Best Free Firefox Add-ons


 Best Free Security Add-ons for Firefox


NoScript is the ultimate bodyguard for your Firefox! It selectively blocks active content like JavaScript, Flash, Java, etc on webpages, based on each element's domain of origin. It's the most effective way of keeping yourself safe from attacks and making sure spying eyes of 3rd parties are blindfolded.

On the downside, because it blocks everything that isn't whitelisted, it will also disrupt legitimate website features. Getting NoScript to work optimally takes some tinkering and trying for each individual website. It has a few helpful settings for that though, and whitelisting safe/required content is done very quickly and easily.

Domains and subdomains can be permanently or temporarily whitelisted or blacklisted. Furthermore, it also blocks certain forms of attack such as Cross-Site Scripting and what it calls "Clickjacking" (mouse clicks being intercepted by an invisible page element).

I've written a detailed and easy how-to that explains everything you need to know to get the most out of NoScript. I strongly suggest reading it if you're not overly familiar with the technical details of webpages.


RequestPolicy blocks unwanted 3rd party content. It lets you set up whitelist/blacklist rules to prevent pages from loading 3rd party content, along with one or two "default policy" rules. Such content includes scripts, images, video/audio, Flash gadgets, etc. The 0.5 interface is very similar to NoScript's (a dropdown with sub-dropdowns for each domain), while 1.0 beta has a new interface more like Self-Destructing Cookies'. The latter is slightly less appealing, but more adapted to the modernization of Firefox.

Both RP and NoScript block content by domain name, but NoScript focuses on blocking only scripts and preventing a few particular kinds of scripting attacks. RP simply removes any non-whitelisted 3rd (and 3rd only!) party content. The unwanted effect on legitimate page content that happens to be external is far greater, but it also blocks a great deal of ads and generally slowing/obnoxious content and scripts.


Secure Login is an extension to FIrefox's own password manager for safer and easier logins. It prevents the regular auto-filling of login forms for security purposes, and can even protect the form from JavaScript snooping (which I have personally experienced). If you want to log in, you have to click the new toolbar icon. It will fill in the form and submit it right away, automating that part of the process. It seamlessly supports multiple accounts on the same website, can highlight detected forms and can play sounds upon detecting and submitting said forms.


HTTPS Everywhere automatically switches to HTTPS/SSL when available. It allows you to automatically redirect HTTP connections to an HTTPS connection if the requested website supports it. This much improves your browsing safety and privacy in return for a small impact on speed.

In order to perform this redirection, HTTPSE contains 2 sets of redirect rules: one maintained by the developer/community, and a personal one you can make yourself, given that you can write Regular Expressions. Rules in either list can be disabled when needed.

The add-on also cooperates with the SSL Observatory, an organization dedicated to overseeing SSL certificates and ensuring your browser doesn't get handed a fake one. You will see an infomercial image after the initial installation, but nothing else will ever pop up after that.

Note that this add-on is not hosted on the Mozilla Add-ons website, but on the developer's own site. This may affect automatic updating.


HTTP Nowhere disables non-HTTPS traffic. Like it says on the tin, this add-on blocks all non-HTTPS traffic. Only secure HTTPS traffic is allowed to enter and leave Firefox, nearly waterproofing your security. Unfortunately, many websites simply do not support HTTPS, so be prepared to lose a lot of your daily browsing habits if you are intent on using this!


BetterPrivacy controls Flash's cookies or LSOs. Most Flash objects on webpages store data in a folder on your computer, not unlike how cookies are used. This data can be anything from benevolent configuration settings and game saves to malicious things such as tracking details.

The BP interface will show you a list of all stored LSOs and the domain they're associated with. For each one, you can choose if it should be protected from deletion within Firefox, deleted on the spot or simply ignored/handled as default. You'll also want to take a look at the settings on the 2nd tab, as they allow you to do things like deleting non-protected LSOs on exit/start.

While BP certainly achieves its practical goal of protecting and deleting Flash cookies, its clunky interface leaves much to be desired and development seems to have ceased.


Beef TACO blocks tracking cookies by overriding them. It's popular but not recommended.

Beef TACO sets read-only cookies on various malicious domains. This prevents those websites from storing their own data in your browser and achieving their sinister/annoying goals, such as tracking you across the web. Target websites include trackers and social networks such as Facebook.

The problem with this approach is that TACO creates hundreds of cookies for malicious domains in advance. These cookies clutter up your cookie management interfaces and cannot be deleted in any way. In addition, because it uses a blacklist, it only works on domains the developer includes in the list.

Beef TACO is a fork of the original TACO by Abine, but the original is so bad that I will not even link to it here. It's 1.5MB in size (Beef TACO is only 17KB and achieves the exact same thing) and is bloated with unnecessary graphics, almost as if wanting to give you trophies for ticking options.



Please rate this article: 

Your rating: None
Average: 3.9 (45 votes)




I know nothing of SecureLogin, i've been using LastPass for years.

Have you tested Cookie Controller?

I think it's the same in firefox, but in palemoon flashblock is pretty much useless as the flash plugin itself can be set to Ask to activate.

This one Download Flash and Video pretty much always works.
For Youtube i use the feature of SmartVideo for Youtube and there's also when i'm not using my own Palemoon browser. I used to use DownThemall and DownloadHelper, but they aren't necessary anymore.

I like Stylish, it's just a bit hard to find styles that do what i want.

Palemoon commander, yes!

I also always have Mozilla Archive Format and FEBE.

Ghostery, AdBlockEdge & AdBlockPlus (with proper config) are all roughly equal in ability to protect privacy. Disconnect comes in at a distant 4th.

[There is an obvious opt-out choice for anonymous reporting to Ghostery - I don't see any issue unless you don't pay attention and you SHOULD pay attention when installing software.] You need to do your homework when you configure AND UPDATE these add-ons; the default settings are NOT usually the best.

All according to this useful continuous testing site:

which also helps you to configure the add-ons properly.

If you browse widely to 'new' urls on a continuous basis, NoScript is a royal pain in the butt.

1/ Adblock has some deal with advertising company, I recommand the fork Adblock Edge
2/ Some website are blocking you if Adblock is enabled.
A Greasemonkey script removes many protections used on some website that force the user to disable the AdBlocker
Anti-AdBlock Killer :

Do you have anything to back up your claim in #1? I've compared ABP to ABE and don't notice any improvement or other advantage. I can hardly imagine there being any bias in ABP if you use custom filters either, what's a deal with an ad company supposed to impact? It's also a fork of the original, which to me is a caution bell signaling reduced app quality. I'm a bit reluctant to post that script from #2 because it's not an add-on and it's only site-specific... It'll never be a comprehensive solution. Thanks for the reply though.

For #1 you'll find information for example here

For #2 It's not site specific. It's specific to all website tracking adblock users

#2 actually, it is. :) "However, this script is not a universal remedy for all anti-adblock protection. this is why I am counting on all user for my report." There's also the "Supported Sites" section. Yes, it does target 4 particular, popular anti-AB scripts websites use. But that does not make it specific to all websites blocking adblock, only to the specific sites that have been reported so far + the sites that use those 4 particular scripts. It's kind of the same problem as with ABP's EasyList: 9 bazillion filters of which you'll only use 5, and those 5 will only be 1% of your browsing habits. Either way, this article really isn't for GM scripts. Supporting a section for those would make this article far too large to maintain.

Some add-on suggestions for the editor

Page 1: Security
Secure Login

Page 3: Privacy
No Cookie for Google search

Page 4. Adblocking
Silent Block

Page 5: Downloading
Download Panel Tweaker

Maybe more categories, e.g.
-utilities/tools like FireFTP
-Photos, Music & Videos like ImageTweak, YouTube Grid View
-firefox customization like Tab Mix Plus, Location Bar Enhancer etc.
-performance like Local Load, Tweak Network
-advanced config like Pale Moon Commander, Configuration Mania, Config Descriptions

Very nice suggestions! :) I love how I already use half of those add-ons, I hadn't even thought of them yet xD


It could either go in section 9 or section 2.

It displays a small country flag at the right hand side of your address bar, showing the country that the web server is located in. When you hover your mouse pointer over the flag it displays the server's name, IP address and name of the country of origin.

BTW, you should warn users of Ghostery not to agree to the information collection part of Ghostery. You're just replacing one set of spies with another, the Ghostery company itself.

Flagfox is already in there, waiting for a details paragraph. I'll add that, thanks.

"Anyone can make there own, incredibly useful, easy to use, takes up very little room, for me reliable."

There? How about their?

That's from the previous editor :) I'm only at page 5 at the moment, page 5 and every page after it still needs to be cleaned up and revised.
Not much listed under download managers: my favourite of the genre is DownThemAll ( There's also a tiny extension called OpenDownload which simply adds the option to open a download from the usual "save" dialogue. Obviously, the rationale for NOT having the "run" option in that dialogue in Firefox is security, so the use of this extension has its risks. There's a heading for it on the Forms page but no detail yet: Lazarus, to be found at Lazarus is a safety net. It remembers what you've typed into a webform so, if something goes wrong or you lose what you've typed, it'll have quietly remembered what you did and offer to put it back for you. I commend it to your attention :)
DTA was already in there. The section as a whole is quite empty because the article is a WIP and because download manager add-ons are not something I've used often yet. I also avoid add-ons I believe to be too dumbed-down or case-specific, such as Youtube MP3 converters and such. OpenDownload is a nice suggestion, thanks. I'm an opponent of boxing users into cages under the false motto of protection and security, like Mozilla is trying to do. Installed already and loving it. And yes, I'm familiar with Lazarus, that's why I put it there: so I can work on it when I get to that section. Textarea Cache does something similar, but of course only on textareas. Handy to rescue WIP forum posts without revealing possibly sensitive form info. :)