Google Chrome has recently added an API to modify HTTP headers. This in turns, made it possible to port Zscaler's Search Engine Security
add-on from Firefox and Firefox Mobile
to Google Chrome.
|Search Engine Security on the Chrome Web Store|
Most hijacked websites used for Blackhat SEO
check the Referer header and the User-Agent, to decide whether to redirect the visitor to a harmless spam page or to a malicious domain (Fake AV
page, Blackhole exploit kit
, etc.). By modifying these 2 headers when the user leaves a Google, Bing or Yahoo! search, Search Engine Security fools the hijacked site into thinking that the visitor is not a real user and therefore avoids redirection to the malicious content.
|Search Engine Security enabled for Google|
All the work is done in the background, so it can be tricky to understand exactly what happens, or even if the add-on is working. We have therefore added a small note on the Google/Bing/Yahoo! search result pages to show you whether Search Engine Security is on (default settings) or off (disabled in the options): Zscaler SES on or Zscaler SES off.
|Search Engine Security disabled on Bing|
To understand how the the headers are modified, look for "referer mobilefish
" in Google after you have installed Search Engine Security. Click on the first link "Mobilefish.com - Show my IP
". The page will display your User-Agent string and Referer header. With the default settings, the string "slurp" is appended to your User-Agent, and the Referer header is removed. These changes are done only
when leaving a Google/Bing/Yahoo! search page.
You can also enable/disable the various settings on the Search Engine Security options page to see how the User-Agent and Referer strings are affected.
|Search Engine Security options|
You can install Search Engine Security for Google Chrome in the Chrome Web Store.