search cancel

What does the Stealth Mode Web Browsing feature in Endpoint Protection?

book

Article ID: 151382

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

What does the Stealth Mode Web Browsing feature in Symantec Endpoint Protection do?

Resolution

The Stealth Mode Web Browsing option in Symantec Endpoint Protection detects the HTTP traffic from a Web browser on any port and removes the following information: the browser name and version number, the operating system, and the reference Web page. It stops Web sites from knowing which operating system and browser the computer uses. It does not detect HTTPS (SSL) traffic.  It strips information from the HTTP GET request; specifically from the HTTP_REFERER and HTTP_USER_AGENT tags.

Without Stealth Mode Web Browsing With Stealth Mode Web Browsing
REQUEST_METHOD GET REQUEST_METHOD GET
HTTP_ACCEPT image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */* HTTP_ACCEPT image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
HTTP_ACCEPT_ENCODING gzip, deflate HTTP_ACCEPT_ENCODING gzip, deflate
HTTP_ACCEPT_LANGUAGE en-ie HTTP_ACCEPT_LANGUAGE en-ie
HTTP_CONNECTION Keep-Alive HTTP_CONNECTION Keep-Alive
HTTP_HOST gemal.dk HTTP_HOST gemal.dk
HTTP_REFERER http://gemal.dk/browserspy/ HTTP_REFERER
HTTP_USER_AGENT Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) HTTP_USER_AGENT Mozilla/4.0 (compatible; MSIE 999.1; Unknown)

 

You can test this functionality using an IP packet sniffer or with the web page: http://gemal.dk/browserspy/headers.php

 

Warning:

Stealth mode Web browsing may cause some Web sites not to function properly. Some Web servers build a Web page that is based on information about the Web browser. Because this option removes the browser information, some Web pages may not appear properly or at all. Stealth mode Web browsing removes the browser signature, called the HTTP_USER_AGENT, from the HTTP request header and replaces it with a generic signature.