<?xml version="1.0" encoding="utf-8"?>
<!--
- Copyright © 2018 Soren Stoutner <soren@stoutner.com>.
+ Copyright © 2018,2020 Soren Stoutner <soren@stoutner.com>.
This file is part of Privacy Browser <https://www.stoutner.com/privacy-browser>.
You should have received a copy of the GNU General Public License
along with Privacy Browser. If not, see <http://www.gnu.org/licenses/>. -->
-<!-- Allow HTTP traffic. -->
-<network-security-config>
- <base-config cleartextTrafficPermitted="true" />
+<network-security-config xmlns:tools="http://schemas.android.com/tools">
+ <!-- Allow HTTP traffic and disable HSTS, which has no benefit for Privacy Browser (because unspecified links default to HTTPS) but has negative fingerprinting implications. -->
+ <base-config cleartextTrafficPermitted="true" hstsEnforced="false" tools:ignore="InsecureBaseConfiguration">
+ <trust-anchors>
+ <!-- Trust system certificate authorities. -->
+ <certificates src="system" />
+
+ <!-- Trust user certificate authorities. -->
+ <certificates src="user" tools:ignore="AcceptsUserCertificates" />
+ </trust-anchors>
+ </base-config>
</network-security-config>
\ No newline at end of file