Document toolboxDocument toolbox

Test your browser

Test your browser is a tool that performs feature detection as well as blacklist detection against the browser and reports whether or not the browser can be used with the BankID Web-client. Some features are required for the client to function, such as CORS and XDM, while others are only recommended features that will be used by the client if available, such as cookies and geolocation.

The tool is a HTML-wrapper around the bid-browser-test JavaScript API. The JavaScript API version documentation is maintained in BankID Services Interface Description.pdf, found in the releasepackages available for banks and partners on bankid.no. Documentation of the HTML-wrapped version is found below and can easily be used if there is no need for customisation beyond language.

The HTML tool is available at https://tools.bankid.no (for pre-production, see https://tools-preprod.bankid.no/browser-test ), and merchants may embed this page as part of their web site through the use of an iframe or by linking directly to it.

<iframe src="https://tools.bankid.no/browser-test"></iframe>

Below is an overview of the features that are being tested.

Required features are mandatory for the BankID Web-client in order to function. It is required that the user upgrade their browser should the feature not be supported by their browser. features are not mandatory for the BankID Web-client to function, but will be used by the client if available. It is recommended that the user upgrade their browser should the feature not be supported by their browser.

Recommended features are not mandatory for the BankID Web-client to function, but will be used by the client if available. It is recommended that the user upgrade their browser should the feature not be supported by their browser.

FeatureExplanationUpgrade?Notes
Cross-origin resource sharing (CORS)Checks to see if the browser supports CORS through XMLHttpRequest as defined by the W3C, or through XDomainRequest in IE 8/9.Required 

Recommended[1]
[1] The BankID Web-client uses XMLHttpRequest (XHR) to implement CORS, however, if unsupported, it will fallback to Microsoft's XDomainRequest (XDR) in IE 8 and 9. The test for CORS therefore becomes green if XHR/CORS is supported, yellow if XDR/CORS is supported, or red if neither is supported.
Cross-document messaging (XDM)Checks to see if the browser supports XDM through postMessage in window as defined by the W3C.Required 
Scalable vector graphics (SVG)Checks to see if the browser supports SVG image generation as defined by the W3C.Required 
Object.keysChecks to see if the browser supports Object.keys as defined in the ECMAScript 5-specification.Required 
Selectors APIChecks to see if the browser supports document.querySelector and document.querySelectorAll as defined by the W3C.Required 
JSONChecks to see if the browser supports the JSON object and its parse and stringify methods as defined in the ECMAScript 5-specification.Required 
Element.outerHTMLChecks to see if the browser supports Element.outerHTML as defined by the W3C.RequiredAlthough support for Element.outerHTML is very basic, it allows the test to fail on most legacy browsers that would otherwise fail to support the BankID Web-client.
CookiesChecks to see if cookies are enabled and available through document.cookie.RecommendedThe test only relies on JavaScript to read and write a single cookie called BankID_Cookie_Test which expires after five seconds.
CanvasChecks to see if the browser supports the HTML5 canvas element as defined by the W3C.Recommended 
Web Storage APIChecks to see if the browser supports localStorage as defined by the W3C.Recommended 
Geolocation APIChecks to see if the browser supports geolocation as defined by the W3C.Recommended 

Some of these technologies are not yet widely supported and because of this they are disabled by default. The following tests may however be enabled by setting the extended-parameter to true.

FeatureExplanationUpgrade?Notes
Content security policy (CSP)Checks to see if the browser honours/understands CSP as defined by the W3C by asserting the failure of inline code-evaluation using eval.RecommendedEnforcing CSP is highly recommended in order to protect against cross-site scripting (XSS)-attacks, however, no version of Internet Explorer currently (IE 11) supports CSP and that because of this the test is disabled by default.
Web Cryptography APIChecks to see if the browser supports window.crypto as defined by the W3C.Recommended 
Web Graphics Library (WebGL)Checks to see if the browser supports WebGL as defined by the Khronos Group.Recommended 
Web Real-Time Communication API (WebRTC)Checks to see if the browser supports WebRTC as defined by the W3C.Recommended 
ShadowDOMChecks to see if the browser supports ShadowDOM as defined by the W3C.Recommended 

The Test your browser tool is configurable through parameters passed in the URL and enables the merchant to tailor the tool to their needs, such as language.

ParameterExplanationDefaultExample
localeSpecifies the language to be used throughout the tool. 

Currently, only Norwegian bokmål (nb) and English (en) are supported.
Norwegian bokmål (nb)https://tools.bankid.no/browser-test?locale=nb
friendlyHides technical details from the user if set to true. This results in the following:
  • The following tests are combined into the item Required features[1]
    • Cross-origin resource sharing (CORS)
    • Cross-document messaging (XDM)
    • Scalable vector graphics (SVG)
    • Object.keys
    • Selectors API
    • JSON
    • Element.outerHTML
  • No message is shown if the browser is not blacklisted.
  • The following tests are combined into the item Recommended features[1]
    • Content security policy (CSP) [2]
    • Canvas
    • Web Cryptography API [2]
    • Web Storage API
    • Geolocation API
    • Web Graphics Library (WebGL) [2]
    • Web Real-Time Communication API (WebRTC) [2]
    • ShadowDOM [2]
    • MutationObserver
[2] Some tests are disabled by default unless extended is set to true (see below).
On (true)https://tools.bankid.no/browser-test?friendly=false
extendedRuns an extended feature detection against the user's browser if set to true, running additional tests against the following browser features:
  • Content security policy (CSP) [1]
  • Web Cryptography API
  • Web Graphics Library (WebGL)
  • Web Real-Time Communication API (WebRTC)
  • ShadowDOM
[1] Since no version of Internet Explorer currently (IE 11) supports CSP it is cautioned against running extended tests due to the fact that this will result in a yellow result and a warning to all users of IE. Because of this fact, the test is disabled by default. If the merchant normally requires the safety that CSP provides the test can be invoked anyway by setting extended to true.
Off (false)https://tools.bankid.no/browser-test?extended=true
debugPrints out various details during the feature detection.Off (false)https://tools.bankid.no/browser-test?debug=true