as of right now, even with the help of brave-fix.js, many sites can still detect brave. this is both used for fingerprinting and blocking brave users. i have an idea to fix that: fully spoof brave as firefox, both the http headers and client hints (including client hint javascript attributes). since firefox does not support any client hints whatsoever, neither should we. they dont accomplish anything other than privacy invasion anyway. we should also block some invasive http headers while we are at it.
the following request headers should be changed/added to resemble firefox:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0
TE: trailers
the following request headers should be blocked/removed to resemble firefox:
Sec-CH-UA-Mobile - client hint header for tracking.
Sec-CH-UA-Arch - client hint header for tracking.
Sec-CH-UA-Form-Factors - client hint header for tracking.
Sec-CH-UA-Full-Version - client hint header for tracking.
Sec-CH-UA-Full-Version-List - client hint header for tracking.
Sec-CH-UA-Model - client hint header for tracking.
Sec-CH-UA-Platform-Version - client hint header for tracking.
Sec-CH-UA-Platform - client hint header for tracking.
Sec-CH-UA-Bitness - client hint header for tracking.
Sec-CH-Prefers-Color-Scheme - client hint header for tracking.
Sec-CH-Prefers-Reduced-Motion - client hint header for tracking.
Sec-CH-Prefers-Reduced-Transparency - client hint header for tracking.
Sec-CH-UA - client hint header for tracking.
ECT - client hint header for tracking.
DPR - client hint header for tracking.
RTT - client hint header for tracking.
Device-Memory - client hint header for tracking.
the following response headers should be blocked/removed to resemble firefox:
Accept-CH - client hint header for tracking.
Critical-CH - client hint header for tracking.
from my research and experimentation with the requestly extension, the following http response headers can and should be blocked without causing any site breakage:
Observe-Browsing-Topics - tracking header.
Etag - can be used to identify a user like fingerprinting. check this site for a demonstration: https://lucb1e.com/randomprojects/cookielesscookies