Dec 17, 2024 · XS-Leaks Wiki # Overview # Cross-site leaks (aka XS-Leaks, XSLeaks) are a class of vulnerabilities derived from side-channels 1 built into the web platform. They take advantage of the …

XS-Leaks Wiki Attacks

Element leaks Some HTML Elements might be used to leak a portion of data to a cross-origin page. For example, the below media resources can leak information about its size, duration, type. …

Mar 13, 2026 · Secure Defaults # This section contains articles discussing two types of secure defaults: Partitioned Caches – Ensure that cache resources cannot be shared in between different sites. …

Oct 1, 2020 · Cross-site search (XS-Search) is an important attack principle in the family of XS-Leaks. This type of attack abuses Query-Based Search Systems to leak user information from an attacker …

Last Modified: September 29, 2020 Edit this article

Deprecation April 23, 2024 COOP October 8, 2020 Fetch Metadata October 8, 2020 SameSite Cookies October 8, 2020 Application Fix October 1, 2020 Browser Fix October 1, 2020 CORB October 1, …

Jun 9, 2024 · Defense Mechanisms # Defending against all possible XS-Leaks Attack Vectors is not a trivial task. Each one of the attack vectors affects different web and browser components and has its …

Oct 1, 2020 · Explanation # Cross-Origin Resource Policy (CORP) is a web platform security feature that allows websites to prevent certain resources from being loaded by other origins. This protection …

Experiments # This section presents XS-Leaks that affect experimental features. Experimental features are usually hidden under a browser preference flag and their exact specification is under active …