FAIL Block visited link sniffing
---------- Post added at 12:34 ---------- Previous post was at 12:33 ----------
Pretty much the same as TheDeathless results.
"God, from the mount Sinai
whose grey top shall tremble,
He descending, will Himself,
in thunder, lightning, and loud trumpet’s sound,
ordain them laws".
John Milton (1608-1674) in Paradise Lost
Ripley'sSealLion's Believe it or Not! ~ NASCAR car crashes and Windows have just one thing in common.
Oh, oh. Better use LINUX.
13/17, as expected for firefox1. PASS postMessage API
2. PASS JSON.parse API
3. PASS toStaticHTML API
4. PASS httpOnly cookie API
5. PASS X-Frame-Options
6. PASS X-Content-Type-Options
7. PASS Block reflected XSS
8. PASS Block location spoofing
9. PASS Block JSON hijacking
10. PASS Block XSS in CSS
11. FAIL Sandbox attribute
12. FAIL Origin header
13. PASS Strict Transport Security
14. PASS Block cross-origin CSS attacks
15. FAIL Content Security Policy
16. PASS Cross Origin Resource Sharing
17. FAIL Block visited link sniffing
firefox version 3.6 (9/17) vs. 3.6.12 (13/17), let me guess: you haven't restarted it recently
i also use Adblock Plus & NoScript add-ons, maybe thats the reason why
Also I use adblock plus. No I will try NoScript (Is also made in italy) and post my result.
---------- Post added at 21:15 ---------- Previous post was at 21:12 ----------
1. PASS postMessage API
2. PASS JSON.parse API
3. PASS toStaticHTML API
4. PASS httpOnly cookie API
5. PASS X-Frame-Options
6. PASS X-Content-Type-Options
7. PASS Block reflected XSS
8. PASS Block location spoofing
9. PASS Block JSON hijacking
10. PASS Block XSS in CSS
11. FAIL Sandbox attribute
12. FAIL Origin header
13. PASS Strict Transport Security
14. PASS Block cross-origin CSS attacks
15. FAIL Content Security Policy
16. PASS Cross Origin Resource Sharing
17. FAIL Block visited link sniffing
13/17
Last edited by piratemeister; 14.11.10 at 21:16.
I guess mine's a little bit better now. Thanks slik for the comment suggesting that No Script might be the detail involved.
I guess I now have the same results as yourselves. :)1. PASS postMessage API
2. PASS JSON.parse API
3. PASS toStaticHTML API
4. PASS httpOnly cookie API
5. PASS X-Frame-Options
6. PASS X-Content-Type-Options
7. PASS Block reflected XSS
8. PASS Block location spoofing
9. PASS Block JSON hijacking
10. PASS Block XSS in CSS
11. FAIL Sandbox attribute
12. FAIL Origin header
13. PASS Strict Transport Security
14. PASS Block cross-origin CSS attacks
15. FAIL Content Security Policy
16. PASS Cross Origin Resource Sharing
17. FAIL Block visited link sniffing
"God, from the mount Sinai
whose grey top shall tremble,
He descending, will Himself,
in thunder, lightning, and loud trumpet’s sound,
ordain them laws".
John Milton (1608-1674) in Paradise Lost
Ripley'sSealLion's Believe it or Not! ~ NASCAR car crashes and Windows have just one thing in common.
Oh, oh. Better use LINUX.
14/171. PASS postMessage API
2. PASS JSON.parse API
3. PASS toStaticHTML API
4. PASS httpOnly cookie API
5. PASS X-Frame-Options
6. PASS X-Content-Type-Options
7. PASS Block reflected XSS
8. PASS Block location spoofing
9. PASS Block JSON hijacking
10. PASS Block XSS in CSS
11. FAIL Sandbox attribute
12. FAIL Origin header
13. PASS Strict Transport Security
14. PASS Block cross-origin CSS attacks
15. FAIL Content Security Policy
16. PASS Cross Origin Resource Sharing
17. PASS Block visited link sniffing
_____
---------- Post added at 00:21 ---------- Previous post was at 00:20 ----------
ff, latest stable.
tokio, how did you manage to get this as a pass and we got ours as a fail??17. PASS Block visited link sniffing
Last edited by SealLion; 15.11.10 at 02:48.
"God, from the mount Sinai
whose grey top shall tremble,
He descending, will Himself,
in thunder, lightning, and loud trumpet’s sound,
ordain them laws".
John Milton (1608-1674) in Paradise Lost
Ripley'sSealLion's Believe it or Not! ~ NASCAR car crashes and Windows have just one thing in common.
Oh, oh. Better use LINUX.
also the test requires js which i have disabled by default normallyCode:1. PASS postMessage API 2. PASS JSON.parse API 3. PASS toStaticHTML API 4. FAIL httpOnly cookie API 5. PASS X-Frame-Options 6. PASS X-Content-Type-Options 7. PASS Block reflected XSS 8. PASS Block location spoofing 9. PASS Block JSON hijacking 10. PASS Block XSS in CSS 11. FAIL Sandbox attribute 12. FAIL Origin header 13. PASS Strict Transport Security 14. PASS Block cross-origin CSS attacks 15. FAIL Content Security Policy 16. PASS Cross Origin Resource Sharing 17. PASS Block visited link sniffing
Your account has been disabled.
I'm using FireFox 1.5.0.41. FAIL postMessage API
2. FAIL JSON.parse API
3. FAIL toStaticHTML API
4. FAIL httpOnly cookie API
5. FAIL X-Frame-Options
6. FAIL X-Content-Type-Options
7. FAIL Block reflected XSS
8. PASS Block location spoofing
9. FAIL Block JSON hijacking
10. PASS Block XSS in CSS
11. FAIL Sandbox attribute
12. FAIL Origin header
13. FAIL Strict Transport Security
14. FAIL Block cross-origin CSS attacks
15. FAIL Content Security Policy
16. FAIL Cross Origin Resource Sharing
17. FAIL Block visited link sniffing
Posting Permissions
Reply With Quote
Bookmarks