Next: , Previous: , Up: HTTP tuning   [Contents][Index]


3.3.2 Censoring headers

Polipo offers the option to censor given HTTP headers in both client requests and server replies. The main application of this feature is to very slightly improve the user’s privacy by eliminating cookies and some content-negotiation headers.

It is important to understand that these features merely make it slightly more difficult to gather statistics about the user’s behaviour. While they do not actually prevent such statistics from being collected, they might make it less cost-effective to do so.

The general mechanism is controlled by the variable censoredHeaders, the value of which is a case-insensitive list of headers to unconditionally censor. By default, it is empty, but I recommend that you set it to ‘From, Accept-Language’. Adding headers such as ‘Set-Cookie’, ‘Set-Cookie2’, ‘Cookie’, ‘Cookie2’ or ‘User-Agent’ to this list will probably break many web sites.

The case of the ‘Referer5 header is treated specially because many sites will refuse to serve pages when it is not provided. If censorReferer is false (the default), ‘Referer’ headers are passed unchanged to the server. If censorReferer is maybe, ‘Referer’ headers are passed to the server only when they refer to the same host as the resource being fetched. If censorReferer is true, all ‘Referer’ headers are censored. I recommend setting censorReferer to maybe.

Another header that can have privacy implications is the ‘Via’ header, which is used to specify the chain of proxies through which a given request has passed. Polipo will generate ‘Via’ headers if the variable disableVia is false (it is true by default). If you choose to generate ‘Via’ headers, you may want to set the proxyName variable to some innocuous string (see Client connections).


Footnotes

(5)

HTTP contains many mistakes and even one spelling error.


Next: , Previous: , Up: HTTP tuning   [Contents][Index]