Options

Global Settings

• Language – set the language of ScriptSafe
• Settings View – list or group the various settings according to section

General Settings

• Enable – control whether nor not ScriptSafe is enabled or disabled (default: enabled)
• Enable Syncing – control whether or not your settings/lists are synced across your devices (default: disabled)
  • Sync Settings FROM Google Account – force a download of ScriptSafe settings
  • Sync Settings TO Google Account – force syncing of your settings to your other devices
• Default Mode – if a domain is neither whitelisted/blacklisted, this setting will tell ScriptSafe how to handle it (default: Block)
• Disable and Remove – <SCRIPT>, <OBJECT>, <EMBED>, <IFRAME>, <FRAME>, <APPLET>, <AUDIO>, <VIDEO>, <NOSCRIPT>, <IMG>
• XML HTTP Request Handling – (advanced users) control which XML requests are listed in the panel for whitelisting/blacklisting (default: Control Cross-Domain Requests (allow Same-Domain))
  • Options:
    • Disable
    • Control Cross-Domain Requests (allow Same-Domain)
    • Control All Requests
• Show Sync Notification – control if a notification is shown when settings synced to your Google Account (default: enabled)
• Show Import Sync Notification – control if a notification is shown when settings synced from your Google Account (default: enabled)
• Show Update Notification – control if an update notification is shown when an update for ScriptSafe is available (default: enabled)
• Show Changelog on Update – control if an update changelog is opened when ScriptSafe is updated (default: enabled)
• Show in Context Menu – show ScriptSafe options in the context (right-click) menu
• Hotkeys – configure the ScriptSafe hotkeys:
  • Temporarily allow/block all resources for a current tab (default: CTRL+SHIFT+S)
  • Remove temporary permissions for a current tab (default: CTRL+SHIFT+R)
  • Remove all temporary permissions (default: CTRL+SHIFT+Q)

Fingerprint Protection

• Block Browser Plugin Enumeration – prevent sites from reading your browser plugin details (default: disabled)
• Canvas Fingerprint Protection – protect against fingerprinting attempts through <canvas> elements (default: disabled)
  • Options:
    • Disabled
    • Blank Readout (serve an empty canvas with the original dimensions)
    • Random Readout (serve an empty canvas with random dimensions)
    • Completely Block Readout (refuse to serve any data)
• Block Audio Fingerprinting – prevent fingerprinting via the AudioContext API (default: disabled)
• Block WebGL Fingerprinting – prevent fingerprinting via the WebGL API (default: disabled)
• Block Battery Fingerprinting – prevent fingerprinting via the Battery API (default: disabled)
• Block Device Enumeration – prevent having hardware devices detected via the WebRTC API (default: disabled)
• Block Gamepad Enumeration – prevent having hardware devices detected via the Gamepad API (default: disabled)
• Block WebVR Enumeration – prevent having hardware devices detected via the WebVR API (default: disabled)
• Block Bluetooth Enumeration – prevent having devices detected via the Bluetooth API (default: disabled)
• Block Canvas Font Access – prevent system fonts from being enumerated through <canvas> elements. May interfere with Google Docs. (default: disabled)
• Block Client Rectangles – prevent fingerprinting through calculating element rectangles. May interfere with some dropdowns. (default: disabled)
• Prevent Clipboard Interference – prevent pages from interfering with clipboard actions. (default: disabled)
• Reduce Keyboard Fingerprinting (for advanced users) – make keypress timings more random to increase anonymity (note: adds a random delay between keypresses)) (default: disabled)

Privacy Settings

• Paranoia Mode – if enabled, whitelisted domains on unlisted tabs will be blocked (default: disabled)
• Block Unwanted Content – if enabled, domains are checked against a list of ad / malware domains and blocked; domains gathered from MVPS HOSTS, hpHOSTS (ad / tracking servers), Peter Lowe’s HOSTS Project, MalwareDomainList.com (default: enabled)
• Block Unwanted Cookies – wipe out cookies from unwanted content providers (referred to above) (default: enabled)
• Unwanted Content Mode – control how strict you want unwanted content blocking to be (default: Relaxed)
  • Options:
    • Relaxed – whitelisted domains in the unwanted domain list will not be blocked
    • Strict – domains in the unwanted domain list will be blocked even if whitelisted
• Antisocial Mode – remove/block social widgets and plugins, even if whitelisted (default: disabled)
• WebRTC Protection – prevent IP address leakage (default: Protect Local IP)
  • Options:
    • Disabled
    • Protect Local IP
    • Protect Local and Public IPs
• Remove Webbugs – remove “invisible” third-party elements (default: enabled)
• Remove Google Analytics (UTM) Tracking – remove Google Analytics (UTM) tracking tokens (default: disabled)
• Remove Possible Hash Tracking – remove possible tracking tokens passed using hash, where there is an attribute and value (e.g. #xtor=RSS-1) (default: disabled)
• Block Click-Through Referrer – blocks referrer information when clicking on external links (default: enabled)
  • Options:
    • Disabled
    • Only on Unwhitelisted Domains – only applies to pages on unwhitelisted domains
    • On All Domains – applies to third-party links on every domain, even if whitelisted
• Spoof Timezone – spoof or randomize your timezone. NOTE: if enabled, it may interfere with replying to emails in Gmail. (default: disabled)
• User-Agent Spoof – spoofs your user-agent (browser and OS) (default: Off)
  • Randomize Options (only available with User-Agent Spoof is set to “Custom”) (default: Off):
    • Off – only the first user agent string is used
    • Every x Minutes – a random user agent string is used every x minutes (default: 5 minutes)
    • Every Request – a random user agent string is used on every request
• Referrer Spoof – spoofs where you came from (default: Off)
  • Options:
    • Off
    • Same Document – if visiting http://www.example.com/page.html => referrer will be http://www.example.com/page.html
    • Same Domain – if visiting http://www.example.com/page.html => referrer will be http://www.example.com/
    • Custom – set a custom value to be the referrer for all page visits

Behavior Settings

• Page Link Opening Behaviour – modifies how all links are opened (default: -Unchanged-)
• Respect Same-Domain – allow same-domain elements to load (default: disabled)
  • Options:
    • Disabled
    • Strict – allow same domain only
    • Loose – allow same domain and subdomains
• Auto-Refresh Page – auto-refresh page after list change (default: enabled)
• Show Rating Button – adds rating button under domains in tab popup (default: enabled)
• Classic Options Mode – if enabled, the ScriptSafe panel closes everytime an option is clicked (default: disabled)
• Prevent Clipboard Interference – prevent pages from interfering with clipboard actions (default: disabled)
• Sort by Domain – sorts URL lists throughout ScriptSafe (in the Options page and in the Panel) by domains (default: enabled)

Whitelist / Blacklist

• You are able to add domains/expressions in this section
• You also have the options to clear lists and/or bulk import a line-separated list of domains
• More info on domain lists here.

Import / Export Settings + Lists

• If you want to keep a backup of your settings and lists, you can copy the “Export” contents into a text file
• Simply copy the contents and paste them into the “Import” box and click on Import
• You are also able to restore the default ScriptSafe settings by clicking on the two buttons:
  • Restore Default Settings: restore the default settings ScriptSafe is installed with AND keep all lists (e.g. whitelist, blacklist, fingerprint protection whitelists, custom browser user agent strings)
  • Restore Default Settings + Clear All Lists: restore the default settings ScriptSafe is installed with AND clear out all lists (e.g. whitelist, blacklist, fingerprint protection whitelists, custom browser user agent strings)