7- Test Mode

XYZ_Admin

Test Mode — How to Test Your Age Gate

Test mode lets you simulate visitors from any region without actually being in that region. This is essential for verifying your configuration before going live.

Enabling Test Mode

Go to Settings > Age Verification.
Check the Enable Test Mode checkbox.
Save your settings.

When test mode is active, a persistent admin notice appears on every admin page reminding you to disable it when done.

How Test Mode Works

With test mode enabled, anyone can add a ?reg= query parameter to any page URL to simulate a visitor from a specific region. The parameter overrides the Cloudflare geo headers that would normally determine the visitor's location.

Examples

https://yoursite.com/?reg=US-TX — simulates a visitor from Texas, USA
https://yoursite.com/?reg=DE — simulates a visitor from Germany
https://yoursite.com/?reg=GB — simulates a visitor from the United Kingdom
https://yoursite.com/any-page/?reg=US-CA — simulates California on a specific page

What Test Mode Overrides

Geo detection — the ?reg= parameter replaces the country and state codes from Cloudflare.
Verification cookie — test mode bypasses the existing verification cookie so you experience the full flow every time.
Logged-in user exemption — test mode bypasses the automatic exemption for logged-in WordPress users. You'll see the age gate even while logged in.

Without test mode, logged-in users are always exempted from the age gate, making it impossible to test the visitor experience from the admin.

Important: Test mode verifications consume credits. Each verification you complete during testing uses credits from your monthly allocation, just like a real visitor verification. Plan your testing to stay within your credit budget.

If you need additional credits for thorough testing, email hello@xyzinc.com from the email address associated with your free plan site. We can temporarily increase your monthly credit allocation for testing purposes.

Testing Scenarios

Basic Test: Verify the Redirect Works

Enable test mode.
Open an incognito/private browsing window (recommended for clean testing).
Navigate to https://yoursite.com/?reg=US-TX (replace with one of your configured regions).
You should be redirected to the age gate page.
Verify you see the QR code or verification button.

Test Tier 1 Verification

Start a test as above.
Complete the face liveness check using the QR code (scan with your phone) or the direct button.
After verification, you should be redirected back to the original page.
Check the Recent Verifications tab in Settings > Free Plan to see the session details.

Test Tier 2 Verification

Configure a region that requires ID verification (set "Requires ID" or set a minimum age other than 18).
Start a test with that region's code.
Complete both the liveness check and the document verification.
Verify the redirect and check the session details.

Test a Blocked Region

Configure a region with the action set to Block.
Navigate to a page with ?reg= set to that region's code.
You should see the block message instead of the verification interface.

Test Fail-Closed Behavior

Set API Failure Behavior to "Fail closed."
Temporarily set an invalid API key.
Navigate with a ?reg= parameter.
You should be redirected to the error page instead of being let through.
Restore your correct API key when done.

Testing Tips

Use Incognito Windows

The most common testing approach is to open an incognito/private browsing window. This ensures:

No WordPress login session (tests the anonymous visitor experience)
No cached cookies from previous tests
Clean browser state

Clear Between Tests

If testing in a regular browser window, you may need to clear the verification cookie between tests. In test mode, the cookie's HttpOnly flag is disabled, so you can clear it via the browser's developer tools (Application > Cookies) or with JavaScript in the console: document.cookie = "xyz_verified=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/";

Check Verification Details

After each test, go to Settings > Free Plan > Recent Verifications to see exactly what happened during the session:

Which tier was used
How many attempts were made
Whether the visitor passed or failed
Credit cost of the session

Test Non-Configured Regions

Navigate with ?reg= set to a region you have NOT configured (e.g., ?reg=ZZ-01). The visitor should be allowed through without verification, confirming that only your configured regions trigger the age gate.

Disabling Test Mode

When you're done testing:

Go to Settings > Age Verification.
Uncheck the Enable Test Mode checkbox.
Save your settings.

The admin reminder notice will disappear. The ?reg= parameter will no longer have any effect for visitors.

Important: Do not leave test mode enabled in production. While the ?reg= parameter is only useful to someone who knows about it, it bypasses cookie checks and logged-in user exemptions.