How to block 1st party scripts everywhere by default
By default, out of the box, uMatrix blocks all 3rd-party scripts, but allows 1st-party scripts to run on any web site -- it's just convenient for the majority of people.
If you wish, you can set up uMatrix to block all scripts by default everywhere with only a few clicks.
By default, 1st-party scripts are not blocked:
Select the global scope:
Create a block rule for all scripts (equivalent to * * script block in picture below):
If you want the approach of blocking all scripts for good, you will want to persist the new block rule:
At this point, all scripts, including 1st-party ones, are blocked everywhere. On the site where you created the rule:
And all other sites:
And from now on you will have to allow scripts manually as you see fit, locally or globally (equivalent to theverge.com theverge.com script allow in picture below):
If you want to block 1st-party scripts everywhere by default, you might want to enable the setting "Spoof <noscript> tags when 1st-party scripts are blocked" in the Settings pane in uMatrix's dashboard:
Since it's not always desirable to have the content of <noscript> tags to be rendered, that setting can be overridden on a per-site basis using the per-scope "Spoof <noscript> tags" switch in the popup panel.
All rules are temporary by default in uMatrix. As you build your ruleset from the ground up for the sites you visit regularly, you will find yourself using less and less the padlock, and stick to only temporary rules for all those other sites you visit once in a while or even just once. Hence temporary rules are really the more natural approach in the long term.