• uBlock Origin
• NoScript
• Bitwarden

–

I previously used Privacy Badger, but I block basically everything with NoScript anyway, so it was redundant. I also used HTTPS Everywhere but you can enable that in most (all?) browsers now anyway, so you don’t need an extension any longer (the highest form of success for an extension). I also previously used LastPass, but I got out before they had their security issues, and importantly changed every password when I transitioned. On work computer I have the 1password extension.

Yes, there’s two approaches I’m using currently. When you register a subdomain you can choose either localhostcert.net or localcert.net. The former has an A record in the public DNS that points to 127.0.0.1. The latter has no public A records so you need to manage them yourself, possibly with a local DNS resolver like unbound.