Click on Run all Tests to run all test cases in your browser. After that you can compare your results. Click on an individual test case to get more info, execute it on its own, or view the code.
Back to ResultsMozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
# | XS-Leak | Description |
---|---|---|
0 | Performance API Error Leak | Detect errors with Performance API. |
1 | Event Handler Leak (Object) | Detect errors with onload/onerror with object. |
2 | Event Handler Leak (Stylesheet) | Detect errors with onload/onerror with stylesheet. |
3 | Event Handler Leak (Script) | Detect errors with onload/onerror with script. |
4 | MediaError Leak | Detect status codes with MediaError message. |
5 | Style Reload Error Leak | Detect errors with style reload bug. |
6 | Request Merging Error Leak | Detect errors with request merging. |
7 | CORS Error Leak | Leak redirect target URL with CORS error. |
8 | Redirect Start Leak | Detect cross-origin HTTP redirects by checking redirectStart time. |
9 | Duration Redirect Leak | Detect cross-origin redirects by checking the duration. |
10 | Fetch Redirect Leak | Detect HTTP redirects with Fetch API. |
11 | URL Max Length Leak | Detect server redirect by abusing URL max length. |
12 | Max Redirect Leak | Detect server redirect by abusing max redirect limit. |
13 | History Length Leak | Detect javascript redirects with History API. |
14 | CSP Violation Leak | Leak cross-origin redirect target with CSP violation event. |
15 | CSP Redirect Detection | Detect cross-origin redirects with CSP violation event. |
16 | WebSocket Leak (FF) | Detect the number of websockets on a page by exausting the socket limit. |
17 | WebSocket Leak (GC) | Detect the number of websockets on a page by exausting the socket limit. |
18 | Payment API Leak | Detect if another tab is using the Payment API. |
19 | Frame Count Leak | Detect the number of iframes on a page. |
20 | Media Dimensions Leak | Leak dimensions of images or videos. |
21 | Media Duration Leak | Leak duration of audio or videos. |
22 | Performance API Empty Page Leak | Detect empty responses with Performance API. |
23 | Performance API XSS Auditor Leak | Detect scripts/event handlers in a page with Performance API. |
24 | Cache Leak (CORS) | Detect resources loaded by page. Cache is deleted with CORS error. |
25 | Cache Leak (POST) | Detect resources loaded by page. Cache is deleted with a POST request. |
26 | Id Attribute Leak | Leak id attribute of focusable HTML elements with onblur. |
27 | CSS Property Leak | Leak CSS rules with getComputedStyle. |
28 | SRI Error Leak | Leak content length with SRI error. |
29 | ContentDocument X-Frame Leak | Detect X-Frame-Options with ContentDocument. |
30 | Performance API X-Frame Leak | Detect X-Frame-Options with Performance API. |
31 | Performance API CORP Leak | Detect Cross-Origin-Resource-Policy header with Performance API. |
32 | CORP Leak | Detect Cross-Origin-Resource-Policy header with fetch. |
33 | CORB Leak | Detect X-Content-Type-Options in combination with specific content type using CORB. |
34 | Download Detection | Detect downloads (Content-Disposition header). |
35 | Performance API Download Detection | Detect downloads (Content-Disposition header) with Performance API. |
36 | CSP Directive Leak | Detect CSP directives with CSP iframe attribute. |
37 | COOP Leak | Detect Cross-Origin-Opener-Policy header with popup. |