########################################################################### ## Copyright (C) Wizardry and Steamworks 2013 - License: GNU GPLv3 ## ## Please see: http://www.gnu.org/licenses/gpl.html for legal details, ## ## rights of fair usage, the disclaimer and warranty conditions. ## ########################################################################### ## Squid3 - rules to anonymize HTTP response headers. ## ########################################################################### # CORS reply_header_access Access-Control-Allow-Origin allow all reply_header_access Access-Control-Allow-Credentials allow all reply_header_access Access-Control-Expose-Headers allow all reply_header_access Access-Control-Max-Age allow all reply_header_access Access-Control-Allow-Methods allow all reply_header_access Access-Control-Allow-Headers allow all # reply_header_access Accept-Patch allow all reply_header_access Accept-Ranges allow all reply_header_access Age allow all reply_header_access Allow allow all reply_header_access Alt-Svc allow all # reply_header_access Cache-Control allow all reply_header_access Connection allow all reply_header_access Content-Disposition allow all reply_header_access Content-Encoding allow all reply_header_access Content-Language allow all reply_header_access Content-Length allow all reply_header_access Content-Location allow all reply_header_access Content-MD5 allow all reply_header_access Content-Range allow all reply_header_access Content-Type allow all ### The date and time that the message was sent. # reply_header_access Date allow all reply_header_access ETag allow all reply_header_access Expires allow all reply_header_access Last-Modified allow all reply_header_access Link allow all reply_header_access Location allow all reply_header_access P3P allow all # reply_header_access Pragma allow all reply_header_access Proxy-Authenticate allow all reply_header_access Public-Key-Pins allow all reply_header_access Refresh allow all reply_header_access Retry-After allow all reply_header_access Server allow all reply_header_access Set-Cookie allow all reply_header_access Status allow all ### HSTS (no, thank you) and cache. # reply_header_access Strict-Transport-Security allow all reply_header_access Trailer allow all reply_header_access Transfer-Encoding allow all ### Tracking Status Value (TSV), value suggested to be sent in response to ### a do-not-track (DNT). No, thank you. # reply_header_access TSV allow all ### Ask the client to upgrade to another protocol. # reply_header_access Upgrade allow all reply_header_access Vary allow all reply_header_access Via allow all reply_header_access Warning allow all reply_header_access WWW-Authenticate allow all reply_header_access X-Frame-Options allow all reply_header_access X-XSS-Protection allow all reply_header_access Content-Security-Policy allow all reply_header_access X-Content-Security-Policy allow all reply_header_access X-WebKit-CSP allow all reply_header_access X-Content-Type-Options allow all reply_header_access X-Powered-By allow all reply_header_access X-UA-Compatible allow all reply_header_access X-Content-Duration allow all # reply_header_access Upgrade-Insecure-Requests allow all # reply_header_access X-Request-ID allow all # reply_header_access X-Correlation-ID allow all reply_header_access X-Accel-Redirect allow all reply_header_access X-Sendfile allow all reply_header_access X-LIGHTTPD-send-file allow all reply_header_access X-Sendfile2 allow all reply_header_access X-Accel-Limit-Rate allow all reply_header_access X-Accel-Buffering allow all reply_header_access X-Accel-Charset allow all reply_header_access Other deny all reply_header_access All deny all