← All tests

What this tests

This page tries a small set of HTTP requests to likely local-network targets, including loopback and common router addresses. Use the two buttons below to run the same probe list from two contexts:

  1. Directly in the top-level page.
  2. Inside a dynamically created about:blank iframe.

A protected browser should apply the same local-network restrictions to both contexts. A vulnerable browser may reject the top-level scan while still letting the about:blank frame reach local targets.

Setup

For a clear signal, make sure at least one local HTTP service is reachable, such as python3 -m http.server 8000 on your machine or a router admin page on 192.168.0.1 / 192.168.1.1.

The test is most useful when the top-level scan rejects those targets but the about:blank frame resolves one of them.

Expected results

Scenario Top-level frame about:blank frame Verdict
Protected browser Rejects or matches frame behaviour Rejects or matches top-level behaviour Pass
Vulnerable browser Rejects a target Resolves that same target Fail — about:blank reaches local network more broadly