Privacy Audit · what you're exposing right now

From the outside

IP address216.73.217.6

Reverse DNS(no PTR record)

ProtocolHTTP/1.1

Captured2026-05-26T20:18:18.595Z

Request line

GET / HTTP/1.1

HTTP headers 8

Header	Value	What it tells the server
host	audit.bithaven.cloud	Which hostname you requested. Always present.
x-real-ip	216.73.217.6	(Set by nginx) the IP the proxy saw — your actual address.
x-forwarded-for	216.73.217.6	(Set by proxies) chain of forwarding addresses.
x-forwarded-proto	https	(Set by proxies) original protocol (http / https).
connection	close	Connection reuse hint.
accept	/	Content types your browser accepts (HTML, images, JSON, etc.).
user-agent	Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)	Browser + OS string. The single most powerful HTTP-layer fingerprint.
accept-encoding	gzip, br, zstd, deflate	Compression algorithms you support (gzip, brotli, zstd).

Browser fingerprint (JavaScript)

These read what your browser will divulge to JavaScript running on a page you visit. If your privacy browser's anti-fingerprinting shims are working, several should show spoofed or generic values.

Probes running…

What this audit does not show

TLS handshake fingerprint (JA3 / JA4) — the cipher suites and extensions in your TLS ClientHello are a strong fingerprint. We'd need to terminate TLS at this server (rather than at nginx) to extract them. Phase 2.
HTTP/2 settings ordering — Akamai-style fingerprint of the order of HTTP/2 SETTINGS values. Also needs custom TLS handling.
TCP/IP fingerprint (p0f-style: TTL, MSS, window size, options order) — happens below the HTTP layer. Requires raw socket access or a kernel netfilter hook.
SNI — the hostname you connected to is in the TLS ClientHello in plaintext; an on-path observer (not us) sees it.