Tested on Canary v76.0.3794.0
Don't forget to enable portals (chrome://flags/#enable-portals)
When the <portal> loads a normal page we will get one onload event but when the xss auditor triggers we will get 2 onload events
There is other good techniques for detecting the auditor by @garethheyes and @cgvwzq