Whenever I speak to someone who used NoScript for a day or two I'm told that the add-on is complicated and a nuisance.
NoScript, for those of you who do not know it, is an add-on for the Firefox web browser whose main feature is the blocking of scripts running on web pages you visit in the browser.
This includes advertisement, tracking, social media, many media embeds, other third-party scripts such as Discus and also first-party scripts required for functionality on the website itself.
The main issue that new users have with NoScript is that it can render websites inoperable. Elements such as video or audio playback may not work, comments may not show up or images may not be displayed.
Depending on where you go on the Internet you may experience this a lot or not at all. Facebook for example does not work if you don't allow the facebook.com domain in NoScript while you should not have any issues browsing ghacks.net without whitelisting anything.
Tips for new users
You need to understand that it takes time to get accustomed to NoScript and how it works. You will encounter websites and pages that won't work properly at first and it may seem a daunting task to whitelist them temporarily or permanently.
It gets better over time though. An added benefit is that you understand domain relations better as well. You identify ad serving domains quickly for example but also third-party services that many sites use for functionality.
- If a site does not load properly while NoScript is enabled, look at the list of domains that try to run scripts. It often helps to allow the first-party domain and many sites will work with it enabled. You can identify it easily as it has the same domain name as the site you are on. It is also listed first by NoScript so that you can find it easily. A left-click on the NoScript icon adds it to the whitelist temporarily.
- If that is not enough, search for additional first-party related domain names. You may want to look for cdn.name entries for example or domain names that sound similar to the one you are on. Sometimes you need to know more about the company running the site. To use the example above again, AOL owns the Huffington Post which makes aolcdn.com a high-profile target for enabling missing functionality on the site. There you also find huffpost.com which is another domain.
- Other domains identify as ads or tracking services almost immediately. There is adtech, scorecardresearch, advertising, quantserve or adsonar for example. There are only a few sites on the Internet that force you to enable these for functionality.
- Social Media sites are also easily identifiable: Twitter, Google or Facebook for example can be spotted easily.
- You can middle-click on any domain listed there to display links to security tools such as Web of Trust, Safe Browsing, McAfee Site Advisor and others.
- If you are not certain about a domain, do some research on it especially if you encounter it regularly.Tacoda.net for instance does not ring any bell but a quick search on the Internet reveals that it has been a tracking company that AOL acquired.
- The information that you gather can be useful later on when you encounter domains you have researched on other sites.
- If you trust a domain, you can whitelist it permanently. For example, if you operate your own website you can add it to the whitelist so that you don't have to whitelist it temporarily anymore whenever you visit it.
- Temporary whitelisting comes into play sometimes. It is useful if you want to allow a domain for the current session but not permanently. I use it sometimes to find out which domains are required for a site's functionality and which are not.
- If you cannot figure it out or don't want to whitelist domains, try a different browser. Run a portable Chromium or Opera version for example and open these edge-case sites in those browsers instead, preferably in a sandbox as well (Use Sandboxie for example for that).
Now You: Feel free to share your NoScript tips and comments below.