This page looks best with JavaScript enabled

Safer Browsing with NoScript

 ·  ☕ 4 min read

2015-12-15 Update

NoScript continues to be the most important and first extension I install. I highly recommend using the extension or an equivalent extension/functionality. I now use Xombrero over Firefox primarily due to the NoScript functionality being built-in to the browser rather than making it an extension.

Background

This article provides more detail on what NoScript is and how to use it. For a brief overview, see Safe Browsing Tips.

NoScript is a web browser extension that disables Javascript on a specific website. This is useful because Javascript is a common component used by hackers and/or people who want to get information from you that you do not want (e.g. hackers getting IP addresses, personal information, etc. or websites wanting to track you in inappropriate ways).

Details

Of all the Extensions I recommend, NoScript can seem to be the most burdensome but it is the most critical in my opinion. NoScript blocks the most common functionality used by websites and hackers to cause mischief - javascript.

As mentioned earlier, NoScript blocks Javascript on a web page. Some websites work fine without Javascript, some only need it for things you don’t care about (such as tracking or bad things), and other websites must have it to function appropriately. NoScript handles this by simply blocking all Javascript and allowing you to “allow” the blocked Javascript to run if and when you want it to. NoScript has an icon that appears in your browser’s menu bar (or wherever you want it to be). When it blocks javascript from a page you see a big red circle with a line through it indicating it has blocked Javascript on the page. To allow the Javascript to run simply click the icon and select Allow XYZ where XYZ is the website that NoScript blocked the Javascript from.

It is important to note that most web pages pull in content from other web pages. For example, if you go to RunKeeper.com you will notice that there is Javascript from RunKeeper.com and also Cloudfront.net. This is usually done by sites to supplement or enrich their website with information from other websites. NoScript blocks scripts on a page for all sites that the script comes from. If you want to Allows RunKeeper.com’s script but not Cloudfront.net you simply select Allow RunKeeper.com.

It is also important to note the difference between Allow and Temporarily Allow. Temporarily Allow simply lets the script run while you have your browser open. When you close your browser and go back to that site, NoScript will block the Javascript from that site again. I suggest using Temporarily Allow for all sites. When you find that you are always going to a site and selecting Temporarily Allow then think about selecting Allow. NoScript will then ‘remember’ your selection and from that point forward it will allow the Script from that site. This is handy in that you do not need to click the Temporarily Allow every time you visit the site but it can be dangerous to give a site that much trust.

Think about the site you are Allowing before allowing it to be trusted with the privilege to run Javascript on your computer! If it is a well known and trusted site then feel free to add it. If you are unsure, don’t permanently add it or maybe you don’t want to give it the permission at all! You can always do some research to see if a site is safe - and as a last resort, post a comment or send us an email.

I highly recommend using NoScript. In the beginning, it can be time consuming and burdensome to get it configured to your liking but after a few days you will Allow the sites you trust and from that point forward you wont be annoyed by NoScript blocking sites you trust. NoScript will simply sit quietly in the background, doing its job to protect you while browsing.

Notes

You can export the list of of sites you’ve Allowed in NoScript by going to Menu>Tools>Addons and selecting the Preferences for NoScript. Go to the Whitelist tab and select Export. Now you can import this into another browser (say your work browser or simply another browser profile) and will have the same list of “trusted” sites within NoScript!

Share on

drad
WRITTEN BY
drad
Sr. Consultant