xombrero(1) lightweight web browser


xombrero -words [-nSTtV ] [-f file ] [-s session_name ] [url ... ]


xombrero is a minimalistic web browser that tries to stay out of the way so that valuable screen real estate can be used for much more important stuff. It has sane defaults and does not require one to learn a language to do any configuration. It was written by hackers for hackers and it strives to be small, compact, and fast.

xombrero is very simple in its use. Most actions are initiated via key or mouse bindings. Key bindings are based on those of the vi(1) text editor, giving web browsing a similar feel to navigating a text document. The Sx KEY BINDINGS section below documents the various defaults and possible customizations.

The options are as follows:

-f file
Specify an alternative configuration file.
Open a new tab in a running xombrero for each specified URL. This option requires enable_socket to be enabled.
-e command
Execute arbitrary command (see the Sx COMMAND MODE section below) in a running xombrero instance. This option requires enable_socket to be enabled. Example run: xombrero -e "tabnew openbsd.org"; xombrero -e tabclose; xombrero -e wq.
Disable the toolbar.
-s session_name
Open session that was saved with ":session save" command.
Disable visualization of tabs.
Disable tabs. Pages that would open in tabs open in new windows instead.
Display version and exit.


The following notation is used throughout this page:

Meta 1 (sometimes marked Alt)
Meta 2
Meta 3
Meta 4 (sometimes marked Windows)
Meta 2
Mouse button 1

To browse to a specific address, either use the mouse to click on the address bar or press F6 to shift the keyboard focus to the address bar. The address is then entered manually.

The mouse can be used to navigate the page in the traditional manner, or the keyboard can be used instead. For example, PageUp and PageDown will scroll up and down the page.

To follow a link, either click on it or use the f key and have xombrero assign numbers to each link on the page; entering that number on the keyboard will prompt xombrero to follow the link.


xombrero provides many actions accessed via key or mouse bindings. Most can be reprogrammed using a keybinding entry in the configuration file. Each keyboard shortcut requires exactly one entry in the configuration file. A shortcut can have multiple entries in the configuration file. The format of the keybinding entry is as follows:

For example, "keybinding = tabnew,C-t" where tabnew is the action and C-t are the keystrokes.

Actions may be any xombrero command that can be run from the command prompt. There is one additional action, unbind which will unbind any previous actions to that keybinding.

If the action begins with a colon, the action will be entered into the command prompt instead of being executed. For example, "keybinding = :session open ,M1-s" will open the command prompt with ":open session " entered when using the M1-s keybinding.

Keybindings which open the command prompt may also include the string <uri>, which will be replaced by the current tab's URI. For example, "keybinding = :open <uri>,F10" will open the command prompt with <uri> replaced with the current URI.

GTK has some default keybindings for manipulating text inside input fields, such as the URI or search entry widget, for example C-w deletes a word. To override these defaults prefix your key with an exclamation mark (!), like this: "keybinding = tabclose,!C-w". The clearall key word is special and is meant to reset the key binding list to the GTK+ and WebKit defaults. This keyword should be the first keybinding entry in the configuration file.

Shift should be used sparingly since it gets in the way of non-USA keyboards. See the accompanying configuration file for examples.

The various bindings are documented below. The relevant keybinding action is given afterwards, in parentheses.

Command mode

These commands are used to focus or unfocus input on the default input of a web page.

Go to command mode; unfocus current entry on web page. (command_mode )
Go to insert mode; focus on default entry on web page. (insert_mode )

Search Commands

These commands are used to search for text strings within a web page.

Start a search (search )
Start a backwards search (searchb )
Next item matching search (searchnext )
Previous item matching search (searchprev )

Focus Commands

These commands are used to shift the focus of xombrero from one area to another.

Focus on address bar (focusaddress )
Focus on search entry (focussearch )

Command Aliases

These commands allow the user to map specific actions to specific keys.

Alias for "help"
Alias for "proxy toggle"
Alias for "toplevel toggle"

Prompt Aliases

These commands allow the user to open a prompt. These can be useful when the -S option is used.

Alias for ":open "
Alias for ":open <uri>"
Alias for ":tabnew "
Alias for ":tabnew <uri>"

Navigation Commands

These commands allow the user to navigate web pages and, to some extent, control the browser.

F5, C-r, C-l
Reload page (reload )
BackSpace, M-Left
Previous page (goback )
S-BackSpace, M-Right
Forward page (goforward )
j, Down
Next line on page (scrolldown )
k, Up Previous line on page
(scrollup )
G, End
Bottom of page (scrollbottom )
gg, Home
Top of page (scrolltop )
Space, C-f, PageDown
Page down (scrollpagedown )
C-b, PageUp Page up
(scrollpageup )
l, Right
Page right (scrollright )
h, Left
Page left (scrollleft )
Page far right (scrollfarright )
Page far left (scrollfarleft )
Favorites (fav )
Cookie jar (cookiejar )
Download manager (dl )
Print page (print )
Global history (history )
Toggle JavaScript enabled for FQDN (js )
Toggle source view (togglesrc )
Toggle cookie enabled for FQDN (cookie )
Toggle plugins enabled for FQDN (plugin )

Tab Manipulation

xombrero supports tabbed browsing. That is, web pages may be opened in separate tabs, allowing the user to quickly move from one page to another, and back. These commands then are used to create, destroy, and move between tabs.

Open new tab with the clicked link
Create new tab with focus in URL entry (tabnew )
Create new tab with focus in URL entry as the last tab in the browser (999tabnew )
Destroy current tab (tabclose )
Undo close tab (tabundoclose )
C-Left, C-PageUp Go to the previous tab
(tabprevious )
C-Right, C-PageDown
Go to the next tab (tabnext )
Jump to page N (tabnext [1..9] )
Jump to first page (tabfirst )
Jump to last page (tablast )
Zoom out by 4% (focusout )
C-plus, C-equal
Zoom in by 4% (focusin )
Set zoom level to 100% (focusreset )

Yanking and pasting

These commands copy and paste text to and from the clipboard.

Paste the contents of the clipboard into the address bar (pasteuricur )
Paste the contents of the clipboard into a new tab (pasteurinew )
Yank the current URL into the clipboard (yankuri )

Hyperlink Following

This allows the user to follow hyperlinks without using a mouse. Enter the corresponding number to follow the link. Alternatively one can type the name of the link and when there are no more possibilities xombrero will follow the link.

f, '.'
Highlight all links and prefix them with a number. (hinting )
F, ','
Highlight all links and prefix them with a number but open in a new tab. (hinting_newtab )


Commands to exit the browser.

Quit (quitall )

Low-Contrast Color Scheme

These commands toggle the page style between the default CSS and a low-contrast color scheme with light grey text on a dark grey background. If the userstyle setting is changed, that stylesheet will be used instead of the low-contrast color scheme.

Toggle the current tab's style. (userstyle )
Toggle the global page style mode. Will also affect new tabs. (userstyle_global )

Insert-mode commands

The following commands are only available when editing an input-field

Edit the contents of the currently active input-element in an external editor. (editelement )


Command mode works in a similar fashion to the vi(1) editor; it is entered by typing a colon and exited by pressing Esc. The commands and their descriptions are listed below.

about , version
Display the About page.
buffers , ls , tabs
Display the currently opened tabs and let the user switch tabs by typing the tab number or by using the mouse.
Display CA certificates.
cert , cert show
Download and display certificates of the domain on current tab.
cert save
Save certificate into a local store. The next time the site is visited it is compared against the store. If the certificate matches, the address bar will be blue; if it doesn't the bar will be red.
The cookie command is used to manipulate the cookie whitelist. Used by itself it expands to cookie show all
Show cookie jar contents.
cookie purge
Remove all cookies from the cookie jar.
cookie save, cookie save fqdn
Save the current fully qualified domain name (FQDN) to the persistent whitelist. For example, the www.peereboom.us domain would result in saving www.peereboom.us.
cookie save domain
Save the top level domain name to the persistent whitelist. For example, the www.peereboom.us domain would result in saving .peereboom.us.

This action enables cookies if it is currently disabled for this entry.

cookie show all
Show all persistent and session entries in the cookie whitelist.
cookie show persistent
Show all persistent entries in the cookie whitelist.
cookie show session
Show all session entries in the cookie whitelist.
cookie toggle domain
Toggle cookie support for the current top level domain.
cookie toggle, cookie toggle fqdn
Toggle cookie support for the current FQDN.
Show download manager.
encoding [encoding ]
Set the current tab's encoding to encoding and reload the tab. If encoding is not provided, the current tab's encoding is displayed.
Open the source for the current tab in the editor specified by the setting external_editor and then check for changes to the file opened. If it is changed, the page will be updated.
If a text-element is currently active (<input> or <textarea>), it's contents will be opened in the same fashion as for the command editsrc above
Show favorites.
favadd [title ]
Add the current page to favorites. The title can be overridden by specifying title
Show favorites list and links to remove entries.
fullscreen , f
Toggle hiding tabs and url entry toolbar.
h , hist , history
Show global history.
Show help page.
Go to home URL.
The https command is used to manipulate the items in the HTTPS force list. Used by itself it expands to https show all
https save, save fqdn
Save the FQDN to the persistent force HTTPS list. For example, the www.peereboom.us domain would result in saving www.peereboom.us.
https save domain
Save the top level domain name to the persistent whitelist. For example, the www.peereboom.us domain would result in saving .peereboom.us.
https show all
Show all persistent and session entries in the HTTPS force list.
https show persistent
Show all persistent entries in the HTTPS force list.
https show session
Shows all session entries in the HTTPS force list.
https toggle, https toggle fqdn
Toggle this FQDN in the HTTPS force list.
https toggle domain
Toggle the top level domain in the HTTPS force list.
The js command is used to manipulate the JavaScript whitelist. Used by itself it expands to js show all
js save, save fqdn
Save the FQDN to the persistent whitelist. For example, the www.peereboom.us domain would result in saving www.peereboom.us.
js save domain
Save the top level domain name to the persistent whitelist. For example, the www.peereboom.us domain would result in saving .peereboom.us.

This action enables JavaScript if it is currently disabled for this entry.

js show all
Show all persistent and session entries in the JavaScript whitelist.
js show persistent
Show all persistent entries in the JavaScript whitelist.
js show session
Show all session entries in the JavaScript whitelist.
js toggle, js toggle fqdn
Toggle JavaScript execution for the current FQDN.
js toggle domain
Toggle JavaScript execution for the current top level domain.
If the setting auto_load_images is disabled, load all images for current site.
open , op , o URL
Open URL
The plugin command is used to manipulate the plugin whitelist. Used by itself it expands to plugin show all
plugin save, save fqdn
Save the FQDN to the persistent whitelist. For example, the www.peereboom.us domain would result in saving www.peereboom.us.
plugin save domain
Save the top level domain name to the persistent whitelist. For example, the www.peereboom.us domain would result in saving .peereboom.us.

This action enables plugins if they are currently disabled for this entry.

plugin show all
Show all persistent and session entries in the plugin whitelist.
plugin show persistent
Show all persistent entries in the plugin whitelist.
plugin show session
Show all session entries in the plugin whitelist.
plugin toggle, plugin toggle fqdn
Toggle plugin execution for the current FQDN.
plugin toggle domain
Toggle plugin execution for the current top level domain.
Print page.
The proxy command is used to manipulate the currently set proxy. Used by itself it expands to proxy show
proxy show
Display the current http_proxy setting.
proxy toggle
Enable or disable the proxy for . Note that http_proxy must be set before it can be toggled.
qa , qall , quitall
Quit .
quit , q
Close current tab and quit xombrero if it is the last tab.
Restart xombrero and reload all current tabs.
run_script [path_to_script ]
Run the script path_to_script with the current uri as the argument. If path_to_script is not provided, the script specified by the default_script setting is used instead.
script filename
Run an external JavaScript script file in the current tab context.
session , session show
Display the current session name. By default the session name is ``main_session'' To create a new session use the session save command. A session is defined as the lifetime of the browser application.
session delete session_name
Delete session session_name from persistent storage. If session_name is the current session then the session will revert to ``main_session''
session open session_name
Close all tabs and open session session_name Going forward this session is named session_name
session save session_name
Save current tabs to session session_name This will close the current session and going forward this session is named session_name
The set command is used to inspect, clear or change runtime options. There are 3 methods to use set When used by itself as ``:set '' the command displays all options as currently set.

To set a value use ``:set Ao option Ac = Aq value '' For example, ``:set http_proxy= ''

To clear a value use ``:set Ao option Ac = '' For example, ``:set http_proxy= ''

Note, not all options can be set at runtime.

Show blocked cookie statistics. These statistics vary based on settings and are not persistent.
statustoggle , statust
Toggle status bar.
Stop loading the current web page.
Close current tab.
Hide tabs.
tabnew , tabedit [URL ]
Create a new tab and optionally open provided URL
Go to the next tab.
Close all tabs except the currently focused one.
Go to the previous tab.
Show tabs in GUI.
toplevel , toplevel toggle
Toggle the top level domain name cookie and JS session whitelist. This is to enable/disable short lived full site functionality without permanently adding the top level domain to the persistent whitelist.
urlhide , urlh
Hide url entry and toolbar.
urlshow , urls
Show url entry and toolbar.
userstyle [stylesheet ]
Toggle the current tab between using the custom stylesheet stylesheet and the page's default CSS. If stylesheet is not provided, the stylesheet specified by the userstyle setting will be used. This userstyle setting is set by default to a low-contrast color scheme.

Additional stylesheets may be used in addition to that set by userstyle by specifying additional keybindings. For example,

will map toggling between ~/style.css to the v and V keys while keeping the stylesheet specified by userstyle mapped to the s and S keys.

userstyle_global [stylesheet ]
Same as the userstyle command but affects all open tabs and newly created tabs will use this style.
Save open tabs to current session. The tabs will be restored next time the session is opened. See the session command for additional details.
Save open tabs and quit. The tabs will be restored next time the session is opened. See the session command for more details.


In addition to shortcuts and commands xombrero provides buffer commands. Buffer commands are short, multi character vi-like commands, often requiring an argument. Partial buffer commands are displayed in the buffer command statusbar element (see statusbar_elems ) Pressing Esc or switching to another tab cancels a partially entered buffer command. In the following list arg denotes the argument a buffer command accepts. Buffer commands are defined as extended regular expressions. Note that if a character is used as a shortcut it will not be interpreted as the beginning of a buffer command. This is the case with 0

go to the top of the page
go to the bottom of the page
go to the arg percent of the page
go to 50% of the page
go arg levels up. If arg is missing, 1 is assumed. Going a level up means going to a URI obtained from the current one by removing the last slash ('/') character and everything that follows it
go to the root level, i.e. going up as many levels as possible.
open the home page in the current tab
set a mark denoted by arg at the current page position. These marks behave like those in vi or less.
go to the position where mark arg was set. The special mark "'" points to the previous page position, after a "gg", "gG", "zz", "%" or "'" buffer command.
set the current uri as quickmark arg
open the uri marked as quickmark arg in the current tab
open the uri marked as quickmark arg in a new tab
activate tab number
go to first tab
go to last tab
go to the arg next tab
go to the arg previous tab arg
quit xombrero
restart xombrero
zoom in by 4%
zoom out by 4%
set zoom level to 100%
set zoom level to arg %


Quickmarks are like bookmarks, except they are referred to by a single character (a letter or a digit), instead of a longer name. See the M[a-zA-Z0-9] go[a-zA-Z0-9] and gn[a-zA-Z0-9] buffer commands for usage. Quickmarks are stored in ~/.xombrero/quickmarks and are saved automatically after each M[a-zA-Z0-9] buffer command.


The about screens are internally generated web pages by xombrero for user interaction. These are entered in the address bar and the format is about:screen where screen is the desired screen to display. For example about:favorites. Any about screen can be used as the home page as specified by home in the configuration file.

show the about screen
show a blank screen
show the cookie whitelist screen
show the cookiejar screen
show the downloads screen
show the favorites screen
show the help web page
show the history screen
show the JavaScript whitelist screen
show the plugin whitelist screen
show the settings screen
show the statistics screen


This section describes advanced usage settings. Most users should use browser_mode instead to setup xombrero and skip over this section.

xombrero has a number of whitelists to control blocking cookies and JavaScript execution for FQDNs or domains. When properly enabled these whitelists require either the FQDN or top level domain to exist in the whitelists in order to allow cookies to be stored or JavaScript to execute. Both JavaScript and cookies have two whitelists associated with them. The whitelists are called session and persistent. Items in the session whitelists are only allowed for the lifetime of the xombrero instance. Items in the persistent whitelists are stored on disk and are restored upon restarting.

Setting up the whitelists is a little tricky due to intricacies of WebKit. In fact the semantics are different for cookies and JavaScript.

Cookie whitelist requires the following configuration to be set:

This is a WebKit setting and must be set to 1 (ENABLED) in order to be able to use a cookie whitelist.
This needs to be set to 1 to enable the cookie whitelist functionality.
These entries in the configuration file are the actual domains names in the cookie whitelist.

JavaScript whitelist requires the following configuration to be set:

This is a WebKit setting and must be set to 0 (DISABLED) in order to be able to use a JavaScript whitelist.
This needs to be set to 1 to enable the JavaScript whitelist functionality.
These entries in the configuration file are the actual domains names in the JavaScript whitelist.

Plugin whitelist requires the following configuration to be set:

This is a WebKit setting and must be set to 1 (ENABLED) in order to be able to use a plugin whitelist.
This needs to be set to 1 to enable the plugin whitelist functionality.
These entries in the configuration file are the actual domains names in the plugin whitelist.

See the FILES section for additional configuration file entries and details that alter runtime behavior.


xombrero user specific settings.
xombrero scratch directory.

xombrero tries to open the user specific file, ~/.xombrero.conf If that file is unavailable, it then uses built-in defaults. Any settings saved at runtime will be saved to the file ~/.xombrero/runtime and will be loaded as well.

The format of the file is <keyword> = <setting>. For example:

http_proxy =

Enabling or disabling an option is done by using 1 or 0 respectively.

The file supports the following keywords:

Defines an alias for a given URL, so that the URL is loaded when the alias is entered in the address bar. If the aliased URL includes a %s format specifier, then any argument given after the alias on the address bar is substituted. For example, if g,http://www.google.com/search?q=%s is defined as an alias, then the URL http://www.google.com/search?q=foo is loaded when navigating to "g foo".
If set, all content referenced by a page will be loaded. If unset, encrypted pages will refuse to load content that is linked from an insecure location.
If set, all scripts referenced by a page will be loaded and run using the current javascript policy. If unset, encrypted pages will refuse to run scripts that are linked from an insecure location.
If set cookies are stored in the session cache but will be discarded once xombrero exits. Unfortunately enabling this does allow for some limited tracking on the web.
If set, HTTP headers taken from the Lk https://www.bitrig.org/ Bitrig website will be used to feed additional values to the xombrero HTTP header settings. Currently only the User-Agent and Http-Accept headers are modified, corresponding to the user_agent and http_accept settings, respectively. These headers are set after any header settings are read in from your ~/.xombrero.conf Default is 0.
When set a new tab is appended after the current tab instead of being appended as the last tab.
If disabled, images will not be loaded automatically.
When set a tab that is loaded will attempt to autofocus the default input entry. This is only done for tabs that are currently visible.
The xombrero browser has 3 default operating modes: normal (the default), whitelist and kiosk In the normal mode the browser allows all cookies, plugins and JavaScript as any other browser would. This means that all cookies are saved to persistent storage and that all JavaScript and plugins run.

On the other hand, using the whitelist mode enables whitelists. This requires the user to add all the required cookie_wl js_wl and pl_wl items. If a domain does not appear in the whitelists xombrero disallows cookies, JavaScript and plugin execution. If insecure web content or scripts are referenced by a secure website, they will be blocked from loading or running.

In kiosk mode the browse works just like normal mode however the toolbar only has the backward, forward and home button.

This setting must be the first entry in ~/.xombrero.conf because it sets advanced settings that can be overridden later in the file. See the default config file for more details.

This setting is used to define an alias for a command. The syntax of this setting is cmd_alias = alias,cmd For example, if you wanted to set an alias for the tabnew command to tn add the line cmd_alias = tn,tabnew to your ~/.xombrero.conf This setting may not begin with a number.
Set the command prompt font. E.g. cmd_font = monospace normal 9
When enabled (the default) xombrero will color visited links. This is done while the web page loads using JavaScript, rather than WebKit's (broken, see bug #51747) built-in facility for coloring visited links. The JavaScript approach is (probably) slower and is not consistent across tabs (unless the tabs are reloaded), but has the advantage of not leaking history data to web pages (see http://wtikay.com/docs/details.html).
This field delineates the cookie policy. Possible values are: no3rdparty, reject 3rd party cookies. accept, accept all cookies. reject, reject all cookies.
This is a cookie whitelist item. Use multiple times to add multiple entries. Valid entries are for example *.moo.com and the equivalent .moo.com. This matches both moo.com, as well as all subdomains. A fully qualified host is also valid and is for example www.moo.com or moo.com. Fully qualified hosts do not modify whitelist settings for any subdomains.

Unix extended regular expressions may also be used to match any set of FQDNs. Regular expressions must begin with the prefix "re:". As an example, the regular expression equivalent to moo.com would be ^moo.com$ and the equivalent to .moo.com would be ^(.*.)*moo.com$ If using regular expressions for whitelist items, be careful to not accidentally match other domains; you will almost always want to add the ^ and $ characters to the beginning and end of the regex so that, for example, moo.com would not match not-moo.com.

Enable cookies.
Give focus in newly created tab instead of opening it in the background.
This setting provides the ability to run custom executables for special URIs. The syntax for this setting is custom_uri = protocol,command The URI is passed as a single argument to command to be parsed and executed.

For example, to add the ability to use custom mailto URIs, add the setting custom_uri = mailto,command where command is a program that will parse the mailto URI and open your mail client.

Path to the script used as the default value for the run_script command.
Set the default browsing zoom level.
Sets the HTTP Do Not Track header to tell sites that you wish to be opted-out of 3rd-party tracking for the use of behavioral advertising. Not all sites currently support this header, and this is only a suggestion of a user preference. Sites may still perform 3rd-party tracking even when this feature is enabled.
Locations where files are downloaded to. This directory must exist and xombrero validates that during startup.
Controls how downloads are handled. Possible values are:
start - automatically start download.
ask   - ask user for confirmation.
add   - add to downloadmanager, but
        do not start.
The default is "start".
When enabled a message is shown when downloads are finished. Default is 0.
When enabled clicking MB3 will spawn the autoscroll ball, scrolling can then proceed by dragging the mouse away from the ball.
When enabled all cookies must be in the whitelist or they are rejected. Additionally whitelisted cookies also enable HTML5 local storage for the domain.
When enabled (disabled by default), web content will be cached into memory.
When enabled (the default) xombrero displays the favicon of the web page at the URI entry. This setting affects both normal and compact tabs.
When enabled (disabled by default) xombrero displays favicons at each tab. This setting only affects compact tabs.
Enables support for autorunning JavaScript after page loads. When enabled, ~/.xombrero/js/ will be searched for default.js and host.domain.js If host.domain.js does not exist, domain.js will be tried instead. The content of the both default and host/domain files are read and executed on each page load. Default is 1.

As an example, if you add the line alert(Hello, world); to your default.js a pop-up displaying "Hello, world" will be shown on every page reload. While not useful, any javascript can be run through this mechanism, making it useful for global or site-specific modifications.

When enabled all domains must be in the js whitelist in order to run Java Script. NOTE: Make sure enable_scripts is set to 0.
When enabled all domains must be in the plugin whitelist in order to run plugins. NOTE: Make sure enable_plugins is set to 0.
Enable external plugins such as Flash and Java.
Enable support for the Strict-Transport-Security HTTP-header. When enabled, sites that set this flag will only be visited via HTTPS. Default value is 1
Enable Java Script.
When enabled the first instance of xombrero will create a socket in the ~/.xombrero directory. Using the -n url option on subsequent xombrero invocations will cause the specified URL to be loaded in a new tab. Only a user with identical UID and GID can use this option.
Enable html5 Local Storage.
Enables spell checking. Preferred languages can be set using spell_check_languages option.
Set the default encoding. E.g. encoding = ISO-8859-1
Set which editor to use for external editing. the string <file> will be replaced by the current filename. E.g. external_editor = gvim -f <file> Note! xombrero relies on the editor not forking into the background.
Enables a backward, forward, and stop button to the toolbar. Additionally if search_string is set it'll enable an entry box for searches.
This setting is used to define the domains of sites that should be only accessed over the HTTPS scheme. Any requests to these domains over HTTP will be rewritten to use HTTPS instead. See cookie_wl for semantics.
If set, this string sets the G_TLS_GNUTLS_PRIORITY environmental variable to define the GnuTLS priority string that is used when initializing the GnuTLS session. This may be used to change the supported TLS/SSL versions and the ciphers that are used when making HTTPS connections.

Full details on how to modify this setting may be found in the GnuTLS documentation, Section 8.9: Priority Strings. For example, to disable the 128-bit RC4 cipher, change this setting to NORMAL:!ARCFOUR-128

If your glib-networking package is older than version 2.33.10, or if the G_TLS_GNUTLS_PRIORITY environmental variable is already set, this setting has no effect.

When enabled xombrero will try to guess if the string you entered, in the URI entry widget or the command widget, is term you want to search for using search_string (see above). If the string does not contain a dot nor a slash, is not a path to a local file and does not resolves to an IP then it is assumed to be a search term.
To simplify configuring xombrero allows you pick between two GUI modes: classic (the default) and minimal In the classic mode the GUI looks similar to that of most mainstream browsers. While in minimal mode the GUI looks more vi-like. One can get a GUI between the two by tweaking the low-level GUI settings found under the advanced GUI setting section in the configuration file.
When enabled xombrero will save all command and search history. Upon restarting xombrero the saved command and search history will be restored.
Homepage in URL format.
Proxy server in URL format. xombrero overrides http_proxy if it is specified as an environment variable. It must be noted that on older Webkit versions one MUST use an IP address and not a FQDN. This works as expected with Webkit 1.4.2.

If using libsoup 2.42.2 or newer, one may use a socks proxy directly. For example:

http_proxy = socks5://
Otherwise, an intermediary tool, such as polipo or tsocks, must be used.
If set, the HTTP Accept header will be modified for each text/html request. If this setting is set multiple times, the Accept header will be changed in a round-robin order for every text/html request on a tab. Because this setting rotates through Accept headers on each text/html request, a single page may rotate through more than one Accept header if multiple text/html requests are made.

Please be aware that not all websites report browser headers correctly. Most notably, EFF's panopticlick service also reports the HTTP Accept-Encoding headers on the same line as the Accept headers. If you are trying to find the headers of another browser to model that browser's fingerprint, it is recommended to not use panopticlick for this reason.

Note that this setting only rewrites the Accept header for text/html requests. Other requests will use WebKit's default Accept header.

If set to 0, the http_proxy will be disabled at startup. The user can later enable the proxy with the proxy toggle command or keybinding.
Permits icon sizes to be changed if fancy_bar is enabled. Size 1 is small; 2 is normal; 3 through 6 are progressively larger.
This must be a path to another configuration file. Configuration files are usually read from top to bottom, however, if this option is set, xombrero will begin reading the included file at this location and continue reading the rest of the configuration after the included file has finished being read.

Any simple settings set before the include may be overridden by settings in the included file, and any simple settings set in the included file may be overridden later by settings after the include or at runtime using the :set command. However, database settings (for example, cookie_wl , js_wl , pl_wl and keybinding are only ever added to the database, and so the order of an included configuration file is not pertinent to these database settings.

This feature is likely best used as the last item in ~/.xombrero.conf

If enabled, javascripts will be allowed to automatically open windows based on the current browser_mode If disabled, it will never be allowed. The default setting is 1 (enabled).
This is a JavaScript whitelist item. See cookie_wl for semantics and more details.
The maximum number of connections that xombrero can open at once.
The maximum number of connections that xombrero can open at once to a given host.
Sets an action for a specific or default MIME type. For example, to download and view a pdf using kpdf set mime_type = application/pdf,kpdf To set a default value use *, for example, mime_type = video/*,mplayer Note that the action is only passed the URL and not all applications are capable of dealing with a URL and therefore one might have to create a wrapper script to download the content first. Alternatively one can add the @ in front of the MIME type to indicate "download first". For example, mime_type = @application/pdf,xpdf When @ is use the file will be downloaded to the download_dir before the MIME handler is called.

The special binary name "donothing" may be used to ignore a MIME type without displaying any warnings from being unable to execute the binary.

Set the font used to display error messages. E.g. oops_font = monospace normal 9
This is a plugin whitelist item. See cookie_wl for semantics and more details.
If enabled, a preloaded list of sites which set the HTTP Strict Transport Security header will be used to automatically set the force_https setting for these sites. This is used to prevent SSL stripping attacks when first visiting these sites, before they have been added to the strict-transport file. This list is comprised of domains chosen by the xombrero authors, as well as domains included in Chromium's preloaded HSTS list. Default is 1.
Mark cookies file read-only and discard all cookies once the session is terminated.
Refresh interval while in the download manager. The default is 10.
Control how ``referer'' is handled in http-requests.
always      - always send referer
never       - never send referer
same-domain - only send referer if it's
              for the same public suffix - this means that
              it's OK for subdomains to refer to each other
same-fqdn   - only send referer if it's FQDN match
Any other value that is also a valid URL will use this custom value as referer. (E.g. you could set it to http://no-referer.com) The default value is ``always''
Directory that contains various xombrero resources such as icons. This is OS-specific and should be handled by the porter.
If set the global history will be saved to ~/.xombrero/history when quitting and restored at startup. See the Sx KEY BINDINGS section above for how the global history is accessed. Global history is not saved to disk by default.
Saves rejected cookies in cookie format in {work_dir}/rejected.txt. All cookies are saved and unlike a cookie jar they are never replaced. Make sure there is enough disk space to enable this feature.
Default search engine string. See the xombrero.conf file for details.
Enable session auto-saving when changing state (e.g. adding or removing a tab). The session name is what is currently in use and is described in the session save and session open commands.
This value is the time that is added in seconds to a session cookie.
Enable or disable showing tabs.
Enable or disable showing the url and toolbar.
Enable or disable the showing of the horizontal and vertical scrollbars. Disabling this setting requires GTK3.
Enable or disable showing the status bar.
If set and enable_socket is enabled only one xombrero will be permitted to run. If there is a URL specified it will be opened in a new tab in the already running xombrero session.
The languages to be used for spell checking, separated by commas. For example, en_US.
If set to a valid PEM file all server certificates will be validated against it. The URL bar will be colored green (or blue when saved) when the certificate is trusted and yellow when untrusted.

If ssl_ca_file is not set, the URL bar will be colored red if the certificate has not been saved, or blue if it has been saved.

WebKit only supports a single PEM file. Many OS' or distributions have many PEM files. One can simply concatenate all separate files into one large one. E.g. for i in `ls`; do cat $i >> cert.pem; done and use the resulting cert.pem file as the input to ssl_ca_file It is advisable to periodically recreate the cert.pem file.

If this value is set connections to untrusted sites will be aborted. This value is only used if ssl_ca_file is set.
Define the components of the status bar. The possible components are:
| - separator
P - page progress percent
p - proxy enabled/disabled
B - buffer command
Z - page zoom level
T - current tab number
The default is "BP". These components show nothing if there is nothing worth showing, like zoom amount 100%.
Set the status bar font. E.g. statusbar_font = monospace normal 9
Set the status bar style to either url - display the current url, or title - display the page title. The default is url
Set the tab style to either normal - the default gtk notebook tabs, or compact for an alternative. You can switch the tab style with the tabnextstyle command.
Set the compact tab bar font. E.g. tabbar_font = monospace normal 9
Disable tabs, and open new windows instead. Note that this feature does not disable the display of tabs. Change your show_tabs setting also if you wish to disable the display of tabs. Default is 0.
This is the regular expression that is used to match what constitutes a valid URL when using guess_search
Set to override the default xombrero user-agent string. May be specified several times for switching between user-agents.
Set the stylesheet to be used as a default for the userstyle and userstyle_global commands when no extra parameters are given. The default is a low-contrast stylesheet.
When enabled new tabs will automatically be displayed using the custom stylesheet specified by the userstyle setting.
When enabled all SSL certificates from HTTPS websites will be cached in the ~/.xombrero/certs_cache/ directory. On each page load, if the remote certificate differs from the cached local version, a warning page with options of what to do next will be displayed instead of the requested page. This feature may be used in addition to the coloring of the URL bar and can be used to help prevent against man-in-the-middle attacks, even if the new remote certificate is signed by a trusted certificate authority in ssl_ca_file Default is 0.
Set the default height of the browser window.
Set the default width of the browser window.
Maximize the browser window at startup.
Set the work directory where all xombrero scratch files are stored. Default is ~/.xombrero


xombrero was inspired by vimprobable2 and the bloat in other UNIX web browsers.


An -nosplit xombrero was written by An Marco Peereboom Aq [email protected] , An Stevan Andjelkovic Aq [email protected] , An Edd Barrett Aq [email protected] , An Todd T. Fries Aq [email protected] , An Raphael Graf Aq [email protected] , An Michal Mazurek Aq [email protected] , and An Josh Rickmar Aq [email protected] .