[samsonradu]

How does it manage to hide the requests to 127.0.0.1 from the network tab?

[worthless-trash]

The requests are not made, because some operating systems prevent this.

If you're on OSX, the permission to "discover on the local network" prevents it from happening ( System Settings -> Privacy & Security -> Local Network -> yourbrowser )

Could also be 'network' permissions on firefox ( Go to Settings > Privacy & Security > Permissions ) which is on a per site level, but iirc that could be set site-wide at some point.

The other browsers likely have similar configs, but this is what I have found.

[snowwrestler]

Looks like this is new to MacOS 15 Sequoia, as I don’t see a Local Network option in Sonoma.

[M95D]

I have no ideea. Possibly that's a limitation of Chrome+Firefox developer tools (I get the feeling it's the same code)?

But I found what "burp" is: https://portswigger.net/burp/communitydownload

[culturestate]

It seems like they only make the localhost requests on your first visit. If you open devtools in incognito mode (or just clear the cookies) before accessing https://ceac.state.gov/genniv/ you should see those 127.0.0.1 attempts as ERR_CONNECTION_REFUSED in the network tab.

Somewhat more worryingly, Little Snitch doesn't report them at all, though that might just be because they were already blocked at the browser.

[inferiorhuman]

This is what I see.

https://i.imgur.com/lvjg2YQ.png

[hoherd]

> 400_random_url_with_numbers_403

That looks so much like test code that was shipped to prod.

Searches for that string on GH does return results.