kind of @url{https://en.wikipedia.org/wiki/Privoxy, Privoxy}, but it is
not friendly with TLS connections, obviously.
+@item Xombrero sometimes has problems with HTTP-based authorization.
+
@item Hardly anyone does
@url{https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities, DANE}
checks.
@item And wonderful @url{http://jpegxl.info/, JPEG XL} image format is
not supported by most browsers. Even pretty old
-@url{https://developers.google.com/speed/webp, WebP} is not supported
-everywhere. @url{https://aomediacodec.github.io/av1-avif/, AVIF} would
-be useful too.
+@url{https://developers.google.com/speed/webp, WebP}, that has highest
+compression ratio for lossless screenshots, is not supported everywhere.
+@url{https://aomediacodec.github.io/av1-avif/, AVIF} could be useful too.
+
+@item None of web browsers support ability to view web archives
+(@url{https://en.wikipedia.org/wiki/Web_ARChive, WARC}s). And most of
+WARC-related software is written on Python, that nowadays is close to be
+impossible to install and use with all its broken dependencies system.
+
+@item And yet another piece of software is needed for browsing the
+@url{https://en.wikipedia.org/wiki/Gemini_(protocol), geminispace}?
+Too many bicycles already!
@end itemize
@itemize
-@item Effective responses proxying, without storing them in the memory first.
-
-@item TLS connection between client and @command{tofuproxy} has the
- proper hostname set in ephemeral on-the-fly generated certificate.
-
-@item @code{HEAD} method is forbidden, as Xombrero loves it too much and
- it does not send User-Agent to differentiate it from others.
-
-@item @code{www.reddit.com} is redirected to @code{old.reddit.com}.
+@item
+@strong{Effective} responses proxying, without storing them in the memory first.
-@item @url{https://habr.com/ru/all/, Хабр}'s resolution reduced images
- are redirected to their full size variants.
+@item
+TLS connection between client and @command{tofuproxy} has the
+@strong{proper hostname} set in ephemeral on-the-fly generated
+certificate.
-@item Various spying domains (advertisement, tracking counters) are denied.
+@item
+@code{HEAD} method is forbidden.
-@item Web fonts downloads are forbidden.
+@item
+@code{www.reddit.com} is redirected to @code{old.reddit.com}.
-@item Permanent HTTP redirects are replaced with HTML page with the link.
+@item
+@url{https://habr.com/ru/all/, Хабр}'s resolution reduced images are
+redirected to their full size variants.
-@item Temporary HTTP redirects are replaced with HTML too, if it is
- neither @url{https://newsboat.org/, Newsboat} nor image paths.
+@item
+Various @strong{spying} domains (advertisement, tracking counters) are denied.
-@item WebP images, if it is not Xombrero, is transcoded to PNG.
+@item
+Web @strong{fonts} downloads are forbidden.
-@item JPEG XL and AVIF images are transparently transcoded to PNG too.
+@item
+@strong{Permanent} HTTP redirects are replaced with HTML page with the link.
-@item Default Go's checks are applied to all certificates. If they pass,
- then certificate chain is saved on the disk. Future connections are
- compared against it, warning you about SPKI change and waiting for
- your decision either to accept new chain (possibly once per
- session), or reject it.
+@item
+@strong{Temporary} HTTP redirects are replaced with HTML too, if it is
+neither @url{https://newsboat.org/, Newsboat} nor image paths.
-@item Even when native Go's checks are failed, you can still make a
- decision to forcefully trust the domain.
+@item
+@strong{WebP} images (if it is not Xombrero), @strong{JPEG XL} and
+@strong{AVIF} are transcoded to PNG.
-@item Optionally DANE-EE check is also made for each domain you visit.
+@item
+Default Go's checks are applied to all certificates. If they pass, then
+certificate chain is saved on the disk (@strong{TOFU}). Future
+connections are compared against it, warning you about SPKI change
+(@strong{SPKI pinning}) and waiting for your decision either to accept
+new chain (possibly once per session), or reject it.
-@item TLS session resumption and keep-alives are also supported.
+@item
+Even when native Go's checks are failed, you can still make a decision
+to forcefully trust the domain.
-@item And Go itself tries also to act as a
-@url{https://http2.github.io/, HTTP/2} client too.
+@item
+@strong{HTTP-based authorization} requests are intercepted and
+user/password input dialogue is shown. It automatically loads
+@strong{initial form} values from @strong{@file{.netrc}}.
-@end itemize
-
-@include usage.texi
+@item
+TLS @strong{client certificates} supported: separate dialogue window for
+certificate choice.
-@node TODO
-@unnumbered TODO
+@item
+Optional @strong{DANE-EE} check is also made for each domain you visit.
-What I am planning possibly to do? Just brainstorming:
+@item
+TLS @strong{session resumption} and @strong{keep-alives} are also supported.
-@itemize
+@item
+And Go itself tries also to act as a @url{https://http2.github.io/, HTTP/2}
+client too.
-@item HTTP authorization dialog.
+@item
+Ability to load and browse @url{https://en.wikipedia.org/wiki/Web_ARChive,
+WARC} archives, possibly @command{gzip}/@command{zstd} compressed.
-@item TLS client certificates usage capability.
+@item
+Ability to browse geminispace, by transparent conversion to HTMLs with
+URL rewriting.
@end itemize
+
+@include usage.texi