Retrospective on In-Flight Web Page Modifications

[ Your results | Overview | How it works | Our findings | Privacy Policy | Contact us ]

Your results

Thanks for participating in our measurement study! The following frames show your results (whether or not in-flight page modifications were found) for our five different test web pages:


There are a number of entities that have access, or can gain access to the content of clients' web requests and responses, such as Internet Service Providers (ISPs), enterprises, software running on the clients' devices, and malicious adversaries. Over the years, reports have shown evidence of these different entities modifying clients' web page requests, for a variety of reasons; for example, ISPs inject ads into web pages to increase revenue.

In 2007, a research group at the University of Washington conducted an experiment to measure how often these web page modifications occur in practice. They classified how often page modifications occured and who was responsible for the modifications; their findings are explained in this paper. While they found about 1.3% of clients saw page modifications, it has been a decade since this was measured.

This project is a retrospective on the previous work that measured page modifications. Our goal is to measure and analyze how often in-flight page modifications occur today, quantify how much this differs from 10 years ago, and identify which entities are responsible for the change in web page modifications.

How it works

As a visitor of this page, you are helping us measure web page modifications. We use the same measurement methodology as described in the original paper. Here we describe a high-level view of our methods.

When you visit this page, you also load pages from the following domains (owned by us):,,,, and These pages are sent along with a "web tripwire," which compares a known good representation of the web page with the version of the web page that you see. If the "web tripwire" detects any in-flight page modifications, it sends us a copy of the HTML that you saw.

We analyze all resulting page modifications and classify what type of entity they were caused by, what the modification's consequences are, and (if possible) attribute the modification to a specific ISP, enterprise, or company. We will be posting our results on this page in Our findings.

Our findings

Once we complete our measurements, we'll list updates here. Stay tuned!

Privacy Policy

We minimize the information that we must collect in order to still detect page modifications. If we detect modifications, then we record the page differences. Additionally, we record information that web servers normally record, such as IP address, browser type, date and time of page request, and a cookie to differentiate between users.

In publicizing our results, we will not publish any IP addresses, or any identifying information found in the page modifications. As part of our modification classification, we may identify any ISPs or software that make modifications.

Contact us

If you have any questions or feedback, please don’t hesitate to get in touch with us.