about:blank Frame
Compares local-network fetch probes from the top-level page and from an
about:blank iframe
This page tries a small set of HTTP requests to likely local-network targets, including loopback and common router addresses. Use the two buttons below to run the same probe list from two contexts:
about:blank iframe.
A protected browser should apply the same local-network restrictions to both
contexts. A vulnerable browser may reject the top-level scan while still
letting the about:blank frame reach local targets.
For a clear signal, make sure at least one local HTTP service is reachable,
such as python3 -m http.server 8000 on your machine or a router
admin page on 192.168.0.1 / 192.168.1.1.
The test is most useful when the top-level scan rejects those targets but the
about:blank frame resolves one of them.
| Scenario | Top-level frame | about:blank frame |
Verdict |
|---|---|---|---|
| Protected browser | Rejects or matches frame behaviour | Rejects or matches top-level behaviour | Pass |
| Vulnerable browser | Rejects a target | Resolves that same target | Fail — about:blank reaches local network more broadly |