27 March 2017

Improve your online privacy by trimming the headers your browser sends

The EFF runs a very useful web-based service that estimates the uniqueness of the HTTP header lines that your browser sends to every web server from which you request a page or other content.

Especially if you allow all sites to run JavaScript on your computer, I suggest that you visit EFF’s Panopticlick site and note the results. Chances are that the information on plug-in details, time zone, screen size, colour depth and system fonts that JavaScript (officially ECMAScript) gives away go a significant way towards making your browser fingerprint unique.

In addition to avoiding JavaScript, similar steps you can take to improve your online privacy are to disable cookies and to use only one entry in your Accept-Language header (which enumerates your preferred languages for web content). Accept-Language: en would probably be the safest choice.

Many Panopticlick users have unique headers, even though the service does not pay attention to all information that a browser could provide.

Generally, the less opportunity your browser provides for running active content, the safer you are. Of course, this does not apply only to browser fingerprinting, but also to software vulnerabilities that can be used e.g. for loading so called drive-by malware.

Panopticlick exists at http://panopticlick.eff.org/.