What is this Squid?
From the Squid site: 
Squid: Optimising Web Delivery
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator. It runs on most available operating systems, including Windows and is licensed under the GNU GPL.
Read the rest here: 
Installation & Configuration
Enter the following in the Terminal:
$ sudo pacman -S squid lsof $ sudo systemctl enable squid $ sudo squid -z $ sudo systemctl start squid
This installs the Squid daemon & gets it up & running. Now we want it to only make the headers we authorize available. Headers give away an enormous amount of identifying information, ranging from your name to MAC to OS & more. It is also really cool to surf around disguised as a Googlebot. When admins check their server logs & see a Googlebot they move right along...
We need to make some changes to /etc/squid/squid.conf . The easiest way for most users would be to replace yours with a copy of mine, which follows:
# # Recommended minimum configuration: # # Example rule allowing access from your local networks. # Adapt to list your (internal) IP networks from where browsing # should be allowed: #acl localnet src 10.0.0.0/8 # RFC1918 possible internal network #acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.1.0/32 # RFC1918 possible internal network #acl localnet src fc00::/7 # RFC 4193 local private network range #acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT # # Recommended minimum Access Permission configuration: # # Deny requests to certain unsafe ports http_access deny !Safe_ports # Deny CONNECT to other than secure SSL ports http_access deny CONNECT !SSL_ports # Only allow cachemgr access from localhost http_access allow localhost manager http_access deny manager # We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only # one who can access services on "localhost" is a local user http_access deny to_localhost # # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # # Example rule allowing access from your local networks. # Adapt localnet in the ACL section to list your (internal) IP networks # from where browsing should be allowed http_access allow localnet http_access allow localhost # And finally deny all other access to this proxy http_access deny all #************************************************************* # Check user agent at http://proxydetect.com/ request_header_access Allow deny all request_header_replace User-Agent Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) request_header_access User-Agent deny all request_header_access Authorization allow all request_header_access WWW-Authenticate allow all request_header_access Proxy-Authorization allow all request_header_access Proxy-Authenticate allow all request_header_access Cache-Control allow all request_header_access Content-Encoding allow all request_header_access Content-Length allow all request_header_access Content-Type allow all request_header_access Transfer-Encoding allow all request_header_access Set-Cookie allow all request_header_access Cookie allow all request_header_access Proxy-Connection allow all request_header_access User-Agent allow all request_header_replace X-Forwarded-For 127.0.0.1 # request_header_access X-Forwarded-For deny all request_header_access Via deny all request_header_access Server deny all request_header_access Date allow all request_header_access Expires allow all request_header_access Host allow all request_header_access If-Modified-Since allow all request_header_access Last-Modified allow all request_header_access Pragma allow all request_header_access Accept allow all request_header_access Accept-Charset allow all request_header_access Accept-Encoding allow all request_header_access Accept-Language allow all request_header_access Content-Language allow all request_header_access Mime-Version allow all request_header_access Retry-After allow all request_header_access Title allow all request_header_access Connection allow all request_header_access All deny all # Disable cache on any page that uses cgi scripts or has a query parameter or # is a css file. Furthermore, we can add domains to # /etc/squid/list/not-to-cache.conf – one domain per line – which will not be # cached by Squid afterwards. hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? \.css no_cache deny QUERY #acl NOT_TO_CACHE dstdomain "/etc/squid/list/not-to-cache.conf" #no_cache deny NOT_TO_CACHE #********************************************************************* # # although many of those are HTTP reply headers, and so should be # controlled with the reply_header_access directive. # # By default, all headers are allowed (no anonymizing is # performed). #Default: # none # TAG: reply_header_access # Usage: reply_header_access header_name allow|deny [!]aclname ... # # WARNING: Doing this VIOLATES the HTTP standard. Enabling # this feature could make you liable for problems which it # causes. # # This option only applies to reply headers, i.e., from the # server to the client. # # This is the same as request_header_access, but in the other # direction. Please see request_header_access for detailed # documentation. # # For example, to achieve the same behavior as the old # 'http_anonymizer standard' option, you should use: # # reply_header_access From deny all # reply_header_access Referer deny all # reply_header_access Server deny all # reply_header_access User-Agent deny all # reply_header_access WWW-Authenticate deny all # reply_header_access Link deny all # # Or, to reproduce the old 'http_anonymizer paranoid' feature # you should use: # #****************************************************************** reply_header_access Allow allow all reply_header_access Authorization allow all reply_header_access WWW-Authenticate allow all reply_header_access Proxy-Authorization allow all reply_header_access Proxy-Authenticate allow all reply_header_access Cache-Control allow all reply_header_access Content-Encoding allow all reply_header_access Content-Length allow all reply_header_access Content-Type allow all reply_header_access Transfer-Encoding allow all reply_header_access Set-Cookie allow all reply_header_access Cookie allow all reply_header_access Proxy-Connection allow all reply_header_access User-Agent allow all reply_header_access X-Forwarded-For deny all reply_header_access Via deny all reply_header_access Server deny all reply_header_access Date allow all reply_header_access Expires allow all reply_header_access Host allow all reply_header_access If-Modified-Since allow all reply_header_access Last-Modified allow all reply_header_access Location allow all reply_header_access Pragma allow all reply_header_access Accept allow all reply_header_access Accept-Charset allow all reply_header_access Accept-Encoding allow all reply_header_access Accept-Language allow all reply_header_access Content-Language allow all reply_header_access Mime-Version allow all reply_header_access Retry-After allow all reply_header_access Title allow all reply_header_access Connection allow all reply_header_access All deny all #*************************************************************** # Squid normally listens to port 3128 http_port 3128 # Uncomment and adjust the following to add a disk cache directory. #cache_dir ufs /var/cache/squid 100 16 256 # Leave coredumps in the first cache dir coredump_dir /var/cache/squid # # Add any of your own refresh_pattern entries above these. # refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320
Note: Be sure to change acl localnet src found in the first section of the squid.conf file, to match your LAN's class C:  IP address range(s).
In the above squid.conf, Header denial starts by denying all, & then selectively allowing.
Save any changes that you have made to the squid.conf file.
Restart & Test Squid
Enter the following two commands in the Terminal:
$ sudo systemctl restart squid $ sudo lsof -i -n -P |grep 3128 squid 4236 proxy 4u IPv4 49302 0t0 TCP 127.0.0.1:3128 (LISTEN)
If you see a similar output as line three above, then Squid is running. (If not, check /var/log/squid3/cache.log)
Testing your Squid
Start your browser & go to the following link:  where you will find that from reading your headers, the site knows who you are & what you are running...
Set Squid as your proxy
In Firefox do the following: Edit > Preferences > Advanced > Network > Settings then highlight Manual Proxy Configuration & enter the following;-
HTTP Proxy: 127.0.0.1 Port: 3128 Check - Use this proxy server for all protocols Hit <OK> Now reload the website & test your work: 
The results should be dramatically different now. Not only does it think you're a Google.bot spidering the web, it can't see many more headers that are being withheld in an effort to prevent information about you leaking to just about every server your machine hits on the internet.
Using Squid day to day, will improve your page load times as the cache optimizes itself.
We have the need to turn Squid ON/OFF
Note: It is highly recommended that you find a browser add-on that allows you to turn Squid ON/OFF with the click of a mouse button. Some web sites will deny you access when Squid is running, due to the limited amount of data that they are given about you.
If there is no add-on option for your browser, you could use two aliases in your ~/.bashrc that turn Squid on & off by entering a couple of letters (the alias) at the terminal prompt. These aliases (or the commands themselves) could also be added to the menu of your WM/DE, & or be made to work with a key combination on your keyboard. I'll create a couple of aliases later & add them to this page.
Easily Turn Squid ON/OFF in Firefox
Installing the Swap Proxy Firefox add-on:  Allows you to easily set Swap Proxy to swap between it & no proxy via the simple GUI.
To setup Squid after you have installed Swap Proxy:
Right click on the Swap Proxy icon which defaults to the bottom right corner on the add-on bar of the browser. This will bring up the preferences box, in which you:
Check - Manual Proxy Configuration Manual Proxy: 127.0.0.1 Port: 3128 Check - Use this proxy server for all protocols Check - Automatically Switch ON Proxy (or your alternate choice) Hit <OK> & you are done.
In the Terminal, if you check:
$ sudo systemctl status squid
... and part of it is:
Jul 17 12:52:21 jarmano squid: Starting Squid Cache version 3.3.8 for x86_64-unknown-l...u... Jul 17 12:52:21 jarmano squid: chdir: /var/spool/squid: (2) No such file or directory Jul 17 12:52:21 jarmano systemd: squid.service: Supervising process 4061 which is not our...its.
Your caching directory has not been created.
So enter the following in the Terminal:
$ sudo squid -z $ sudo chown -R proxy:proxy /var/spool/squid $ sudo systemctl restart squid $ sudo systemctl -l status squid
& see how that looks.
Following is a link to this page's forum counterpart where you can post any related feedback: