Mozilla Firefox is a popular, extensible, open source (mostly) web browser that is highly configurable and easy to use. Somewhat bare out of the box however, its functionality is easily extended with add-ons (or ‘extensions’ if you prefer), of which there are many thousands.
With so many “free” add-ons, the casual user might be tempted to install lots of them, however i would strongly suggest installing only those you really like or need since the potential to break things and compromise browser security and your privacy increases with every add-on installed.
Another problem is unethical developers who may include unwanted and unnecessary functionality that is not relevant to the primary purpose of the add-on. Often this results in data collection, tracking your web activities or worse, all of which i define as malware. The problem of malware in Mozilla’s add-on repository (AMO) has grown exponentially with the company’s move to the WebExtension API which makes it easy for unethical developers who have infected the Google Chrome Store to port their garbage to Firefox. Although the WebExtension API is greatly limited in its capabilities as opposed to the older XUL extensions, user tracking and advertising are permitted and, on occasion, far more dangerous add-ons escape detection. As such, i would strongly recommend observing the following precautions before installing or updating add-ons:
- Be very wary of any tool-bar add-on. Many/most of these, but not all, contain 3rd party spyware/malware components for monetization purposes.
- Read the add-on permissions. The Mozilla add-on website lists the permissions that add-ons require, though there seems to be major problems at this time in that all permissions used by an add-on may not be listed, or permissions which the add-on does not use may be listed, so don’t trust this completely. That said, look for permissions that seem unnecessary given the described functionality of the add-on.
- Don’t install freshly released add-ons. Mozilla uses an automated system to evaluate add-ons and, as of this writing, it is deeply flawed, so wait a while until others have had a chance to flag it as abusive or review it. If the add-on quickly disappears, be thankful you didn’t install it.
- Read the user reviews. Always read the user reviews to see how well an add-on is liked and be wary if it is rated at 3 stars or less, or not rated at all, or was reviewed by only a few people. Sometimes the developer of the add-on will be the first to “review” it, giving it 5 stars. Regardless of the rating however, always check the comments of the people that gave it the lowest rating to see if their gripes seem legitimate. Many highly rated add-ons that have been installed by 10’s of thousands of people contain malware.
- Check the developers profile. Always check to see what other add-ons the developer has created and how those are rated. Be wary when the developer is named as a company and not an individual, or when a developer uses an anonymous name which is displayed as “Firefox user” with a random string of numbers after it.
- Visit the developers website. See what kind of content is on the developers website if they link to one. Look for marketing hype and be wary of dot com domains.
- Check the license. Be wary of any developer who licenses their add-on using a restrictive license, such as ‘All Rights Reserved’. Most ethical developers will use a liberal, open source license, such as the General Public License (GPL).
- Does the developer list a website and support links? Be wary of any developer that lists neither a website nor a support link. No developer should make it difficult or impossible to contact them or submit bug reports.
- Be wary of very popular add-ons. Many developers of hugely popular add-ons have been contacted by shady 3rd parties wanting to buy their add-on or make a deal with the developer. Adblock Plus by Eyeo GmbH (Wladimir Palant), which currently lists over 11 million users, is a glaring example where a developer created a hugely popular ad blocking extension which allows ads by default. Giorgio Maone, the developer of the very popular NoScript add-on, engaged in similar chicanery a while back.
It was always very important for me to be honest and fair to the users. I had very good offers to sell the extension, but I didn’t want to see that AiOS turn into adware or spyware.
My favorite Firefox add-ons
There are a few very popular add-ons that are absent here, including NoScript, Adblock Plus, Ghostery, storage cleaners like Cookie AutoDelete, etc.. While this may seem odd to some, the functionality offered by these extensions is largely covered by uBlock Origin and uMatrix as well as built-in Firefox preferences. See my Firefox Configuration Guide for Privacy Freaks and Performance Buffs for more information.
Regarding the Adobe Flash Player, i do not suggest installing the Flash plugin since you can watch virtually all videos without it and therefore you need not worry about the security and privacy risks associated with Flash. If you have trouble watching the odd video without Flash, try the EmbedUpdater add-on.
CanvasBlocker by kkapsner
ClearURLs by Kevin R.
|ClearURLs replaces Neat URL as my preferred link cleaner. ClearURLs removes many tracking parameters from links you click, such as the Google |
CSS Exfil Protection by Mike Gualtieri
|CSS Exfil Protection prevents a certain CSS exploit that can be used to steal data from webpages.||For advanced users. Could potentially break some websites, though it is easy to disable the add-on in two clicks.|
Decentraleyes by Thomas Rientjes
Don’t touch my tabs! by Jeroen Swen
|Don’t touch my tabs! is a simple install-it-and-forget-it add-on that stops a new tab from modifying the content of the previous tab from which you opened the new one.||Not needed if using CanvasBlocker with proper settings.|
Extension source viewer by Rob W
|Extension source viewer is a handy and well thought out utility to quickly view the source code of a Firefox extension on the Mozilla add-ons website without having to download and unpack it manually. The extension has the ability to search the contents of the files in the source code by prefixing the search with ‘||For advanced users.|
First Party Isolation by freddyb
|First Party Isolation simply toggles the ||For advanced users. Could potentially break some websites, though it can quickly be toggled off via a toolbar button.|
Header Editor by 泷涯, 道滿
|Header Editor can manipulate the browsers HTTP request and response headers. Using this tool provides many options regarding privacy, redirects and more. See the end of this article for some usage examples.||For advanced users.|
HTTPZ by claustromaniac
|HTTPZ is a very simple install-it-and-forget-it add-on that attempts to redirect all all HTTP (insecure) traffic to HTTPS (secure). It has no toolbar button and no configuration options. It just works.|
Invidious Embed by m-k88
|Invidious Embed simply replaces embedded YouTube videos using the Invidious service which avoids connecting to YouTube.|
Privacy Oriented Origin Policy by claustromaniac
|Privacy Oriented Origin Policy (POOP) helps protect your privacy by preventing Firefox from sending Origin headers, though how it works is configurable.||For advanced users. May break some websites, though it is easily disabled and sites can be whitelisted. There is a lengthy discussion about what led to the development of this add-on on GitHub if you’re interested.|
Project Insight by em_te
|Project Insight displays the permissions for all your add-ons including what domains they have permission to access.|
Site Bleacher by wooque
|Site Bleacher automatically removes cookies, local storage and IndexedDB storage set by many websites. While the current Firefox add-on API functionality inhibits every known storage cleaner from addressing all storage, and particularly IndexedDB storage, Site Bleacher works in such a way as to circumvent this limitation.||For advanced users. May break some websites, however this is easily corrected via a whitelist.|
Skip Redirect by Sebastian Blask
|Redirects sometimes happen when you click on a hyperlink expecting to go directly to the destination and, instead, your request is passed through an intermediary. Redirects are often used to track your browsing history or display ads before you are forwarded to the target domain. Skip Redirect simply tries to bypass this annoying behavior. I would suggest keeping the notification enabled when Skip Redirect does its thing as this makes it easy to troubleshoot a problem.||For advanced users. May break the functionality of some websites in which case they can be added to a whitelist.|
Toggle Fonts by Manuel Reimer
|Toggle Fonts simply toggles whether Firefox will load fonts as specified by a website or use its defaults instead. Not allowing remote fonts to load increases privacy.||May occasionally break how a website is displayed, but the add-on is easily disabled in such cases.|
uBlock Origin by Raymond Hill
|uBlock Origin is a superior content filter (or firewall, if you like) that can replace several other content/ad blockers including Adblock Plus/Edge, NoScript, Policeman and several others. It is capable of using the same filter lists as Adblock Plus/Edge as well as many more that they cannot. Two of the most welcome differences with uBlock Origin is that it does not slow page loading to any noticeable degree and it uses less memory then the Adblock derivatives. Another major advantage is that it can block both 1st and 3rd party requests for images, scripts and frames. See my Firefox Configuration Guide for Privacy Freaks and Performance Buffs article for more information regarding uBlock Origin. Lastly, note that there are two versions of uBlock; uBlock and uBlock Origin. You absolutely need to use the latter which is written by the original developer, Raymond Hill.||For advanced users. As with any content filtering extension, uBlock Origin has the potential to break website functionality until it is configured correctly.|
uMatrix by Raymond Hill
|uMatrix is another very powerful content blocker by Raymond Hill and though it is similar to uBlock Origin, it offers more granular control over blocking various resources including cookies, CSS, images, plug-ins, scripts, XHR, frames and more. You can use uMatrix and uBlock Origin together. See my guide, Firefox Configuration Guide for Privacy Freaks and Performance Buffs, for information on how to properly configure them to get the most out of each one.||For advanced users. As with any content filtering extension, uMatrix has the potential to break website functionality until it is configured correctly.|
Violentmonkey by Gerald
|Violentmonkey is for running user created scripts which are typically used to change how a website functions or looks. Some of the most popular scripts allow you to download videos from sites like YouTube, or enhance the functionality of sites like Facebook and Google. There are also many scripts which address privacy concerns. For a selection of scripts that i personally find useful, see the bottom of this page. Violentmonkey seems to be a better alternative to Greasemonkey or Tampermonkey as far as respecting user privacy.||For advanced users. Installing user scripts is a security and stability risk. While this holds true for extensions as well, user scripts are generally not scrutinized to the degree that extensions are when download from Mozilla.|
Add-ons providing additional functionality
Dark Background and Light Text by Mikhail Khvoinitsky
|Dark Background and Light Text replaces Dark Reader as my preferred add-on for darkening the entire web. These ‘darkify’ add-ons, of which there are many, change the colors used by all websites to a darker theme and this one seems to be the best of them.||All of these dark theme add-ons fail miserably in at least some cases and this one is no exception, however it offers a few different styling methods that can be assigned to specific websites where the default method fails.|
Disable Tab Detach by Matt Hensma
|Disable Tab Detach simply prevents moving a tab to a new Firefox window if you accidentally drag it downward from the tab bar. I find this behavior incredibly annoying and the lack of a built-in Firefox option to disable it just as annoying. Disable Tab Detach is kind of hacky, but it gets the job done.|
Exif Viewer by Alan Raskin
|Exif Viewer allows you to view the EXIF metadata stored in many JPEG images, including the camera and exposure info and, when available, the GPS location of the image.|
Flagfox by Dave G
|Flagfox is a neat utility that adds an icon to the address bar which represents the flag of the country in which the web server is located. When the icon is right-clicked, a context menu is revealed with many more tools, such as a WHOIS lookup, URL shortening services and more. You can also add your own services.||If you choose to display the menu icons, they are not stored locally and have to be fetched the first time you open the menu.|
|Link Text and Location Copier allows to copy formatted text and a link for a webpage in various ways, plus you can add your own formats. What i really like about it, besides its customization features, is that can paste as Rich Text, meaning you can paste, for example, the title of a page and its link directly into the visual WordPress editor.|
Search by Image by Armin Sebastian
|Search by Image is for conducting reverse image searches which can be really handy for certain kinds of research when you need to authenticate an image, or if you just want to find the largest or oldest versions (TinEye).|
Stylus by Armin Sebastian
|Stylus is used to write, store and apply custom CSS styles to websites, or even the entire web if you wish. Though this is also possible with user scripts, such as for Violentmonkey or Greasemonkey, working with Stylus is much easier. Note: do not use Stylish, a similar add-on.|
Tab Notes by Wildsky
|Tab Notes is a minimalist add-on that enables you to store text which is displayed on every new tab you open. You edit the text right on the new tab page and changes are saved automatically. It ships with both a dark and light theme. I find this simple utility incredibly handy.|
View Page Archive & Cache by Armin Sebastian
|View Page Archive & Cache makes it easy to find archived version of webpages. It is fairly configurable, though it does not have an option to add your own archive resources, nor does it have an option to send a webpage to an archive, however i find the latter unnecessary since the archive sites i use allow you archive a page if one isn’t isn’t found.|
Header Editor code examples
See the relevant section of Firefox Tweaks and Fixes and Styles and Things
Useful Violentmonkey scripts
In the privacy department there are a few scripts written by members of the ghacksuserjs project which offers a security and privacy-centric
user.js template to make Firefox and websites respect your privacy. Currently these scripts include Conceal history.length, Conceal window.name and Clear window.opener, all of which can be found in the User Scripts section of their wiki. Note that none of these scripts are needed if using CanvasBlocker with proper settings. Note also that the Conceal window.name script breaks [that galactically stupid, annoying and time wasting] Google reCAPTCHA image verification thing as of this writing (11/29/18). To add these scripts to Violentmonkey, open
about:addons in your browser and click the User Scripts heading. Now go to the wiki page and copy one of the scripts, then click New User Script… link at the top of the User Scripts settings page. A form will appear at the bottom of which should be a button labeled Use Script From Clipboard. After the script is pasted, a new window should display with the full script after which you can save it and you’re done.
Listing removed add-ons
While i’m sure there’s a more geeky way of listing extensions which one has removed, this one works for me: In your Firefox profile folder, navigate to
/extensions/staged and there should be folders with the names of the removed extensions.
Doing it without an add-on
Enhancing privacy and security
If you like an add-on, or any other free and open source software, please donate to the developer. Trust me when i tell you that most developers of free software usually receive nothing, or next to nothing for all their hours of hard work and the support they provide. Developers are usually very appreciative of a donation regardless of how small it may be.
This list contains only the most recent changes
- minor edits, moved some stuff around