This checklist is for users who want practical privacy improvements without breaking daily browsing. You can complete all checks in about 10 minutes and revisit monthly.
Quick Checklist
- 1. Enable strict tracker blocking: Set global anti-tracking mode to strict and verify third-party trackers are blocked by default.
- 2. Lock cookie behavior: Block third-party cookies and clear site data when you sign out of sensitive services.
- 3. Set secure DNS: Use a trusted DNS-over-HTTPS provider and disable insecure fallback mode.
- 4. Review extension permissions: Restrict broad "Read and change all data" access unless it is required.
- 5. Remove stale extensions: Uninstall extensions not used in the last 30 days to reduce attack surface.
- 6. Use profile separation: Keep work and personal browsing in separate profiles.
- 7. Restrict notification prompts: Disable automatic notification popups from unknown sites.
- 8. Verify download protections: Keep safe browsing and download scanning enabled.
- 9. Disable background sync where possible: Reduce passive metadata leaks from idle tabs.
- 10. Check autofill scope: Limit card and address autofill to trusted domains only.
- 11. Enforce HTTPS-first behavior: Enable secure connection upgrade attempts before loading HTTP.
- 12. Schedule monthly audit: Add a recurring reminder to rerun this list.
Recommended Setting Values
Use this baseline unless you have compatibility needs for a specific corporate app:
- Tracking protection: Strict
- Third-party cookies: Blocked
- Secure DNS: Enabled with trusted resolver
- Site notifications: Ask/Blocked by default
- Password leak alerts: Enabled
Extension Permission Hygiene
Extensions are the largest privacy risk surface in Chromium-based browsers. Prioritize these checks:
- Switch site access from "On all sites" to "On click" when possible.
- Prefer open-source or well-maintained extensions with transparent changelogs.
- Remove abandoned tools that have not shipped updates in months.
- Re-check extension permissions after every major browser update.
Frequently Asked Questions
Will strict tracking protection break websites?
Some sites may need exceptions. Keep strict mode globally, then whitelist only the domains that fail critical flows.
How often should I rerun this checklist?
Monthly is enough for most users. Run it immediately after adding new extensions.
Is this checklist still useful if I already use uBlock Origin?
Yes. uBlock covers network filtering, but browser-level privacy controls and permission hygiene still matter.
Next Step: Speed + Stability
After privacy hardening, run the performance tuneup guide to improve startup speed and tab responsiveness.
Open Performance Tuneup 2026