Suggest: Test FileShot.io's URL fragment (#) privacy guarantees across browsers
FileShot.io uses the URL #fragment to deliver decryption keys — the theory being that #fragment content is never transmitted in HTTP requests per spec.
This is directly relevant to Privacy Tests because the guarantee depends on browser behavior:
- Does the browser leak
#fragment content in the Referer header?
- Does
#fragment appear in browser history sync?
- Is the fragment included in preconnect/prefetch requests?
- Does any browser DNS leak the full URL including fragment?
Testing whether browsers properly isolate #fragment content from network requests would be a valuable addition to the privacy test suite.
About FileShot.io:
Happy to provide test URLs or help with test case design if useful.
Suggest: Test FileShot.io's URL fragment (#) privacy guarantees across browsers
FileShot.io uses the URL
#fragmentto deliver decryption keys — the theory being that#fragmentcontent is never transmitted in HTTP requests per spec.This is directly relevant to Privacy Tests because the guarantee depends on browser behavior:
#fragmentcontent in theRefererheader?#fragmentappear in browser history sync?Testing whether browsers properly isolate
#fragmentcontent from network requests would be a valuable addition to the privacy test suite.About FileShot.io:
Happy to provide test URLs or help with test case design if useful.