RequestPolicy For Firefox Gives You Control Over Cross-Site Connections

Martin Brinkmann
Feb 6, 2012
Updated • Jan 29, 2019
Firefox, Firefox add-ons
|
10

The majority of websites make connections to other domains when you connect them. Examples are a site that is using Google Analytics for web statistics or Google Adsense for monetization, embeds videos from YouTube, or uses a content distribution network.

Sometimes these requests are needed to use all of a site's functionality. Amazon for instance loads contents from images-amazon.com. While it is still possible to use the site, part of the site's functionality is not available until you permit that connection.

Update: Request Policy is no longer available. You can try RequestPolicy Continued instead which is still available.

Mozilla changed the add-on system of the Firefox web browser in Firefox 57 and purged all classic add-ons in November 2018. You can check out Request Control or NoScript as alternatives. End

RequestPolicy review

RequestPolicy for the Firefox web browser has been designed to put you back in control over the connections the browser makes. It works in this regard similar to the popular NoScript add-on, but with the difference that it does not prevent onsite scripts from running.

When you first install the add-on, you can add sites to the whitelist. The developer has prepared international and location specific lists.

The majority of suggestions allow connections between sites by the same company. Examples are to allow google.com connections when you are on gmail, or fbcdn.net connections when you are on Facebook. These can significantly reduce issues that users encounter after enabling the add-on in the browser. It is however not necessary to add any site combination to the whitelist.

This whitelist approach is different from NoScripts whitelisting approach, as NoScript allows connections from that domain on all websites, whereas RequestPolicy only allows them on one specific site.

RequestPolicy adds an icon to the Firefox status bar that acts as a control panel and indicator at the same time. A red flag indicates that connections have been blocked on a website. A click on the flag displays information about those connections, and options to temporarily or permanently allow those connections to be made on the current site.

cross-site connections

The page is automatically reloaded if you allow connections to be made.

The preferences let you manage the whitelist, export or import settings, and modify the strictness of the add-on. The add-on by default uses base domains, e.g. ghacks.net to allow same-site requests. You can change that to full domain names, e.g. www.ghacks.net, or full addresses instead.

What I personally like most about RequestPolicy is the granular whitelisting which allows you to run the same scripts on some sites but not on others (for instance to show Adsense ads on Ghacks, but not on other sites). It is also less intrusive than NoScript if the whitelisting suggestions are added during setup.

Summary
Author Rating
1star1star1star1star1star
no rating based on 0 votes
Software Name
RequestPolicy
Software Category
Browser
Landing Page
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. Rick A. said on January 29, 2019 at 4:27 pm
    Reply

    This extension is no more.

  2. Xmetalfanx said on February 8, 2012 at 5:38 am
    Reply

    I have both set to block all (by default) (same with CookieSafe) .. .I then add sites as I go to them. I think they both support (actually Noscript, Request Policy, AND possibly CookieSafe too) have options to backup your “white-list” and settings, so I just back them up every so-often and transfer them to my other computer…

    Really I know some of the RP and NS settings could be “over-lapping”, though I have NEVER had an issue with having both installed

    -Xmetalfanx

    1. David said on February 8, 2012 at 9:06 pm
      Reply

      Thanx Xmetalfanx,

      So NoScript can be set to allow cross-connections from select domains on all websites and RequestPolicy can still restrict them on all but specific sites.

      Double the setup work, but it only has to be done once per site. Think I’ll give it a try. I don’t do a lot of random browsing. My main concern was conflicts between NS and RP.

  3. David said on February 6, 2012 at 11:34 pm
    Reply

    Hi Martin,

    NoScript does other useful things. Can you describe how to disable in NoScript what this plug-in does, to prevent overlap.

    Thanx

    1. Martin Brinkmann said on February 6, 2012 at 11:51 pm
      Reply

      David, while I have not looked to closely, I would say that you need to enable “allow all scripts globally” in NoScript for that. I’m not 100% certain though that both add-ons are compatible with each other, and that enabling scripts globally has no effects on the add-on’s remaining features.

  4. Robert Palmar said on February 6, 2012 at 7:58 pm
    Reply

    I will have to try this. I did find NoScript intrusive
    and annoying to the point I could not live with it.

    I like the Adsense flexibility on this too
    for support of sites the user chooses.
    Which goes with saying gHacks.

    1. Robert Palmar said on February 6, 2012 at 8:02 pm
      Reply

      “without saying”

      Although in this case “with saying”
      may have the same meaning.

      In which case I did
      not have to say this.

      Enough said.

    2. Martin Brinkmann said on February 6, 2012 at 8:01 pm
      Reply

      It is more flexible in this regard, which should appeal to users who find NoScript intrusive.

      1. Robert Palmar said on February 6, 2012 at 8:03 pm
        Reply

        I know you liked NoScript so
        your positive impression
        was duly noted here.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.