diff --git a/_locales/de/messages.json b/_locales/de/messages.json
index 0a59a72..83602b9 100644
--- a/_locales/de/messages.json
+++ b/_locales/de/messages.json
@@ -699,6 +699,15 @@
 		"description": ""
 	},
 	
+	"blockRequestsFromDataURL_title": {
+		"message": "Anfragen von Data-URL Seiten blockieren",
+		"description": ""
+	},
+	"blockRequestsFromDataURL_description": {
+		"message": "Data-URL Seiten können nicht gegen Fingerprinting geschützt werden (siehe https://bugzilla.mozilla.org/show_bug.cgi?id=1475831). Indem Anfragen von Data-URL Seiten blockiert werden kann verhindert werden, dass der echte Fingerabdruck zu irgendeinem Server gelangt.",
+		"description": ""
+	},
+	
 	"showReleaseNotes_title": {
 		"message": "Versionsinformationen",
 		"description": ""
diff --git a/_locales/en/messages.json b/_locales/en/messages.json
index aaa16bc..c2fdd4f 100644
--- a/_locales/en/messages.json
+++ b/_locales/en/messages.json
@@ -699,6 +699,15 @@
 		"description": ""
 	},
 	
+	"blockRequestsFromDataURL_title": {
+		"message": "Block requests from data URL pages",
+		"description": ""
+	},
+	"blockRequestsFromDataURL_description": {
+		"message": "Data URL pages cannot be protected agains fingerprinting (see https://bugzilla.mozilla.org/show_bug.cgi?id=1475831). Blocking requests from them prevents the real fingerprint to reach any server.",
+		"description": ""
+	},
+	
 	"showReleaseNotes_title": {
 		"message": "Release notes",
 		"description": ""
diff --git a/lib/dataUrls.js b/lib/dataUrls.js
new file mode 100644
index 0000000..b13e12f
--- /dev/null
+++ b/lib/dataUrls.js
@@ -0,0 +1,50 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+(function(){
+	"use strict";
+	
+	var scope;
+	if ((typeof exports) !== "undefined"){
+		scope = exports;
+	}
+	else {
+		window.scope.dataUrls = {};
+		scope = window.scope.dataUrls;
+	}
+	
+	const logging = require("./logging");
+	const settings = require("./settings");
+	
+
+	const dataUrlFrames = new Set();
+	scope.init = function(){
+		browser.webRequest.onBeforeRequest.addListener(
+			function(details){
+				if (
+					details.url.startsWith("data:text")
+				){
+					dataUrlFrames.add(details.frameId);
+					logging.message("Detected data URL", details);
+				}
+				else if (
+					settings.blockRequestsFromDataURL &&
+					dataUrlFrames.has(details.frameId)
+				){
+					logging.warning("Blocking request from data-URL frame.", details);
+					if (
+						settings.get("showNotifications")
+					){
+						browser.pageAction.show(details.tabId);
+					}
+					return {cancel: true};
+				}
+			},
+			{
+				urls: ["<all_urls>"]
+			},
+			["blocking"]
+		);
+	};
+
+}());
\ No newline at end of file
diff --git a/lib/main.js b/lib/main.js
index 6863558..0dc2b99 100644
--- a/lib/main.js
+++ b/lib/main.js
@@ -141,6 +141,9 @@
 		}
 	});
 	
+	message("Initialize data-URL workaround.");
+	require("./dataUrls").init();
+	
 	browser.runtime.onInstalled.addListener(function(details){
 		function openOptions(reason){
 			if (
diff --git a/lib/settingDefinitions.js b/lib/settingDefinitions.js
index 253fd17..cb271a2 100644
--- a/lib/settingDefinitions.js
+++ b/lib/settingDefinitions.js
@@ -200,6 +200,10 @@
 				return Math.floor(Math.random() * 30).toString(10);
 			}
 		},
+		{
+			name: "blockRequestsFromDataURL",
+			defaultValue: true
+		},
 		{
 			name: "displayAdvancedSettings",
 			defaultValue: false
diff --git a/manifest.json b/manifest.json
index 11af06f..f01ced7 100644
--- a/manifest.json
+++ b/manifest.json
@@ -2,7 +2,7 @@
 {
 	"name": "CanvasBlocker",
 	"description": "__MSG_addon_description__",
-	"version": "0.4.6alpha",
+	"version": "0.5.0",
 	"icons": {
 		"48": "icons/icon.svg",
 		"96": "icons/icon.svg"
@@ -15,6 +15,7 @@
 			"lib/logging.js",
 			"lib/lists.js",
 			"lib/persistentRndStorage.js",
+			"lib/dataUrls.js",
 			"lib/main.js"
 		]
 	},
@@ -65,7 +66,9 @@
 		"<all_urls>",
 		"storage",
 		"tabs",
-		"activeTab"
+		"activeTab",
+		"webRequest",
+		"webRequestBlocking"
 	],
 	
 	"applications": {
diff --git a/options/settingsDisplay.js b/options/settingsDisplay.js
index d42173e..2a8989c 100644
--- a/options/settingsDisplay.js
+++ b/options/settingsDisplay.js
@@ -379,6 +379,12 @@
 			]
 		},
 		"misc",
+		{
+			"name": "blockRequestsFromDataURL",
+			"displayDependencies": {
+				"displayAdvancedSettings": [true]
+			}
+		},
 		{
 			"name": "showReleaseNotes"
 		},
diff --git a/releaseNotes.txt b/releaseNotes.txt
index 52011b2..d539adc 100644
--- a/releaseNotes.txt
+++ b/releaseNotes.txt
@@ -1,4 +1,4 @@
-Version 0.4.6:
+Version 0.5.0:
 	changes:
 		- Changes in the random supply API
 		- Added grouping to API white list
@@ -10,6 +10,14 @@ Version 0.4.6:
 	
 	fixes:
 		- make function replacements not detectable
+		- "protect" data URL pages by blocking all requests from them
+	
+	removed fixes:
+		- display of about:blank broken in Waterfox
+		  reason: it should help protect data URL pages in the future
+	
+	known issues:
+		- if a data URL request is blocked the page action button appears but shown no content
 
 Version 0.4.5c:
 	new features: