Getting started

Go to passfail.no and type a name in the instance creator (e.g. my-test-site). This creates my-test-site.passfail.no with all tests passing by default.

Instances are auto-created on first visit too — if you navigate directly to any subdomain that doesn't exist yet, it will be initialized automatically.

Visit your instance URL (e.g. my-test-site.passfail.no) and use the toggle switches to flip individual tests between pass and fail. State persists automatically via SQLite — you can close the browser and come back later.

You can also use URL query parameters for quick configuration:

# Fail specific tests
https://my-test-site.passfail.no/?fail=security-headers,csp-deep-audit

# Fail all tests
https://my-test-site.passfail.no/?fail=all

# Pass all tests (default)
https://my-test-site.passfail.no/

For local testing without wildcard DNS, use the _subdomain query parameter to simulate any subdomain:

# Simulate "mysite" subdomain locally
http://localhost:4270/?_subdomain=mysite

# This reads/writes the same instance state as mysite.passfail.no

In Teste.no, create a target pointing at your subdomain URL. Run a scan and verify that the findings match exactly what you toggled. Each test slug corresponds to a Teste.no plugin slug:

# Toggle security-headers to fail → Teste.no security-headers plugin reports a finding
# Toggle seo-meta-tags to fail → Teste.no seo-meta-tags plugin reports a finding

You can also control instances programmatically:

# Get instance state
curl https://my-test-site.passfail.no/api/instance

# Update failing tests
curl -X PATCH https://my-test-site.passfail.no/api/instance \
  -H "Content-Type: application/json" \
  -d '{"failing": ["security-headers", "csp-deep-audit"]}'

# Delete an instance
curl -X DELETE https://my-test-site.passfail.no/api/instance

For PullPush E2E testing, use the webhook receiver endpoint:

# Basic webhook echo
curl -X POST https://my-test-site.passfail.no/api/webhook-receiver \
  -H "Content-Type: application/json" \
  -d '{"event": "test"}'

# Simulate a 503 error
curl -X POST "https://my-test-site.passfail.no/api/webhook-receiver?mode=error&status=503"

# Fail 5 times then recover (stateful)
curl -X POST "https://my-test-site.passfail.no/api/webhook-receiver?mode=recover&fail_count=5"

# View delivery log
curl "https://my-test-site.passfail.no/api/webhook-receiver?log=1"

See the API reference for all webhook modes and parameters.

Instances that haven't been accessed for 30 days are automatically cleaned up. The last_accessed_at timestamp updates on every page visit and API call.