IPleak.com

HTTP and what kind of data is passed via HTTP headers

 

What are HTTP headers?

HTTP stands for Hypertext Transfer Protocol, which is used for communication between websites and browsers. All that you see in the browser window at this moment has been sent and received using this protocol.

When you open a website, your browser exchanges data with it, sending and receiving HTTP headers, passing to the server various information about itself.

This is how a browser request may look like:

 

How HTTP-headers can compromise safe private browsing?

  1. They reveal information about your browser, device, and IP address;

  2. When a transparent proxy is used, your real IP address can be transmitted in a special header, revealing your location on the Web;

  3. The Referer header passes information about the website or page you've come to the current website;

  4. Based on the combination of these data, a script on a website can create a unique digital profile called a fingerprint you can be identified with even after changing your IP address.

 

What is a User Agent?

User Agent is the part of an HTTP header that contains information about the browser and the operating system.

 

How to protect anonymous browsing:

  • Your User Agent can be changed by adjusting browser settings or by using special plug-ins like RMOSChange for Firefox and Internet Explorer, User-Agent Switcher for Chrome, and User Agent Changer for Opera.

  • The Referer header can be masked using such plug-ins as Referer Control for Chrome.

  • Special tools and plug-ins for direct editing of HTTP requests can be used. (e.g., Modify Headers for Google Chrome)

 

How to manually change User Agent in Firefox:

  1. In the address bar, type: about:config and press “I'll be careful, I promise!”.

  2. On the next screen, type in the search box: useragent and press Enter

  3. Make sure that the general.useragent.override setting doesn't already exist.

  4. Right-click on an empty spot and select “New” -> “String”.

  5. Type into the field: general.useragent.override and click “OK”.

  6. Enter new User Agent data, for example, like this:

Mozilla / 5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit / 537.75.14 (KHTML, like Gecko) Version / 7.0.3 Safari / 7046A194A

  1. Click “OK”.

 

You can find many lists of sample User Agent configurations on the Internet (for example, herehere or here).

 

On our website, you can check the HTTP-headers your browser sends:

 

  • QUERY_STRING - Parameters that sended to the script, if the query string in the address.

  • REQUEST_METHOD - Request method, which has been used to call the script: GET or POST.

  • REQUEST_URI - It contains the name and parameters of the script from the root directory of the virtual host, if the query string in the address.

  • SERVER_PROTOCOL - Name and version of the protocol that was used to request the page; for example 'HTTP / 1.1';

  • REMOTE_ADDR - IP address of the remote client that making the request.

  • REMOTE_PORT - Port of the client that was used to connect to the server.

  • HTTP_ACCEPT - What types of requested document client prefers.

  • HTTP_ACCEPT_LANGUAGE - What languages is preferable for opening the page.

  • HTTP_USER_AGENT -  It contains information about the type and version of operating system and browser of the visitor.

  • HTTP_ACCEPT_ENCODING - Retrieves a list of compression encodings that the browser supports.

  • HTTP_HOST - Server name (in most cases the same as the domain name of a site located on a server).

  • HTTP_CONNECTION - Type of connection. The value of keep-alive means that the browser supports persistent connections, and during one session can make multiple requests.

  • HTTP_COOKIE - Data about cookie session on the site, stored in the browser.

  • HTTP_UPGRADE_INSECURE_REQUESTS - Sends value “1” for automatically upgrade insecure (e.g. http:) requests  to a secure alternative (e.g. https:) before a browser fetches them.

  • HTTP_CACHE_CONTROL -  Max-age specifies the "expiry date" of the file (in seconds), after which the file must be reloaded again.

  • HTTP_REFERER - The address which referred the client to the current page.

  • HTTP_DNT - Value of “Do Not Track” status. If “1” - enabled.

 

The following HTTP-headers may pass information about your real IP address:

  • HTTP_VIA

  • HTTP_X_FORWARDED_FOR

  • HTTP_PROXY_CONNECTION

  • X_FORWARDED_FOR

  • FORWARDED_FOR

  • FORWARDED

  • HTTP_FORWARDED_FOR_IP

  • HTTP_FORWARDED_FOR

  • FORWARDED_FOR_IP

  • HTTP_X_FORWARDED

  • HTTP_FORWARDED

  • HTTP_CLIENT_IP, VIA, X_FORWARDED

  • CLIENT_IP