ip-diagnosis
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseIP Diagnosis
IP Diagnosis
在 上做详细网络诊断,并输出固定结构的运维报告。
macOS + ChromePerform detailed network diagnosis on and output O&M reports with a fixed structure.
macOS + Chrome适用场景
Applicable Scenarios
当用户要求以下任务时使用本技能:
- 检查当前公网 /
IPv4IPv6 - 判断 是否地区分裂
IPv4/IPv6 - 检查 VPN / 代理是否只接管了部分流量
- 检查浏览器侧是否暴露了额外地址
- 比对命令行出口与浏览器页面看到的结果
- 输出一份可复查的详细网络诊断报告
本技能默认针对当前机器执行,不询问是否继续。
Use this skill when users request the following tasks:
- Check current public network /
IPv4IPv6 - Determine if there is region split between
IPv4/IPv6 - Check if VPN/proxy only takes over part of the traffic
- Check if the browser side exposes extra addresses
- Compare command line egress results with results seen on browser pages
- Output a detailed reviewable network diagnosis report
This skill runs on the current machine by default, no confirmation prompt will be sent before execution.
执行原则
Implementation Principles
- 先补依赖,再做诊断
- 先本地网络栈,再外部出口,再浏览器交叉验证
- 至少两类外部来源交叉验证,不依赖单一站点
- 报告里明确区分:
- 已证实事实
- 判断
- 建议
- 看到公网 IP,本身不等于浏览器泄露
Server Response - 只有 暴露出额外私网或异常公网地址时,才判浏览器侧泄露风险
Via WebRTC
- Install missing dependencies first before diagnosis
- Check local network stack first, then external egress, then browser cross-validation
- Cross-validate with at least two external sources, do not rely on a single site
- Clearly distinguish in the report:
- Verified facts
- Judgments
- Suggestions
- Public IP seen in does not equal browser leak by itself
Server Response - Only when extra private network or abnormal public network addresses are exposed via , it is judged as browser-side leakage risk
WebRTC
0. 依赖检查与安装
0. Dependency Check and Installation
先检查:
bash
command -v curl
command -v dig
command -v jq
command -v python3
command -v npm
command -v playwright-cli
command -v brew
open -Ra "Google Chrome"默认依赖:
curldigjqpython3npmplaywright-cliGoogle Chrome
安装规则:
- 若 缺失但
playwright-cli不存在,且npm可用:brewbashbrew install node - 若 缺失:
playwright-clibashnpm install -g playwright-cli - 安装后立刻校验:
bash
playwright-cli open --help - 若 不存在,明确写出阻塞项并停止;不要自动降级到其他浏览器
Google Chrome - 若 能运行,但
playwright-cli浏览器通道打不开,再尝试:chromebashplaywright-cli install-browser --browser chrome - 若 缺失且
jq可用:brewbashbrew install jq - 若 缺失且
python3可用:brewbashbrew install python
如果关键依赖无法安装,报告中明确写出阻塞项并停止,不要伪造结论。
Check first:
bash
command -v curl
command -v dig
command -v jq
command -v python3
command -v npm
command -v playwright-cli
command -v brew
open -Ra "Google Chrome"Default dependencies:
curldigjqpython3npmplaywright-cliGoogle Chrome
Installation rules:
- If is missing,
playwright-clidoes not exist andnpmis available:brewbashbrew install node - If is missing:
playwright-clibashnpm install -g playwright-cli - Verify immediately after installation:
bash
playwright-cli open --help - If does not exist, clearly state the blocking item and stop; do not automatically downgrade to other browsers
Google Chrome - If can run but the chrome browser channel cannot be opened, try:
playwright-clibashplaywright-cli install-browser --browser chrome - If is missing and
jqis available:brewbashbrew install jq - If is missing and
python3is available:brewbashbrew install python
If key dependencies cannot be installed, clearly state the blocking item in the report and stop, do not forge conclusions.
1. 本地网络栈检查
1. Local Network Stack Check
按顺序执行:
bash
route -n get default
route -n get default | awk '/interface:/{print $2}'
networksetup -listallhardwareports
netstat -rn -f inet6 | sed -n '1,80p'
scutil --dns
ifconfig | grep -E -A3 '^(en0|en1|utun[0-9]+):'然后:
- 先从 提取当前默认接口,例如
route -n get defaulten0 - 再用 把接口映射到对应的网络服务名
networksetup -listallhardwareports - 只有在映射到明确服务名后,才执行:
bash
networksetup -getinfo "<实际服务名>"- 如果映射不出来,报告里写明 ,不要硬编码成
networksetup service unresolvedWi-Fi
目标:
- 看默认路由走向
- 看 默认路由是否经由
IPv6utun - 看是否存在活跃
utun - 看本地接口是否带原生
IPv6 - 看 是否像隧道私网解析器或本地直连解析器
DNS
Execute in order:
bash
route -n get default
route -n get default | awk '/interface:/{print $2}'
networksetup -listallhardwareports
netstat -rn -f inet6 | sed -n '1,80p'
scutil --dns
ifconfig | grep -E -A3 '^(en0|en1|utun[0-9]+):'Then:
- Extract the current default interface from first, e.g.
route -n get defaulten0 - Map the interface to the corresponding network service name with
networksetup -listallhardwareports - Only execute after mapping to a clear service name:
bash
networksetup -getinfo "<actual service name>"- If mapping fails, write in the report, do not hardcode it as
networksetup service unresolvedWi-Fi
Objectives:
- Check the direction of the default route
- Check if the default route goes through
IPv6utun - Check if there is an active
utun - Check if the local interface has native
IPv6 - Check if DNS is a tunnel private resolver or local direct resolver
2. 本地命令确认公网出口
2. Local Command Confirmation of Public Egress
至少执行:
bash
curl --connect-timeout 8 --max-time 15 -4sS https://api.ipify.org
curl --connect-timeout 8 --max-time 15 -6sS https://api64.ipify.org
curl --connect-timeout 8 --max-time 15 -4sS https://ipinfo.io/json
curl --connect-timeout 8 --max-time 15 -6sS https://ipinfo.io/json
curl --connect-timeout 8 --max-time 15 -4sS https://ifconfig.co/json
curl --connect-timeout 8 --max-time 15 -6sS https://ifconfig.co/json
curl --connect-timeout 8 --max-time 15 -4sS https://api.ip.sb/geoip
curl --connect-timeout 8 --max-time 15 -6sS https://api.ip.sb/geoip
dig +short txt ch whoami.cloudflare @1.1.1.1要求:
- 分别确认 和
IPv4IPv6 - 尽量为两者都拿到:
- IP
- 国家 / 地区
- ASN
- 组织
- 如果 查询失败,不要立刻判“没有 IPv6”
-6 - 如果结果是 这类
::ffff:x.x.x.x,不要把它当成独立公网IPv4-mapped IPv6IPv6
Execute at least:
bash
curl --connect-timeout 8 --max-time 15 -4sS https://api.ipify.org
curl --connect-timeout 8 --max-time 15 -6sS https://api64.ipify.org
curl --connect-timeout 8 --max-time 15 -4sS https://ipinfo.io/json
curl --connect-timeout 8 --max-time 15 -6sS https://ipinfo.io/json
curl --connect-timeout 8 --max-time 15 -4sS https://ifconfig.co/json
curl --connect-timeout 8 --max-time 15 -6sS https://ifconfig.co/json
curl --connect-timeout 8 --max-time 15 -4sS https://api.ip.sb/geoip
curl --connect-timeout 8 --max-time 15 -6sS https://api.ip.sb/geoip
dig +short txt ch whoami.cloudflare @1.1.1.1Requirements:
- Confirm and
IPv4separatelyIPv6 - Try to get for both:
- IP
- Country/Region
- ASN
- Organization
- If query fails, do not immediately judge "no IPv6"
-6 - If the result is and other
::ffff:x.x.x.xaddresses, do not treat it as an independent publicIPv4-mapped IPv6IPv6
3. Chrome 浏览器交叉验证
3. Chrome Browser Cross-Validation
必须使用:
推荐顺序:
bash
playwright-cli open --browser=chrome https://webbrowsertools.com/ip-address/
playwright-cli eval "document.title"
playwright-cli eval "document.body.innerText"
playwright-cli snapshot如需要,可再读取:
bash
playwright-cli console
playwright-cli network如果出现以下任一情况:
- 页面标题或正文包含
请稍候 - 页面标题或正文包含
Just a moment - 页面标题或正文包含
Verify you are human - 页面内容明显是 挑战页
Cloudflare - 或控制台显示主页面请求
playwright-cli network403 - 页面里看不到 、
IP Addresses、From Server Response这些关键分组Via WebRTC
则执行一次受限重试:
bash
playwright-cli close
playwright-cli open --browser=chrome --headed --persistent https://webbrowsertools.com/ip-address/
playwright-cli eval "document.title"
playwright-cli eval "document.body.innerText"
playwright-cli snapshot如果重试后仍然是挑战页、403、或关键分组缺失:
- 不要让整份诊断失败
- 在报告中把浏览器交叉验证状态写成
blocked by challenge / partial / unavailable - 明确记录看到的标题、错误、403 或挑战页提示
- 继续完成本地网络栈和外部出口部分的报告
- 把 标成“浏览器侧验证受阻,需人工复查”
webbrowsertools
报告里尽量详细记录这些动态结果分组:
IP AddressesFrom Server ResponseRemote DataRemote IP ServicesVia WebRTC
如果页面上能看到具体行,尽量逐项列出,不要简单摘要。
重点字段通常包括:
HTTP_CLIENT_IPHTTP_CONNECTING_IPHTTP_COUNTRY_CODEHTTP_X_FORWARDEDHTTP_X_CLUSTER_CLIENT_IPHTTP_FORWARDED_FORHTTP_FORWARDEDipapi.cohostip.infoipify.org [IPv4]ipify.org [IPv6]ipecho.net- 各类 行
STUN/WebRTC
Must use:
Recommended execution order:
bash
playwright-cli open --browser=chrome https://webbrowsertools.com/ip-address/
playwright-cli eval "document.title"
playwright-cli eval "document.body.innerText"
playwright-cli snapshotIf needed, you can read additionally:
bash
playwright-cli console
playwright-cli networkIf any of the following occurs:
- Page title or body contains
请稍候 - Page title or body contains
Just a moment - Page title or body contains
Verify you are human - The page content is obviously a challenge page
Cloudflare - or console shows main page request returns
playwright-cli network403 - Key groups such as ,
IP Addresses,From Server Responseare missing on the pageVia WebRTC
Perform a limited retry:
bash
playwright-cli close
playwright-cli open --browser=chrome --headed --persistent https://webbrowsertools.com/ip-address/
playwright-cli eval "document.title"
playwright-cli eval "document.body.innerText"
playwright-cli snapshotIf it is still a challenge page, 403, or missing key groups after retry:
- Do not fail the entire diagnosis
- Write the browser cross-validation status as in the report
blocked by challenge / partial / unavailable - Clearly record the title, error, 403 or challenge page prompt seen
- Continue to complete the report for the local network stack and external egress parts
- Mark as "browser-side verification blocked, manual review required"
webbrowsertools
Record these dynamic result groups in as much detail as possible in the report:
IP AddressesFrom Server ResponseRemote DataRemote IP ServicesVia WebRTC
If specific lines are visible on the page, list them item by item as much as possible, do not make simple summaries.
Key fields usually include:
HTTP_CLIENT_IPHTTP_CONNECTING_IPHTTP_COUNTRY_CODEHTTP_X_FORWARDEDHTTP_X_CLUSTER_CLIENT_IPHTTP_FORWARDED_FORHTTP_FORWARDEDipapi.cohostip.infoipify.org [IPv4]ipify.org [IPv6]ipecho.net- Various lines
STUN/WebRTC
4. 报告输出格式
4. Report Output Format
必须按以下结构输出。
Must output according to the following structure.
结论
Conclusion
- 网络状态:
正常 / 有保留风险 / 明显异常 - 一句话总结最关键问题
结论判定要求:
- 如果活跃网络服务明确显示 ,且:
IPv6 Off- 命令行出口与浏览器侧一致
- 没有 额外地址
Via WebRTC - 没有证据表明存在独立公网 则默认写成
IPv6正常(IPv6 已关闭)
- 在上述场景下,不要仅因 未确认就写成
IPv6有保留风险 - 只有在存在实际不一致、异常暴露、挑战页阻断关键验证、或 仍然活跃但状态不清时,才升级为
IPv6有保留风险
- Network status:
Normal / Risk pending confirmation / Obviously abnormal - One-sentence summary of the most critical problem
Conclusion judgment requirements:
- If the active network service clearly shows , and:
IPv6 Off- Command line egress is consistent with browser side
- No extra addresses via
WebRTC - No evidence of independent public Write
IPv6by defaultNormal (IPv6 is turned off)
- In the above scenario, do not write just because
Risk pending confirmationis not confirmedIPv6 - Only upgrade to when there is actual inconsistency, abnormal exposure, challenge page blocking key verification, or
Risk pending confirmationis still active but status is unclearIPv6
证据
Evidence
本地检查
Local Check
- :
IPv4<ip 或 未确认> - :
IPv6<ip 或 未确认> - :
DNS<解析器摘要> - :
Default route<网关 / 接口> - :
utun<存在 / 不存在 + 简述> - 本地接口 :
IPv6<摘要>
- :
IPv4<ip or unconfirmed> - :
IPv6<ip or unconfirmed> - :
DNS<resolver summary> - :
Default route<gateway / interface> - :
utun<exists / does not exist + brief description> - Local interface :
IPv6<summary>
外部出口
External Egress
IPv4- IP
- 国家 / 地区
- ASN
- 组织
- 来源 1
- 来源 2
IPv6- IP
- 国家 / 地区
- ASN
- 组织
- 来源 1
- 来源 2
如果某个来源失败,明确写:
Failed to fetchtimeoutblocked无独立公网 IPv6 证据待核实
如果活跃网络服务明确显示 ,并且本地接口没有全局 :
IPv6 OffIPv6- 证据优先写成
IPv6无独立公网 IPv6 证据(IPv6 已关闭) - 不要优先写成
待核实 - 这里的 以
IPv6 已关闭返回的networksetup -getinfo "<实际服务名>"为准IPv6: Off
IPv4- IP
- Country/Region
- ASN
- Organization
- Source 1
- Source 2
IPv6- IP
- Country/Region
- ASN
- Organization
- Source 1
- Source 2
If a source fails, clearly write:
Failed to fetchtimeoutblockedNo evidence of independent public IPv6To be verified
If the active network service clearly shows , and the local interface has no global :
IPv6 OffIPv6- evidence is preferentially written as
IPv6No evidence of independent public IPv6 (IPv6 is turned off) - Do not preferentially write
To be verified - The here is subject to the
IPv6 is turned offreturned byIPv6: Offnetworksetup -getinfo "<actual service name>"
浏览器交叉验证
Browser Cross-Validation
- 页面: webbrowsertools IP Address
- 浏览器交叉验证状态:
success / partial / blocked by challenge / unavailable IP Addresses- 各项
From Server Response - 各项
Remote Data - 各项
Remote IP Services - 各项
Via WebRTC
- Page: webbrowsertools IP Address
- Browser cross-validation status:
success / partial / blocked by challenge / unavailable IP Addresses- All items of
From Server Response - All items of
Remote Data - All items of
Remote IP Services - All items of
Via WebRTC
判断
Judgment
必须显式回答:
- 是否存在 地区分裂:
IPv4/IPv6是 / 否 / 待核实 - 命令行出口与浏览器侧是否一致:
是 / 否 / 部分一致 - 是否存在浏览器侧 泄露:
WebRTC是 / 否 / 待核实 - 中看到的公网地址是否只是直连网站的正常现象:
Server Response是 / 否 - 是否确认存在独立公网 :
IPv6是 / 否 / 待核实 - 浏览器交叉验证是否被挑战页或 403 阻断:
是 / 否
Must explicitly answer:
- Is there region split:
IPv4/IPv6Yes / No / To be verified - Is the command line egress consistent with the browser side:
Yes / No / Partially consistent - Is there browser-side leak:
WebRTCYes / No / To be verified - Is the public address seen in just a normal phenomenon of direct connection to the website:
Server ResponseYes / No - Is the existence of independent public confirmed:
IPv6Yes / No / To be verified - Is browser cross-validation blocked by challenge page or 403:
Yes / No
解决方案
Solution
每条建议都要写:
- 适用条件
- 动作
- 为什么有效
建议顺序按优先级从高到低排列。
如果观察到 与 国家/地区不一致,必须给出 关闭 的具体方式:
IPv4IPv6macOSIPv6bash
networksetup -listallnetworkservices
networksetup -setv6off "Wi-Fi"如果需要恢复,补充:
bash
networksetup -setv6automatic "Wi-Fi"并明确提示用户:如果当前使用的网络服务不是 ,应先从 输出中找到正确服务名再执行。
Wi-Finetworksetup -listallnetworkservices如果观察到 暴露了额外私网或异常公网地址,可以把 Chrome 扩展作为浏览器侧缓解选项之一:
Via WebRTC说明要点:
- 该扩展通过调整浏览器的 路由与隐私设置来减少私网和公网地址暴露
WebRTC - 它可能影响依赖 的音视频或实时通信站点
WebRTC - 只适用于 暴露问题,不解决网站通过正常直连请求看到的
WebRTCServer Response
如果观察到某些站点显示的 / 与当前 出口 的归属不一致,补充一条低优先级建议:
AS NameASNHTTPIP- 适用条件:出口
HTTP与多数外部来源一致,但某个站点展示的IP/DNS ASN指向其他组织或运营商AS Name - 动作:明确告诉用户这通常是 解析器归属,而不是额外公网
DNS泄露;由用户自行决定是否继续处理IP - 为什么有效:有些站点会同时检测 出口和
HTTP解析器,页面上的DNS可能反映递归解析器的AS Name,而不是当前网页连接出口的ASNASN
如果用户决定继续处理该问题,只把下面这些动作作为可选项,不要默认推荐成必须修复:
- 手动修改 系统
macOSDNS - 在代理 / VPN 客户端中改用可达的
DoH - 切换到能稳定接管系统 的客户端或模式
DNS
并明确说明:
- 单独的 暴露通常不按高风险处理
DNS ASN - 是否处理取决于用户对运营商暴露、解析链路一致性和维护成本的容忍度
Each suggestion should include:
- Applicable conditions
- Action
- Why it works
Suggestions are sorted in descending order of priority.
If the country/region of and are inconsistent, you must give the specific method to turn off on :
IPv4IPv6IPv6macOSbash
networksetup -listallnetworkservices
networksetup -setv6off "Wi-Fi"If recovery is needed, supplement:
bash
networksetup -setv6automatic "Wi-Fi"And clearly prompt the user: if the currently used network service is not , first find the correct service name from the output of before execution.
Wi-Finetworksetup -listallnetworkservicesIf it is observed that exposes extra private network or abnormal public network addresses, you can use Chrome extension as one of the browser-side mitigation options:
Via WebRTCDescription points:
- This extension reduces private and public network address exposure by adjusting the browser's routing and privacy settings
WebRTC - It may affect audio/video or real-time communication sites that rely on
WebRTC - Only applicable to exposure problems, does not solve the
WebRTCseen by the website through normal direct connection requestsServer Response
If it is observed that the / displayed by some sites is inconsistent with the attribution of the current egress , add a low-priority suggestion:
AS NameASNHTTPIP- Applicable conditions: egress
HTTPis consistent with most external sources, but theIP/DNS ASNdisplayed by a site points to another organization or operatorAS Name - Action: Clearly tell the user that this is usually the attribution of the resolver, not an extra public
DNSleak; the user decides whether to continue processing on their ownIP - Why it works: Some sites detect both egress and
HTTPresolver at the same time, theDNSon the page may reflect theAS Nameof the recursive resolver, not theASNof the current web page connection egressASN
If the user decides to continue processing this problem, only use the following actions as options, do not recommend them as mandatory fixes by default:
- Manually modify system
macOSDNS - Switch to accessible in the proxy/VPN client
DoH - Switch to a client or mode that can stably take over system
DNS
And clearly explain:
- Separate exposure is usually not treated as high risk
DNS ASN - Whether to process depends on the user's tolerance for operator exposure, resolution link consistency and maintenance cost
复查链接
Review Links
至少包含:
- webbrowsertools IP Address
- 本次用到的外部查询源链接或域名
如果已经确认了具体公网 IP,建议额外给出把该 IP 直接带入的复查链接:
https://ping0.cc/ip/<detected-ip>https://iplark.com/<detected-ip>https://ipinfo.io/<detected-ip>
这里的 应替换成报告中已确认的实际 或 ,不要硬编码成历史示例值。
<detected-ip>IPv4IPv6当 暴露是问题的一部分时,一并给出:
WebRTCInclude at least:
- webbrowsertools IP Address
- Links or domain names of external query sources used this time
If the specific public IP has been confirmed, it is recommended to additionally provide review links that directly include the IP:
https://ping0.cc/ip/<detected-ip>https://iplark.com/<detected-ip>https://ipinfo.io/<detected-ip>
The here should be replaced with the actual or confirmed in the report, do not hardcode it as a historical example value.
<detected-ip>IPv4IPv6When exposure is part of the problem, provide together:
WebRTC5. 判读规则
5. Interpretation Rules
- 看见公网 IP:
From Server Response- 这是网站直连天然可见,不自动判浏览器泄露
- 只有 暴露额外私网或异常公网地址:
Via WebRTC- 才判为浏览器侧泄露风险
- 和
IPv4国家/地区不同:IPv6- 判为地区分裂风险
- 解决方案优先包含 关闭
macOS的具体命令IPv6
- 查询失败,但本地接口和路由表显示仍有
IPv6:IPv6- 写成
IPv6 状态待核实
- 写成
- 如果活跃网络服务明确显示 ,且本地接口没有全局
IPv6 Off,外部来源也没有独立公网IPv6证据:IPv6- 写
是否确认存在独立公网 IPv6否 - 写
是否存在 IPv4/IPv6 地区分裂否(IPv6 已关闭) - 结论默认不要因此升级成
有保留风险 - 上的
utun、链路本地fe80::地址、或残留IPv6路由,不能单独推翻这个结论inet6
- 多个来源在 ASN / 组织 / 地区上冲突:
- 明确写
来源不一致,需复查
- 明确写
- 如果站点展示的 /
AS Name与ASN出口HTTP归属冲突,但IP出口HTTP本身在多数来源上一致:IP- 先判断该站点是否同时检测了 解析器
DNS - 优先写成
DNS ASN 与 HTTP 出口 ASN 不一致 - 不要直接写成 或
发现隐藏真实 IP发生额外公网 IP 泄露 - 默认按低风险信息暴露处理,并交给用户自行决策是否继续收敛
- 先判断该站点是否同时检测了
- 没有独立公网 证据:
IPv6- 只能写
未确认独立公网 IPv6 - 不要写成
IPv6 正常
- 只能写
- Public IP seen in :
From Server Response- This is naturally visible for direct website connection, do not automatically judge it as browser leak
- Only when extra private network or abnormal public network addresses are exposed via :
WebRTC- Judge it as browser-side leakage risk
- Different country/region for and
IPv4:IPv6- Judge as region split risk
- The solution preferentially includes the specific command to turn off on
IPv6macOS
- query fails, but local interface and routing table still show
IPv6:IPv6- Write
IPv6 status to be verified
- Write
- If the active network service clearly shows , the local interface has no global
IPv6 Off, and external sources have no evidence of independent publicIPv6:IPv6- Write for
NoIs the existence of independent public IPv6 confirmed - Write for
No (IPv6 is turned off)Is there IPv4/IPv6 region split - Do not upgrade the conclusion to by default for this reason
Risk pending confirmation - on
fe80::, link-localutunaddresses, or residualIPv6routes cannot overturn this conclusion aloneinet6
- Write
- Conflicts in ASN/organization/region among multiple sources:
- Clearly write
Sources are inconsistent, review required
- Clearly write
- If the /
AS Namedisplayed by the site conflicts with the attribution of theASNegressHTTP, but theIPegressHTTPitself is consistent on most sources:IP- First judge whether the site also detects the resolver
DNS - Preferentially write
DNS ASN is inconsistent with HTTP egress ASN - Do not directly write or
Hidden real IP foundExtra public IP leak occurred - Treat as low-risk information exposure by default, and leave it to the user to decide whether to continue convergence
- First judge whether the site also detects the
- No evidence of independent public :
IPv6- Can only write
Independent public IPv6 not confirmed - Do not write
IPv6 is normal
- Can only write
6. 推荐外部来源
6. Recommended External Sources
优先用这些来源做交叉验证:
其中 只作为浏览器交叉验证页,不作为唯一真值来源。
webbrowsertoolsPrioritize these sources for cross-validation:
Among them, is only used as a browser cross-validation page, not as the only source of truth.
webbrowsertools7. 禁止事项
7. Prohibited Items
- 不要只引用一个 IP 查询站点
- 不要只看
IPv4 - 不要跳过浏览器交叉验证
- 不要把 直接写成浏览器泄露
Server Response - 不要把单个外部站点失败当成最终结论
- 不要在未确认 状态前草率下结论
IPv6
- Do not quote only one IP query site
- Do not only check
IPv4 - Do not skip browser cross-validation
- Do not directly write as browser leak
Server Response - Do not treat the failure of a single external site as the final conclusion
- Do not make hasty conclusions before confirming the status
IPv6