- 1 Beware
- 2 My favorite Firefox add-ons
- 3 Privacy and security related add-ons
- 3.1 CanvasBlocker by kkapsner
- 3.2 Cookies Exterminator by Off JustOff (legacy)
- 3.3 Decentraleyes by Thomas Rientjes
- 3.4 Don’t touch my tabs! by Jeroen Swen
- 3.5 Header Editor by 泷涯, 道滿
- 3.6 Neat URL by Geoffrey De Belie
- 3.7 Privacy Badger by EFF Technologists
- 3.8 Project Insight by em_te
- 3.9 Skip Redirect by Sebastian Blask
- 3.10 Smart HTTPS by ilGur
- 3.11 Smart Referer by meh., Alexander Schlarb
- 3.12 uBlock Origin by Raymond Hill
- 3.13 uMatrix by Raymond Hill
- 4 Add-ons providing additional functionality
- 4.1 Add custom search engine by Tom Schuster
- 4.2 Classic Theme Restorer by Aris (legacy)
- 4.3 Easy Copy by Byron (legacy)
- 4.4 Exif Viewer by Alan Raskin
- 4.5 Flagfox by Dave G
- 4.6 NewsFox by Andrey Gromyko, R Pruitt (legacy)
- 4.7 ScrapBook X by Danny Lin (legacy)
- 4.8 Scroll Up Folder by Bruce Bujon (Perfect Slayer) (legacy)
- 4.9 Search Site by DW-dev (legacy)
- 4.10 Sidebars List by Infocatcher (legacy)
- 4.11 Violentmonkey by Gerald
- 5 Header Editor code examples
- 6 Useful Violentmonkey/Greasemonkey scripts
- 7 Troubleshooting add-on related issues
- 8 Doing it without an add-on
- 9 Giving back
- 10 Recent changes to this page
This article was last updated on November 12, 2018. See the list of recent changes at the end.
Mozilla Firefox is a popular, extensible, open source (partially) web browser that is highly configurable and easy to use. Somewhat bare out of the box however, its functionality is easily extended with add-ons, or extensions if you prefer, of which there are many thousands.
With so many “free” add-ons, the casual user might be tempted to install a large quantity of them, however i would highly recommend installing only the add-ons you really like or need since the potential to break things and compromise browser security and your privacy increases with every add-on that is installed.
Another issue that should be considered is unethical add-on developers that sometimes package unwanted and unnecessary components which may include provisions for tracking your web activities or other behavior that is not relevant to the expected function of the add-on. This problem has grown exponentially worse with Mozilla’s move to the WebExtension platform which makes it much easier for unethical developers that have infected the Google Chrome Store to port their garbage to Firefox. Although Mozilla limits what an extension can do, user tracking and advertising is permitted and so i would highly recommend that you take the following precautions before installing any add-on:
- Be very wary of any tool-bar add-on. Many/most of these, but not all, contain 3rd party spyware components for the purpose of monetizing the add-on.
- Read the add-on permissions. The Mozilla add-on website lists the permissions that add-ons require, though there seems to be major problems at this time in that all permissions used by an add-on may not be listed, or permissions which the add-on does not use may be listed, so don’t trust this completely. What you should be looking for is permissions that seem unnecessary given the described functionality of the add-on.
- Don’t install newly released add-ons. Mozilla uses an automated system to evaluate add-ons and, as of this writing, it is deeply flawed, so wait for a while until others have had a chance to flag it as abusive or review it. If the add-on disappears the next day, be thankful you didn’t install it.
- Read the user reviews. Always read the user reviews to see how well an add-on is liked and be wary if it is rated at 3 stars or less, or not rated at all, or was reviewed by only a few people. Even if the add-on is rated 4 or 5 stars, check the comments of the people that gave it the lowest rating to see if their gripes seem legitimate. Many highly rated add-ons that have been installed by 10’s of thousands of people contain unwanted functionality such as user profiling and tracking.
- Check the developers profile. Always check to see what other add-ons the developer has created and how those are rated. Be wary when the developer is named as a company and not an individual.
- Visit the developers website. See what kind of content is on the developers website if they list one. Look for marketing hype and be wary of dot com domains.
- Is the source code published? Be very wary of developers that attempt to hide their add-on source code. Most ethical developers will publish their source code on platforms like GitLab or GitHib where users can get support and submit bug reports.
- Check the license. Be wary of any developer who licenses their add-on under a restrictive license, such as ‘All Rights Reserved’. Most ethical developers will use a liberal open source license, such as the GPL or Mozilla Open Source license.
- Does the developer list a website and support links? Be wary of any developer that lists neither a website, preferably where the add-on source code is published, nor a support link. No developer should make it difficult or impossible to contact them or submit bug reports.
- Be wary of very popular add-ons. It seems that developers of add-ons having many thousands of users are often contacted by 3rd parties wanting to buy their add-on or make some sort of shady deal with the developer. This has happened many times with many add-ons over the years. Adblock Plus by Eyeo GmbH (Wladimir Palant), which currently lists over 11 million users, is a glaring example where a developer created an ad blocking add-on which allows ads by default! Giorgio Maone, the developer of the very popular NoScript add-on, engaged in similar chicanery a while back.
It was always very important for me to be honest and fair to the users. I had very good offers to sell the extension, but I didn’t want to see that AiOS turn into adware or spyware.
My favorite Firefox add-ons
There are a few very popular add-ons that are absent here, including NoScript, Adblock Plus, Ghostery, etc.. While this may seem odd to some, the functionality offered by these extensions is largely covered by uBlock Origin and uMatrix. See my Firefox Configuration Guide for Privacy Freaks and Performance Buffs article for more information.
Regarding the Adobe Flash Player, i do not install the Flash plugin since you can watch most videos without it and therefore i have no need to worry about the security and privacy risks associated with Flash. If you have trouble watching some videos without Flash, try the EmbedUpdater add-on.
CanvasBlocker by kkapsner
|Cookies Exterminator removes objects (“cookies”, localStorage, IndexedDB) that are left-behind by a website even after you close its tab. As of this time, Mozilla has not made available the API that would allow the same functionality with WebExtensions.|
Decentraleyes by Thomas Rientjes
Don’t touch my tabs! by Jeroen Swen
|Don’t touch my tabs! is a simple install-it-and-forget-it add-on that stops a new tab from modifying the content of the previous tab from which you opened the new one.|
Header Editor by 泷涯, 道滿
|Header Editor can manipulate the browsers HTTP request and responce headers. Using this tool provides many options regarding privacy, redirects and more. See the end of this article for some usage examples.||For advanced users.|
Neat URL by Geoffrey De Belie
|Neat URL simply removes unnecessary parameters from URLs which are often used for tracking purposes. Using the Google search results as an examlpe, it turns this garbage: |
Privacy Badger by EFF Technologists
|Privacy Badger by the EFF helps to block various tracking and spying mechanisms. It works well in conjuction with uBlock Origin and if you disable uBlock on a site for some reason, such as troubleshooting, Privacy Badger will still offer some protection regarding your privacy. This is another extension which you can pretty much forget about after installation.|
Project Insight by em_te
|Project Insight displays the permissions for all your add-ons including what domains they have permission to access.|
Skip Redirect by Sebastian Blask
|Redirects sometimes happen when you click on a hyperlink expecting to go directly to the destination and, instead, your request is passed through an intermediatary. Redirects are often used to track your browsing history or display ads before you are forwarded to the target domain. Skip Redirect simply tries to bypass this annoying behavior. I would suggest keeping the notification enabled when Skip Redirect does its thing as this makes it easy to troubleshoot a problem.||May break the functionality of some websites in which case they can be added to a whitelist.|
Smart HTTPS by ilGur
|Smart HTTPS simply attempts to load unsecured (HTTP) websites securely (HTTPS). ‘Pants’, from the ghacks-user.js repo, doesn’t like Smart HTTPS and favors HTTPS Everywhere instead. Your milage may vary, but i prefer the former as it has never given me any trouble and doesn’t rely on rule-sets.|
Smart Referer by meh., Alexander Schlarb
|When you visit a website and then click a link on that site that takes you somewhere else, the site that you are going to will know where you came from if the referer header is present. Smart Referer simply eliminates this intrusion upon your privacy except when you navigate to another page on the same domain.|
uBlock Origin by Raymond Hill
|uBlock Origin is a superior content filter (or firewall, if you like) that replaces most other content/ad blockers for me, including Adblock Plus/Edge, NoScript, Policeman and several others. It is capable of using the same filter lists as Adblock Plus/Edge as well as many more that they cannot. Two of the most welcome differences with uBlock Origin is that it does not slow page loading to any noticeable degree and it uses less memory then the Adblock derivatives. Another major advantage is that it can block both 1st and 3rd party requests for images, scripts and frames. See my Firefox Configuration Guide for Privacy Freaks and Performance Buffs article for more information regarding uBlock Origin. Lastly, note that there are two versions of uBlock; uBlock and uBlock Origin. You absolutly need to use the latter which is written by the original developer, Raymond Hill.||As with any content filtering extension, uBlock Origin has the potential to break website functionality until it is configured correctly.|
uMatrix by Raymond Hill
|uMatrix is another very powerful content blocker by Raymond Hill and though it is similar to uBlock Origin, it offers more granular control over blocking various resources including cookies, CSS, images, plug-ins, scripts, XHR, frames and more. In my case i use uBlock Origin as my only primary content blocker, however it is perfectly fine to use both together. See my guide, Firefox Configuration Guide for Privacy Freaks and Performance Buffs, for information on how to properly configure them to get the most out of each one.||As with any content filtering extension, uMatrix has the potential to break website functionality until it is configured correctly.|
Add-ons providing additional functionality
Add custom search engine by Tom Schuster
|Though there are several ways of adding search engines to the search bar, Add custom search engine offers a fairly simple method that gives you a bit more piece of mind and control then you otherwise might have if you installed a search engine extension. It also allows you to set any icon you want either by entering its URL or by specifying the base64 code. Another alternative is Search Engines Helper by Soufiane Sakhi which has the added advantage of importing and exporting all your search engines.||Because of the severe restrictions with the WebExtension API, it is apparently not possible to add a search plugin directly through the add-on and therefore such WebExtensions must use a 3rd party resource, in this case file.io.|
Classic Theme Restorer by Aris (legacy)
|Not happy with the new Australis interface for Firefox? I don’t blame you, but if you want the latest gizmo’s and security fixes, you’re stuck with it. Unfortunately, yet another add-on is necessary to re-add the functionality that the wizards at Mozilla think you don’t need, and that add-on is Classic Theme Restorer. In addition to its many settings for manipulating the appearance of Firefox, CTR also makes is easy to disable some of the “features” which rely on 3rd party services, including the Hello and Pocket features.|
Easy Copy by Byron (legacy)
|The highly configurable Easy Copy add-on provides the ability to copy various content, such as hyperlink text, page titles and their links, excerpts and more, in various formats. For example it makes it easy to copy both a page title and link which is formatted for posting on a forum.|
Exif Viewer by Alan Raskin
|Exif Viewer allows you to view the EXIF metadata stored in many JPEG images, including the camera and exposure info and, when available, the GPS location of the image.|
Flagfox by Dave G
|Flagfox is a neat utility that adds an icon to the address bar which represents the flag of the country in which the web server is located. When the icon is right-clicked, a context menu is revealed with many more tools, such as a WHOIS lookup, URL shortening services and more. You can also add your own services.||If you choose to display the menu icons, they are not stored locally and have to be fetched the first time you open the menu.|
NewsFox by Andrey Gromyko, R Pruitt (legacy)
|If you read a lot of syndicated feeds (RSS/ATOM) NewsFox is, in my opinion, the best extension for reading and managing your news feeds within Firefox, even given its caveats. It offers a lot of configuration options for reading, organizing and marking the status of feeds, and it has a clean, intuitive, customizable, 3 pane interface.||NewsFox can briefly hang the Firefox GUI while checking feeds. The problem worsens as more threads are enabled in the settings. I don’t like that you cannot create sub-folders within a folder.|
ScrapBook X by Danny Lin (legacy)
|A fork of the original ScrapBook extension, ScrapBook X is a very handy tool for storing and organizing scraps of text, whole web pages, or images that you want to save. I use it often when i research subject matter, such as when i wrote the NPR article. You can import, combine and export your scrap book, including exporting as HTML. If you need more power, try Zotero.|
Scroll Up Folder by Bruce Bujon (Perfect Slayer) (legacy)
|Scroll Up Folder is a nice little extension which makes it super simple to navigate within a domain by moving up or down the URL structure using your mouse wheel when you hover over the address bar. For example, you can go from ||For some reason the author coded this extension so that it adds “www.” to the domain when navigating to the root domain even when “www.” is not present, though i’ve never yet had any problems with this.|
Search Site by DW-dev (legacy)
|Search Site is a great little extension that adds another icon in the right side of the Search Bar that, when clicked, will search only the current website for your search terms. Though there are others like it, i particularly like the way it’s integrated. If another icon is too much for you, you can hide it and just use Ctrl+Enter instead.|
|The name, Sidebars List, doesn’t do justice to its functionality. The primary function of this add-on, at least for me, is not to list the sidebars, but rathrer to access the sidebar quickly by clicking the left edge of the browser window and this works great, especially when the window is maximized. See the Sidebars List tweak here if you want to completely hide the splitter/switch.|
Violentmonkey by Gerald
|Violentmonkey is for running user created scripts which are typically used to change how a website functions or looks. Some of the most popular scripts allow you to download videos from sites like YouTube, or enhance the functionality of sites like Facebook and Google. You can even find some proof of concept scripts for defeating CAPTCHA’s, though they don’t appear to be fully baked yet. For a selection of scripts that i personally find useful, see the bottom of this page. At this time i think Violentmonkey is a better alternative to Greasemonkey or Tampermonkey.||Installing user scripts is a security and stability risk! While this holds true for extensions as well, scripts are generally not scrutinized to the degree that extensions are when download from Mozilla. Be sure to read the feedback from others, as well as the history of the developer, before installing scripts.|
Header Editor code examples
There’s many things you can do with the Header Editor extension. Following are a few examples:
In this first example, we can empty the ETag HTTP header in order to help preserve our privacy. To begin, create a new rule in Header Editor named
ETag Removal. For the rule type, select ‘Modify the response header’. For the match type, select ‘All’. For the execute type, select ‘Normal’. For the header name, enter
etag. Leave the header value empty and make sure to save the configuration.
The X-Forwarded-For header can be used by the web server to obtain your IP address through a proxy and is therefore a privacy risk. To empty this header, create a new rule in Header Editor named
X-Forward-For Removal. For the rule type, select ‘Modify the response header’. For the match type, select ‘All’. For the execute type, select ‘Normal’. For the header name, enter
X-Forward-For. Leave the header value empty and make sure to save the configuration.
In this last example we will redirect all
youtube.com links to
youtube-nocookie.com links. This should prevent YouTube from placing cookies in the browser when visiting web pages with embedded YouTube videos. To create this redirect, create a new rule in Header Editor named
YouTube 'nocookie'. For the rule type, select ‘Redirect request’. For the match type, select ‘Regular expression’. For the match rule, enter
https?://(?:www.)?youtube.com/embed/(.+). The exclude rules field can be left blank. For the execute type, select ‘Normal’. In the redirect to field, enter
https://www.youtube-nocookie.com/embed/$1. Make sure to save the configuration.
Useful Violentmonkey/Greasemonkey scripts
ViewTube – One of the better scripts for dealing with YouTube stupidity, this script prevents auto-play and allows you to view videos in a variety of formats, including HTML5 or by using an external player such as VLC. ViewTube also makes it easy to download video files in all of the various formats and levels of quality it can detect. ViewTube works with many video sharing sites other than YouTube and can be extended to work with even more using the ViewTube+ add-on which you can download from the home page.
In the privacy department, there are a few scripts written by members of the ghacksuserjs project which offers a security and privacy-centric
user.js template to make Firefox and websites respect your privacy. Currently these scripts include Conceal history.length, Conceal window.name and Clear window.opener, all of which can be found in the User Scripts section of their wiki. To add these scripts to Greasemonkey, open
about:addons in your browser and click the User Scripts heading. Now go to the wiki page and copy one of the scripts, then click New User Script… link at the top of the User Scripts settings page. A form will appear at the bottom of which should be a button labeled Use Script From Clipboard. After the script is pasted, a new window should display with the full script after which you can save it and you’re done.
Doing it without an add-on
Enhancing privacy and security
See my Firefox Configuration Guide for Privacy Freaks and Performance Buffs article for more information.
See my Firefox Scroll Tweak tutorial for how to enable dynamic, silky smooth scrolling without using an extension.
Copying text without formatting
Sometimes you may want to copy text without the added HTML markup. While i am not aware of any way to do this without an extension, you can do the next best thing, which is paste the text without the formatting. To do this, simply paste using Ctrl+Shift+V instead of Ctrl+V. This works on Windows and Linux.
Removing the Firefox window title-bar on Linux, KDE
See this article: Tutorial: Remove Firefox Title Bar On Linux KDE – Alternate Methods
If you like an add-on, or any other free software, please donate to the developer. Trust me when i tell you that most developers of free software usually receive nothing, or next to nothing for all their hours of hard work and the support they provide. Developers are usually very appreciative of a donation regardless of how small it may be.
Recent changes to this page
- removed all mention of the older XUL/add-on SDK type since such information is pretty much depreciated due to the rather complete adoption of WebExtensions
- removed information regarding Waterfox, which i no longer use nor recommend using
- added more information about what to be careful with when installing add-ons