Your default rule determines whether a request should be allowed or blocked when there are no other rules that match the request.
Ease of use. If you want to minimize website breakage, you should use "allow" as your default rule.
High privacy/security. If you want to maximize your online privacy and security, you should use "block" as your default rule. Blocking requests by default will cause many websites to break. For the first few weeks, you may frequently have to open the RequestPolicy menu to allow requests. Over time you will build up your policy for the websites you visit regularly and so you will only see broken websites when you visit sites you haven't visited before.
Super high privacy/security. For the most privacy and security, you can disable the option to "allow requests to the same domain". By disabling this option, RequestPolicy will block requests between different subdomains of the same domain. For example, a request from "www.example.com" to "example.com" will be blocked unless you add a rule to allow this request. Note: this option is only available when you have "block" selected as the default policy.