Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Prevent tracking via alternative services (`Alt-Svc` header)

See original GitHub issue

alt-svc by default have a 24 hour lifetime, which can be modified with the ma option.

This can be used for tracking, in a similar way to HSTS cookies.

My initial best guess is that the safest option is to never cache alt-svc values

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Comments:6 (6 by maintainers)

github_iconTop GitHub Comments

1reaction
pes10kcommented, Oct 19, 2021

closing this bc it’ll be solved by enabling NetworIsolationKey for all users (already being rolled out on nightly and beta)

0reactions
fmariercommented, Mar 19, 2020
Read more comments on GitHub >

github_iconTop Results From Across the Web

Alternative (ab)uses for HTTP Alternative Services - USENIX
In this work, we present yet another technique for user tracking using the Alt-Svc header. Our techniques bypass third-party tracker blocking options instituted ......
Read more >
Alt-Svc - HTTP - MDN Web Docs
The Alt-Svc HTTP header allows a server to indicate that another network location (the "alternative service") can be treated as ...
Read more >
RFC 7838: HTTP Alternative Services
The Alt-Svc HTTP Header Field An HTTP(S) origin server can advertise the availability of alternative services to clients by adding an Alt-Svc header...
Read more >
Header aches in Firefox, Tor, Brave and Chrome as HTTP ...
The HTTP Alternative Services header can be abused to conduct network reconnaissance and attacks, to bypass malware protection services, ...
Read more >
The Evil Alt-Ego: (ab)using HTTP Alternative Services - YouTube
The HTTP Alternative Services header ( Alt-Svc, RFC 7838) was introduced in 2013 by seasoned developers with good intentions in a bid to ......
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Have a "hold to actually close" keyboard shortcut for pinned tabs

Next page

{{balancse}} being displayed when restoring wallet under Norwegian locale