Website Blocker: How to Block Sites on iPhone, Android, and Desktop

Every phone and laptop ships with at least one built-in tool for blocking websites, and most parents never touch it — not because it's hidden, but because the native options are scattered across different menus on iPhone, Android, and desktop browsers, and it's not obvious which one actually sticks. The gap that matters is enforcement depth: a browser extension only blocks inside that browser, while an OS-level restriction blocks across every app on the device.

Choosing the right method comes down to three things — who you're blocking sites for (yourself or a child), which device they're using, and whether the block needs to survive someone who knows where the settings are. The answer looks different on an iPhone than it does on an Android, and different again on a shared family laptop. If the issue is a child hiding history, block Chrome Incognito closes that route.

How to block websites on iPhone using Screen Time

Go to Settings → Screen Time → Content & Privacy Restrictions → Web Content → Limit Adult Websites. This filters known adult domains across Safari and any app that loads web content through Apple's built-in browser engine. Menu labels shift slightly between iOS versions, so if your path looks different, look under Content Restrictions or App Store, Media, Web & Games for the Web Content option. You can also add specific URLs to the Never Allow field to block individual sites by address.

One critical limitation: this filter only covers Safari and apps that use Apple's WebKit engine. Chrome, Firefox, and other third-party browsers installed on the device are unaffected — the Screen Time web filter is invisible to them. The practical fix is to block or remove third-party browsers using Screen Time's app restrictions so all browsing runs through Safari where the filter applies.

Blocking a child's iPhone remotely via Family Sharing

If you're managing a child's device through Family Sharing, the Web Content setting starts on your phone, not theirs. Open Settings → Screen Time → [child's name], then follow the same Web Content path. Set a Screen Time passcode that is different from the device passcode — without this, a child can open Settings and disable restrictions directly.

Why Android has no built-in website URL blocker

Android's Digital Wellbeing panel — the native tool Android ships for managing screen habits — does not include a URL-based website blocker. It offers app timers, Focus Mode, and Bedtime mode, but none of those features let a parent enter a URL and block it. That gap persists through Android 14 and Android 15.

The reason is architectural. Digital Wellbeing is designed to limit time spent inside apps, not to inspect or filter network traffic. Blocking a specific URL requires intercepting browser requests at the browser level, the DNS level, or through a VPN-style content filter. Android exposes none of those hooks to its built-in screen-time tooling.

What that means practically:

• Browser extensions (such as Chrome's extension ecosystem on desktop) are largely unavailable in Chrome for Android, so the extension approach most adults use on a laptop does not carry over
• DNS-level filtering works but requires configuring a private DNS or router setting — more setup than most households will tackle
• Third-party parental-control or productivity apps are the most accessible path, since they install a local VPN profile to route and filter traffic without needing router access

One additional wrinkle: even if a block is applied through a browser-level method, it only covers that browser. A child who switches from Chrome to Samsung Internet, Firefox, or any other installed browser bypasses the block entirely. Effective Android website blocking needs to cover all browsers the child can reach, which is why browser-specific solutions rarely hold.

Blocking adult and 18-plus content by category versus by URL

Category-based blocking maintains a curated database of sites grouped by harm type — adult content, gambling, drugs, violence. Any site that falls into a blocked category is denied automatically, including new domains added to that category after the filter is set up. That "future-proof" quality is the main reason category filters outperform manual lists for adult content: the web adds new adult sites constantly, and no parent can keep pace by hand.

The real tradeoff is precision. Category databases occasionally miscategorize niche sites, and some adult-adjacent content (certain health forums, art-photography communities) sits in a gray zone that different filters resolve differently.

URL blocking: precise but only as complete as your list

URL-based blocking lets you name exact domains to deny or allow. It's the right tool for edge cases:

• Blocking one specific platform without restricting the entire category it sits in
• Adding a site the category database hasn't yet indexed
• Whitelisting homework or family-approved domains so a broad filter doesn't catch them

The limitation is the mirror of its strength: a URL list only blocks what has been named. A new site the parent hasn't encountered yet passes through untouched until someone adds it.

Combining both for practical coverage

Effective filters use category rules for breadth and URL rules for precision — category blocking handles the predictable, high-volume classes of harmful content; URL-level allowlists and blacklists handle the exceptions.

On iOS, Screen Time's Limit Adult Websites setting works at the category level, with a "Never Allow" field for specific URL additions. That filtering applies inside Safari and any app that uses Apple's WebKit engine, but it does not reach Chrome or Firefox — those browsers need to be separately restricted or removed.

On Android, both category filtering and URL blocking require a third-party tool. The built-in Digital Wellbeing controls handle app timers and focus modes but have no website URL blocking at all.

What third-party website blockers add beyond built-in controls

Built-in controls tend to be binary — on or off, with no scheduling and limited reporting. Third-party website blockers close several practical gaps:

• Cross-browser reach: iOS Screen Time blocks Safari and apps using Apple's WebKit engine, but Chrome, Firefox, and other third-party browsers bypass those rules unless those apps are restricted separately. A dedicated parental-control or DNS-level blocker applies rules regardless of which browser a child opens.
• Time-based scheduling: Native tools mostly require manual toggling. Third-party apps let parents configure weekly schedules — school hours, homework windows, bedtime — so blocks activate automatically without daily intervention.
• Safe Search enforcement: Some third-party tools push forced Safe Search to named browsers directly, rather than relying on the child to leave the setting enabled.
• Browsing activity visibility: Built-in controls block but rarely report what was attempted. Third-party tools surface visited and blocked URLs so parents can see patterns before a problem escalates.

On Android, there is no native URL-level website blocker at all — a third-party app or DNS filter is the only way to reach site-specific blocking, not just app timers or Focus Mode. That gap makes third-party tools less optional and more necessary for Android households.

How to keep a website block from being reversed

The Screen Time passcode is the only thing standing between your block and a child who knows where to tap. If it matches the device passcode — or if your child has watched you enter it — they can disable Content & Privacy Restrictions without you knowing. Set a passcode they have never seen and keep it separate from everything else on the device.

For Family Sharing child accounts, this concern largely disappears: the block is controlled from the parent's Settings > Screen Time > [child's name], and the child's device shows no Screen Time settings to interact with. That setup is meaningfully more tamper-resistant than on-device Screen Time managed by a passcode prompt.

One bypass route worth closing explicitly: iOS website filtering covers Safari and WebKit-based apps, but Chrome and Firefox are standalone apps. Block those apps by name under App Limits or your parental-control app's app blocker — otherwise a browser swap voids the entire content filter.

On Android: lock the parental app itself

Because Android has no native URL blocker, the block exists only as long as the third-party app does. A child who can uninstall the app removes every rule instantly.

Parental control apps that request device administrator access are the practical answer. With that permission granted, the OS blocks standard uninstall; the child would first have to revoke admin rights inside the app — which requires the app's own passcode — before deletion is possible. Set that app passcode to something different from the device PIN. A child who knows both has a clear path around every rule you've configured. A tamper-proof website blocking layer is built around exactly this — device-admin protection so the block survives an uninstall attempt instead of vanishing with the app.

Where NexSpy Adds to Website Blocker

Locking the parental app with device admin access and blocking alternative browsers closes the reversal paths covered above. What it leaves open is visibility: a parent who has hardened the device still cannot see which URLs the child actually reached before a rule fired, and the website filter and app block typically live in separate tools with separate schedules.

For households managing a child's device, NexSpy can help with both gaps. When a parent wants to know which sites were actually visited — not just which categories are set to block — NexSpy logs browsing history in the same Parent Dashboard as the content filter rules on Android, so the gap between "blocked" and "loaded" is readable without picking up the device. The App Blocker and website category filter share that same dashboard, covering:

• Adult, drugs, violence, and gambling categories on both Android and iOS — no URL list needed
• Safe Search across Chrome, Edge, Firefox, Opera, Samsung Internet, and Safari

For parents blocking sites on a child's Android or iOS phone

For a child linked through Family Sharing, web blocking is configured from the parent's iPhone — not the child's. The path starts at Settings > Screen Time > [child's name], then into Content & Privacy Restrictions from there. The Screen Time passcode is separate from the child's device passcode, so knowing their PIN does not let them reach these settings.

The practical gap parents most often miss: Screen Time's web restrictions apply to Safari and apps that use Apple's built-in browser engine. They do not apply to Chrome, Firefox, or other third-party browsers installed on the phone. A child using Chrome habitually is outside the reach of those content filters. The cleanest fix is to block third-party browsers through App Restrictions, leaving Safari as the only available browser.

Android child devices: URL blocking needs a third-party solution

Android's Digital Wellbeing handles app timers, Focus Mode, and Bedtime mode — but as of Android 15, it does not include URL-based website blocking. To restrict specific domains or content categories on a child's Android phone, the options are:

• Router-level or DNS filtering: Applies across all browsers; requires router access or a managed VPN profile the child cannot easily remove
• Browser-level settings: Mobile Chrome does not support extensions, so desktop-style extension blockers do not carry over to phones
• A dedicated parental-control app: Covers app-level and category-level blocking without depending on which browser the child opens

DNS filtering is the most browser-agnostic approach for Android, but it typically requires some setup effort and can be bypassed by switching to a different Wi-Fi network or mobile data. A parental-control app installed on the device itself closes that gap.

For parents managing a child's Android or iPhone rather than their own browsing habits

The biggest workflow difference between managing your own browsing and managing a child's device is tamper-resistance. A self-blocking tool that a child can reach and disable isn't a parental control — it's a suggestion.

iPhone: Keep controls in the parent's Settings

For a child on a Family Sharing plan, restrictions should be configured through the parent's own iPhone under Settings > Screen Time > [child's name], not applied directly on the child's device. This routes enforcement through the parent's account rather than relying on the child not to undo them.

The Screen Time passcode must be different from the child's device unlock passcode. If they match, the child can reach Screen Time settings and modify or disable restrictions. That's the single most common reason child-device blocks fail on iOS.

Content filters through Screen Time apply to Safari and any app running Apple's built-in WebKit engine. Chrome and Firefox are not covered by those filters. Blocking or removing third-party browsers from the child's device is a necessary second step — otherwise the filtering has a visible workaround.

Android: Built-in tools aren't enough for child devices

Android's Digital Wellbeing is reachable through the standard Settings menu, which any child with device access can open. There's no built-in protection preventing a child from adjusting or disabling app timers and Focus Mode. Android 14 and Android 15 also don't include a URL-level website blocker natively.

For genuine child device enforcement on Android, a third-party parental control app is the practical path — one that installs its own enforcement layer and requires a parent credential to remove. Browsing history visibility also falls into this category: no native Android tool surfaces a list of sites visited by the child; that requires a third-party app with explicit Android browser access.