I released a list of security add-ons for the Firefox web browser in 2011. A lot has changed since then: some add-ons were removed from the Add-ons repository or abandoned by their authors, while others were created after the publication of the list.
You can still read that guide and find more than a dozen great security extensions for the browser in the list. While that is great, an update was in order to take the changes into account after the release of the guide back in 2011.
The guide provides you with an overview of the best Firefox security add-ons. Best is of course a subjective term; the list is created by me based on what I consider good security add-ons.
Your opinion may differ in some regards. Some extensions that you hold in high regard may not be listed here, others that are on the list may not be liked by you, and so on. I encourage you to leave comments below to add to the guide. Post about add-ons that you think should or should not be on the list, so that we can get a nice discussion going in the comments.
My Security Extension
I'd like to start with the security extension that I'm using in Firefox. It is just one extension, but one of the core reasons why I use Firefox and no other browser.
Regulars know that I hold the NoScript extension in high regard. It is the best Firefox security extension in my opinion. Its core feature is the blocking of all scripts that a website wants to load when you connect to it. While that may be inconvenient at times, it ensures that your computer is safe from any script-based attacks that are launched from websites you visit.
You can make things more comfortable by whitelisting trusted sites so that you do not have to modify permissions on every page visit.
NoScript ships with other features, including protection against cross-site scripting attacks and clickjacking attacks.
Firefox security extensions
The following list of browser extensions for Firefox are all security related and work in the latest stable version of the browser. The list is further divided into groups such as cookies or passwords to bring some structure into it that the 2011 list was missing.
Extensions that block or manipulate scripts or other data are listed here. Note that NoScript falls into this category as well.
- Adblock Plus - Blocks unwanted advertisement and other scripts and elements that you want blocked. Alternative: Adblock Edge: same deal but without the acceptable ads.
- BluHell Firewall - A lightweight ad blocker, great alternative to Adblock Plus. Formerly known as Hellboy Firewall.
- Request Policy - Gives you more control over third party connection requests that your browser makes.
Cookies are small bits of data that websites store on the local computer. While most users associated cookies with text base cookies, other types of cookies exist.
- Cookie Controller - The extension provides you with quick access to site-specific cookie controls. You can enable or disable cookies and DOM storage for a particular site, remove all cookies with a click, or configure exceptions.
- CS Lite Mod - Set cookie permissions for each domain you visit comfortably from the toolbar.
- Self-Destructing Cookies - The extension deletes cookies automatically when they are no longer needed. It offers options to add exceptions to the rule, so that you can keep some cookies
This lists extensions that do not fit into any of the other categories.
- BrowserProtect - protects the browser against homepage and search provider hijacks among other things.
- Click to play per element - If you enable a plugin on a page, all instances of that plugin get enabled on that page. With the extension, only the selected element gets enabled (e.g. a video).
- Disable clipboard manipulations - Prevents web pages from listening to copy, paste and cut events.
- FEBE - Backup Firefox data.
- HTTPS Everywhere - Connects to the HTTPS version if available. NOT hosted on Mozilla.
- Long URL Please - Reveals the actual target of shortened URLs.
- Perspectives - Improves how security certificates are verified during connection.
- Preferences Monitor - Will monitor the Firefox preferences for unwanted changes and notifies you about them.
- Secure Sanitizer - Wipes Firefox disk cache securely.
- VTZilla - Scan links or file downloads on VirusTota before you visit websites or download files to your local system.
There is nothing wrong with using the default Firefox password manager, provided that you protect it with a Master Password. The following add-ons may improve how you work with the password manager, or may add third party password manager support to Firefox.
- KeeFox - If you are using the KeePass Password Safe desktop password manager, then you can use KeeFox as a bridge between the program and Firefox. (Note: you may not need an extension as KeePass ships with a global shortcut as well)
- LastPass Password Manager - a popular online password manager with an impressive set of features.
- Master Password+ - The add-on improves Firefox master password protection in several ways, for instance by adding on-demand or time-based locking options to it.
- Quick Passwords - Provides quick access to the Firefox password manager and a couple of other helpful additions, especially for users who run multiple accounts on a single domain.
Site Information / Data
Extensions that display additional information about the sites you visit or let you change the data that is transferred.
- Hostname in Titlebar - Adds information about the hostname into the browser's titlebar.
- HTTP Nowhere - Block all unencrypted traffic with the click of a button.
- Modify Headers - Enables you to add, replace or filter HTTP requests.
- Padlock - Revives the classic padlock icon that indicates HTTPS connections.
- Show IP - Displays the IP address of the site you are connected to as well as additional information such as its location and warnings.
- Site Identity Button Colors - Highlights all types of secure sites (https) visually, so that they are easier to distinguish between and identify.
- Tamper Data - Display and edit HTTP and HTTPS headers and post parameters in Firefox.
- View Dependencies - Adds a new tab to the Page Info window that displays which files have been loaded during connect.
- Web of Trust - A community-driven service that provides website ratings.
- WorldIP - Retrieves and displays IP-based information, protects against DNS spoofing and hijacking.