To support development, click the heart :)
Bitcoin: 39VJ5L9Yd6WocG6r88uE7ZZnM5J2M5bW92


General Settings

(Default: enabled)
(Default: disabled)

(Default: Block)










(Default: Control Cross-Domain Requests (allow Same-Domain); control XML HTTP Requests)
(Default: enabled; show popup when settings synced to your Google Account)
(Default: enabled; show popup when settings synced from your Google Account)
(Default: enabled; show changelog page when ScriptSafe is updated)
(Default: enabled)

Available hotkey actions:

  • Temporarily allow/block all resources for a current tab
  • Remove temporary permissions for a current tab
  • Remove all temporary permissions

Configure ScriptSafe hotkeys (click on "Keyboard Shortcuts")

(Default: disabled; prevent sites from reading your browser plugin details)

Whitelist ():

Domain:
 

(Default: Disabled; protect against fingerprinting attempts through <canvas> elements)

Whitelist ():

Domain:
 

(Default: disabled; prevent fingerprinting via the AudioContext API)

Whitelist ():

Domain:
 

(Default: disabled; prevent fingerprinting via the WebGL API)

Whitelist ():

Domain:
 

(Default: disabled; prevent fingerprinting via the Battery API)

Whitelist ():

Domain:
 

(Default: disabled; prevent having hardware devices detected via the WebRTC API)

Whitelist ():

Domain:
 

(Default: disabled; prevent having devices detected via the Gamepad API)

Whitelist ():

Domain:
 

(Default: disabled; prevent having devices detected via the WebVR API)

Whitelist ():

Domain:
 

(Default: disabled; prevent having devices detected via the Bluetooth API)

Whitelist ():

Domain:
 

(Default: disabled; prevent system fonts from being enumerated through <canvas> elements. May interfere with Google Docs.)

Whitelist ():

Domain:
 

(Default: disabled; prevent fingerprinting through calculating element rectangles. May interfere with some dropdowns.)

Whitelist ():

Domain:
 

(Default: disabled; prevent pages from interfering with clipboard actions)

Whitelist ():

Domain:
 

(Default: disabled; make keypress timings more random to increase anonymity (NOTE: adds a random delay between keypresses; disable this setting if unacceptable))

ms (Default: 40ms)
(Default: disabled; block allowed domains on unlisted domains)
(Default: enabled; remove unwanted content from known ad / malware domains; domains gathered from MVPS HOSTS, hpHOSTS (ad / tracking servers), Peter Lowe's HOSTS Project, MalwareDomainList.com)
(Default: enabled; blocks cookies from known ad / malware domains; below mode applies to this as well)
(Default: Relaxed; Relaxed = whitelisted domains will not be blocked; Strict = domains in the unwanted domain list will be blocked even if whitelisted)
(Default: disabled; always remove social widgets/buttons, even if whitelisted)
For more comprehensive blocking, check out Privacy Badger, Disconnect, Blur, and/or uBlock Origin with all of the subscription lists on the Fanboy site)
(Default: enabled; remove "invisible" third-party elements)
(Default: disabled; remove Google Analytics (UTM) tracking tokens)
(Default: disabled; remove possible tracking tokens passed using hash, where there is an attribute and value (e.g. #xtor=RSS-1))

(Default: Protect Local IP; prevent IP address leakage)
(Default: Only on Unwhitelisted Domains; blocks referrer information when clicking on third-party links (note: setting this to "On All Domains" may cause issues (e.g. thumbnails in Tweetdeck))
(Default: disabled; spoof or randomize your timezone. NOTE: if enabled, it may interfere with replying to emails in Gmail.)
(Default: -Off-; spoofs your user-agent (browser and OS))

useragentstring.com | whatismybrowser.com


(Default: -Off-; warning: if enabled, may "break" some sites (e.g. logging in))


(Default: -Off-; modifies how all links are opened)
(Default: Disabled; preserve same-domain elements)
(Default: enabled; auto-refresh page after list change)
(Default: enabled; if ticked, adds rating button under domains in tab popup)
(Default: disabled; if ticked, closes tab options everytime an option is clicked)
(Default: enabled; sorts URL lists by domains on this page and in the panel)

  • Entire Domain Matching: match an entire domain by adding **. in front of it (or click on "Trust"/"Distrust" for an existing entry below).
    Example: **.domain.com will match domain.com, a.domain.com, 1.2.domain.com and even 1.2.3.domain.com
  • Wildcard Matching: match any string of characters (except periods ".") with a * character.
    Example: *.domain.com will match a.domain.com but not domain.com (no subdomain)
  • Single-Character Matching: match any single character with a ? character.
    Example: cat?.com will match cats.com and cat5.com

  • Note 1: you are able to combine the various matching expressions (e.g. 192.16?.*.*, *.cat?.c*, abc*xyz.com)
  • Note 2: IPv6 URLs must contain square brackets (e.g. [2001:4860:0:2001::68])
  • Note 3: the "www." prefix is automatically handled, so all entries below have it stripped out

Whitelist () (clear | bulk import)


Tip: press CTRL+F to search the lists

Blacklist () (clear | bulk import)

Bulk Import

Copy and paste domains into the box below. Each domain should be on a separate line.

ImportExport (select all)



Translations: Chinese - Simplified (Chiuwing LUK), Chinese - Traditional (Sam Lee), Czech (callipso), Dutch (Robert J. Klop), French (Marc0303), German (Daniel Neubauer (d4nin3u), Daniel Ring), Hungarian (Calmarius), Italian (Ezio Tescari), Japanese (noushibou, たこすけ), Korean (ARMO), Latvian (Hudozhnik), Polish (Galileusz), Romanian (Sirius98), Russian (WatsonRus), Spanish (Enrique Arróniz Ramos), Swedish (Guy Fredlund)