+www.example.com/
+
+ is a domain-only pattern and will match any request to www.example.com,
+ regardless of which document on that server is requested.
+
+www.example.com
+
+ means exactly the same. For domain-only patterns, the trailing / may be
+ omitted.
+
+www.example.com/index.html
+
+ matches only the single document /index.html on www.example.com.
+
+/index.html
+
+ matches the document /index.html, regardless of the domain, i.e. on any web
+ server.
+
+index.html
+
+ matches nothing, since it would be interpreted as a domain name and there
+ is no top-level domain called .html.
+
+-------------------------------------------------------------------------------
+
+9.4.1. The Domain Pattern
+
+The matching of the domain part offers some flexible options: if the domain
+starts or ends with a dot, it becomes unanchored at that end. For example:
+
+.example.com
+
+ matches any domain that ENDS in .example.com
+
+www.
+
+ matches any domain that STARTS with www.
+
+.example.
+
+ matches any domain that CONTAINS .example. (Correctly speaking: It matches
+ any FQDN that contains example as a domain.)
+
+Additionally, there are wild-cards that you can use in the domain names
+themselves. They work pretty similar to shell wild-cards: "*" stands for zero
+or more arbitrary characters, "?" stands for any single character, you can
+define character classes in square brackets and all of that can be freely
+mixed:
+
+ad*.example.com
+
+ matches "adserver.example.com", "ads.example.com", etc but not
+ "sfads.example.com"
+
+*ad*.example.com
+
+ matches all of the above, and then some.
+
+.?pix.com
+
+ matches www.ipix.com, pictures.epix.com, a.b.c.d.e.upix.com etc.
+
+www[1-9a-ez].example.c*
+
+ matches www1.example.com, www4.example.cc, wwwd.example.cy,
+ wwwz.example.com etc., but not wwww.example.com.
+
+-------------------------------------------------------------------------------
+
+9.4.2. The Path Pattern
+
+Privoxy uses Perl compatible regular expressions (through the PCRE library) for
+matching the path.
+
+There is an Appendix with a brief quick-start into regular expressions, and
+full (very technical) documentation on PCRE regex syntax is available on-line
+at http://www.pcre.org/man.txt. You might also find the Perl man page on
+regular expressions (man perlre) useful, which is available on-line at http://
+www.perldoc.com/perl5.6/pod/perlre.html.
+
+Note that the path pattern is automatically left-anchored at the "/", i.e. it
+matches as if it would start with a "^" (regular expression speak for the
+beginning of a line).
+
+Please also note that matching in the path is case INSENSITIVE by default, but
+you can switch to case sensitive at any point in the pattern by using the "(?
+-i)" switch: www.example.com/(?-i)PaTtErN.* will match only documents whose
+path starts with PaTtErN in exactly this capitalization.
+
+-------------------------------------------------------------------------------
+
+9.5. Actions
+
+All actions are disabled by default, until they are explicitly enabled
+somewhere in an actions file. Actions are turned on if preceded with a "+", and
+turned off if preceded with a "-". So a "+action" means "do that action", e.g.
+"+block" means please "block the following URL patterns".
+
+Actions are invoked by enclosing the action name in curly braces (e.g.
+{+some_action}), followed by a list of URLs (or patterns that match URLs) to
+which the action applies. There are three classes of actions:
+
+ * Boolean, i.e the action can only be "on" or "off". Examples:
+
+ {+name} # enable this action
+ {-name} # disable this action
+
+
+ * Parameterized, e.g. "+/-hide-user-agent{ Mozilla 1.0 }", where some value
+ is required in order to enable this type of action. Examples:
+
+ {+name{param}} # enable action and set parameter to "param"
+ {-name} # disable action ("parameter") can be omitted
+
+
+ * Multi-value, e.g. "{+/-add-header{Name: value}}" or "{+/-send-wafer{name=
+ value}}"), where some value needs to be defined in addition to simply
+ enabling the action. Examples:
+
+ {+name{param=value}} # enable action and set "param" to "value"
+ {-name{param=value}} # remove the parameter "param" completely
+ {-name} # disable this action totally and remove param too
+
+
+If nothing is specified in any actions file, no "actions" are taken. So in this
+case Privoxy would just be a normal, non-blocking, non-anonymizing proxy. You
+must specifically enable the privacy and blocking features you need (although
+the provided default actions files will give a good starting point).
+
+Later defined actions always over-ride earlier ones. So exceptions to any rules
+you make, should come in the latter part of the file (or in a file that is
+processed later when using multiple actions files). For multi-valued actions,
+the actions are applied in the order they are specified. Actions files are
+processed in the order they are defined in config (the default installation has
+three actions files). It also quite possible for any given URL pattern to match
+more than one action!
+
+The list of valid Privoxy "actions" are:
+
+-------------------------------------------------------------------------------
+
+9.5.1. +add-header
+
+Type:
+
+ Multi-value.
+
+Typical uses:
+
+ Send a user defined HTTP header to the web server.
+
+Possible values:
+
+ Any value is possible. Validity of the defined HTTP headers is not checked.
+
+Example usage:
+
+ {+add-header{X-User-Tracking: sucks}}
+ .example.com
+
+
+Notes:
+
+ This action may be specified multiple times, in order to define multiple
+ headers. This is rarely needed for the typical user. If you don't know what
+ "HTTP headers" are, you definitely don't need to worry about this one.
+
+-------------------------------------------------------------------------------
+
+9.5.2. +block
+
+Type:
+
+ Boolean.
+
+Typical uses:
+
+ Used to block a URL from reaching your browser. The URL may be anything,
+ but is typically used to block ads or other obnoxious content.
+
+Possible values:
+
+ N/A
+
+Example usage:
+
+ {+block}
+ .banners.example.com
+ .ads.r.us
+
+
+Notes:
+
+ If a URL matches one of the blocked patterns, Privoxy will intercept the
+ URL and display its special "BLOCKED" page instead. If there is sufficient
+ space, a large red banner will appear with a friendly message about why the
+ page was blocked, and a way to go there anyway. If there is insufficient
+ space a smaller "BLOCKED" page will appear without the red banner. Click
+ here to view the default blocked HTML page (Privoxy must be running for
+ this to work as intended!).
+
+ A very important exception is if the URL matches both "+block" and
+ "+handle-as-image", then it will be handled by "+set-image-blocker" (see
+ below). It is important to understand this process, in order to understand
+ how Privoxy is able to deal with ads and other objectionable content.
+
+ The "+filter" action can also perform some of the same functionality as
+ "+block", but by virtue of very different programming techniques, and is
+ most often used for different reasons.
+
+-------------------------------------------------------------------------------
+
+9.5.3. +deanimate-gifs
+
+Type:
+
+ Parameterized.
+
+Typical uses:
+
+ To stop those annoying, distracting animated GIF images.
+
+Possible values:
+
+ "last" or "first"
+
+Example usage:
+
+ {+deanimate-gifs{last}}
+ .example.com
+
+
+Notes:
+
+ De-animate all animated GIF images, i.e. reduce them to their last frame.
+ This will also shrink the images considerably (in bytes, not pixels!). If
+ the option "first" is given, the first frame of the animation is used as
+ the replacement. If "last" is given, the last frame of the animation is
+ used instead, which probably makes more sense for most banner animations,
+ but also has the risk of not showing the entire last frame (if it is only a
+ delta to an earlier frame).
+
+-------------------------------------------------------------------------------
+
+9.5.4. +downgrade-http-version
+
+Type:
+
+ Boolean.
+
+Typical uses:
+
+ "+downgrade-http-version" will downgrade HTTP/1.1 client requests to HTTP/
+ 1.0 and downgrade the responses as well.
+
+Possible values:
+
+ N/A
+
+Example usage:
+
+ {+downgrade-http-version}
+ .example.com
+
+
+Notes:
+
+ Use this action for servers that use HTTP/1.1 protocol features that
+ Privoxy doesn't handle well yet. HTTP/1.1 is only partially implemented.
+ Default is not to downgrade requests. This is an infrequently needed
+ action, and is used to help with rare problem sites only.
+
+-------------------------------------------------------------------------------
+
+9.5.5. +fast-redirects
+
+Type:
+
+ Boolean.
+
+Typical uses:
+
+ The "+fast-redirects" action enables interception of "redirect" requests
+ from one server to another, which are used to track users.Privoxy can cut
+ off all but the last valid URL in a redirect request and send a local
+ redirect back to your browser without contacting the intermediate site(s).
+
+Possible values:
+
+ N/A
+
+Example usage:
+
+ {+fast-redirects}
+ .example.com
+
+
+Notes:
+
+ Many sites, like yahoo.com, don't just link to other sites. Instead, they
+ will link to some script on their own server, giving the destination as a
+ parameter, which will then redirect you to the final target. URLs resulting
+ from this scheme typically look like: http://some.place/some_script?http://
+ some.where-else.
+
+ Sometimes, there are even multiple consecutive redirects encoded in the
+ URL. These redirections via scripts make your web browsing more traceable,
+ since the server from which you follow such a link can see where you go to.
+ Apart from that, valuable bandwidth and time is wasted, while your browser
+ ask the server for one redirect after the other. Plus, it feeds the
+ advertisers.
+
+ This is a normally "on" feature, and often requires exceptions for sites
+ that are sensitive to defeating this mechanism.
+
+-------------------------------------------------------------------------------
+
+9.5.6. +filter
+
+Type:
+
+ Parameterized.
+
+Typical uses:
+
+ Apply page filtering as defined by named sections of the default.filter
+ file to the specified site(s). "Filtering" can be any modification of the
+ raw page content, including re-writing or deletion of content.
+
+Possible values:
+
+ "+filter" must include the name of one of the section identifiers from
+ default.filter (or whatever filterfile is specified in config).
+
+Example usage (from the current default.filter):
+
+ +filter{html-annoyances}: Get rid of particularly annoying HTML abuse.
+
+ +filter{js-annoyances}: Get rid of particularly annoying JavaScript abuse
+
+ +filter{content-cookies}: Kill cookies that come in the HTML or JS content
+
+ +filter{popups}: Kill all popups in JS and HTML
+
+ +filter{frameset-borders}: Give frames a border and make them resizable
+
+ +filter{webbugs}: Squish WebBugs (1x1 invisible GIFs used for user
+ tracking)
+
+ +filter{refresh-tags}: Kill automatic refresh tags (for dial-on-demand
+ setups)
+
+ +filter{fun}: Text replacements for subversive browsing fun!
+
+ +filter{nimda}: Remove Nimda (virus) code.
+
+ +filter{banners-by-size}: Kill banners by size (very efficient!)
+
+ +filter{shockwave-flash}: Kill embedded Shockwave Flash objects
+
+ +filter{crude-parental}: Kill all web pages that contain the words "sex" or
+ "warez"
+
+Notes:
+
+ This is potentially a very powerful feature! And requires a knowledge of
+ regular expressions if you want to "roll your own". Filtering operates on a
+ line by line basis throughout the entire page.
+
+ Filtering requires buffering the page content, which may appear to slow
+ down page rendering since nothing is displayed until all content has passed
+ the filters. (It does not really take longer, but seems that way since the
+ page is not incrementally displayed.) This effect will be more noticeable
+ on slower connections.
+
+ Filtering can achieve some of the effects as the "+block" action, i.e. it
+ can be used to block ads and banners. In the overall scheme of things,
+ filtering is one of the first things "Privoxy" does with a web page. So
+ other most other actions are applied to the already "filtered" page.
+
+-------------------------------------------------------------------------------
+
+9.5.7. +hide-forwarded-for-headers
+
+Type:
+
+ Boolean.
+
+Typical uses:
+
+ Block any existing X-Forwarded-for HTTP header, and do not add a new one.
+
+Possible values:
+
+ N/A
+
+Example usage:
+
+ {+hide-forwarded-for-headers}
+ .example.com
+
+
+Notes:
+
+ It is fairly safe to leave this on. It does not seem to break many sites.
+
+-------------------------------------------------------------------------------
+
+9.5.8. +hide-from-header
+
+Type:
+
+ Parameterized.
+
+Typical uses:
+
+ To block the browser from sending your email address in a "From:" header.
+
+Possible values:
+
+ Keyword: "block", or any user defined value.
+
+Example usage:
+
+ {+hide-from-header{block}}
+ .example.com
+
+
+Notes:
+
+ The keyword "block" will completely remove the header (not to be confused
+ with the "+block" action). Alternately, you can specify any value you
+ prefer to send to the web server.
+
+-------------------------------------------------------------------------------
+
+9.5.9. +hide-referer
+
+Type:
+
+ Parameterized.
+
+Typical uses:
+
+ Don't send the "Referer:" (sic) HTTP header to the web site. Or,
+ alternately send a forged header instead.
+
+Possible values:
+
+ Prevent the header from being sent with the keyword, "block". Or, "forge" a
+ URL to one from the same server as the request. Or, set to user defined
+ value of your choice.
+
+Example usage:
+
+ {+hide-referer{forge}}
+ .example.com
+
+
+Notes:
+
+ "forge" is the preferred option here, since some servers will not send
+ images back otherwise.
+
+ "+hide-referrer" is an alternate spelling of "+hide-referer". It has the
+ exact same parameters, and can be freely mixed with, "+hide-referer".
+ ("referrer" is the correct English spelling, however the HTTP specification
+ has a bug - it requires it to be spelled as "referer".)
+
+-------------------------------------------------------------------------------
+
+9.5.10. +hide-user-agent
+
+Type:
+
+ Parameterized.
+
+Typical uses:
+
+ To change the "User-Agent:" header so web servers can't tell your browser
+ type. Who's business is it anyway?
+
+Possible values:
+
+ Any user defined string.
+
+Example usage:
+
+ {+hide-user-agent{Netscape 6.1 (X11; I; Linux 2.4.18 i686)}}
+ .msn.com
+
+
+Notes:
+
+ Warning! This breaks many web sites that depend on this in order to
+ determine how the target browser will respond to various requests. Use with
+ caution.
+
+-------------------------------------------------------------------------------
+
+9.5.11. +handle-as-image
+
+Type:
+
+ Boolean.
+
+Typical uses:
+
+ To define what Privoxy should treat automatically as an image, and is an
+ important ingredient of how ads are handled.
+
+Possible values:
+
+ N/A
+
+Example usage:
+
+ {+handle-as-image}
+ /.*\.(gif|jpg|jpeg|png|bmp|ico)
+
+
+Notes:
+
+ This only has meaning if the URL (or pattern) also is "+block"ed, in which
+ case a user definable image can be sent rather than a HTML page. This is
+ integral to the whole concept of ad blocking: the URL must match both a
+ "+block" rule, and "+handle-as-image". (See "+set-image-blocker" below for
+ control over what will actually be displayed by the browser.)
+
+ There is little reason to change the default definition for this action.
+
+-------------------------------------------------------------------------------
+
+9.5.12. +set-image-blocker
+
+Type:
+
+ Parameterized.
+
+Typical uses:
+
+ Decide what to do with URLs that end up tagged with both "+block" and
+ "+handle-as-image", e.g an advertisement.
+
+Possible values:
+
+ There are four available options: "-set-image-blocker" will send a HTML
+ "blocked" page, usually resulting in a "broken image" icon.
+ "+set-image-blocker{blank}" will send a 1x1 transparent GIF image.
+ "+set-image-blocker{pattern}" will send a checkerboard type pattern (the
+ default). And finally, "+set-image-blocker{http://xyz.com}" will send a
+ HTTP temporary redirect to the specified image. This has the advantage of
+ the icon being being cached by the browser, which will speed up the
+ display.
+
+Example usage:
+
+ {+set-image-blocker{blank}}
+ .example.com
+
+
+Notes:
+
+ If you want invisible ads, they need to meet criteria as matching both
+ images and blocked actions. And then, "image-blocker" should be set to
+ "blank" for invisibility. Note you cannot treat HTML pages as images in
+ most cases. For instance, frames require an HTML page to display. So a
+ frame that is an ad, typically cannot be treated as an image. Forcing an
+ "image" in this situation just will not work reliably.
+
+-------------------------------------------------------------------------------
+
+9.5.13. +limit-connect
+
+Type:
+
+ Parameterized.
+
+Typical uses:
+
+ By default, Privoxy only allows HTTP CONNECT requests to port 443 (the
+ standard, secure HTTPS port). Use "+limit-connect" to disable this
+ altogether, or to allow more ports.
+
+Possible values:
+
+ Any valid port number, or port number range.
+
+Example usages:
+
+ +limit-connect{443} #
+ This is the default and need not be specified.
+ +limit-connect{80,443} # Ports 80 and 443 are OK.
+ +limit-connect{-3, 7, 20-100, 500-} #
+ Port less than 3, 7, 20 to 100 and above 500 are OK.
+
+
+Notes:
+
+ The CONNECT methods exists in HTTP to allow access to secure websites
+ (https:// URLs) through proxies. It works very simply: the proxy connects
+ to the server on the specified port, and then short-circuits its
+ connections to the client and to the remote proxy. This can be a big
+ security hole, since CONNECT-enabled proxies can be abused as TCP relays
+ very easily.
+
+ If you want to allow CONNECT for more ports than this, or want to forbid
+ CONNECT altogether, you can specify a comma separated list of ports and
+ port ranges (the latter using dashes, with the minimum defaulting to 0 and
+ max to 65K).
+
+ If you don't know what any of this means, there probably is no reason to
+ change this one.
+
+-------------------------------------------------------------------------------