########################################################################### ## Copyright (C) Wizardry and Steamworks 2013 - License: GNU GPLv3 ## ## Please see: http://www.gnu.org/licenses/gpl.html for legal details, ## ## rights of fair usage, the disclaimer and warranty conditions. ## ########################################################################### ## Squid3 - rules to anonymize HTTP request headers. ## ########################################################################### ### Content-Types that are acceptable for the response (replace this). request_header_access Accept deny all ### Character sets that are acceptable (replace this). request_header_access Accept-Charset deny all ### List of acceptable encodings (replace this). request_header_access Accept-Encoding deny all ### List of acceptable human languages for response (replace this). request_header_access Accept-Language allow all ### Acceptable version in time # request_header_access Accept-Datetime allow all request_header_access Authorization allow all # request_header_access Cache-Control allow all request_header_access Connection allow all ### Needed for not breaking most websites. request_header_access Cookie allow all request_header_access Content-Length allow all request_header_access Content-MD5 allow all request_header_access Content-Type allow all ### The date and time that the message was sent. # request_header_access Date allow all request_header_access Expect allow all ### The email address of the user making the request. # request_header_access From allow all request_header_access Host allow all request_header_access If-Match allow all request_header_access If-Modified-Since allow all request_header_access If-None-Match allow all request_header_access If-Range allow all request_header_access If-Unmodified-Since allow all ### Limit the number of times the message can be forwarded through proxies ### or gateways. # request_header_access Max-Forwards allow all ### Initiates a request for cross-origin resource sharing (CORS). request_header_access Origin allow all # request_header_access Pragma allow all request_header_access Proxy-Authorization allow all request_header_access Range allow all ### Needed in order to not break some sites using referrer checks. request_header_access Referer allow all request_header_access TE allow all ### Replace the User-Agent string except for the domains specified in the ### "real_user_agent" ACL. acl real_user_agent dstdom_regex "/etc/squid3/real_user_agent.conf" request_header_access User-Agent allow real_user_agent request_header_access User-Agent deny !real_user_agent ### Ask the server to upgrade to another protocol. # request_header_access Upgrade allow all ### Informs the server of proxies through which the request was sent. request_header_access Via allow all request_header_access Warning allow all ### Needed for AJAX requests. request_header_access X-Requested-With allow all ### Requests a web application to disable their tracking of a user. ## Yeah, lol, wear a "do-not-follow-me" T-Shirt. Smart. Very smart. # request_header_access DNT allow all ### Identifying the originating IP address of a client connecting through ### a proxy server indicating what client was forwarded. # request_header_access X-Forwarded-For allow all ### Identifying the original host requested by the client. request_header_access X-Forwarded-Host allow all ### Identifying the originating protocol of an HTTP request request_header_access X-Forwarded-Proto allow all request_header_access Front-End-Https allow all request_header_access X-Http-Method-Override allow all ### Allows easier parsing of the MakeModel/Firmware that is usually found ### in the User-Agent String of AT&T Devices. # request_header_access X-ATT-DeviceId allow all ### Full description and details about the device currently connecting. # request_header_access X-Wap-Profile allow all request_header_access Proxy-Connection allow all ### Server-side deep packet insertion of a unique ID identifying customers. ### of Verizon Wireless. # request_header_access X-UIDH allow all request_header_access X-Csrf-Token allow all # request_header_access X-Request-ID allow all # request_header_access X-Correlation-ID allow all request_header_access X-Accel-Redirect allow all request_header_access X-Sendfile allow all request_header_access X-LIGHTTPD-send-file allow all request_header_access X-Sendfile2 allow all request_header_access X-Accel-Limit-Rate allow all request_header_access X-Accel-Buffering allow all request_header_access X-Accel-Charset allow all request_header_access Other deny all request_header_access All deny all