Added a warning concerning X-UA-Device

Commented the X-UA-Device, as we found out, that Google could interpret this wrong. Google marked our site as "hacked" without any real hack going on. We removed only that X-UA header, getting marked as clean again. It seems that Google is interpreting this as crafted content only for SEs (X-UA-Device:bot) as used by Viagra, Cialis SE hacks on servers (showing nothing to the browser, but spamming SE index with spam for bots)

Added a warning concerning X-UA-Device
Commented the X-UA-Device, as we found out, that Google could interpret this wrong. Google marked our site as "hacked" without any real hack going on. We removed only that X-UA header, getting marked as clean again. It seems that Google is interpreting this as crafted content only for SEs (X-UA-Device:bot) as used by Viagra, Cialis SE hacks on servers (showing nothing to the browser, but spamming SE index with spam for bots)
4179d47b · stbc · 4630f687 · 4179d47b
Commit 4179d47b authored Feb 12, 2014 by stbc
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 2 deletions

INSTALL.rst INSTALL.rst +3 -2

No files found.
--- a/INSTALL.rst
+++ b/INSTALL.rst
@@ -47,8 +47,9 @@ VCL::
                set beresp.http.Vary = beresp.http.Vary + ", X-UA-Device"; 
            } 
        }
-        # comment this out if you don't want the client to know your classification
+        # remove comment for testing, be careful to use this in prod
-        set beresp.http.X-UA-Device = req.http.X-UA-Device;
+        # Google might be worried about crafted content
+        # set beresp.http.X-UA-Device = req.http.X-UA-Device;
    }
    # to keep any caches in the wild from serving wrong content to client #2 behind them, we need to