diff --git a/consent-tester/Dockerfile b/consent-tester/Dockerfile
index 68d7134a..5eda3767 100644
--- a/consent-tester/Dockerfile
+++ b/consent-tester/Dockerfile
@@ -29,6 +29,33 @@ USER appuser
 RUN playwright install chromium firefox webkit
 USER root
 
+# ── Browser-matrix stage 1.3: echte Third-Party-Browser (amd64-only) ──────
+# Chrome-/Edge-Channel + Brave gibt es nur fuer amd64 (Prod/Orca). Auf arm64
+# (macmini-Dev) best-effort uebersprungen → der Build bricht NICHT; die Matrix
+# laeuft dort mit den 4 Default-Engines (chromium/firefox/webkit/iPhone).
+# Brave/Chrome/Edge sind opt-in-Extras (EXTRA_PROFILES, nur auf Anforderung).
+# TARGETARCH fuellt BuildKit automatisch aus der Zielplattform.
+ARG TARGETARCH=amd64
+RUN set -eux; \
+    if [ "$TARGETARCH" = "amd64" ]; then \
+      ( curl -fsSLo /usr/share/keyrings/brave-browser-archive-keyring.gpg \
+          https://brave-browser-apt-release.s3.brave.com/brave-browser-archive-keyring.gpg && \
+        echo "deb [arch=amd64 signed-by=/usr/share/keyrings/brave-browser-archive-keyring.gpg] https://brave-browser-apt-release.s3.brave.com/ stable main" \
+          > /etc/apt/sources.list.d/brave-browser-release.list && \
+        apt-get update && \
+        apt-get install -y --no-install-recommends brave-browser && \
+        rm -rf /var/lib/apt/lists/* ) \
+        || echo "WARN: Brave-Install uebersprungen (Arch/Netz)"; \
+    else echo "TARGETARCH=$TARGETARCH != amd64 — Brave uebersprungen"; fi
+
+# Playwright-Channels Chrome + Edge (Google-/Microsoft-Builds, amd64-only).
+# Als root, da system-weit nach /opt installiert; --with-deps zieht OS-Libs.
+RUN set -eux; \
+    if [ "$TARGETARCH" = "amd64" ]; then \
+      ( playwright install --with-deps chrome msedge ) \
+        || echo "WARN: Chrome/Edge-Channel uebersprungen"; \
+    else echo "TARGETARCH=$TARGETARCH != amd64 — Chrome/Edge uebersprungen"; fi
+
 COPY . .
 RUN chown -R appuser:appuser /app
 
diff --git a/docker-compose.hetzner.yml b/docker-compose.hetzner.yml
index 2c0402ec..0efa67ec 100644
--- a/docker-compose.hetzner.yml
+++ b/docker-compose.hetzner.yml
@@ -57,3 +57,9 @@ services:
 
   docs:
     platform: linux/amd64
+
+  # consent-tester native amd64 auf Orca (x86_64) statt arm64-Emulation —
+  # Voraussetzung fuer die echten Brave/Chrome/Edge-Browser der Matrix
+  # (amd64-only, siehe consent-tester/Dockerfile, TARGETARCH-Gate).
+  consent-tester:
+    platform: linux/amd64