On 4/08/2016 12:34 a.m., joe wrote: > is it ok to drop X-Firefox-Spdy > reply_header_access X-Firefox-Spdy deny all > just alow http/1 "just allow http/1" is not what the above does. It simply denies the client being informed about that header existing. > and if yes how chrome use Spdy in header to drop it > dose it heart the clients app or browsig ?? Yes it is okay to drop that and any other X-* header. They are by definition experimental and already deprecated. That includes the ones generated by Squid itself. SPDY itself as a protocol is destined to be killed off rather soon. IIRC, by the end of this year. It has been superceeded by HTTP/2 which Squid does not yet support (but I'm working on it). > im droping those as well so fare so good no complain > > reply_header_access Strict-Transport-Security deny all > reply_header_replace Strict-Transport-Security max-age=0; includeSubDomains > reply_header_access Alternate-Protocol deny all > reply_header_access alternate-protocol deny all > reply_header_access Alt-Svc deny all > reply_header_access alt-svc deny all > if there is any other headers to drop pls help tks What is your goal? If it is to encourage use of protocols that Squid supports, then AFAIK those are the headers to alter. However, there are details ... * replacing (or removing) Strict-Transport-Security is only good for people performing transparent interception of port 443. And is only useful for domains which have "pinned" certificates. Other domains can be bumped despite HSTS being used. * Alternate-Protocol is a header with behaviour that should have been defined as hop-by-hop. Recent Squid versions strip it by default. You don't have to do anything. * Alt-Svc is a tricky situation. The information in it can be useful to Squid to let the client know, even when intercepting traffic. It is an OPTIONAL header though, so stripping it away is harmless and has some gain. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
