Opera lets a user (or admin) control which Web sites are allowed (or prohibited) and which content types can be downloaded through a URL-filtering .ini file (called urlfilter.ini by default). Wild-card characters and paths can be used to configure the rules, and any Web site not specifically included is automatically excluded when URL filtering is turned on. Most users prevent inadvertent excludes by allowing all Web sites by default (e.g. http://*.* and https://*.*) and then specifying the sites to exclude. If you really want to lock down the browser, Opera can easily be configured so that no files can be downloaded, saved, launched, or executed, or so that downloaded content is set to read-only. The only deficiency is that common file extensions are hidden by default.
Opera doesn't offer many choices under the standard Security menu option, but a user can modify more of Opera's configuration settings by directly editing Opera.ini. However, the preferred method is for the user to type " Opera:config" into the URL bar, which provides access to dozens of options. Unfortunately, detailed documentation for each option isn't always easily locatable. Some users prefer to have multiple Opera.ini files, each with separate security and functionalities enabled, depending on what they are attempting to do during a particular session.
Opera has the most granular cache control among the major browsers. You can determine what to cache (documents, images, and so on), how long to keep it, and the size of the cache. You can require HTTPS pages to redownload content when surfing through the browser's history. Although all cookie types (first and third party) are allowed by default, which is unfortunate, Opera has some of the best cookie controls on the market.
Frauds and authentics
Opera's anti-phishing filter, called Fraud Protection, is enabled by default. Sites confirmed by Netcraft or PhishTank as phishing sites are automatically added to Opera's blacklist. I like PhishTank enough to have used its collected links for the anti-phishing testing during this review. However, PhishTank relies on the user community to rank each submitted Web site to determine whether it is a confirmed phishing site. I have seen many false-negative and false-positive rankings at PhishTank, and those incorrect determinations could figure into Opera's Fraud Protection mechanism. Malware blacklists collected by Haute Secure are included in Fraud Protection too, but didn't set off any anti-malware warnings with my test sites.
Opera provides the standard pop-up blocking choices (Block All, Allow All, Block Unwanted). In my testing, it handled the most malicious DoS Web site fairly well, never allowing the browser to become completely locked up. However, the underlying Windows host did experience an unexpected reboot related to one of the attacks, so Opera can't claim a perfect success. Opera limits the maximum number of active connections to any one Web site to 8 by default (this value is modifiable), helping to prevent malware-infested Web sites from overwhelming the browser.