Firefox Extensions – My Picks

Firefox Extensions

This article was last update on 4-Dec-2018. See the most recent changes at the end.

Mozilla Firefox is a popular, extensible, open source (mostly) web browser that is highly configurable and easy to use. Somewhat bare out of the box however, its functionality is easily extended with add-ons, or extensions if you prefer, of which there are many thousands.

Beware

With so many “free” add-ons, the casual user might be tempted to install lots of them, however i would highly recommend installing only those you really like or need since the potential to break things and compromise browser security and your privacy increases with every add-on installed. Unfortunately, because Mozilla’s concern for protecting the privacy of its users is not their primary concern in my opinion, quite a few add-ons and configuration changes are required to beat Firefox into submission.

Another issue that must be considered is unethical add-on developers that may include unwanted and unnecessary components which are not relevant to the functionality users expect, such as those which track your web activities or even mine cryptocurrency. The problem of malware in Mozilla’s add-on repository (AMO) has grown exponentially with the company’s move to the WebExtension API which makes it easy for unethical developers that have infected the Google Chrome Store to port their garbage to Firefox. Although the WebExtension API is greatly limited in its capabilities as opposed to the older XUL extensions, user tracking and advertising is permitted and far more dangerous add-ons do escape detection on occasion. I would highly recommend observing the following precautions before installing any add-on:

  • Be very wary of any tool-bar add-on. Many/most of these, but not all, contain 3rd party spyware/malware components for the purpose of monetizing the add-on.
  • If an add-on has a privacy policy, read it. Some privacy policies are fine but many are clearly worrying.
  • Read the add-on permissions. The Mozilla add-on website lists the permissions that add-ons require, though there seems to be major problems at this time in that all permissions used by an add-on may not be listed, or permissions which the add-on does not use may be listed, so don’t trust this completely. That said, look for permissions that seem unnecessary given the described functionality of the add-on.
  • Don’t install newly released add-ons. Mozilla uses an automated system to evaluate add-ons and, as of this writing, it is deeply flawed, so wait a while until others have had a chance to flag it as abusive or review it. If the add-on quickly disappears, be thankful you didn’t install it.
  • Read the user reviews. Always read the user reviews to see how well an add-on is liked and be wary if it is rated at 3 stars or less, or not rated at all, or was reviewed by only a few people. Sometimes the developer of the add-on will be the first to “review” it and give it 5 stars. Regardless of the rating however, always check the comments of the people that gave it the lowest rating to see if their gripes seem legitimate. Many highly rated add-ons that have been installed by 10’s of thousands of people contain malware.
  • Check the developers profile. Always check to see what other add-ons the developer has created and how those are rated. Be wary when the developer is named as a company and not an individual.
  • Visit the developers website. See what kind of content is on the developers website if they list one. Look for marketing hype and be wary of dot com domains.
  • Is the source code published? Be very wary of developers that attempt to hide their add-on source code. Most ethical developers will publish their source code on platforms like GitLab or GitHib where users can get support and submit feature requests. If the developer does not make the source code easily available, you can still view it by decompiling the add-on, though you will need to have an understanding of the JavaScript language at the very least.
  • Check the license. Be wary of any developer who licenses their add-on using a restrictive license, such as ‘All Rights Reserved’. Most ethical developers will use a liberal, open source license, such as the General Public License (GPL).
  • Does the developer list a website and support links? Be wary of any developer that lists neither a website nor a support link. No developer should make it difficult or impossible to contact them or submit bug reports.
  • Be wary of very popular add-ons. Many developers of hugely popular add-ons have been contacted by shady 3rd parties wanting to buy their add-on or make some sort of unethical deal with the developer. Adblock Plus by Eyeo GmbH (Wladimir Palant), which currently lists over 11 million users, is a glaring example where a developer created an ad blocking extension which allows ads by default. Giorgio Maone, the developer of the popular NoScript add-on, engaged in similar chicanery a while back.

Lastly, keep your add-ons updated, but don’t allow automatic updates. Before updating an add-on, you should revisit its page on AMO and read the version history to see what was changes. You should also re-read the privacy policy to make sure it hasn’t changed. The problem with automatic add-on updates is that a developer may decide to monetize their work at any time and without any warning, or sell their extension to an unethical party such as the developer for Stylish apparently did. Ingo Wennemaring, who developed the hugely popular All-in-One Sidebar add-on, warned about this in a blog post:

It was always very important for me to be honest and fair to the users. I had very good offers to sell the extension, but I didn’t want to see that AiOS turn into adware or spyware.

My favorite Firefox add-ons

There are a few very popular add-ons that are absent here, including NoScript, Adblock Plus, Ghostery, etc.. While this may seem odd to some, the functionality offered by these extensions is largely covered by uBlock Origin and uMatrix. See my Firefox Configuration Guide for Privacy Freaks and Performance Buffs article for more information.

Regarding the Adobe Flash Player, i do not suggest installing the Flash plugin since you can watch virtually all videos without it and therefore you need not worry about the security and privacy risks associated with Flash. If you have trouble watching the odd video without Flash, try the EmbedUpdater add-on.

Privacy and security related add-ons

Name Description Notes/Caveats

CanvasBlocker by kkapsner

CanvasBlocker blocks or fakes ‘canvas’ which is a JavaScript API that is used to draw graphics on-the-fly. Canvas poses a substantial threat to privacy in that it can be used to fingerprint the browser. The author recommends setting the canvas blocking method to ‘fake readout API’ which may seem counterintuitive because this will practically ensure that the browser fingerprint signature is unique, however the signature will change every time canvas is used, so i guess the recommended setting makes sense, especially if you don’t want to be bothered with whitelisting domains if/when something breaks.

Cookie AutoDelete by Kenny Do

Cookie AutoDelete removes some, but not all cached objects. It accomplishes this automatically after closing the tab(s) for any non-whitelisted domain. While CAD does remove cookies and localStorage, it cannot remove IndexedDB storage at this time due to a shortcoming in the WebExtension API. One solution is to use an extension like uMatrix to dump the browser cache at timed intervals. Another is to clear cache manually by selecting ‘Cache’ and ‘Offline Website Data’ with the time range set to ‘Everything’.

CSS Exfil Protection by Mike Gualtieri

CSS Exfil Protection prevents a certain CSS exploit that can be used to steal data from webpages. Could potentially break some websites, though it is easy to disable the add-on in two clicks.

Decentraleyes by Thomas Rientjes

Decentraleyes is a privacy enhancing add-on that has the additional benefit of decreasing the load time for many websites which depend on 3rd party Content Delivery Networks (CDN) for various functionality. It accomplishes this by storing and loading several common JavaScript resources locally instead of having to fetch them from the web server. Could potentially break some websites, though it is easy to white-list affected domains.

Don’t touch my tabs! by Jeroen Swen

Don’t touch my tabs! is a simple install-it-and-forget-it add-on that stops a new tab from modifying the content of the previous tab from which you opened the new one.

Extension source viewer by Rob W

Extension source viewer is a handy and well thought out utility to quickly view the source code of a Firefox extension on the Mozilla add-ons website without having to download and unpack it manually. The extension has the ability to search the contents of the files in the source code by prefixing the search with ‘!‘. For advanced users.

Header Editor by 泷涯, 道滿

Header Editor can manipulate the browsers HTTP request and response headers. Using this tool provides many options regarding privacy, redirects and more. See the end of this article for some usage examples. For advanced users.

Neat URL by Geoffrey De Belie

Neat URL simply removes unnecessary parameters from URLs which are often used for tracking purposes, such as all the utm_* tracking garbage used by Google analytics.

Privacy Oriented Origin Policy by claustromaniac

Privacy Oriented Origin Policy helps to protect browsing privacy by preventing Firefox from sending Origin headers except in special circumstances, such as within the same domain and possibly other special circumstances. There is a lengthy discussion about what led to the development of this add-on on GitHub if you’re interested.

Project Insight by em_te

Project Insight displays the permissions for all your add-ons including what domains they have permission to access.

ReFont by QWERTYUIOPYOZO

ReFont provides a very easy method to change the fonts used by websites. You can set a default global font and then, if something doesn’t display to your liking on a particular website, you can allow the website to use the font it specifies or any other of your choosing. Note that Dark Reader can also replace fonts, so if you use it, you might not want to use ReFont. May break how a website is displayed, however this is easily corrected.

Skip Redirect by Sebastian Blask

Redirects sometimes happen when you click on a hyperlink expecting to go directly to the destination and, instead, your request is passed through an intermediary. Redirects are often used to track your browsing history or display ads before you are forwarded to the target domain. Skip Redirect simply tries to bypass this annoying behavior. I would suggest keeping the notification enabled when Skip Redirect does its thing as this makes it easy to troubleshoot a problem. May break the functionality of some websites in which case they can be added to a whitelist.

Smart HTTPS by ilGur

Smart HTTPS simply attempts to load unsecured (HTTP) websites securely (HTTPS). ‘Pants’, from the ghacks-user.js repo, doesn’t like Smart HTTPS and favors HTTPS Everywhere instead. Your mileage may vary, but i prefer Smart HTTPS as it has never given me any trouble and doesn’t rely on rule-sets.

uBlock Origin by Raymond Hill

uBlock Origin is a superior content filter (or firewall, if you like) that can replace several other content/ad blockers including Adblock Plus/Edge, NoScript, Policeman and several others. It is capable of using the same filter lists as Adblock Plus/Edge as well as many more that they cannot. Two of the most welcome differences with uBlock Origin is that it does not slow page loading to any noticeable degree and it uses less memory then the Adblock derivatives. Another major advantage is that it can block both 1st and 3rd party requests for images, scripts and frames. See my Firefox Configuration Guide for Privacy Freaks and Performance Buffs article for more information regarding uBlock Origin. Lastly, note that there are two versions of uBlock; uBlock and uBlock Origin. You absolutely need to use the latter which is written by the original developer, Raymond Hill. As with any content filtering extension, uBlock Origin has the potential to break website functionality until it is configured correctly.

uMatrix by Raymond Hill

uMatrix is another very powerful content blocker by Raymond Hill and though it is similar to uBlock Origin, it offers more granular control over blocking various resources including cookies, CSS, images, plug-ins, scripts, XHR, frames and more. You can use uMatrix and uBlock Origin together. See my guide, Firefox Configuration Guide for Privacy Freaks and Performance Buffs, for information on how to properly configure them to get the most out of each one. As with any content filtering extension, uMatrix has the potential to break website functionality until it is configured correctly.

Add-ons providing additional functionality

Name Description Notes/Caveats

Awesome RSS by shgysk8zer0

Awesome RSS detects RSS/ATOM news feeds and, if one is available, places an icon in the address bar. Though there are many like it, Awesome RSS is highly customizable.

Dark Reader by Alexander Shutov

Dark Reader applies a dark theme to the entire web. While there are many other add-ons that advertise similar functionality, Dark Reader does not simply invert the colors, nor does it affect images. It’s also highly configurable and can easily be toggled on or off globally, or only for specific domains. Can cause slower page loading and high CPU usage in some cases (the developer is aware and working on this).

Exif Viewer by Alan Raskin

Exif Viewer allows you to view the EXIF metadata stored in many JPEG images, including the camera and exposure info and, when available, the GPS location of the image.

Flagfox by Dave G

Flagfox is a neat utility that adds an icon to the address bar which represents the flag of the country in which the web server is located. When the icon is right-clicked, a context menu is revealed with many more tools, such as a WHOIS lookup, URL shortening services and more. You can also add your own services. If you choose to display the menu icons, they are not stored locally and have to be fetched the first time you open the menu.

Linkificator by MarkaPola

Linkificator simply converts text links and email address to hyperlinks that you can click. It is probably the most configurable text to link extension at AMO.

Search by Image by Armin Sebastian

Search by Image is for conducting reverse image searches which can be really handy for certain kinds of research when you need to authenticate an image, or if you just want to find the largest or oldest versions (TinEye).

Stylus by Armin Sebastian

Stylus is used to write, store and apply custom CSS styles to websites, or even the entire web if you wish. Though this is also possible with user scripts, such as for Violentmonkey or Greasemonkey, working with Stylus is much easier. Note: do not use Stylish, a similar add-on.

Tad by Joel Gustafson

Tad is a minimalist add-on that enables you to store notes which are displayed on every new tab you open. You edit the text right on your new tab page and changes are saved automatically. It ships with both a dark and light theme. I find this simple utility incredibly handy.

View Page Archive & Cache by Armin Sebastian

View Page Archive & Cache makes it easy to find archived version of webpages. It is fairly configurable, though it does not have an option to add your own archive resources, nor does it have an option to send a webpage to an archive, however i find the latter unnecessary since the archive sites i use allow you archive a page if one isn’t isn’t found.

Violentmonkey by Gerald

Violentmonkey is for running user created scripts which are typically used to change how a website functions or looks. Some of the most popular scripts allow you to download videos from sites like YouTube, or enhance the functionality of sites like Facebook and Google. For a selection of scripts that i personally find useful, see the bottom of this page. Violentmonkey is a better alternative to Greasemonkey or Tampermonkey as far as its respect for user privacy. Installing user scripts is a security and stability risk. While this holds true for extensions as well, scripts are generally not scrutinized to the degree that extensions are when download from Mozilla. Be sure to examine the code and read the feedback from others, as well as the history of the developer, before installing scripts.

YouTube Feeds by shgysk8zer0

YouTube Feeds, by the same developer that gave us Awesome RSS, automatically detects news feeds for YouTube channels. Yes, YouTube has RSS/ATOM feeds, though they don’t advertise it. You can read more about that here.

Header Editor code examples

There’s many things you can do with the Header Editor extension. You can give whatever name you want to your filters. Personally i like to prefix them with a tag that indicates the scope of the filter so i know, for example, whether it affects a particular domain or the entire web.

ETag Removal

In this first example, we can empty the ETag HTTP header in order to help preserve our privacy.

  • Name: [global] ETag Removal
  • Rule type: Modify the response header
  • Match type: All
  • Execute type: Normal
  • Header name: etag

X-Forwarded-For

The X-Forwarded-For header can be used by the web server to obtain your IP address through a proxy and is therefore a privacy risk.

  • Name: [global] X-Forward-For Removal
  • Rule type: Modify the response header
  • Match type: All
  • Execute type: Normal
  • Header name: x-forward-for

YouTube ‘nocookie’

This will load 3rd party embedded YouTube videos using the youtube-nocookie.com domain which prevents YouTube from storing some extra data in the browser.

  • Name: [global] embedded YouTube to youtube-nocookie.com.
  • Rule type: Redirect request
  • Match type: Regular expression
  • Match rule: https?://(?:www.)?youtube.com/embed/(.+)
  • Execute type: Normal
  • Redirect: https://www.youtube-nocookie.com/embed/$1

YouTube to embedded

This will redirect all YouTube video links, including youtu.be links, to youtube-nocookie/embed links, even on the YouTube website.

  • Name: [global] YouTube to youtube-nocookie/embed
  • Rule type: Redirect request
  • Match type: Regular expression
  • Match rule: https://(?:www\.)(?:youtube\.com/watch\?v=|youtu\.be)([a-zA-Z0-9]*)
  • Execute type: Normal
  • Redirect: https://www.youtube-nocookie.com/embed/$1

‘youtu.be’ redirect

This will redirect shortened YouTube video links (youtu.be) to youtube.com.

  • Name: [global] bypass youtu.be redirects
  • Rule type: Redirect request
  • Match type: Regular expression
  • Match rule: https?://youtu.be/([a-zA-Z0-9]*)
  • Execute type: Normal
  • Redirect: https://www.youtube.com/watch?v=$1

LiveLeak safe mode

Disable safe mode for LiveLeak video links.

  • Name: [liveleak.com] disable safe mode
  • Rule type: Redirect request
  • Match type: Regular expression
  • Match rule: https?://www\.liveleak\.com/view\?i=(.+?)(?!&safe_mode=off)*$
  • Execute type: Normal
  • Redirect: https://www.liveleak.com/view\?i=$1&safe_mode=off

Clean image links

This will remove any (usually) unnecessary junk after the image extension for image links.

  • Name: [global] clean image links
  • Rule type: Redirect request
  • Match type: Regular expression
  • Match rule: (https?://.*\.)(bmp|jpg|jpeg|gif|png|svg|tiff).*
  • Execute type: Normal
  • Redirect: $1$2

Useful Violentmonkey/Greasemonkey scripts

ViewTube – One of the better scripts for dealing with YouTube stupidity, this script prevents auto-play and allows you to view videos in a variety of formats, including HTML5 or by using an external player such as VLC. ViewTube also makes it easy to download video files in all of the various formats and levels of quality it can detect. ViewTube works with many video sharing sites other than YouTube and can be extended to work with even more using the ViewTube+ add-on which you can download from the home page.

In the privacy department, there are a few scripts written by members of the ghacksuserjs project which offers a security and privacy-centric user.js template to make Firefox and websites respect your privacy. Currently these scripts include Conceal history.length, Conceal window.name and Clear window.opener, all of which can be found in the User Scripts section of their wiki. Note that the Conceal window.name script breaks [that idiotically stupid, annoying and time wasting] Google reCAPTCHA image verification thing as of this writing (11/29/18). To add these scripts to Greasemonkey, open about:addons in your browser and click the User Scripts heading. Now go to the wiki page and copy one of the scripts, then click New User Script… link at the top of the User Scripts settings page. A form will appear at the bottom of which should be a button labeled Use Script From Clipboard. After the script is pasted, a new window should display with the full script after which you can save it and you’re done.

Troubleshooting add-on related issues

See Firefox Tweaks and Fixes and Styles and Things.

Doing it without an add-on

Enhancing privacy and security

See my Firefox Configuration Guide for Privacy Freaks and Performance Buffs article for more information.

Copying text without formatting

Sometimes you may want to copy text from a website and paste it without the added HTML markup. While i am not aware of any way to do this without an extension, you can use Ctrl+Shift+V instead of Ctrl+V when pasting. This works for me on both Windows and Linux, however i’ve had some feedback that indicates it does not work in all cases.

More tweaks

See: Firefox Tweaks and Fixes and Styles and Things

Giving back

If you like an add-on, or any other free and open source software, please donate to the developer. Trust me when i tell you that most developers of free software usually receive nothing, or next to nothing for all their hours of hard work and the support they provide. Developers are usually very appreciative of a donation regardless of how small it may be.

Recent changes

This list contains only changes since the previous edit.

  • removed Privacy Badger since its functionality is handled by Firefox and uBlock Origin
  • removed Smart Referrer since its functionality is handled by uMatrix
  • removed Add custom search engine
  • misc. cleanup and polishing

25 thoughts on “Firefox Extensions – My Picks”

Leave a Reply