Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: XMLHttpRequest Test - Internet Security | DShield XMLHttpRequest Test


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
advertisement
Diary Advertisement

This page tests various features of XMLHttpRequest to check if your browser is compliant with the latest draft standard. This page will only make sense if Javascript is not blocked.

We also test some cookie protections. The page will set three cookies:

  • "Normal"
  • "org" (domain of this cookie is set to .org)
  • "incidents" (domain of this cookie is set to incidents.org)

The value will change with each reload to make it easier to detect changes. The value is just a unix timestamp.

Cookie Name Cookie Value
Feature Result
Click on the word "fail" to see headers
Simple request to make sure it is working at all
Testing Same Origin Policy ("failed" is good here! Script is loaded form iscnx.sans.org)
Setting X-MyHeader (should work)
Setting Cookie (should work)
According to the W3C standard, everything below this line should fail
Setting forbidden header Accept-Charset
Setting forbidden header Accept-Encoding
Setting forbidden header Content-Length
Setting forbidden header Expect
Setting forbidden header Date
Setting forbidden header Host
Setting forbidden header Keep-Alive
Setting forbidden header Referer
Setting forbidden header TE
Setting forbidden header Transfer-Encoding
Setting forbidden header Upgrade
Setting forbidden header Connection
Setting forbidden header Content-Transfer-Encoding
Setting forbidden header Via
Setting forbidden header Range
Setting forbidden header Origin
Setting forbidden method POST
Setting forbidden method PUT
Setting forbidden method DELETE
Setting forbidden method BOGUS