> There are at least three places where you can get injected, one is from the IS... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		markdown on Jan 13, 2019 \| parent \| context \| favorite \| on: GoDaddy injecting JavaScript into websites and how... > There are at least three places where you can get injected, one is from the ISP I'm not sure if they still do it, but Vodafone in my country (and many others) used to cache and compress photos on all websites, which often led to visible degradation in image quality. Luckily I discovered that their software respected the `Cache-Control: no-transform` header so include that header on all my websites now.

int0x80 on Jan 13, 2019 [–]

Vodafone did also inject custom js/html in non HTTPS pages (obviously). This was 2 years ago.

markdown on Jan 13, 2019 | [–]

That's right. The js rewrote all image src attributes to point to the "optimised" photos they'd cached.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact