celenity/ublock-origin-settings
4
14
Fork 0
Code Issues 1 Pull requests Activity
My recommendations for the ultimate configuration of uBlock Origin :)
40 commits 1 branch 0 tags 90 KiB
Find a file
celenity cc16c2c664
 fix: Update filter to unbreak Twitter - fixes #20 
Signed-off-by: celenity <[email protected]>
2025-10-09 19:02:19 -04:00
.github Add donation link 2024-10-09 02:13:29 -04:00
COPYING.txt Minor updates 2025-08-09 23:08:53 -04:00
README.md fix: Update filter to unbreak Twitter - fixes #20 2025-10-09 19:02:19 -04:00

README.md

ublock-origin-settings

My recommendations for the ultimate configuration of uBlock Origin :)

NOTE: This project can be found on both Codeberg, which will act as the main & preferred way to contribute, and GitHub.

Settings

Privacy:

  • Disable pre-fetching (to prevent any connection for blocked network requests) ->

  • Disable hyperlink auditing ->

  • Block CSP reports ->

  • Uncloak canonical names ->


Default behavior:

  • Disable JavaScript -> (This will cause breakage, but it heavily improves privacy & security, so I'd recommend enabling it if possible and if you're willing to re-enable JavaScript for websites that need it)

Advanced:

  • I am an advanced user ->

Advanced settings

Select the cog to the right of I am an advanced user, and consider configuring the following settings:

autoCommentFilterTemplate -> {{url}}

autoUpdateDelayAfterLaunch -> 10

disableWebAssembly -> true

filterAuthorMode -> true

updateAssetBypassBrowserCache -> true


Filter lists

Auto-update filter lists ->

Suspend network activity until all filter lists are loaded ->

Parse and enforce cosmetic filters ->

Ignore generic cosmetic filters ->

Lists

I would generally recommend configuring your filterlists as follows. This configuration matches what my 'Phoenix' project uses, has been thoroughly tested and carefully considered to provide a balance between privacy, security, usability, and performance.

Built-in Lists

We'll first go over lists built-in to a stock installation of uBlock Origin.

I would generally recommend configuring the built-in lists as follows:

Tip

Lists with a should be enabled, while lists with a are unnecessary and should typically be disabled.

Built-in

  • uBlock filters - Ads -> (Default)
  • uBlock filters - Badware risks -> (Default)
  • uBlock filters - Privacy -> (Default)
  • uBlock filters - Quick fixes -> (Default)
  • uBlock filters - Unbreak -> (Default)

Ads

  • EasyList -> (Default)
  • AdGuard - Ads ->
  • AdGuard - Mobile Ads ->

Privacy

  • EasyPrivacy -> (Default)
  • AdGuard Tracking Protection ->
  • AdGuard URL Tracking Protection ->
  • Block Outsider Intrusion into LAN ->

Malware protection, security

  • Online Malicious URL Blocklist -> (Default)
  • Phishing URL Blocklist ->

Multipurpose

  • Peter Lowe’s Ad and tracking server list -> (Default)
  • Dan Pollock’s hosts file ->

Cookie notices

  • EasyList - Cookie Notices ->
  • AdGuard - Cookie Notices ->
  • uBlock filters - Cookie Notices ->

Social widgets

  • EasyList - Social Widgets ->
  • AdGuard - Social Widgets ->
  • Fanboy - Anti-Facebook ->

Annoyances

  • EasyList - Chat Widgets ->
  • EasyList - Newsletter Notices ->
  • EasyList - Notifications ->
  • EasyList - Other Annoyances ->
  • AdGuard - Mobile App Banners ->
  • AdGuard - Other Annoyances ->
  • AdGuard - Popup Overlays ->
  • AdGuard - Widgets ->
  • uBlock filters - Annoyances ->

External Lists

We can now go over what lists you should manually import to uBlock Origin.

I would generally recommend importing & enabling the following:

Privacy

  • Actually Legitimate URL Shortener Tool

    https://gitlab.com/DandelionSprout/adfilt/-/raw/master/LegitimateURLShortener.txt

  • 🔍 yokoffing's Block third party fonts

    https://raw.githubusercontent.com/yokoffing/filterlists/main/block_third_party_fonts.txt

  • yokoffing's click2load filters

    https://raw.githubusercontent.com/yokoffing/filterlists/main/click2load.txt

Malware protection, security

  • ⚠️ BadBlock - Unsafe

    https://badblock.celenity.dev/abp/unsafe.txt

  • 💊 Dandelion Sprout's Anti-Malware List

    https://gitlab.com/DandelionSprout/adfilt/-/raw/master/Dandelion%20Sprout's%20Anti-Malware%20List.txt

  • 🔏 HaGeZi - Dynamic DNS

    https://gitlab.com/hagezi/mirror/-/raw/main/dns-blocklists/adblock/dyndns.txt

  • 🔐 HaGeZi - Threat Intelligence Feeds - Mini

    https://gitlab.com/hagezi/mirror/-/raw/main/dns-blocklists/adblock/tif.mini.txt

  • FMHY Unsafe sites filterlist

    https://raw.githubusercontent.com/fmhy/FMHYFilterlist/main/filterlist-basic.txt

Multipurpose

  • 📕 HaGeZi - Multi ULTIMATE mini

    https://gitlab.com/hagezi/mirror/-/raw/main/dns-blocklists/adblock/ultimate.mini.txt

Additionally, if you're fine with occasional breakage at the cost of enhanced privacy & security, you could also consider using:

  • ️ My ️ BadBlock Lite, 🔇 BadBlock, OR 🔥 BadBlock+

    • Do not use all 3 together, pick one that works best for you! 🔇 BadBlock is recommended for most users.

      • ️ BadBlock Lite 
        https://badblock.celenity.dev/abp/badblock_lite.txt
      • 🔇 BadBlock 
        https://badblock.celenity.dev/abp/badblock.txt
      • 🔥 BadBlock+ 
        https://badblock.celenity.dev/abp/badblock_plus.txt

Furthermore, if you don't have a DNS content blocking solution in place (you should), or you just can't use the relevant list on your DNS blocker, you could also use the following:

  • HaGeZi's Most Abused TLDs

    https://gitlab.com/hagezi/mirror/-/raw/main/dns-blocklists/adblock/spam-tlds-ublock.txt

  • OISD - Big

    https://big.oisd.nl

Once you're finished choosing your lists, don't forget to select Apply changes & Update now.

My filters

This is where it can really depend on you and your set-up. I'll provide my recommendations and filters here I myself use below:

First, I would highly recommend setting the following to protect against IDN Homograph attacks:

xn--*
xn--*$doc,popup,frame

You don't need to set this if you use BadBlock Unsafe above or if your DNS provider already provides IDN Homograph Attacks Protection (i.e. NextDNS)

I usually set the following to always enforce blocking Google's Doubleclick & Google Analytics: Why?

||doubleclick.net^$important
||google-analytics.com^$important

Additionally, I set the following to block social media tracking on websites:

||facebook.com^$important,third-party
||facebook.net^$important,third-party
||linkedin.com^$important,third-party
||instagram.com^$important,third-party
||tiktok.com^$important,third-party
||twitter.com^$third-party,domain=~x.com
||x.com^$third-party

See My rules section below for unbreaking X/Twitter...

I also set this to block tracking from Gravatar:

||gravatar.com^$important,third-party

I also set these rules to block 3rd party sign-in prompts from Google & Apple, as they're 1: annoying and 2: a tracking concern:

||accounts.google.com^$third-party,domain=~chromium.org|~gstatic.com|~googleusercontent.com|~youtube.com
||appleid.apple.com^$third-party,domain=~appleid.cdn-apple.com
||appleid.cdn-apple.com^$third-party,domain=~appleid.apple.com

Since I block all 3rd-party requests (will be explained further in My rules section below), I set the following rules to still allow CAPTCHAs for sites: (Also see My rules)

||challenges.cloudflare.com^$third-party
@@||challenges.cloudflare.com/cdn-cgi/challenge-platform/$third-party,script,frame
||www.google.com^$third-party,subdocument
@@||www.google.com/recaptcha/$third-party,subdocument
||www.gstatic.com^$third-party,script
@@||www.gstatic.com/recaptcha/$third-party,script

Once you are done here, make sure to select Apply changes.

My rules

First, I typically set the following to block all 3rd party requests:

I would not recommend this for most people, as you will basically have to unbreak pages yourself, but it provides the most private, secure, and fastest configuration possible.

* * 3p block
* * 3p-frame block
* * 3p-script block

If you don't want as much breakage, you could potentially only set:

* * 3p-frame block

This only blocks 3rd party frames, while keeping other resources untouched. I would recommend this if you have the tolerance to allow 3rd party frames for pages that need them, but still want a nice boost in privacy, security, & performance.

I then set the following to allow CAPTCHAs for sites:

* challenges.cloudflare.com * noop
* www.google.com * noop
* www.gstatic.com * noop
* hcaptcha.com * noop
* recaptcha.net * noop

I also set the following to unbreak X/Twitter based off the filters we set above:

x.com twitter.com * noop
twitter.com x.com * noop

️ If you block 3rd party connections like me, then I would recommend also using the LocalCDN extension with the following settings, as this will reduce breakage:

LocalCDN -> Basic

Hide donation button ->

LocalCDN -> Advanced

Block Google Fonts -> This is already covered by Yokoffing's Block third party fonts list that we added, leaving Google Fonts blocked here as well will just cause issues & breakage


Now, back to uBlock Origin, you should add the following rules in uBlock Origin for LocalCDN to be active:

* ajax.googleapis.com * noop
* ajax.aspnetcdn.com * noop
* ajax.microsoft.com * noop
* cdnjs.cloudflare.com * noop
* code.jquery.com * noop
* cdn.jsdelivr.net * noop
* fonts.googleapis.com * noop
* yastatic.net * noop
* yandex.st * noop
* apps.bdimg.com * noop
* libs.baidu.com * noop
* cdn.staticfile.org * noop
* cdn.bootcss.com * noop
* mat1.gtimg.com * noop
* lib.sinaapp.com * noop
* upcdn.b0.upaiyun.com * noop
* stackpath.bootstrapcdn.com * noop
* maxcdn.bootstrapcdn.com * noop
* netdna.bootstrapcdn.com * noop
* use.fontawesome.com * noop
* ajax.cloudflare.com * noop
* akamai-webcdn.kgstatic.net * noop
* gitcdn.github.io * noop
* vjs.zencdn.net * noop
* cdn.plyr.io * noop
* cdn.materialdesignicons.com * noop
* cdn.ravenjs.com * noop
* js.appboycdn.com * noop
* cdn.embed.ly * noop
* cdn.datatables.net * noop
* mathjax.rstudio.com * noop
* cdn.mathjax.org * noop
* code.createjs.com * noop
* sdn.geekzu.org * noop
* ajax.proxy.ustclug.org * noop
* unpkg.com * noop
* pagecdn.io * noop
* cdnjs.loli.net * noop
* ajax.loli.net * noop
* fonts.loli.net * noop
* lib.baomitu.com * noop
* cdn.bootcdn.net * noop
* fonts.gstatic.com * noop
* ajax.loli.net.cdn.cloudflare.net * noop
* akamai-webcdn.kgstatic.net.edgesuite.net * noop
* apps.bdimg.jomodns.com * noop
* cdn.bootcdn.net.maoyundns.com * noop
* cdn.bootcss.com.maoyundns.com * noop
* cdn.embed.ly.cdn.cloudflare.net * noop
* cdn.jsdelivr.net.cdn.cloudflare.net * noop
* cdnjs.loli.net.cdn.cloudflare.net * noop
* cds.s5x3j6q5.hwcdn.net * noop
* developer.n.shifen.com * noop
* dualstack.osff.map.fastly.net * noop
* fonts.loli.net.cdn.cloudflare.net * noop
* gateway.cname.ustclug.org * noop
* iduwdjf.qiniudns.com * noop
* lb.sae.sina.com.cn * noop
* lib.baomitu.com.qh-cdn.com * noop
* mat1.gtimg.com.tegsea.tc.qq.com * noop
* materialdesignicons.b-cdn.net * noop
* mscomajax.vo.msecnd.net * noop
* sdn.inbond.gslb.geekzu.org * noop
* use.fontawesome.com.cdn.cloudflare.net * noop
* vo.aicdn.com * noop

Once you're done configuring your rules here, select Save & Commit.

Additional recommendations

Licensing

Contents of this repo are licensed under the GNU General Public License v3.0 or later (GPL-3.0-or-later) where applicable.