How to setup your web browser to secure your internet connection using DNS-Over-Https and various other Security Protocols! 🔐

Protecting yourself and keeping your surfing history and private data PRIVATE!November 3, 2019

Protect yourself by modifying your web browser's internal security settings...
{ Updated 2025-06-01 }

Before you start doing anything, you will need to change your DNS server settings on your network connection to the internet. Go to your network connection in the Windows Control panel and open its network properties dialog window. In the dialog window, you need to change the DNS server addresses to a server that supports encrypted connections over HTTPS.

In our example we will be changing it to CloudFlare's servers e.g. Preferred 1.1.1.1. and Alternate 1.0.0.1 - Below you will see what you need to change to begin...

Alternatively, if you wish for more specific enhanced security:

Malware Blocking Only - IPv4

• Primary DNS: 1.1.1.2
• Seconday DNS: 1.0.0.2

Malware and Adult Content Blocking - IPv4

• Primary DNS: 1.1.1.3
• Seconday DNS: 1.0.0.3

General Secure Open Access Only - IPv4

• Primary DNS: 1.1.1.1
• Seconday DNS: 1.0.0.1

Malware Blocking Only - IPv6

• Primary DNS: 2606:4700:4700::1112
• Secondary DNS: 2606:4700:4700::1002

Malware and Adult Content Blocking - IPv6

• Primary DNS: 2606:4700:4700::1113
• Secondary DNS: 2606:4700:4700::1003

General Secure Open Access Only - IPv6

• Primary DNS: 2606:4700:4700::1111
• Secondary DNS: 2606:4700:4700::1001

Now that you have made the necessary changes, we will now start with your web browser's security settings in order to modify and accommodate the correct protocols.

In the above image, you will see that the security setting is set at "Strict". This gives you the best online protection against malicious websites, unfortunately it also breaks some normal websites too. Just beneath this "Strict" setting block you will see an "Exceptions" section.

In this section you will need to add the following two domains in order to access and use them properly:

• https://www.photopea.com/
• [*.]ssuiteoffice.com

This is due to the Javascript files they are using in order to process digital images correctly. Please also take note that when your web browser updates, it may sometimes remove these exceptions. So when the above two domains no longer run correctly, simply add the two domains back into the "Exceptions List", as seen above.

For the internal security settings...

We will be using Google Chrome, Vivaldi , Opera, Microsoft's Edge, and our own NetSurfer browsers as our main examples, as they are all Chromium based...

To make the changes, type in the following command in the URL editbox at the top of your browser:

Chrome://flags   -   Opera://flags   -   Edge://flags   -   Vivaldi://flags

Or just navigate to our link option in the controls menu in our NetSurfer Browser... 🔥

The following page will now present itself...

You need to type in each of the following hash tags to enable the appropriate setting:

1. #enable-quic
2. #use-dns-https-svcb-alpn
3. Windows 10 and up: #edge-post-quantum-kyber
   Windows 7 and 8: #post-quantum-cecpq2
4. Windows 10 and up: #enable-tls13-kyber
   Windows 7 and 8: #enable-tls13-early-data
5. #enable-parallel-downloading
6. #edge-tracking-prevention      {MS Edge and NetSurfer browsers ONLY!}
7. #edge-experimental-tracking-prevention-features       {MS Edge and NetSurfer browsers ONLY!}

You may be asked to restart or relaunch the browser after having changed all the settings...

Do NOT click on the "Blue Restart" button, on the bottom of the Flags page in the NetSurfer browser, after having changed all the settings. Simply close the NetSurfer application and restart it as normal. The Restart button on the bottom of the Internal Flags page in our NetSurfer browser does not work!

All major browsers, including Google Chrome, Vivaldi, Microsoft Edge, and our browser NetSurfer Prometheus, now support the ESNI (Encrypted Server Name Indication) protocol.

This advancement enhances user privacy by encrypting the Server Name Indication during the TLS handshake. Be sure to keep your browser updated to benefit from the latest security and privacy improvements.

FYI - Some of the above tags are no longer available in Chromium-based browsers as they have been moved to the main default privacy settings page of your browser, as seen in the above screenshots.

After making the appropriate changes to your browser's security settings, you must now test your web browser and see if it's working.

Click on the following link to navigate to CloudFlare's test page:

CloudFlare - Browser - Test

You should get the following results in your browser...

Now you're MOSTLY protected against the prying eyes of hackers and intelligence services all over the world... 🕵️‍♂️

...You must remember: If the website you visit does not support these protocols, then there is nothing to protect you even with all of these changes made! 😱

All SSuite Office domains and subdomains fully support each of the following security protocols... DNSSEC - TLS 1.3 - ECH - QUIC - ESNI   { Full House Security! }

...With Us You Are Completely Safe And Secure! 🔐

For optimal browser security, we also strongly recommend installing the uBlock Origin extension (preferably Version 2). Renowned for its robust privacy protections, this extension not only blocks intrusive advertisements but also safeguards against malware threats and completely curtails tracking by major tech companies.

Our NetSurfer Prometheus browser is fully compatible with the uBlock Origin extension Version 2. You can conveniently access and install it from our dedicated Extension Library, as it is no longer available on the Google Chrome Web Store due to policy restrictions.

...Go Online and enjoy complete productivity freedom...