Turn Firefox into a Security Information Powerhouse

Martin Brinkmann
May 26, 2015
Updated • May 26, 2015

The majority of things that happen when you load a website in your browser of choice happen in the background. Unless you have installed security extensions in the browser or software on the system, you may be completely unaware of the connections that are initiated when a page is loaded in the browser.

While you can check that manually using the browser's developer tools (hit F12 and switch to network for that), it is only displaying information to you while the page is loading.

The Firefox web browser is probably the browser with the best selection of extensions that provide you with security information, often before you connect to a website.

This guide provides you with a list of extensions that you may want to consider for that.

Tip: Check out our Firefox security and privacy guide, and the security part of our list of best Firefox add-ons.

The extensions

Site Identity Button Colors

site identity colors

The add-on brings back colored site indicators to distinguish visually on first glance between verified domains, identities and mixed content sites.

Site Identity Button Colors uses Mozilla's own pre-Firefox 15 color scheme by default. You may change that to stronger colors in the add-on options.

SSL Sleuth

ssl sleuth

The Firefox add-on ranks SSL connections based on how strong they are. It provides you with a summary of important connection parameters such as the cipher suite, the SSL/TLS version or the certificate.

The rating itself is displayed in Firefox's address bar automatically. You may also use it to disable RC4 suites and non PFS / non RC4 suites globally in the browser which may improve the strength of the connection but may cause connection issues on some sites.

Passive Recon

passive recon

The add-on provides you with tools to look-up link or site information without visiting the site in question.

Just right-click on any link in Firefox and select a service or tool listed in the Passive Recon menu to run the query.

You may look up DNS, IP and Whois information for instance, run various Google searches, check mail servers or generate a site report on Netcraft.

While you can do so manually as well, Privacy Recon makes it a lot easier to perform these operations, especially if you run them regularly in the browser.

Web of Trust

web of trust

The extension ranks a website's trustworthiness and child safety both in Firefox's interface but also in search engine results.

The rankings are powered by the Web of Trust community and third-party sources. While that works fine most of the time, it may happen that sites that are not dangerous or untrustworthy get a bad reputation score due to the community focus of the service.

The options displays all sites that ratings are shown on. The list of sites includes the popular search engines Google Bing and Baidu, social sites like Facebook, and a bunch of other sites including Wikipedia, Yahoo and Reddit.

Safe Preview

safe preview

Safe Preview lists options to check links using several online services including Web of Trust, Google, Avast, DrWeb or Norton Safe Web.

To use it simply right-click on any link open in Firefox and select the "Is it safe" option from its context menu.

Secure or Not

secure links

The extension draws borders around all links on a web page you run it on highlighting secure links in green and insecure links in red.

This is especially useful on sites with web forms as it may not always be clear immediately if what you enter is submitted using a secure connection.

Connection-related extensions

Several Firefox add-ons list connections that are made to third-party servers when a page is loaded in the browser.

  • Lightbeam for Firefox - Lightbeam makes all connections in Firefox visible using graphs and list views.
  • NoScript Security Suite - NoScript blocks all scripts loaded by first and third-party connections. You are in full control of these connections and can enable and disable them as you see fit. The extension supports additional security-related features, including an option to look-up domains online, clickjacking protection or restrictions as to what untrusted sites may load.
  • Policeman - PoliceMan is a rules-based extensions that displays connections made by the browser. Unlike NoScript for instance, it supports rules based on content types and not only connections.
  • RequestPolicy - Puts you in control of cross-site requests made in Firefox. You may block or allow destinations, or simply list all connections made to third-party sites.
  • uMatrix - The add-on lets you manage connections made on pages you visit. It may be used to allow or block specific connections.

Misc extensions

These "smaller" extensions may prove useful as well.

  • FoxBleed - The extension checks whether websites you visit are affected by the Heartbleed vulnerability.
  • Site Check - The extension runs a site check scan on the Sucuri website which brings issues such as drive by downloads, social engineering attacks or phishing attempts to your attention.

Now You: Did we miss an add-on? Feel free to post suggestions in the comment section below.

Turn Firefox into a Security Information Powerhouse
Article Name
Turn Firefox into a Security Information Powerhouse
A list of Firefox add-ons that add additional security capabilities to the web browser by displaying additional security-related information.

Tutorials & Tips

Previous Post: «
Next Post: «


  1. PhoneyVirus said on May 29, 2015 at 5:44 pm

    Martin if no buddy said this to you yet, I’m going to and pretty much can for everyone else, you have to take it easy on the Firefox Add-ons and Firefox updates builds seriously man take a break. Since Q1 this years you must of covered wait let me go count them… ruffly 70+ Add-ons, way to much Firefox coverage. Your making a browser look like its becoming a operating system with no end in sight and with that its becoming relatively hard to click-on even though I know it has useful information its becoming hard. Even the Software nice to see you cut back on that, it feels like there no schedule in place, randomly more or less a war zone. You have to go through some anxiety doing all this writing because I can barely keep it together with all the hardware, software, operating systems etc not alone been a webmaster.

    Oh and you can forget about me clicking on anymore links in any Firefox article, with every link the anxiety level just increase, wow man wow, yes that was sarcasm with a 83% anxiety level.

    1. Gyffes said on June 4, 2015 at 3:59 pm

      While you may have a valid point re: Martin’s extensive firefox coverage, your entire argument falls apart because you cannot spell.

      “too much”
      it’s (repeatedly)

      Feel free to stop clicking links to Firefox, and to stop commenting. It hurts to see the language gutted like that.

  2. ams said on May 26, 2015 at 6:01 pm

    Martin, as a bullet point under “Connection related extensions”, policeman deserves a mention here

    1. Wybo said on May 27, 2015 at 4:05 pm

      Thanks pants and ams for the mentioning of Policeman and links to RequestPolicy Continued. Umatrix seems to be for the advanced users. Which I am not. Cheers

  3. Richard Allen said on May 26, 2015 at 2:38 pm

    Couple of these I hadn’t heard of before. Thank You Sir!

  4. Nikki said on May 26, 2015 at 2:05 pm

    Web of trust is a sham and thank you for promoting such unreliable Finnish service.

    1. ams said on May 26, 2015 at 5:59 pm

      WOT put a lot of technical effort into creating their service. Perhaps blame the users for polluting the ratings with inaccurate reports (people get PAID to conduct “competitor slander” campaigns, placing malicious ratings), misguided or (drunk?) reports (“dis site sux. i hate blue pages. yuk!”).

      From the outset, WOT staff included a Ph.D. who created, and incrementally refined, various “weighting” algorithms intended to thwart users attempting to game the ratings system. Although the cumulative result of the WOT ratings database is far from ideal, I don’t feel the development effort was entirely futile.

      1. Nebulus said on May 26, 2015 at 9:55 pm

        They might’ve put a lot of efforts into it, but as long as you rely on users to do the work (i.e. identify the good/bad sites) there is no way you can have a reliable service.

    2. Pete said on May 26, 2015 at 3:46 pm

      @Nikki: why did you have to mention Finland in this context? Is everything coming from Finland bad?

      1. Nebulus said on May 26, 2015 at 9:53 pm

        I was wondering the same thing… I don’t like WoT, but what is the problem with it being Finnish??

      2. Anonymous said on May 26, 2015 at 7:31 pm

        @Tom Hawack

        Oh gawd .. why did you have to mention the Spanish … nobody expects the Spanish [Inquisition]

      3. Tom Hawack said on May 26, 2015 at 6:23 pm

        I think he meant “it happens to be Finnish”, doesn’t mean it’s because it is Finnish. In fact I recall a lovely young lady back in young years studying in Lausanne : her hair was black like a Spanish, beautiful (until then I thought basic hair color was blond in all northern countries!)… Finished!

      4. Pants said on May 26, 2015 at 3:54 pm

        at least you’ll always have The Dudesons :)

    3. Pete said on May 26, 2015 at 3:44 pm

      I agree. There have been lots of cases where the credibility of the rankings have been shot down. The rankings can be manipulated, like this article tells you:

      “While that works fine most of the time, it may happen that sites that are not dangerous or untrustworthy get a bad reputation score due to the community focus of the service.”

      Why recommend this crap?

    4. Maelish said on May 26, 2015 at 3:14 pm

      As far as I can tell, WOT is a waste of time. And wow does it slow down browser loads.

      1. Tom Hawack said on May 26, 2015 at 6:18 pm

        I wouldn’t rely on WOT, hence install its add-on. But users’ comments regarding a site can be interesting.

  5. Wybo said on May 26, 2015 at 1:40 pm

    Unfortunately Request Policy is not working with FF 38.0/38.01 :(

    So I use No Script, HTTPS Everywhere, Better Privacy, Flash Control, Privacy Badger and ZenMate for my privacy.
    Would be really interested to find out if that is a good mix ?. Thanks.

    I also use Ublock to block ads on some sites.

    1. Zeus said on May 26, 2015 at 7:50 pm

      From the Request Policy addon description:

      > RequestPolicy’s new version is under development as RequestPolicy Continued. Ultimately, I’d like RequestPolicy Continued to replace RequestPolicy.

      It links to here: https://requestpolicycontinued.github.io/

      I just installed it last night, and it seems to work okay.

    2. Tom Hawack said on May 26, 2015 at 6:15 pm

      uBlock can perform external calls filtering as RequestPolicy does. In fact after RequestPolicy and before uBlock appeared the add-on Policeman. Policeman is the closest to RequestPolicy with far more granularity and even than uBlock itself. RequestPolicy is IMO out of date, but if it runs correctly for the user then why not.

      1. ams said on May 27, 2015 at 6:18 am

        “it’s going to totally break when e10s is implemented”

        RPContinued version for e10s has been in development since last November & was recently merged into the “dev 1.0” branch

      2. Pants said on May 26, 2015 at 7:39 pm

        I just thoroughly tested RequestPolicy on FF 38.01 and its doing exactly as it should. I know its been abandoned per se (I did try the fork but it was just terrible – screwed up my rules, terrible UI etc – total mess), and it’s going to totally break when e10s is implemented – so when I get time closer to the date, I’ll be testing out
        – Policeman
        – uBlock Origin (I read that uBlock was abandoned by the developer who forked to Origin?)
        – uMatrix – which in the last hour I installed and have been testing it out

        Just saying that as far as I can tell Request Policy is working, for me anyway. But totally want a supported replacement and to go with more rocks … no wait, I meant granite .. umm granularity .. that’s it, yeah .. granularity.

    3. Hy said on May 26, 2015 at 2:57 pm

      I also couldn’t get Request Policy to install on Cyberfox 38, then I found this fork which continues it:


      1. Martin Brinkmann said on May 26, 2015 at 8:07 pm

        Good point, I have added it to the list.

      2. Wybo said on May 26, 2015 at 5:16 pm

        Ah. Thanks for that. Indeed I can dl that one.

    4. Pants said on May 26, 2015 at 1:54 pm

      Request Policy is working perfectly fine for me on 38.01

      1. ams said on May 27, 2015 at 6:33 am

        Instead of clicking “install” button at the addons.mozilla.org website, RIGHT-click and save the extension’s .xpi file.
        Rename the .xpi to .zip and extract the contents. Open the “install.rdf” in a text editor and find “maxVersion”.

        Edit the stated maxVersion value to your current ff version, then save the install.rdf and re-zip the extracted files.
        Change the archive file extension back to .xpi …drag the file into Firefox ( or use File-}Open in the firefox toobar ) and you will often discover that the extension still works perfectly for your ff version.

      2. Wybo said on May 26, 2015 at 5:13 pm

        When I go to download page of Request Policy it says: “Not available for Firefox 38.0” and the add to FF button is greyed out!!

  6. Pants said on May 26, 2015 at 1:36 pm

    https://addons.mozilla.org/en-US/firefox/addon/cert-viewer-plus/ Steve Gibson from GRC gave it five stars – read his comment




    some of these may be obsolete as dev console matures etc or replicate functionality already mentioned

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.