[Herrera]

Yeah, https://xsleaks.dev tracks most of the known ways to leak cross-origin data.

[smagin]

oh hell yes. And oh yes iframes and postmessages, of course people would setup them incorrectly and even if they do some (probably not that important but still) data will leak if you're creative enough. Thanks for the link!