RequestPolicy For Firefox Gives You Control Over Cross-Site Connections

The majority of websites make connections to other domains when you connect them. Examples are a site that is using Google Analytics for web statistics or Google Adsense for monetization, embeds videos from YouTube, or uses a content distribution network. Sometimes these requests are needed to use all of a site's functionality. Amazon for instance loads contents from images-amazon.com. While it is still possible to use the site, part of the site's functionality is not available until you permit that connection.

RequestPolicy for the Firefox web browser has been designed to put you back in control over the connections the browser makes. It works in this regard similar to the popular NoScript add-on, but with the difference that it does not prevent onsite scripts from running.

When you first install the add-on, you can add sites to the whitelist. The developer has prepared international and location specific lists.

request policy

The majority of suggestions allow connections between sites by the same company. Examples are to allow google.com connections when you are on gmail, or fbcdn.net connections when you are on Facebook. These can significantly reduce issues that users encounter after enabling the add-on in the browser. It is however not necessary to add any site combination to the whitelist.

This whitelist approach is different from NoScripts whitelisting approach, as NoScript allows connections from that domain on all websites, whereas RequestPolicy only allows them on one specific site.

RequestPolicy adds an icon to the Firefox status bar that acts as a control panel and indicator at the same time. A red flag indicates that connections have been blocked on a website. A click on the flag displays information about those connections, and options to temporarily or permanently allow those connections to be made on the current site.

cross-site connections

The page is automatically reloaded if you allow connections to be made.

The preferences let you manage the whitelist, export or import settings, and modify the strictness of the add-on. The add-on by default uses base domains, e.g. ghacks.net to allow same-site requests. You can change that to full domain names, e.g. www.ghacks.net, or full addresses instead.

What I personally like most about RequestPolicy is the granular whitelisting which allows you to run the same scripts on some sites but not on others (for instance to show Adsense ads on Ghacks, but not on other sites). It is also less intrusive than NoScript if the whitelisting suggestions are added during setup.

Please share this article

Facebooktwittergoogle_plusredditlinkedinmail


Filed under:


Responses to RequestPolicy For Firefox Gives You Control Over Cross-Site Connections

  1. Robert Palmar February 6, 2012 at 7:58 pm #

    I will have to try this. I did find NoScript intrusive
    and annoying to the point I could not live with it.

    I like the Adsense flexibility on this too
    for support of sites the user chooses.
    Which goes with saying gHacks.

    • Martin Brinkmann February 6, 2012 at 8:01 pm #

      It is more flexible in this regard, which should appeal to users who find NoScript intrusive.

      • Robert Palmar February 6, 2012 at 8:03 pm #

        I know you liked NoScript so
        your positive impression
        was duly noted here.

    • Robert Palmar February 6, 2012 at 8:02 pm #

      "without saying"

      Although in this case "with saying"
      may have the same meaning.

      In which case I did
      not have to say this.

      Enough said.

  2. David February 6, 2012 at 11:34 pm #

    Hi Martin,

    NoScript does other useful things. Can you describe how to disable in NoScript what this plug-in does, to prevent overlap.

    Thanx

    • Martin Brinkmann February 6, 2012 at 11:51 pm #

      David, while I have not looked to closely, I would say that you need to enable "allow all scripts globally" in NoScript for that. I'm not 100% certain though that both add-ons are compatible with each other, and that enabling scripts globally has no effects on the add-on's remaining features.

  3. Xmetalfanx February 8, 2012 at 5:38 am #

    I have both set to block all (by default) (same with CookieSafe) .. .I then add sites as I go to them. I think they both support (actually Noscript, Request Policy, AND possibly CookieSafe too) have options to backup your "white-list" and settings, so I just back them up every so-often and transfer them to my other computer...

    Really I know some of the RP and NS settings could be "over-lapping", though I have NEVER had an issue with having both installed

    -Xmetalfanx

    • David February 8, 2012 at 9:06 pm #

      Thanx Xmetalfanx,

      So NoScript can be set to allow cross-connections from select domains on all websites and RequestPolicy can still restrict them on all but specific sites.

      Double the setup work, but it only has to be done once per site. Think I'll give it a try. I don't do a lot of random browsing. My main concern was conflicts between NS and RP.

Leave a Reply