Skip to content
"uMatrix Recipes" is a collection of rules for uMatrix that you can use to fix some popular websites by whitelisting the 3rd-party requests that are critical for the websites to function.
Branch: master
Clone or download
Latest commit eb2cf08 Mar 11, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.editorconfig Add editorconfig Sep 20, 2017
README.md

README.md

uMatrix Recipes

uMatrix put you in full control of where your browser is allowed to connect, what type of data it is allowed to download, and what it is allowed to execute. Nobody else decides for you: You choose. You are in full control of your privacy.

uMatrix is a great browser extension that by default blocks website's 3rd-party requests and allows you to whitelist 3rd-party requests for each website.

Using uMatrix is good for your privacy, but it also breaks most of the websites by blocking critial scripts or assets.

"uMatrix Recipes" is a collection of rules that you can use to fix some popular websites by whitelisting the 3rd-party requests that are critical for the websites to function.

Sources for some of the rules:

How to whitelist a website:

  1. Go to uMatrix's settings.
  2. Go to "My rules" tab.
  3. Click "Edit" button in "Temporary rules".
  4. Copy/paste any of the rules from here to the end of the list.
  5. Click "Save" and then "Commit".

Social media

Facebook

allow Facebook ONLY on Facebook, blocked everywhere else

* facebook.com * block
* facebook.net * block
facebook.com facebook.com * allow
facebook.com fbcdn.net * allow

Twitter

allow Twitter ONLY on Twitter, blocked everywhere else

* twitter.com * block
twitter.com abs.twimg.com script allow
twitter.com ton.twimg.com script allow
twitter.com twitter.com * allow
twitter.com video.twimg.com plugin allow
twitter.com video.twimg.com xhr allow

Youtube

Youtube + log in (using accounts.google.com)

accounts.google.com ssl.gstatic.com xhr allow
youtube.com googlevideo.com xhr allow
youtube.com googlevideo.com media allow
youtube.com s.ytimg.com script allow
youtube.com www.gstatic.com script allow
youtube.com ytimg.com image allow

Twitch

Twitch + login/signup

twitch.tv google.com image allow
twitch.tv google.com script allow
twitch.tv google.com xhr allow
twitch.tv gstatic.com script allow
twitch.tv passport-cdn.ttvnw.net script allow
twitch.tv 0914.global.ssl.fastly.net script allow
twitch.tv 0914.global.ssl.fastly.net xhr allow
twitch.tv algolia.net script allow
twitch.tv algolia.net xhr allow
twitch.tv algolianet.com script allow
twitch.tv algolianet.com xhr allow
twitch.tv polyfill.twitchsvc.net script allow
twitch.tv s.jtvnw.net image allow
twitch.tv sctatic.twitchcdn.net script allow
twitch.tv sentinel.twitchsvc.net xhr allow
twitch.tv static-cdn.jtvnw.net image allow
twitch.tv static.twitchcdn.net css allow
twitch.tv static.twitchcdn.net image allow
twitch.tv static.twitchcdn.net script allow
twitch.tv ttvnw.net xhr allow
twitch.tv web-cdn.ttvnw.net script allow

Twitch without login

twitch.tv 0914.global.ssl.fastly.net script allow
twitch.tv 0914.global.ssl.fastly.net xhr allow
twitch.tv algolia.net script allow
twitch.tv algolia.net xhr allow
twitch.tv algolianet.com script allow
twitch.tv algolianet.com xhr allow
twitch.tv polyfill.twitchsvc.net script allow
twitch.tv s.jtvnw.net image allow
twitch.tv sctatic.twitchcdn.net script allow
twitch.tv sentinel.twitchsvc.net xhr allow
twitch.tv static-cdn.jtvnw.net image allow
twitch.tv static.twitchcdn.net css allow
twitch.tv static.twitchcdn.net image allow
twitch.tv static.twitchcdn.net script allow
twitch.tv ttvnw.net xhr allow
twitch.tv web-cdn.ttvnw.net script allow

LinkedIn

allow LinkedIn ONLY on LinkedIn, blocked everywhere else

* linkedin.com * block
linkedin.com linkedin.com * allow
linkedin.com static.licdn.com script allow
linkedin.com static.licdn.com xhr allow

Messaging

Slack

Info

  • User agent spoof does not work reliably at slack.com as the web app checks for browser version from user agent.
ua-spoof: slack.com false
slack.com slack-edge.com css allow
slack.com slack-edge.com image allow
slack.com slack-edge.com script allow
slack.com slack-msgs.com xhr allow
slack.com slack.global.ssl.fastly.net media allow
slack.com universal.slack-core.com xhr allow

File sharing

Dropbox

dropbox.com 127.0.0.1 xhr allow
dropbox.com cfl.dropboxstatic.com script allow
dropbox.com cfl.dropboxstatic.com xhr allow
dropbox.com dl.dropboxusercontent.com frame allow
dropbox.com www.dropboxstatic.com script allow

Developer

Github

github.com assets-cdn.github.com css allow
github.com assets-cdn.github.com image allow
github.com assets-cdn.github.com script allow
github.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com xhr allow
github.com github-production-user-asset-6210df.s3.amazonaws.com xhr allow
github.com raw.githubusercontent.com xhr allow
github.com render.githubusercontent.com frame allow
github.com render.githubusercontent.com script allow
github.com render.githubusercontent.com xhr allow

Gitlab

gitlab.com assets.gitlab-static.net script allow

Crowdsourcing

Kickstarter

3rd-party services to whitelist:

kickstarter.com a248.e.akamai.net script allow
kickstarter.com d3mlfyygrfdi2i.cloudfront.net plugin allow
kickstarter.com js.stripe.com frame allow
kickstarter.com js.stripe.com script allow
kickstarter.com ksr-video.imgix.net plugin allow
kickstarter.com s3.amazonaws.com image allow
kickstarter.com s3.amazonaws.com plugin allow

Patreon

Info

  • Uses Google's reCAPTCHA for login
  • Supports posting Youtube videos

3rd-party services to whitelist:

patreon.com cdnjs.cloudflare.com script allow
patreon.com google.com frame allow
patreon.com google.com image allow
patreon.com google.com script allow
patreon.com google.com xhr allow
patreon.com googlevideo.com xhr allow
patreon.com gstatic.com script allow
patreon.com youtube.com frame allow
patreon.com youtube.com script allow
patreon.com youtube.com xhr allow

Languages

Duolingo

3rd-party services to whitelist:

duolingo.com cdnjs.cloudflare.com script allow
duolingo.com d1vq87e9lcf771.cloudfront.net media allow
duolingo.com d35aaqx5ub95lt.cloudfront.net media allow
duolingo.com d35aaqx5ub95lt.cloudfront.net script allow
duolingo.com d35aaqx5ub95lt.cloudfront.net xhr allow
duolingo.com d3kwyfyztuo0xs.cloudfront.net xhr allow
duolingo.com d7mj4aqfscim2.cloudfront.net media allow
duolingo.com d7mj4aqfscim2.cloudfront.net script allow
duolingo.com d7mj4aqfscim2.cloudfront.net xhr allow
duolingo.com ljknv3sref.execute-api.us-east-1.amazonaws.com xhr allow

LingQ

Info

  • You can not access the site without whitelisting google.com
  • If you try to spoof referer, you will be logged out and ask to fill reCAPTCHA.
  • Uses Youtube for lessons with videos

3rd-party services to whitelist:

referrer-spoof: lingq.com false
lingq.com ajax.googleapis.com script allow
lingq.com amazonaws.com * allow
lingq.com cdnjs.cloudflare.com script allow
lingq.com google.com cookie allow
lingq.com google.com frame allow
lingq.com google.com image allow
lingq.com google.com script allow
lingq.com google.com xhr allow
lingq.com googlevideo.com xhr allow
lingq.com gstatic.com css allow
lingq.com gstatic.com script allow
lingq.com s.ytimg.com script allow
lingq.com www.youtube.com css allow
lingq.com www.youtube.com frame allow
lingq.com www.youtube.com image allow
lingq.com www.youtube.com script allow
lingq.com www.youtube.com xhr allow

Mango Languages

3rd-party services to whitelist:

mangolanguages.com d10lpsik1i8c69.cloudfront.net script allow
mangolanguages.com d1w9q16ymlsf74.cloudfront.net frame allow
mangolanguages.com d1w9q16ymlsf74.cloudfront.net script allow
mangolanguages.com d1w9q16ymlsf74.cloudfront.net xhr allow
mangolanguages.com mango-assets-production.s3.amazonaws.com xhr allow
mangolanguages.com translation.googleapis.com xhr allow
mangolanguages.com use.typekit.net script allow

Graphics

Zeplin

Info

  • Throws an error if Stripe does not get loaded.
  • Uses Pusher for real time updates.

3rd-party services to whitelist:

zeplin.io checkout.stripe.com frame allow
zeplin.io checkout.stripe.com script allow
zeplin.io checkout.stripe.com xhr allow
zeplin.io ws-zeplin.pusher.com xhr allow

Bookmarking services

Pocket

Info

  • You can not login without whitelisting reCAPTCHA.

3rd-party services to whitelist:

getpocket.com google.com frame allow
getpocket.com google.com image allow
getpocket.com google.com script allow
getpocket.com google.com xhr allow
getpocket.com www.gstatic.com script allow

Instapaper

3rd-party services to whitelist:

instapaper.com staticinstapaper.s3.amazonaws.com script allow

Question & Answer websites

Stack Overflow

3rd-party services to whitelist:

stackoverflow.com ajax.googleapis.com script allow
stackoverflow.com cdn.sstatic.net script allow

Presentation sharing

Speakerdeck

3rd-party services to whitelist:

speakerdeck.com d2dfho4r6t7asi.cloudfront.net script allow

Social networking

Meetup

3rd-party services to whitelist:

meetup.com dna8twue3dlxq.cloudfront.net script allow
meetup.com secure.meetupstatic.com script allow
meetup.com secure.meetupstatic.com xhr allow

Hotels / renting services

AirBnB

airbnb.com a0.muscache.com script allow
airbnb.com maps.googleapis.com script allow

Music

Bandcamp

bandcamp.com s4.bcbits.com script allow
bandcamp.com t4.bcbits.com media allow

Soundcloud

soundcloud.com a-v2.sndcdn.com script allow
soundcloud.com a-v2.sndcdn.com xhr allow
soundcloud.com cf-hls-media.sndcdn.com xhr allow
soundcloud.com i1.sndcdn.com xhr allow
soundcloud.com style.sndcdn.com xhr allow
soundcloud.com wis.sndcdn.com xhr allow
You can’t perform that action at this time.