PieroV's Onion Tests

This is a test for Onion Sites, hosted by PieroV.

It is reachable in different ways:

• sanityunhavm6aolhyye4h6kbdlxjmc7zw2y7nadbni6vd43agm7xvid.onion: simplest onion service, to use as a sanity check before doing any other tests. Can be reached only over plain HTTP
• selfiez3m4cmeo5sbqw7m7ojnln5rm3kne3ed7nyjd3ehzp4k6cdgzid.onion: self-signed certificate, should be valid as long as the certificate is accepted (should be by default on Tor Browser, at the moment). The certificate is also for the wildcard, so subdomains should be accepted as well on Tor Browser (at least currently)
• pierovlcy7baatz7xcaccbf2kanct3hvkhcgedz4cbrmcg2ybmjalxad.onion: site behind onion authentication. Works both over plain HTTP and HTTPS (self-signed). The private key for access is VQCRB3BB56UZV7ZOUAHVAIV3UUPWHII3WM5RCZOSMDJKDREPDQGQ
• expirezf7z2sqlnqtlnmxhy5dhiykby46v5vpp6tkm3odix3ojikpxid.onion: self-signed expired certificate. All clients should warn against connecting to it
• future2eb4tqrw6t6ka5ekdrcw5mjaxqu4rayndk775cdi6aihod7yyd.onion: self-signed certificate from the future. All clients should warn against connecting to it
• domain736gp5nirxh4iypjf2m42cy5sipj5vnecvexag6svvsi52ovyd.onion: self-signed certificate that does not include this hostname. All clients should warn against connecting to it
• onion-tests.pierov.org: clearnet version, to avoid looking for the GitLab page and for tests between Onion sites and clearnet sites
• onion-tests-http.pierov.org: clearnet, HTTP-only version. It will close the connection automatically on HTTPS (with Nginx's non-standard return 444;)

Available tests

window.isSecureContext

Mixed content

Various mixed content tests.

Login

PDF

Here is a PDF file for testing, when you don't know where to find one 😄.

Attachments

Files served from the attachment directory will have Content-disposition: attachment (on some hosts).

PDF AVIF HTML HTML with remote content PNG SVG SVG with remote content TXT WEBP XML

As a sanity check, you can check what happens when they don't have that header:

PDF AVIF HTML HTML with remote content PNG SVG SVG with remote content TXT WEBP XML

Secure Drop links

Financial Times (HTTP) New York Times (HTTPS)

Other pages

• Crypto address protection (HTTP clearnet)
• Video tests
• offlin4w6nrxjkyf7k6xpf2sw4lxbclih45ltwsiiouivksr6wgdulqd.onion: valid but offline onion service
• Another HTML 5 video test page (third party)
• Websocket test (third party)
• Old NoScript tests
• Conjure configurations: GitLab (cosmopolitan.com front), Forum (githubassets.com front)