The secret life of your web browser revealed!

note: for more info, also read the Enviromental Varibles FAQ

Not everyone is aware that there's a hidden conversation going on between your web browser and ALL the sites you visit. Known as HTTP header messages they are all the info your browser freely gives out every time you connect to ANY web site without even being asked. As you will see, some of this info you might rather keep to yourself. Some soft like The Proxomitron will not only lets you view all those messages, but also lets you alter, add, or delete them. If security is important to you, make it your business to know what your browser is telling the world and have it say only what you want! The order of the varibles will vary from server to server. Of course, Java, Java Script, Active X will gather a lot more info off your PC incuding but not limited to IP number, Email addresses, they can look at what files you have on your PC, run exes without your permittion, ets

HEADERS
WHAT VARIBLES IT WILL SHOW
GET, HEAD, PUT POST are the base request commands of the HTTP protocol. This first line would suffice to request the wanted information.
REQUEST_METHOD : GET
SERVER_PROTOCOL: will show which version of HTTP you are using, usually HTTP1.0 or HTTP1.1
HTTP_XROXY_CONNECTION : usually Keep-Alive
HTTP_ACCEPT_CHARSET: iso-8859-1,*,utf-8
HTTP_REFERER_FROM: shows the page you came from, where you came from before or the last page you visited before the current one, or if you came from a link. Typed URLs and bookmarks usually result in this variable being left blank. http:\/\/(www\.)?$mydomain\//);
HTTP_USER_AGENT : shows which browser type you are using, your browser version and also the O/S you use
HTTP_HOST: the remote server's name you are accesing
SERVER_PORT: shows the web server's listening port. usually 80, 8080, 3128 (if you are on HTTP)
SERVER_SOFTWARE: the remote server's O/S (Apache/1.2.4 for example)
SCRIPT_NAME: what kind of scripts the remote server is running if any (/cgi-bin/show-http-headers)
REMOTE_ADDRESS : or REMOTE_HOST : will show your IP number, or if you are usign a proxy, it's IP number
HTTP_REMOTE_HOST : will show your host name and address -country, ets
IDENT-Lookup: Username: will show yor PC's name, your operating system: your charset:
REMOTE_PORT: shows the port the remote server uses
SERVER_NAME: the DNS name of the server you are accessing
SERVER_ADMIN: usually the email address of the webmaster
HTTP_COOKIE: If your browser finds a cookie in his cookie file matching the domain of this server it will send it along with every request. This server also tries to set up a cookie in your browser. If this is successfully done, you can see this cookie in your request when RELOADing this page.
HTTP_X_FORWARDED_FROM: or HTTP_FORWARDED: if you use a proxy, it will show here
shows where you've been routed from. proxy can forward real ip here, In order to remain anonymous the you DO NOT want your real IP showing, only the proxy's.(trully anon proxies will NOT show HTTP_FORWARDED or HTTP_X_FORWARDED_FOR variables,
HTTP_FORWARDED : shows the path you use in connecting to a web server this line shows exactly where you're coming from. reveals proxy used VIA : reveals use of proxy
HTTP_VIA : if you are usign a proxy, the name will show up here
HTTP_ACCEPT: will show what kind of images your browser will accept such as: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */* These are the MIME-types accepted by your browser, sometimes with a quality factorappended.
CLIENT_IP : your IP can be revealed by proxy
HTTP_FROM : sometimes IP proxied from is revealed here, so make sure you look at that option when evaluating how secure a proxy is!
ACCEPT-LANGUAGE: or HTTP_ACCEPT_LANGUAGE: Here your browser may indicate which languages it prefers. ISO-country-codes are used to accomplish this. So "en" is english, "de" is german, "ru" is russian, etc
SCRIPT_NAME: if the server wil run any scripts like cgi, ets.


The proxies presented on this page where active on July 14, 1999. Each was chosen for illustrative purposes.

The format of each illustration is comprised of two parts. The first is a print of the ENV variables sent back in a proxy test using Proxomitron (authored by Scott R. Lemmon). In many cases use of the Proxomitron log window during the test reveals what occurs inside the target proxy's configured environment (i.e. its interaction with other sibling or parent proxies within the corporate network).

The second is a print of the relevant headers received by the origin server (resource requested) as revealed in an ENVIRONMENTAL test page such as the one at Junkbuster.

The results of these two tests may be different. This difference should be underscored. Disparity occurs for the following reason. During a proxy test where the IP address of both the requesting client and the recipient of the results of the request are identical, the proxying environment may for some purposes treat the requester as an internal client.

However, when an ENV test page is used, ONLY the variables passed outside the internal network are visible. Internally appended variables may be stripped or reformated under a different header as the request leaves the proxy environment. The requesting browser IP address in this case is different then the IP address of the origin server (requested resource) and thus an ENV test page will mimic the client (browser)-proxy-origin server exchange.

Example #45 & #50 demonstrate the Client-Ip: header. Normally this header is used for internal logging and possible internal access control based on the IP address of the originating requesting client. This header is usually stripped out when the request leaves the corporate environment.

Example #45 Proxy: 193.158.136.161:80 NOTE: That the IP address is assigned to & is present within the proxy environment under Client-IP. However as would be expected the Client-IP information is stripped out & is not passed on to the origin server. Even so this proxy is not anonymous for the reason that IP information is passed under HTTP_X_FORWARDED_FOR:

Proxy DNS lookup = ics1F.N.srv.t-online.de
Proxy IP = 193.158.136.161
>GET / HTTP/1.0
>Host: xxx.xx.xxx.xxx:7734
>Pragma: no-cache
>Via: HTTP/1.0 speth11.nueb01.t-online.de (IBM-WTE)
>Client-IP: xxx.xx.xxx.xxx

HTTP_CACHE_CONTROL: max-age=259200
HTTP_CONNECTION: keep-alive
HTTP_FORWARDED: internet.junkbuster.com
HTTP_REFERER: http://proxys4all.cgi.net/tools.html
HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 5.0; MSN 2.5; Windows 98)
HTTP_VIA: 1.0 wwwcache.ct.infn.it:3128 (Squid/2.0.RELEASE)
HTTP_X_FORWARDED_FOR: xxx.xx.xxx.xxx
REMOTE_HOST: hpct2.ct.infn.it

Example #50 Proxy: 193.158.131.2:80 NOTE: That the IP address is assigned to & is present within the proxy environment under Client-IP. However the Client-IP which contains the IP address is passed outside the network (poor security) to the origin server. Thus this proxy is not anonymous

Proxy DNS lookup = ics2F.B.srv.t-online.de
Proxy IP = 193.158.131.2
>GET / HTTP/1.0
>Host: xxx.xx.xxx.xxx:7734
>Pragma: no-cache
>Via: HTTP/1.0 speth15.berl01.t-online.de (IBM-WTE)
>Client-IP: xxx.xx.xxx.xxx

HTTP_CLIENT_IP: xxx.xx.xxx.xxx
HTTP_FORWARDED: internet.junkbuster.com
HTTP_REFERER: http://proxys4all.cgi.net/tools.html
HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 5.0; MSN 2.5; Windows 98)
HTTP_VIA: HTTP/1.0 speth15.berl01.t-online.de (IBM-WTE)
REMOTE_HOST: ics2f.b.srv.t-online.de

Example #33 Proxy: 212.50.4.4:8080 NOTE: The Via: header indicates the proxy chain by host & software type, the request went through inside the internal proxy environment. However the intermediate proxy information is stripped out and not revealed to the origin server. Also note the large "max-age=31104000" value for the Cache-Control: header. Cache control is discussed elsewhere. The client IP address is revealed to the origin server under the HTTP_X_FORWARDED_FOR: header.

Proxy DNS lookup = purgatory.spnet.net
Proxy IP = 212.50.0.15
>GET / HTTP/1.0
>Pragma: no-cache
>Host: xxx.xx.xxx.xxx
>Via: 1.0 mars.cblink.net:8080 (Squid/1.1.22), 1.0 purgatory.spnet.net:3128 (Squid/2.1.PATCH2)
>X-Forwarded-For: xxx.xx.xxx.xxx, 212.50.4.8
>Cache-Control: max-age=31104000
>Connection: keep-alive

HTTP_CACHE_CONTROL: Max-age=31104000
HTTP_FORWARDED: internet.junkbuster.com
HTTP_REFERER: http://proxys4all.cgi.net/tools.html
HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 5.0; MSN 2.5; Windows 98)
HTTP_VIA: 1.0 mars.cblink.net:8080 (Squid/1.1.22)
HTTP_X_FORWARDED_FOR: xxx.xx.xxx.xxx
REMOTE_HOST: mars.cblink.net

HTTP (High Quality):
http://alindsay.www.media.mit.edu/atl-bin/env.cgi Full ENV variables; No JavaScript
http://internet.junkbuster.com/cgi-bin/show-http-headers Full ENV variables; Relevant variables section; No JavaScript

SSL:
https://www.anonymizer.com/3.0/snoop.cgi
https://secure.magusnet.com/cgibin/printenv.cgi

FTP (Verify IP only):
ftp://ftp.replay.com/pub/crypto/browsers/128bit/

TELNET:
telnet://ukanaix.cc.ukans.edu/

Large Lists of ENV Checkers:
P4ALLs List of ENV CHECKERs Large list; Multi-lingual; Mixed quality



for more info, you might wanna read:
www.w3.org/Protocols/HTTP/HTRQ_Headers.html perlfect.com/articles/cgi_env.shtml
or just examine the variables listed on an ENV test page like the ones at:
http://www.interlacken.com/tricks/exec/trick02/egyprop.asp http://cgi.tky.3web.ne.jp/~aniki/cgi-bin/env.cgi http://proxys4all.cgi.net/env-checkers.html All right, so what can you DO to protect your self then? It's simple-use a software like Proxomtron to alter your headers or have a FireWall soft For info on firewalls read the firewall FAQ or the Surf Up review of available firewall products that has screen shots. The most used firewalls right now are BlackIce, Signal 9 and to some extent AtGuard.