uBlock Origin Suggested Settings

uBlock Origin

See the change log at the end for a complete revision history.

Introduction

First and foremost, use only uBlock Origin (uBO) by Raymond 'gorhill' Hill (here's the uBlock Origin page on the Firefox Add-ons website). There are many other clones and wannabes out there and i would highly recommend not using them.

uBlock Origin is not simply an ad blocker as many might assume, rather it is a powerful content filter, similar to a firewall, that is capable of both dynamic and static filtering. In addition to blocking annoying content such as ads, it can also block JavaScript, frames, images, 3rd party fonts and more, as well as help to prevent tracking and malware. For even finer grained control, uBO can be used in conjunction with uMatrix by the same developer, however in this case it should be configured in its easy mode with the appropriate static filters enabled while uMatrix is used to handle the dynamic filtering.

So what is the difference between static and dynamic filtering you ask? Static filters are filter rules which are provided by the various filter lists. Essentially you have no control over the filters provided by these lists; they are either enabled or disabled. Static filters filter out content like ads, malware, tracking technologies, annoyances and more. Static filter lists are enabled from the 'Filter lists' tab of the uBO dashboard. Dynamic filters are controlled from the pop-up interface when you click the uBO toolbar icon. Here you can create temporary or permanent filter rules to control images, JavaScript and frames and the rules can be applied globally or per-domain. Dynamic filtering only becomes available after you enable the 'I am and advanced user' option in the uBO settings and it is crucial to read the uBO wiki before enabling this option.

Following are my personal preferences for setting up uBlock Origin. The configurations in the 2nd and 3rd columns of the table are intended to be used with the The Firefox Privacy Guide For Dummies! and the Firefox Configuration Guide for Privacy Freaks and Performance Buffs, respectively, the former of which does not rely on uMatrix and the latter of which does. In both cases the advanced mode of uBO is disabled because i felt it would be too overwhelming for 1st time users and followers of the 'dummy' guide and it isn't needed for followers of the advanced guide since all dynamic filtering is accomplished with uMatrix which offers more granular filtering. Keep in mind these are my personal preferences and by no means do i claim they're the best possible for every use case, however i like to think they are generally sensible.

Regardless of which guide you are following, it is essential that you read the uBlock wiki with the exception of the Advanced-user-features section. If you are not following either guide and not using uMatrix, i would highly suggest enabling the advanced mode option in uBO in order to leverage its dynamic filtering capability and reading the Advanced-user-features section of the wiki. The suggested configuration for this scenario is in the 4th column of the table.

Once uBO is installed, click its toolbar icon to reveal its popup user interface, then click the little sliders icon to reveal the "secret" Dashboard (i say "secret" because apparently quite a few people don't know it exists). These are the settings i recommend:

'Settings' tab settings

Settings not shown here are optional.

Setting name
'Dummy' guide settings (without uMatrix)
Advanced guide settings (with uMatrix)
Advanced usage (without uMatrix)
Hide placeholders of blocked elements 1disabledoptionaloptional
Show the number of blocked requests on the iconenabledoptionaloptional
Disable tooltipsdisabledoptionaloptional
I am an advanced user 2disableddisabledenabled
Privacy:  
Disable pre-fetchingenabledenabledenabled
Disable hyperlink auditingenabledenabledenabled
Prevent WebRTC from leaking local IP addressesenabledenabledenabled
Block CSP reportsenabledenabledenabled
Default behavior:  
Disable cosmetic filteringenabledenabledenabled
Block media elements larger than [50] KBdisabledoptionaloptional
Block remote fonts 3disableddisableddisabled
Disable JavaScript 4enableddisabledoptional
Footnotes

[1] If you are new to uBO and content filtering, you should not enable this option. Not enabling it will sometimes provide a visual indication when something is blocked in a webpage in the form of an empty space.

[2] This option should not be enabled if you are using uMatrix to handle dynamic filtering. If you are following the The Firefox Privacy Guide For Dummies! and not using uMatrix, or otherwise using uBlock on its own, then it may be enabled only after reading the Advanced user features section of the uBO wiki.

[3] I do not suggest blocking remote fonts using this option as this will uglify many websites. An alternative to this option is presented below.

[4] Enabling this option disables JavaScript globally by default and causes uBO to honor <noscript> HTML tags. The problem with this is that some page elements that might have been displayed had the <noscript> tags been ignored, may not when this option is enabled. Also some websites may display a JavaScript disabled warning message, though this can be beneficial for novice users. If you are following The Firefox Privacy Guide For Dummies!, i suggest enabling this option since you won't have to enable and fool with uBO's dynamic filtering, however if you are following the Firefox Configuration Guide for Privacy Freaks and Performance Buffs, i recommend disabling this option and controlling JavaScript with uMatrix.

 

Next we want to temporarily enable the 'I am an advanced user' option after which a little gear icon will appear to the right of the "I am an advanced user" text. Click the icon to display some advanced settings and change suspendTabsUntilReady to yes. Although there is no guarantee, when you start Firefox uBO will attempt to delay network requests until it is fully loaded. This is most useful if you exit Firefox with open tabs and have it set to restore your previous tabs on restart. If you are following one of my Firefox guides, don't forget to return to the Dashboard and disable the 'I am an advanced user' option.

'Filter Lists' tab settings

Filter lists:
Auto-update filter listsenabled
Parse and enforce cosmetic filtersdisabled
Ignore generic cosmetic filtersenabled
Network filters: 
My filters​​​​​enabled
Built-in:
uBlock filters​enabled
uBlock filters – Badware risks​ 1enabled
uBlock filters – Privacy​​​​​enabled
uBlock filters – Resource abuse​​​​​enabled
uBlock filters – Unbreak​​​​​enabled
Ads:
AdGuard Basedisabled
AdGuard Mobile Ads​ 2disabled
EasyList​enabled
Privacy:
AdGuard Tracking Protection​disabled
EasyPrivacyenabled
Fanboy’s Enhanced Tracking List​enabled
Malware domains:
Malware Domain List​​​​​enabled
Malware domains​enabled
Spam404enabled
Annoyances:
AdGuard Annoyances​enabled
AdGuard Social Media​disabled
Anti-Facebook List​disabled
EasyList Cookieoptional 3
Fanboy’s Annoyanceenabled
Fanboy’s Socialdisabled
uBlock filters – Annoyances​​​​​enabled
Multipurpose:
Dan Pollock’s hosts file​disabled
MVPS HOSTS​disabled
Peter Lowe’s Ad and tracking server list​disabled
Footnotes

[1] Optional for Linux users

[2] Enable if using Firefox on a mobile device

[3] Enabling this list will hide a lot of those idiotic cookie notices

 

Don't worry about the 'Regions, languages' section unless you browse sites in languages other than English in which case you'll want to enable those languages.

As of this writing you can find over 12 million filter lists on the FilterLists website, however i strongly advise to be very careful about what ones you add, if any. In my experience the default filter lists offered by uBO are quite sufficient for general web browsing and adding more will use more memory, slow things down and potentially break more webpages.

'My filters' tab settings

Instead of blocking remote fonts globally, i suggest adding the following to the 'My filters' tab which will allow 1st party fonts globally while blocking all 3rd party fonts except for the domains you specifically allow. Note that lines starting with an exclamation mark ( ! ) are comments and are ignored by uBO:

! fonts: the following line will allow 1st party fonts globally while blocking all 3rd party fonts:
*$font,3p
! to allow 3rd party fonts per domain:
! *$font,3p,domain=~example.com
! to allow 3rd party fonts for additional domains:
! *$font,3p,domain=~example.com|~example2.com

For more on font filtering see Blocking Web Fonts for Speed and Privacy | InfoSec.

'My rules' tab settings

If you are following the Firefox Configuration Guide for Privacy Freaks and Performance Buffs or otherwise using uBO on its own, and are not using uMatrix, and you have enabled the 'I am an advanced user' setting (there's no reason to enable this setting if using uMatrix to control dynamic filtering), i suggest making the following changes.

On the 'My rules' tab, you may want to delete the default behind-the-scene rules and replace them with the following, however this will break some websites:

no-scripting: behind-the-scene true 
no-large-media: behind-the-scene true 
behind-the-scene * * block

If you are using the LocalCDN add-on you will need to add some rules to the 'My Rules' tab in the uBO Dashboard. The rules can be found in the preferences section of the LocalCDN add-on from where you will copy the rules specific to uBlock Origin. After copying the rules, paste them on a new, blank line in the 'Temporary rules' section of the 'My Rules' tab after which you need to save and commit the changes. When adding the rules, be sure to remove any conflicting rules for the same domains if there are any (there won't be if you're starting fresh).

Dynamic filtering

If you are running uBO with the 'I am an advanced user' option selected in order to enable dynamic filtering, i recommend setting the following rules to block (red) in the global rules column and then allowing (noop/grey) these resources on an as-needed basis per domain in the local rules column:

inline scripts
1st-party scripts
3rd-party scripts
3rd-party frames

Change log

6-Nov-2019

  • article first published

20-Nov-2019

  • added info regarding cnameAliasList option

22-Nov-2019

  • changed value of suspendTabsUntilReady from true to yes
  • separated settings according the Firefox guide being followed
  • added a table of contents
  • misc. edits

1-Dec-2019

  • removed cnameAliasList from uBO settings (depreciated)
  • minor edits

7-Jan-2020

  • updated filter list settings
  • minor edits

24-Mar-2020

  • removed Adblock Warning Removal List​ (thank you 'someone')

24-Apr-2020

  • changed 'I am an advanced user' setting from 'enabled' to 'disabled' for the 'Advanced guide settings' - i don't know why i ever had this set to 'enabled', especially for those using uMatrix, which is the case in the advanced guide
  • removed filter lists no longer included with newest version of uBO - thanks to 'theltalpha'
  • minor edits

2-May-2020

  • replaced reference to Decentraleyes with LocalCDN and added additional information

6-Jun-2020

  • removed information regarding the CSP (Content Security Policy) issue since this is fixed with Firefox v77

1-Jul-2020

  • corrected an error in the 'My rules tab settings' section - thanks to commenter 'Hash' for notifying me

4-Jul-2020

  • minor edits

5-Jul-2020

  • edited unclear/incorrect information
  • added a 4th column to the 'Settings tab' section for advanced users not following either of my guides and using uBlock Origin without uMatrix
  • misc. minor edits

26-Jul-2020

  • minor edit: expanded instructions for adding LocalCDN rules to uBO

47 thoughts on “uBlock Origin Suggested Settings”

  1. Just curious, in your recommended ‘My Rules tab settings’, doesn’t the 3rd line:
    ‘behind-the-scene * * block’
    automatically includes all of the following lines (because of the asterisk), or am I missing something?

    I’m also looking for some advice. You suggested using uMatrix with uBlockOrigin, but as far as I know, you can do something like this in uBlockOrigin:
    * https://www.gstatic.com/recaptcha/ script noop
    just as an example of allowing captchas globally, but you can’t do the same thing in uMatrix without allowing all scripts from gstatic.com (potentially have to allow google.com as well globally). Or is there a way around this?

    Thanks a lot.

    1. you’re correct – behind-the-scene * * block blocks all behind the scenes requests by default so there’s no need to add the additional rules

      furthermore, there’s no need to do anything to the ‘My rules’ settings unless one has enabled advanced mode which should only be done if one is not using uMatrix to control dynamic filtering

      i updated the ‘My Rules tab settings’ section accordingly – thanks for pointing this out

      regarding your reCAPTCHA example, if you try adding that rule to the uBO rules you’ll find it will be colored in red instead of black because the rule is invalid – you cannot include the protocol, http://, nor a path, /recaptcha/ – see: Dynamic filtering: rule syntax

      so your example would have to be rewritten to something like * www.gstatic.com script noop which would allow scripts from http://www.gstatic.com to run everywhere that resource is used, whether the resource is a CAPTCHA or not

      as for using uBO and uM together, while you can manually add advanced rules in uBO, there are 2 issues to be aware of: 1) uBO is not capable of performing all of the filtering that uM is, such as filtering ‘other’ requests (requests not fitting into any other category) and 2) adding rules manually is probably more difficult/slower than using the pop-up UI – if you’re going to use both uBO and uM, i suggest using uBO for static filtering only (ads and such – the filter lists – advanced mode disabled) and uM for dynamic filtering with all static filter lists disabled

      1. Thank you for your reply. I’m not the familiar with uBO, but this is the feature I’m talking about: https://github.com/gorhill/uBlock/wiki/Dynamic-URL-filtering. I have these two rules in uBO:
        * https://recaptcha.net/recaptcha/api.js script noop
        * https://www.gstatic.com/recaptcha/ script noop
        which I’ve simply added via the logger.

        I was trying to add uM along with my existing uBO setup (I followed your guide above), but the dynamic url filtering in uBO seems too good (in terms of being specific and globally applicable) to not use it. Any ideas?

        1. this is interesting – i didn’t know uBO had this capability – frankly, you know more about this than i do so i can’t really help you – i’ve been looking for an excuse to dump uM and this may be it but i have some reading to do

  2. Hi
    I have a couple of questions:
    1:would blocking font.googleapis.com
    raise entropy?
    I do not block remote fonts due to the issue with CSP
    2: what about blocking s3.amazonaws.com?

    1. re: #1 – far as i know google uses data in their fonts to be able to track and/or fingerprint the browser – as far as raising entropy, i would guess that blocking font.googleapis.com may raise entropy, but that may depend on whether JS is enabled – i really don’t know

      if you want to block 3rd party fonts whilst allowing 1st party and avoid the CSP issue (and some of the CSP issue will be addressed in FF 77 btw), you can add this to the ‘my filters’ section of uBO:

      ! fonts: the following line will allow 1st party fonts globally while blocking all 3rd party fonts:
      *$font,3p
      ! to allow 3rd party fonts per domain:
      ! *$font,3p,domain=~example.com
      ! to allow 3rd party fonts for additional domains:
      ! *$font,3p,domain=~example.com|~example2.com

      i’m pretty sure that avoids the CSP issue which could otherwise be a problem if you enabled ‘Block remote fonts’ in uBO settings, though i’m not entirely positive

      re: #2 – if you’re asking whether blocking s3.amazonaws.com would raise entropy, i don’t know, but i look at it a little differently: who would you rather have fingerprint the browser, amazon or the website you’re visiting? personally i block 3rd parties like amazon when and where i can … same goes for fonts

  3. I’ve noticed, that when I disable javascript and check Decentraleyes’ testing utility, I’m told that Decentraleyes does not work.
    Do you know about any solution?
    I never chose to block js overall ( it breaks too many sites, and I dont use umatrix for granularity. I’, not that smart) untill the option recently occured as a toggle on/off in UblockOrigin).

    1. hi Jane – the test page for Decentraleyes requires JS to function

      also you might want to consider replacing Decentraleyes with LocalCDN – i’ll point you to my extensions page where you’ll find a link and which may be of interest to you

      and yes, blocking JS will break a lot of websites as you’ve discovered, however understand that enabling it has a huge effect on privacy – i assume you’re using uBlock O though and toggling JS per domain?

      1. Thank you for your advice.
        I will definitely try out LocalCDN.
        just to make things clear: Decentraleyes do work with js blocked by uBlock Origin?
        it’s just the testsite that doesn’t?
        I do know about the huge impact on privacy ; but dealing with js in detail is way out of my league.
        toggling js via uBlock per domain is the easiest way for me.
        I do block 3rd-party, 3rd-party scripts and 3rd-party frames globally however but naturally often need to adjust per site.
        I have also checkmarked adguard social media-, anti facebook- & fanboys social list.

        1. > Decentraleyes do work with js blocked by uBlock Origin?

          that depends…

          Decentraleyes provides local copies of common scripts hosted on CDNs, so if you disable JS globally, for example, without adding he filters that Decentraleyes/LocalCDN makes available for uBO (or uMatrix if you use it) then no scripts will run regardless of whether they’re provided by Decentraleyes/LocalCDN or a CDN

          so i think the answer you’re looking for is ‘yes’, Decentraleyes/LocalCDN works with JS disabled globally via uBO, uM, FF prefs, etc., AS LONG AS you’ve added the necessary filters to uBO/uM

          let me know if that makes sense to you

          1. it certainly makes sense. I did not really get it untill your explanation. I downloaded Decentraleyes way back, but never changed any of the settings.
            I recently read about the need for a copied list but when I took a look at the “my rule” section: no edit button to be seen.
            I’ve therefore chosen to 1:reset the settings of uBlock Origin
            2:remove my extensions (5 all together)
            3: restart FF and do a re-installation starting with uBlock.
            I downloaded Local CDN instead of Decentraleyes.
            the situation right now : I managed to copy and paste and save those list BUT I’m not sure I succeeded ( I worry about the missing edit button and the fact, that in spite of not checkmarking “I’m an advanced user” I was still allowed to save those list.
            I took a screeshot, but I dont know how to copy it to this comment section?
            Besides : should I enable “Block requests for missing resources”?

            1. ok, i’m not sure what’s going on (missing edit button???) so i’ll lay out the whole process…

              1. open the add-on manager (or enter about:addons in the address bar)
              2. click the ‘preferences’ button for LocalCDN
              3. in the page that opens, at the very bottom, there are checkboxes for uBlock and uMatrix – i understand you’re using only uBlock, so click the uBlock checkbox and copy the filter rules
              4. click the uBlock icon on your toolbar, then the settings (open dashboard) icon
              5. click the ‘my rules’ tab
              6. on the right side, in the temporary rules section, click at the beginning of any of the lines and press enter to create a new blank line
              7. click to move the caret (the blinking cursor) to the new line, then paste the filter rules you copied from LocalCDN
              8. click the ‘save’ button, then the ‘commit’ button

              done

              > should I enable “Block requests for missing resources”?

              that’s up to you – if you enable that and then come across a website that uses an external library which is not included with LocalCDN (and you likely will), the site may not function properly

              enabled: better privacy, more web breakage
              disabled: slightly compromised privacy, no web breakage

              you seem new to all this so i would suggest leaving it disabled

              1. Thank you so much for your tutorial. I really appreciate.
                fortunately it turns out, that I actually did make the exact same steps on my own.
                what still puzzles me is that the *icon in front of each domain listed is transferred as well?
                did I make a mistake or is everything fine?
                I’m really sorry to bother you this much
                and yes:
                I will definitely not checkmark “Block requests for missing resource”

                1. that’s an asterik ( * ), not an icon – it is used as a wildcard that matches all domains, and yes, that must be copied to the uBO ‘my rules’ tab – here’s the full code from LocalCDN v2.1.13:

                  * ajax.googleapis.com * noop
                  * ajax.aspnetcdn.com * noop
                  * ajax.microsoft.com * noop
                  * cdnjs.cloudflare.com * noop
                  * code.jquery.com * noop
                  * cdn.jsdelivr.net * noop
                  * yastatic.net * noop
                  * yandex.st * noop
                  * apps.bdimg.com * noop
                  * libs.baidu.com * noop
                  * cdn.staticfile.org * noop
                  * cdn.bootcss.com * noop
                  * mat1.gtimg.com * noop
                  * lib.baomitu.com * noop
                  * lib.sinaapp.com * noop
                  * upcdn.b0.upaiyun.com * noop
                  * stackpath.bootstrapcdn.com * noop
                  * maxcdn.bootstrapcdn.com * noop
                  * netdna.bootstrapcdn.com * noop
                  * use.fontawesome.com * noop
                  * ajax.cloudflare.com * noop
                  * akamai-webcdn.kgstatic.net * noop
                  * sdn.geekzu.org * noop
                  * ajax.proxy.ustclug.org * noop
                  * unpkg.com * noop

                  1. I sent you a big “thank you” right after your latest reply.
                    It apparently vanished, so once again:
                    thank you so much.
                    I hope not to bother you again in a looong time ;-)

                    1. thank you for your thank you :)
                      and please don’t think you’re being a bother – not at all

                  2. Hi 12Bytes ! Please I need your help. I did what you said, but it still have this message : The test resource could not be fetched locally or remotely. LocalCDN is not working as intended.

                    Can you help me ?

                    Thanks !

                    1. i assume the error you mention is from the LocalCDN test page???
                      if so, did you enable JS for the page?

                    2. JS is on.

                      Is there any other add-on or mozilla configuration which may interact with LocalCDN ?

                      I use uBlock, Nano Defender, ClearURLs, PrivacyBadger, Cookies auto-delete, Idon’tcareaboutcookies and HTTPS Everywhere.

                      Thank you by advance !

                    3. I found the problem -> Privacy Badger -> I reinitialized it and it was ok !

                      Thanks for your support !

                      PS : wonderful website to know more about privacy, thank you for your works !

  4. The Decentraleyes wiki says that after adding the rules to uBO you have to enable the option “Block requests from missing resources” but I noticed that this breaks a lot of sites and I have to manually whitelist them. Is enabling this option necessary for the rules to work? Or is it safe to leave it unchecked? Also, those rules are from 2018, aren’t they outdated? Sorry to ask this on your page but you’re my only hope.

  5. Fanboy’s Enhanced Tracking List​ and Malvertising filter list by Disconnect​​​​ had problem to updated and there were 0. I went on the Fanboys site and add to Ubo and it works now under “Custom” and the same with Disconnect which I have a link in “Custom” to raw.githubuser….

    1. unless you have/had the domain blocked for some reason, you should not have to do anything to uBO to d/l those lists – i suspect it may have been a temp network issue???

      to find out, remove whatever rule(s) you added, then in the filter lists tab click the icon at the end of those specific list items to force an update – let us know the result

      note also that these list servers may well have a firewall in place to prevent abuse (downloading too many times by same IP), so just test once

      1. Thank you but it doesn’t works. I did remove uBO and add it again. I did settings from your site and again the same problem. I try to install uBO prerelease but Firefox doesn’t allow me.

    1. well, you only need one to do dynamic filtering and if you’re using both uBO and uM, then i’d suggest using uM for the dynamic rules since it’s more granular and, IMO, easier to use

  6. For my setup, I disabled all of the built in malware filters and utilized Steven Black’s host file and Crazy-Max’s for Windows tracking.
    The other custom filters, are quite good (in my humble opinion) and you may want to consider them.
    ******
    Custom Filters:
    https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
    https://www.github.developerdan.com/hosts/lists/ads-and-tracking-extended.txt\
    https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt
    https://fanboy.co.nz/fanboy-antifonts.txt
    https://www.i-dont-care-about-cookies.eu/abp/
    https://gitcdn.xyz/repo/NanoAdblocker/NanoFilters/master/NanoMirror/NanoDefender.txt
    https://gitcdn.xyz/repo/NanoAdblocker/NanoFilters/master/NanoFilters/NanoBase.txt
    https://gitcdn.xyz/repo/NanoAdblocker/NanoFilters/master/NanoFilters/NanoWhitelist.txt
    ********
    ​​StevenBlack/hosts​​ ​​​39,025 used out of 39,661​​​​
    Windows Spyblocker 370 used out of 370​​
    ​​Fanboy’s Anti-thirdparty Fonts​​ ​​​ 54 used out of 54​​
    ​​I don’t care about cookies​​ ​​​ 10,838 used out of 17,758​​
    ​​Nano Defender Integration​​ ​​ 2,645 used out of 2,646​​
    ​​Nano Filters​​ ​​​ 153 used out of 338​​
    ​​Nano Filters – Whitelist​​ ​​​ 1 used out of 1​​
    ***************
    Built -in Filter Lists Used

    “selectedFilterLists”: [
    “user-filters”,
    “ublock-filters”,
    “ublock-annoyances”,
    “ublock-badware”,
    “ublock-privacy”,
    “ublock-abuse”,
    “ublock-unbreak”,
    “awrl-0”,
    “adguard-generic”,
    “adguard-mobile”,
    “easylist”,
    “adguard-spyware”,
    “easyprivacy”,
    “fanboy-enhanced”,
    “adguard-annoyance”,
    “adguard-social”,
    “fanboy-thirdparty_social”,
    “fanboy-cookiemonster”,
    “fanboy-annoyance”,
    “fanboy-social”,

    1. personally i think you went (way) overboard

      the Windows Spyblocker hosts list i’m guessing should be implemented at the OS level, not the browser level

      font blocking with uBlock can be done without a filter list – look at my uBlock config guide for an example – in addition you can force fonts in Firefox options and then toggle that on/off with an extension

      running easylist + fanboy + adguard + you’re using 3 lists for social media – this is overkill to the extreme IMO – the more lists you use, the more stuff is going to break

Leave a Reply

Your email address will not be published. Required fields are marked *