XSinator.com

is an XS-Leak browser test suite that was created for the paper XSinator.com: From a Formal Model to the Automatic Evaluation of Cross-Site Leaks in Web Browsers. With a single click, XSinator can automatically scan for XS-Leaks vulnerabilities in your browser (mobile or desktop). The table below shows the evaluation results categorized by its detectable differences.

Successful attacks are depicted in red, safe browser are shown in green.

Test your Browser FAQ
ChromeChromeChromeChromeChromeChromeChromeChromeChromeChromeChromeChromeChromeChromeChromeChromeChromeChromeChromeChromeChromeChromeChromeChromeChromeChromeChromeChromeChromeChromeChromeChromeFirefoxFirefoxFirefoxFirefoxFirefoxFirefoxFirefoxFirefoxFirefoxFirefoxFirefoxFirefoxFirefoxFirefoxFirefoxFirefoxFirefoxFirefoxFirefoxFirefoxFirefoxFirefoxFirefoxFirefoxFirefoxFirefoxFirefoxFirefoxFirefoxFirefoxFirefoxFirefoxFirefoxFirefoxFirefoxFirefoxEdgeEdgeEdgeEdgeEdgeEdgeEdgeEdgeEdgeEdgeEdgeEdgeEdgeEdgeEdgeEdgeEdgeEdgeEdgeSafariSafariSafariSafariSafariSafariSafariSafariSafariSafariSafariSafariChromeChromeFirefoxEdgeOperaFirefox FocusChromeChromeEdgeFirefoxFirefoxSamsung InternetSamsung InternetOperaOperaTor BrowserTor BrowserTor Browser
DesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopDesktopiOSiOSiOSiOSiOSiOSiOSiOSiOSiOSAndroidAndroidAndroidAndroidAndroidDesktopAndroidAndroidDesktopDesktopDesktopAndroid
112.0111.0110.0109.0108.0107.0106.0105.0104.0103.0102.0101.0100.099.098.097.096.095.094.093.092.091.090.089.088.087.086.085.084.083.081.080.0113.0112.0111.0110.0109.0108.0107.0106.0105.0104.0103.0102.0101.0100.099.098.097.096.095.094.093.092.091.090.089.088.087.086.085.084.083.082.081.080.079.078.0112.0111.0110.0109.0108.0107.0106.0105.0104.090.089.088.087.086.085.084.083.081.080.016.415.415.314.114.013.112.111.114.013.012.111.087.086.033.046.3.73.0.28.1.789.087.046.3.481.1.480.1.114.011.1.260.175.0.310.0.1610.0.16 (safer)10.0.15
Status Code
Performance API Error Leak
Event Handler Leak (Object)
Event Handler Leak (Stylesheet)
Event Handler Leak (Script)
MediaError Leak
Style Reload Error Leak
Request Merging Error Leak
Redirects
CORS Error Leak
Redirect Start Leak
Duration Redirect Leak
Fetch Redirect Leak
URL Max Length Leak
Max Redirect Leak
History Length Leak
CSP Violation Leak
CSP Redirect Detection
API Usage
WebSocket Leak (FF)
WebSocket Leak (GC)
Payment API Leak
Page Content
Frame Count Leak
Media Dimensions Leak
Media Duration Leak
Performance API Empty Page Leak
Performance API XSS Auditor Leak
Cache Leak (CORS)
Cache Leak (POST)
Id Attribute Leak
CSS Property Leak
HTTP Header
SRI Error Leak
ContentDocument X-Frame Leak
Performance API X-Frame Leak
Performance API CORP Leak
CORP Leak
CORB Leak
Download Detection
Performance API Download Detection
CSP Directive Leak
COOP Leak