JS client side check to detect a possible internet connection (breach of air-gap)

client-side-air-gap-check.js

/*jslint browser*/
/* Content-Security-Policy: connect-src 'self'
          https://enable-cors.org/index.html
          https://1.1.1.1/cdn-cgi/trace
          https://1.0.0.1/cdn-cgi/trace;
    IPv6 is not yet supported by CSP:
    https://github.com/w3c/webappsec-csp/issues/224
*/
(function () {
    "use strict";

    var apiEndpoint = "/api/client_detected_internet";
    var corsList = [
        "https://enable-cors.org/index.html",           // IPv4/6 via DNS
        "https://1.1.1.1/cdn-cgi/trace",                // direct IPv4 endpoint
        "https://1.0.0.1/cdn-cgi/trace"                 // direct IPv4 endpoint
//      "https://[2606:4700:4700::1111]/cdn-cgi/trace", // direct IPv6 endpoint
//      "https://[2606:4700:4700::1001]/cdn-cgi/trace"  // direct IPv6 endpoint
    ];
    var i = 0;
    var corsTimeout = 10000;//ms
    var workInterval = 30000;//ms

    function notAirgapped() {
        var xhr = new XMLHttpRequest();
        xhr.open("GET", apiEndpoint);
        xhr.send();
    }

    function stateChange(e) {
        if (e.target.readyState === XMLHttpRequest.DONE) {
            if (e.target.status > 0) {
                notAirgapped();
            }
        }
    }

    function checkClientSideAirgap(url) {
        var xhr = new XMLHttpRequest();
        xhr.open("GET", url);
        xhr.onreadystatechange = stateChange;
        xhr.timeout = corsTimeout;
        xhr.send();
    }

    function work() {
        checkClientSideAirgap(corsList[i]);
        i = (i + 1) % corsList.length;
    }

    setInterval(work, workInterval);
}());

Open network connection tab and visit demo url: https://www.ondersteunendesoftwareverkiezingen.nl/client-side-airgap.html