Polipo offers the option to censor given HTTP headers in both client requests and server replies. The main application of this feature is to very slightly improve the user's privacy by eliminating cookies and some content-negotiation headers.
It is important to understand that these features merely make it slightly more difficult to gather statistics about the user's behaviour. While they do not actually prevent such statistics from being collected, they might make it less cost-effective to do so.
The general mechanism is controlled by the variable
censoredHeaders
, the value of which is a case-insensitive list
of headers to unconditionally censor. By default, it is empty, but I
recommend that you set it to the list consisting of Set-Cookie
,
Cookie
, Cookie2
, From
and Accept-Language
.
You should probably not censor User-Agent
, as many sites use it
in order to customise their pages for a given implementation.
The case of the Referer
1 header is treated specially because many
sites will refuse to serve pages when it is not provided. If
censorReferer
is false
(the default), Referer
headers are passed unchanged to the server. If censorReferer
is maybe
, Referer
headers are passed to the server only
when they refer to the same host as the resource being fetched. If
censorReferer
is true
, all Referer
headers are
censored. I recommend setting censorReferer
to maybe
.