Security Test - Beacon / Recon

Collector Log

Payloads in the Live Output column run automatically in sandboxed iframes. Fetch and beacon calls appear here (auto-refreshes every 2 s).

Waiting for hits…

Case Name Payload Expected Behavior Live Output

Tracking pixel without JavaScript

Beacon / Recon Security Test Cases
Case	Name	Payload	Expected Behavior
F1	Tracking pixel without JavaScript	`<img src="/collect/pixel?case=F1" width="1" height="1" alt="">`	Crawler output should not render this as a network-loading pixel.
F2	Send userAgent, screen, and URL	`<script>navigator.sendBeacon('/collect/recon', JSON.stringify({ua:navigator.userAgent, screen: screen.width + 'x' + screen.height, url: location.href}))</script>`	Crawler output should not execute browser reconnaissance code.
F3	Send list of all links on page	`<script>fetch('/collect/links', {method:'POST', body:[...document.links].map(a=>a.href).join('\n')})</script>`	Crawler output should not execute link enumeration code.

<img src="/collect/pixel?case=F1" width="1" height="1" alt="">

Crawler output should not render this as a network-loading pixel.

Send userAgent, screen, and URL

<script>navigator.sendBeacon('/collect/recon', JSON.stringify({ua:navigator.userAgent, screen: screen.width + 'x' + screen.height, url: location.href}))</script>

Crawler output should not execute browser reconnaissance code.

Send list of all links on page

<script>fetch('/collect/links', {method:'POST', body:[...document.links].map(a=>a.href).join('\n')})</script>

Crawler output should not execute link enumeration code.

Back to crawl test home