This article is a constant Work In Progress. It will never be "finished", only a little bit longer than before. It is constantly updated with new add-ons as time goes on.
Some add-ons are listed only by name without any accompanying text at all. Those are placeholders that need finishing and have been put there to help the Editor's memory and to already publicize them without waiting for a description to be written. Please do not post comments about descriptionless add-ons needing their accompanying text.
Firefox is one of the most popular browsers today, competing neck-and-neck with Chrome. Its main strong points are that it's
- always up-to-date with the latest web technologies and security details;
- customizable and extendable with the famous add-on system that can give you features you can only dream of if you're using a different browser;
- open-source, meaning anyone can see the code, contribute to it (with moderation) and make their own derivatives.
Good news is always accompanied by bad news though. Recently, Mozilla has been publishing certain long-term plans that could destroy Firefox's reputation as the ultimate browser. It seems they want to cater to nobody but the most inexperienced computer users and they couldn't care less about what advanced users think. I've personally been in discussions with them and - like many other people - am appalled by how they defy all logic and common sense in order to justify some of their very backwards decisions.
As a result, I personally prefer using Palemoon. It's a Windows-only fork or derivative browser with a lot of unnecessary features and changes left out. It resembles the previous generation of Firefox versions, but with the modern code under the hood. It's also specifically designed to cater more to powerusers than beginners, as you can tell from its almost exclusively tech-savvy userbase. It has only one developer (Moonchild) at the moment, but that hasn't stopped it from staying up-to-date, being a perfect replacement for FF and steadily conquering a share of the browser market.
Throughout the rest of the article, I will only refer to Firefox for the sake of simplicity. However, it should be obvious that anything that works in Firefox will almost certainly work in any of its derivative browsers (Palemoon, Waterfox, etc) as well, so don't worry if you're using one of those.
- Page 1: Security | Quick Selection Guide
- Page 2: Safety | Quick Selection Guide
- Page 3: Privacy | Quick Selection Guide
- Page 4: Adblocking | Quick Selection Guide
- Page 5: Downloading | Quick Selection Guide
- Page 6: Forms | Quick Selection Guide
- Page 7: Content Enhancements | Quick Selection Guide
- Page 8: Customization | Quick Selection Guide
- Page 9: Site Identification | Quick Selection Guide
- Page 10: Performance | Quick Selection Guide
- Page 11: Tools | Quick Selection Guide
- Page 12: Configuration | Quick Selection Guide
NoScript - The ultimate bodyguard for your Firefox!
On the downside, because it blocks everything that isn't whitelisted, it will also disrupt legitimate website features. Getting NoScript to work optimally takes some tinkering and trying for each individual website. It has a few helpful settings for that though, and whitelisting safe/required content is done very quickly and easily.
Domains and subdomains can be permanently or temporarily whitelisted or blacklisted. Furthermore, it also blocks certain forms of attack such as Cross-Site Scripting and what it calls "Clickjacking" (mouse clicks being intercepted by an invisible page element).
I've written a detailed and easy how-to that explains everything you need to know to get the most out of NoScript. I strongly suggest reading it if you're not overly familiar with the technical details of webpages.
RequestPolicy - Block unwanted 3rd party content
RP lets you set up whitelist/blacklist rules to prevent pages from loading 3rd party content, along with one or two "default policy" rules. Such content includes scripts, images, video/audio, Flash gadgets, etc. The 0.5 interface is very similar to NoScript's (a dropdown with sub-dropdowns for each domain), while 1.0 beta has a new interface more like Self-Destructing Cookies'. The latter is slightly less appealing, but more adapted to the modernization of Firefox.
Both RP and NoScript block content by domain name, but NoScript focuses on blocking only scripts and preventing a few particular kinds of scripting attacks. RP simply removes any non-whitelisted 3rd (and 3rd only!) party content. The unwanted effect on legitimate page content that happens to be external is far greater, but it also blocks a great deal of ads and generally slowing/obnoxious content and scripts.
Secure Login - Safer and easier logins
HTTPS Everywhere - automatically switch to HTTPS/SSL when available
HTTPSE allows you to automatically redirect HTTP connections to an HTTPS connection if the requested website supports it. This much improves your browsing safety and privacy in return for a small impact on speed.
In order to perform this redirection, HTTPSE contains 2 sets of redirect rules: one maintained by the developer/community, and a personal one you can make yourself, given that you can write Regular Expressions. Rules in either list can be disabled when needed.
The add-on also cooperates with the SSL Observatory, an organization dedicated to overseeing SSL certificates and ensuring your browser doesn't get handed a fake one. You will see an infomercial image after the initial installation, but nothing else will ever pop up after that.
Note that this add-on is not hosted on the Mozilla Add-ons website, but on the developer's own site. This may affect automatic updating.
HTTPS Finder - supercharge HTTPS Everywhere
In order to create your own HTTPSE rules, you need to know if your websites have SSL and you need to be able to write a RegExp rule to make it work. Quite inconvenient, isn't it? That's what HTTPS Finder is for: it automatically detects (and optionally redirects to) HTTPS on any website you visit, and offers to create the HTTPSE redirection rule for you. You can even use it without HTTPSE and just let it redirect you each time. What's the difference, you ask? According to my packet sniffer, HTTPSE intercepts even the first HTTP request and redirects it to HTTPS before the connection is made, whereas HTTPS Finder waits until you've achieved a non-secure connection first.
Please note that, at least for me, HTTPS Finder does not yet work in Firefox 24 as of September 24th 2013!
HTTPSF is also not hosted on the Mozilla Add-ons site but on the developer's Google Projects page.
HTTP Nowhere - disable non-HTTPS traffic
Like it says on the tin, this add-on blocks all non-HTTPS traffic. Only secure HTTPS traffic is allowed to enter and leave Firefox, nearly waterproofing your security. Unfortunately, many websites simply do not support HTTPS, so be prepared to lose a lot of your daily browsing habits if you are intent on using this!
BetterPrivacy - Control Flash's cookies or LSOs.
Most Flash objects on webpages store data in a folder on your computer, not unlike how cookies are used. This data can be anything from benevolent configuration settings and game saves to malicious things such as tracking details.
The BP interface will show you a list of all stored LSOs and the domain they're associated with. For each one, you can choose if it should be protected from deletion within Firefox, deleted on the spot or simply ignored/handled as default. You'll also want to take a look at the settings on the 2nd tab, as they allow you to do things like deleting non-protected LSOs on exit/start.
While BP certainly achieves its practical goal of protecting and deleting Flash cookies, its clunky interface leaves much to be desired and development seems to have ceased.
Beef TACO - Block tracking cookies by overriding them.
Beef TACO sets read-only cookies on various malicious domains. This prevents those websites from storing their own data in your browser and achieving their sinister/annoying goals, such as tracking you across the web. Target websites include trackers and social networks such as Facebook.
The problem with this approach is that TACO creates hundreds of cookies for malicious domains in advance. These cookies clutter up your cookie management interfaces and cannot be deleted in any way. In addition, because it uses a blacklist, it only works on domains the developer includes in the list.
Beef TACO is a fork of the original TACO by Abine, but the original is so bad I will not even link to it here. It's 1.5MB in size (Beef TACO is only 17KB and achieves the exact same thing) and is bloated with unnecessary graphics, almost as if wanting to give you trophies for ticking options.
firefox add-ons, firefox extensions, free browser add-ons, best free add-ons, open-source, Mozilla Firefox add-ons