Your page links to a third-party site. Choose how the link opens and which protections are set, then open it. The destination is cross-origin and attacker-controlled. Everything is simulated — no real windows open.
After opening, the destination reports whether it received a usable window.opener.
If it did, press its button to fire the reverse-tabnabbing navigation and watch your tab
get silently replaced by a phishing page.
You are reading a trusted page you opened yourself. It contains an outgoing link to a partner site.
↳ the link you configured above lives here.
Press “Open the link” to launch the cross-origin destination tab.
The browser decides whether the destination gets a live window.opener from these inputs: