Closed Bug 92716 Opened 23 years ago Closed 16 years ago

Need way to completely disable user-agent header

Categories

(Core :: Networking: HTTP, enhancement, P4)

Product:
Core
Component:
Networking: HTTP
Type:
enhancement

Tracking

()

Status:
RESOLVED WORKSFORME
Milestone:
Future

People

(Reporter: jmd, Unassigned)

References

Details

(Keywords: privacy) 

Preferably under the main Privacy & Security tab, right next to the UI to
disable Referer:  (see bug 55477)
adding to junkbuster tracker
Blocks: 91783
Keywords: privacy
See bug 57555 and bug 55366.

Also see my warnings (sites might not work) in bug 46029.
We already offer some customization of the UA string. Is this a UI-type request
(make it easy to do...) or is there some aspect of UA that needs to be addressed?
 
retargeting. 

mstoltz: this may be your bucket. take it is you want it.
Severity: normal → enhancement
Priority: -- → P4
Target Milestone: --- → Future
Not precisely my bucket, but this should be part of the "paranoid mode" I've got
planned - a single pref that enables super-privacy at the cost of breaking a few
sites. I suppose we actually want to allow not sending the useragent header at
all; someone in Necko probably knows how to do that.
> We already offer some customization of the UA string. Is this a UI-type request
> (make it easy to do...) or is there some aspect of UA that needs to be
> addressed?

We can customize what appears in the UA-string, but we cannot suppress it
altogether. This bug is about that option.
Didn't know how much anonymity is wanted.

I guess I would hide as IE 5, but I can see others want more...
Er... hiding as IE is more of a way to get around
this-page-only-works-after-paying-microsoft-tax issue, not a privacy one.

Besides, the last thing we need is to add to IE's 90-some-percent share in
access logs.


I need to control which headers are sent where. For example (w/o using a
_sophisticated_ firewall): I need to block all referers when crossing from
inside (intranet) to outside (internet) in order to avoid data leakage.
These links are eg. on pages I maintain or generate them locally, and if
local users click them, usually there would be a referer sent revealing
a link within the intranet, complete with server ip and possibly parameters
(data) used in the application(s). (I'd allow referers when surfing the
Internet or surfing the Intranet, however, only not when crossing this border).

Finer control about headers is desirable, eg. to generally allow session
cookies, but to disallow long-lived cookies etc etc. also, a tool to inspect
the headers sent by the server could be very interesting.

Thank you!
I don't think that a general solution is feasible. (You can completely disable
referer already, btw.)
We really shouldn't need another pref for this. Just don't send UA: at all if
general.useragent.override is set to null. I'm changing my UI request. It should
be under Debug->Networking, by accept encoding/http version. The reason for UI
at all is it's handy to change temporarily to get into a certain MS-only site.
This should take 20 mins tops for someone to implement who knows what they're
doing... I hate to see it futured.
Summary: need pref to disable completly user-agent header → Need way to completely disable user-agent header
IMHO, in the interests of simple UI, this should either be:
   1. A debug-panel pref
   2. A duplicate of bug 80658
   3. WONTFIXed.
Blocks: 71569
moving neeti's futured bugs for triaging.
Assignee: neeti → new-network-bugs
In reply to comment #12

Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9pre) Gecko/2008033001 SeaMonkey/2.0a1pre

Setting general.useragent.override to empty (but defined) now suppresses the sending of an HTTP_USER_AGENT header, as found by browsing to http://gemal.dk/browserspy/headers.php . It also removes the "Build Identifier" (i.e., UA) line on the about: page.

By installing the UserAgent Switcher extension and defining one additional UA string (value ""), you can get this as a menu item in the "Tools -> UserAgent Switcher" menu.

Resolving WORKSFORME (after approx. 5½ years without a comment). If you REOPEN, please explain why.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.