Options

Global Settings

  • Language – set the language of ScriptSafe
  • Settings View – list or group the various settings according to section

General Settings

  • Enable – control whether nor not ScriptSafe is enabled or disabled (default: enabled)
  • Enable Syncing – control whether or not your settings/lists are synced across your devices (default: disabled)
    • Sync Settings FROM Google Account – force a download of ScriptSafe settings
    • Sync Settings TO Google Account – force syncing of your settings to your other devices
  • Default Mode – if a domain is neither whitelisted/blacklisted, this setting will tell ScriptSafe how to handle it (default: Block)
  • Disable and Remove – <SCRIPT>, <OBJECT>, <EMBED>, <IFRAME>, <FRAME>, <APPLET>, <AUDIO>, <VIDEO>, <NOSCRIPT>, <IMG>
  • XML HTTP Request Handling(advanced users) control which XML requests are listed in the panel for whitelisting/blacklisting (default: Control Cross-Domain Requests (allow Same-Domain))
    • Options:
      • Disable
      • Control Cross-Domain Requests (allow Same-Domain)
      • Control All Requests
  • Show Sync Notification – control if a notification is shown when settings synced to your Google Account (default: enabled)
  • Show Import Sync Notification – control if a notification is shown when settings synced from your Google Account (default: enabled)
  • Show Update Notification – control if an update notification is shown when an update for ScriptSafe is available (default: enabled)
  • Show Changelog on Update – control if an update changelog is opened when ScriptSafe is updated (default: enabled)
  • Show in Context Menu – show ScriptSafe options in the context (right-click) menu
  • Hotkeys – configure the ScriptSafe hotkeys:
    • Temporarily allow/block all resources for a current tab (default: CTRL+SHIFT+S)
    • Remove temporary permissions for a current tab (default: CTRL+SHIFT+R)
    • Remove all temporary permissions (default: CTRL+SHIFT+Q)

Fingerprint Protection

  • Block Browser Plugin Enumeration – prevent sites from reading your browser plugin details (default: disabled)
  • Canvas Fingerprint Protection – protect against fingerprinting attempts through <canvas> elements (default: disabled)
    • Options:
      • Disabled
      • Blank Readout (serve an empty canvas with the original dimensions)
      • Random Readout (serve an empty canvas with random dimensions)
      • Completely Block Readout (refuse to serve any data)
  • Block Audio Fingerprinting – prevent fingerprinting via the AudioContext API (default: disabled)
  • Block WebGL Fingerprinting – prevent fingerprinting via the WebGL API (default: disabled)
  • Block Battery Fingerprinting – prevent fingerprinting via the Battery API (default: disabled)
  • Block Device Enumeration – prevent having hardware devices detected via the WebRTC API (default: disabled)
  • Block Gamepad Enumeration – prevent having hardware devices detected via the Gamepad API (default: disabled)
  • Block WebVR Enumeration – prevent having hardware devices detected via the WebVR API (default: disabled)
  • Block Bluetooth Enumeration – prevent having devices detected via the Bluetooth API (default: disabled)
  • Block Canvas Font Access – prevent system fonts from being enumerated through <canvas> elements. May interfere with Google Docs. (default: disabled)
  • Block Client Rectangles – prevent fingerprinting through calculating element rectangles. May interfere with some dropdowns. (default: disabled)
  • Prevent Clipboard Interference – prevent pages from interfering with clipboard actions. (default: disabled)
  • Reduce Keyboard Fingerprinting (for advanced users) – make keypress timings more random to increase anonymity (note: adds a random delay between keypresses)) (default: disabled)

Privacy Settings

  • Paranoia Mode – if enabled, whitelisted domains on unlisted tabs will be blocked (default: disabled)
  • Block Unwanted Content – if enabled, domains are checked against a list of ad / malware domains and blocked; domains gathered from MVPS HOSTS, hpHOSTS (ad / tracking servers), Peter Lowe’s HOSTS Project, MalwareDomainList.com (default: enabled)
  • Block Unwanted Cookies – wipe out cookies from unwanted content providers (referred to above) (default: enabled)
  • Unwanted Content Mode – control how strict you want unwanted content blocking to be (default: Relaxed)
    • Options:
      • Relaxed – whitelisted domains in the unwanted domain list will not be blocked
      • Strict – domains in the unwanted domain list will be blocked even if whitelisted
  • Antisocial Mode – remove/block social widgets and plugins, even if whitelisted (default: disabled)
  • WebRTC Protection – prevent IP address leakage (default: Protect Local IP)
    • Options:
      • Disabled
      • Protect Local IP
      • Protect Local and Public IPs
  • Remove Webbugs – remove “invisible” third-party elements (default: enabled)
  • Remove Google Analytics (UTM) Tracking – remove Google Analytics (UTM) tracking tokens (default: disabled)
  • Remove Possible Hash Tracking – remove possible tracking tokens passed using hash, where there is an attribute and value (e.g. #xtor=RSS-1) (default: disabled)
  • Block Click-Through Referrer – blocks referrer information when clicking on external links (default: enabled)
    • Options:
      • Disabled
      • Only on Unwhitelisted Domains – only applies to pages on unwhitelisted domains
      • On All Domains – applies to third-party links on every domain, even if whitelisted
  • Spoof Timezone – spoof or randomize your timezone. NOTE: if enabled, it may interfere with replying to emails in Gmail. (default: disabled)
  • User-Agent Spoof – spoofs your user-agent (browser and OS) (default: Off)
    • Randomize Options (only available with User-Agent Spoof is set to “Custom”) (default: Off):
      • Off – only the first user agent string is used
      • Every x Minutes – a random user agent string is used every x minutes (default: 5 minutes)
      • Every Request – a random user agent string is used on every request
  • Referrer Spoof – spoofs where you came from (default: Off)
    • Options:
      • Off
      • Same Document – if visiting http://www.example.com/page.html => referrer will be http://www.example.com/page.html
      • Same Domain – if visiting http://www.example.com/page.html => referrer will be http://www.example.com/
      • Custom – set a custom value to be the referrer for all page visits

Behavior Settings

  • Page Link Opening Behaviour – modifies how all links are opened (default: -Unchanged-)
  • Respect Same-Domain – allow same-domain elements to load (default: disabled)
    • Options:
      • Disabled
      • Strict – allow same domain only
      • Loose – allow same domain and subdomains
  • Auto-Refresh Page – auto-refresh page after list change (default: enabled)
  • Show Rating Button – adds rating button under domains in tab popup (default: enabled)
  • Classic Options Mode – if enabled, the ScriptSafe panel closes everytime an option is clicked (default: disabled)
  • Prevent Clipboard Interference – prevent pages from interfering with clipboard actions (default: disabled)
  • Sort by Domain – sorts URL lists throughout ScriptSafe (in the Options page and in the Panel) by domains (default: enabled)

Whitelist / Blacklist

  • You are able to add domains/expressions in this section
  • You also have the options to clear lists and/or bulk import a line-separated list of domains
  • More info on domain lists here.

Import / Export Settings + Lists

  • If you want to keep a backup of your settings and lists, you can copy the “Export” contents into a text file
  • Simply copy the contents and paste them into the “Import” box and click on Import
  • You are also able to restore the default ScriptSafe settings by clicking on the two buttons:
    • Restore Default Settings: restore the default settings ScriptSafe is installed with AND keep all lists (e.g. whitelist, blacklist, fingerprint protection whitelists, custom browser user agent strings)
    • Restore Default Settings + Clear All Lists: restore the default settings ScriptSafe is installed with AND clear out all lists (e.g. whitelist, blacklist, fingerprint protection whitelists, custom browser user agent strings)