uBlock Origin Suggested Settings

uBlock Origin

See the change log at the end for a complete revision history.

Introduction

First and foremost, use only uBlock Origin (uBO) by Raymond 'gorhill' Hill (uBlock Origin page on the Firefox Add-ons website). There are many other clones and wannabes out there and you do not want to be using any of them.

uBlock Origin is not simply an ad blocker as many assume, rather it is a powerful content filter, similar to a firewall, that is capable of both dynamic and static filtering. In addition to blocking annoying content such as ads, it can also block JavaScript, frames, images, 3rd party fonts and more, as well as help to prevent tracking and malware. uBO is the only content filtering/ad blocking browser add-on i recommend. For even finer grained control, uBO can be used in conjunction with uMatrix by the same developer, however in this case it should be configured in its easy mode with the appropriate static filters enabled while uMatrix is used to handle the dynamic filtering.

Following are my personal preferences for setting up uBlock Origin. This configuration is primarily intended to be used with either The Firefox Privacy Guide For Dummies! or the Firefox Configuration Guide for Privacy Freaks and Performance Buffs. Keep in mind these are my personal preferences and by no means do i claim them to be the best possible for every use case, however i like to think they are generally sensible given i've been using and tinkering with uBO for quite a while.

If you are following The Firefox Privacy Guide For Dummies!, it is essential that you read the uBlock wiki with the exception of the Advanced-user-features section. If you are following the Firefox Configuration Guide for Privacy Freaks and Performance Buffs, it is essential that you read the Advanced-user-features section as well. If you are not following my guides and not using uMatrix, i would highly suggest enabling the advanced mode option in uBO in order to leverage its dynamic filtering capability and learn how to use it.

Once uBO is installed, click its toolbar icon to reveal its popup user interface, then click the little sliders icon to reveal the "secret" Dashboard (i say "secret" because apparently quite a few people don't know it exists). These are the settings i recommend:

'Settings' tab settings

Settings not shown here are optional.

Setting name
'Dummy' guide settingsAdvanced guide settings
Hide placeholders of blocked elements 1disabledoptional
Show the number of blocked requests on the iconenabledoptional
Disable tooltipsdisabledoptional
I am an advanced user 2disableddisabled
Privacy: 
Disable pre-fetchingenabledenabled
Disable hyperlink auditingenabledenabled
Prevent WebRTC from leaking local IP addressesenabledenabled
Block CSP reportsenabledenabled
Default behavior: 
Disable cosmetic filteringenabledenabled
Block media elements larger than [50] KBdisabledoptional
Block remote fonts 3disableddisabled
Disable JavaScript 4enableddisabled
Footnotes

[1] If you are new to uBO and content filtering, you should not enable this option. Not enabling it will sometimes provide a visual indication when something is blocked in a webpage in the form of an empty space.

[2] This option should not be enabled if you are using uMatrix to handle dynamic filtering. If you are following the The Firefox Privacy Guide For Dummies! and not using uMatrix, then it may be enabled only after reading the Advanced user features section of the uBO wiki.

[3] I do not suggest blocking remote fonts using this option. Not only will doing so uglify many websites, but there is a CSP issue to consider. See the 'My filters' tab section below for an alternative.

[4] Enabling this option disables JavaScript globally by default and causes uBO to honor <noscript> HTML tags. The problem with the latter is that some page elements that might have been displayed had the <noscript> tags been ignored, may not when this option is enabled. Also some websites may display a JavaScript disabled warning message, though this can be beneficial for novice users. If you are following The Firefox Privacy Guide For Dummies!, i suggest enabling this option since you won't have to enable and fool with uBO's dynamic filtering, however if you are following the Firefox Configuration Guide for Privacy Freaks and Performance Buffs, i recommend disabling this option and controlling JavaScript with uMatrix.

 

Next we want to enable the 'I am an advanced user' option after which a little gear icon will appear to the right of the "I am an advanced user" text. Click the gear icon to display some advanced settings and change suspendTabsUntilReady to yes. Although there is no guarantee, uBO will attempt to delay network requests until it is fully loaded. This is useful if you exit Firefox with open tabs and have it set to restore your previous tabs on restart. If you are following The Firefox Privacy Guide For Dummies!, return to the Dashboard and disable the 'I am an advanced user' option.

'Filter Lists' tab settings

Filter lists:
Auto-update filter listsenabled
Parse and enforce cosmetic filtersdisabled
Ignore generic cosmetic filtersenabled
Network filters: 
My filters​​​​​enabled
Built-in:
uBlock filters​enabled
uBlock filters – Badware risks​ 1enabled
uBlock filters – Privacy​​​​​enabled
uBlock filters – Resource abuse​​​​​enabled
uBlock filters – Unbreak​​​​​enabled
Ads:
AdGuard Basedisabled
AdGuard Mobile Ads​ 2disabled
EasyList​ 3enabled
Privacy:
AdGuard Tracking Protection​disabled
EasyPrivacy 3enabled
Fanboy’s Enhanced Tracking List​enabled
Malware domains:
Malware Domain List​​​​​enabled
Malware domains​enabled
Spam404enabled
Annoyances:
AdGuard Annoyances​enabled
AdGuard Social Media​disabled
Anti-Facebook List​disabled
EasyList Cookiedisabled
Fanboy’s Annoyanceenabled
Fanboy’s Socialdisabled
uBlock filters – Annoyances​​​​​enabled
Multipurpose:
Dan Pollock’s hosts file​disabled
MVPS HOSTS​disabled
Peter Lowe’s Ad and tracking server list​disabled
Footnotes

[1] Optional for Linux users

[2] Enable if using Firefox on a mobile device

[3] Regarding EasyList and EasyPrivacy, i tend to prefer these lists, however as of 7-Jan-2020, there is a rather critical issue with Firefox involving Content Security Policy (CSP) header injection and add-ons and both of these lists use CSP injection. For more information, search for "CSP" on the FAQ: Firefox Hardening page.

 

Don't worry about the 'Regions, languages' section unless you browse sites in languages other than English in which case you'll want to enable those languages.

As of this writing you can find over 12 million filter lists on the FilterLists website, however i strongly advise to be very careful about what ones you add, if any. In my experience the default filter lists offered by uBO are quite sufficient for general web browsing and adding more will use more memory, slow things down and potentially break more webpages.

'My filters' tab settings

Instead of blocking remote fonts globally, i suggest adding the following to the 'My filters' tab which will allow 1st party fonts globally while blocking all 3rd party fonts except for the domains you specifically allow. Note that lines starting with an exclamation mark ( ! ) are comments and are ignored by uBO:

! fonts: the following line will allow 1st party fonts globally while blocking all 3rd party fonts:
*$font,3p
! to allow 3rd party fonts per domain:
! *$font,3p,domain=~example.com
! to allow 3rd party fonts for additional domains:
! *$font,3p,domain=~example.com|~example2.com

For more on font filtering see Blocking Web Fonts for Speed and Privacy | InfoSec.

'My rules' tab settings

If you are using the LocalCDN add-on you will need to add some rules to the 'My Rules' tab in the Dashboard if you enable dynamic filtering (advanced mode). The rules can be found in the preferences section of LocalCDN from where you will copy them, then paste them on a new, blank line in the 'Temporary rules' section of the 'My Rules' tab after which you need to save and commit the changes. When adding the rules, be sure to remove any conflicting rules for the same domains if there are any (there won't be if you're starting fresh).

If you are following the Firefox Configuration Guide for Privacy Freaks and Performance Buffs, i suggest making the following changes:

no-scripting: behind-the-scene true
no-large-media: behind-the-scene true
behind-the-scene * * block
behind-the-scene * 1p-script block
behind-the-scene * 3p block
behind-the-scene * 3p-frame block
behind-the-scene * 3p-script block
behind-the-scene * image block
behind-the-scene * inline-script block

Dynamic filtering

If you are running uBO with the 'I am an advanced user' option selected in order to enable dynamic filtering, i recommend setting the following rules to block (red) in the global rules column and then allowing (noop/grey) these resources on an as-needed basis per domain in the local rules column:

inline scripts
1st-party scripts
3rd-party scripts
3rd-party frames

Change log

6-Nov-2019

  • article first published

20-Nov-2019

  • added info regarding cnameAliasList option

22-Nov-2019

  • changed value of suspendTabsUntilReady from true to yes
  • separated settings according the Firefox guide being followed
  • added a table of contents
  • misc. edits

1-Dec-2019

  • removed cnameAliasList from uBO settings (depreciated)
  • minor edits

7-Jan-2020

  • updated filter list settings
  • minor edits

24-Mar-2020

  • removed Adblock Warning Removal List​ (thank you 'someone')

24-Apr-2020

  • changed 'I am an advanced user' setting from 'enabled' to 'disabled' for the 'Advanced guide settings' - i don't know why i ever had this set to 'enabled', especially for those using uMatrix, which is the case in the advanced guide
  • removed filter lists no longer included with newest version of uBO - thanks to 'theltalpha'
  • minor edits

2-May-2020

  • replaced reference to Decentraleyes with LocalCDN and added additional information

42 thoughts on “uBlock Origin Suggested Settings”

  1. Hi
    I have a couple of questions:
    1:would blocking font.googleapis.com
    raise entropy?
    I do not block remote fonts due to the issue with CSP
    2: what about blocking s3.amazonaws.com?

    1. re: #1 – far as i know google uses data in their fonts to be able to track and/or fingerprint the browser – as far as raising entropy, i would guess that blocking font.googleapis.com may raise entropy, but that may depend on whether JS is enabled – i really don’t know

      if you want to block 3rd party fonts whilst allowing 1st party and avoid the CSP issue (and some of the CSP issue will be addressed in FF 77 btw), you can add this to the ‘my filters’ section of uBO:

      ! fonts: the following line will allow 1st party fonts globally while blocking all 3rd party fonts:
      *$font,3p
      ! to allow 3rd party fonts per domain:
      ! *$font,3p,domain=~example.com
      ! to allow 3rd party fonts for additional domains:
      ! *$font,3p,domain=~example.com|~example2.com

      i’m pretty sure that avoids the CSP issue which could otherwise be a problem if you enabled ‘Block remote fonts’ in uBO settings, though i’m not entirely positive

      re: #2 – if you’re asking whether blocking s3.amazonaws.com would raise entropy, i don’t know, but i look at it a little differently: who would you rather have fingerprint the browser, amazon or the website you’re visiting? personally i block 3rd parties like amazon when and where i can … same goes for fonts

  2. I’ve noticed, that when I disable javascript and check Decentraleyes’ testing utility, I’m told that Decentraleyes does not work.
    Do you know about any solution?
    I never chose to block js overall ( it breaks too many sites, and I dont use umatrix for granularity. I’, not that smart) untill the option recently occured as a toggle on/off in UblockOrigin).

    1. hi Jane – the test page for Decentraleyes requires JS to function

      also you might want to consider replacing Decentraleyes with LocalCDN – i’ll point you to my extensions page where you’ll find a link and which may be of interest to you

      and yes, blocking JS will break a lot of websites as you’ve discovered, however understand that enabling it has a huge effect on privacy – i assume you’re using uBlock O though and toggling JS per domain?

      1. Thank you for your advice.
        I will definitely try out LocalCDN.
        just to make things clear: Decentraleyes do work with js blocked by uBlock Origin?
        it’s just the testsite that doesn’t?
        I do know about the huge impact on privacy ; but dealing with js in detail is way out of my league.
        toggling js via uBlock per domain is the easiest way for me.
        I do block 3rd-party, 3rd-party scripts and 3rd-party frames globally however but naturally often need to adjust per site.
        I have also checkmarked adguard social media-, anti facebook- & fanboys social list.

        1. > Decentraleyes do work with js blocked by uBlock Origin?

          that depends…

          Decentraleyes provides local copies of common scripts hosted on CDNs, so if you disable JS globally, for example, without adding he filters that Decentraleyes/LocalCDN makes available for uBO (or uMatrix if you use it) then no scripts will run regardless of whether they’re provided by Decentraleyes/LocalCDN or a CDN

          so i think the answer you’re looking for is ‘yes’, Decentraleyes/LocalCDN works with JS disabled globally via uBO, uM, FF prefs, etc., AS LONG AS you’ve added the necessary filters to uBO/uM

          let me know if that makes sense to you

          1. it certainly makes sense. I did not really get it untill your explanation. I downloaded Decentraleyes way back, but never changed any of the settings.
            I recently read about the need for a copied list but when I took a look at the “my rule” section: no edit button to be seen.
            I’ve therefore chosen to 1:reset the settings of uBlock Origin
            2:remove my extensions (5 all together)
            3: restart FF and do a re-installation starting with uBlock.
            I downloaded Local CDN instead of Decentraleyes.
            the situation right now : I managed to copy and paste and save those list BUT I’m not sure I succeeded ( I worry about the missing edit button and the fact, that in spite of not checkmarking “I’m an advanced user” I was still allowed to save those list.
            I took a screeshot, but I dont know how to copy it to this comment section?
            Besides : should I enable “Block requests for missing resources”?

            1. ok, i’m not sure what’s going on (missing edit button???) so i’ll lay out the whole process…

              1. open the add-on manager (or enter about:addons in the address bar)
              2. click the ‘preferences’ button for LocalCDN
              3. in the page that opens, at the very bottom, there are checkboxes for uBlock and uMatrix – i understand you’re using only uBlock, so click the uBlock checkbox and copy the filter rules
              4. click the uBlock icon on your toolbar, then the settings (open dashboard) icon
              5. click the ‘my rules’ tab
              6. on the right side, in the temporary rules section, click at the beginning of any of the lines and press enter to create a new blank line
              7. click to move the caret (the blinking cursor) to the new line, then paste the filter rules you copied from LocalCDN
              8. click the ‘save’ button, then the ‘commit’ button

              done

              > should I enable “Block requests for missing resources”?

              that’s up to you – if you enable that and then come across a website that uses an external library which is not included with LocalCDN (and you likely will), the site may not function properly

              enabled: better privacy, more web breakage
              disabled: slightly compromised privacy, no web breakage

              you seem new to all this so i would suggest leaving it disabled

              1. Thank you so much for your tutorial. I really appreciate.
                fortunately it turns out, that I actually did make the exact same steps on my own.
                what still puzzles me is that the *icon in front of each domain listed is transferred as well?
                did I make a mistake or is everything fine?
                I’m really sorry to bother you this much
                and yes:
                I will definitely not checkmark “Block requests for missing resource”

                1. that’s an asterik ( * ), not an icon – it is used as a wildcard that matches all domains, and yes, that must be copied to the uBO ‘my rules’ tab – here’s the full code from LocalCDN v2.1.13:

                  * ajax.googleapis.com * noop
                  * ajax.aspnetcdn.com * noop
                  * ajax.microsoft.com * noop
                  * cdnjs.cloudflare.com * noop
                  * code.jquery.com * noop
                  * cdn.jsdelivr.net * noop
                  * yastatic.net * noop
                  * yandex.st * noop
                  * apps.bdimg.com * noop
                  * libs.baidu.com * noop
                  * cdn.staticfile.org * noop
                  * cdn.bootcss.com * noop
                  * mat1.gtimg.com * noop
                  * lib.baomitu.com * noop
                  * lib.sinaapp.com * noop
                  * upcdn.b0.upaiyun.com * noop
                  * stackpath.bootstrapcdn.com * noop
                  * maxcdn.bootstrapcdn.com * noop
                  * netdna.bootstrapcdn.com * noop
                  * use.fontawesome.com * noop
                  * ajax.cloudflare.com * noop
                  * akamai-webcdn.kgstatic.net * noop
                  * sdn.geekzu.org * noop
                  * ajax.proxy.ustclug.org * noop
                  * unpkg.com * noop

                  1. I sent you a big “thank you” right after your latest reply.
                    It apparently vanished, so once again:
                    thank you so much.
                    I hope not to bother you again in a looong time ;-)

                    1. thank you for your thank you :)
                      and please don’t think you’re being a bother – not at all

                  2. Hi 12Bytes ! Please I need your help. I did what you said, but it still have this message : The test resource could not be fetched locally or remotely. LocalCDN is not working as intended.

                    Can you help me ?

                    Thanks !

                    1. i assume the error you mention is from the LocalCDN test page???
                      if so, did you enable JS for the page?

                    2. JS is on.

                      Is there any other add-on or mozilla configuration which may interact with LocalCDN ?

                      I use uBlock, Nano Defender, ClearURLs, PrivacyBadger, Cookies auto-delete, Idon’tcareaboutcookies and HTTPS Everywhere.

                      Thank you by advance !

                    3. I found the problem -> Privacy Badger -> I reinitialized it and it was ok !

                      Thanks for your support !

                      PS : wonderful website to know more about privacy, thank you for your works !

  3. The Decentraleyes wiki says that after adding the rules to uBO you have to enable the option “Block requests from missing resources” but I noticed that this breaks a lot of sites and I have to manually whitelist them. Is enabling this option necessary for the rules to work? Or is it safe to leave it unchecked? Also, those rules are from 2018, aren’t they outdated? Sorry to ask this on your page but you’re my only hope.

  4. Fanboy’s Enhanced Tracking List​ and Malvertising filter list by Disconnect​​​​ had problem to updated and there were 0. I went on the Fanboys site and add to Ubo and it works now under “Custom” and the same with Disconnect which I have a link in “Custom” to raw.githubuser….

    1. unless you have/had the domain blocked for some reason, you should not have to do anything to uBO to d/l those lists – i suspect it may have been a temp network issue???

      to find out, remove whatever rule(s) you added, then in the filter lists tab click the icon at the end of those specific list items to force an update – let us know the result

      note also that these list servers may well have a firewall in place to prevent abuse (downloading too many times by same IP), so just test once

      1. Thank you but it doesn’t works. I did remove uBO and add it again. I did settings from your site and again the same problem. I try to install uBO prerelease but Firefox doesn’t allow me.

    1. well, you only need one to do dynamic filtering and if you’re using both uBO and uM, then i’d suggest using uM for the dynamic rules since it’s more granular and, IMO, easier to use

  5. For my setup, I disabled all of the built in malware filters and utilized Steven Black’s host file and Crazy-Max’s for Windows tracking.
    The other custom filters, are quite good (in my humble opinion) and you may want to consider them.
    ******
    Custom Filters:
    https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
    https://www.github.developerdan.com/hosts/lists/ads-and-tracking-extended.txt\
    https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt
    https://fanboy.co.nz/fanboy-antifonts.txt
    https://www.i-dont-care-about-cookies.eu/abp/
    https://gitcdn.xyz/repo/NanoAdblocker/NanoFilters/master/NanoMirror/NanoDefender.txt
    https://gitcdn.xyz/repo/NanoAdblocker/NanoFilters/master/NanoFilters/NanoBase.txt
    https://gitcdn.xyz/repo/NanoAdblocker/NanoFilters/master/NanoFilters/NanoWhitelist.txt
    ********
    ​​StevenBlack/hosts​​ ​​​39,025 used out of 39,661​​​​
    Windows Spyblocker 370 used out of 370​​
    ​​Fanboy’s Anti-thirdparty Fonts​​ ​​​ 54 used out of 54​​
    ​​I don’t care about cookies​​ ​​​ 10,838 used out of 17,758​​
    ​​Nano Defender Integration​​ ​​ 2,645 used out of 2,646​​
    ​​Nano Filters​​ ​​​ 153 used out of 338​​
    ​​Nano Filters – Whitelist​​ ​​​ 1 used out of 1​​
    ***************
    Built -in Filter Lists Used

    “selectedFilterLists”: [
    “user-filters”,
    “ublock-filters”,
    “ublock-annoyances”,
    “ublock-badware”,
    “ublock-privacy”,
    “ublock-abuse”,
    “ublock-unbreak”,
    “awrl-0”,
    “adguard-generic”,
    “adguard-mobile”,
    “easylist”,
    “adguard-spyware”,
    “easyprivacy”,
    “fanboy-enhanced”,
    “adguard-annoyance”,
    “adguard-social”,
    “fanboy-thirdparty_social”,
    “fanboy-cookiemonster”,
    “fanboy-annoyance”,
    “fanboy-social”,

    1. personally i think you went (way) overboard

      the Windows Spyblocker hosts list i’m guessing should be implemented at the OS level, not the browser level

      font blocking with uBlock can be done without a filter list – look at my uBlock config guide for an example – in addition you can force fonts in Firefox options and then toggle that on/off with an extension

      running easylist + fanboy + adguard + you’re using 3 lists for social media – this is overkill to the extreme IMO – the more lists you use, the more stuff is going to break

Leave a Reply to Mike Cancel reply

Your email address will not be published. Required fields are marked *