Skip to content
Snippets Groups Projects
Closed (moved) accept-language header leaks browser localization
  • View options

    • accept-language header leaks browser localization

    • View options
    • Closed (moved) created by Matthew Finkel

    A blog user mentions each request includes the chosen browser language. Do we normalize this on desktop such that we only send en-US regardless of the browser's localization?

    Using https://wtfismyip.com/headers

    With en-US as the browser locale:

    host: wtfismyip.com
connection: close
user-agent: Mozilla/5.0 (Android 6.0; Mobile; rv:60.0) Gecko/20100101 Firefox/60.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
upgrade-insecure-requests: 1

    With ru-RU as the browser locale:

    host: wtfismyip.com
connection: close
user-agent: Mozilla/5.0 (Android 6.0; Mobile; rv:60.0) Gecko/20100101 Firefox/60.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
accept-language: ru,ru-RU;q=0.8,en-US;q=0.5,en;q=0.3
accept-encoding: gzip, deflate, br
upgrade-insecure-requests: 1

    Attributes

    Assignees

    None

    Labels

    blog component applications/tor browser owner tbb-team priority high severity normal status new tbb-mobile tbb-parity type defect user-feedback

    Milestone

    None

    Dates

    Start: None

    Due: None

    Time tracking

    No estimate or time spent

    Activity

    • All activity
    • Comments only
    • History only
    • Newest first
    • Oldest first