diff --git a/www/checkup/main.js b/www/checkup/main.js
index f490014c1..8d8452726 100644
--- a/www/checkup/main.js
+++ b/www/checkup/main.js
@@ -420,9 +420,11 @@ define([
 
         $.ajax('/?'+ (+new Date()), {
             complete: function (xhr) {
-                var header = xhr.getResponseHeader('permissions-policy');
+                var header = xhr.getResponseHeader('permissions-policy') || '';
+                var rules = header.split(',');
+                if (rules.includes('interest-cohort=()')) { return void cb(true); }
                 printMessage(JSON.stringify(header));
-                cb(header === 'interest-cohort=()' || header);
+                cb(header);
             },
         });
     });
@@ -896,6 +898,18 @@ define([
         });
     });
 
+    assert(function (cb, msg) {
+        msg.appendChild(h('span', 'pewpew'));
+        deferredPostMessage({
+            command: 'CHECK_HTTP_STATUS',
+            content: {
+                url: cacheBuster('/api/config'),
+            },
+        }, function (content) {
+            cb(content === 200 || content);
+        });
+    });
+
 /*
     assert(function (cb, msg) {
         setWarningClass(msg);
diff --git a/www/checkup/sandbox/main.js b/www/checkup/sandbox/main.js
index 272db91a4..47a7be13b 100644
--- a/www/checkup/sandbox/main.js
+++ b/www/checkup/sandbox/main.js
@@ -48,6 +48,15 @@ define([
         });
     };
 
+    COMMANDS.CHECK_HTTP_STATUS = function (content, cb) {
+        $.ajax(content.url, {
+            dataType: 'text',
+            complete: function (xhr) {
+                cb(xhr.status);
+            },
+        });
+    };
+
     window.addEventListener("message", function (event) {
         var txid, command;
         if (event && event.data) {