What is 'x-client-data' sent only when accessing Google site from Google Chrome?



A web browser for browsing a website sends a request to the server using

HTTP and displays the website based on the response from the server that received the request. The HTTP request contains information such as the browser version, but the data called 'x-client-data' included only in the HTTP request sent by Google's web browser Chrome when accessing the Google site Has become a hot topic on GitHub .

Partial freezing of the User-Agent stringIssue # 467w3ctag / design-reviewsGitHub
https://github.com/w3ctag/design-reviews/issues/467#issuecomment-581944600

Google tracks individual users per Chrome installation ID | Hacker News
https://news.ycombinator.com/item?id=22236106

Clarification: x-client-data to google.com? · Issue # 480 · bromite / bromite · GitHub
https://github.com/bromite/bromite/issues/480

To check the contents of 'x-client-data', actually start Chrome and display the Google top screen and check the header of the HTTP request, there is certainly an item called 'x-client-data' .



There is no 'x-client-data' item when displaying a site other than Google.



'X-client-data' is encoded in

Base64 , and the data actually collected can be confirmed by looking at the Chrome version information. The character string described in the item 'Variation' displayed when you enter 'Chrome: // version' in the address field of Chrome is the data actually collected by Google.



'X-client-data' is data used by Google for

A / B testing of its own site, and is used to identify Chrome used by Internet users separately. Chrome's privacy policy states that 'X-Client-Data does not contain any personally identifiable information.'



Similarly , an IP address, one of the data transmitted by the browser, is classified as personally identifiable information under the European Data Protection Regulation GDPR . While an IP address is represented by a 32-bit integer value, “x-client-data” is a character string that is much longer than an IP address and has a large amount of information. Some have pointed out that it is not impossible to identify individuals by combining 'data' with an IP address.



If you are worried about collecting 'x-client-data', you can change 'x-client-data' to any value by installing '

ModHeader ' which is a Chrome extension.

ModHeader-Chrome Web Store
https://chrome.google.com/webstore/detail/modheader/idgpnmonknjnojddfkpgkljpfnnfcklj?hl=en

Click the 'Add to Chrome' button to start the installation.



When the installation is completed, the ModHeader icon will be displayed on the right. Click it.



Click to display the setting screen. Enter 'x-client-data' for Name and '0' for Value.



After inputting, display the Google top screen on Chrome to confirm that the settings are properly reflected.

Related Posts:

in Software,   Security, Posted by darkhorse_log