I'm using uMatrix and it blocks by default all connections outside the requested...

noja · 2025-08-20T07:12:37 1755673957

How does uMatrix handle the Facebook tracking pixel, or the replacement which is the Conversions API Gateway?

This is a container that FB gives you to host that lives under your domain (it can be your main domain) that slurps up user data and sends it to Facebook from the server side. You embed some JS in your website, and they hoover up the data.

M95D · 2025-08-20T07:57:57 1755676677

It doesn't handle it. Anyway, there's no way to know what a website does on the server site. Even a completely static website could be sending the server logs somewhere.

There are options to not load JS, images, XMLHttpRequests, frames, cookies, for each site, but it doesn't list individual files.

noja · 2025-08-20T09:44:14 1755683054

Then why use it? They're number one.

M95D · 2025-08-21T07:41:33 1755762093

No other extension is giving me control like uMatrix does, even considering it's limits.

thaumasiotes · 2025-08-20T07:22:20 1755674540

> On my system https://ceac.state.gov/genniv/ tries to connect to captcha.com, google-analytics, googletagmanager, 127.0.0.1 and "burp" (a local hostname that doesn't exist in my network).

That will be this burp: https://portswigger.net/burp/documentation/desktop/tools/pro...

Sounds like they don't want you to analyze their site.

user070223 · 2025-08-20T07:56:49 1755676609

uMatrix is archived and I think uBlockOrigin is now advised to use(which incorporate uMatrix by enabling advanced settings)

For those who want to try blocking more stuff you can enable hard mode and bind relax blocking mode keyboard shortcut

I'd recommend also enabling filter lists(I advice yokoffing/filterlists and your region/language)

https://github.com/gorhill/uBlock/wiki/Blocking-mode:-hard-m...

M95D · 2025-08-20T09:08:03 1755680883

But uBlockOrigin UI is so much worse...

Besides, uMatrix works fine. It's that kind of program that doesn't need any updates.

rapnie · 2025-08-20T14:05:24 1755698724

I would really like an intuitive UI for people who don't want to do 'a project' to get their config tight.

M95D · 2025-08-21T08:01:22 1755763282

But it is intuitive... I don't know what you mean.

You can't manage a whitelist with a single big red on/off button, if that's what you want.

akimbostrawman · 2025-08-21T09:29:00 1755768540

You technically can, that is what community website rule Recipe are for.

M95D · 2025-08-22T09:40:48 1755855648

I didn't knew community/public whitelists exist, nor any browser extension that uses whitelists and blocks all other connections by default, like uMatrix does. Do you have any examples?

akimbostrawman · 2025-08-25T08:07:55 1756109275

I meant that uMatrix has that community rules recipe feature you can apply with few clicks.

account42 · 2025-08-20T09:14:36 1755681276

Until uBO has an even remotely usable interface for this use case people (including myself) will continue to use uMaxtrix or forks of it instead.

freedomben · 2025-08-20T17:47:49 1755712069

Amen. I would (and did!) switch browsers to continue using uMatrix rather than go without (and uBO is not a replacement)

Semaphor · 2025-08-20T08:22:56 1755678176

I reluctantly switched to only uBo because of uM bugs. But the UI/UX is just a huge step backwards to enable mobile usability.

OJFord · 2025-08-20T08:50:13 1755679813

uBO advanced settings still isn't as flexible as uMatrix was though, fwiw. (I did give in and switch in the end though.)

aembleton · 2025-08-20T09:30:20 1755682220

With uBO I can't block cookies by domain.

quietfox · 2025-08-20T07:21:13 1755674473

It seems to try to check if you are using the Burp Suite on their web application.

samsonradu · 2025-08-20T06:57:03 1755673023

How does it manage to hide the requests to 127.0.0.1 from the network tab?

worthless-trash · 2025-08-20T07:35:00 1755675300

The requests are not made, because some operating systems prevent this.

If you're on OSX, the permission to "discover on the local network" prevents it from happening ( System Settings -> Privacy & Security -> Local Network -> yourbrowser )

Could also be 'network' permissions on firefox ( Go to Settings > Privacy & Security > Permissions ) which is on a per site level, but iirc that could be set site-wide at some point.

The other browsers likely have similar configs, but this is what I have found.

snowwrestler · 2025-08-20T14:09:17 1755698957

Looks like this is new to MacOS 15 Sequoia, as I don’t see a Local Network option in Sonoma.

M95D · 2025-08-20T07:11:44 1755673904

I have no ideea. Possibly that's a limitation of Chrome+Firefox developer tools (I get the feeling it's the same code)?

But I found what "burp" is: https://portswigger.net/burp/communitydownload

culturestate · 2025-08-20T07:37:47 1755675467

It seems like they only make the localhost requests on your first visit. If you open devtools in incognito mode (or just clear the cookies) before accessing https://ceac.state.gov/genniv/ you should see those 127.0.0.1 attempts as ERR_CONNECTION_REFUSED in the network tab.

Somewhat more worryingly, Little Snitch doesn't report them at all, though that might just be because they were already blocked at the browser.

inferiorhuman · 2025-08-20T09:25:16 1755681916

This is what I see.

https://i.imgur.com/lvjg2YQ.png

hoherd · 2025-08-20T10:30:48 1755685848

> 400_random_url_with_numbers_403

That looks so much like test code that was shipped to prod.

Searches for that string on GH does return results.

sylware · 2025-08-20T09:25:02 1755681902

Whitelisting seems to be the way to go. With IPv6 and OS generated IPs (up to what the ISP domestic router allows) could be very efficient.