Click on Run all Tests to run all test cases in your browser. After that you can compare your results. Click on an individual test case to get more info, execute it on its own, or view the code.

Back to Results
UA: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
# XS-Leak Description
0Performance API Error LeakDetect errors with Performance API.
1Event Handler Leak (Object)Detect errors with onload/onerror with object.
2Event Handler Leak (Stylesheet)Detect errors with onload/onerror with stylesheet.
3Event Handler Leak (Script)Detect errors with onload/onerror with script.
4MediaError LeakDetect status codes with MediaError message.
5Style Reload Error LeakDetect errors with style reload bug.
6Request Merging Error LeakDetect errors with request merging.
7CORS Error LeakLeak redirect target URL with CORS error.
8Redirect Start LeakDetect cross-origin HTTP redirects by checking redirectStart time.
9Duration Redirect LeakDetect cross-origin redirects by checking the duration.
10Fetch Redirect LeakDetect HTTP redirects with Fetch API.
11URL Max Length LeakDetect server redirect by abusing URL max length.
12Max Redirect LeakDetect server redirect by abusing max redirect limit.
13History Length LeakDetect javascript redirects with History API.
14CSP Violation LeakLeak cross-origin redirect target with CSP violation event.
15CSP Redirect DetectionDetect cross-origin redirects with CSP violation event.
16WebSocket Leak (FF)Detect the number of websockets on a page by exausting the socket limit.
17WebSocket Leak (GC)Detect the number of websockets on a page by exausting the socket limit.
18Payment API LeakDetect if another tab is using the Payment API.
19Frame Count LeakDetect the number of iframes on a page.
20Media Dimensions LeakLeak dimensions of images or videos.
21Media Duration LeakLeak duration of audio or videos.
22Performance API Empty Page LeakDetect empty responses with Performance API.
23Performance API XSS Auditor LeakDetect scripts/event handlers in a page with Performance API.
24Cache Leak (CORS)Detect resources loaded by page. Cache is deleted with CORS error.
25Cache Leak (POST)Detect resources loaded by page. Cache is deleted with a POST request.
26Id Attribute LeakLeak id attribute of focusable HTML elements with onblur.
27CSS Property LeakLeak CSS rules with getComputedStyle.
28SRI Error LeakLeak content length with SRI error.
29ContentDocument X-Frame LeakDetect X-Frame-Options with ContentDocument.
30Performance API X-Frame LeakDetect X-Frame-Options with Performance API.
31Performance API CORP LeakDetect Cross-Origin-Resource-Policy header with Performance API.
32CORP LeakDetect Cross-Origin-Resource-Policy header with fetch.
33CORB LeakDetect X-Content-Type-Options in combination with specific content type using CORB.
34Download DetectionDetect downloads (Content-Disposition header).
35Performance API Download DetectionDetect downloads (Content-Disposition header) with Performance API.
36CSP Directive LeakDetect CSP directives with CSP iframe attribute.
37COOP LeakDetect Cross-Origin-Opener-Policy header with popup.