created: 2017-11-16, last modified: 2018-02-28
created: 2017-11-16, last modified: 2018-02-28

Howto use uMatrix

uMatrix is a very powerful tool, but using it requires that you understand its concept of defaults, inheritance, and especially its "scopes".

uMatrix allows to declare which web pages are allowed to load which kinds of elements (Images, Cookies, Javascript etc.) from which other domains, set defaults, and store declared permissions to be automatically applied again next time.

The scopes-feature allows to not only apply or reject third-party cookies, but to extend the idea of blocking third-party elements to images, scripts etc. This helps to prevent snooping companies from following you around, while you visit different web pages.

Declaring scopes for permissions allows to make the permissions depending on the domain you are currently on. You can allow a certain kind of elements to be loaded from a certain domain always, or only when you are on a certain domain, or only when you are currently on that same domain. This can for example be used to allow Cookies or Javascript from Facebook only if you actually are on a Facebook website, but not if you are on any other site, that just embeds the Facebook icon and its associated scripts.

Basic Use

Click on the uMatrix icon.
uMatrix shows a table. The rows of this table are labled with domains, and the colums are labled with features.

The color of the fields show if that feature is permitted to be loaded from that domain. Green means permitted, red means blocked. Intensive colors show a specific permission and block, light colors show inherited permissions and blocks.

The list of domains shows from where the currently loaded web page tries to fetch additional contents. The columns show which kind of content it is. The numbers in the fields show how many requests of that kind (columns) are declared to be loaded from that domain.

To manually permit loading certain elements from a domain, click in the upper half of the field in the intersection of the domain and the feature. Click the lower half to block it. Click again do remove a permission or a block. If a certain kind of contents is neither explicitely permitted, nor blocked, then the permission will be determined by inheritance. More on this below.

If the upper left corner of a field has a different color than the rest, then the color of that corner shows the permanently saved state, and the rest of the field shows the current, temporarily modified state. To save the current state permanently, click the lock icon. The small number behind the lock item shows the number of unsaved changes.

There are two kinds of inheritance. One is from defaults and settings for current domain to specific domains, more on this later. The other is from domains to subdomains.

Usually subdomains inherit the permission (color) of the domain, but if you let uMatrix display subdomains, you can see and configure them individually. To do this let the mouse hover over the field labled "all" to make a tiny arrow appear. Click on the arrow to make it flip between pointing upwards and downwards. If it points upwards, subdomains are collapsed, and only the main domains shown. If it points downwards, uMatrix shows all used subdomains.


The big field on the left of the icons allows to change the scope. The most important scopes are the global scope (shown as a star symbol), and the current domain (labled with the name of the domain).

Changing the scope has two effects. It determines when your permissions and blocks are applied, and it toggles the display from showing the effect of inheritance.

If the global scope is selected, then the permissions and blocks that you declare will be applied regardless which page you are on, and the effects of inheritance are not show.

An example for a global rule would be to always allow or always deny the Facebook like button, on all web pages.

If a domain is selected as scope, then the colors in the table show the effect of inheritance (from domains to subdomains, and the rules for current domain), and the rules that you set there will be applied in the future only when you are again on that same domain.

The topmost domain line is labled "current domain". You should only make settings in this line while you have the global scope selected. These settings will apply to elements which are loaded from the same domain as the web page you have currently loaded, i.e. not third-party domains.

Howto configure uMatrix to behave mostly like noscript

edit the rules to make them contain
* * * block
* 1st-party * inherit
* 1st-party cookie allow
* 1st-party css allow
* 1st-party image allow

How can this be achieved in the UI, without manually editing the config?

see also:
HTTP Switchboard Wiki
User Guide