Hello. HTTP specification has a header called Alt-Svc which can automatically redirect user to another network location on a server side without !!! even asking a user.
(Cannot post a link here, you can Google for Alt-Svc Developer Mozilla Org documentation page)
I personally faced that problem when I visited some kind of web sites which used third-party domains like Cloudflare. When using Tor Broswer, Cloudflare automatically redirects all traffic from clearnet cloudflare dot com domain to its .onion one (cflareblahblahblah… .onion) without asking a user! When I checked my IP address on that site (yes, using a standard Tor Browser on a Whonix-Workstation), it shown me not the IP address of Tor exit node but Cloudflare CDN US IP !!!
So, to turn that hidden redirection off, I need to type about:config
and set the value of the option to false
:
network.http.altsvc.enabled
→ false
I recommend Whonix developers to turn off Alt-Svc header by default because I think it is a potential dangerous feature which is dangerous for anonymity. I am not sure if Tor Project developers turn this option off.