HTTP Headers Management

HTTP headers are key components of web communication. The Referer and User-Agent headers provide valuable context about where requests come from and the devices making them, but they can also raise privacy and security concerns.

In the JENTIS Platform, you can control whether these headers should be shared in a server-side tag.

What Are the Referer and User-Agent Headers?

The Referer tells a website where the user came from. For example, if you click a link on a news website to visit an online store, the request sent to the store includes a Referer header showing the news website’s URL.

This header, however, can unintentionally expose sensitive information, such as search terms typed into a search engine or URLs containing personal identifiers. Malicious actors could misuse this information to track users across websites.

The User-Agent header provides information about the browser and device making the request, such as: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/114.0.5735.199 Safari/537.36.

The potential issue is that it can be used to fingerprint users based on their browser, operating system, and device details, making it easier for advertisers or malicious actors to track individuals across the web.

Manage the HTTP Headers on server-side tags

In the JENTIS Platform, you can control whether these headers should be shared in a server-side tag.

1. In the Tools section, select the tool you want to edit or create a new one.

2. Go to the Advanced Settings tab. In the HTTP Headers section, select which headers you would like to share in the tag or unselect the box for the ones you would like to remove.

By default, both options will be enabled.

This option is only available for tags implemented on the server side.

When a tag (e.g., JavaScript snippet) is implemented on the client side, it runs inside the user’s browser. The browser automatically generates and sends HTTP headers as part of its internal request process. While JavaScript can control some aspects of a request (like the body of a POST request), headers like User-Agent or Referer are off-limits to ensure consistent and secure browser behavior.

When requests are handled on the server side, the server itself acts as the "client" making requests to other servers. Unlike a browser, a server operates without the sandbox or security restrictions imposed on client-side code. This gives developers full control over the HTTP request.

This is why modifying the headers that will be shared in a tag is only possible with server-side tags, and not hybrid or client-side ones.

If you have any questions or suggestions, contact us through our Helpdesk.