Google Sites: Rammerhead Proxy

For educational/defensive understanding only.

If you are considering using such a proxy, understand:

Schools, libraries, and corporate IT departments face a dilemma. They cannot block sites.google.com because teachers use Google Sites for class assignments, HR departments use it for internal documentation, and teams use it for project wikis. Blocking Google Sites would break essential workflows. For educational/defensive understanding only

By hosting a Rammerhead proxy inside a Google Site, you are hiding your proxy traffic inside legitimate Google traffic. To a firewall, your request looks like it is accessing a harmless educational site, not a proxy server.

Crucial clarification: You cannot run Node.js server-side code directly on Google Sites. However, you can use Client-side Rammerhead Scrubber or an iframe embed strategy. The most common method is to host the Rammerhead client on a separate static host (like Vercel, Netlify, or Replit) and then embed it into a Google Site using an iframe. However, for pure "Google Sites" solutions, savvy users use a JavaScript redirect or HTML scrubber injection. Create a new Google Site

For the purposes of this article, let’s assume you have access to a pre-built Rammerhead instance. To cloak it with Google Sites:

Rammerhead Proxy on Google Sites is a method of using Google’s own infrastructure (Google Sites) to host a hidden, functional web proxy (Rammerhead). Because Google Sites is almost never blocked by school or corporate firewalls, it acts as a "Trojan horse"—a legitimate-looking page that loads a powerful circumvention tool. Once the user clicks the hidden link or button, the Rammerhead proxy loads, allowing them to browse blocked websites (YouTube, Discord, Reddit, etc.) through Google’s domain.