diff --git a/client/src/components/Dashboard/index.js b/client/src/components/Dashboard/index.js
index 07d8f94f..4d229ffb 100644
--- a/client/src/components/Dashboard/index.js
+++ b/client/src/components/Dashboard/index.js
@@ -82,7 +82,7 @@ const Dashboard = ({
             </div>
         </PageTitle>
         {statsProcessing && <Loading />}
-        {!statsProcessing && <div className="row row-cards">
+        {!statsProcessing && <div className="row row-cards dashboard">
             <div className="col-lg-12">
                 <Statistics
                         interval={stats.interval}
@@ -100,7 +100,6 @@ const Dashboard = ({
             <div className="col-lg-6">
                 <Counters
                         subtitle={subtitle}
-
                         refreshButton={refreshButton}
                 />
             </div>
diff --git a/client/src/components/ui/Card.css b/client/src/components/ui/Card.css
index 5930d881..eb8a7963 100644
--- a/client/src/components/ui/Card.css
+++ b/client/src/components/ui/Card.css
@@ -19,7 +19,7 @@
     max-height: 17.5rem;
 }
 
-.card-table-overflow--limited.clients__table {
+.dashboard .card-table-overflow--limited {
     max-height: 18rem;
 }
 
@@ -122,6 +122,12 @@
     }
 }
 
+@media (min-width: 992px) {
+    .dashboard .card:not(.card--full) {
+        height: 22rem;
+    }
+}
+
 .card .logs__cell--red {
     background-color: #fff4f2;
 }
diff --git a/dnsfilter/dnsfilter.go b/dnsfilter/dnsfilter.go
index 30cd2fee..b3881686 100644
--- a/dnsfilter/dnsfilter.go
+++ b/dnsfilter/dnsfilter.go
@@ -316,11 +316,14 @@ func (d *Dnsfilter) CheckHost(host string, qtype uint16, setts *RequestFiltering
 	var result Result
 	var err error
 
+	// first - check rewrites, they have the highest priority
 	result = d.processRewrites(host, qtype)
 	if result.Reason == ReasonRewrite {
 		return result, nil
 	}
 
+	// Now check the hosts file -- do we have any rules for it?
+	// just like DNS rewrites, it has higher priority than filtering rules.
 	if d.Config.AutoHosts != nil {
 		ips := d.Config.AutoHosts.Process(host, qtype)
 		if ips != nil {
@@ -337,7 +340,9 @@ func (d *Dnsfilter) CheckHost(host string, qtype uint16, setts *RequestFiltering
 		}
 	}
 
-	// try filter lists first
+	// Then check the filter lists.
+	// if request is blocked -- it should be blocked.
+	// if it is whitelisted -- we should do nothing with it anymore.
 	if setts.FilteringEnabled {
 		result, err = d.matchHost(host, qtype, *setts)
 		if err != nil {
@@ -348,6 +353,7 @@ func (d *Dnsfilter) CheckHost(host string, qtype uint16, setts *RequestFiltering
 		}
 	}
 
+	// are there any blocked services?
 	if len(setts.ServicesRules) != 0 {
 		result = matchBlockedServicesRules(host, setts.ServicesRules)
 		if result.Reason.Matched() {
@@ -355,18 +361,7 @@ func (d *Dnsfilter) CheckHost(host string, qtype uint16, setts *RequestFiltering
 		}
 	}
 
-	if setts.SafeSearchEnabled {
-		result, err = d.checkSafeSearch(host)
-		if err != nil {
-			log.Info("SafeSearch: failed: %v", err)
-			return Result{}, nil
-		}
-
-		if result.Reason.Matched() {
-			return result, nil
-		}
-	}
-
+	// browsing security web service
 	if setts.SafeBrowsingEnabled {
 		result, err = d.checkSafeBrowsing(host)
 		if err != nil {
@@ -378,6 +373,7 @@ func (d *Dnsfilter) CheckHost(host string, qtype uint16, setts *RequestFiltering
 		}
 	}
 
+	// parental control web service
 	if setts.ParentalEnabled {
 		result, err = d.checkParental(host)
 		if err != nil {
@@ -389,6 +385,19 @@ func (d *Dnsfilter) CheckHost(host string, qtype uint16, setts *RequestFiltering
 		}
 	}
 
+	// apply safe search if needed
+	if setts.SafeSearchEnabled {
+		result, err = d.checkSafeSearch(host)
+		if err != nil {
+			log.Info("SafeSearch: failed: %v", err)
+			return Result{}, nil
+		}
+
+		if result.Reason.Matched() {
+			return result, nil
+		}
+	}
+
 	return Result{}, nil
 }