+ <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+>+filter{js-annoyances} # Get rid of particularly annoying JavaScript abuse.</PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+><P
+> <A
+NAME="FILTER-JS-EVENTS"
+></A
+>
+ <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+>+filter{js-events} # Kill all JS event bindings and timers (Radically destructive! Only for extra nasty sites).</PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+><P
+> <A
+NAME="FILTER-HTML-ANNOYANCES"
+></A
+>
+ <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+>+filter{html-annoyances} # Get rid of particularly annoying HTML abuse.</PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+><P
+> <A
+NAME="FILTER-CONTENT-COOKIES"
+></A
+>
+ <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+>+filter{content-cookies} # Kill cookies that come in the HTML or JS content.</PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+><P
+> <A
+NAME="FILTER-REFRESH-TAGS"
+></A
+>
+ <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+>+filter{refresh-tags} # Kill automatic refresh tags (for dial-on-demand setups).</PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+><P
+> <A
+NAME="FILTER-UNSOLICITED-POPUPS"
+></A
+>
+ <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+>+filter{unsolicited-popups} # Disable only unsolicited pop-up windows. Useful if your browser lacks this ability.</PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+><P
+> <A
+NAME="FILTER-ALL-POPUPS"
+></A
+>
+ <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+>+filter{all-popups} # Kill all popups in JavaScript and HTML. Useful if your browser lacks this ability.</PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+><P
+> <A
+NAME="FILTER-IMG-REORDER"
+></A
+>
+ <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+>+filter{img-reorder} # Reorder attributes in <img> tags to make the banners-by-* filters more effective.</PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+><P
+> <A
+NAME="FILTER-BANNERS-BY-SIZE"
+></A
+>
+ <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+>+filter{banners-by-size} # Kill banners by size.</PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+><P
+> <A
+NAME="FILTER-BANNERS-BY-LINK"
+></A
+>
+ <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+>+filter{banners-by-link} # Kill banners by their links to known clicktrackers.</PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+><P
+> <A
+NAME="FILTER-WEBBUGS"
+></A
+>
+ <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+>+filter{webbugs} # Squish WebBugs (1x1 invisible GIFs used for user tracking).</PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+><P
+> <A
+NAME="FILTER-TINY-TEXTFORMS"
+></A
+>
+ <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+>+filter{tiny-textforms} # Extend those tiny textareas up to 40x80 and kill the hard wrap.</PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+><P
+> <A
+NAME="FILTER-JUMPING-WINDOWS"
+></A
+>
+ <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+>+filter{jumping-windows} # Prevent windows from resizing and moving themselves.</PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+><P
+> <A
+NAME="FILTER-FRAMESET-BORDERS"
+></A
+>
+ <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+>+filter{frameset-borders} # Give frames a border and make them resizable.</PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+><P
+> <A
+NAME="FILTER-DEMORONIZER"
+></A
+>
+ <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+>+filter{demoronizer} # Fix MS's non-standard use of standard charsets.</PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+><P
+> <A
+NAME="FILTER-SHOCKWAVE-FLASH"
+></A
+>
+ <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+>+filter{shockwave-flash} # Kill embedded Shockwave Flash objects.</PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+><P
+> <A
+NAME="FILTER-QUICKTIME-KIOSKMODE"
+></A
+>
+ <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+>+filter{quicktime-kioskmode} # Make Quicktime movies saveable.</PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+><P
+> <A
+NAME="FILTER-FUN"
+></A
+>
+ <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+>+filter{fun} # Text replacements for subversive browsing fun!</PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+><P
+> <A
+NAME="FILTER-CRUDE-PARENTAL"
+></A
+>
+ <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+>+filter{crude-parental} # Crude parental filtering. Note that this filter doesn't work reliably.</PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+><P
+> <A
+NAME="FILTER-IE-EXPLOITS"
+></A
+>
+ <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+>+filter{ie-exploits} # Disable some known Internet Explorer bug exploits.</PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+><P
+> <A
+NAME="FILTER-SITE-SPECIFICS"
+></A
+>
+ <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+>+filter{site-specifics} # Cure for site-specific problems. Don't apply generally!</PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+><P
+> <A
+NAME="FILTER-NO-PING"
+></A
+>
+ <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+>+filter{no-ping} # Removes non-standard ping attributes in <a> and <area> tags.</PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+><P
+> <A
+NAME="FILTER-GOOGLE"
+></A
+>
+ <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+>+filter{google} # CSS-based block for Google text ads. Also removes a width limitation and the toolbar advertisement.</PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+><P
+> <A
+NAME="FILTER-YAHOO"
+></A
+>
+ <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+>+filter{yahoo} # CSS-based block for Yahoo text ads. Also removes a width limitation.</PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+><P
+> <A
+NAME="FILTER-MSN"
+></A
+>
+ <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+>+filter{msn} # CSS-based block for MSN text ads. Also removes tracking URLs and a width limitation.</PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+><P
+> <A
+NAME="FILTER-BLOGSPOT"
+></A
+>
+ <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+>+filter{blogspot} # Cleans up some Blogspot blogs. Read the fine print before using this.</PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="SECT3"
+><H4
+CLASS="SECT3"
+><A
+NAME="FORCE-TEXT-MODE"
+>8.5.16. force-text-mode</A
+></H4
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>Typical use:</DT
+><DD
+><P
+>Force <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> to treat a document as if it was in some kind of <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>text</I
+></SPAN
+> format. </P
+></DD
+><DT
+>Effect:</DT
+><DD
+><P
+> Declares a document as text, even if the <SPAN
+CLASS="QUOTE"
+>"Content-Type:"</SPAN
+> isn't detected as such.
+ </P
+></DD
+><DT
+>Type:</DT
+><DD
+><P
+>Boolean.</P
+></DD
+><DT
+>Parameter:</DT
+><DD
+><P
+> N/A
+ </P
+></DD
+><DT
+>Notes:</DT
+><DD
+><P
+> As explained <TT
+CLASS="LITERAL"
+><A
+HREF="actions-file.html#FILTER"
+>above</A
+></TT
+>,
+ <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> tries to only filter files that are
+ in some kind of text format. The same restrictions apply to
+ <TT
+CLASS="LITERAL"
+><A
+HREF="actions-file.html#CONTENT-TYPE-OVERWRITE"
+>content-type-overwrite</A
+></TT
+>.
+ <TT
+CLASS="LITERAL"
+>force-text-mode</TT
+> declares a document as text,
+ without looking at the <SPAN
+CLASS="QUOTE"
+>"Content-Type:"</SPAN
+> first.
+ </P
+><DIV
+CLASS="WARNING"
+><P
+></P
+><TABLE
+CLASS="WARNING"
+BORDER="1"
+WIDTH="90%"
+><TR
+><TD
+ALIGN="CENTER"
+><B
+>Warning</B
+></TD
+></TR
+><TR
+><TD
+ALIGN="LEFT"
+><P
+> Think twice before activating this action. Filtering binary data
+ with regular expressions can cause file damage.
+ </P
+></TD
+></TR
+></TABLE
+></DIV
+></DD
+><DT
+>Example usage:</DT
+><DD
+><P
+> <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+>+force-text-mode
+ </PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="SECT3"
+><H4
+CLASS="SECT3"
+><A
+NAME="FORWARD-OVERRIDE"
+>8.5.17. forward-override</A
+></H4
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>Typical use:</DT
+><DD
+><P
+>Change the forwarding settings based on User-Agent or request origin</P
+></DD
+><DT
+>Effect:</DT
+><DD
+><P
+> Overrules the forward directives in the configuration file.
+ </P
+></DD
+><DT
+>Type:</DT
+><DD
+><P
+>Multi-value.</P
+></DD
+><DT
+>Parameter:</DT
+><DD
+><P
+></P
+><UL
+><LI
+><P
+><SPAN
+CLASS="QUOTE"
+>"forward ."</SPAN
+> to use a direct connection without any additional proxies.</P
+></LI
+><LI
+><P
+> <SPAN
+CLASS="QUOTE"
+>"forward 127.0.0.1:8123"</SPAN
+> to use the HTTP proxy listening at 127.0.0.1 port 8123.
+ </P
+></LI
+><LI
+><P
+> <SPAN
+CLASS="QUOTE"
+>"forward-socks4a 127.0.0.1:9050 ."</SPAN
+> to use the socks4a proxy listening at
+ 127.0.0.1 port 9050. Replace <SPAN
+CLASS="QUOTE"
+>"forward-socks4a"</SPAN
+> with <SPAN
+CLASS="QUOTE"
+>"forward-socks4"</SPAN
+>
+ to use a socks4 connection (with local DNS resolution) instead, use <SPAN
+CLASS="QUOTE"
+>"forward-socks5"</SPAN
+>
+ for socks5 connections (with remote DNS resolution).
+ </P
+></LI
+><LI
+><P
+> <SPAN
+CLASS="QUOTE"
+>"forward-socks4a 127.0.0.1:9050 proxy.example.org:8000"</SPAN
+> to use the socks4a proxy
+ listening at 127.0.0.1 port 9050 to reach the HTTP proxy listening at proxy.example.org port 8000.
+ Replace <SPAN
+CLASS="QUOTE"
+>"forward-socks4a"</SPAN
+> with <SPAN
+CLASS="QUOTE"
+>"forward-socks4"</SPAN
+> to use a socks4 connection
+ (with local DNS resolution) instead, use <SPAN
+CLASS="QUOTE"
+>"forward-socks5"</SPAN
+>
+ for socks5 connections (with remote DNS resolution).
+ </P
+></LI
+></UL
+></DD
+><DT
+>Notes:</DT
+><DD
+><P
+> This action takes parameters similar to the
+ <A
+HREF="config.html#FORWARDING"
+>forward</A
+> directives in the configuration
+ file, but without the URL pattern. It can be used as replacement, but normally it's only
+ used in cases where matching based on the request URL isn't sufficient.
+ </P
+><DIV
+CLASS="WARNING"
+><P
+></P
+><TABLE
+CLASS="WARNING"
+BORDER="1"
+WIDTH="90%"
+><TR
+><TD
+ALIGN="CENTER"
+><B
+>Warning</B
+></TD
+></TR
+><TR
+><TD
+ALIGN="LEFT"
+><P
+> Please read the description for the <A
+HREF="config.html#FORWARDING"
+>forward</A
+> directives before
+ using this action. Forwarding to the wrong people will reduce your privacy and increase the
+ chances of man-in-the-middle attacks.
+ </P
+><P
+> If the ports are missing or invalid, default values will be used. This might change
+ in the future and you shouldn't rely on it. Otherwise incorrect syntax causes Privoxy
+ to exit.
+ </P
+><P
+> Use the <A
+HREF="http://config.privoxy.org/show-url-info"
+TARGET="_top"
+>show-url-info CGI page</A
+>
+ to verify that your forward settings do what you thought the do.
+ </P
+></TD
+></TR
+></TABLE
+></DIV
+></DD
+><DT
+>Example usage:</DT
+><DD
+><P
+> <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+># Always use direct connections for requests previously tagged as
+# <SPAN
+CLASS="QUOTE"
+>"User-Agent: fetch libfetch/2.0"</SPAN
+> and make sure
+# resuming downloads continues to work.
+# This way you can continue to use Tor for your normal browsing,
+# without overloading the Tor network with your FreeBSD ports updates
+# or downloads of bigger files like ISOs.
+# Note that HTTP headers are easy to fake and therefore their
+# values are as (un)trustworthy as your clients and users.
+{+forward-override{forward .} \
+ -hide-if-modified-since \
+ -overwrite-last-modified \
+}
+TAG:^User-Agent: fetch libfetch/2\.0$
+ </PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="SECT3"
+><H4
+CLASS="SECT3"
+><A
+NAME="HANDLE-AS-EMPTY-DOCUMENT"
+>8.5.18. handle-as-empty-document</A
+></H4
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>Typical use:</DT
+><DD
+><P
+>Mark URLs that should be replaced by empty documents <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>if they get blocked</I
+></SPAN
+></P
+></DD
+><DT
+>Effect:</DT
+><DD
+><P
+> This action alone doesn't do anything noticeable. It just marks URLs.
+ If the <TT
+CLASS="LITERAL"
+><A
+HREF="actions-file.html#BLOCK"
+>block</A
+></TT
+> action <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>also applies</I
+></SPAN
+>,
+ the presence or absence of this mark decides whether an HTML <SPAN
+CLASS="QUOTE"
+>"BLOCKED"</SPAN
+>
+ page, or an empty document will be sent to the client as a substitute for the blocked content.
+ The <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>empty</I
+></SPAN
+> document isn't literally empty, but actually contains a single space.
+ </P
+></DD
+><DT
+>Type:</DT
+><DD
+><P
+>Boolean.</P
+></DD
+><DT
+>Parameter:</DT
+><DD
+><P
+> N/A
+ </P
+></DD
+><DT
+>Notes:</DT
+><DD
+><P
+> Some browsers complain about syntax errors if JavaScript documents
+ are blocked with <SPAN
+CLASS="APPLICATION"
+>Privoxy's</SPAN
+>
+ default HTML page; this option can be used to silence them.
+ And of course this action can also be used to eliminate the <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+>
+ BLOCKED message in frames.
+ </P
+><P
+> The content type for the empty document can be specified with
+ <TT
+CLASS="LITERAL"
+><A
+HREF="actions-file.html#CONTENT-TYPE-OVERWRITE"
+>content-type-overwrite{}</A
+></TT
+>,
+ but usually this isn't necessary.
+ </P
+></DD
+><DT
+>Example usage:</DT
+><DD
+><P
+> <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+># Block all documents on example.org that end with ".js",
+# but send an empty document instead of the usual HTML message.
+{+block{Blocked JavaScript} +handle-as-empty-document}
+example.org/.*\.js$
+ </PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="SECT3"
+><H4
+CLASS="SECT3"
+><A
+NAME="HANDLE-AS-IMAGE"
+>8.5.19. handle-as-image</A
+></H4
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>Typical use:</DT
+><DD
+><P
+>Mark URLs as belonging to images (so they'll be replaced by images <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>if they do get blocked</I
+></SPAN
+>, rather than HTML pages)</P
+></DD
+><DT
+>Effect:</DT
+><DD
+><P
+> This action alone doesn't do anything noticeable. It just marks URLs as images.
+ If the <TT
+CLASS="LITERAL"
+><A
+HREF="actions-file.html#BLOCK"
+>block</A
+></TT
+> action <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>also applies</I
+></SPAN
+>,
+ the presence or absence of this mark decides whether an HTML <SPAN
+CLASS="QUOTE"
+>"blocked"</SPAN
+>
+ page, or a replacement image (as determined by the <TT
+CLASS="LITERAL"
+><A
+HREF="actions-file.html#SET-IMAGE-BLOCKER"
+>set-image-blocker</A
+></TT
+> action) will be sent to the
+ client as a substitute for the blocked content.
+ </P
+></DD
+><DT
+>Type:</DT
+><DD
+><P
+>Boolean.</P
+></DD
+><DT
+>Parameter:</DT
+><DD
+><P
+> N/A
+ </P
+></DD
+><DT
+>Notes:</DT
+><DD
+><P
+> The below generic example section is actually part of <TT
+CLASS="FILENAME"
+>default.action</TT
+>.
+ It marks all URLs with well-known image file name extensions as images and should
+ be left intact.
+ </P
+><P
+> Users will probably only want to use the handle-as-image action in conjunction with
+ <TT
+CLASS="LITERAL"
+><A
+HREF="actions-file.html#BLOCK"
+>block</A
+></TT
+>, to block sources of banners, whose URLs don't
+ reflect the file type, like in the second example section.
+ </P
+><P
+> Note that you cannot treat HTML pages as images in most cases. For instance, (in-line) ad
+ frames require an HTML page to be sent, or they won't display properly.
+ Forcing <TT
+CLASS="LITERAL"
+>handle-as-image</TT
+> in this situation will not replace the
+ ad frame with an image, but lead to error messages.
+ </P
+></DD
+><DT
+>Example usage (sections):</DT
+><DD
+><P
+> <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+># Generic image extensions:
+#
+{+handle-as-image}
+/.*\.(gif|jpg|jpeg|png|bmp|ico)$
+
+# These don't look like images, but they're banners and should be
+# blocked as images:
+#
+{+block{Nasty banners.} +handle-as-image}
+nasty-banner-server.example.com/junk.cgi\?output=trash</PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="SECT3"
+><H4
+CLASS="SECT3"
+><A
+NAME="HIDE-ACCEPT-LANGUAGE"
+>8.5.20. hide-accept-language</A
+></H4
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>Typical use:</DT
+><DD
+><P
+>Pretend to use different language settings.</P
+></DD
+><DT
+>Effect:</DT
+><DD
+><P
+> Deletes or replaces the <SPAN
+CLASS="QUOTE"
+>"Accept-Language:"</SPAN
+> HTTP header in client requests.
+ </P
+></DD
+><DT
+>Type:</DT
+><DD
+><P
+>Parameterized.</P
+></DD
+><DT
+>Parameter:</DT
+><DD
+><P
+> Keyword: <SPAN
+CLASS="QUOTE"
+>"block"</SPAN
+>, or any user defined value.
+ </P
+></DD
+><DT
+>Notes:</DT
+><DD
+><P
+> Faking the browser's language settings can be useful to make a
+ foreign User-Agent set with
+ <TT
+CLASS="LITERAL"
+><A
+HREF="actions-file.html#HIDE-USER-AGENT"
+>hide-user-agent</A
+></TT
+>
+ more believable.
+ </P
+><P
+> However some sites with content in different languages check the
+ <SPAN
+CLASS="QUOTE"
+>"Accept-Language:"</SPAN
+> to decide which one to take by default.
+ Sometimes it isn't possible to later switch to another language without
+ changing the <SPAN
+CLASS="QUOTE"
+>"Accept-Language:"</SPAN
+> header first.
+ </P
+><P
+> Therefore it's a good idea to either only change the
+ <SPAN
+CLASS="QUOTE"
+>"Accept-Language:"</SPAN
+> header to languages you understand,
+ or to languages that aren't wide spread.
+ </P
+><P
+> Before setting the <SPAN
+CLASS="QUOTE"
+>"Accept-Language:"</SPAN
+> header
+ to a rare language, you should consider that it helps to
+ make your requests unique and thus easier to trace.
+ If you don't plan to change this header frequently,
+ you should stick to a common language.
+ </P
+></DD
+><DT
+>Example usage (section):</DT
+><DD
+><P
+> <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+># Pretend to use Canadian language settings.
+{+hide-accept-language{en-ca} \
++hide-user-agent{Mozilla/5.0 (X11; U; OpenBSD i386; en-CA; rv:1.8.0.4) Gecko/20060628 Firefox/1.5.0.4} \
+}
+/ </PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="SECT3"
+><H4
+CLASS="SECT3"
+><A
+NAME="HIDE-CONTENT-DISPOSITION"
+>8.5.21. hide-content-disposition</A
+></H4
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>Typical use:</DT
+><DD
+><P
+>Prevent download menus for content you prefer to view inside the browser.</P
+></DD
+><DT
+>Effect:</DT
+><DD
+><P
+> Deletes or replaces the <SPAN
+CLASS="QUOTE"
+>"Content-Disposition:"</SPAN
+> HTTP header set by some servers.
+ </P
+></DD
+><DT
+>Type:</DT
+><DD
+><P
+>Parameterized.</P
+></DD
+><DT
+>Parameter:</DT
+><DD
+><P
+> Keyword: <SPAN
+CLASS="QUOTE"
+>"block"</SPAN
+>, or any user defined value.
+ </P
+></DD
+><DT
+>Notes:</DT
+><DD
+><P
+> Some servers set the <SPAN
+CLASS="QUOTE"
+>"Content-Disposition:"</SPAN
+> HTTP header for
+ documents they assume you want to save locally before viewing them.
+ The <SPAN
+CLASS="QUOTE"
+>"Content-Disposition:"</SPAN
+> header contains the file name
+ the browser is supposed to use by default.
+ </P
+><P
+> In most browsers that understand this header, it makes it impossible to
+ <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>just view</I
+></SPAN
+> the document, without downloading it first,
+ even if it's just a simple text file or an image.
+ </P
+><P
+> Removing the <SPAN
+CLASS="QUOTE"
+>"Content-Disposition:"</SPAN
+> header helps
+ to prevent this annoyance, but some browsers additionally check the
+ <SPAN
+CLASS="QUOTE"
+>"Content-Type:"</SPAN
+> header, before they decide if they can
+ display a document without saving it first. In these cases, you have
+ to change this header as well, before the browser stops displaying
+ download menus.
+ </P
+><P
+> It is also possible to change the server's file name suggestion
+ to another one, but in most cases it isn't worth the time to set
+ it up.
+ </P
+><P
+> This action will probably be removed in the future,
+ use server-header filters instead.
+ </P
+></DD
+><DT
+>Example usage:</DT
+><DD
+><P
+> <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+># Disarm the download link in Sourceforge's patch tracker
+{ -filter \
+ +content-type-overwrite{text/plain}\
+ +hide-content-disposition{block} }
+ .sourceforge.net/tracker/download\.php</PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="SECT3"
+><H4
+CLASS="SECT3"
+><A
+NAME="HIDE-IF-MODIFIED-SINCE"
+>8.5.22. hide-if-modified-since</A
+></H4
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>Typical use:</DT
+><DD
+><P
+>Prevent yet another way to track the user's steps between sessions.</P
+></DD
+><DT
+>Effect:</DT
+><DD
+><P
+> Deletes the <SPAN
+CLASS="QUOTE"
+>"If-Modified-Since:"</SPAN
+> HTTP client header or modifies its value.
+ </P
+></DD
+><DT
+>Type:</DT
+><DD
+><P
+>Parameterized.</P
+></DD
+><DT
+>Parameter:</DT
+><DD
+><P
+> Keyword: <SPAN
+CLASS="QUOTE"
+>"block"</SPAN
+>, or a user defined value that specifies a range of hours.
+ </P
+></DD
+><DT
+>Notes:</DT
+><DD
+><P
+> Removing this header is useful for filter testing, where you want to force a real
+ reload instead of getting status code <SPAN
+CLASS="QUOTE"
+>"304"</SPAN
+>, which would cause the
+ browser to use a cached copy of the page.
+ </P
+><P
+> Instead of removing the header, <TT
+CLASS="LITERAL"
+>hide-if-modified-since</TT
+> can
+ also add or subtract a random amount of time to/from the header's value.
+ You specify a range of minutes where the random factor should be chosen from and
+ <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> does the rest. A negative value means
+ subtracting, a positive value adding.
+ </P
+><P
+> Randomizing the value of the <SPAN
+CLASS="QUOTE"
+>"If-Modified-Since:"</SPAN
+> makes
+ it less likely that the server can use the time as a cookie replacement,
+ but you will run into caching problems if the random range is too high.
+ </P
+><P
+> It is a good idea to only use a small negative value and let
+ <TT
+CLASS="LITERAL"
+><A
+HREF="actions-file.html#OVERWRITE-LAST-MODIFIED"
+>overwrite-last-modified</A
+></TT
+>
+ handle the greater changes.
+ </P
+><P
+> It is also recommended to use this action together with
+ <TT
+CLASS="LITERAL"
+><A
+HREF="actions-file.html#CRUNCH-IF-NONE-MATCH"
+>crunch-if-none-match</A
+></TT
+>,
+ otherwise it's more or less pointless.
+ </P
+></DD
+><DT
+>Example usage (section):</DT
+><DD
+><P
+> <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+># Let the browser revalidate but make tracking based on the time less likely.
+{+hide-if-modified-since{-60} \
+ +overwrite-last-modified{randomize} \
+ +crunch-if-none-match}
+/</PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="SECT3"
+><H4
+CLASS="SECT3"
+><A
+NAME="HIDE-FROM-HEADER"
+>8.5.23. hide-from-header</A
+></H4
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>Typical use:</DT
+><DD
+><P
+>Keep your (old and ill) browser from telling web servers your email address</P
+></DD
+><DT
+>Effect:</DT
+><DD
+><P
+> Deletes any existing <SPAN
+CLASS="QUOTE"
+>"From:"</SPAN
+> HTTP header, or replaces it with the
+ specified string.
+ </P
+></DD
+><DT
+>Type:</DT
+><DD
+><P
+>Parameterized.</P
+></DD
+><DT
+>Parameter:</DT
+><DD
+><P
+> Keyword: <SPAN
+CLASS="QUOTE"
+>"block"</SPAN
+>, or any user defined value.
+ </P
+></DD
+><DT
+>Notes:</DT
+><DD
+><P
+> The keyword <SPAN
+CLASS="QUOTE"
+>"block"</SPAN
+> will completely remove the header
+ (not to be confused with the <TT
+CLASS="LITERAL"
+><A
+HREF="actions-file.html#BLOCK"
+>block</A
+></TT
+>
+ action).
+ </P
+><P
+> Alternately, you can specify any value you prefer to be sent to the web
+ server. If you do, it is a matter of fairness not to use any address that
+ is actually used by a real person.
+ </P
+><P
+> This action is rarely needed, as modern web browsers don't send
+ <SPAN
+CLASS="QUOTE"
+>"From:"</SPAN
+> headers anymore.
+ </P
+></DD
+><DT
+>Example usage:</DT
+><DD
+><P
+> <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+>+hide-from-header{block}</PRE
+></TD
+></TR
+></TABLE
+> or
+ <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+>+hide-from-header{spam-me-senseless@sittingduck.example.com}</PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="SECT3"
+><H4
+CLASS="SECT3"
+><A
+NAME="HIDE-REFERRER"
+>8.5.24. hide-referrer</A
+></H4
+><A
+NAME="HIDE-REFERER"
+></A
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>Typical use:</DT
+><DD
+><P
+>Conceal which link you followed to get to a particular site</P
+></DD
+><DT
+>Effect:</DT
+><DD
+><P
+> Deletes the <SPAN
+CLASS="QUOTE"
+>"Referer:"</SPAN
+> (sic) HTTP header from the client request,
+ or replaces it with a forged one.
+ </P
+></DD
+><DT
+>Type:</DT
+><DD
+><P
+>Parameterized.</P
+></DD
+><DT
+>Parameter:</DT
+><DD
+><P
+></P
+><UL
+><LI
+><P
+><SPAN
+CLASS="QUOTE"
+>"conditional-block"</SPAN
+> to delete the header completely if the host has changed.</P
+></LI
+><LI
+><P
+><SPAN
+CLASS="QUOTE"
+>"conditional-forge"</SPAN
+> to forge the header if the host has changed.</P
+></LI
+><LI
+><P
+><SPAN
+CLASS="QUOTE"
+>"block"</SPAN
+> to delete the header unconditionally.</P
+></LI
+><LI
+><P
+><SPAN
+CLASS="QUOTE"
+>"forge"</SPAN
+> to pretend to be coming from the homepage of the server we are talking to.</P
+></LI
+><LI
+><P
+>Any other string to set a user defined referrer.</P
+></LI
+></UL
+></DD
+><DT
+>Notes:</DT
+><DD
+><P
+> <TT
+CLASS="LITERAL"
+>conditional-block</TT
+> is the only parameter,
+ that isn't easily detected in the server's log file. If it blocks the
+ referrer, the request will look like the visitor used a bookmark or
+ typed in the address directly.
+ </P
+><P
+> Leaving the referrer unmodified for requests on the same host
+ allows the server owner to see the visitor's <SPAN
+CLASS="QUOTE"
+>"click path"</SPAN
+>,
+ but in most cases she could also get that information by comparing
+ other parts of the log file: for example the User-Agent if it isn't
+ a very common one, or the user's IP address if it doesn't change between
+ different requests.
+ </P
+><P
+> Always blocking the referrer, or using a custom one, can lead to
+ failures on servers that check the referrer before they answer any
+ requests, in an attempt to prevent their content from being
+ embedded or linked to elsewhere.
+ </P
+><P
+> Both <TT
+CLASS="LITERAL"
+>conditional-block</TT
+> and <TT
+CLASS="LITERAL"
+>forge</TT
+>
+ will work with referrer checks, as long as content and valid referring page
+ are on the same host. Most of the time that's the case.
+ </P
+><P
+>
+ <TT
+CLASS="LITERAL"
+>hide-referer</TT
+> is an alternate spelling of
+ <TT
+CLASS="LITERAL"
+>hide-referrer</TT
+> and the two can be can be freely
+ substituted with each other. (<SPAN
+CLASS="QUOTE"
+>"referrer"</SPAN
+> is the
+ correct English spelling, however the HTTP specification has a bug - it
+ requires it to be spelled as <SPAN
+CLASS="QUOTE"
+>"referer"</SPAN
+>.)
+ </P
+></DD
+><DT
+>Example usage:</DT
+><DD
+><P
+> <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+>+hide-referrer{forge}</PRE
+></TD
+></TR
+></TABLE
+> or
+ <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+>+hide-referrer{http://www.yahoo.com/}</PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="SECT3"
+><H4
+CLASS="SECT3"
+><A
+NAME="HIDE-USER-AGENT"
+>8.5.25. hide-user-agent</A
+></H4
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>Typical use:</DT
+><DD
+><P
+>Try to conceal your type of browser and client operating system</P
+></DD
+><DT
+>Effect:</DT
+><DD
+><P
+> Replaces the value of the <SPAN
+CLASS="QUOTE"
+>"User-Agent:"</SPAN
+> HTTP header
+ in client requests with the specified value.
+ </P
+></DD
+><DT
+>Type:</DT
+><DD
+><P
+>Parameterized.</P
+></DD
+><DT
+>Parameter:</DT
+><DD
+><P
+> Any user-defined string.
+ </P
+></DD
+><DT
+>Notes:</DT
+><DD
+><DIV
+CLASS="WARNING"
+><P
+></P
+><TABLE
+CLASS="WARNING"
+BORDER="1"
+WIDTH="90%"
+><TR
+><TD
+ALIGN="CENTER"
+><B
+>Warning</B
+></TD
+></TR
+><TR
+><TD
+ALIGN="LEFT"
+><P
+> This can lead to problems on web sites that depend on looking at this header in
+ order to customize their content for different browsers (which, by the
+ way, is <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>NOT</I
+></SPAN
+> the right thing to do: good web sites
+ work browser-independently).
+ </P
+></TD
+></TR
+></TABLE
+></DIV
+><P
+> Using this action in multi-user setups or wherever different types of
+ browsers will access the same <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> is
+ <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>not recommended</I
+></SPAN
+>. In single-user, single-browser
+ setups, you might use it to delete your OS version information from
+ the headers, because it is an invitation to exploit known bugs for your
+ OS. It is also occasionally useful to forge this in order to access
+ sites that won't let you in otherwise (though there may be a good
+ reason in some cases). Example of this: some MSN sites will not
+ let <SPAN
+CLASS="APPLICATION"
+>Mozilla</SPAN
+> enter, yet forging to a
+ <SPAN
+CLASS="APPLICATION"
+>Netscape 6.1</SPAN
+> user-agent works just fine.
+ (Must be just a silly MS goof, I'm sure :-).
+ </P
+><P
+> More information on known user-agent strings can be found at
+ <A
+HREF="http://www.user-agents.org/"
+TARGET="_top"
+>http://www.user-agents.org/</A
+>
+ and
+ <A
+HREF="http://en.wikipedia.org/wiki/User_agent"
+TARGET="_top"
+>http://en.wikipedia.org/wiki/User_agent</A
+>.
+ </P
+></DD
+><DT
+>Example usage:</DT
+><DD
+><P
+> <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+>+hide-user-agent{Netscape 6.1 (X11; I; Linux 2.4.18 i686)}</PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="SECT3"
+><H4
+CLASS="SECT3"
+><A
+NAME="LIMIT-CONNECT"
+>8.5.26. limit-connect</A
+></H4
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>Typical use:</DT
+><DD
+><P
+>Prevent abuse of <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> as a TCP proxy relay or disable SSL for untrusted sites</P
+></DD
+><DT
+>Effect:</DT
+><DD
+><P
+> Specifies to which ports HTTP CONNECT requests are allowable.
+ </P
+></DD
+><DT
+>Type:</DT
+><DD
+><P
+>Parameterized.</P
+></DD
+><DT
+>Parameter:</DT
+><DD
+><P
+> A comma-separated list of ports or port ranges (the latter using dashes, with the minimum
+ defaulting to 0 and the maximum to 65K).
+ </P
+></DD
+><DT
+>Notes:</DT
+><DD
+><P
+> By default, i.e. if no <TT
+CLASS="LITERAL"
+>limit-connect</TT
+> action applies,
+ <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> allows HTTP CONNECT requests to all
+ ports. Use <TT
+CLASS="LITERAL"
+>limit-connect</TT
+> if fine-grained control
+ is desired for some or all destinations.
+ </P
+><P
+> The CONNECT methods exists in HTTP to allow access to secure websites
+ (<SPAN
+CLASS="QUOTE"
+>"https://"</SPAN
+> URLs) through proxies. It works very simply:
+ the proxy connects to the server on the specified port, and then
+ short-circuits its connections to the client and to the remote server.
+ This means CONNECT-enabled proxies can be used as TCP relays very easily.
+ </P
+><P
+> <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> relays HTTPS traffic without seeing
+ the decoded content. Websites can leverage this limitation to circumvent <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+>'s
+ filters. By specifying an invalid port range you can disable HTTPS entirely.
+ </P
+></DD
+><DT
+>Example usages:</DT
+><DD
+><P
+> <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+>+limit-connect{443} # Port 443 is OK.
++limit-connect{80,443} # Ports 80 and 443 are OK.
++limit-connect{-3, 7, 20-100, 500-} # Ports less than 3, 7, 20 to 100 and above 500 are OK.
++limit-connect{-} # All ports are OK
++limit-connect{,} # No HTTPS/SSL traffic is allowed</PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="SECT3"
+><H4
+CLASS="SECT3"
+><A
+NAME="PREVENT-COMPRESSION"
+>8.5.27. prevent-compression</A
+></H4
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>Typical use:</DT
+><DD
+><P
+> Ensure that servers send the content uncompressed, so it can be
+ passed through <TT
+CLASS="LITERAL"
+><A
+HREF="actions-file.html#FILTER"
+>filter</A
+></TT
+>s.
+ </P
+></DD
+><DT
+>Effect:</DT
+><DD
+><P
+> Removes the Accept-Encoding header which can be used to ask for compressed transfer.
+ </P
+></DD
+><DT
+>Type:</DT
+><DD
+><P
+>Boolean.</P
+></DD
+><DT
+>Parameter:</DT
+><DD
+><P
+> N/A
+ </P
+></DD
+><DT
+>Notes:</DT
+><DD
+><P
+> More and more websites send their content compressed by default, which
+ is generally a good idea and saves bandwidth. But the <TT
+CLASS="LITERAL"
+><A
+HREF="actions-file.html#FILTER"
+>filter</A
+></TT
+> and
+ <TT
+CLASS="LITERAL"
+><A
+HREF="actions-file.html#DEANIMATE-GIFS"
+>deanimate-gifs</A
+></TT
+>
+ actions need access to the uncompressed data.
+ </P
+><P
+> When compiled with zlib support (available since <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> 3.0.7), content that should be
+ filtered is decompressed on-the-fly and you don't have to worry about this action.
+ If you are using an older <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> version, or one that hasn't been compiled with zlib
+ support, this action can be used to convince the server to send the content uncompressed.
+ </P
+><P
+> Most text-based instances compress very well, the size is seldom decreased by less than 50%,
+ for markup-heavy instances like news feeds saving more than 90% of the original size isn't
+ unusual.
+ </P
+><P
+> Not using compression will therefore slow down the transfer, and you should only
+ enable this action if you really need it. As of <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> 3.0.7 it's disabled in all
+ predefined action settings.
+ </P
+><P
+> Note that some (rare) ill-configured sites don't handle requests for uncompressed
+ documents correctly. Broken PHP applications tend to send an empty document body,
+ some IIS versions only send the beginning of the content. If you enable
+ <TT
+CLASS="LITERAL"
+>prevent-compression</TT
+> per default, you might want to add
+ exceptions for those sites. See the example for how to do that.
+ </P
+></DD
+><DT
+>Example usage (sections):</DT
+><DD
+><P
+> <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+># Selectively turn off compression, and enable a filter
+#
+{ +filter{tiny-textforms} +prevent-compression }
+# Match only these sites
+ .google.
+ sourceforge.net
+ sf.net
+
+# Or instead, we could set a universal default:
+#
+{ +prevent-compression }
+ / # Match all sites
+
+# Then maybe make exceptions for broken sites:
+#
+{ -prevent-compression }
+.compusa.com/</PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="SECT3"
+><H4
+CLASS="SECT3"
+><A
+NAME="OVERWRITE-LAST-MODIFIED"
+>8.5.28. overwrite-last-modified</A
+></H4
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>Typical use:</DT
+><DD
+><P
+>Prevent yet another way to track the user's steps between sessions.</P
+></DD
+><DT
+>Effect:</DT
+><DD
+><P
+> Deletes the <SPAN
+CLASS="QUOTE"
+>"Last-Modified:"</SPAN
+> HTTP server header or modifies its value.
+ </P
+></DD
+><DT
+>Type:</DT
+><DD
+><P
+>Parameterized.</P
+></DD
+><DT
+>Parameter:</DT
+><DD
+><P
+> One of the keywords: <SPAN
+CLASS="QUOTE"
+>"block"</SPAN
+>, <SPAN
+CLASS="QUOTE"
+>"reset-to-request-time"</SPAN
+>
+ and <SPAN
+CLASS="QUOTE"
+>"randomize"</SPAN
+>
+ </P
+></DD
+><DT
+>Notes:</DT
+><DD
+><P
+> Removing the <SPAN
+CLASS="QUOTE"
+>"Last-Modified:"</SPAN
+> header is useful for filter
+ testing, where you want to force a real reload instead of getting status
+ code <SPAN
+CLASS="QUOTE"
+>"304"</SPAN
+>, which would cause the browser to reuse the old
+ version of the page.
+ </P
+><P
+> The <SPAN
+CLASS="QUOTE"
+>"randomize"</SPAN
+> option overwrites the value of the
+ <SPAN
+CLASS="QUOTE"
+>"Last-Modified:"</SPAN
+> header with a randomly chosen time
+ between the original value and the current time. In theory the server
+ could send each document with a different <SPAN
+CLASS="QUOTE"
+>"Last-Modified:"</SPAN
+>
+ header to track visits without using cookies. <SPAN
+CLASS="QUOTE"
+>"Randomize"</SPAN
+>
+ makes it impossible and the browser can still revalidate cached documents.
+ </P
+><P
+> <SPAN
+CLASS="QUOTE"
+>"reset-to-request-time"</SPAN
+> overwrites the value of the
+ <SPAN
+CLASS="QUOTE"
+>"Last-Modified:"</SPAN
+> header with the current time. You could use
+ this option together with
+ <TT
+CLASS="LITERAL"
+><A
+HREF="actions-file.html#HIDE-IF-MODIFIED-SINCE"
+>hide-if-modified-since</A
+></TT
+>
+ to further customize your random range.
+ </P
+><P
+> The preferred parameter here is <SPAN
+CLASS="QUOTE"
+>"randomize"</SPAN
+>. It is safe
+ to use, as long as the time settings are more or less correct.
+ If the server sets the <SPAN
+CLASS="QUOTE"
+>"Last-Modified:"</SPAN
+> header to the time
+ of the request, the random range becomes zero and the value stays the same.
+ Therefore you should later randomize it a second time with
+ <TT
+CLASS="LITERAL"
+><A
+HREF="actions-file.html#HIDE-IF-MODIFIED-SINCE"
+>hided-if-modified-since</A
+></TT
+>,
+ just to be sure.
+ </P
+><P
+> It is also recommended to use this action together with
+ <TT
+CLASS="LITERAL"
+><A
+HREF="actions-file.html#CRUNCH-IF-NONE-MATCH"
+>crunch-if-none-match</A
+></TT
+>.
+ </P
+></DD
+><DT
+>Example usage:</DT
+><DD
+><P
+> <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+># Let the browser revalidate without being tracked across sessions
+{ +hide-if-modified-since{-60} \
+ +overwrite-last-modified{randomize} \
+ +crunch-if-none-match}
+/</PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="SECT3"
+><H4
+CLASS="SECT3"
+><A
+NAME="REDIRECT"
+>8.5.29. redirect</A
+></H4
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>Typical use:</DT
+><DD
+><P
+> Redirect requests to other sites.
+ </P
+></DD
+><DT
+>Effect:</DT
+><DD
+><P
+> Convinces the browser that the requested document has been moved
+ to another location and the browser should get it from there.
+ </P
+></DD
+><DT
+>Type:</DT
+><DD
+><P
+>Parameterized</P
+></DD
+><DT
+>Parameter:</DT
+><DD
+><P
+> An absolute URL or a single pcrs command.
+ </P
+></DD
+><DT
+>Notes:</DT
+><DD
+><P
+> Requests to which this action applies are answered with a
+ HTTP redirect to URLs of your choosing. The new URL is
+ either provided as parameter, or derived by applying a
+ single pcrs command to the original URL.
+ </P
+><P
+> This action will be ignored if you use it together with
+ <TT
+CLASS="LITERAL"
+><A
+HREF="actions-file.html#BLOCK"
+>block</A
+></TT
+>.
+ It can be combined with
+ <TT
+CLASS="LITERAL"
+><A
+HREF="actions-file.html#FAST-REDIRECTS"
+>fast-redirects{check-decoded-url}</A
+></TT
+>
+ to redirect to a decoded version of a rewritten URL.
+ </P
+><P
+> Use this action carefully, make sure not to create redirection loops
+ and be aware that using your own redirects might make it
+ possible to fingerprint your requests.
+ </P
+><P
+> In case of problems with your redirects, or simply to watch
+ them working, enable <A
+HREF="config.html#DEBUG"
+>debug 128</A
+>.
+ </P
+></DD
+><DT
+>Example usages:</DT
+><DD
+><P
+> <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+># Replace example.com's style sheet with another one
+{ +redirect{http://localhost/css-replacements/example.com.css} }
+ example.com/stylesheet\.css
+
+# Create a short, easy to remember nickname for a favorite site
+# (relies on the browser accept and forward invalid URLs to <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+>)
+{ +redirect{http://www.privoxy.org/user-manual/actions-file.html} }
+ a
+
+# Always use the expanded view for Undeadly.org articles
+# (Note the $ at the end of the URL pattern to make sure
+# the request for the rewritten URL isn't redirected as well)
+{+redirect{s@$@&mode=expanded@}}
+undeadly.org/cgi\?action=article&sid=\d*$
+
+# Redirect Google search requests to MSN
+{+redirect{s@^http://[^/]*/search\?q=([^&]*).*@http://search.msn.com/results.aspx?q=$1@}}
+.google.com/search
+
+# Redirect MSN search requests to Yahoo
+{+redirect{s@^http://[^/]*/results\.aspx\?q=([^&]*).*@http://search.yahoo.com/search?p=$1@}}
+search.msn.com//results\.aspx\?q=
+
+# Redirect remote requests for this manual
+# to the local version delivered by Privoxy
+{+redirect{s@^http://www@http://config@}}
+www.privoxy.org/user-manual/</PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="SECT3"
+><H4
+CLASS="SECT3"
+><A
+NAME="SERVER-HEADER-FILTER"
+>8.5.30. server-header-filter</A
+></H4
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>Typical use:</DT
+><DD
+><P
+> Rewrite or remove single server headers.
+ </P
+></DD
+><DT
+>Effect:</DT
+><DD
+><P
+> All server headers to which this action applies are filtered on-the-fly
+ through the specified regular expression based substitutions.
+ </P
+></DD
+><DT
+>Type:</DT
+><DD
+><P
+>Parameterized.</P
+></DD
+><DT
+>Parameter:</DT
+><DD
+><P
+> The name of a server-header filter, as defined in one of the
+ <A
+HREF="filter-file.html"
+>filter files</A
+>.
+ </P
+></DD
+><DT
+>Notes:</DT
+><DD
+><P
+> Server-header filters are applied to each header on its own, not to
+ all at once. This makes it easier to diagnose problems, but on the downside
+ you can't write filters that only change header x if header y's value is z.
+ You can do that by using tags though.
+ </P
+><P
+> Server-header filters are executed after the other header actions have finished
+ and use their output as input.
+ </P
+><P
+> Please refer to the <A
+HREF="filter-file.html"
+>filter file chapter</A
+>
+ to learn which server-header filters are available by default, and how to
+ create your own.
+ </P
+></DD
+><DT
+>Example usage (section):</DT
+><DD
+><P
+> <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+>{+server-header-filter{html-to-xml}}
+example.org/xml-instance-that-is-delivered-as-html
+
+{+server-header-filter{xml-to-html}}
+example.org/instance-that-is-delivered-as-xml-but-is-not
+ </PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="SECT3"
+><H4
+CLASS="SECT3"
+><A
+NAME="SERVER-HEADER-TAGGER"
+>8.5.31. server-header-tagger</A
+></H4
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>Typical use:</DT
+><DD
+><P
+> Enable or disable filters based on the Content-Type header.
+ </P
+></DD
+><DT
+>Effect:</DT
+><DD
+><P
+> Server headers to which this action applies are filtered on-the-fly through
+ the specified regular expression based substitutions, the result is used as
+ tag.
+ </P
+></DD
+><DT
+>Type:</DT
+><DD
+><P
+>Parameterized.</P
+></DD
+><DT
+>Parameter:</DT
+><DD
+><P
+> The name of a server-header tagger, as defined in one of the
+ <A
+HREF="filter-file.html"
+>filter files</A
+>.
+ </P
+></DD
+><DT
+>Notes:</DT
+><DD
+><P
+> Server-header taggers are applied to each header on its own,
+ and as the header isn't modified, each tagger <SPAN
+CLASS="QUOTE"
+>"sees"</SPAN
+>
+ the original.
+ </P
+><P
+> Server-header taggers are executed before all other header actions
+ that modify server headers. Their tags can be used to control
+ all of the other server-header actions, the content filters
+ and the crunch actions (<A
+HREF="actions-file.html#REDIRECT"
+>redirect</A
+>
+ and <A
+HREF="actions-file.html#BLOCK"
+>block</A
+>).
+ </P
+><P
+> Obviously crunching based on tags created by server-header taggers
+ doesn't prevent the request from showing up in the server's log file.
+ </P
+></DD
+><DT
+>Example usage (section):</DT
+><DD
+><P
+> <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+># Tag every request with the content type declared by the server
+{+server-header-tagger{content-type}}
+/
+ </PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="SECT3"
+><H4
+CLASS="SECT3"
+><A
+NAME="SESSION-COOKIES-ONLY"
+>8.5.32. session-cookies-only</A
+></H4
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>Typical use:</DT
+><DD
+><P
+> Allow only temporary <SPAN
+CLASS="QUOTE"
+>"session"</SPAN
+> cookies (for the current
+ browser session <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>only</I
+></SPAN
+>).
+ </P
+></DD
+><DT
+>Effect:</DT
+><DD
+><P
+> Deletes the <SPAN
+CLASS="QUOTE"
+>"expires"</SPAN
+> field from <SPAN
+CLASS="QUOTE"
+>"Set-Cookie:"</SPAN
+>
+ server headers. Most browsers will not store such cookies permanently and
+ forget them in between sessions.
+ </P
+></DD
+><DT
+>Type:</DT
+><DD
+><P
+>Boolean.</P
+></DD
+><DT
+>Parameter:</DT
+><DD
+><P
+> N/A
+ </P
+></DD
+><DT
+>Notes:</DT
+><DD
+><P
+> This is less strict than <TT
+CLASS="LITERAL"
+><A
+HREF="actions-file.html#CRUNCH-INCOMING-COOKIES"
+>crunch-incoming-cookies</A
+></TT
+> /
+ <TT
+CLASS="LITERAL"
+><A
+HREF="actions-file.html#CRUNCH-OUTGOING-COOKIES"
+>crunch-outgoing-cookies</A
+></TT
+> and allows you to browse
+ websites that insist or rely on setting cookies, without compromising your privacy too badly.
+ </P
+><P
+> Most browsers will not permanently store cookies that have been processed by
+ <TT
+CLASS="LITERAL"
+>session-cookies-only</TT
+> and will forget about them between sessions.
+ This makes profiling cookies useless, but won't break sites which require cookies so
+ that you can log in for transactions. This is generally turned on for all
+ sites, and is the recommended setting.
+ </P
+><P
+> It makes <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>no sense at all</I
+></SPAN
+> to use <TT
+CLASS="LITERAL"
+>session-cookies-only</TT
+>
+ together with <TT
+CLASS="LITERAL"
+><A
+HREF="actions-file.html#CRUNCH-INCOMING-COOKIES"
+>crunch-incoming-cookies</A
+></TT
+> or
+ <TT
+CLASS="LITERAL"
+><A
+HREF="actions-file.html#CRUNCH-OUTGOING-COOKIES"
+>crunch-outgoing-cookies</A
+></TT
+>. If you do, cookies
+ will be plainly killed.
+ </P
+><P
+> Note that it is up to the browser how it handles such cookies without an <SPAN
+CLASS="QUOTE"
+>"expires"</SPAN
+>
+ field. If you use an exotic browser, you might want to try it out to be sure.
+ </P
+><P
+> This setting also has no effect on cookies that may have been stored
+ previously by the browser before starting <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+>.
+ These would have to be removed manually.
+ </P
+><P
+> <SPAN
+CLASS="APPLICATION"
+>Privoxy</SPAN
+> also uses
+ the <A
+HREF="actions-file.html#FILTER-CONTENT-COOKIES"
+>content-cookies filter</A
+>
+ to block some types of cookies. Content cookies are not effected by
+ <TT
+CLASS="LITERAL"
+>session-cookies-only</TT
+>.
+ </P
+></DD
+><DT
+>Example usage:</DT
+><DD
+><P
+> <TABLE
+BORDER="0"
+BGCOLOR="#E0E0E0"
+WIDTH="90%"
+><TR
+><TD
+><PRE
+CLASS="SCREEN"
+>+session-cookies-only</PRE
+></TD
+></TR
+></TABLE
+>
+ </P
+></DD
+></DL
+></DIV
+></DIV
+><DIV
+CLASS="SECT3"
+><H4
+CLASS="SECT3"
+><A
+NAME="SET-IMAGE-BLOCKER"
+>8.5.33. set-image-blocker</A
+></H4
+><P
+></P
+><DIV
+CLASS="VARIABLELIST"
+><DL
+><DT
+>Typical use:</DT
+><DD
+><P
+>Choose the replacement for blocked images</P
+></DD
+><DT
+>Effect:</DT
+><DD
+><P
+> This action alone doesn't do anything noticeable. If <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>both</I
+></SPAN
+>
+ <TT
+CLASS="LITERAL"
+><A
+HREF="actions-file.html#BLOCK"
+>block</A
+></TT
+> <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>and</I
+></SPAN
+> <TT
+CLASS="LITERAL"
+><A
+HREF="actions-file.html#HANDLE-AS-IMAGE"
+>handle-as-image</A
+></TT
+> <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>also</I
+></SPAN
+>
+ apply, i.e. if the request is to be blocked as an image,
+ <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>then</I
+></SPAN
+> the parameter of this action decides what will be
+ sent as a replacement.
+ </P
+></DD
+><DT
+>Type:</DT
+><DD
+><P
+>Parameterized.</P
+></DD
+><DT
+>Parameter:</DT
+><DD
+><P
+></P
+><UL
+><LI
+><P
+> <SPAN
projects / privoxy.git / blobdiff