+# enable-accept-filter 1
+#
+#enable-accept-filter 1
+#
+# 6.12. handle-as-empty-doc-returns-ok
+# =====================================
+#
+# Specifies:
+#
+# The status code Privoxy returns for pages blocked with
+# +handle-as-empty-document.
+#
+# Type of value:
+#
+# 0 or 1
+#
+# Default value:
+#
+# 0
+#
+# Effect if unset:
+#
+# Privoxy returns a status 403(forbidden) for all blocked pages.
+#
+# Effect if set:
+#
+# Privoxy returns a status 200(OK) for pages blocked with
+# +handle-as-empty-document and a status 403(Forbidden) for all
+# other blocked pages.
+#
+# Notes:
+#
+# This directive was added as a work-around for Firefox bug
+# 492459: "Websites are no longer rendered if SSL requests for
+# JavaScripts are blocked by a proxy."
+# (https://bugzilla.mozilla.org/show_bug.cgi?id=492459), the bug
+# has been fixed for quite some time, but this directive is also
+# useful to make it harder for websites to detect whether or not
+# resources are being blocked.
+#
+#handle-as-empty-doc-returns-ok 1
+#
+# 6.13. enable-compression
+# =========================
+#
+# Specifies:
+#
+# Whether or not buffered content is compressed before delivery.
+#
+# Type of value:
+#
+# 0 or 1
+#
+# Default value:
+#
+# 0
+#
+# Effect if unset:
+#
+# Privoxy does not compress buffered content.
+#
+# Effect if set:
+#
+# Privoxy compresses buffered content before delivering it to
+# the client, provided the client supports it.
+#
+# Notes:
+#
+# This directive is only supported if Privoxy has been compiled
+# with FEATURE_COMPRESSION, which should not to be confused with
+# FEATURE_ZLIB.
+#
+# Compressing buffered content is mainly useful if Privoxy and
+# the client are running on different systems. If they are
+# running on the same system, enabling compression is likely to
+# slow things down. If you didn't measure otherwise, you should
+# assume that it does and keep this option disabled.
+#
+# Privoxy will not compress buffered content below a certain
+# length.
+#
+#enable-compression 1
+#
+# 6.14. compression-level
+# ========================
+#
+# Specifies:
+#
+# The compression level that is passed to the zlib library when
+# compressing buffered content.
+#
+# Type of value:
+#
+# Positive number ranging from 0 to 9.
+#
+# Default value:
+#
+# 1
+#
+# Notes:
+#
+# Compressing the data more takes usually longer than
+# compressing it less or not compressing it at all. Which level
+# is best depends on the connection between Privoxy and the
+# client. If you can't be bothered to benchmark it for yourself,
+# you should stick with the default and keep compression
+# disabled.
+#
+# If compression is disabled, the compression level is
+# irrelevant.
+#
+# Examples:
+#
+# # Best speed (compared to the other levels)
+# compression-level 1
+#
+# # Best compression
+# compression-level 9
+#
+# # No compression. Only useful for testing as the added header
+# # slightly increases the amount of data that has to be sent.
+# # If your benchmark shows that using this compression level
+# # is superior to using no compression at all, the benchmark
+# # is likely to be flawed.
+# compression-level 0
+#
+#
+#compression-level 1
+#
+# 6.15. client-header-order
+# ==========================
+#
+# Specifies:
+#
+# The order in which client headers are sorted before forwarding
+# them.
+#
+# Type of value:
+#
+# Client header names delimited by spaces or tabs
+#
+# Default value:
+#
+# None
+#
+# Notes:
+#
+# By default Privoxy leaves the client headers in the order they
+# were sent by the client. Headers are modified in-place, new
+# headers are added at the end of the already existing headers.
+#
+# The header order can be used to fingerprint client requests
+# independently of other headers like the User-Agent.
+#
+# This directive allows to sort the headers differently to
+# better mimic a different User-Agent. Client headers will be
+# emitted in the order given, headers whose name isn't
+# explicitly specified are added at the end.
+#
+# Note that sorting headers in an uncommon way will make
+# fingerprinting actually easier. Encrypted headers are not
+# affected by this directive.
+#
+#client-header-order Host \
+# User-Agent \
+# Accept \
+# Accept-Language \
+# Accept-Encoding \
+# Proxy-Connection \
+# Referer \
+# Cookie \
+# DNT \
+# If-Modified-Since \
+# Cache-Control \
+# Content-Length \
+# Content-Type
+#
+#
+# 6.16. client-specific-tag
+# ==========================
+#
+# Specifies:
+#
+# The name of a tag that will always be set for clients that
+# requested it through the webinterface.
+#
+# Type of value:
+#
+# Tag name followed by a description that will be shown in the
+# webinterface
+#
+# Default value:
+#
+# None
+#
+# Notes:
+#
+# Client-specific tags allow Privoxy admins to create different
+# profiles and let the users chose which one they want without
+# impacting other users.
+#
+# One use case is allowing users to circumvent certain blocks
+# without having to allow them to circumvent all blocks. This is
+# not possible with the enable-remote-toggle feature because it
+# would bluntly disable all blocks for all users and also affect
+# other actions like filters. It also is set globally which
+# renders it useless in most multi-user setups.
+#
+# After a client-specific tag has been defined with the
+# client-specific-tag directive, action sections can be
+# activated based on the tag by using a CLIENT-TAG pattern. The
+# CLIENT-TAG pattern is evaluated at the same priority as URL
+# patterns, as a result the last matching pattern wins. Tags
+# that are created based on client or server headers are
+# evaluated later on and can overrule CLIENT-TAG and URL
+# patterns!
+#
+# The tag is set for all requests that come from clients that
+# requested it to be set. Note that "clients" are differentiated
+# by IP address, if the IP address changes the tag has to be
+# requested again.
+#
+# Clients can request tags to be set by using the CGI interface
+# http://config.privoxy.org/client-tags. The specific tag
+# description is only used on the web page and should be phrased
+# in away that the user understands the effect of the tag.
+#
+# Examples:
+#
+# # Define a couple of tags, the described effect requires action sections
+# # that are enabled based on CLIENT-TAG patterns.
+# client-specific-tag circumvent-blocks Overrule blocks but do not affect other actions
+# client-specific-tag disable-content-filters Disable content-filters but do not affect other actions
+# client-specific-tag overrule-redirects Overrule redirect sections
+# client-specific-tag allow-cookies Do not crunch cookies in either direction
+# client-specific-tag change-tor-socks-port Change forward-socks5 settings to use a different Tor socks port (and circuits)
+# client-specific-tag no-https-inspection Disable HTTPS inspection
+# client-specific-tag no-tls-verification Don't verify certificates when http-inspection is enabled
+#
+#
+# 6.17. client-tag-lifetime
+# ==========================
+#
+# Specifies:
+#
+# How long a temporarily enabled tag remains enabled.
+#
+# Type of value:
+#
+# Time in seconds.
+#
+# Default value:
+#
+# 60
+#
+# Notes:
+#
+# In case of some tags users may not want to enable them
+# permanently, but only for a short amount of time, for example
+# to circumvent a block that is the result of an overly-broad
+# URL pattern.
+#
+# The CGI interface http://config.privoxy.org/client-tags
+# therefore provides a "enable this tag temporarily" option. If
+# it is used, the tag will be set until the client-tag-lifetime
+# is over.
+#
+# Example:
+#
+# # Increase the time to life for temporarily enabled tags to 3 minutes
+# client-tag-lifetime 180
+#
+#
+#
+# 6.18. trust-x-forwarded-for
+# ============================
+#
+# Specifies:
+#
+# Whether or not Privoxy should use IP addresses specified with
+# the X-Forwarded-For header
+#
+# Type of value:
+#
+# 0 or one
+#
+# Default value:
+#
+# 0
+#
+# Notes:
+#
+# If clients reach Privoxy through another proxy, for example a
+# load balancer, Privoxy can't tell the client's IP address from
+# the connection. If multiple clients use the same proxy, they
+# will share the same client tag settings which is usually not
+# desired.
+#
+# This option lets Privoxy use the X-Forwarded-For header value
+# as client IP address. If the proxy sets the header, multiple
+# clients using the same proxy do not share the same client tag
+# settings.
+#
+# This option should only be enabled if Privoxy can only be
+# reached through a proxy and if the proxy can be trusted to set
+# the header correctly. It is recommended that ACL are used to
+# make sure only trusted systems can reach Privoxy.
+#
+# If access to Privoxy isn't limited to trusted systems, this
+# option would allow malicious clients to change the client tags
+# for other clients or increase Privoxy's memory requirements by
+# registering lots of client tag settings for clients that don't
+# exist.
+#
+# Example:
+#
+# # Allow systems that can reach Privoxy to provide the client
+# # IP address with a X-Forwarded-For header.
+# trust-x-forwarded-for 1
+#
+#
+#
+# 6.19. receive-buffer-size
+# ==========================
+#
+# Specifies:
+#
+# The size of the buffer Privoxy uses to receive data from the
+# server.
+#
+# Type of value:
+#
+# Size in bytes
+#
+# Default value:
+#
+# 5000
+#
+# Notes:
+#
+# Increasing the receive-buffer-size increases Privoxy's memory
+# usage but can lower the number of context switches and thereby
+# reduce the cpu usage and potentially increase the throughput.
+#
+# This is mostly relevant for fast network connections and large
+# downloads that don't require filtering.
+#
+# Reducing the buffer size reduces the amount of memory Privoxy
+# needs to handle the request but increases the number of
+# systemcalls and may reduce the throughput.
+#
+# A dtrace command like: "sudo dtrace -n 'syscall::read:return /
+# execname == "privoxy"/ { @[execname] = llquantize(arg0, 10, 0,
+# 5, 20); @m = max(arg0)}'" can be used to properly tune the
+# receive-buffer-size. On systems without dtrace, strace or
+# truss may be used as less convenient alternatives.
+#
+# If the buffer is too large it will increase Privoxy's memory
+# footprint without any benefit. As the memory is (currently)
+# cleared before using it, a buffer that is too large can
+# actually reduce the throughput.
+#
+# Example:
+#
+# # Increase the receive buffer size
+# receive-buffer-size 32768
+#
+#
+# 7. HTTPS INSPECTION (EXPERIMENTAL)
+# ===================================
+#
+# HTTPS inspection allows to filter encrypted requests and
+# responses. This is only supported when Privoxy has been built with
+# FEATURE_HTTPS_INSPECTION. If you aren't sure if your version
+# supports it, have a look at http://config.privoxy.org/show-status.
+#
+#
+# 7.1. ca-directory
+# ==================
+#
+# Specifies:
+#
+# Directory with the CA key, the CA certificate and the trusted
+# CAs file.
+#
+# Type of value:
+#
+# Text
+#
+# Default value:
+#
+# Empty string
+#
+# Effect if unset:
+#
+# Default value is used.
+#
+# Notes:
+#
+# This directive specifies the directory where the CA key, the
+# CA certificate and the trusted CAs file are located.
+#
+# The permissions should only let Privoxy and the Privoxy admin
+# access the directory.
+#
+# Example:
+#
+# ca-directory /usr/local/etc/privoxy/CA
+#
+#ca-directory /usr/local/etc/privoxy/CA
+#
+# 7.2. ca-cert-file
+# ==================
+#
+# Specifies:
+#
+# The CA certificate file in ".crt" format.
+#
+# Type of value:
+#
+# Text
+#
+# Default value:
+#
+# cacert.crt
+#
+# Effect if unset:
+#
+# Default value is used.
+#
+# Notes:
+#
+# This directive specifies the name of the CA certificate file
+# in ".crt" format.
+#
+# The file is used by Privoxy to generate website certificates
+# when https inspection is enabled with the https-inspection
+# action.
+#
+# Privoxy clients should import the certificate so that they can
+# validate the generated certificates.
+#
+# The file can be generated with: openssl req -new -x509
+# -extensions v3_ca -keyout cakey.pem -out cacert.crt -days 3650
+#
+# Example:
+#
+# ca-cert-file root.crt
+#
+#ca-cert-file cacert.crt
+#
+# 7.3. ca-key-file
+# =================
+#
+# Specifies:
+#
+# The CA key file in ".pem" format.
+#
+# Type of value:
+#
+# Text
+#
+# Default value:
+#
+# cacert.pem
+#
+# Effect if unset:
+#
+# Default value is used.
+#
+# Notes:
+#
+# This directive specifies the name of the CA key file in ".pem"
+# format. The ca-cert-file section contains a command to
+# generate it.
+#
+# Access to the key should be limited to Privoxy.
+#
+# Example:
+#
+# ca-key-file cakey.pem
+#
+#ca-key-file cakey.pem
+#
+# 7.4. ca-password
+# =================
+#
+# Specifies:
+#
+# The password for the CA keyfile.
+#
+# Type of value:
+#
+# Text
+#
+# Default value:
+#
+# Empty string
+#
+# Effect if unset:
+#
+# Default value is used.
+#
+# Notes:
+#
+# This directive specifies the password for the CA keyfile that
+# is used when Privoxy generates certificates for intercepted
+# requests.
+#
+# Note that the password is shown on the CGI page so don't reuse
+# an important one.
+#
+# Example:
+#
+# ca-password blafasel
+#
+#ca-password swordfish
+#
+# 7.5. certificate-directory
+# ===========================
+#
+# Specifies:
+#
+# Directory to save generated keys and certificates.
+#
+# Type of value:
+#
+# Text
+#
+# Default value:
+#
+# ./certs
+#
+# Effect if unset:
+#
+# Default value is used.
+#
+# Notes:
+#
+# This directive specifies the directory where generated TLS/SSL
+# keys and certificates are saved when https inspection is
+# enabled with the https-inspection action.
+#
+# The keys and certificates currently have to be deleted
+# manually when changing the ca-cert-file and the ca-cert-key.
+#
+# The permissions should only let Privoxy and the Privoxy admin
+# access the directory.
+#
+# +-----------------------------------------------------+
+# | Warning |
+# |-----------------------------------------------------|
+# |Privoxy currently does not garbage-collect obsolete |
+# |keys and certificates and does not keep track of how |
+# |may keys and certificates exist. |
+# | |
+# |Privoxy admins should monitor the size of the |
+# |directory and/or make sure there is sufficient space |
+# |available. A cron job to limit the number of keys and|
+# |certificates to a certain number may be worth |
+# |considering. |
+# +-----------------------------------------------------+
+# Example:
+#
+# certificate-directory /usr/local/var/privoxy/certs
+#
+#certificate-directory /usr/local/var/privoxy/certs
+#
+# 7.6. cipher-list
+# =================
+#
+# Specifies:
+#
+# A list of ciphers to use in TLS handshakes
+#
+# Type of value:
+#
+# Text
+#
+# Default value:
+#
+# None
+#
+# Effect if unset:
+#
+# A default value is inherited from the TLS library.
+#
+# Notes:
+#
+# This directive allows to specify a non-default list of ciphers
+# to use in TLS handshakes with clients and servers.
+#
+# Ciphers are separated by colons. Which ciphers are supported
+# depends on the TLS library. When using OpenSSL, unsupported
+# ciphers are skipped. When using MbedTLS they are rejected.
+#
+# +-----------------------------------------------------+
+# | Warning |
+# |-----------------------------------------------------|
+# |Specifying an unusual cipher list makes |
+# |fingerprinting easier. Note that the default list |
+# |provided by the TLS library may be unusual when |
+# |compared to the one used by modern browsers as well. |
+# +-----------------------------------------------------+
+# Examples:
+#
+# # Explicitly set a couple of ciphers with names used by MbedTLS
+# cipher-list cipher-list TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256:\
+# TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256:\
+# TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256:\
+# TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:\
+# TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384:\
+# TLS-ECDHE-ECDSA-WITH-AES-256-CCM:\
+# TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8:\
+# TLS-ECDHE-ECDSA-WITH-AES-128-CCM:\
+# TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8:\
+# TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256:\
+# TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384:\
+# TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:\
+# TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:\
+# TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256:\
+# TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384:\
+# TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:\
+# TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:\
+# TLS-DHE-RSA-WITH-AES-256-CCM:\
+# TLS-DHE-RSA-WITH-AES-256-CCM-8:\
+# TLS-DHE-RSA-WITH-AES-128-CCM:\
+# TLS-DHE-RSA-WITH-AES-128-CCM-8:\
+# TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256:\
+# TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384:\
+# TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256:\
+# TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384:\
+# TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256:\
+# TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384:\
+# TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256:\
+# TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384:\
+# TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256:\
+# TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384
+#
+#
+# # Explicitly set a couple of ciphers with names used by OpenSSL
+# cipher-list ECDHE-RSA-AES256-GCM-SHA384:\
+# ECDHE-ECDSA-AES256-GCM-SHA384:\
+# DH-DSS-AES256-GCM-SHA384:\
+# DHE-DSS-AES256-GCM-SHA384:\
+# DH-RSA-AES256-GCM-SHA384:\
+# DHE-RSA-AES256-GCM-SHA384:\
+# ECDH-RSA-AES256-GCM-SHA384:\
+# ECDH-ECDSA-AES256-GCM-SHA384:\
+# ECDHE-RSA-AES128-GCM-SHA256:\
+# ECDHE-ECDSA-AES128-GCM-SHA256:\
+# DH-DSS-AES128-GCM-SHA256:\
+# DHE-DSS-AES128-GCM-SHA256:\
+# DH-RSA-AES128-GCM-SHA256:\
+# DHE-RSA-AES128-GCM-SHA256:\
+# ECDH-RSA-AES128-GCM-SHA256:\
+# ECDH-ECDSA-AES128-GCM-SHA256:\
+# ECDHE-RSA-AES256-GCM-SHA384:\
+# AES128-SHA
+#
+#
+# # Use keywords instead of explicitly naming the ciphers (Does not work with MbedTLS)
+# cipher-list ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
+#
+#
+#
+# 7.7. trusted-cas-file
+# ======================
+#
+# Specifies:
+#
+# The trusted CAs file in ".pem" format.
+#
+# Type of value:
+#
+# File name relative to ca-directory
+#
+# Default value:
+#
+# trustedCAs.pem
+#
+# Effect if unset:
+#
+# Default value is used.
+#
+# Notes:
+#
+# This directive specifies the trusted CAs file that is used
+# when validating certificates for intercepted TLS/SSL requests.
+#
+# An example file can be downloaded from https://curl.se/ca/cacert.pem.
+# If you want to create the file yourself, please
+# see: https://curl.se/docs/caextract.html.
+#
+# Example:
+#
+# trusted-cas-file trusted_cas_file.pem
+#
+#trusted-cas-file trustedCAs.pem
+#
+# 8. WINDOWS GUI OPTIONS
+# =======================
+#
+# Privoxy has a number of options specific to the Windows GUI
+# interface:
+#
+#
+# If "activity-animation" is set to 1, the Privoxy icon will animate
+# when "Privoxy" is active. To turn off, set to 0.
+#
+#activity-animation 1
+#
+# If "log-messages" is set to 1, Privoxy copies log messages to the
+# console window. The log detail depends on the debug directive.
+#
+#log-messages 1
+#
+# If "log-buffer-size" is set to 1, the size of the log buffer, i.e.
+# the amount of memory used for the log messages displayed in the
+# console window, will be limited to "log-max-lines" (see below).
+#
+# Warning: Setting this to 0 will result in the buffer to grow
+# infinitely and eat up all your memory!
+#
+#log-buffer-size 1
+#
+#
+#
+# log-max-lines is the maximum number of lines held in the log
+# buffer. See above.
+#
+#log-max-lines 200
+#
+#
+#
+# If "log-highlight-messages" is set to 1, Privoxy will highlight
+# portions of the log messages with a bold-faced font:
+#
+#log-highlight-messages 1
+#
+#
+#
+# The font used in the console window:
+#
+#log-font-name Comic Sans MS
+#
+#
+#
+# Font size used in the console window:
+#
+#log-font-size 8
+#
+#
+#
+# "show-on-task-bar" controls whether or not Privoxy will appear as
+# a button on the Task bar when minimized:
+#
+#show-on-task-bar 0
+#
+#
+#
+# If "close-button-minimizes" is set to 1, the Windows close button
+# will minimize Privoxy instead of closing the program (close with
+# the exit option on the File menu).
+#
+#close-button-minimizes 1
+#
+#
+#
+# The "hide-console" option is specific to the MS-Win console
+# version of Privoxy. If this option is used, Privoxy will
+# disconnect from and hide the command console.
+#
+#hide-console