Node: Censoring headers, Next: , Previous: Tuning the HTTP parser, Up: Network



Censoring headers

Polipo offers the option to censor given HTTP headers in both client requests and server replies. The main application of this feature is to very slightly improve the user's privacy by eliminating cookies and some content-negotiation headers.

It is important to understand that these features merely make it slightly more difficult to gather statistics about the user's behaviour. While they do not actually prevent such statistics from being collected, they might make it less cost-effective to do so.

The general mechanism is controlled by the variable censoredHeaders, the value of which is a case-insensitive list of headers to unconditionally censor. By default, it is empty, but I recommend that you set it to the list consisting of Set-Cookie, Cookie, Cookie2, From and Accept-Language. You should probably not censor User-Agent, as many sites use it in order to customise their pages for a given implementation.

The case of the Referer1 header is treated specially because many sites will refuse to serve pages when it is not provided. If censorReferer is false (the default), Referer headers are passed unchanged to the server. If censorReferer is maybe, Referer headers are passed to the server only when they refer to the same host as the resource being fetched. If censorReferer is true, all Referer headers are censored. I recommend setting censorReferer to maybe.


Footnotes

  1. HTTP contains many mistakes and even one spelling error.