Built a header echo + TLS interception detector to score ISP-level surveillance — looking for feedback on the methodology

Made a tool that does three network-layer privacy checks from the browser: 1. Header echo endpoint — a Next.js API route strips known infrastructure headers (x-vercel-*, x-forwarded-*, server headers) and reflects the rest back as JSON. The client diffs against a known-normal set to detect injected headers: x-uidh, x-act-tracking, [x-subscriber-id](vscode-file://vscode-app/private/var/folders/r2/v07mqbwd0clgy01s32kwxt4h0000gn/T/AppTranslocation/D9B7404C-D0AE-4623-97E9-FE1DBB895003/d/Visual%20Studio%20Code.app/Contents/Resources/app/out/vs/code/electron-browser/workbench/workbench.html), x-bluecoat-via, x-characteristic (DPI marker), etc. 2. DNS resolver ASN check — uses ipinfo.io to look up the ASN of the resolver handling the request. ISP-owned ASN = ISP DNS = full query log. 3. TLS interception — hits https://cloudflare.com/cdn-cgi/trace and checks for known middlebox TLS fingerprint anomalies in the response. Results are scored 0–100 and stored anonymously (IP → SHA-256 with daily-rotating salt) for the leaderboard. Source: Next.js + Supabase, deployed on Vercel. Happy to dig into any of the methodology, especially the header diffing logic. [https://ismyispspying.com](vscode-file://vscode-app/private/var/folders/r2/v07mqbwd0clgy01s32kwxt4h0000gn/T/AppTranslocation/D9B7404C-D0AE-4623-97E9-FE1DBB895003/d/Visual%20Studio%20Code.app/Contents/Resources/app/out/vs/code/electron-browser/workbench/workbench.html) submitted by /u/Beneficial-Jelly3365 [link] [comments]Technical Information Security Content & DiscussionRead More