Keeping Javascript from leaking browser/system information

[JJoe]

First merge

Code:

[HTTP headers]
In = TRUE
Out = FALSE
Key = "Content-Type: Fix application/javascript (In)"
Match = "application/javascript"
Replace = "text/javascript; PrxMsg: Fixed acc. to Original: application/javascript"

(Jan. 18, 2016 01:38 AM)Greyhat Harry Wrote:  How would I

Quick easy answer is, enable "Disable JavaScript".

You can block suspect scripts but they can rename or obfuscate them.

You can rename like

Code:

Name = "Stop OnMouseOver events"
Active = FALSE
Limit = 20
Match = "onmouseover="
Replace = "OnPheasantOver="

but they can obfuscate "onmouseover=".

Sometimes you can specify a value before they can read it.

Code:

Name = "Hide Browser's Referrer from JS"
Active = TRUE
Limit = 15
Match = ".referrer"
Replace = ".referrer.substr(0,0)+"\u""

Unfortunately, preventing disclosure may mark you as unique...

You might find https://www.torproject.org/projects/torbrowser/design/ interesting.

(Jan. 18, 2016 01:38 AM)Greyhat Harry Wrote:  I've tried both "Kill Nosey JavaScripts" and "Hide Browser's Identity from JS", but to no avail.

"Kill Nosey JavaScripts" missed due to its bounds.
"Hide Browser's Identity from JS" miss was due to the server's use of the application/javascript content type. The header filter you merged changes application/javascript to

Code:

Content-Type: text/javascript; PrxMsg: Fixed acc. to Original: application/javascript

HTH