Global Settings
- Language – set the language of ScriptSafe
- Settings View – list or group the various settings according to section
General Settings
- Enable – control whether nor not ScriptSafe is enabled or disabled (default: enabled)
- Enable Syncing – control whether or not your settings/lists are synced across your devices (default: disabled)
- Sync Settings FROM Google Account – force a download of ScriptSafe settings
- Sync Settings TO Google Account – force syncing of your settings to your other devices
- Default Mode – if a domain is neither whitelisted/blacklisted, this setting will tell ScriptSafe how to handle it (default: Block)
- Disable and Remove – <SCRIPT>, <OBJECT>, <EMBED>, <IFRAME>, <FRAME>, <APPLET>, <AUDIO>, <VIDEO>, <NOSCRIPT>, <IMG>
- XML HTTP Request Handling – (advanced users) control which XML requests are listed in the panel for whitelisting/blacklisting (default: Control Cross-Domain Requests (allow Same-Domain))
- Options:
- Disable
- Control Cross-Domain Requests (allow Same-Domain)
- Control All Requests
- Show Sync Notification – control if a notification is shown when settings synced to your Google Account (default: enabled)
- Show Import Sync Notification – control if a notification is shown when settings synced from your Google Account (default: enabled)
- Show Update Notification – control if an update notification is shown when an update for ScriptSafe is available (default: enabled)
- Show Changelog on Update – control if an update changelog is opened when ScriptSafe is updated (default: enabled)
- Show in Context Menu – show ScriptSafe options in the context (right-click) menu
- Hotkeys – configure the ScriptSafe hotkeys:
- Temporarily allow/block all resources for a current tab (default: CTRL+SHIFT+S)
- Remove temporary permissions for a current tab (default: CTRL+SHIFT+R)
- Remove all temporary permissions (default: CTRL+SHIFT+Q)
Fingerprint Protection
- Block Browser Plugin Enumeration – prevent sites from reading your browser plugin details (default: disabled)
- Canvas Fingerprint Protection – protect against fingerprinting attempts through <canvas> elements (default: disabled)
- Options:
- Disabled
- Blank Readout (serve an empty canvas with the original dimensions)
- Random Readout (serve an empty canvas with random dimensions)
- Completely Block Readout (refuse to serve any data)
- Block Audio Fingerprinting – prevent fingerprinting via the AudioContext API (default: disabled)
- Block WebGL Fingerprinting – prevent fingerprinting via the WebGL API (default: disabled)
- Block Battery Fingerprinting – prevent fingerprinting via the Battery API (default: disabled)
- Block Device Enumeration – prevent having hardware devices detected via the WebRTC API (default: disabled)
- Block Gamepad Enumeration – prevent having hardware devices detected via the Gamepad API (default: disabled)
- Block WebVR Enumeration – prevent having hardware devices detected via the WebVR API (default: disabled)
- Block Bluetooth Enumeration – prevent having devices detected via the Bluetooth API (default: disabled)
- Block Canvas Font Access – prevent system fonts from being enumerated through <canvas> elements. May interfere with Google Docs. (default: disabled)
- Block Client Rectangles – prevent fingerprinting through calculating element rectangles. May interfere with some dropdowns. (default: disabled)
- Prevent Clipboard Interference – prevent pages from interfering with clipboard actions. (default: disabled)
- Reduce Keyboard Fingerprinting (for advanced users) – make keypress timings more random to increase anonymity (note: adds a random delay between keypresses)) (default: disabled)
Privacy Settings
- Paranoia Mode – if enabled, whitelisted domains on unlisted tabs will be blocked (default: disabled)
- Block Unwanted Content – if enabled, domains are checked against a list of ad / malware domains and blocked; domains gathered from MVPS HOSTS, hpHOSTS (ad / tracking servers), Peter Lowe’s HOSTS Project, MalwareDomainList.com (default: enabled)
- Block Unwanted Cookies – wipe out cookies from unwanted content providers (referred to above) (default: enabled)
- Unwanted Content Mode – control how strict you want unwanted content blocking to be (default: Relaxed)
- Options:
- Relaxed – whitelisted domains in the unwanted domain list will not be blocked
- Strict – domains in the unwanted domain list will be blocked even if whitelisted
- Antisocial Mode – remove/block social widgets and plugins, even if whitelisted (default: disabled)
- WebRTC Protection – prevent IP address leakage (default: Protect Local IP)
- Options:
- Disabled
- Protect Local IP
- Protect Local and Public IPs
- Remove Webbugs – remove “invisible” third-party elements (default: enabled)
- Remove Google Analytics (UTM) Tracking – remove Google Analytics (UTM) tracking tokens (default: disabled)
- Remove Possible Hash Tracking – remove possible tracking tokens passed using hash, where there is an attribute and value (e.g. #xtor=RSS-1) (default: disabled)
- Block Click-Through Referrer – blocks referrer information when clicking on external links (default: enabled)
- Options:
- Disabled
- Only on Unwhitelisted Domains – only applies to pages on unwhitelisted domains
- On All Domains – applies to third-party links on every domain, even if whitelisted
- Spoof Timezone – spoof or randomize your timezone. NOTE: if enabled, it may interfere with replying to emails in Gmail. (default: disabled)
- User-Agent Spoof – spoofs your user-agent (browser and OS) (default: Off)
- Randomize Options (only available with User-Agent Spoof is set to “Custom”) (default: Off):
- Off – only the first user agent string is used
- Every x Minutes – a random user agent string is used every x minutes (default: 5 minutes)
- Every Request – a random user agent string is used on every request
- Referrer Spoof – spoofs where you came from (default: Off)
- Options:
- Off
- Same Document – if visiting http://www.example.com/page.html => referrer will be http://www.example.com/page.html
- Same Domain – if visiting http://www.example.com/page.html => referrer will be http://www.example.com/
- Custom – set a custom value to be the referrer for all page visits
Behavior Settings
- Page Link Opening Behaviour – modifies how all links are opened (default: -Unchanged-)
- Respect Same-Domain – allow same-domain elements to load (default: disabled)
- Options:
- Disabled
- Strict – allow same domain only
- Loose – allow same domain and subdomains
- Auto-Refresh Page – auto-refresh page after list change (default: enabled)
- Show Rating Button – adds rating button under domains in tab popup (default: enabled)
- Classic Options Mode – if enabled, the ScriptSafe panel closes everytime an option is clicked (default: disabled)
- Prevent Clipboard Interference – prevent pages from interfering with clipboard actions (default: disabled)
- Sort by Domain – sorts URL lists throughout ScriptSafe (in the Options page and in the Panel) by domains (default: enabled)
Whitelist / Blacklist
- You are able to add domains/expressions in this section
- You also have the options to clear lists and/or bulk import a line-separated list of domains
- More info on domain lists here.
Import / Export Settings + Lists
- If you want to keep a backup of your settings and lists, you can copy the “Export” contents into a text file
- Simply copy the contents and paste them into the “Import” box and click on Import
- You are also able to restore the default ScriptSafe settings by clicking on the two buttons:
- Restore Default Settings: restore the default settings ScriptSafe is installed with AND keep all lists (e.g. whitelist, blacklist, fingerprint protection whitelists, custom browser user agent strings)
- Restore Default Settings + Clear All Lists: restore the default settings ScriptSafe is installed with AND clear out all lists (e.g. whitelist, blacklist, fingerprint protection whitelists, custom browser user agent strings)