| CARVIEW |
Select Language
HTTP/2 200
date: Sun, 27 Jul 2025 05:19:55 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, X-Requested-With,Accept-Encoding, Accept, X-Requested-With
etag: W/"388b1101668605aab6025641e8a764ff"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/
server: github.com
content-encoding: gzip
accept-ranges: bytes
set-cookie: _gh_sess=QtfgzCVC97ab2Gnao5lwezdrWVaJKw0tv%2F9hwU%2FVLGeTPlfT%2FOcQxe9Ule9CoJZljoFV47Uf2s9Y2CKqrFppBk8p8erYkh2MekTgKvA4l2DpzDQPFGWbuns5bkZSvVbvGgsU9Re1KAZaG05fPuWm3nr6BN5fNA0YD0tyOT2mzqUxRnQXbJH70Q3%2F%2BAFdkmUluSs%2B4e4pjPK027t71v%2FAFjX9xl07whu18DZFjHFmf4kivVs2%2F6FKdStnfFm33eeiIiiW1oGjaWX%2BUX6K%2BIz8kg%3D%3D--1Fh48DDVa%2FmpqKwJ--oB0IfMuqxYRyb%2BPGe7Ltwg%3D%3D; Path=/; HttpOnly; Secure; SameSite=Lax
set-cookie: _octo=GH1.1.744188313.1753593595; Path=/; Domain=github.com; Expires=Mon, 27 Jul 2026 05:19:55 GMT; Secure; SameSite=Lax
set-cookie: logged_in=no; Path=/; Domain=github.com; Expires=Mon, 27 Jul 2026 05:19:55 GMT; HttpOnly; Secure; SameSite=Lax
x-github-request-id: 9520:1C79A4:AF41F0:E98B59:6885B6FB
Recipes (web site scoped) · gorhill/httpswitchboard Wiki · GitHub
Skip to content
Navigation Menu
{{ message }}
This repository was archived by the owner on Nov 15, 2017. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 82
Recipes (web site scoped)
Raymond Hill edited this page Dec 31, 2013
·
21 revisions
Recipes to import in Rule manager. More will be added over time.
The following recipes are all web site-scoped. For example, the permissions for the "Google Plus" recipe apply only while you are on a web page which URL starts with https://plus.google.com. On any other web page, the rules won't apply, meaning plus.google.com would be blocked, unless you have your own existing rules which whitelist plus.google.com.
Other users are starting to provide rules, so for now I will link to these external recipes:
- https://www.wilderssecurity.com/showthread.php?p=2322738#post2322738
- https://www.wilderssecurity.com/showthread.php?p=2322822#post2322822
Works for everywhere you need to login into a Google service through https://accounts.google.com:
https%3A%2F%2Faccounts.google.com%0A%09w
hitelist%0A%09%09sub_frame%20youtube.com
%0A%09%09*%20youtube.com%0A%09%09*%20gst
atic.com%0A%09%09*%20googleusercontent.c
om%0A%09%09*%20fonts.googleapis.com%0A%0
9%09*%20google.com%0A%09blacklist%0A%09%
09sub_frame%20*%0A%09%09*%20*%0A
https%3A%2F%2Fplus.google.com%0A%09white
list%0A%09%09*%20gstatic.com%0A%09%09*%2
0google.com%0A%09%09image%20*%0A%09black
list%0A%09%09sub_frame%20*%0A%09%09objec
t%20*%0A%09%09*%20*%0A
https%3A%2F%2Fwww.youtube.com%0A%09white
list%0A%09%09*%20plus.googleapis.com%0A%
09%09*%20google.com%0A%09%09*%20googlevi
deo.com%0A%09%09*%20youtube.com%0A%09%09
*%20ytimg.com%0A%09%09image%20*%0A%09%09
sub_frame%20accounts.google.com%0A%09%09
sub_frame%20googleapis.com%0A%09%09xmlht
tprequest%20googleapis.com%0A%09blacklis
t%0A%09%09*%20*%0A
https%3A%2F%2Fwww.facebook.com%0A%09whit
elist%0A%09%09*%20akamaihd.net%0A%09%09*
%20facebook.com%0A%09%09*%20fbcdn.net%0A
%09%09*%20fbstatic-a.akamaihd.net%0A%09%
09image%20*%0A%09blacklist%0A%09%09objec
t%20*%0A%09%09sub_frame%20*%0A%09%09*%20
*%0A*%0A%09blacklist%0A%09%09*%20faceboo
k.com%0A%09%09*%20facebook.net%0A%09%09*
%20fbcdn.net%0A
You can’t perform that action at this time.