Need to implement UA spoofing

[bogas04]

Sadly UA strings are still use to support a browser by several websites. This is the reason why every browser has to have a UA string similar to the popular ones.

Sooner or later, in order to get all websites to support gngr, this has to be done.

So let's think of a UA String having Gecko, Webkit, Mozilla etc..

[hrj]

Yes indeed, this needs to happen for practical reasons. Even Firefox has implemented UA spoofing in its latest release, because of some popular sites which don't support Firefox!

Ironically, the other reason for supporting UA spoofing is privacy. A very unique UA string helps the server to finger-print the browser.

User-interface

To allow the user to have complete control over UA spoofing, the configuration could be done via the Request Manager.

This would allow per-domain, per request domain or global setting of UA string. This would help the above two use-cases.

[vn971]

per-domain UA would be great.

I currently do not use a UA in my main browser out of stubbornness, there really are about 3-10% of sites that won't accept me. (So this probably would not work for many users.)

Another thing to note: I suspect agencies like NSA know my browser anyway. And I presume it would be very easy to fingerprint all gngr instances because they should have a very non-typical behavior.

[hrj]

@vn971 A blank UA is not so uncommon these days. It's a small but growing base of privacy aware users. I occasionally look at panopticlick with various browsers on my system, and empty UAs are getting less distinct than before. After our recent change of the "Accept header" to match Firefox, gngr has been faring even better, in the amount of information it (doesn't) leak.