diff -u b/core/includes/install.core.inc b/core/includes/install.core.inc
--- b/core/includes/install.core.inc
+++ b/core/includes/install.core.inc
@@ -274,8 +274,9 @@
   drupal_bootstrap(DRUPAL_BOOTSTRAP_CONFIGURATION);
 
   // The user agent header is used to pass a database prefix in the request when
-  // running tests. If prefix is set, ensure that we have a valid token.
-  if (isset($_SERVER['HTTP_USER_AGENT']) && strpos($_SERVER['HTTP_USER_AGENT'], "simpletest") !== FALSE && !drupal_valid_test_ua()) {
+  // running tests. Make sure that a valid test token is accompanied by a
+  // settings.php overriding conf_path().
+  if ($install_state['interactive'] && drupal_valid_test_ua() && !settings()->get('simpletest_conf_path')) {
     header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden');
     exit;
   }
@@ -1647,7 +1648,7 @@
   global $base_url;
 
   drupal_set_title(st('Drupal already installed'));
-  return st('<ul><li>To start over, you must empty your existing database and delete your active configuration.</li><li>To install to a different database, edit the appropriate <em>settings.php</em> file in the <em>sites</em> folder.</li><li>To locate your active configuration, view the appropriate <em>settings.php</em> file in the <em>sites</em> folder.</em></li></li><li>To upgrade an existing installation, proceed to the <a href="@base-url/core/update.php">update script</a>.</li><li>View your <a href="@base-url">existing site</a>.</li></ul>', array('@base-url' => $base_url));
+  return st('<ul><li>To start over, you must empty your existing database, delete your active configuration, and copy <em>default.settings.php</em> over <em>settings.php</em>.</li><li>To install to a different database, edit the appropriate <em>settings.php</em> file in the <em>sites</em> folder.</li><li>To locate your active configuration, view the appropriate <em>settings.php</em> file in the <em>sites</em> folder.</em></li></li><li>To upgrade an existing installation, proceed to the <a href="@base-url/core/update.php">update script</a>.</li><li>View your <a href="@base-url">existing site</a>.</li></ul>', array('@base-url' => $base_url));
 }
 
 /**
diff -u b/core/modules/simpletest/lib/Drupal/simpletest/Tests/SimpleTestTest.php b/core/modules/simpletest/lib/Drupal/simpletest/Tests/SimpleTestTest.php
--- b/core/modules/simpletest/lib/Drupal/simpletest/Tests/SimpleTestTest.php
+++ b/core/modules/simpletest/lib/Drupal/simpletest/Tests/SimpleTestTest.php
@@ -64,26 +64,9 @@
       )));
       $this->assertNoTitle('Foo');
 
-      // Make sure that we are locked out of the installer when prefixing using
-      // the user-agent header and using a 6 second old token. This is an
-      // important security check. We can not use
-      // \Drupal\simpletest\WebTestBase::drupalGet() since we need to wait after
-      // creating the token and before requesting the page.
       global $base_url;
-      $options =  array('external' => TRUE, 'absolute' => TRUE);
-      $curl_options = array(
-        CURLOPT_HTTPGET => TRUE,
-        CURLOPT_URL => url($base_url . '/core/install.php', $options),
-        CURLOPT_NOBODY => FALSE,
-        CURLOPT_HTTPHEADER => array()
-      );
-
-      $this->curlInitialize();
-      curl_setopt_array($this->curlHandle, $this->additionalCurlOptions + $curl_options);
-      sleep(6);
-      curl_exec($this->curlHandle);
-      $status = curl_getinfo($this->curlHandle, CURLINFO_HTTP_CODE);
-      $this->assertEqual($status, 403, 'Cannot access install.php with a "simpletest" user-agent header after 5 seconds.');
+      $this->drupalGet(url($base_url . '/core/install.php', array('external' => TRUE, 'absolute' => TRUE)));
+      $this->assertResponse(403, 'Cannot access install.php.');
 
       $user = $this->drupalCreateUser();
       $this->drupalLogin($user);