Ticket #4669: filters.html

title=Writing Adblock Plus filters


<p>{{s1 Current Adblock Plus versions allow you to "tweak" your filters in many different ways. This document explains the choices that you have and how they can be used.}}</p>

  <p>{{s2 <em>Disclaimer</em>: All filter examples given here are really only examples and are not meant to be used.}}</p>

  <h2 id="introduction">{{s3 Introduction to Adblock Plus filters}}</h2>

  <p>{{s4 The options described in this section should be enough for users who have to create a filter occasionally.}}</p>

  <h3 id="basic">{{s5 Basic filter rules}}</h3>

  <p>{{s6 The most trivial filter you can define is of course the address of banner you want to block. However, often this address changes every time you open a page. For example it could be <code><fix>http://example.com/ads/banner123.gif</fix></code> where 123 is a random number. Here blocking the complete address won't help you, you need a more general filter — like <code><fix>http://example.com/ads/banner*.gif</fix></code>. Or maybe even <code><fix>http://example.com/ads/*</fix></code>.}}</p>

  <p>{{s7 <em>Note</em>: Make sure that you are not replacing too much by wildcards. The filter <code><fix>http://example.com/*</fix></code> will definitely block all banners but it will also block everything else from example.com that you still might want to see.}}</p>

  <h3 id="whitelist">{{s8 Defining exception rules}}</h3>

  <p>{{s9 Sometimes you will notice that one of your filters that is usually working quite well blocks in some case blocks something that it shouldn't be blocking. You don't want to remove this filter but you still don't want it to match in this one case.}}</p>

  <p>{{s10 That's what exception rules are good for — they allow you to define cases where filters shouldn't be applied. For example if you are unhappy with your filter <code><fix>adv</fix></code> blocking <code><fix>http://example.com/advice.html</fix></code>, you can define an exception rule <code><fix>@@advice</fix></code>. Exception rules are no different from filter rules, you can use wildcards or regular expressions. You only have to precede them by <code><fix>@@</fix></code> to indicate an exception rule.}}</p>

  <p>{{s11 Exception rules can do more. If you specify <code><fix>$document</fix></code> option you will get an exception for the entire page. For example, if your exception rule is <code><fix>@@||example.com^$document</fix></code> and you open some page from example.com — Adblock Plus will be entirely disabled on this page and nothing will be blocked.}}</p>

  <h3 id="anchors">{{s12 Matching at beginning/end of an address}}</h3>

  <p>{{s13 Usually Adblock Plus treats every filter as if it had a wildcard at its beginning and end, e.g. there is not difference between the filters <code><fix>ad</fix></code> and <code><fix>*ad*</fix></code>. While this is usually unproblematic, sometimes you wish that the filter you defined only matches at the beginning or end of an address. For example you might want to block all Flash, but if you add the filter <code><fix>swf</fix></code> the address <code><fix>http://example.com/swf/index.html</fix></code> will also be blocked.}}</p>

  <p>{{s14 Solution to this problem: add a pipe symbol to the filter to show that there should be definitely the end of the address at this point. For example the filter <code><fix>swf|</fix></code> will block <code><fix>http://example.com/annoyingflash.swf</fix></code> but not <code><fix>http://example.com/swf/index.html</fix></code>. And the filter <code>|http://baddomain.example/</code> will block <code>http://baddomain.example/banner.gif</code> but not <code>http://gooddomain.example/analyze?http://baddomain.example</code>.}}</p>

  <p id="flexible-anchors">{{s15 Sometimes one wants to block <code><fix>http://example.com/banner.gif</fix></code> as well as <code><fix>https://example.com/banner.gif</fix></code> and <code><fix>http://www.example.com/banner.gif</fix></code>. This can be achieved by putting two pipe symbols in front of the filter which makes sure the filter matches at the beginning of the domain name: <code><fix>||example.com/banner.gif</fix></code> will block all these addresses while not blocking <code>http://badexample.com/banner.gif</code> or <code>http://gooddomain.example/analyze?http://example.com/banner.gif</code> (requires Adblock Plus 1.1 or higher).}}</p>

  <h3 id="separators">{{s16 Marking separator characters}}</h3>

  <p>{{s17 Often you need to accept any separator character in a filter. For example, you might write a filter that blocks <code><fix>http://example.com/</fix></code> and <code><fix>http://example.com:8000/</fix></code> but not <code><fix>http://example.com.ar/</fix></code>. Here the symbol ^ can be used as a placeholder for a single separator character: <code><fix>http://example.com^</fix></code> (requires Adblock Plus 1.1 or higher).}}</p>

  <p>{{s18 Separator character is anything but a letter, a digit, or one of the following: <fix>_ - . %</fix>. The end of the address is also accepted as separator. In the following example all separator characters are shown in red:}} http:<b style="color: red;">//</b>example.com<b style="color: red;">:</b>8000<b style="color: red;">/</b>foo.bar<b style="color: red;">?</b>a<b style="color: red;">=</b>12<b style="color: red;">&amp;</b>b<b style="color: red;">=</b>%D1%82%D0%B5%D1%81%D1%82{{s19 . So this address can be blocked with the filter <code><fix>^example.com^</fix></code> or <code><fix>^%D1%82%D0%B5%D1%81%D1%82^</fix></code> or <code><fix>^foo.bar^</fix></code>.}}</p>

  <h3 id="comments">{{s20 Comments}}</h3>

  <p>{{s21 Any rule that starts with an exclamation mark is considered a comment. It will still show up in the filter list but in grey instead of black. Adblock Plus will ignore this rule for actual blocking so it is safe to write there whatever you want. You can place a comment rule above a real filter to describe what it is doing. Or you can put a comment on top of your filter list stating your authorship (most filter list authors do that).}}</p>

<h4 id="special-comments">{{s22 Special comments}}</h4>

<p>
  {{s23 Special comments will only have an effect in downloaded filter lists, not in custom filters.}} {{s24 They can set a number
  of parameters for the filter list:}}
</p>

<ul>
  <li>
    <p>
      <code>! Homepage: http://example.com/</code>
    </p>
    <p>
      {{s25 This comment determines which webpage should be linked as filter list homepage.}}
    </p>
  </li>
  <li>
    <p>
      <code>! Title: FooList</code>
    </p>
    <p>
      {{s26 This comment sets a fixed title for the filter list.}} {{s27 If this comment is present the user will no longer be able to change
      the title.}}
    </p>
  </li>
  <li>
    <p>
      <code>! Expires: 5 days</code>
    </p>
    <p>
      {{s28 This comment sets the update interval for the filter list, the value can be given in days (e.g. <code><fix>5 days</fix></code>) or hours
      (e.g. <code><fix>8 hours</fix></code>).}} {{s29 Any value between 1 hour and 14 days is possible.}} {{s30 Note that the update
      will not necessarily happen after this time interval.}} {{s31 The actual update time is slightly randomized and depends on
      some additional factors to reduce server load.}}
    </p>
  </li>
  <li>
    <p>
      <code>! Checksum: OaopkIiiAl77sSHk/VAWDA</code>
    </p>
    <p>
      {{s32 This comment makes sure that accidental corruption of the data won't result
      in broken filters.}} {{s33 For example, some firewall software might modify the filter <code>*/adnetwork/*</code> on download
      in an attempt to protect the user against ads.}} {{s34 It will remove part of the filter so that Adblock Plus will only see
      the filter}} <code>**</code>{{s35 .}} {{s36 A checksum comment in the filter list protects against this scenario, any modifications
      will have the result that the checksum no longer matches and Adblock Plus will ignore the data.}}
    </p>
    <p>
      {{s37 To calculate the checksum the following steps need to be performed:}}
    </p>
    <ul>
      <li>{{s38 Remove the existing checksum comment if any.}}</li>
      <li>{{s39 Encode filter list text using UTF-8 encoding.}}</li>
      <li>{{s40 Convert all line breaks to Unix style (replace <code><fix>\r</fix></code> by <code><fix>\n</fix></code> if present).}}</li>
      <li>{{s41 Remove empty lines (replace sequences of the <code><fix>\n</fix></code> character by a single <code><fix>\n</fix></code> character).}}</li>
      <li>{{s42 Calculate the base64-encoded MD5 checksum of the text, remove trailing}} <code>=</code> {{s43 characters if any.}}</li>
    </ul>
    <p>
      {{s44 You can also have a look at the Python-based reference implementations to
      <a href="https://hg.adblockplus.org/adblockplus/file/tip/validateChecksum.py">validate a checksum</a> and to
      <a href="https://hg.adblockplus.org/adblockplus/file/tip/addChecksum.py">add a checksum to a file</a>.}}
    </p>
  </li>
  <li>
    <p>
      <code>! Redirect: http://example.com/list.txt</code>
    </p>
    <p>
      {{s45 This comment indicates that the filter list has moved to a new download address.}} {{s46 Adblock Plus will ignore any file
      contents beyond that comment and immediately try downloading from the new address.}} {{s47 In case of success the address
      of the filter list will be updated in the settings.}} {{s48 This comment is ignored if the new address is the same as the
      current address, meaning that it can be used to enforce the "canonical" address of the filter list.}}
    </p>
  </li>
  <li>
    <p>
      <code>! Version: 1234</code>
    </p>
    <p>
      {{s49 This comment defines a numerical version of the filter list.}} {{s50 This version number will be displayed in issue reports
      and can be used to verify that the report refers to the current version of the filter list.}}
    </p>
  </li>
</ul>

  <h3 id="advanced">{{s51 Advanced features}}</h3>

  <p>{{s52 The features described in this section are usually used only by power users and filterlist creators. Feel free to skip it.}}</p>

  <h4 id="options">{{s53 Specifying filter options}}</h4>

  <p>{{s54 Adblock Plus allows you to specify a number of options to modify the behavior of a filter. You list these options separated with commas after a dollar sign ($) at the end of the filter, for example:}}</p>

  <pre>
*/ads/*$script,match-case
</pre>

  <p>{{s55 Here <code><fix>*/ads/*</fix></code> is the actual filter and <code><fix>script</fix></code> and <code><fix>match-case</fix></code> are its options. Currently the following options are supported:}}</p>

  <ul>
    <li>{{s56 Type options: determine which types of elements a filter can block (or whitelist in case of an exception rule). Multiple type options can be specified to indicate that the filter should be applied to several types of elements. Possible types are:}}
      <ul>
        <li>{{s57 <code><fix>script</fix></code> — external scripts loaded via HTML script tag}}</li>
        <li>{{s58 <code><fix>image</fix></code> — regular images, typically loaded via HTML img tag}}</li>
        <li>{{s59 <code><fix>stylesheet</fix></code> — external CSS stylesheet files}}</li>
        <li>{{s60 <code><fix>object</fix></code> — content handled by browser plugins, e.g. Flash or Java}}</li>
        <li>{{xmlhttprequest <code><fix>xmlhttprequest</fix></code> — requests started using the <a href="https://xhr.spec.whatwg.org/"><code><fix>XMLHttpRequest</fix></code> object</a> or <a href="https://fetch.spec.whatwg.org/"><code><fix>fetch()</fix></code> API</a>}}</li>
        <li>{{s63 <code><fix>object-subrequest</fix></code> — requests started by plugins like Flash}}</li>
        <li>{{s64 <code><fix>subdocument</fix></code> — embedded pages, usually included via HTML frames}}</li>
        <li>{{ping <code><fix>ping</fix></code> — requests started by <a href="https://developer.mozilla.org/docs/Web/HTML/Element/a#attr-ping"><code><fix>&lt;a ping&gt;</fix></code></a> or <a href="https://developer.mozilla.org/docs/Web/API/Navigator/sendBeacon"><code><fix>navigator.sendBeacon()</fix></code></a> (Adblock Plus 2.7.1 or higher required)}}</li>
        <li>{{websocket <code><fix>websocket</fix></code> — requests initiated via <a href="https://developer.mozilla.org/docs/Web/API/WebSocket"><code><fix>WebSocket</fix></code> object</a> (Adblock Plus 2.8 or higher required)}}</li>
        <li>{{s65 <code><fix>document</fix></code> — the page itself (only <a href="#whitelist">exception rules</a> can be applied to the page)}}</li>
        <li>{{s66 <code><fix>elemhide</fix></code> — for exception rules only, similar to <code><fix>document</fix></code> but only disables <a href="#elemhide">element hiding rules</a> on the page rather than all filter rules (Adblock Plus 1.2 or higher required)}}</li>
        <li>{{generichide <code><fix>generichide</fix></code> — for exception rules only, similar to <code><fix>elemhide</fix></code> but only disables <a href="#generic-specific">generic</a> element hiding rules on the page (Adblock Plus 2.6.12 or higher required)}}</li>
        <li>{{genericblock <code><fix>genericblock</fix></code> — for exception rules only, just like <code><fix>generichide</fix></code> but disables <a href="#generic-specific">generic</a> blocking rules (Adblock Plus 2.6.12 or higher required)}}</li>
        <li>{{s67 <code><fix>other</fix></code> — types of requests not covered in the list above}}</li>
      </ul>
      {{deprecated-options The type options <code><fix>background</fix></code>,
      <code><fix>xbl</fix></code> and <code><fix>dtd</fix></code> are outdated
      and should no longer be used.}}
    </li>
    <li>{{s69 Inverse type options: specify the element types the filter should <strong>not</strong> be applied to. Possible inverse type options: <code><fix>~script</fix></code>, <code><fix>~image</fix></code>, <code><fix>~stylesheet</fix></code>, <code><fix>~object</fix></code>, <code><fix>~xmlhttprequest</fix></code>, <code><fix>~object-subrequest</fix></code>, <code><fix>~subdocument</fix></code>, <code><fix>~document</fix></code>, <code><fix>~elemhide</fix></code>, <code><fix>~other</fix></code>}}</li>
    <li>{{s70 Restriction to third-party/first-party requests: If the <code><fix>third-party</fix></code> option is specified, the filter is only applied to requests from a different origin than the currently viewed page. Similarly, <code><fix>~third-party</fix></code> restricts the filter to requests from the same origin as the currently viewed page.}}</li>
    <li>{{s71 Domain restrictions: The option <code><fix>domain=example.com</fix></code> means that the filter should only be applied on pages from "example.com" domain. Multiple domains can be specified using "|" as separator: with the option <code><fix>domain=example.com|example.net</fix></code> the filter will only be applied on pages from "example.com" or "example.net" domains. If a domain name is preceded with "~", the filter should <strong>not</strong> be applied on pages from this domain. For example, <code><fix>domain=~example.com</fix></code> means that the filter should be applied on pages from any domain but "example.com" and <code><fix>domain=example.com|~foo.example.com</fix></code> restricts the filter to the "example.com" domain with the exception of "foo.example.com" subdomain.}}</li>
    <li>
      {{s72 Sitekey restrictions: The option <code><fix>sitekey=abcdsitekeydcba</fix></code> means that the filter should only be applied on pages that provide a public key and a signature which can be verified by that very same public key that is also contained in the filter (but without the trailing =). Multiple sitekeys can be specified using "|" as separator: with the option <code><fix>sitekey=abcdsitekeydcba|bcdesitekeyedcb</fix></code> the filter will only be applied on pages providing either sitekey "abcdsitekeydcba" or "bcdesitekeyedcb". This is similar to domain restrictions but allows covering scenarios where a single filter should apply to a very large number of domains. Note that sitekey restrictions require <a href="#sitekey_server">modifications on the server-side</a>.}}
    </li>
    <li>{{s73 <code><fix>match-case</fix></code> — makes the filter only apply to addresses with matching letter case, e.g. the filter <code><fix>*/BannerAd.gif$match-case</fix></code> will block <code><fix>http://example.com/BannerAd.gif</fix></code> but not <code><fix>http://example.com/bannerad.gif</fix></code>.}}</li>
    <li>{{s74 <code><fix>collapse</fix></code> — this option will override the global "Hide placeholders of blocked elements" option and make sure the filter always hides the element. Similarly the <code><fix>~collapse</fix></code> option will make sure the filter never hides the element.}}</li>
    <li>
      {{s75 <code><fix>donottrack</fix></code> — for any address matching a blocking rule with
      this option and not matching any exception rules with this option a
      <a href="http://donottrack.us/">Do-Not-Track header</a> will be sent (requires
      Adblock Plus 1.3.5 or higher).}} {{s76 For backwards compatibility it is recommended
      to use this option in combination with contradicting type options, this will prevent this
      filter from blocking anything in earlier Adblock Plus versions:
      <code><fix>*$donottrack,image,~image</fix></code>}}
    </li>
  </ul>

  <h4 id="regexps">{{s77 Using regular expressions}}</h4>

  <p>{{s79 If you want even more control about what your filters match and what they don't match, you can use regular expressions. For example the filter <code><fix>/banner\d+/</fix></code> will match <code><fix>banner123</fix></code> and <code><fix>banner321</fix></code> but not <code><fix>banners</fix></code>. You can check out <a href="{{s79-link https://developer.mozilla.org/en/Core_JavaScript_1.5_Guide/Regular_Expressions#Writing_a_Regular_Expression_Pattern}}">documentation on regular expressions</a> to learn how to write them.}}</p>

  <p>{{s80 <em>Note</em>: For performance reasons it is recommended not to use regular expressions if they can be avoided.}}</p>

  <h2 id="elemhide">{{s81 Element hiding}}</h2>

  <h3 id="elemhide_basic">{{s82 Basic rules}}</h3>

  <p>{{s83 Sometimes you will find advertisements that can't be blocked because they are embedded as text in the web page itself. If you look at the source code of the web page you might find something like this:}}</p>

  <pre>&lt;div class=&quot;textad&quot;&gt;
Cheapest tofu, only here and now!
&lt;/div&gt;
&lt;div id=&quot;sponsorad&quot;&gt;
Really cheap tofu, click here!
&lt;/div&gt;
&lt;textad&gt;
Only here you get the best tofu!
&lt;/textad&gt;
</pre>

  <p>{{s84 You need to download the web page so you will necessarily download the advertisements. All you can do here is to hide the advertisement so you don't need to see it. That's what element hiding is meant for.}}</p>

  <p>{{s85 The first advertisement above is contained inside a div element with class attribute "textad". The following rule will hide exactly this combination: <code><fix>##div.textad</fix></code>. Here ## marks an element hiding rule while the rest is a selector identifying the elements that need to be hidden. You can hide elements by their id attribute similarly, <code><fix>##div#sponsorad</fix></code> will hide the second advertisement. You don't need to specify the element name, the rule <code><fix>##*#sponsorad</fix></code> will work just as well. And you can hide elements by element name only, e.g. <code><fix>##textad</fix></code> for the third advertisement.}}</p>

  <p>{{s86 The <a href="elemhidehelper">Element Hiding Helper extension</a> helps selecting the correct element and writing the corresponding rule without having to view the source code of the page. Basic HTML knowledge is useful nevertheless.}}</p>

  <p>{{s87 <em>Note</em>: Element hiding works very differently from normal filters. This has the implication that no wildcards are supported in element hiding rules.}}</p>

  <h3 id="elemhide_domains">{{s88 Limiting rules to certain domains}}</h3>

  <p>{{s89 Usually you want to hide a specific ad on one specific site, you don't want your rule to be applied on other sites. For example the rule <code><fix>##*.sponsor</fix></code> might hide valid code on some sites. But if you write it as <code><fix>example.com##*.sponsor</fix></code> it will be applied on <code><fix>http://example.com/</fix></code> and <code><fix>http://something.example.com/</fix></code> but not on <code><fix>http://example.org/</fix></code>. You can also specify multiple domains — simply separate them with commas: <code><fix>domain1.example,domain2.example,domain3.example##*.sponsor</fix></code>.}}</p>

  <p>{{s90 If a domain name is preceded with "~", the rule will <strong>not</strong> be applied on pages from this domain (requires Adblock Plus 1.1 or higher). For example, <code><fix>~example.com##*.sponsor</fix></code> will be be applied on pages from any domain but "example.com" and <code><fix>example.com,~foo.example.com##*.sponsor</fix></code> makes the rule apply on "example.com" domain with the exception of "foo.example.com" subdomain.}}</p>

  <p>{{s91 <em>Note</em>: Due to the way how element hiding is implemented, you really can only limit it to full domain names. You cannot use any other part of the address and you cannot use <code><fix>domain</fix></code> as a replacement for <code><fix>domain.example,domain.test</fix></code>.}}</p>

  <p>{{s92 <em>Note</em>: Element hiding rules with domain limitation can be used to hide browser's user interface elements as well. For example the filter rule <code><fix>browser##menuitem#javascriptConsole</fix></code> will hide the JavaScript Console entry in Firefox's Tools menu.}}</p>

  <h3 id="elemhide_attributes">{{s93 Attribute selectors}}</h3>

  <p>{{s94 Some advertisers don't make it easy for you — their text advertisements have neither an id nor a class attribute. You can use other attributes to hide those, for example <code><fix>##table[width="80%"]</fix></code> will hide tables with width attribute set to 80%. If you don't want to specify the full value of the attribute, <code><fix>##div[title*="adv"]</fix></code> will hide all div elements with title attribute containing the string "adv". You can also check the beginning and the end of an attribute, for example <code><fix>##div[title^="adv"][title$="ert"]</fix></code> will hide div elements with title starting with "adv" and ending with "ert". As you see, you can also use multiple conditions — <code><fix>table[width="80%"][bgcolor="white"]</fix></code> will match tables with width attribute set to 80% and bgcolor attribute set to white.}}</p>

  <h3 id="elemhide_css">{{s95 Advanced selectors}}</h3>

  <p>{{s97 In general, any CSS selector supported by Firefox can be used for element hiding. For example the following rule will hide anything following a div element with class "adheader": <code><fix>##div.adheader + *</fix></code>. For a full list of CSS list see <a href="{{s97-link http://www.w3.org/TR/css3-selectors/}}">W3C CSS specification</a> (note that not all selectors are supported by Firefox yet).}}</p>

  <p>{{s98 <em>Note</em>: This functionality is for advanced users only, you should be comfortable with CSS selectors to use it. Adblock Plus won't be able to check the syntax of the selector you are adding, if you use invalid CSS syntax you might break other (valid) rules you have. Check JavaScript Console for CSS errors.}}</p>

<h3 id="elemhide_exceptions">{{s99 Exception rules}}</h3>

<p>
  {{s100 Exception rules can disable existing rules on particular domains.}} {{s101 These are mostly
  useful to filter subscription authors who are extending another filter subscription that they
  cannot change.}} {{s102 For example, the rule <code><fix>##div.textad</fix></code> can be
  disabled on <code><fix>example.com</fix></code> using the exception rule
  <code><fix>example.com#@#div.textad</fix></code>.}} {{s103 The combination of these two
  rules has exactly the same effect as the single rule
  <code><fix>~example.com##div.textad</fix></code>.}} {{s104 It is recommended that you use
  exception rules only when you cannot change an overly general element hiding rule, in all the
  other cases limiting this rule to the necessary domains is preferable.}}
</p>

  <h3 id="elemhide_simplified">{{s105 Simplified element hiding syntax}}</h3>

  <p>{{s106 Adblock Plus supports simplified element hiding syntax (e.g. <code><fix>#div(id=foo)</fix></code>) for backwards compatibility only. Using this syntax is discouraged, usual CSS selectors are preferred. Support for this syntax might be removed at some point.}}</p>

  <h3 id="generic-specific">{{generic-specific-title Generic / Specific filters}}</h3>

  <p>{{generic-specific-explanation-p1 With the <code><fix>$generichide</fix></code> and <code><fix>$genericblock</fix></code> filter options the distinction between generic and specific filters becomes important.}}</p>
  <p>{{generic-specific-explanation-p2 We classify a filter to be <strong>specific</strong> if it matches one or more domains or matches a sitekey. If a filter has no domains specified (or only domain exceptions) and no sitekey then it counts as <strong>generic</strong>. For example, <code><fix>example.com##div.textad</fix></code> is a specific filter, whereas both <code><fix>##div.textad</fix></code> and <code><fix>~example.com##div.textad</fix></code> are generic.}}</p>
  <p>{{generic-specific-explanation-p3 Note that with blocking rules the domain must be specified under the $domain option for them to be considered specific. For example, <code><fix>||example.com^</fix></code> is considered generic whereas <code><fix>*/ads/*$domain=example.com</fix></code> is site-specific.}}</p>

  <h2 id="sitekey_server">{{s107 Implementing a sitekey on the server}}</h2>

<p>
  {{s108 For a <a href="#options">sitekey-restricted filter</a> to apply, a webpage needs to return base64-encoded versions of the public key and a signature which Adblock Plus can validate. Currently, this means including them in both the HTTP response header (<code><fix>X-Adblock-Key: abcdpublickeydcba_abcdsignaturedcba</fix></code>) and the root tag of the document (<code><fix>&lt;html data-adblockkey="abcdpublickeydcba_abcdsignaturedcba"&gt;</fix></code>).}}
</p>

<p>
  {{s109 First you need to create a private RSA key (preferably 512 bit to keep the transfer volume low) and then a DER representation of the public key.}}
</p>

<p>
  {{s110 The data used for creating the signature is a concatenated list of request variables (namely URI, host and user agent) separated by the <code><fix>NUL</fix></code> character "\0". For example:}}
</p>

<pre>
  /index.html?q=foo\0www.example.com\0Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:30.0) Gecko/20100101 Firefox/30.0
</pre>

<p>
  {{s111 Finally, generate the signature for this string by using the signature algorithm SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE (default when using OpenSSL).}}
</p>