Cross-site leaks, also known as XS-Leaks, are a type of browser side-channel attack that can allow a malicious website to infer and collect potentially sensitive user information from other sites by bypassing security mechanisms such as same-origin policy.

Same-origin policy is designed to restrict how a document, script or media file loaded by one origin can interact with a resource from another origin. However, over the years, researchers have identified many methods that can be used to bypass this security mechanism.