When Polipo is used with Tor, it is desirable to prevent client-side scripts from accessing sensitive information, because scripts may interact with remote sites. Even when Torbutton is used, scripts may still glean details about a user from Polipo's error messages and headers.
By default, Polipo sends the contents of proxyName and proxyPort,
as well as the local timezone, in a trailer beneath its error messages. In
addition, Polipo sends proxyName in Warning headers (see RFC 2616,
14.46).
The variable dontIdentifyToClients can be set to true to avoid
sending the trailer in error messages and send polipo as the pseudonym
in Warning headers.
It makes sense set disableLocalInterface (see Web interface)
along with dontIdentifyToClients.
To prevent information leaks to servers, see Censoring headers.