Comment by spockz
7 hours ago
In general, install a proxy which has its own certificate, resign every tls session with those keys, add the certificate of the proxy as a trusted certificate on your device.
I’m not familiar with off the shelf solutions for this that have ad blocking built in. Also ads are injected by JS so you need a mechanism to detect that.
More and more ads are now served from the same domain as the site making it harder to distinguish them from real content.
ZScaler Internet Access will do it with the right blocking configurations (eg, blocking "Advertising" groups).
But then you're using ZScaler and that just feels all nice and icky.