Türk? enPhormasyon.org FislenmeyeHayir.com

Secret Agent

Continuously Randomizes your Firefox/SeaMonkey HTTP User Agent, to Suppress Device Fingerprinting, and Resist Web Tracking. Also Prevents eTag Tracking.

   Click to Install Secret Agent

Latest version 1.28  (released 2014-07-19, Release Notes).

Please follow the installation instructions below carefully. Protect your right to communication privacy, security, and integrity. Stop Phorm.

MD5 Checksum: ae5e23d3a1a1b2a24dec828e91fef9e0
SHA1 Checksum: 11116ac7fa390e6b9148a48716a2212f2c6a9c33


 Jeg ville være taknemmelig, hvis du kan hjælpe mig med at forbedre oversættelsen til dansk
 in Deutsch übersetzt (dank Anton, und Frank)
 traduit en français (merci à Lambic )

Please contact me if you would be willing to contribute a translation, or improve an existing translation.

What Secret Agent Does...

With every web request (or page load, or browser session), Secret Agent does the following things;

  • Compares the web site host to a white list
  • If the host isn't on the white list,
    • Request Headers;
      • Overrides your browser's 'User Agent' with a random alternative selected from a customizable list
      • Overrides your browser's 'Accept' header with a random alternative selected from a customizable list
    • Javascript;
      • Overrides your brower's Javascript navigator.oscpu value using a random alternative selected from a customizable list
    • Proxy Headers;
      • Sets an HTTP X-Forwarded-For header with a random IP address
      • Sets an HTTP Via header with a random IP address
    • Cache Headers;
      • Sets a spoof ETag header with a random string of characters
      • If the optional 'If-Modified-Since' spoofing feature is enabled, overrides incoming 'Last-Modified' headers with a random time offset
  • If the host is on the white list
    • Request Headers;
      • Presents your browser's default 'User Agent' (or overrides with a user configurable value)
      • Presents your browser's default 'Accept' header (or overrides with a user configurable value)
    • Javascript;
      • Presents your browser's default Javascript naivator.oscpu value (or overrides with a user configurable value)
    • Proxy Headers;
      • Unaffected
    • Cache Headers;
      • Unaffected

About Secret Agent

The Secret Agent Add On is another counter surveillance tool, from the same developers as Dephormation.

Secret Agent enhances the privacy of your web surfing, by rotating your browser's 'User Agent' identity with every web request (or every page load, or every browser session)... rather like the plates on Bond's famous DB5.

Randomizing your User Agent makes it a little harder for crooks, rogue ISPs, spies like Phorm, corrupt Governments, and other nasty surveillance/tracking threats to correlate your clicks on the basis of 'device fingerprinting'.

Secret Agent can also

  1. randomise the 'Accept' header presented by your browser... further concealing the type of browser in use
  2. generate spoof HTTP proxy headers ('X-Forwarded-For' and 'Via') ...  making your connection appear to originate from a random IP address, connecting via a chain of proxies.
  3. generate spoof ETags headers ('If-None-Match') with random values, preventing ETags being misused for tracking (but potentially preventing caching on untrusted sites).
  4. optionally, override incoming 'Last-Modified' headers to add a random time offset, preventing outgoing 'If-Modified-Since' headers being misused for tracking
  5. randomise your browser's Javascript navigator.oscpu value, making client side 'device fingerprinting' less effective.

According to the EFF's Primer on Information Theory and Privacy;

    "It turns out that, in addition to the commonly discussed "identifying" characteristics of web browsers, like IP addresses and tracking cookies, there are more subtle differences between browsers that can be used to tell them apart.

    One significant example is the User-Agent string, which contains the name, operating system and precise version number of the browser, and which is sent every web server you visit."

You can test your browser on the Panopticlick site. To see the headers sent by your browser, try the HTTP header viewer at EricGiguere.com. You can also test the add on against the BrowserSpy.dk site. If you want to see the effect on tracking by eTags, try enabling 'stealth mode' while viewing the Cookieless tracking demo on lucb1e.com.

For best results, please read the instructions below in full before you use this add on. Secret Agent, used in combination with cookie blocking, script blocking, and anonymity networks like Tor, is likely to be particularly effective at preventing anyone tracking your web surfing.


Secret Agent allows you to switch between 'stealth' and 'default' mode with a single click. Click on the Secret Agent toolbar button or add-on bar icon to toggle between 'stealth' and 'default' mode;

Image showing the toggle between stealth and default

You can choose to change the User Agent once per request, per page load, or per browser session;

Image showing secret agent entropy levels

You don't have to use the standard User Agent list. In fact, I'd encourage you to customise the list, to better match (or hide) the general characteristics of the device you use. I normally replace the standard list with 2,000+ desktop user agents.

Alternatively a simple block of nonsense paragraphs works well... For example, you could use a block of text from Project Gutenberg or a list of Bond Films. Web sites will usually default to a fail-safe 'standards compliant' version of their content when they don't recognise your browser's user agent. More commonly, web sites ignore your User Agent completely.

On whitelisted sites, you can choose to present the browser's default User Agent, or configure a User Agent override.

Tip; start with a small list, and build on it once you understand the effect that randomising your user agent has on your net surfing. For greater stability/ease of use, closely match the list of user agents to your real browser. If you want to conceal the type of browser you use, try a broader range of obscure user agents instead. You need to find the right balance for your needs.

Image showing secret agent user agent list

The same method is used to randomise your browser 'Accept' headers.

Image showing Secret Agent accept headers

And likewise a list of Javascript navigator.oscpu strings can be configured (not shown in pictures above).

The ETag spoofing feature adds a random ETag value to outgoing requests, making it impossible for sites to use ETags to track your net surfing. Note that spoofing ETags may impair caching on untrusted sites (but in general has very little impact on browser performance).

Optionally, incoming 'Last-Modified' headers can also be changed, adding a random time offset (max +0hrs/min -24hrs) to prevent 'If-Modified-Since' headers in outgoing requests being used for tracking. Again, this may impair caching on untrusted sites.

A random HTTP proxy 'X-Forwarded-For' and 'Via' header are also added to every outgoing request, making the actual source of your web requests more difficult to determine.

An easy to use whitelist feature allows you to specify the trusted sites that will receive the real User Agent and no spoofed headers;

Image showing Secret Agent whitelist

You can also specify whitelisted host names using wildcards. The '*' wildcard matches any character string, and '?' matches any single character (eg, *.secretagent.org.uk or www.s?cr?t?g?nt.org.uk).

A dynamic context menu item gives you convenient methods to add/remove sites from your whitelist.

Secret Agent also offers a gratuitous  button.

If you're considering installing the Secret Agent Add On, and concerned about online tracking, you might also like to consider the Dephormation Add On which is also available from this site.

Secret Agent is tested on FF 1.5 to 28.0 on Windows XP/7/8,  SeaMonkey 2.23 on Windows XP/7, IceWeasel 3.0 to 10 on Debian Linux, Firefox 3.6 on Fedora. Will install into Firefox 1.5 - 28.x, or SeaMonkey 2.x on any platform. Also works under Vista, Windows 7, Windows 8, Linux, Mac, and all other popular operating systems supported by Firefox. Secret Agent is compatible with other popular add ons like AdBlock Plus, NoScript, RequestPolicy, Self-Destructing Cookies, HTTPS Everywhere, Better Privacy, TrackMeNot, RefControl.  And Dephormation.

Installation Instructions

You should not rely on any browser extension to protect your privacy, security, and data integrity. You need to find a Phorm free ISP.

Note that Firefox 2 and earlier are vulnerable to 'man in the middle' attacks when installing browser extensions. You should upgrade your browser if possible first.

To install Secret Agent either;

    1) Click here, and allow installation when prompted by your browser.
    2) Restart your browser. A message is displayed as the browser starts, confirming that Secret Agent is active.


    1) Save the SecretAgent.xpi (right click, save link as... SecretAgent.xpi) to your hard disk.
    2) Select 'Tools' menu/'Add-ons' to display the Add-on dialog.
    3) Drag the XPI file into the browser Add-on dialog.
    4) Restart your browser. A message is displayed as the browser starts, confirming that Secret Agent is active.

To configure

    1) Click on the 'Tools' menu.
    2) Click on 'Secret Agent...'.

To uninstall

    1) Select 'Tools' menu/'Add-ons' to display the Add-on dialog.
    2) Click on the Secret Agent 'Remove' button
    3) Restart your browser.

What Secret Agent  Doesn't Do...

Secret Agent cannot prevent Phorm or your ISP from illegally intercepting your communications. For that you need a trustworthy ISP, or a trustworthy law enforcement officer.

Licence   FAQ        Release Notes