4.2.2 uBlock Origin

Thorin-Oakenpants edited this page May 22, 2018 · 8 revisions

Best practice is to default deny-all, then whitelist.

:small_orange_diamond: Rules

  • block all remote fonts. This is the bottom right panel option (the symbol is an A). Now any site you REALLY need to see the icons (it's usually pretty clear without them), you can set an exception.
no-remote-fonts: * true
  • block all 3rd party, 3rd party frames, all 3rd party scripts
* * 3p block
* * 3p-frame block
* * 3p-script block

:small_orange_diamond: Filters

what appear to be tracking images on startpage - click to expand

  • See this Startpage support page

  • In an email from Startpage: We have a proxy service that lets you view a result anonymously (by clicking Proxy near a result). When you view a webpage this way, our servers load the page on your behalf, and then provide the content to you. That way the website you are viewing won’t see you. Their website content is served through our domain. Webpages have many ways to set cookies – through Javascript and otherwise. When we proxy the webpage on your behalf, we take many steps to prevent them from doing so. (If they did successfully set a cookie, the cookie would be stored on our domain.) To add extra protection, we then display this extra 1×1 image from our domain that includes cookie headers to clear any such cookies. That way, if any external website you viewed through our proxy manages to set a cookie on our proxy’s domain, we immediately clear that cookie

! 1x1pixel clear images on startpage.com
||startpage.com/do/*$image,important
||startpage.com/english/*$image,important
||startpage.com/tst2/*$image,important
  • Workers (requires FF58+)
    • If you have uMatrix 1.2.0+, there is a new switch: "Forbid web workers", use that instead.
    • Note: dom.workers.enabled was deprecated in FF60
    • Prevent workers everywhere (first line below)
    • Exception, do not prevent workers on example.org (second line below)
*$csp=worker-src 'none'
@@||example.org^$csp=worker-src 'none'
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.