[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Accept-encoding: gzip

light zoo <lightzook@xxxxxxxxx> wrote:

> --- Mike Cardwell <tor@xxxxxxxxxxxxxxxxxx> wrote:
> >> Or am I missing something?
> >> 
> >> Mike
> Yes, you are missing something...and that is header
> munging.  If you use compression then the headers
> can/may not be munged (spoofed and modified) as far as
> I understand.  

The Accept-Encoding header doesn't affect the encoding
of the headers, so there's no reason why it should make a
difference for header modifications.

> I do all my header munging (Firefox browser) via.
> about:config and extensions, some people use Privoxy,
> etc.  
> This is my compression setting in about:config, it
> disables all compression:
> network.http.accept-encoding 
> {gzip;q=0,deflate;q=0,compress;q=0}

I don't think so. It certainly makes fingerprinting
your requests easier, though.

If you don't want to receive compressed content,
you should either set the Accept-Encoding
header to "identity", or send no Accept-Encoding
header at all.

Have a look at section "3.5 Content Codings"
in: http://ietf.org/rfc/rfc2616.txt
if you're interested in the details.

Of course if there is no reason not to accept
compressed content, it makes sense to just leave
the client's encoding settings alone.


Attachment: signature.asc
Description: PGP signature