diff --git a/CHANGES.rst b/CHANGES.rst
index 7e494d28..2b69a40d 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -5,6 +5,11 @@ pywb 0.6.0 changelist
 
 * Revamped HTTP/S system: proxy collection and capture time switching via cookie!
 
+* removed *hostnames* setting in config.yaml. pywb no longer needs to know the host(s) it is running on, can infer the correct path from referrer
+on a fallback handling.
+
+* remove PAC config, just using direct proxy (HTTP and HTTPS) for simplicity.
+
 
 pywb 0.5.4 changelist
 ~~~~~~~~~~~~~~~~~~~~~
diff --git a/ca/README b/ca/README
new file mode 100644
index 00000000..0884b05c
--- /dev/null
+++ b/ca/README
@@ -0,0 +1,3 @@
+pywb Certificate Authority
+
+For proxy HTTPS support, the pywb-ca.pem root cert and per-host certificates will be created here
diff --git a/config.yaml b/config.yaml
index c5e662e5..1ab3063e 100644
--- a/config.yaml
+++ b/config.yaml
@@ -36,11 +36,41 @@ collections:
 
 archive_paths: ./sample_archive/warcs/
 
-# The following are default settings -- uncomment to change
-# Set to '' to disable the ui
+# ==== Proxy Mode ====
+# Enable simple http proxy mode
+enable_http_proxy: true
+
+# Additional proxy options (defaults)
+# proxy_options:
+# enable HTTPS proxy support (requires openssl library)
+#    enable_https_proxy: false
+#
+# use cookies to switch collections and capture times
+# if not enabled, requires use of proxy auth
+#    cookie_resolver: true
+#
+# default collection to start out in proxy mode
+# if not set, will ask the first time
+#    use_default_coll: pywb
+
+# use wildcard certificates when creating certs in proxy mode
+# helps lower number of certs created, by may not be compatible
+# with older libraries
+#   use_wildcard_certs: true
+
+# if true, will not add any banner to proxy mode replay
+#   unaltered_replay: false
+
+# Default settings for CA used by proxy mode
+#    root_ca_file: ./ca/pywb-ca.pem
+#    root_ca_name: pywb https proxy replay CA
+#    certs_dir: ./ca/certs
 
 # ==== UI: HTML/Jinja2 Templates ====
 
+# The following are default settings -- uncomment to change
+# Set to '' to disable the ui
+
 # template for <head> insert into replayed html content
 #head_insert_html: ui/head_insert.html
 
@@ -75,18 +105,6 @@ archive_paths: ./sample_archive/warcs/
 static_routes:
           static/default: pywb/static/
 
-# ==== New / Experimental Settings ====
-# Not yet production ready -- used primarily for testing
-
-# Enable simple http proxy mode
-enable_http_proxy: true
-
-# Additional proxy options (defaults)
-#proxy_options:
-#    use_default_coll: true
-#
-#    unaltered_replay: false
-
 # enable cdx server api for querying cdx directly (experimental)
 enable_cdx_api: true
 
@@ -100,5 +118,5 @@ enable_memento: true
 # Replay content in an iframe
 framed_replay: true
 
-debug_echo_env: True
-
+# debugging utility -- echo request data
+# debug_echo_env: false
diff --git a/pywb/framework/certauth.py b/pywb/framework/certauth.py
index 9824b9b3..ea5df6eb 100644
--- a/pywb/framework/certauth.py
+++ b/pywb/framework/certauth.py
@@ -16,11 +16,11 @@ from argparse import ArgumentParser
 # Duration of 100 years
 CERT_DURATION = 100 * 365 * 24 * 60 * 60
 
-CERTS_DIR = './pywb-certs/'
+CERTS_DIR = './ca/certs/'
 
 CERT_NAME = 'pywb https proxy replay CA'
 
-CERT_CA_FILE = './pywb-ca.pem'
+CERT_CA_FILE = './ca/pywb-ca.pem'
 
 
 #=================================================================
diff --git a/pywb/framework/proxy.py b/pywb/framework/proxy.py
index 3d5e4eb9..cdf49efc 100644
--- a/pywb/framework/proxy.py
+++ b/pywb/framework/proxy.py
@@ -79,7 +79,7 @@ class ProxyRouter(object):
             self.extra_headers = self.EXTRA_HEADERS
             proxy_options['extra_headers'] = self.extra_headers
 
-        if proxy_options.get('cookie_resolver'):
+        if proxy_options.get('cookie_resolver', True):
             self.resolver = CookieResolver(routes, proxy_options)
         else:
             self.resolver = ProxyAuthResolver(routes, proxy_options)
diff --git a/pywb/ui/proxy_cert_download.html b/pywb/ui/proxy_cert_download.html
index 71255e3a..66044523 100644
--- a/pywb/ui/proxy_cert_download.html
+++ b/pywb/ui/proxy_cert_download.html
@@ -2,13 +2,13 @@
 {% if not available %}
 <p>Sorry, HTTPS support is not configured for this proxy. However, the proxy should work in HTTP mode.</p>
 {% else %}
-<p>Download for all platforms (except Windows):</p>
+<p>Download for all platforms except Windows (or Firefox on Windows):</p>
 <p><b><a href="{{ pem_path }}">Download Certificate (All except Windows)</a></b></p>
 
 <p>(If you see the <i>Already Installed</i> message, then no further action is necessary and you may start browsing!</p>
 {% endif %}
 
-<p>Download for Windows platforms:</p>
+<p>Download for Windows platforms (except if using Firefox. For Firefox, use the above download, even on Windows):</p>
 <p><b><a href="{{ p12_path }}">Download Certificate (Window Only)</a></b></p>
 
 
diff --git a/tests/test_config.yaml b/tests/test_config.yaml
index 2603bb2a..2d0fc5b6 100644
--- a/tests/test_config.yaml
+++ b/tests/test_config.yaml
@@ -100,6 +100,8 @@ enable_http_proxy: true
 proxy_options:
     use_default_coll: true
 
+    cookie_resolver: false
+
     unaltered_replay: false
 
 # enable cdx server api for querying cdx directly (experimental)