[manual]

Requested resources have origin url (site's address) and target url.

Default origin is set to .* (all sites).

Please note, that there cannot be used semicolon in text tokens, because it works like line breaker and asterisk as first character of word (it translate variable name to its value). When this is needed, please use base64 version of value and b64d (base 64 decode) function in program (see example).

• request blocking - Firewall works by testing currently loading site's url (origin) against url-reg-exp given in command origin. If it matches, then ALL rules of given set will be tested one by one. Every rule can decide if target is allowed or blocked. At the end, final result of those iterations is used.

• header alteration - Header alteration rules are evaluated immediately.

/commands:

origin url-reg-exp - create new rule set for given url (regular expression form) disable - disable current rule set

block url-reg-exp - add blocking rule for target url (blacklist) allow url-reg-exp - whitelist all that matches

requestHeader Header-Name [value] - alter request header value for current origin responseHeader Header-Name [value] - alter response header value for current origin

(if value is omitted, header is discarded)

/example:

discard all X-Frame-Options headers on all loaded sites

responseHeader X-Frame-Options

block [anything].google(-analytics, etc.) on steam

origin steampowered block .google

semicolon usage

origin mozilla.org block .png; block .svg; block .css

using previous origin (mozilla.org)

allowing .css again

base64 for .css is XC5jc3M= ... in dev console: btoa('\.css')

b64d XC5jc3M= allow *