Supported Secure Browsers for Student Testing

The information in this subtopic provides an overview of secure browsers and their use with computer-based assessments. The secure browser provides a secure, online testing environment in which a device is restricted from accessing prohibited computer applications (local or internet-based) or copying or sharing test data. The purposes of this environment are to maintain test security and provide a stable testing experience for students across multiple platforms.

This subsection contains instructions for downloading and installing the secure browsers. The LEA or school information technology staff should ensure that the secure browser has been installed correctly on all computers and devices that will be used for student testing.

This section includes the following subtopics:

About the Secure Browser

All devices that students will use to access computer-based summative assessments must have a secure browser installed on that device. The secure browser prevents students from accessing another computer or internet application or copying test information.

The secure browser is available for all major operating systems included in this guide. Technology coordinators with responsibility for managing a large number of machines across a school or LEA can likely use the same tools as those used currently to push the secure browser out to all of machines at scale. For example, the secure browser ships as an MSI package that enables use of MSIEXEC.

For iPads and Chromebooks, the SecureTestBrowser app is CAI’s mobile version of the secure browser. It is available in each app store to download and install. The first time this app is opened, it will ask the user to choose the state and assessment program. The choice is saved and from then on, the mobile secure browser works just like the desktop version, allowing access to operational tests, practice tests, and the network diagnostic tool. Any mobile device management utility can be used to install the secure browser on multiple managed devices and configure those devices.

Secure Browser Versions for Online Testing

Table 1 lists the secure browsers for each operating system. A secure browser must be downloaded and installed on each device used for student testing. LEAs that installed a secure browser with a version older than the versions listed in table 1 must uninstall it before installing the secure browser for the 2021–22 school year.

Table 1. Secure Browsers by Operating System

Operating Systems Secure Browser
Windows 8.1 (Professional and Enterprise) CA Secure Browser 14
Windows 10 and 10 in S mode (Professional, Educational, and Enterprise), versions 1909–20H2, 21H1 (upon release and acceptance) CA Secure Browser 14

Windows Server

  • 2012 R2
  • 2016 R2 (thin client)
CA Secure Browser 14

macOS

  • Versions 10.13–10.15
  • Version 11.4
  • Version 12 (upon release and acceptance)
CA Secure Browser 14
Linux Fedora 32–33 LTS (Gnome) CA Secure Browser 14

Linux Ubuntu LTS (Gnome)

  • Version 18.04, 20.04
CA Secure Browser 14

iPadOS

  • Version 13.7
  • Version 14.5
  • Version 15 (upon release and acceptance)
SecureTestBrowser 7
Chrome OS 91+ SecureTestBrowser 7

Steps to Support Testing Integrity

While the secure browser is an integral component of test security, test administrators and test examiners perform an equally important role in preserving test integrity. Test administrators and test examiners should be aware of requirements associated with closing external user applications, turning off background jobs, and testing on computers with dual monitors, and employ the necessary precautions while administering computer-based assessments.

Close External User Applications

Prior to administering the computer-based assessments, all nonrequired applications on computers and devices should be closed. After closing these applications, the secure browser can be launched.

The secure browser will not work if the device detects that a forbidden application is running. For more information, refer to the Forbidden Application Detection subsection.

Turn Off Background Jobs

Ensure and verify that all background jobs, such as virus scans or software auto updates, are scheduled outside of testing windows. For example, if testing takes place between 8 a.m. and 3 p.m., schedule background jobs (e.g., attendance and payroll jobs) outside of these hours.

Testing on Computers with Dual Monitors

Systems that use a dual-monitor setup typically display an application on one monitor screen while another application is accessible on the other screen. This typical dual-monitor setup is not allowed under normal circumstances for the CAASPP and ELPAC.

However, one-on-one testing is required for the Initial and Summative ELPAC in kindergarten through grade two, parts of the Initial ELPAC for grades three and above, all grade levels for ELPAC Speaking, and all of the alternate assessments in both the CAASPP and ELPAC administrations. These assessments may call for the test examiner to be close to the student for ease of use and access and to promote the validity of the assessment. In these cases, a dual-monitor configuration may be necessary. Another possible situation for dual-monitor use is when a test administrator or test examiner is administering a test via read-aloud and wants to have a duplicate screen to view exactly what the student is viewing for ease of reading aloud.

In these cases where dual monitors are allowed, monitors should be set up to “mirror” each other. One monitor is connected to the computer running the secure browser and the other is its duplicate. School technology coordinators can assist test administrators and test examiners in setting up the two monitors to ensure they mirror each other rather than operate as independent monitors.

In these cases, all security procedures must be followed, and the test must be administered in a secure environment, to prevent others from hearing the questions or viewing the screens for a student, test administrator, or test examiner. Refer to the Suggested Guidelines for Physically Distancing Test Administration document for suggested layouts.

Forbidden Application Detection

This feature automatically detects certain applications that are prohibited from running on a computer while the secure browser is open. The secure browser checks the applications currently running on a computer when it is launched. If a forbidden application is detected, the student is denied entry and receives a message indicating the open application. Similarly, if a forbidden application launches while the student is already logged on to an assessment—for example, if a scheduled task or background job begins (e.g., antivirus scans)—the student is automatically logged off and a message is displayed.

Before administering tests, LEA technology coordinators, test administrators, and test examiners should take proper measures to ensure that forbidden applications are not running on student devices.

Proxy Settings for Desktop Secure Browsers

This section describes the commands for passing proxy settings to the secure browser, as well as how to implement those commands on the desktop computer.

Specifying a Proxy Server to Use with the Secure Browser

By default, the secure browser attempts to detect the settings for the network’s web proxy server. Users of web proxies should execute a proxy command once from the command prompt; this command does not need to be added to the secure browser shortcut. Table 2 lists the form of the command for different settings and operating systems. To execute these commands from the command line, change to the directory containing the secure browser’s executable file.

Table 2. Specifying Proxy Settings Using a Shortcut or the Command Line

Description System Command
Use the secure browser without any proxy Windows CASecureBrowser.exe -proxy 0 aHR0cHM6Ly9jYS50ZHMuY2FtYml1bWFzdC5jb20vc3R1ZGVudA==
Use the secure browser without any proxy Mac ./CASecureBrowser -proxy 0 aHR0cHM6Ly9jYS50ZHMuY2FtYml1bWFzdC5jb20vc3R1ZGVudA==
Use the secure browser without any proxy Linux ./CASecureBrowser.sh -proxy 0 aHR0cHM6Ly9jYS50ZHMuY2FtYml1bWFzdC5jb20vc3R1ZGVudA==
Set the proxy for HTTP requests only Windows CASecureBrowser.exe -proxy 1:http:fake-url.com:8080 aHR0cHM6Ly9jYS50ZHMuY2FtYml1bWFzdC5jb20vc3R1ZGVudA==
Set the proxy for HTTP requests only Mac ./CASecureBrowser -proxy 1:http:fake-url.com:8080 aHR0cHM6Ly9jYS50ZHMuY2FtYml1bWFzdC5jb20vc3R1ZGVudA==
Set the proxy for HTTP requests only Linux ./CASecureBrowser.sh -proxy 1:http:fake-url.com:8080 aHR0cHM6Ly9jYS50ZHMuY2FtYml1bWFzdC5jb20vc3R1ZGVudA==
Set the proxy for all protocols to mimic the “Use this proxy server for all protocols” of Firefox Windows CASecureBrowser.exe -proxy 1:*:fake-url.com:8080 aHR0cHM6Ly9jYS50ZHMuY2FtYml1bWFzdC5jb20vc3R1ZGVudA==
Set the proxy for all protocols to mimic the “Use this proxy server for all protocols” of Firefox Mac ./CASecureBrowser -proxy 1:*:fake-url.com:8080 aHR0cHM6Ly9jYS50ZHMuY2FtYml1bWFzdC5jb20vc3R1ZGVudA==
Set the proxy for all protocols to mimic the “Use this proxy server for all protocols” of Firefox Linux ./CASecureBrowser.sh -proxy 1:*:fake-url.com:8080 aHR0cHM6Ly9jYS50ZHMuY2FtYml1bWFzdC5jb20vc3R1ZGVudA==
Specify the URL of the PAC file Windows CASecureBrowser.exe -proxy 2:fake-url.com aHR0cHM6Ly9jYS50ZHMuY2FtYml1bWFzdC5jb20vc3R1ZGVudA==
Specify the URL of the PAC file Mac ./CASecureBrowser -proxy 2:fake-url.com aHR0cHM6Ly9jYS50ZHMuY2FtYml1bWFzdC5jb20vc3R1ZGVudA==
Specify the URL of the PAC file Linux ./CASecureBrowser.sh -proxy 2:fake-url.com aHR0cHM6Ly9jYS50ZHMuY2FtYml1bWFzdC5jb20vc3R1ZGVudA==
Auto detect proxy settings Windows CASecureBrowser.exe -proxy 4 aHR0cHM6Ly9jYS50ZHMuY2FtYml1bWFzdC5jb20vc3R1ZGVudA==
Auto detect proxy settings Mac ./CASecureBrowser -proxy 4 aHR0cHM6Ly9jYS50ZHMuY2FtYml1bWFzdC5jb20vc3R1ZGVudA==
Auto detect proxy settings Linux ./CASecureBrowser.sh -proxy 4 aHR0cHM6Ly9jYS50ZHMuY2FtYml1bWFzdC5jb20vc3R1ZGVudA==
Use the system proxy setting (default) Windows CASecureBrowser.exe -proxy 5 aHR0cHM6Ly9jYS50ZHMuY2FtYml1bWFzdC5jb20vc3R1ZGVudA==
Use the system proxy setting (default) Mac ./CASecureBrowser -proxy 5 aHR0cHM6Ly9jYS50ZHMuY2FtYml1bWFzdC5jb20vc3R1ZGVudA==
Use the system proxy setting (default) Linux ./CASecureBrowser.sh -proxy 5 aHR0cHM6Ly9jYS50ZHMuY2FtYml1bWFzdC5jb20vc3R1ZGVudA==