Now NaiveProxy will send realistic Chrome requests as preambles before and during tunneled TLS handshakes, making traffic analysis based on the initial period of TLS connections much harder.
The preamble URLs are extracted from the root page source of the fronting web server, and can be configured by editing the root page.
Other notes about Caddyfile:
Prevent Caddy from logging http.log.error http2: stream closed which contains user activity information:
{
log {
exclude http.log.error # Avoid logging user activity
}
}
A realistic fronting website should enable content compression:
:443, example.com {
encode
}