Security Plugins for Firefox



Firefox is a popular web-browser according to W3Schools ( A popular web-browser may be at risk for security and privacy issues because malicious hackers will want to target such a browser. Also, a security or privacy issue in a popular browser will affect numerous people. Obviously, some users of Firefox may want to use plugins to enhance their privacy and security. Thankfully, many such plugins are available.

The official Mozilla plugins repository (used by Firefox) has a category for security and privacy plugins (

NoScript Security Suite ( || prevents executable content on untrusted sites from executing. Such content includes JavaScript, Silverlight, Flash, Java, and many others. NoScript also protects against cross-site scripting attacks (XSS), cross-zone DNS rebinding, Internet-to-Intranet attacks, CSRF attacks (router hacking), tracking (DoNotTrack tracking), and Clickjacking attempts. Executable content (especially JavaScript) provides malicious hackers ways to perform various attacks and exploits. Therefore, controlling which sites allow or disallow executable content (via whitelists and blacklists) provides security, privacy, and usability.

FUN FACT: On March 10, 2014, Edward Snowden endorses NoScript.

Link Alert ( adds a cursor-tooltip (when pointing at a link) that informs the user about the weblink's target. This enables users to have an idea about the link before opening it.

HTTPS Everywhere ( is made by The Tor Project and the Electronic Frontier Foundation, and it forces Firefox to use HTTPS rather than HTTP if the server supports HTTPS. HTTPS is HTTP with SSL encryption. Obviously, HTTPS is more secure than HTTP.

HTTP Nowhere ( blocks all HTTP resources. This plugin works well with "HTTPS Everywhere", thus ensuring that only Secure HTTP is used.

NOTE: Force HTTPS ( is said to be a simple alternative to "HTTPS Everywhere". However, it does not work.

Disconnect ( forces "no-tracking" by preventing trackers from loading. This also helps to speed-up web-loading because these trackers are never loaded and executed.

WOT ( informs users of the safety of websites. This plugin gets its data from WOT's website.

BetterPrivacy ( manages and removes "LSO" cookies (Flash-cookies) and other persistent cookies that Firefox cannot easily remove itself.

Beef Taco ( prevents ads from tracking users by setting opt-out cookies. If Firefox uses a plugin to block ads, then this plugin is useless. Keep in mind that this plugin works by creating hundreds of opt-out cookies.

Ghosty ( || blocks iframes, images, and scripts from untrusted sources. The plugin also deletes LSO cookies. If using BetterPrivacy and NoScript, then there is no need for Ghosty.

Additional Security Tips
When needing extra security and privacy, be sure to use common sense and logic. Do not type passwords, usernames, financial information, etc. on untrusted sites, insecure sites, and non-encrypted pages. If needed, try using a proxy server or the Tor Web-Browser.

Do not allow or add any certificates that you do not know. In addition, do not install or run unknown, untrusted, or unusual software or Java applets. If needed, deactivate Flash, Shockwave, IcedTea, Java, etc. in Firefox's settings.

Some users may want to access data on a Dark Web rather than the Surface Web (ARPANET). Using a typical web-browser, people can access the Freenet via Fproxies which are proxy servers that connect the Surface Web to the Freenet. Some Fproxies include and .

Tor2Web ( is a proxy on the Surface Web that allows regular web-browsers to access the Darknet. Type the address of the desired Tor website in the browser's URL-bar, but replace ".onion" with "". The Darknet can connect to the Surface Web because the last onion router (exit node) connects to the Surface Web server.

Further Reading


$100 Digital Ocean Credit
Get a free VM to test out Linux!

Members online