--- ./match-all.action	2025-01-25 08:11:07
+++ ./match-all.action	2025-01-25 08:27:59
@@ -5,12 +5,239 @@
 # users should only edit this file through the actions file editor.
 #
 #############################################################################
+# original:
+#{ \
+#+change-x-forwarded-for{block} \
+#+client-header-tagger{css-requests} \
+#+client-header-tagger{image-requests} \
+#+hide-from-header{block} \
+#+set-image-blocker{pattern} \
+#}
+#/ # Match all URLs
 { \
 +change-x-forwarded-for{block} \
-+client-header-tagger{css-requests} \
-+client-header-tagger{image-requests} \
-+client-header-tagger{range-requests} \
++deanimate-gifs{last} \
++filter{refresh-tags} \
++filter{img-reorder} \
++filter{banners-by-size} \
++filter{webbugs} \
++filter{jumping-windows} \
++filter{ie-exploits} \
 +hide-from-header{block} \
++hide-referrer{conditional-block} \
++session-cookies-only \
 +set-image-blocker{pattern} \
 }
 / # Match all URLs
+
+# User-Agent
+# Uncomment to forge the User-Agent
+# See http://www.christianschenk.org/blog/enhancing-your-privacy-using-squid-and-privoxy/
+#{ \
+#+hide-referrer{conditional-forge} \
+#+hide-user-agent{Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.2 Safari/605.1.15} \
+#}
+#/ # Match all URLs
+
+# https-inspection
+{+https-inspection}
+/ # Match all URLs
+
+# No HTTPS Inspection on these websites
+# These may be overruled by subsequent actions files
+
+# Please edit this list to exclude domains for which HTTPS inspection
+# will not be used, whether because you wish to maintain end-to-end
+# encryption (e.g. financial institutions), avoid possible fragility
+# of important connections (e.g. Apple domains on macOS and iOS devices),
+# fix websites broken by HTTPS inspection or Privoxy rules, or any other reason
+
+# TLDs
+{-https-inspection}
+.edu
+.vaccines.gov
+.gov
+.org
+
+# Amazon domains
+{-https-inspection}
+.amazon.com
+.media-amazon.com
+.amazonaws.com
+.ssl-images-amazon.com
+
+# App domains, including possible dual-purpose versioning and telemetry
+{-https-inspection}
+.tomtom.com
+.split.io
+.strava.com
+api2.branch.io
+
+# Akamai edge domains (used by Apple)
+{-https-inspection}
+.akamaiedge.net
+
+# Apple domains
+{-https-inspection}
+.apple.com
+.cdn-apple.com
+*apple.com.akadns.net
+.origin-apple.com.akadns.net
+.apple-dns.net
+.apple.com.edgekey.net
+.icloud.com
+icloud-content.com
+.icloud-content.com
+mzstatic.com
+.mzstatic.com
+
+# Charitible and Volunteering domains
+# {-https-inspection}
+# .ngpvan.com
+
+# Cloud domains (various)
+{-https-inspection}
+.adobe.com
+.adobesign.com
+.dropbox.com
+.duckduckgo.com
+mozilla.org
+.mozilla.org
+soundcloud.com
+.soundcloud.com
+.login.yahoo.com
+
+# e-Commerce domains
+{-https-inspection}
+.airbnb.com
+.ebay.com
+.lyft.com
+.moma.org
+.paypal.com
+.redfin.com
+.cdn-redfin.com
+.target.com
+.ups.com
+.venmo.com
+
+# Educational domains
+{-https-inspection}
+.pbs.org
+.powerschool.com
+.schoology.com
+.wikimedia.org
+.wikipedia.org
+
+# Financial-related domains
+{-https-inspection}
+.fidelity.com
+.fisglobal.com
+.ibanking-services.com
+.myaccountaccess.com
+.vanguard.com
+vgi529.com
+.vgi529.com
+.wageworks.com
+
+# Google domains
+{-https-inspection}
+accounts.google.com
+chat.google.com
+.client-channel.google.com
+.cloud.google.com
+.docs.google.com
+groups.google.com
+mail.google.com
+ogs.google.com
+play.google.com
+.googleapis.com
+.googleusercontent.com
+.googlevideo.com
+www.gstatic.com
+.youtube.com
+accounts.youtube.com
+
+# ISP and Mobile and Mobile App domains
+{-https-inspection}
+.att.com
+.pabs.comcast.com
+.cloudtv.comcast.net
+.vzw.com
+.xfinity.com
+
+# Mailing List domains
+# {-https-inspection}
+
+# Media domains
+{-https-inspection}
+img.buzzfeed.com
+pixiedust.buzzfeed.com
+cdn.jwplayer.com
+substack.com
+substackcdn.com
+.substack.com
+.substackcdn.com
+accounts.theatlantic.com
+cdn.theatlantic.com
+data-cdn.theatlantic.com
+support.theatlantic.com
+therenewalawards.theatlantic.com
+.usabilla.com
+
+# Microsoft domains
+{-https-inspection}
+.live.com
+.aria.microsoft.com
+.office.com
+.microsoft.us
+.office365.us
+
+# Netflix domains
+{-https-inspection}
+.nflxso.net
+.nflxvideo.net
+
+# Open Source and Software domains
+{-https-inspection}
+github.com
+.github.com
+.githubassets.com
+.githubusercontent.com
+.jetbrains.com
+.macports.org
+.pypi.org
+sourceforge.net
+.sourceforge.net
+
+# PKI and 2FA domains
+{-https-inspection}
+.digicert.com
+.duosecurity.com
+.entrust.net
+.s1gov.net
+.verisign.net
+
+# Microblogging domains
+{-https-inspection}
+bsky.social
+.bsky.social
+bsky.app
+.bsky.app
+mastodon.social
+.mastodon.social
+.redditmedia.com
+.redditstatic.com
+.twimg.com
+.twitter.com
+.x.com
+
+# Zoom domains
+{-https-inspection}
+.zoomgov.com
+.zoom.us
+
+# Personal domains
+# {-https-inspection}
+
+# Work domains
+# {-https-inspection}
