diff --git a/security/url-canonicalization.html b/security/url-canonicalization.html
new file mode 100644
index 0000000..7259193
--- /dev/null
+++ b/security/url-canonicalization.html
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width">
+    <title>URL Canonicalization Tests</title>
+</head>
+<body>
+    <p><a href="../index.html">[Back]</a></p>
+    <h1>URL Canonicalization Tests</h1>
+    Each of the following links, when clicked, should raise an error page. It should never actually load the page - if it does, this indicates that our URL canonicalization has failed, which could potentially allow malformed or malicious URLs to be processed incorrectly.
+    <a id="test_specialchar1" href="https://www.%20privacy-test-pages.site/security/badware/phishing.html" target="_blank">Special Characters</a><br>
+    <a id="test_specialchar2" href="https://www.%7Eprivacy-test-pages.site/security/badware/phishing.html" target="_blank">Special Characters</a><br>
+    <a id="test_outofrangechars" href="https://www.🙃privacy-test-pages.site/security/badware/phishing.html" target="_blank">Out-of-Range Characters</a><br>
+    <a id="test_percentescapes" href="https://www.privacy-test-pages.site%20security%20badware/phishing.html" target="_blank">Percent Escapes</a><br>
+    <a id="test_doubledots" href="https://broken..third-party.site/security/badware/phishing.html" target="_blank">Multiple Full Stops</a><br>
+    <a id="test_trailingdots" href="https://bad.third-party.site./security/badware/phishing.html" target="_blank">Trailing Full Stops</a><br>
+    <a id="test_trailingdots" href="https://.broken.third-party.site/security/badware/phishing.html" target="_blank">Leading Full Stops</a><br>
+</body>
+</html>