Privoxy 4.1.0 User Manual
PrevNext

8. Actions Files

The actions files are used to define what actions Privoxy takes for which URLs, and thus determines how ad images, cookies and various other aspects of HTTP content and transactions are handled, and on which sites (or even parts thereof). There are a number of such actions, with a wide range of functionality. Each action does something a little different. These actions give us a veritable arsenal of tools with which to exert our control, preferences and independence. Actions can be combined so that their effects are aggregated when applied against a given set of URLs.

There are three action files included with Privoxy with differing purposes:

The list of actions files to be used are defined in the main configuration file, and are processed in the order they are defined (e.g. default.action is typically processed before user.action). The content of these can all be viewed and edited from http://config.privoxy.org/show-status. The over-riding principle when applying actions, is that the last action that matches a given URL wins. The broadest, most general rules go first (defined in default.action), followed by any exceptions (typically also in default.action), which are then followed lastly by any local preferences (typically in user.action). Generally, user.action has the last word.

An actions file typically has multiple sections. If you want to use "aliases" in an actions file, you have to place the (optional) alias section at the top of that file. Then comes the default set of rules which will apply universally to all sites and pages (be very careful with using such a universal set in user.action or any other actions file after default.action, because it will override the result from consulting any previous file). And then below that, exceptions to the defined universal policies. You can regard user.action as an appendix to default.action, with the advantage that it is a separate file, which makes preserving your personal settings across Privoxy upgrades easier.

Actions can be used to block anything you want, including ads, banners, or just some obnoxious URL whose content you would rather not see. Cookies can be accepted or rejected, or accepted only during the current browser session (i.e. not written to disk), content can be modified, some JavaScripts tamed, user-tracking fooled, and much more. See below for a complete list of actions.

8.1. Finding the Right Mix

Note that some actions, like cookie suppression or script disabling, may render some sites unusable that rely on these techniques to work properly. Finding the right mix of actions is not always easy and certainly a matter of personal taste. And, things can always change, requiring refinements in the configuration. In general, it can be said that the more "aggressive" your default settings (in the top section of the actions file) are, the more exceptions for "trusted" sites you will have to make later. If, for example, you want to crunch all cookies per default, you'll have to make exceptions from that rule for sites that you regularly use and that require cookies for actually useful purposes, like maybe your bank, favorite shop, or newspaper.

We have tried to provide you with reasonable rules to start from in the distribution actions files. But there is no general rule of thumb on these things. There just are too many variables, and sites are constantly changing. Sooner or later you will want to change the rules (and read this chapter again :).

8.2. How to Edit

The easiest way to edit the actions files is with a browser by using our browser-based editor, which can be reached from http://config.privoxy.org/show-status. Note: the config file option enable-edit-actions must be enabled for this to work. The editor allows both fine-grained control over every single feature on a per-URL basis, and easy choosing from wholesale sets of defaults like "Cautious", "Medium" or "Advanced". Warning: the "Advanced" setting is more aggressive, and will be more likely to cause problems for some sites. Experienced users only!

If you prefer plain text editing to GUIs, you can of course also directly edit the the actions files with your favorite text editor. Look at default.action which is richly commented with many good examples.

8.3. How Actions are Applied to Requests

Actions files are divided into sections. There are special sections, like the "alias" sections which will be discussed later. For now let's concentrate on regular sections: They have a heading line (often split up to multiple lines for readability) which consist of a list of actions, separated by whitespace and enclosed in curly braces. Below that, there is a list of URL and tag patterns, each on a separate line.

To determine which actions apply to a request, the URL of the request is compared to all URL patterns in each "action file". Every time it matches, the list of applicable actions for the request is incrementally updated, using the heading of the section in which the pattern is located. The same is done again for tags and tag patterns later on.

If multiple applying sections set the same action differently, the last match wins. If not, the effects are aggregated. E.g. a URL might match a regular section with a heading line of { +handle-as-image }, then later another one with just { +block }, resulting in both actions to apply. And there may well be cases where you will want to combine actions together. Such a section then might look like:

  { +handle-as-image  +block{Banner ads.} }
  # Block these as if they were images. Send no block page.
  banners.example.com
  media.example.com/.*banners
  .example.com/images/ads/

You can trace this process for URL patterns and any given URL by visiting http://config.privoxy.org/show-url-info.

Examples and more detail on this is provided in the Appendix, Troubleshooting: Anatomy of an Action section.

8.4. Patterns

As mentioned, Privoxy uses "patterns" to determine what actions might apply to which sites and pages your browser attempts to access. These "patterns" use wild card type pattern matching to achieve a high degree of flexibility. This allows one expression to be expanded and potentially match against many similar patterns.

Generally, an URL pattern has the form <host><port>/<path>, where the <host>, the <port> and the <path> are optional. (This is why the special / pattern matches all URLs). Note that the protocol portion of the URL pattern (e.g. http://) should not be included in the pattern. This is assumed already!

The pattern matching syntax is different for the host and path parts of the URL. The host part uses a simple globbing type matching technique, while the path part uses more flexible "Regular Expressions" (POSIX 1003.2).

The port part of a pattern is a decimal port number preceded by a colon (:). If the host part contains a numerical IPv6 address, it has to be put into angle brackets (<, >).

www.example.com/

is a host-only pattern and will match any request to www.example.com, regardless of which document on that server is requested. So ALL pages in this domain would be covered by the scope of this action. Note that a simple example.com is different and would NOT match.

www.example.com

means exactly the same. For host-only patterns, the trailing / may be omitted.

www.example.com/index.html

matches all the documents on www.example.com whose name starts with /index.html.

www.example.com/index.html$

matches only the single document /index.html on www.example.com.

/index.html$

matches the document /index.html, regardless of the domain, i.e. on any web server anywhere.

/

Matches any URL because there's no requirement for either the domain or the path to match anything.

:8000/

Matches any URL pointing to TCP port 8000.

10.0.0.1/

Matches any URL with the host address 10.0.0.1. (Note that the real URL uses plain brackets, not angle brackets.)

<2001:db8::1>/

Matches any URL with the host address 2001:db8::1. (Note that the real URL uses plain brackets, not angle brackets.)

index.html

matches nothing, since it would be interpreted as a domain name and there is no top-level domain called .html. So its a mistake.

8.4.1. The Host Pattern

The matching of the host part offers some flexible options: if the host pattern starts or ends with a dot, it becomes unanchored at that end. The host pattern is often referred to as domain pattern as it is usually used to match domain names and not IP addresses. For example:

.example.com

matches any domain with first-level domain com and second-level domain example. For example www.example.com, example.com and foo.bar.baz.example.com. Note that it wouldn't match if the second-level domain was another-example.

www.

matches any domain that STARTS with www. (It also matches the domain www but most of the time that doesn't matter.)

.example.

matches any domain that CONTAINS .example.. And, by the way, also included would be any files or documents that exist within that domain since no path limitations are specified. (Correctly speaking: It matches any FQDN that contains example as a domain.) This might be www.example.com, news.example.de, or www.example.net/cgi/testing.pl for instance. All these cases are matched.

Additionally, there are wild-cards that you can use in the domain names themselves. These work similarly to shell globbing type wild-cards: "*" represents zero or more arbitrary characters (this is equivalent to the "Regular Expression" based syntax of ".*"), "?" represents any single character (this is equivalent to the regular expression syntax of a simple "."), and you can define "character classes" in square brackets which is similar to the same regular expression technique. All of this can be freely mixed:

ad*.example.com

matches "adserver.example.com", "ads.example.com", etc but not "sfads.example.com"

*ad*.example.com

matches all of the above, and then some.

.?pix.com

matches www.ipix.com, pictures.epix.com, a.b.c.d.e.upix.com etc.

www[1-9a-ez].example.c*

matches www1.example.com, www4.example.cc, wwwd.example.cy, wwwz.example.com etc., but not wwww.example.com.

While flexible, this is not the sophistication of full regular expression based syntax.

When compiled with FEATURE_PCRE_HOST_PATTERNS patterns can be prefixed with "PCRE-HOST-PATTERN:" in which case full regular expression (PCRE) can be used for the host pattern as well.

8.4.2. The Path Pattern

Privoxy uses "modern" POSIX 1003.2 "Regular Expressions" for matching the path portion (after the slash), and is thus more flexible.

There is an Appendix with a brief quick-start into regular expressions, you also might want to have a look at your operating system's documentation on regular expressions (try man re_format).

Note that the path pattern is automatically left-anchored at the "/", i.e. it matches as if it would start with a "^" (regular expression speak for the beginning of a line).

.example.com/.*

Is equivalent to just ".example.com", since any documents within that domain are matched with or without the ".*" regular expression. This is redundant

.example.com/.*/index.html$

Will match any page in the domain of "example.com" that is named "index.html", and that is part of some path. For example, it matches "www.example.com/testing/index.html" but NOT "www.example.com/index.html" because the regular expression called for at least two "/'s", thus the path requirement. It also would match "www.example.com/testing/index_html", because of the special meta-character ".".

.example.com/(.*/)?index\.html$

This regular expression is conditional so it will match any page named "index.html" regardless of path which in this case can have one or more "/'s". And this one must contain exactly ".html" (and end with that!).

.example.com/(.*/)(ads|banners?|junk)

This regular expression will match any path of "example.com" that contains any of the words "ads", "banner", "banners" (because of the "?") or "junk". The path does not have to end in these words, just contain them. The path has to contain at least two slashes (including the one at the beginning).

.example.com/(.*/)(ads|banners?|junk)/.*\.(jpe?g|gif|png)$

This is very much the same as above, except now it must end in either ".jpg", ".jpeg", ".gif" or ".png". So this one is limited to common image formats.

There are many, many good examples to be found in default.action, and more tutorials below in Appendix on regular expressions.

8.4.3. The Request Tag Pattern

Request tag patterns are used to change the applying actions based on the request's tags. Tags can be created based on HTTP headers with either the client-header-tagger or the server-header-tagger action.

Request tag patterns have to start with "TAG:", so Privoxy can tell them apart from other patterns. Everything after the colon including white space, is interpreted as a regular expression with path pattern syntax, except that tag patterns aren't left-anchored automatically (Privoxy doesn't silently add a "^", you have to do it yourself if you need it).

To match all requests that are tagged with "foo" your pattern line should be "TAG:^foo$", "TAG:foo" would work as well, but it would also match requests whose tags contain "foo" somewhere. "TAG: foo" wouldn't work as it requires white space.

Sections can contain URL and request tag patterns at the same time, but request tag patterns are checked after the URL patterns and thus always overrule them, even if they are located before the URL patterns.

Once a new request tag is added, Privoxy checks right away if it's matched by one of the request tag patterns and updates the action settings accordingly. As a result request tags can be used to activate other tagger actions, as long as these other taggers look for headers that haven't already be parsed.

For example you could tag client requests which use the POST method, then use this tag to activate another tagger that adds a tag if cookies are sent, and then use a block action based on the cookie tag. This allows the outcome of one action, to be input into a subsequent action. However if you'd reverse the position of the described taggers, and activated the method tagger based on the cookie tagger, no method tags would be created. The method tagger would look for the request line, but at the time the cookie tag is created, the request line has already been parsed.

While this is a limitation you should be aware of, this kind of indirection is seldom needed anyway and even the example doesn't make too much sense.

8.4.4. The Negative Request Tag Patterns

To match requests that do not have a certain request tag, specify a negative tag pattern by prefixing the tag pattern line with either "NO-REQUEST-TAG:" or "NO-RESPONSE-TAG:" instead of "TAG:".

Negative request tag patterns created with "NO-REQUEST-TAG:" are checked after all client headers are scanned, the ones created with "NO-RESPONSE-TAG:" are checked after all server headers are scanned. In both cases all the created tags are considered.

8.4.5. The Client Tag Pattern

Client tag patterns are not set based on HTTP headers but based on the client's IP address. Users can enable them themselves, but the Privoxy admin controls which tags are available and what their effect is.

After a client-specific tag has been defined with the client-specific-tag, directive, action sections can be activated based on the tag by using a CLIENT-TAG pattern. The CLIENT-TAG pattern is evaluated at the same priority as URL patterns, as a result the last matching pattern wins. Tags that are created based on client or server headers are evaluated later on and can overrule CLIENT-TAG and URL patterns!

The tag is set for all requests that come from clients that requested it to be set. Note that "clients" are differentiated by IP address, if the IP address changes the tag has to be requested again.

Clients can request tags to be set by using the CGI interface http://config.privoxy.org/client-tags.

Example:

  # If the admin defined the client-specific-tag circumvent-blocks,
  # and the request comes from a client that previously requested
  # the tag to be set, overrule all previous +block actions that
  # are enabled based on URL to CLIENT-TAG patterns.
  {-block}
  CLIENT-TAG:^circumvent-blocks$
  
  # This section is not overruled because it's located after
  # the previous one.
  {+block{Nobody is supposed to request this.}}
  example.org/blocked-example-page

8.5. Actions

All actions are disabled by default, until they are explicitly enabled somewhere in an actions file. Actions are turned on if preceded with a "+", and turned off if preceded with a "-". So a +action means "do that action", e.g. +block means "please block URLs that match the following patterns", and -block means "don't block URLs that match the following patterns, even if +block previously applied."

Again, actions are invoked by placing them on a line, enclosed in curly braces and separated by whitespace, like in {+some-action -some-other-action{some-parameter}}, followed by a list of URL patterns, one per line, to which they apply. Together, the actions line and the following pattern lines make up a section of the actions file.

Actions fall into three categories:

If nothing is specified in any actions file, no "actions" are taken. So in this case Privoxy would just be a normal, non-blocking, non-filtering proxy. You must specifically enable the privacy and blocking features you need (although the provided default actions files will give a good starting point).

Later defined action sections always over-ride earlier ones of the same type. So exceptions to any rules you make, should come in the latter part of the file (or in a file that is processed later when using multiple actions files such as user.action). For multi-valued actions, the actions are applied in the order they are specified. Actions files are processed in the order they are defined in config (the default installation has three actions files). It also quite possible for any given URL to match more than one "pattern" (because of wildcards and regular expressions), and thus to trigger more than one set of actions! Last match wins.

The list of valid Privoxy actions are:

8.5.1. add-header

Typical use:

Confuse log analysis, custom applications

Effect:

Sends a user defined HTTP header to the web server.

Type:

Multi-value.

Parameter:

Any string value is possible. Validity of the defined HTTP headers is not checked. It is recommended that you use the "X-" prefix for custom headers.

Notes:

This action may be specified multiple times, in order to define multiple headers. This is rarely needed for the typical user. If you don't know what "HTTP headers" are, you definitely don't need to worry about this one.

Headers added by this action are not modified by other actions.

Example usage:
  # Add a DNT ("Do not track") header to all requests,
  # event to those that already have one.
  #
  # This is just an example, not a recommendation.
  #
  # There is no reason to believe that user-tracking websites care
  # about the DNT header and depending on the User-Agent, adding the
  # header may make user-tracking easier.
  {+add-header{DNT: 1}}
  /

8.5.2. block

Typical use:

Block ads or other unwanted content

Effect:

Requests for URLs to which this action applies are blocked, i.e. the requests are trapped by Privoxy and the requested URL is never retrieved, but is answered locally with a substitute page or image, as determined by the handle-as-image, set-image-blocker, and handle-as-empty-document actions.

Type:

Parameterized.

Parameter:

A block reason that should be given to the user.

Notes:

Privoxy sends a special "BLOCKED" page for requests to blocked pages. This page contains the block reason given as parameter, a link to find out why the block action applies, and a click-through to the blocked content (the latter only if the force feature is available and enabled).

A very important exception occurs if both block and handle-as-image, apply to the same request: it will then be replaced by an image. If set-image-blocker (see below) also applies, the type of image will be determined by its parameter, if not, the standard checkerboard pattern is sent.

It is important to understand this process, in order to understand how Privoxy deals with ads and other unwanted content. Blocking is a core feature, and one upon which various other features depend.

The filter action can perform a very similar task, by "blocking" banner images and other content through rewriting the relevant URLs in the document's HTML source, so they don't get requested in the first place. Note that this is a totally different technique, and it's easy to confuse the two.

Example usage (section):
  {+block{No nasty stuff for you.}}
  # Block and replace with "blocked" page
  .nasty-stuff.example.com
  
  {+block{Doubleclick banners.} +handle-as-image}
  # Block and replace with image
  .ad.doubleclick.net
  .ads.r.us/banners/
  
  {+block{Layered ads.} +handle-as-empty-document}
  # Block and then ignore
  adserver.example.net/.*\.js$

8.5.3. change-x-forwarded-for

Typical use:

Improve privacy by not forwarding the source of the request in the HTTP headers.

Effect:

Deletes the "X-Forwarded-For:" HTTP header from the client request, or adds a new one.

Type:

Parameterized.

Parameter:

  • "block" to delete the header.

  • "add" to create the header (or append the client's IP address to an already existing one).

Notes:

It is safe and recommended to use block.

Forwarding the source address of the request may make sense in some multi-user setups but is also a privacy risk.

Example usage:
  +change-x-forwarded-for{block}

8.5.4. client-header-filter

Typical use:

Rewrite or remove single client headers.

Effect:

All client headers to which this action applies are filtered on-the-fly through the specified regular expression based substitutions.

Type:

Multi-value.

Parameter:

The name of a client-header filter, as defined in one of the filter files.

Notes:

Client-header filters are applied to each header on its own, not to all at once. This makes it easier to diagnose problems, but on the downside you can't write filters that only change header x if header y's value is z. You can do that by using tags though.

Client-header filters are executed after the other header actions have finished and use their output as input.

If the request URI gets changed, Privoxy will detect that and use the new one. This can be used to rewrite the request destination behind the client's back, for example to specify a Tor exit relay for certain requests.

Note that to change the destination host for https-inspected requests a protocol and host has to be added to the URI.

If https inspection is enabled, the protocol can be downgraded from https to http but upgrading a request from http to https is currently not supported.

After detecting a rewrite, Privoxy does not update the actions used for the request based on the new host.

Please refer to the filter file chapter to learn which client-header filters are available by default, and how to create your own.

Example usage (section):
  # Hide Tor exit notation in Host and Referer Headers
  {+client-header-filter{hide-tor-exit-notation}}
  /

8.5.5. client-body-filter

Typical use:

Rewrite or remove client request body.

Effect:

All request bodies to which this action applies are filtered on-the-fly through the specified regular expression based substitutions.

Type:

Multi-value.

Parameter:

The name of a client-body filter, as defined in one of the filter files.

Notes:

Please refer to the filter file chapter to learn how to create your own client-body filters.

The distribution default.filter file contains a selection of client-body filters for example purposes.

The amount of data that can be filtered is limited by the buffer-limit option in the main config file. The default is 4096 KB (4 Megs). Once this limit is exceeded, the whole request body is passed through unfiltered.

Example usage (section):
  # Remove "test" everywhere in the request body
  {+client-body-filter{remove-test}}
  /

8.5.6. client-body-tagger

Typical use:

Block requests based on the content of the body data.

Effect:

Client request bodies to which this action applies are filtered on-the-fly through the specified regular expression based substitutions, the result is used as tag.

Type:

Multi-value.

Parameter:

The name of a client-body tagger, as defined in one of the filter files.

Notes:

Please refer to the filter file chapter to learn how to create your own client-body tagger.

Client-body taggers are applied to each request body on its own, and as the body isn't modified, each tagger "sees" the original.

Chunk-encoded request bodies currently can't be tagged. Request bodies larger than the buffer-limit can't be tagged either.

Example usage (section):
  # Apply blafasel tagger.
  {+client-body-tagger{blafasel}}
  /
  
  # Block request based on the tag created by the blafasel tagger.
  {+block{Request body contains blafasel}}
  TAG:^content contains blafasel$

8.5.7. client-header-tagger

Typical use:

Block requests based on their headers.

Effect:

Client headers to which this action applies are filtered on-the-fly through the specified regular expression based substitutions, the result is used as tag.

Type:

Multi-value.

Parameter:

The name of a client-header tagger, as defined in one of the filter files.

Notes:

Client-header taggers are applied to each header on its own, and as the header isn't modified, each tagger "sees" the original.

Client-header taggers are the first actions that are executed and their tags can be used to control every other action.

Example usage (section):
  # Tag every request with the User-Agent header
  {+client-header-tagger{user-agent}}
  /
  
  # Tagging itself doesn't change the action
  # settings, sections with TAG patterns do:
  #
  # If it's a download agent, use a different forwarding proxy,
  # show the real User-Agent and make sure resume works.
  {+forward-override{forward-socks5 10.0.0.2:2222 .} \
   -hide-if-modified-since      \
   -overwrite-last-modified     \
   -hide-user-agent             \
   -filter                      \
   -deanimate-gifs              \
  }
  TAG:^User-Agent: NetBSD-ftp/
  TAG:^User-Agent: Novell ZYPP Installer
  TAG:^User-Agent: RPM APT-HTTP/
  TAG:^User-Agent: fetch libfetch/
  TAG:^User-Agent: Ubuntu APT-HTTP/
  TAG:^User-Agent: MPlayer/
  # Tag all requests with the Range header set
  {+client-header-tagger{range-requests}}
  /
  
  # Disable filtering for the tagged requests.
  #
  # With filtering enabled Privoxy would remove the Range headers
  # to be able to filter the whole response. The downside is that
  # it prevents clients from resuming downloads or skipping over
  # parts of multimedia files.
  {-filter -deanimate-gifs}
  TAG:^RANGE-REQUEST$
  # Tag all requests with the client IP address
  #
  # (Technically the client IP address isn't included in the
  # client headers but client-header taggers can set it anyway.
  # For details see the tagger in default.filter)
  {+client-header-tagger{client-ip-address}}
  /
  
  # Change forwarding settings for requests coming from address 10.0.0.1
  {+forward-override{forward-socks5 127.0.1.2:2222 .}}
  TAG:^IP-ADDRESS: 10\.0\.0\.1$

8.5.8. content-type-overwrite

Typical use:

Stop useless download menus from popping up, or change the browser's rendering mode

Effect:

Replaces the "Content-Type:" HTTP server header.

Type:

Parameterized.

Parameter:

Any string.

Notes:

The "Content-Type:" HTTP server header is used by the browser to decide what to do with the document. The value of this header can cause the browser to open a download menu instead of displaying the document by itself, even if the document's format is supported by the browser.

The declared content type can also affect which rendering mode the browser chooses. If XHTML is delivered as "text/html", many browsers treat it as yet another broken HTML document. If it is send as "application/xml", browsers with XHTML support will only display it, if the syntax is correct.

If you see a web site that proudly uses XHTML buttons, but sets "Content-Type: text/html", you can use Privoxy to overwrite it with "application/xml" and validate the web master's claim inside your XHTML-supporting browser. If the syntax is incorrect, the browser will complain loudly.

You can also go the opposite direction: if your browser prints error messages instead of rendering a document falsely declared as XHTML, you can overwrite the content type with "text/html" and have it rendered as broken HTML document.

By default content-type-overwrite only replaces "Content-Type:" headers that look like some kind of text. If you want to overwrite it unconditionally, you have to combine it with force-text-mode. This limitation exists for a reason, think twice before circumventing it.

Most of the time it's easier to replace this action with a custom server-header filter. It allows you to activate it for every document of a certain site and it will still only replace the content types you aimed at.

Of course you can apply content-type-overwrite to a whole site and then make URL based exceptions, but it's a lot more work to get the same precision.

Example usage (sections):
  # Check if www.example.net/ really uses valid XHTML
  { +content-type-overwrite{application/xml} }
  www.example.net/
  
  # but leave the content type unmodified if the URL looks like a style sheet
  {-content-type-overwrite}
  www.example.net/.*\.css$
  www.example.net/.*style

8.5.9. crunch-client-header

Typical use:

Remove a client header Privoxy has no dedicated action for.

Effect:

Deletes every header sent by the client that contains the string the user supplied as parameter.

Type:

Parameterized.

Parameter:

Any string.

Notes:

This action allows you to block client headers for which no dedicated Privoxy action exists. Privoxy will remove every client header that contains the string you supplied as parameter.

Regular expressions are not supported and you can't use this action to block different headers in the same request, unless they contain the same string.

crunch-client-header is only meant for quick tests. If you have to block several different headers, or only want to modify parts of them, you should use a client-header filter.

Warning

Don't block any header without understanding the consequences.

Example usage (section):
  # Block the non-existent "Privacy-Violation:" client header
  { +crunch-client-header{Privacy-Violation:} }
  /

8.5.10. crunch-if-none-match

Typical use:

Prevent yet another way to track the user's steps between sessions.

Effect:

Deletes the "If-None-Match:" HTTP client header.

Type:

Boolean.

Parameter:

N/A

Notes:

Removing the "If-None-Match:" HTTP client header is useful for filter testing, where you want to force a real reload instead of getting status code "304" which would cause the browser to use a cached copy of the page.

It is also useful to make sure the header isn't used as a cookie replacement (unlikely but possible).

Blocking the "If-None-Match:" header shouldn't cause any caching problems, as long as the "If-Modified-Since:" header isn't blocked or missing as well.

It is recommended to use this action together with hide-if-modified-since and overwrite-last-modified.

Example usage (section):
  # Let the browser revalidate cached documents but don't
  # allow the server to use the revalidation headers for user tracking.
  {+hide-if-modified-since{-60} \
   +overwrite-last-modified{randomize} \
   +crunch-if-none-match}
  /

8.5.11. crunch-incoming-cookies

Typical use:

Prevent the web server from setting HTTP cookies on your system

Effect:

Deletes any "Set-Cookie:" HTTP headers from server replies.

Type:

Boolean.

Parameter:

N/A

Notes:

This action is only concerned with incoming HTTP cookies. For outgoing HTTP cookies, use crunch-outgoing-cookies. Use both to disable HTTP cookies completely.

It makes no sense at all to use this act