Need help with morty?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

291 Stars 43 Forks GNU Affero General Public License v3.0 139 Commits 25 Opened issues


Privacy aware web content sanitizer proxy as a service

Services available


Need anything else?

Contributors list


Build Status License: AGPL v3 Docker Pulls

Web content sanitizer proxy as a service

Morty rewrites web pages to exclude malicious HTML tags and attributes. It also replaces external resource references to prevent third party information leaks.

The main goal of morty is to provide a result proxy for searx, but it can be used as a standalone sanitizer service too.


  • HTML sanitization
  • Rewrites HTML/CSS external references to locals
  • JavaScript blocking
  • No Cookies forwarded
  • No Referrers
  • No Caching/Etag
  • Supports GET/POST forms and IFrames
  • Optional HMAC URL verifier key to prevent service abuse

Installation and setup

Requirement: Go version 1.10 or higher.

$ go get
$ "$GOPATH/bin/morty" --help


        Debug mode (default true)
        Follow HTTP GET redirect
        Allow IPv6 HTTP requests (default true)
  -key string
        HMAC url validation key (base64 encoded) - leave blank to disable validation
  -listen string
        Listen address (default "")
  -proxy string
        Use the specified HTTP proxy (ie: '[user:[email protected]]hostname:port'). Overrides -socks5, -ipv6.
        Use a HTTP proxy as set in the environment (HTTP_PROXY, HTTPS_PROXY and NO_PROXY). Overrides -proxy, -socks5, -ipv6.
  -socks5 string
        Use a SOCKS5 proxy (ie: 'hostname:port'). Overrides -ipv6.
  -timeout uint
        Request timeout (default 5)
        Show version

Environment variables

Morty can additionally be configured using the following environment variables: -

: Listen address (default to
) -
: HMAC url validation key (base64 encoded) to prevent direct URL opening. Leave blank to disable validation. Use
openssl rand -base64 33
to generate. -
: Enable/disable proxy and redirection logs (default to
). Set to
to disable.


docker run -e DEBUG=false -e MORTY_ADDRESS= dalf/morty
docker run -e DEBUG=false dalf/morty -listen


$ cd "$GOPATH/src/"
$ go test


$ cd "$GOPATH/src/"
$ go test -benchmem -bench .


Bugs or suggestions? Visit the issue tracker.

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.