diff --git a/dist/version b/dist/version
index 38d5f1fa4..ac6cea23f 100644
--- a/dist/version
+++ b/dist/version
@@ -1 +1 @@
-1.15.19.8
+1.15.19.100
diff --git a/src/js/background.js b/src/js/background.js
index 485567f3a..8ba758452 100644
--- a/src/js/background.js
+++ b/src/js/background.js
@@ -106,7 +106,6 @@ var µBlock = (function() { // jshint ignore:line
         netWhitelistModifyTime: 0,
         netWhitelistDefault: [
             'about-scheme',
-            'behind-the-scene',
             'chrome-extension-scheme',
             'chrome-scheme',
             'moz-extension-scheme',
diff --git a/src/js/start.js b/src/js/start.js
index c76d241a0..ce0f92356 100644
--- a/src/js/start.js
+++ b/src/js/start.js
@@ -103,9 +103,33 @@ var onPSLReady = function() {
 // To bring older versions up to date
 
 var onVersionReady = function(lastVersion) {
-    if ( lastVersion !== vAPI.app.version ) {
-        vAPI.storage.set({ version: vAPI.app.version });
+    if ( lastVersion === vAPI.app.version ) { return; }
+
+    // From 1.15.19b9 and above, the `behind-the-scene` scope is no longer
+    // whitelisted by default, and network requests from that scope will be
+    // subject to filtering by default.
+    //
+    // Following code is to remove the `behind-the-scene` scope when updating
+    // from a version older than 1.15.19b9.
+    // This will apply only to webext versions of uBO, as the following would
+    // certainly cause too much breakage in Firefox legacy given that uBO can
+    // see ALL network requests.
+    // Remove when everybody is beyond 1.15.19b8.
+    if ( vAPI.firefox === undefined ) {
+        var match = /^(\d+)\.(\d+)\.(\d+)(?:\D(\d+))?/.exec(lastVersion);
+        if ( match !== null ) {
+            var v1 =
+                parseInt(match[1], 10) * 1000 * 1000 * 1000 +
+                parseInt(match[2], 10) * 1000 * 1000 +
+                parseInt(match[3], 10) * 1000 +
+                (match[4] ? parseInt(match[4], 10) : 0);
+            if ( v1 <= 1015019008 ) {
+                µb.toggleNetFilteringSwitch('http://behind-the-scene/', '', true);
+            }
+        }
     }
+
+    vAPI.storage.set({ version: vAPI.app.version });
 };
 
 /******************************************************************************/
diff --git a/src/js/traffic.js b/src/js/traffic.js
index 452d50997..5d4c75627 100644
--- a/src/js/traffic.js
+++ b/src/js/traffic.js
@@ -339,8 +339,7 @@ var onBeforeBehindTheSceneRequest = function(details) {
         pageStore = µb.pageStoreFromTabId(details.tabId);
     if ( pageStore === null ) { return; }
 
-    var result = 0,
-        context = pageStore.createContextFromPage(),
+    var context = pageStore.createContextFromPage(),
         requestType = details.type,
         requestURL = details.url;
 
@@ -368,13 +367,13 @@ var onBeforeBehindTheSceneRequest = function(details) {
     // https://github.com/gorhill/uBlock/issues/3150
     //   Ability to globally block CSP reports MUST also apply to
     //   behind-the-scene network requests.
-    if (
-        details.tabId !== vAPI.noTabId ||
-        µb.userSettings.advancedUserEnabled ||
-        requestType === 'csp_report'
-    ) {
-        result = pageStore.filterRequest(context);
-    }
+
+    // 2018-03-30:
+    //   Filter all behind-the-scene network requests like any other network
+    //   requests. Hopefully this will not break stuff as it used to be the
+    //   case.
+
+    var result = pageStore.filterRequest(context);
 
     pageStore.journalAddRequest(context.requestHostname, result);