diff --git a/packages/libp2p/src/config/connection-gater.browser.ts b/packages/libp2p/src/config/connection-gater.browser.ts
index 1196b2b2bc..6f9893c177 100644
--- a/packages/libp2p/src/config/connection-gater.browser.ts
+++ b/packages/libp2p/src/config/connection-gater.browser.ts
@@ -1,19 +1,33 @@
 import { isPrivateIp } from '@libp2p/utils/private-ip'
+import { WebSockets } from '@multiformats/multiaddr-matcher'
 import type { ConnectionGater } from '@libp2p/interface'
 import type { Multiaddr } from '@multiformats/multiaddr'
 
+const CODEC_IP4 = 0x04
+const CODEC_IP6 = 0x29
+
 /**
- * Returns a connection gater that disallows dialling private addresses by
- * default. Browsers are severely limited in their resource usage so don't
- * waste time trying to dial undiallable addresses.
+ * Returns a connection gater that disallows dialling private addresses or
+ * insecure websockets by default.
+ *
+ * Browsers are severely limited in their resource usage so don't waste time
+ * trying to dial undiallable addresses, and they also print verbose error
+ * messages when making connections over insecure transports which causes
+ * confusion.
  */
 export function connectionGater (gater: ConnectionGater = {}): ConnectionGater {
   return {
     denyDialPeer: async () => false,
     denyDialMultiaddr: async (multiaddr: Multiaddr) => {
+      // do not connect to insecure websockets by default
+      if (WebSockets.matches(multiaddr)) {
+        return false
+      }
+
       const tuples = multiaddr.stringTuples()
 
-      if (tuples[0][0] === 4 || tuples[0][0] === 41) {
+      // do not connect to private addresses by default
+      if (tuples[0][0] === CODEC_IP4 || tuples[0][0] === CODEC_IP6) {
         return Boolean(isPrivateIp(`${tuples[0][1]}`))
       }
 
diff --git a/packages/transport-websockets/README.md b/packages/transport-websockets/README.md
index 4035e3b7dc..4926057966 100644
--- a/packages/transport-websockets/README.md
+++ b/packages/transport-websockets/README.md
@@ -41,44 +41,10 @@ const node = await createLibp2p({
 })
 await node.start()
 
-const ma = multiaddr('/ip4/127.0.0.1/tcp/9090/ws')
+const ma = multiaddr('/dns4/example.com/tcp/9090/tls/ws')
 await node.dial(ma)
 ```
 
-## Filters
-
-When run in a browser by default this module will only connect to secure web socket addresses.
-
-To change this you should pass a filter to the factory function.
-
-You can create your own address filters for this transports, or rely in the filters [provided](./src/filters.js).
-
-The available filters are:
-
-- `filters.all`
-  - Returns all TCP and DNS based addresses, both with `ws` or `wss`.
-- `filters.dnsWss`
-  - Returns all DNS based addresses with `wss`.
-- `filters.dnsWsOrWss`
-  - Returns all DNS based addresses, both with `ws` or `wss`.
-
-## Example - Allow dialing insecure WebSockets
-
-```TypeScript
-import { createLibp2p } from 'libp2p'
-import { webSockets } from '@libp2p/websockets'
-import * as filters from '@libp2p/websockets/filters'
-
-const node = await createLibp2p({
-  transports: [
-    webSockets({
-      // connect to all sockets, even insecure ones
-      filter: filters.all
-    })
-  ]
-})
-```
-
 # Install
 
 ```console
diff --git a/packages/transport-websockets/package.json b/packages/transport-websockets/package.json
index bc08520026..f2270fba8b 100644
--- a/packages/transport-websockets/package.json
+++ b/packages/transport-websockets/package.json
@@ -84,7 +84,6 @@
     "p-defer": "^4.0.1",
     "progress-events": "^1.0.0",
     "race-signal": "^1.0.2",
-    "wherearewe": "^2.0.1",
     "ws": "^8.17.0"
   },
   "devDependencies": {
diff --git a/packages/transport-websockets/src/index.ts b/packages/transport-websockets/src/index.ts
index f18ffb5961..7eea0727e8 100644
--- a/packages/transport-websockets/src/index.ts
+++ b/packages/transport-websockets/src/index.ts
@@ -18,43 +18,9 @@
  * })
  * await node.start()
  *
- * const ma = multiaddr('/ip4/127.0.0.1/tcp/9090/ws')
+ * const ma = multiaddr('/dns4/example.com/tcp/9090/tls/ws')
  * await node.dial(ma)
  * ```
- *
- * ## Filters
- *
- * When run in a browser by default this module will only connect to secure web socket addresses.
- *
- * To change this you should pass a filter to the factory function.
- *
- * You can create your own address filters for this transports, or rely in the filters [provided](./src/filters.js).
- *
- * The available filters are:
- *
- * - `filters.all`
- *   - Returns all TCP and DNS based addresses, both with `ws` or `wss`.
- * - `filters.dnsWss`
- *   - Returns all DNS based addresses with `wss`.
- * - `filters.dnsWsOrWss`
- *   - Returns all DNS based addresses, both with `ws` or `wss`.
- *
- * @example Allow dialing insecure WebSockets
- *
- * ```TypeScript
- * import { createLibp2p } from 'libp2p'
- * import { webSockets } from '@libp2p/websockets'
- * import * as filters from '@libp2p/websockets/filters'
- *
- * const node = await createLibp2p({
- *   transports: [
- *     webSockets({
- *       // connect to all sockets, even insecure ones
- *       filter: filters.all
- *     })
- *   ]
- * })
- * ```
  */
 
 import { transportSymbol, serviceCapabilities, ConnectionFailedError } from '@libp2p/interface'
@@ -63,7 +29,6 @@ import { connect, type WebSocketOptions } from 'it-ws/client'
 import pDefer from 'p-defer'
 import { CustomProgressEvent } from 'progress-events'
 import { raceSignal } from 'race-signal'
-import { isBrowser, isWebWorker } from 'wherearewe'
 import * as filters from './filters.js'
 import { createListener } from './listener.js'
 import { socketToMaConn } from './socket-to-conn.js'
@@ -75,6 +40,9 @@ import type { ProgressEvent } from 'progress-events'
 import type { ClientOptions } from 'ws'
 
 export interface WebSocketsInit extends AbortOptions, WebSocketOptions {
+  /**
+   * @deprecated Use a ConnectionGater instead
+   */
   filter?: MultiaddrFilter
   websocket?: ClientOptions
   server?: Server
@@ -206,11 +174,6 @@ class WebSockets implements Transport<WebSocketsDialEvents> {
       return this.init?.filter(multiaddrs)
     }
 
-    // Browser
-    if (isBrowser || isWebWorker) {
-      return filters.wss(multiaddrs)
-    }
-
     return filters.all(multiaddrs)
   }
 
diff --git a/packages/transport-websockets/test/browser.ts b/packages/transport-websockets/test/browser.ts
index 3c01ed0edd..d188bd4fd8 100644
--- a/packages/transport-websockets/test/browser.ts
+++ b/packages/transport-websockets/test/browser.ts
@@ -1,37 +1,10 @@
 /* eslint-env mocha */
 
 import { defaultLogger } from '@libp2p/logger'
-import { multiaddr } from '@multiformats/multiaddr'
 import { expect } from 'aegir/chai'
-import { isBrowser, isWebWorker } from 'wherearewe'
 import { webSockets } from '../src/index.js'
-import type { Transport } from '@libp2p/interface'
 
 describe('libp2p-websockets', () => {
-  let ws: Transport
-
-  beforeEach(async () => {
-    ws = webSockets()({
-      logger: defaultLogger()
-    })
-  })
-
-  it('should filter out no wss websocket addresses', function () {
-    const ma1 = multiaddr('/ip4/127.0.0.1/tcp/80/ws')
-    const ma2 = multiaddr('/ip4/127.0.0.1/tcp/443/wss')
-    const ma3 = multiaddr('/ip6/::1/tcp/80/ws')
-    const ma4 = multiaddr('/ip6/::1/tcp/443/wss')
-
-    const valid = ws.dialFilter([ma1, ma2, ma3, ma4])
-
-    if (isBrowser || isWebWorker) {
-      expect(valid.length).to.equal(2)
-      expect(valid).to.deep.equal([ma2, ma4])
-    } else {
-      expect(valid.length).to.equal(4)
-    }
-  })
-
   it('.createServer throws in browser', () => {
     expect(webSockets()({
       logger: defaultLogger()