Published on December 10, 2012
I’ve been playing around with the Chrome extensions, writing some simple widgets like displaying / modifying / my (session) cookies, altering HTTP headers, etc.
One of my ideas was to write an extensions which would strip off unnecessary info from HTTP headers to preserve more privacy. In general I am not really interested letting others know who am I, where I came from, what software I use, etc.
Chromium, by default, sends for example the
Referer header, which of course
is quite normal because that’s what browsers do. From
RFC1945 we can learn that
...allows a server to generate lists of back-links to resources for interest, logging, optimized caching, etc. It also allows obsolete or mistyped links to be traced for maintenance.
Okay, seems like a valid reason, still, I sliced this from my HTTP headers array.
Moving on to
User-Agent, let’s check another section of the
...This is for statistical purposes, the tracing of protocol violations, and automated recognition of user agents for the sake of tailoring responses to avoid particular user agent limitations. Although it is not required, user agents should include this field with requests.
Those highlighted three words are good enough for me, so I decided to slice this header field also. Why? If we look at this table or this report we can see that only around 5% of all the internet users have Linux (yes, those might not be the most accurate sources, but in general, they are correct). So by telling that I use Linux and Chromium (version 23 currently), my browser gives away info which could be used in identifying me in some cases.
After I added another
if-statement to my listener function, weird things
happened. Since the new web standards and technologies are being developed as we
speak, browsers differ a lot when it comes to supporting new standards like
HTML5. In order to offer the best
experience to the end-user, it seems that websites rely heavily on such things
User-Agent fields. I always thought that something like
this would be a bit better approach.
Anyway, to come back to the title, I opened up Gmail and immediately saw that the UI was different. Google is always updating its products (and UI) so I thought that it was just an update and did not pay much attention to it. Then I needed something from my Google Drive, opened it and this came up:
This webpage has a redirect loop
The webpage at https://drive.google.com/DocAction?action=unsupported_browser# has resulted in too many redirects. Clearing your cookies for this site or allowing third-party cookies may fix the problem. If not, it is possibly a server configuration issue and not a problem with your computer.
... Error 310 (net::ERR_TOO_MANY_REDIRECTS): There were too many redirects.
Actually, right now there seems to be a redirect loop, but some time ago I got a more polite response were I was told that sorry man, but no love for your browser, even though it works just fine if I tell them which one I use.
Another observation, I just tested my university’s new Roundcube mail interface and to my great surprise, I was somehow forced to use a mobile version of it.
To conclude, it seems that in order to use the most essential and popular
services out there, sending the
User-Agent field in HTTP headers is needed.