########################################################################### ## Copyright (C) Wizardry and Steamworks 2016 - License: GNU GPLv3 ## ## Please see: http://www.gnu.org/licenses/gpl.html for legal details, ## ## rights of fair usage, the disclaimer and warranty conditions. ## ########################################################################### ## # Rules to anonymize http headers ## ## Request Header Rules # Content-Types that are acceptable for the response (replace this). request_header_access Accept deny all # Character sets that are acceptable (replace this). request_header_access Accept-Charset deny all # List of acceptable encodings (replace this). request_header_access Accept-Encoding deny all # List of acceptable human languages for response (replace this). request_header_access Accept-Language allow all # Acceptable version in time #request_header_access Accept-Datetime allow all request_header_access Authorization allow all #request_header_access Cache-Control allow all request_header_access Connection allow all # Needed for not breaking most websites. request_header_access Cookie allow all request_header_access Content-Length allow all request_header_access Content-MD5 allow all request_header_access Content-Type allow all # The date and time that the message was sent. #request_header_access Date allow all request_header_access Expect allow all # The email address of the user making the request. #request_header_access From allow all request_header_access Host allow all request_header_access If-Match allow all request_header_access If-Modified-Since allow all request_header_access If-None-Match allow all request_header_access If-Range allow all request_header_access If-Unmodified-Since allow all # Limit the number of times the message can be forwarded through proxies or gateways. #request_header_access Max-Forwards allow all # Initiates a request for cross-origin resource sharing. #request_header_access Origin allow all #request_header_access Pragma allow all request_header_access Proxy-Authorization allow all request_header_access Range allow all # Needed in order to not break some sites. request_header_access Referer allow all request_header_access TE allow all # The user agent string of the user agent (replace this). request_header_access User-Agent deny all # Ask the server to upgrade to another protocol. #request_header_access Upgrade allow all # Informs the server of proxies through which the request was sent. request_header_access Via allow all request_header_access Warning allow all # Needed for AJAX requests. request_header_access X-Requested-With allow all # Requests a web application to disable their tracking of a user. # request_header_access DNT allow all # Identifying the originating IP address of a client connecting with a proxy. #request_header_access X-Forwarded-For allow all # Identifying the original host requested by the client. request_header_access X-Forwarded-Host allow all # Identifying the originating protocol of an HTTP request request_header_access X-Forwarded-Proto allow all request_header_access Front-End-Https allow all request_header_access X-Http-Method-Override allow all # Allows easier parsing of the MakeModel/Firmware that is usually found in the User-Agent String of AT&T Devices. #request_header_access X-ATT-DeviceId allow all # Full description and details about the device currently connecting #request_header_access X-Wap-Profile allow all request_header_access Proxy-Connection allow all # Server-side deep packet insertion of a unique ID identifying customers of Verizon Wireless. #request_header_access X-UIDH allow all request_header_access X-Csrf-Token allow all #request_header_access X-Request-ID allow all #request_header_access X-Correlation-ID allow all request_header_access Other deny all request_header_access All deny all ## Response Header Rules reply_header_access Access-Control-Allow-Origin allow all reply_header_access Accept-Patch allow all reply_header_access Accept-Ranges allow all reply_header_access Age allow all reply_header_access Allow allow all reply_header_access Alt-Svc allow all #reply_header_access Cache-Control allow all reply_header_access Connection allow all reply_header_access Content-Disposition allow all reply_header_access Content-Encoding allow all reply_header_access Content-Language allow all reply_header_access Content-Length allow all reply_header_access Content-Location allow all reply_header_access Content-MD5 allow all reply_header_access Content-Range allow all reply_header_access Content-Type allow all # The date and time that the message was sent. #reply_header_access Date allow all reply_header_access ETag allow all reply_header_access Expires allow all reply_header_access Last-Modified allow all reply_header_access Link allow all reply_header_access Location allow all reply_header_access P3P allow all #reply_header_access Pragma allow all reply_header_access Proxy-Authenticate allow all reply_header_access Public-Key-Pins allow all reply_header_access Refresh allow all reply_header_access Retry-After allow all reply_header_access Server allow all reply_header_access Set-Cookie allow all reply_header_access Status allow all # HSTS and cache #reply_header_access Strict-Transport-Security allow all reply_header_access Trailer allow all reply_header_access Transfer-Encoding allow all # Tracking Status Value, value suggested to be sent in response to a DNT(do-not-track). #reply_header_access TSV allow all # Ask the client to upgrade to another protocol. #reply_header_access Upgrade allow all reply_header_access Vary allow all reply_header_access Via allow all reply_header_access Warning allow all reply_header_access WWW-Authenticate allow all reply_header_access X-Frame-Options allow all reply_header_access X-XSS-Protection allow all reply_header_access Content-Security-Policy allow all reply_header_access X-Content-Security-Policy allow all reply_header_access X-WebKit-CSP allow all reply_header_access X-Content-Type-Options allow all reply_header_access X-Powered-By allow all reply_header_access X-UA-Compatible allow all reply_header_access X-Content-Duration allow all #reply_header_access Upgrade-Insecure-Requests allow all #reply_header_access X-Request-ID allow all #reply_header_access X-Correlation-ID allow all reply_header_access Other deny all reply_header_access All deny all # Ignore responses from different nameservers ignore_unknown_nameservers on # Turn off sending squid version information httpd_suppress_version_string on # Remove via and x-forwarded-for via off forwarded_for delete follow_x_forwarded_for deny all # Replace accept encoding request_header_replace Accept */* request_header_replace Accept-Encoding * request_header_replace Accept-Charset utf-8 request_header_replace Accept-Encoding gzip, deflate request_header_replace Accept-Language en-US