doc/OONI/Tests/HeaderFieldManipulation.md

+'''What it detects'''
+
+   * Detects the presence of a device that manipulated HTTP request headers
+
+'''Inputs'''
+
+   * A backend to be used for checking the tampering
+
+'''Experiment'''
+
+   A set of different requests are sent to the backend. Through a covert channel the client reports to the server the request it made.
+   These are the requests that are made:
+   
+   * For every HTTP request method the CaPitaLization is varied
+   * The content of the request is compressed using gzip and the gzip encoding header is added (Add more details?)
+
+'''Control'''
+
+   * The backend checks if the received request matches the one that the client claims to have sent.
+ 
+'''Output'''
+
+   * What kind of requests are being tampered with and the logs of the sent data and received data.
+
+'''Notes'''
+
+apparently they often remove the 'gzip' encoding by
+replacing it in-line with 'xxxx' or something similar - apparently this
+is to stop it from having to waste CPU on gzip decoding