Browser DOM access checker 1.02
Authors: Michal Zalewski <> and Filipe Almeida <>
Copyright 2008 by Google Inc., and licensed under the Apache License, Version 2.0.

DOM access checker is a tool designed to automatically validate numerous aspects of domain security policy enforcement (cross-domain DOM access, Javascript cookies, XMLHttpRequest calls, event and transition handling) to detect common security attack or information disclosure vectors.

Please run this tool both over HTTP, and then from local disk (file:/// namespace). Ideally, results in both cases should be the same, and no failed tests should be reported. That said, although we worked with software vendors to resolve many of the most significant issues, all common browsers fail anywhere from 10 to 30 of less significant tests due to various design decisions (most of which bear some privacy considerations by making it to fingerprint simultaneously open pages).

Test results (be prepared to wait a while):

Perform longer page transition checks
Report failed checks only