Without also ensuring that the value of navigator.userAgent is set to the spoofed string, it will be trivial for any site capable of serving JavaScript (and having it executed) to infer and ignore the spoofed request header.
With the WWW becoming ever less useful without at least allowing 1st-party JS, this may compromise the effectiveness of this add-on when confronted with antagonists willing to post back data from client-side. It'd be nice to plug this last leak.
Without also ensuring that the value of navigator.userAgent is set to the spoofed string, it will be trivial for any site capable of serving JavaScript (and having it executed) to infer and ignore the spoofed request header.
With the WWW becoming ever less useful without at least allowing 1st-party JS, this may compromise the effectiveness of this add-on when confronted with antagonists willing to post back data from client-side. It'd be nice to plug this last leak.
(shamelessly copied from https://github.com/LeoTindall/randomua/issues/6)