Polipo offers the option to censor given HTTP headers in both client requests and server replies. The main application of this feature is to very slightly improve the user’s privacy by eliminating cookies and some content-negotiation headers.
It is important to understand that these features merely make it slightly more difficult to gather statistics about the user’s behaviour. While they do not actually prevent such statistics from being collected, they might make it less cost-effective to do so.
The general mechanism is controlled by the variable
censoredHeaders, the value of which is a case-insensitive list
of headers to unconditionally censor. By default, it is empty, but
I recommend that you set it to ‘From, Accept-Language’. Adding
headers such as ‘Set-Cookie’, ‘Set-Cookie2’, ‘Cookie’,
‘Cookie2’ or ‘User-Agent’ to this list will probably break
many web sites.
The case of the ‘Referer’5 header is treated specially because many
sites will refuse to serve pages when it is not provided. If
false (the default), ‘Referer’
headers are passed unchanged to the server. If
maybe, ‘Referer’ headers are passed to the server only
when they refer to the same host as the resource being fetched. If
true, all ‘Referer’ headers are
censored. I recommend setting
Another header that can have privacy implications is the ‘Via’
header, which is used to specify the chain of proxies through which
a given request has passed. Polipo will generate ‘Via’ headers
if the variable
false (it is true by
default). If you choose to generate ‘Via’ headers, you may want
to set the
proxyName variable to some innocuous string
(see Client connections).
|• Censor Accept-Language:||Why Accept-Language is evil.|
HTTP contains many mistakes and even one spelling error.