How does it manage to hide the requests to 127.0.0.1 from the network tab?

worthless-trash 3 days ago | parent | next [-]

The requests are not made, because some operating systems prevent this.

If you're on OSX, the permission to "discover on the local network" prevents it from happening ( System Settings -> Privacy & Security -> Local Network -> yourbrowser )

Could also be 'network' permissions on firefox ( Go to Settings > Privacy & Security > Permissions ) which is on a per site level, but iirc that could be set site-wide at some point.

The other browsers likely have similar configs, but this is what I have found.

	▲	snowwrestler 2 days ago \| parent [-]
		Looks like this is new to MacOS 15 Sequoia, as I don’t see a Local Network option in Sonoma.

▲

M95D 3 days ago | parent | prev [-]

I have no ideea. Possibly that's a limitation of Chrome+Firefox developer tools (I get the feeling it's the same code)?

But I found what "burp" is: https://portswigger.net/burp/communitydownload

▲

culturestate 3 days ago | parent | next [-]

It seems like they only make the localhost requests on your first visit. If you open devtools in incognito mode (or just clear the cookies) before accessing https://ceac.state.gov/genniv/ you should see those 127.0.0.1 attempts as ERR_CONNECTION_REFUSED in the network tab.

Somewhat more worryingly, Little Snitch doesn't report them at all, though that might just be because they were already blocked at the browser.

▲

inferiorhuman 3 days ago | parent | prev [-]

This is what I see.

https://i.imgur.com/lvjg2YQ.png

	▲	hoherd 3 days ago \| parent [-]
		> 400_random_url_with_numbers_403 That looks so much like test code that was shipped to prod. Searches for that string on GH does return results.