About this demo

Pinnacle Portfolio is a fictional brokerage operated by Web Performance Inc. as a load-test target for WPLoadTester 7.0. The new release uses an AI assistant to auto-configure recordings — this is the entry-level of three sibling demo sites that exercise progressively harder auth schemes.

The twist here is non-standard CSRF. Each page carries a <meta name="app-csrf"> tag instead of the conventional hidden form input, and a small client script reads it and sets an X-App-CSRF header on every POST. A naive recording will replay 403s until the AI assistant discovers the meta-tag-to-header relationship and threads the value through.