Giovanni Pellerano edited this page May 14, 2015 · 12 revisions

Tor2web does provide a technical facility to enable third party website, to verify if a user is connecting over Tor or not, called CheckTor for Tor2web .

This facility is implemented under the name CheckTor for Tor2web,following the example of the official CheckTor extension of Tor Project.

CheckTor for Tor2web matchs if a user it's on Tor or not, looking at it's source IP address or trough the X-Forwarded-For HTTP header (if available because deployed behind a reverse-proxy), matching it via the Onionoo web service.

CheckTor for Tor2web signals to the Web Client if the user is running Tor or not by using two different methods:

  • An HTTP Header X-Check-Tor with boolean True/False value in all HTTP Response by Tor2web

  • An HTTP Response under /checktor URI that's compatible with official CheckTor resource

The HTTP Response under /checktor enables inclusion by third party website, explicitly allowing Cross Site CORS headers.

CheckTor for Tor2web provides a very simple CheckTor Javascript file for use by third party websites that used to be published on the Internet AND on the Tor Hidden Service .onion, facilitating detection of Tor users and automatic redirection to the corresponding .onion .

The CheckTor JS can be integrated in 3 different way with public or private Tor2web servers:

  • included script resource from a remote Tor2web, loading a remote /checktor service

  • embedded CheckTor JS into your website HTML code, loading a remote /checktor service

  • embedded CheckTor JS into your website HTML code, loading a local /checktor service (proxed trough apache/nginx reverse-proxying, to avoid leaking your users IP address to CheckTor for Tor2web service, using X-Forwarded-For)

If you wish to use CheckTor to handle automatic redirection of Tor users to your corresponding .onion site, then you can download the CheckTor Javascript, include it in your website and configure as follow:


This will query the URLs of public servers and redirect the user to http://yourtorhs.onion if it's coming from Tor.

Feel free to use that javascript file as example to implement other logics in your website JS code.

The tickets implementing checktor are 221 and 209