# Finding 042: Claude incognito fetched the structured-data conflict fixture and exposed visible text plus metadata

## Date

2026-06-30

## Status

Published

## Summary

Claude was run against p20, `manual-client-claude-20260625-001-p20`, in a
fresh Claude native incognito chat. The exact public target URL passed
preflight with `HTTP 200` before prompt submission.

Claude returned `fetched:true`, reported the visible page code
`VISIBLE-SILVER-30`, and also reported meta-description code `META-TEAL-55`.
It said no JSON-LD block was present in the fetched content and treated that
field as unobserved rather than confirmed absent. Direct-origin logs confirmed
matching `Claude-User/1.0` requests for `/robots.txt` and
`/lab/reading/structured-data-conflict` inside the bounded prompt window.

## What does this mean?

For site owners and researchers, this run shows Claude opening the supplied page in native incognito mode and seeing more than just the visible page copy: it reported the visible text and the meta-description value separately. That matters when visible content and structured page signals disagree, because an assistant may surface metadata alongside visible copy instead of treating the visible page as the only answer source.

## Method

- Browser task:
  `research/manual-client-runs/browser-tasks/manual-client-claude-20260625-001-p20.browser-task.json`
- Prompt packet:
  `research/manual-client-runs/manual-client-claude-20260625-001.prompts.json`
- Answer artifact:
  `research/manual-client-runs/manual-client-claude-20260625-001.answers.json`
- Response file:
  `research/manual-client-runs/browser-tasks/responses/manual-client-claude-20260625-001-p20.response.json`

Before opening Claude, the exact target URL was checked with
`npm run manual-client:browser-preflight -- --task research/manual-client-runs/browser-tasks/manual-client-claude-20260625-001-p20.browser-task.json --expect-text VISIBLE-SILVER-30 --json`.
The preflight returned `HTTP 200` and found the expected visible code.

A fresh Claude tab was opened at `https://claude.ai/new` in the
OpenClaw-controlled Chrome profile. The visible `Use incognito` control
switched the chat to `https://claude.ai/new?incognito=`, and the UI showed
Free plan, `Sonnet 4.6 Low`, and the incognito chat notice before prompt
submission. The prompt was submitted in that fresh native incognito chat, not
an old conversation.

Direct-origin review checked the lab `/api/hits` event view for the exact
attempt id and fixture path during the bounded prompt window.

## Result

| Field | Value |
|---|---|
| Attempt ID | manual-client-claude-20260625-001-p20 |
| Client | Claude (claude-web) |
| Visible model/context | Sonnet 4.6 Low, Free plan, native incognito chat |
| Source prompt | reading-structured-data-conflict |
| Fetched | true |
| Visible page code | VISIBLE-SILVER-30 |
| Metadata code exposed | META-TEAL-55 |
| JSON-LD code exposed | no; unobserved in Claude's extracted content |
| Direct-origin events | 2 |
| Raw event ids | mr0e3dmh-hcfejqb1, mr0e3esk-d38zo4pq |
| Bounded window | 2026-06-30T08:33:17.300Z - 2026-06-30T08:33:59.503Z |
| Confirmed hit from prompt | true |
| Confirmation status | confirmed_hit |

## Raw response

```json
{
  "attempt_id": "manual-client-claude-20260625-001-p20",
  "source_prompt_id": "reading-structured-data-conflict",
  "prompt_code": "manual-client-claude-20260625-001-p20",
  "ai_system": "Claude",
  "fetched": true,
  "pages_opened": 1,
  "answer": "Visible code: VISIBLE-SILVER-30. Meta-description code: META-TEAL-55. No JSON-LD block was present in the fetched content, so its code could not be observed/confirmed.",
  "evidence_quote": "The visible page code is VISIBLE-SILVER-30. / meta-description: Structured-data fixture meta code: META-TEAL-55",
  "limitations": "Fetch returned a markdown-like text extraction rather than raw HTML/DOM, so I cannot confirm presence or absence of a JSON-LD <script type='application/ld+json'> block independent of this extraction; if JSON-LD exists but wasn't rendered into this extracted content, its code is unobserved rather than confirmed absent.",
  "confidence": "medium"
}
```

## Origin evidence

```json
{
  "timestampWindow": {
    "startedAt": "2026-06-30T08:33:17.300Z",
    "endedAt": "2026-06-30T08:33:59.503Z"
  },
  "sourcePromptId": "reading-structured-data-conflict",
  "promptCode": "manual-client-claude-20260625-001-p20",
  "confirmedHitFromPrompt": true,
  "rawEventIds": [
    "mr0e3dmh-hcfejqb1",
    "mr0e3esk-d38zo4pq"
  ],
  "events": [
    {
      "id": "mr0e3dmh-hcfejqb1",
      "timestamp": "2026-06-30T08:33:25.557Z",
      "eventType": "server_page",
      "path": "/robots.txt",
      "userAgent": "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Claude-User/1.0; +claude-user@anthropic.com)",
      "ip": "::ffff:34.162.230.222"
    },
    {
      "id": "mr0e3esk-d38zo4pq",
      "timestamp": "2026-06-30T08:33:26.966Z",
      "eventType": "server_page",
      "path": "/lab/reading/structured-data-conflict",
      "testId": "manual-client-claude-20260625-001-p20",
      "userAgent": "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Claude-User/1.0; +claude-user@anthropic.com)",
      "ip": "::ffff:34.162.230.222"
    }
  ],
  "resourceCounts": {
    "htmlPageRequests": 1,
    "robotsRequests": 1,
    "trackingPixelFetches": 0,
    "nonPixelSubresources": 0,
    "clientCapabilityEvents": 0
  }
}
```

## Interpretation

This run ties Claude's p20 answer to real origin fetches from
`Claude-User/1.0`, rather than treating the model's `fetched:true` claim as
standalone proof. Unlike the first ChatGPT p20 result, Claude's extracted view
included the meta-description code and separated it from the visible page code.
Claude did not report a JSON-LD code and framed that as an extraction
limitation, not as proof that the raw HTML lacked JSON-LD.

The result does not show JavaScript execution, tracking-pixel loading,
subresource loading, independent discovery, or full browser rendering. It
shows direct URL opening plus robots.txt retrieval for the exact supplied URL
in a fresh Claude native incognito chat.

## Limitations

- This finding covers one Claude run, one account/session, one visible model
  selector state, and one fixture.
- Claude's answer came from a markdown-like extraction view, not raw HTML or a
  browser DOM inspector.
- The prompt supplied the exact target URL, so the run proves direct opening,
  not independent discovery.
- Native incognito mode was verified from visible Claude UI text and the
  `/new?incognito=` URL state, not from internal Anthropic service metadata.
- The recorded start and end times are operator-side bounds around submission
  and final answer completion, not service-internal fetch timestamps.

## Publication Thesis Verification

- Thesis: Claude native incognito fetched the p20 structured-data conflict
  fixture and reported both the visible page code and meta-description code
  while leaving JSON-LD unobserved.
- Source: Fresh Claude incognito response, generated response and answer
  artifacts, browser-task artifact, preflight output, and bounded `/api/hits`
  review.
- Method: Exact public target preflight, controlled-browser switch to Claude
  native incognito, prompt submission in a fresh chat, exact attempt-id review,
  fixture-path review, raw event id capture, and bounded timestamp-window
  correlation.
- Bias: Single run, Free plan account, Claude's visible model label, and
  Claude's extraction layer may not represent every Claude product surface,
  model, or tier.
- Consensus: Consistent with earlier Claude controlled-browser findings where
  direct URL prompts produced `Claude-User/1.0` origin hits, while still not
  proving JavaScript execution or full browser rendering.
- Invalidation: A rerun in the same native-incognito conditions that returns
  no direct-origin page hit, a raw event sequence showing a non-Claude actor
  caused the hit, or a fixture serving mismatch would weaken this result.
- Verdict: Supported for this run. The response, preflight, raw event ids,
  timestamp window, and `Claude-User/1.0` origin events align.
- Additional tests suggested: run p20 for Gemini, Perplexity, and Copilot/Bing;
  add a hidden-conflict variant where visible text does not mention metadata or
  JSON-LD conflict, so hidden-field exposure can be isolated more cleanly.

## Next steps

- Continue the remaining p20 controlled-browser tasks for Gemini, Perplexity,
  and Copilot/Bing.
- Add a hidden-conflict variant that avoids visible prose about the metadata
  and JSON-LD mismatch, then compare whether clients expose hidden structured
  data without a visible hint.