Skip to content

Web test heuristics

Heuristics for web testing focus on ensuring the robustness, usability, and security of web applications. These heuristics help testers identify potential issues and improve the overall quality of the application.

When testing web applications, consider the following heuristics to ensure robust navigation and user experience:

  • Back Navigation: Use the browser's back button to check for expired messages, double-posted transactions, and proper state handling.

  • Refresh: Refresh pages to ensure the application handles repeated requests and maintains state appropriately.

  • Bookmark the URL: Bookmark pages and revisit them to verify correct loading and session handling.

  • Select Bookmark when Logged Out: Access bookmarked URLs after logging out to check for proper authentication and error handling.

  • Hack the URL: Modify or remove URL parameters to test for security issues and robustness (see also Data Type Attacks).

  • Multiple Browser Instances Open: Open multiple browser windows or tabs to check for session consistency and concurrency issues.

  • Swipe/Tap/Pinch: On touch devices, test gestures like swipe, tap, and pinch to validate mobile usability and responsiveness.

Input

When testing user input in web applications, consider the following strategies:

  • HTML/JavaScript Injection: Test for vulnerabilities by attempting to enter arbitrary HTML tags and JavaScript commands in input fields. Ensure the application properly sanitizes and escapes user input to prevent security issues.

  • Check Max Length Defined on Text Inputs: Verify that text input fields enforce maximum length restrictions as defined in the application requirements or HTML attributes.

  • > 5000 Chars in TextAreas: Input very long text (over 5000 characters) in text areas to check for truncation, performance issues, and proper handling of large input.

Syntax

When testing web applications, consider the following syntax checking strategies:

  • HTML Syntax Checker: Use automated tools to validate the structure and correctness of HTML markup. This helps catch missing tags, improper nesting, and other common errors that can affect rendering and accessibility.

  • CSS Syntax Checker: Use automated tools to check CSS for syntax errors, unsupported properties, and formatting issues. Ensuring valid CSS improves cross-browser compatibility and consistent styling.

Preferences

When testing user preferences in web applications, consider the following:

  • JavaScript Off: Disable JavaScript in the browser to verify that essential functionality and messaging are still available or gracefully degraded.

  • Cookies Off: Turn off cookies to check how the application handles sessions, preferences, and authentication without cookie support.

  • Security High: Set browser security settings to high and test for blocked features, mixed content warnings, and proper fallback behavior.

  • Resize Browser Window: Change the browser window size to validate responsive design and layout adaptability.

  • Change Font Size: Adjust browser font size settings to ensure content remains readable and layouts do not break.

Accessibility / A11y

When testing web applications for accessibility, consider the following heuristics:

  • Keyboard Navigation: Ensure users can navigate the site using only the keyboard, including skipping to main content, avoiding traps in menus/subsections, and having a visible focus indicator. All functionality should be accessible, pop-ups should receive focus and be dismissible.

  • Context: Use descriptive link text, provide meaningful alt-text for images (or hide decorative images), label all form inputs, ensure only one main element per page, define country and language, and use plain language throughout.

  • Content: Avoid all capitals in headings, do not use justified text, allow zoom to 200%, use gender-neutral language, explain acronyms, provide clear instructions, ensure good contrast, and use more than just color (e.g., green tick) to indicate success or status.

Useful Resources

  • Tomes, S. (2022, March 31). Test heuristics cheat sheet. Ministry of Testing. https://www.ministryoftesting.com/articles/test-heuristics-cheat-sheet
Back to top