3P Request Blocker blocks all third-party requests in Firefox
3P Request Blocker is a new add-on for the Firefox web browser designed to block all third-party requests by default in the browser.
The description sounds a lot like NoScript, and while the core functionality is the same, both extensions offer features that the other does not provide.
Third-party requests are all requests that a site makes that load content from third-party domains. The connection can be a subdomain of the domain or an unrelated domain name.
While some third-party requests are required for a site's functionality, think of content being loaded from a content delivery network, other requests are used to display advertisement, social media buttons, tracking scripts, or other often undesirable content.
Update: The extension is no longer available. I found Third-Party Request Blocker on Mozilla's AMO Store which uses the same interface. I don't know if it is by the same author or a fork.
3P Request Blocker for Firefox
3P Request Blocker adds an icon to the Firefox main toolbar that you interact with to control the loading of third-party resources on the active website you are on.
A click on the icon displays all third-party connections the page tried to make. Any connection that is not checked there has been blocked. You can allow connections by checking the sites and clicking on the apply button afterward.
Sites that you allow are added to the extension's whitelist by default. You can enable the setting of temporary permissions in the preferences which switches the checkbox layout to a radio button layout with block, allow and temp buttons for each site listed by the extension.
3D Request Blocker offers extensive options which you access with a click on the i-icon or from Firefox's about:addons page.
Here is a quick overview of the available groups:
- Whitelist -- add, edit or remove whitelisted sites. Comes with import and export functionality.
- Filter -- lots of options to ignore, block and change functionality.
- JavaScript -- options to block JavaScript and use a JavaScript whitelist.
- Popup/icon -- cosmetic changes to the icon, for example, adding the domain count to the icon.
- Misc -- Change the language and enable temporary permissions
The Filter menu
The Filter menu deserves a closer look as it offers quite a few useful features. Here is a short list of options that it makes available:
- Do not block same domain's subdomain.
- Block Punycode domains.
- Block unencrypted requests (HTTP or ws).
- Block abnormal requests methods (allow only GET and POST).
- Block WebSocket protocol.
- Block HTTP or HTTPS on non-standard ports.
- Block requests that include your keywords in URL.
- Block resource types and ignore the whitelist doing so (beacon, csp_report, font, ping, object, object_subrequest, media, other).
- Block MIME types and ignore whitelist to prevent downloads (video, audio, PDF, Microsoft Office, LibreOffice, Applications).
- Block tracking/ads, Internet IP address and tracking/ads patterns automatically and don't show them on the menu.
The filter menu lists several interesting options which improve security while you browse the Internet.
Closing Words
3P Request Blocker is a powerful new content blocker for Firefox that users of RequestPolicy or Policeman may want to consider switching to as the extensions are no longer compatible with stable versions of Firefox.
The extension is compatible with other content blockers, e.g. uBlock Origin or AdBlock Plus.
Now You: Which security extensions do you use, and why? (thanks Robert)
Related articles
Block mining scripts with Anti-WebMiner for Windows
uBlock Origin Extra extension for Chrome
You can block WebRTC from leaking your IP now in uBlock Origin
Regarding the possible fork:
“Update: The extension is no longer available. I found Third-Party Request Blocker on Mozilla’s AMO Store which uses the same interface. I don’t know if it is by the same author or a fork.”
I’m having trust issues… the “support site” for this add-on is simply yandex.ru
The extension was last updated Jan 15, 2019 (3+ years ago, as I write this)
Requires lots of permissions from an untrusted source
A shame that the original disappeared. Am looking for a uMatrix replacement and there doesn’t appear to be one anywhere.
The only real suggestion is uBlock Origin in Medium Blocking Mode: which is a real pain to use: all the plus/minus signs; global/NoOp; Allow vs NoOp… still the domains/scripts/resources get through. Even after spending time reading all tutorials, uBO isn’t nearly as effective as uMatrix (and the long discontinued RequestPolicy)
i heavily rely on RequestPolicy, and this is not a good candidate for replacement.
although the ideas are almost the same, user experiences are very different…
take a look to this add-on as well, cheers
https://addons.mozilla.org/it/firefox/addon/redmorph-browser-controller/
The extension was removed.
The URL changed, extension is still available.
@Martin Brinkmann – i think it’s gone or the name changed because i can’t find it. Please update he Link if you know it.
Just don’t select JS checkbox. It’s fine. I am able to use this addon with uBlock.
Might give this a spin with a new FF profile, but for my day-to-day use, VPN+uMatrix+uBo+Decentraleyes is still the unbeatable privacy combo.
If you don’t mind that your VPN knows all websites you visit like your ISP would otherwise, and assuming it’s good enough.
From post: “The extension is compatible with other content blockers, e.g. uBlock Origin or AdBlock Plus.”
Incidentally, 3P Request Blocker’s ‘About this extension’ description indicates the following …
“Block Javascript. Disabled by default.
(If you’re going to use this function, delete uBO and pick “Adblock Plus”. uBO will override this add-on and allow your browser to run inline JS.)”
I for one had no idea about such extensions, umatrix or otherwise and as such, find this to be a good find. Thanks Martin! Useful posts as ever.
archie
Good option for home or work networks is to set up Pi-Hole: https://pi-hole.net/
Works great
The issue I’ve found with similar add ons is they have to be kept up to date as FF’s config entries change from version to version or they may not block as intended or start adversely affecting browser functionality. Better, IMO, to learn the config settings, use an unbloated ad block, learn to config the firewall and use something like CCleaner to disable the hidden tracking stuff in ff and hidden cookies that remain even if all the caches are cleaned. The OS collects and saves browsing data, too, with edge and the win browser.
Seems blocking third party cookies still breaks a lot of sites so I allow them, then remove them later. Using a VPN that’s actually a VPN scrambles most of this stuff.
Extensions adapt themselves to browsers’ updates (or not, btw) but as far as deciding on which 3rd-party sites may be accessed or not the principle is always the same and little to do with a browser’s own settings : you’re on a site, that site calls one/several other sites, some calls as mentioned in the article are required, some may be blocked, others should be blocked. The idea is that if you don’t let the jackass in you won’t have to kick him out, not to mention what the jackass does before he’s ejected (and what more even when not boxed to the exit, when we know some users who never clear their history, cookies, cache…).
uMatrix and uBlock make quite a lot of internet connection. Adblock filters are automatically download when you start the browser.
> uMatrix and uBlock make quite a lot of internet connection. Adblock filters are automatically download when you start the browser.
False.
A filter list is downloaded only when ALL the following conditions are true:
– A filter list in use is out of date
– Auto-update is enabled
– More than 5 minutes has elapsed AFTER the extension has launched
The 5+ minutes period above before auto-update kicks in gives time for a user to disable auto-update if they wish.
Filter lists selected by default are shipped with the extensions, so *even* at first install time uBO typically does not connect to any remote server — the only exception is when uBO auto-selects one of the regional filter lists because these are not shipped with the package.
After first install, uBO/uMatrix never connects to remote server at browser launch time, as per above points.
So the statement “lot of internet connection” and “automatically download when you start the browser” are downright false and amount to nothing more than FUD.
Speaking of the devil haha
Appreciate the good work lad.
Avon calling :
“uBO / Dashboard / 3rd-party filters / Auto-update filter lists [Check/Uncheck]
If unchecked, remember to update the lists manually : 1- Purge all caches, 2- Update now.”
Install Wireshark and look closely.
1. Don’t select anything(zero list)
2. Add http://localhost/mylist.txt
3. Update it
You should ‘only’ see a connection to localhost, but uBlock/Matrix is sending some request to different servers.
> You should ‘only’ see a connection to localhost, but uBlock/Matrix is sending some request to different servers.
uBO/uMatrix also need to update assets.json[1] (hosted on GitHub) and the Public Suffix List (hosted at Mozilla’s publicsuffix.org) when these are deemed out of date and you force an update. This is the “other related assets” in uBO/uMatrix’s privacy policy[2].
These are deemed out of date after a much longer time than filter lists, and they respect the auto-update setting.The connections occurred because you forced an update of the assets and these assets were out of date.
If your intention was not to spread FUD, you would detail exactly what you saw instead of vague “some request to different servers”.
[1] https://github.com/gorhill/uBlock/blob/master/assets/assets.json
[2] https://github.com/gorhill/uBlock/wiki/Privacy-policy
Thanks for clearing that up gorhill!
Yo gorhill.
“uBlock Origin connects to a remote server is to update the filter lists and other related assets”
https://github.com/gorhill/uBlock/wiki/Privacy-policy
You need to explain more. And you should stop yelling FUD FUD FUD.
Your behavior is being cheap, Anonymous, when Gorhill is so honest that he took the time to explain how he first perceived your comment then how he understood what you were trying to get to. Because Gorhill explained what your approximations failed to do doesn’t mean you’re entitled, little anonymous guy, to take things from high, that is a cheap attitude.
You can disable it with three clicks
Plot twist, it’s actually four clicks!
you can disable that in 3 clicks
You can disable that with just three clicks.
uMatrix is sending greetings. Nothing new here.
Why isn’t that even mentioned? There is no doubt this is the best 3P/script blocker so far
@ Grindelin
Martin blogged “A uMatrix guide for Firefox” on November 28, 2017.
Show some initiative and type “umatrix” into the search box at the top of the page.
I am a Gorhill (,Raymond) addon fan myself but I am always a fan of alternatives being mentioned. :) not everyone likes the same exact programs/program addons
Diversity, pluralism is a necessary condition of evolution and progress. Not sufficient though :=)
Because this article is about 3P Request Blocker , not uMatrix