[Livehttpheaders] Feature Request: "HTTP/S Header Filtering"
anogeorgeo at yahoo.com
Tue May 23 12:41:09 EDT 2006
I am requesting a feature for your great
"livehttpheaders" which will enable HTTP/S
environmental variable header filtering.
HTTP/S headers include information about the systems
in use. This is bad in regards to security, privacy,
There are HTTP proxy programs such as Privoxy
http://www.privoxy.org/ and Proximodo
http://proximodo.sourceforge.net/ which filter HTTP
environmental variable headers. Unfortunitly, none of
the existing HTTP header filtering solutions are able
to filter HTTPS data due to the nature of HTTPS (eg.
Recent discussions about the feasability of
'on-the-fly' HTTPS 'decryption > filtering of
decrypted HTTPS Headers > encryption' has lead to the
of a Firefox extension.
As Firefox has access to the verified and decrypted
HTTPS headers FF is in the best position to filter the
decrypted HTTPS headers on-the-fly.
A Firefox extension may be the best option for
on-the-fly HTTP/S header filtering as explained in
"The only way to do this is via extensions to the
browser. That way you do not interfere with CRL/OCSP
for true cert verification...And you get SSL for free,
because your extensions see the web data AFTER the
browser has performed (optional) rigorous checks to
make sure the cert has not been revoked or otherwise
I requested this as an extension at
But, then I found your great extension and I thought
you may be interested. I also thought you may be able
to implament this faster/better than others due to the
nature of your "livehttpheaders" extension.
Here are the HTTP/S Environmental Variable Headers
that IMO should be filtered or spoofed:
Should be spoofed to match the home-page of the
server/site the user is actively connected to.
Should be user configurable for OS, encryption
strength, language, browser, etc
Should be set to the paramiter "Close"
Should be user configurable, generally to match the
language in "User-Agent".
The FF extension should add a HTTP/S header to each
request so only uncompressed transfers are requested.
a.)Should be able to forge "X-Forwarded-for:" headers
using random IP addresses from a specified network, to
make successive requests from the same client look
like requests from a pool of different users sharing
the same proxy.
b.) If 'a.)' is not feasable then the next best option
is the removal (eg. deletion) of the HTTP/S header
"X-Forwarded-for" from client requests and prevent
creation of new ones.
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
More information about the Livehttpheaders