Overview
Safety Shield is a userscript designed to block trackers, remove ads, prevent malicious redirects, and protect your privacy while browsing the web. It operates entirely within your browser, requiring no external connections or data transmission.
Key Capabilities
- Blocks analytics trackers (Google Analytics, Facebook Pixel, Hotjar, etc.)
- Removes advertising banners and ad iframes
- Prevents external redirects from hijacking your navigation
- Protects against digital fingerprinting techniques
- Blocks executable file downloads (.exe)
- Removes DNS prefetch requests
- Prevents malicious script injection
- Works with 3 security profiles: Relaxed, Balanced, and Paranoid
What Makes Safety Shield Different
Unlike traditional ad blockers that work at the network level, Safety Shield operates at the JavaScript/DOM level. This means it protects against fingerprinting attempts, DOM-based redirects, and runtime script injections that network-level blockers cannot catch. The script uses a split-phase initialization to ensure protection even against redirects in the HTML head.
How It Works
Initialization Process
Safety Shield uses a two-phase initialization system to maximize protection coverage:
Phase 1: Core Initialization (document-start)
When the page begins loading, Safety Shield immediately patches critical JavaScript functions before any scripts can execute. This phase covers:
- Intercepting location.href assignments
- Patching location.assign() and location.replace()
- Blocking window.open() calls to external sites
- Initializing fingerprint protection
This early injection ensures that even malicious code in the HTML head cannot redirect you before Safety Shield is ready.
Phase 2: UI Initialization (DOMContentLoaded)
Once the DOM is ready, Safety Shield activates its full protection suite:
- DOM mutation observers for tracking ad and tracker removal
- Status indicator button in bottom-right corner
- Keyboard event listeners for shortcuts
- Link click protection
Detection Mechanisms
Tracker Detection
The script maintains a list of known tracker domains. It checks every URL against this list using both exact domain matching and subdomain detection. For example, it recognizes both "google-analytics.com" and "analytics.example.com" as trackers.
Ad Detection
Advertisements are identified through a combination of domain-based detection and DOM element patterns. The script looks for elements with specific ID or class names commonly used by ad networks, such as elements containing "ad", "banner", or "sponsor".
Redirect Detection
When in Paranoid mode, any navigation to a domain different from the current site is treated as a potential redirect and blocked. This is the most aggressive protection mode.
Observer System
Safety Shield uses DOM MutationObservers to continuously monitor the page for new elements. When ads or tracking pixels are added dynamically (common on modern single-page applications), they are detected and removed. The observers use debouncing to avoid excessive processing and CPU usage.
Fingerprint Protection
The script protects against device fingerprinting by:
- Spoofing the browser language to "en-US"
- Spoofing the platform to "Linux x86_64"
- Replacing Canvas.toDataURL() responses with dummy images
- Returning generic values for WebGL vendor/renderer information (Paranoid mode)
Rule System
The script has an extensible rule system. Built-in rules detect trackers and ads, but you can add custom rules via the JavaScript API. Rules support both exact domain matching and regex patterns.
Installation
Step 1: Install a Userscript Manager
You need a userscript manager to run Safety Shield. The most popular and recommended option is Tampermonkey, available for all major browsers.
Step 2: Create New Script
- Click the userscript manager icon in your browser toolbar
- Select "Create a new script" or "New Script"
- You'll see a template with basic script metadata
Step 3: Paste Safety Shield Code
- Copy the entire Safety Shield Pro v6 script code
- Replace the template in your script editor with the Safety Shield code
- The code includes the @match and @grant directives needed
Step 4: Save and Enable
- Save the script using Ctrl+S (Windows/Linux) or Cmd+S (Mac)
- The manager will show a confirmation message
- The script is automatically enabled on creation
- Refresh any open web pages to activate Safety Shield
Verification
Once installed, you should see a small green indicator in the bottom-right corner of websites (showing something like "T A (5)"). This confirms Safety Shield is active and tracking blocked items.
Alternative: GreasyFork
You can also install Safety Shield directly from GreasyFork:
Install from GreasyForkFeatures
Tracker Blocking
Identifies and blocks over 14 known analytics and tracking services including Google Analytics, Facebook Pixel, Hotjar, Mixpanel, Segment, Amplitude, Intercom, Drift, and Optimizely. Also removes tracking pixels and DNS prefetch requests.
Ad Removal
Removes advertisement banners, ad iframes, and suppresses ad networks. Targets both common ad networks and elements marked with ad-related IDs and classes.
Redirect Protection
Prevents malicious redirects to external sites. In Paranoid mode, blocks any navigation to domains different from the current site. This includes preventing JavaScript redirects, form hijacking, and meta-refresh attacks.
Fingerprint Spoofing
Prevents websites from identifying you based on your browser's unique technical characteristics. Spoofs browser language, platform, and protects Canvas and WebGL fingerprinting.
Executable Blocking
Prevents .exe file downloads, protecting against malware distribution through your browser.
Dynamic Reconfiguration
Change security settings without reloading pages. Toggle individual protections or switch between profiles instantly.
JavaScript API
Advanced users can access Safety Shield's API through the global window.SafetyShield object to add custom rules, inspect state, and control modules programmatically.
Debug Mode
Press D to enable detailed logging. Access SafetyShield.getState() in the console to inspect active observers, loaded rules, and blocking statistics.
Keyboard Shortcuts
Toggle Protection
Press these keys to instantly enable or disable individual protections:
| Key | Function | Description |
|---|---|---|
| L | Toggle EXE Blocking | Enable/disable blocking of .exe downloads |
| T | Toggle Tracker Blocking | Enable/disable tracking script detection |
| A | Toggle Ad Blocking | Enable/disable advertisement removal |
| R | Toggle Redirect Blocking | Enable/disable external redirect prevention |
Profile Selection
Quickly switch between security profiles:
| Key | Profile | Protection Level |
|---|---|---|
| 1 | Relaxed | Minimal (EXE blocking only) |
| 2 | Balanced | Standard (recommended default) |
| 3 | Paranoid | Maximum (aggressive protection) |
Utilities
| Key | Function | Description |
|---|---|---|
| C | Clear Log | Reset the blocked items counter to zero |
| D | Toggle Debug | Enable/disable detailed console logging |
| ? | Show Help | Display shortcuts and information popup |
Note
Shortcuts do not work when typing in input fields, text areas, or select boxes. This prevents accidental toggles while filling forms.
Security Profiles
Relaxed Profile (1)
Protection Level: Minimal
Best For: Sites you completely trust
Enabled Features:
- ✓ EXE file blocking
Disabled Features:
- ✗ Tracker blocking
- ✗ Ad removal
- ✗ Redirect blocking
- ✗ Fingerprint protection
Use this profile on sites that require full functionality without protections, such as banking websites or services that detect security modifications.
Balanced Profile (2 - Recommended)
Protection Level: Balanced
Best For: General browsing (default)
Enabled Features:
- ✓ EXE file blocking
- ✓ Tracker blocking
- ✓ Ad removal
- ✓ Light fingerprint protection
- ✓ DNS prefetch blocking
- ✓ External script blocking
Disabled Features:
- ✗ Redirect blocking
- ✗ Aggressive fingerprint protection
This profile provides strong privacy protection while maintaining compatibility with most websites. It blocks trackers and ads while allowing legitimate site functionality.
Paranoid Profile (3)
Protection Level: Maximum
Best For: Security-conscious users, sensitive sites
Enabled Features:
- ✓ EXE file blocking
- ✓ Tracker blocking
- ✓ Ad removal
- ✓ Aggressive fingerprint protection
- ✓ DNS prefetch blocking
- ✓ External script blocking
- ✓ Redirect blocking
This profile offers maximum protection but may break some sites. Recommend using temporarily on untrusted sites or reverting to Balanced if functionality issues occur.
Switching Profiles
Profiles can be switched instantly without page reload. When you switch profiles, all settings are automatically saved. The active profile is indicated in the status popup (press ?).
Usage Guide
Basic Usage
- Install Safety Shield using the installation steps above
- The script activates automatically on all websites
- Look for the green status indicator in bottom-right corner
- Press ? to see the help popup with all options
Status Indicator
The bottom-right green indicator shows the current protection status. For example:
T A (52)- Tracker (T) and Ad (A) blocking active, 52 items blockedE T A R (120)- All protections active, 120 items blocked○ (0)- Relaxed profile active, no items blocked
Hover over the indicator to see detailed statistics and current profile.
Common Scenarios
Site Breaks with Protection Enabled
- Quickly press 1 to switch to Relaxed mode
- If the site works, protection was the cause
- Complete your action (login, payment, etc.)
- Press 2 to return to Balanced protection
Block a Specific Tracker or Ad Network
- Open browser console (F12 on most browsers)
- Type:
SafetyShield.rules.addTrackerRule({ domain: 'tracker.example.com' }); - Press Enter - blocking takes effect immediately
Check What Was Blocked
- Press ? to open help popup
- The popup shows total blocked count
- Or press D and check console with
SafetyShield.getState()
Temporarily Disable All Protection
- Press 1 for Relaxed profile
- Only EXE blocking remains active
- Press 2 or 3 to re-enable
Advanced Usage
JavaScript Console API
Open the browser console (F12) and access the Safety Shield API:
SafetyShield.getState()- View current configuration and statisticsSafetyShield.settings.setProfile('balanced')- Change profile programmaticallySafetyShield.debug.enable()- Enable detailed loggingSafetyShield.rules.addTrackerRule({ domain: 'example.com' })- Add custom rule
Custom Rules with Regex
For more advanced blocking, use regex patterns:
SafetyShield.rules.addAdRule({ regex: /my-ad-network/ })SafetyShield.rules.addTrackerRule({ regex: /analytics|track/ })
Module Control
Disable or enable specific modules:
SafetyShield.modules.tracker.disable()SafetyShield.modules.ads.enable()SafetyShield.modules.redirect.disable()
FAQ
Installation & Setup
Q: Is Safety Shield free?
A: Yes, completely free and open-source. No ads, no tracking, no premium features.
Q: Does it collect my data?
A: No. Safety Shield runs entirely in your browser with zero external connections. All processing happens locally on your machine.
Q: Which browsers does it support?
A: All modern browsers: Chrome, Firefox, Safari, Edge, Opera, and any Chromium-based browser. Requires a userscript manager (Tampermonkey, Violentmonkey, or Greasemonkey).
Q: Does it slow down my browser?
A: Minimal impact. The script uses efficient DOM observers with debouncing and makes no network requests. CPU usage is typically less than 2%.
Functionality & Compatibility
Q: Will it break websites?
A: Most sites work fine with Balanced profile. Some OAuth logins, payment processors, or CAPTCHA services may require temporarily switching to Relaxed mode. This is documented when it occurs.
Q: Can I use it with ad blockers like uBlock Origin?
A: Yes! Safety Shield and uBlock Origin complement each other. Safety Shield handles JavaScript-level protection while uBlock Origin blocks at the network level. Combined protection is very strong.
Q: What happens if I reload the page?
A: Safety Shield persists settings across page reloads and browser sessions. Custom rules are stored in memory and persist during the browser session.
Q: How does it handle single-page applications (SPAs)?
A: The script's DOM observers and dynamic reconfiguration system handle SPAs well. Protections continue to work as you navigate within the application.
Privacy & Security
Q: Is this a complete privacy solution?
A: No. Safety Shield provides an additional protective layer, but complete privacy requires a VPN, privacy-focused browser, and avoiding services like Google/Facebook. Use this alongside other privacy tools.
Q: Can websites detect that Safety Shield is active?
A: Advanced websites could potentially detect patches through methods like checking function.toString() results. However, Safety Shield attempts to hide these modifications for discretion.
Q: Does it prevent browser fingerprinting?
A: It reduces fingerprinting risk by spoofing common vectors (language, platform, Canvas), but determined trackers may still identify you through other means. It's a protective layer, not a complete solution.
Troubleshooting
Q: The script doesn't appear to be working. What do I check?
A: Verify: 1) The green indicator appears in bottom-right, 2) Refresh the page if indicator is missing, 3) Check that the script is enabled in your userscript manager, 4) Verify you installed in the correct manager application.
Q: Some features aren't working. What should I do?
A: Try switching to Relaxed mode with key 1. If features work, the protection was the issue. Alternatively, disable individual protections with L, T, A, or R keys.
Q: The indicator shows blocked items but I don't see changes on the page.
A: Some blocked items may not be visually obvious (like invisible tracking pixels or DNS prefetch requests). Press ? to see the help popup for more information.
Q: How do I report a bug?
A: Note the site and action that fails. Press D to enable debug mode and check the console output. Report on GreasyFork or the project repository with this information.