claustromaniac / etag-stoppa Goto Github PK

Tip To Make Your Code Compatible With All Browsers:
add window.browser = window.msBrowser || window.browser || window.chrome; // Cross-browser compatibility

This code was test (into developper mode) on ungoogled-chromium, vivaldi and firefox and works like a charm

window.browser = window.msBrowser || window.browser || window.chrome;
eTagFilter: function eTagFilter(d) {
    if (!d.responseHeaders) return {};
    const newHeaders = d.responseHeaders.filter(e => "etag" !== e.name.toLowerCase());
    return newHeaders.length < d.responseHeaders.length ? (console.log(`Removed ETag from request #${d.requestId}\n\t${d.url}`), { responseHeaders: newHeaders }) : void 0
}
browser.webRequest.onHeadersReceived.addListener(
    eTagFilter, {
        urls: ["<all_urls>"]
    },
    ["blocking", "responseHeaders"]
);

And into manifest.json
"description": "Prevents browsers from storing entity tags by removing ETag response headers unconditionally and without exceptions."

https://privacycheck.sec.lrz.de/passive/fp_etag/fp_etag.php

With different browsers, cache enabled, and some of them with extensions disabled or no extension at all I always get after a page refresh:

Website visits: 0
Your last visit: same as the time the page was refreshed
Your random ETag: different each time, except for a few first numbers

Hi,

Is there a SVG version of this logo, or a bigger than 64x64 pixels?

I haven't tested it, well I did, I think, but it was weeks ago ... so I can't confirm or deny (but i'm sure it worked, but then I may have been really drunk and nude tired)

https://privacycheck.sec.lrz.de/passive/fp_etag/fp_etag.php

THIS should be way better than that lucible one. After your tests, let me know. I already have the main landing page (https://privacycheck.sec.lrz.de/index.html) in the wiki at you know where (the site has other tests), but if the test passes, then I will change our wiki...and use this specific etag test as our recommended etag one

... and you might want to point to the new test in your AMO and readme's etc

Later,
👖

PS: On the main landing page, you have to tick the privacy thing and allow a cookie in order for the links to work properly. If you just use the actual various test pages, you don't need a cookie: just so you're aware in your testing (i.e you can test with cookies blocked etc)

Consider extension privacy possum with etag filters. How is your mousetrap better?

Is it possible to add a whitelist in?

any chance of adding an option to turn off the console logging? It's rather f#^king verbose. Thanks 🐈

if (ShutTFUp == false) {
  if (newHeaders.length < d.responseHeaders.length) {
    console.debug(`Removed ETag from request #${d.requestId}\n	${d.url}`);
    return {responseHeaders: newHeaders};
  }
}

STR:
Join a google meeting meeting with ETag-stoppa enabled and the screen is blank, no video, no share screen, no chat, no controls.
Join a google meeting meeting with ETag-stoppa disabled and everything works.

Cheers

Dear @claustromaniac,
Could you be so kind to describe possible drawbacks a user might face using Etag Stoppa extension?