Real local scan · Nothing uploaded

What can Claude see in your environment?

0/ 100
Ready to scan

  • 100% local scan
  • Results never uploaded
  • Authorized code

What gets scanned

Six browser-visible regional signals, weighted to a 0–100 exposure score.

  1. System timezoneWeight 30Claude SameIntl.DateTimeFormat exposes the same OS timezone Claude Code reads; compared against Asia/Shanghai, Asia/Urumqi and other China zones.
  2. Browser languageWeight 24navigator.languages — zh-CN / Simplified Chinese at the top of the list scores highest.
  3. Installed Chinese fontsWeight 20Canvas width-probing for Simplified / Traditional Chinese fonts such as Microsoft YaHei and PingFang SC.
  4. Intl localeWeight 10The locale your browser resolves for date and number formatting.
  5. Timezone offsetWeight 8Whether getTimezoneOffset() equals UTC+8.
  6. Emoji rendering styleWeight 8OS vendor guessed from the user agent; a weak, loosely correlated signal.

How the check works

Browsers expose environment details to render dates, language, fonts and graphics correctly. This scanner reads six standard browser-visible signals and shows each raw value and weighted contribution.

Only the system timezone corresponds directly to a mechanism described in public Claude Code analysis. The other five values are general regional environment signals. The score measures visible signal similarity, not identity or an official account decision.

FAQ

Is the system timezone a real browser signal?

Yes. Intl.DateTimeFormat exposes the operating-system timezone to web pages. Public Claude Code analysis also described reading the OS timezone.

Is this an official Claude account-risk score?

No. It is a transparent estimate based on browser-visible regional signals, not an internal platform verdict.

How should I interpret the score?

Use it to understand what ordinary web pages can read. Expand each signal row to see the raw value and its contribution.

Is any data uploaded?

Raw scan signals never leave your browser. On the first scan, a random browser ID is sent to the first-party counter and hashed on the server solely to prevent duplicate counting.

Privacy

Scan results stay on your device. The completion counter stores only a one-way hash of a random browser ID for de-duplication; no raw signals, analytics, tracking pixels or external fonts are used.