Chrome only sends these headers to Google-owned domains. As an attack surface, i... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		shadowgovt on Dec 6, 2021 \| parent \| context \| favorite \| on: Chrome client “variations” can be used to identify... Chrome only sends these headers to Google-owned domains. As an attack surface, if you're worried about being spied on by the company that you got your browser from, I'd be more concerned about the closed-source control they have over the code in the browser itself than the unique identifier you're sending to their servers when you use their browser.

c0nducktr on Dec 6, 2021 [–]

Can addons remove these headers? Like say I'm using uBlock Origin, does that do anything?

paulryanrogers on Dec 6, 2021 | [–]

Possibly with Manifest V2. While it lasts.

tech234a on Dec 6, 2021 | | [–]

Manifest V2 will last about 1 more year[1].

[1]: https://developer.chrome.com/docs/extensions/mv3/mv2-sunset/

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact