From aebe6637a9de24a26e8f2f76bb2b2a61086d72fc Mon Sep 17 00:00:00 2001
From: MDLeom <2809763-curben@users.noreply.gitlab.com>
Date: Wed, 22 Apr 2020 03:25:42 +0100
Subject: [PATCH] post: remove more cloudflare headers

---
 source/_posts/caddy-nixos-part-3.md     | 14 +++++++++++++-
 source/_posts/i2p-eepsite-nixos.md      | 14 ++++++++++++++
 source/_posts/tor-hidden-onion-nixos.md | 14 ++++++++++++++
 3 files changed, 41 insertions(+), 1 deletion(-)

diff --git a/source/_posts/caddy-nixos-part-3.md b/source/_posts/caddy-nixos-part-3.md
index 923007f..46232c9 100644
--- a/source/_posts/caddy-nixos-part-3.md
+++ b/source/_posts/caddy-nixos-part-3.md
@@ -306,6 +306,8 @@ To prevent any unnecessary request headers from being sent to the upstreams, I u
   header_upstream -cf-visitor
   header_upstream -true-client-ip
   header_upstream -cdn-loop
+  header_upstream -cf-request-id
+  header_upstream -cf-cache-status
 }
 
 mdleom.com {
@@ -315,11 +317,12 @@ mdleom.com {
 }
 ```
 
-The upstream locations insert some information into the response headers that could like my server location. I use `header` directive to filter them out. It applies to all `proxy` directive.
+The upstream locations insert some information into the response headers that are irrelevant to the site visitors. I use `header` directive to filter them out. It applies to all `proxy` directive.
 
 ```
   header / {
     -server
+    -alt-svc
     -cdn-cache
     -cdn-cachedat
     -cdn-edgestorageid
@@ -327,6 +330,9 @@ The upstream locations insert some information into the response headers that co
     -cdn-requestcountrycode
     -cdn-requestid
     -cdn-uid
+    -cf-cache-status
+    -cf-ray
+    -cf-request-id
     -etag
     -set-cookie
     -x-bytes-saved
@@ -370,6 +376,8 @@ I also add the `Cache-Control` and `Referrer-Policy` to the response header. Use
   header_upstream -cf-visitor
   header_upstream -true-client-ip
   header_upstream -cdn-loop
+  header_upstream -cf-request-id
+  header_upstream -cf-cache-status
 }
 
 (staticallyCfg) {
@@ -391,6 +399,7 @@ mdleom.com:4430 www.mdleom.com:4430 {
 
   header / {
     -server
+    -alt-svc
     -cdn-cache
     -cdn-cachedat
     -cdn-edgestorageid
@@ -398,6 +407,9 @@ mdleom.com:4430 www.mdleom.com:4430 {
     -cdn-requestcountrycode
     -cdn-requestid
     -cdn-uid
+    -cf-cache-status
+    -cf-ray
+    -cf-request-id
     -etag
     -set-cookie
     -x-bytes-saved
diff --git a/source/_posts/i2p-eepsite-nixos.md b/source/_posts/i2p-eepsite-nixos.md
index c30c101..325ec5c 100644
--- a/source/_posts/i2p-eepsite-nixos.md
+++ b/source/_posts/i2p-eepsite-nixos.md
@@ -213,6 +213,16 @@ The rest are similar to "[caddyTor.conf](/blog/2020/03/16/tor-hidden-onion-nixos
 (removeHeaders) {
   header_upstream -cookie
   header_upstream -referer
+  header_upstream -cf-ipcountry
+  header_upstream -cf-connecting-ip
+  header_upstream -x-forwarded-for
+  header_upstream -x-forwarded-proto
+  header_upstream -cf-ray
+  header_upstream -cf-visitor
+  header_upstream -true-client-ip
+  header_upstream -cdn-loop
+  header_upstream -cf-request-id
+  header_upstream -cf-cache-status
 }
 
 (staticallyCfg) {
@@ -227,6 +237,7 @@ ggucqf2jmtfxcw7us5sts3x7u2qljseocfzlhzebfpihkyvhcqfa.b32.i2p:8081 mdleom.i2p:808
 
   header / {
     -server
+    -alt-svc
     -cdn-cache
     -cdn-cachedat
     -cdn-edgestorageid
@@ -234,6 +245,9 @@ ggucqf2jmtfxcw7us5sts3x7u2qljseocfzlhzebfpihkyvhcqfa.b32.i2p:8081 mdleom.i2p:808
     -cdn-requestcountrycode
     -cdn-requestid
     -cdn-uid
+    -cf-cache-status
+    -cf-ray
+    -cf-request-id
     -etag
     -set-cookie
     -strict-transport-security
diff --git a/source/_posts/tor-hidden-onion-nixos.md b/source/_posts/tor-hidden-onion-nixos.md
index 4feb2a2..1141d49 100644
--- a/source/_posts/tor-hidden-onion-nixos.md
+++ b/source/_posts/tor-hidden-onion-nixos.md
@@ -188,6 +188,16 @@ The rest are similar to "[caddyProxy.conf](/blog/2020/03/14/caddy-nix-part-3/#ca
 (removeHeaders) {
   header_upstream -cookie
   header_upstream -referer
+  header_upstream -cf-ipcountry
+  header_upstream -cf-connecting-ip
+  header_upstream -x-forwarded-for
+  header_upstream -x-forwarded-proto
+  header_upstream -cf-ray
+  header_upstream -cf-visitor
+  header_upstream -true-client-ip
+  header_upstream -cdn-loop
+  header_upstream -cf-request-id
+  header_upstream -cf-cache-status
 }
 
 (staticallyCfg) {
@@ -202,6 +212,7 @@ xw226dvxac7jzcpsf4xb64r4epr6o5hgn46dxlqk7gnjptakik6xnzqd.onion:8080 {
 
   header / {
     -server
+    -alt-svc
     -cdn-cache
     -cdn-cachedat
     -cdn-edgestorageid
@@ -209,6 +220,9 @@ xw226dvxac7jzcpsf4xb64r4epr6o5hgn46dxlqk7gnjptakik6xnzqd.onion:8080 {
     -cdn-requestcountrycode
     -cdn-requestid
     -cdn-uid
+    -cf-cache-status
+    -cf-ray
+    -cf-request-id
     -etag
     -set-cookie
     -strict-transport-security