Next: Intermediate proxies, Previous: Tuning the HTTP parser, Up: HTTP tuning [Contents][Index]
Polipo offers the option to censor given HTTP headers in both client requests and server replies. The main application of this feature is to very slightly improve the user’s privacy by eliminating cookies and some content-negotiation headers.
It is important to understand that these features merely make it slightly more difficult to gather statistics about the user’s behaviour. While they do not actually prevent such statistics from being collected, they might make it less cost-effective to do so.
The general mechanism is controlled by the variable
censoredHeaders
, the value of which is a case-insensitive list
of headers to unconditionally censor. By default, it is empty, but
I recommend that you set it to ‘From, Accept-Language’. Adding
headers such as ‘Set-Cookie’, ‘Set-Cookie2’, ‘Cookie’,
‘Cookie2’ or ‘User-Agent’ to this list will probably break
many web sites.
The case of the ‘Referer’5 header is treated specially because many
sites will refuse to serve pages when it is not provided. If
censorReferer
is false
(the default), ‘Referer’
headers are passed unchanged to the server. If censorReferer
is maybe
, ‘Referer’ headers are passed to the server only
when they refer to the same host as the resource being fetched. If
censorReferer
is true
, all ‘Referer’ headers are
censored. I recommend setting censorReferer
to maybe
.
Another header that can have privacy implications is the ‘Via’
header, which is used to specify the chain of proxies through which
a given request has passed. Polipo will generate ‘Via’ headers
if the variable disableVia
is false
(it is true by
default). If you choose to generate ‘Via’ headers, you may want
to set the proxyName
variable to some innocuous string
(see Client connections).
• Censor Accept-Language: | Why Accept-Language is evil. |
Next: Intermediate proxies, Previous: Tuning the HTTP parser, Up: HTTP tuning [Contents][Index]