Preventing HTTPS inspection on workers?

Original message was deleted

Walshy•1/23/25, 8:54 AM

That already is a thing

Walshy•1/23/25, 8:54 AM

Workers are a server-side execution thing. They don't get sent to the client in any form, only what you want to send to the client is sent.

No tool can see worker content.

Walshy•1/23/25, 9:01 AM

No, there's no way. They're just a proxy with logging, they aren't doing anything special and don't give any indication of being used

Walshy•1/23/25, 9:01 AM

You get the same data from dev tools, which while detectable is very easy to use even with detection tooling

Original message was deleted

laurmat•1/23/25, 12:34 PM

I was thinking of a combination of HTTP version and TLS Cipher presented when the worker is accessed directly by a device and behind Proxyman and similar. This should give me an idea of what the TLS Cipher should contain and HTTP version should be 2 and higher. Will this be easily avoidable?

Preventing HTTPS inspection on workers?

Similar Threads