How do I use Shields while browsing? Follow
Knowing how to read and use the Shields panel will help keep you informed and safe while browsing. We’ll go through and briefly detail each section of the Shields panel and what they mean or control.
Observe the image below:
The top section of the panel is fairly straightforward but we should highlight and define a few things.
Shields State
Use this toggle inside the Shields panel to switch between Up and Down states. You can think of this as a “power” button for Shields. Note that the Shields icon in the address bar will change depending on its state.
When Shields are Up:
- The icon is orange
- Protections are currently “on” or “active and are monitoring/blocking content on the site you’re currently viewing.
When Shields are Down:
- The icon is light grey
- Protections are “off” or “inactive” and the page web page you’re viewing will display and allow all content the site requests to render.
Domain Name and Block Count
The domain name for the site you’re currently visiting is displayed in the center of this section, along with the total number of page elements Brave has blocked on the site during this session. Remember that the name that appears here is the only site that will be affected by changing any settings in the panel. The block count for the site listed will reset every time you leave the site or the page is reloaded.
Protections
Shields can block several different types of online content from tracking software to phishing/malware attacks. The protections listed here are the same ones listed in the Default Shields settings:
Block trackers & Ads
This switch lets you block ads that appear in web pages and the trackers which come with them. Notice that this setting controls both ads and trackers. Most ads are you see on the Web also try to track you. Rather than split up which trackers also include ads, we just control all of them with one switch.
The number next to the Block ads & Trackers protection
reflects the number of ads/trackers blocked. Click the number of blocked trackers to reveal a list of everything blocked by Brave on the current domain:
By default Brave will not block first Party ads which are actually part of the sites you visit — only those which are embedded from other sources on websites. An ad that’s part of the site you’re visiting isn’t surveilling you online — we already block all the trackers which do this. It can often be difficult to decide which parts of a site are really ads.
Consider the case of “sponsored” blog posts - should these be blocked? What about shopping sites which tell you all the great features of the product you’re looking at and it's accessories? We steer clear by only blocking tracking — and this includes most ads.
However, Shields does offer an Aggressive
option for blocking Ads and trackers. Selecting the Aggressive
option will block all site ads and trackers, including the first party ones.
Upgrade Connections to HTTPS
For every website you visit, Brave Browser attempts to use secure connections (HTTPS) by default. If an address to a web page uses the insecure HTTP protocol, Brave will automatically “upgrade” the address to the secure HTTP protocol and try that first. If the website is found not to support HTTPS, Brave will fall back to using HTTP.
Note that HTTPS upgrades are attempted on navigations that happen in the main frame of the browser including navigations manually initiated by typing in the address bar, clicking on an in-page link and top-level navigations initiated by a script. For sub-resources, Brave tries to upgrade insecure passive mixed content (e.g. images, media) on an HTTPS page and block the resource if the upgrade fails. Brave blocks insecure active mixed content (e.g. scripts, CSS) on an HTTPS page. Sub-resource upgrading is not affected by this feature.
You can disable automatic upgrades for a particular website by clicking the “Upgrade connections to HTTPS” menu and choosing the “Don’t upgrade HTTP connections” option.
Brave is also capable of providing even stronger protection against insecure web connections.
Script Control
By default, Brave lets sites run JavaScript. Many websites require the use of JavaScript in order to display properly or access some functionality of the site. If you elect to block scripts, the number scripts blocked on a webpage will be reflected next to the setting.
Similar to the Block trackers & ads protection, clicking the number of blocked Scripts reveals a detailed view of all scripts blocked by Brave. Note that this is an advanced feature. If you block scripts, a lot of sites will break. Don’t turn this on unless you’re willing to open the Shields panel on most of the sites you visit.
Cookie Control
Use this setting to tell Brave whether or not to block, send, or accept first or third party cookies on the domain currently in focus. By default, Brave will allow first party cookies and block cookies from any third party. First party cookies are normally needed for you to log into a site.
The Cookie Control setting uses a drop-down menu containing three separate states:
- Cross-site cookies blocked: Accepts 1st party cookies and blocks any others on the site.
- Cookies Blocked: Blocks all cookies, both 1st and 3rd party on the site.
- All Cookies Allowed: Accepts both 1st and 3rd party cookies on the site.
Block Fingerprinting
Even without the use of cookies, some websites can identify the way your browser and device differ from others in order to recognize you based on your unique combination of these traits. This approach is called “Fingerprinting” (sometimes referred to as “Device Recognition”).
Enabling this setting makes it harder to capture that data by turning off many features commonly used to differentiate between devices. Not all sites use these features for malicious purposes – sites that host online games, display maps or allow audio/video editing will use these techniques legitimately. The features turned off by this setting are not designed with the intent to track you, but they can be used to do so.
Brave tries to protect you from fingerprinting by default. In some rare cases, a website will not work properly when Block Fingerprinting
is enabled. You can disable this protection by toggling the Block Fingerprinting
protection "off" in the Shields panel. Use the drop down menu to set how Brave handles fingerprinting attempts:
Block Fingerprinting enabled (default): Adds a small amount of randomness to semi-identifying endpoints; small enough that it's not noticeable to humans, but sufficient to prevent sites from tracking you.
Block Fingerprinting disabled: Allows both first and third party fingerprinting.
In addition, if you find a website is not working when Block Fingerprinting
is enabled, you can explore the various forms of fingerprinting protection that have been applied to a particular web page. Click on the number next to the Block Fingerprinting
toggle and a list of switches will appear that allow you to disable individual fingerprinting protections one-by-one:
For a more thorough explanation of how Brave handles Fingerprinting protection, please read our extensive blog post which goes over how the system works in great detail.
Filter Lists and Global Defaults
Filter Lists
The Filter Lists option will take you to the brave://adblock page, where you can enable, disable or add custom filter lists for Brave to use while browsing online. Please see our article on Filter Lists for more information.
Global Defaults
Clicking on Global Defaults is a shortcut option that will take you directly to the Global Shields settings, discussed in our How do I configure global and site-specific Shields settings? article.