Preferably under the main Privacy & Security tab, right next to the UI to disable Referer: (see bug 55477)

adding to junkbuster tracker

This is more related to Bug 46029 and Bug 80658.

See bug 57555 and bug 55366. Also see my warnings (sites might not work) in bug 46029.

We already offer some customization of the UA string. Is this a UI-type request (make it easy to do...) or is there some aspect of UA that needs to be addressed?

retargeting. mstoltz: this may be your bucket. take it is you want it.

Not precisely my bucket, but this should be part of the "paranoid mode" I've got planned - a single pref that enables super-privacy at the cost of breaking a few sites. I suppose we actually want to allow not sending the useragent header at all; someone in Necko probably knows how to do that.

> We already offer some customization of the UA string. Is this a UI-type request > (make it easy to do...) or is there some aspect of UA that needs to be > addressed? We can customize what appears in the UA-string, but we cannot suppress it altogether. This bug is about that option.

Didn't know how much anonymity is wanted. I guess I would hide as IE 5, but I can see others want more...

Er... hiding as IE is more of a way to get around this-page-only-works-after-paying-microsoft-tax issue, not a privacy one. Besides, the last thing we need is to add to IE's 90-some-percent share in access logs.

I need to control which headers are sent where. For example (w/o using a _sophisticated_ firewall): I need to block all referers when crossing from inside (intranet) to outside (internet) in order to avoid data leakage. These links are eg. on pages I maintain or generate them locally, and if local users click them, usually there would be a referer sent revealing a link within the intranet, complete with server ip and possibly parameters (data) used in the application(s). (I'd allow referers when surfing the Internet or surfing the Intranet, however, only not when crossing this border). Finer control about headers is desirable, eg. to generally allow session cookies, but to disallow long-lived cookies etc etc. also, a tool to inspect the headers sent by the server could be very interesting. Thank you!

I don't think that a general solution is feasible. (You can completely disable referer already, btw.)

We really shouldn't need another pref for this. Just don't send UA: at all if general.useragent.override is set to null. I'm changing my UI request. It should be under Debug->Networking, by accept encoding/http version. The reason for UI at all is it's handy to change temporarily to get into a certain MS-only site. This should take 20 mins tops for someone to implement who knows what they're doing... I hate to see it futured.

IMHO, in the interests of simple UI, this should either be: 1. A debug-panel pref 2. A duplicate of bug 80658 3. WONTFIXed.

moving neeti's futured bugs for triaging.

In reply to comment #12 Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9pre) Gecko/2008033001 SeaMonkey/2.0a1pre Setting general.useragent.override to empty (but defined) now suppresses the sending of an HTTP_USER_AGENT header, as found by browsing to http://gemal.dk/browserspy/headers.php . It also removes the "Build Identifier" (i.e., UA) line on the about: page. By installing the UserAgent Switcher extension and defining one additional UA string (value ""), you can get this as a menu item in the "Tools -> UserAgent Switcher" menu. Resolving WORKSFORME (after approx. 5½ years without a comment). If you REOPEN, please explain why.