diff --git a/Test-sites.md b/Test-sites.md
new file mode 100644
index 0000000..fa29b8e
--- /dev/null
+++ b/Test-sites.md
@@ -0,0 +1,64 @@
+# Appendix C: Test Sites
+
+Here is list of various websites in which to test your browser. You should enable Javascript (JS) on these sites for the tests to present a worst-case scenario. In reality, you should control JS and XSS (cross site scripting) on sites with add-ons such as NoScript, uMatrix, uBlock Origin, among others, to reduce the possibility of fingerprinting attacks.
+
+If you would like to submit a test page to be added to this list, please post the details [here](https://github.com/ghacksuserjs/ghacks-user.js/issues/6), thanks.
+
+### 1. Fingerprinting
+- [Panopticlick](https://panopticlick.eff.org/)
+- [JoDonym](http://ip-check.info/?lang=en)
+- [Am I Unique?](https://amiunique.org/)
+- [Browserprint](https://browserprint.info/test)
+- [Unique Machine](http://www.uniquemachine.org/)
+
+### 2. Multiple Tests [single page]
+- [Whoer](https://whoer.net/)
+- [5who](http://5who.net/?type=extend)
+- [IP/DNS Leak](https://ipleak.net/)
+- [IP Duh](http://ipduh.com/anonymity-check/)
+
+### 3. Multiple Tests [multi-page]
+- [BrowserSpy.dk](http://browserspy.dk/)
+- [BrowserLeaks](https://www.browserleaks.com/)
+- [HTML Security](https://html5sec.org/)
+- [PC Flank](http://www.pcflank.com/index.htm)  
+
+### 4. Encryption / Ciphers / SSL/TLS / Certificates
+- [BadSSL](https://badssl.com/)
+- [DCSec](https://cc.dcsec.uni-hannover.de/)
+- [Qualys SSL Labs](https://www.ssllabs.com/ssltest/viewMyClient.html)
+- [Fortify](https://www.fortify.net/sslcheck.html)
+- [How's My SSL](https://www.howsmyssl.com/)
+- [RC4](https://rc4.io/)
+- [Heartbleed](https://filippo.io/Heartbleed/)
+- [Freak Attack](https://freakattack.com/clienttest.html)
+- [Logjam](https://weakdh.org/)
+- [Symantec](https://cryptoreport.websecurity.symantec.com/checker/views/sslCheck.jsp)
+
+### 5. Mozilla's Safe Browsing, Tracking Protection
+- [Attack](https://itisatrap.org/firefox/its-an-attack.html)
+- [Blocked](https://itisatrap.org/firefox/blocked.html)
+- [Malware](https://itisatrap.org/firefox/unwanted.html)
+- [Phishing](https://itisatrap.org/firefox/its-a-trap.html)
+- [Tracking](https://itisatrap.org/firefox/its-a-tracker.html)
+
+### 6. Other
+- [AudioContext](https://audiofingerprint.openwpm.com/)
+- [Battery](https://pstadler.sh/battery.js/)
+- [DNS Leak](https://www.dnsleaktest.com/)
+- [DNS Spoofability](https://www.grc.com/dns/dns.htm)
+- [Evercookie](https://samy.pl/evercookie/)
+- [Firefox Add-ons](http://thehackerblog.com/addon_scanner/)
+- [localStorage](http://www.filldisk.com/)
+- [HSTS Supercookie](http://www.radicalresearch.co.uk/lab/hstssupercookies)
+- [HSTS [sniffly]](https://zyan.scripts.mit.edu/sniffly/)
+- [HTML5](https://www.youtube.com/html5)
+- [Keyboard Events](https://w3c.github.io/uievents/tools/key-event-viewer.html)
+- [Popup Killer](http://www.kephyr.com/popupkillertest/index.html)
+- [Popup Test](http://www.popuptest.com/)
+- [Redirects](https://jigsaw.w3.org/HTTP/300/Overview.html)
+- [Referer Headers](https://www.darklaunch.com/tools/test-referer)
+- [rel=noopener](https://mathiasbynens.github.io/rel-noopener/)
+- [Resource://URI](https://www.browserleaks.com/firefox)
+- [WebRTC IP Leak](https://www.privacytools.io/webrtc.html)
+     
\ No newline at end of file