This defines the main criteria for removing Origin headers. Both modes are safe, but the aggressive mode is less tolerant, therefore it causes more web content to break. The relaxed mode should break website functionality only very rarely.

These rules override the mode on a per-site basis. Use the Exclusions section below if you want to exclude requests instead.

2 = aggressive
1 = relaxed
0 = whitelisted

Accepts hostname or full URL
0: www.example.com
Accepts wildcards
2: www.example.*
Accepts regular expressions (must separate with :: instead of :)
1:: ^https?://www\.example\.(com|net)

Enter one rule per line. When multiple rules conflict, the one closest to the bottom wins.

In relaxed mode, the logic of the aggressive mode will be used when dealing with requests of the types selected here. This is like enabling the aggressive mode partially.

If this is enabled, the extension will call a subroutine to exclude requests based on a comparison of root domains, to prevent breakage. Origin headers will not be removed from requests when the resource's root domain matches the origin's root domain, like this:

thisisanexample.com
www.thisisanexample.co.uk

You can exclude requests using patterns here, with the following syntax:

Wildcards are accepted.

Removing Origin headers from requests that also include Referer headers can make you look more unique than not removing anything. With this option enabled, any Referer headers found in the requests altered by this extension will be spoofed.