Test with an unknown CA or self-signed certificate

[pinobatch]

Several private web servers have no fully qualified domain name (FQDN) and therefore can have no certificate issued by a certificate authority that major web browsers recognize by default. This includes corporate intranet sites, as well as any appliance on a home network (such as a router, printer, or NAS device) that lacks a valid binding to a dynamic DNS service. Any HTTPS connection to such a server would raise an interstitial certificate warning.

I suggest adding a self-signed version to test whether a user agent's secure context determination differs between a site using a certificate issued by a public CA and a site relying on an exception added by the user.

[lgarron]

permission.site uses very straightforward static hosting right now; this seems more like a job for badssl.com.
(You can of course do a secure context calculation using one line of JS. But will admit that browsers are frustratingly inconsistent about what they consider a secure context.)

permission.site is primarily designed for browser vendors to test their UI. What audience do you have in mind for your suggestion?

[pinobatch]

I had developers of web applications to run on these sorts of home networking appliances in mind.