- 1 WebExtensions
- 2 Beware
- 3 My favorite Firefox Waterfox add-ons
- 4 Privacy and security related add-ons
- 4.1 CanvasBlocker by kkapsner
- 4.2 Cookies Exterminator by Off JustOff (legacy)
- 4.3 Decentraleyes by Thomas Rientjes
- 4.4 Don’t touch my tabs! by Jeroen Swen
- 4.5 Header Editor by 泷涯, 道滿
- 4.6 Neat URL by Geoffrey De Belie
- 4.7 Privacy Badger by EFF Technologists
- 4.8 Project Insight by em_te
- 4.9 Skip Redirect by Sebastian Blask
- 4.10 Smart HTTPS by ilGur
- 4.11 Smart Referer by meh., Alexander Schlarb
- 4.12 uBlock Origin by Raymond Hill
- 4.13 uMatrix by Raymond Hill
- 5 Add-ons providing additional functionality
- 5.1 Add custom search engine by Tom Schuster
- 5.2 Classic Theme Restorer by Aris (legacy)
- 5.3 Easy Copy by Byron (legacy)
- 5.4 Exif Viewer by Alan Raskin
- 5.5 Flagfox by Dave G
- 5.6 NewsFox by Andrey Gromyko, R Pruitt (legacy)
- 5.7 ScrapBook X by Danny Lin (legacy)
- 5.8 Scroll Up Folder by Bruce Bujon (Perfect Slayer) (legacy)
- 5.9 Search Site by DW-dev (legacy)
- 5.10 Sidebars List by Infocatcher (legacy)
- 5.11 Violentmonkey by Gerald
- 6 Header Editor code examples
- 7 Useful Violentmonkey/Greasemonkey scripts
- 8 Troubleshooting add-on related issues
- 9 Doing it without an add-on
- 10 Giving back
- 11 Recent changes to this page
This article was last updated on 27-Sep-2018. See the list of recent changes at the end.
Mozilla Firefox is a popular, “free”, open source web browser that is extremely configurable and easy to use. Somewhat bare out of the box however, its functionality is easily extended with add-ons, or extensions if you prefer, of which there are many thousands.
As you may know, Mozilla is phasing out the old XUL/XPCOM browser add-ons in favor of WebExtensions. Though there are indeed security and stability benefits with the new model, the problem with WebExtensions is that their functionality is severely limited. For example, the once hugely popular Classic Theme Restorer add-on will no longer work since Firefox version 57. Since i depend on certain add-ons that cannot be ported to the WebExtension platform, i have chosen to abandon the Mozilla build of Firefox in favor of Waterfox, the developer of which, Alex Kontos, intends to support both XUL/XPCOM and the newer WebExtensions. Waterfox is also a more privacy-centric browser with a little less bloat.
Which flavor of the browser you choose to run is of course entirely your decision. If you run the official Mozilla Firefox version, you will always have the latest version with the latest features and security updates, but you’re privacy will also be more at risk unless you take additional measures. If you run Waterfox, know that the latest release can lag several major versions behind Firefox, but it is a more privacy-centric browser that supports both WebExtensions and the older XUL/XPCOM extensions. Both flavors are available in 64bit and both support hardware acceleration, however many of the legacy add-ons will prevent hardware acceleration from working. Personally, i’m willing to trade a bit of performance and the latest Mozilla money-making schemes for better privacy and additional functionality from a developer which i believe to be more ethical.
In the add-on list below, the older XUL/XPCOM extensions are indicated with the ‘(legacy)’ label. Just know that they will not work in the newer versions of Firefox.
With so many “free” add-ons, the casual user might be tempted to install a large number of them, however i would highly recommend installing only the add-ons you really like or need since the potential to break things and compromise browser security and your privacy increases with every add-on that is installed.
Another issue that should be considered is unethical add-on developers that sometimes package unwanted and unnecessary components which may include provisions for tracking your web activities or other behavior that is not relevant to the expected function of the add-on. Although Mozilla limits what an extension can do, user tracking and advertising is permitted and so i would highly recommend that you take the following precautions before installing any add-on:
- Be very wary of any add-on which is packaged in the form of a tool-bar. Many/most of these contain 3rd party spyware components for the purpose of monetizing the add-on.
- Read the Permissions to learn what capabilities the extension requires. Older add-ons which were not ported to WebExtensions are known as Legacy add-ons and may access all browser functions. Given a choice, i would suggest using WebExtension add-ons wherever possible and only those which require the permissions necessary to accomplish the functionality in order to do their job.
- Don’t install an add-on when it’s first released. Mozilla uses an automated system to evaluate add-ons initially and, as of this writing, it is deeply flawed, so wait for a while before installing a newly released add-on as this will give Mozilla and the users time to better evaluate it.
- Check the user reviews to see how well an add-on is liked and be wary if it is rated at 3 or less stars, or not rated at all. Even if the add-on is rated 4 or 5 stars, check the comments of the people that gave it the lowest rating to see if their gripe seems legitimate. Several highly popular add-ons contain unwanted functionality such as user profiling/tracking including Abduction, a screen capture utility; Quick Locale Switcher, a language switcher; FasterFox Lite, a largely useless utility which claims to speed-up Firefox; BlockSite, a content blocker; Google’s Search By Image, a reverse image search utility, and many others.
- Check the developers profile to see what other add-ons they have created and how those are rated.
- Visit the developer website if one is available and see what kind of content is there. Look for marketing hype and be wary of dot com domains.
- Be weary of developers that provide neither a website where the source code is published nor a method to submit support requests. Most ethical developers will make their source code easy to find and provide a proper support platform, such as that offered by GitHub.
It was always very important for me to be honest and fair to the users. I had very good offers to sell the extension, but I didn’t want to see that AiOS turn into adware or spyware.
Firefox Waterfox add-ons
Although i use the brand name ‘Firefox’ throughout this article, i no longer use Firefox for reasons which you can read about here. Instead i use Waterfox which is a lighter and more privacy-centric fork of Firefox.
There are a few very popular add-ons that are absent here, including NoScript, Adblock Plus (or Adblock Edge), Ghostery, etc.. While this may seem odd to some, the functionality offered by these extensions is largely covered by uBlock Origin and uMatrix. See my Firefox Configuration Guide for Privacy Freaks and Performance Buffs article for more information.
Regarding the Adobe Flash Player, i do not install the Flash extension since you can watch most videos without it and therefore i have no need to worry about the security and privacy risks associated with Flash. If you have trouble watching some videos without Flash, try the EmbedUpdater add-on.
CanvasBlocker by kkapsner
|Cookies Exterminator removes objects (“cookies”, localStorage, IndexedDB) that are left-behind by a website even after you close its tab. As of this time, Mozilla has not made available the API that would allow the same functionality with WebExtensions.|
Decentraleyes by Thomas Rientjes
Don’t touch my tabs! by Jeroen Swen
|Don’t touch my tabs! is a simple install-it-and-forget-it add-on that stops a new tab from modifying the content of the previous tab from which you opened the new one.|
Header Editor by 泷涯, 道滿
|Header Editor can manipulate the browsers HTTP request and responce headers. Using this tool provides many options regarding privacy, redirects and more. See the end of this article for some usage examples.||For advanced users.|
Neat URL by Geoffrey De Belie
|Neat URL simply removes unnecessary parameters from URLs which are often used for tracking purposes. Using the Google search results as an examlpe, it turns this garbage: |
Privacy Badger by EFF Technologists
|Privacy Badger by the EFF helps to block various tracking and spying mechanisms. It works well in conjuction with uBlock Origin and if you disable uBlock on a site for some reason, such as troubleshooting, Privacy Badger will still offer some protection regarding your privacy. This is another extension which you can pretty much forget about after installation.|
Project Insight by em_te
|Project Insight displays the permissions for all your add-ons including what domains they have permission to access.|
Skip Redirect by Sebastian Blask
|Redirects sometimes happen when you click on a hyperlink expecting to go directly to the destination and, instead, your request is passed through an intermediatary. Redirects are often used to track your browsing history or display ads before you are forwarded to the target domain. Skip Redirect simply tries to bypass this annoying behavior. I would suggest keeping the notification enabled when Skip Redirect does its thing as this makes it easy to troubleshoot a problem.||May break the functionality of some websites in which case they can be added to a whitelist.|
Smart HTTPS by ilGur
|Smart HTTPS simply attempts to load unsecured (HTTP) websites securely (HTTPS). ‘Pants’, from the ghacks-user.js repo, doesn’t like Smart HTTPS and favors HTTPS Everywhere instead. Your milage may vary, but i prefer the former as it has never given me any trouble and doesn’t rely on rule-sets.|
Smart Referer by meh., Alexander Schlarb
|When you visit a website and then click a link on that site that takes you somewhere else, the site that you are going to will know where you came from if the referer header is present. Smart Referer simply eliminates this intrusion upon your privacy except when you navigate to another page on the same domain.|
uBlock Origin by Raymond Hill
|uBlock Origin is a superior content filter (or firewall, if you like) that replaces most other content/ad blockers for me, including Adblock Plus/Edge, NoScript, Policeman and several others. It is capable of using the same filter lists as Adblock Plus/Edge as well as many more that they cannot. Two of the most welcome differences with uBlock Origin is that it does not slow page loading to any noticeable degree and it uses less memory then the Adblock derivatives. Another major advantage is that it can block both 1st and 3rd party requests for images, scripts and frames. See my Firefox Configuration Guide for Privacy Freaks and Performance Buffs article for more information regarding uBlock Origin. Lastly, note that there are two versions of uBlock; uBlock and uBlock Origin. You absolutly need to use the latter which is written by the original developer, Raymond Hill.||As with any content filtering extension, uBlock Origin has the potential to break website functionality until it is configured correctly.|
uMatrix by Raymond Hill
|uMatrix is another very powerful content blocker by Raymond Hill and though it is similar to uBlock Origin, it offers more granular control over blocking various resources including cookies, CSS, images, plug-ins, scripts, XHR, frames and more. In my case i use uBlock Origin as my only primary content blocker, however it is perfectly fine to use both together. See my guide, Firefox Configuration Guide for Privacy Freaks and Performance Buffs, for information on how to properly configure them to get the most out of each one.||As with any content filtering extension, uMatrix has the potential to break website functionality until it is configured correctly.|
Add-ons providing additional functionality
Add custom search engine by Tom Schuster
|Though there are several ways of adding search engines to the search bar, Add custom search engine offers a fairly simple method that gives you a bit more piece of mind and control then you otherwise might have if you installed a search engine extension. It also allows you to set any icon you want either by entering its URL or by specifying the base64 code. Another alternative is Search Engines Helper by Soufiane Sakhi which has the added advantage of importing and exporting all your search engines.||Because of the severe restrictions with the WebExtension API, it is apparently not possible to add a search plugin directly through the add-on and therefore such WebExtensions must use a 3rd party resource, in this case file.io.|
Classic Theme Restorer by Aris (legacy)
|Not happy with the new Australis interface for Firefox? I don’t blame you, but if you want the latest gizmo’s and security fixes, you’re stuck with it. Unfortunately, yet another add-on is necessary to re-add the functionality that the wizards at Mozilla think you don’t need, and that add-on is Classic Theme Restorer. In addition to its many settings for manipulating the appearance of Firefox, CTR also makes is easy to disable some of the “features” which rely on 3rd party services, including the Hello and Pocket features.|
Easy Copy by Byron (legacy)
|The highly configurable Easy Copy add-on provides the ability to copy various content, such as hyperlink text, page titles and their links, excerpts and more, in various formats. For example it makes it easy to copy both a page title and link which is formatted for posting on a forum.|
Exif Viewer by Alan Raskin
|Exif Viewer allows you to view the EXIF metadata stored in many JPEG images, including the camera and exposure info and, when available, the GPS location of the image.|
Flagfox by Dave G
|Flagfox is a neat utility that adds an icon to the address bar which represents the flag of the country in which the web server is located. When the icon is right-clicked, a context menu is revealed with many more tools, such as a WHOIS lookup, URL shortening services and more. You can also add your own services.||If you choose to display the menu icons, they are not stored locally and have to be fetched the first time you open the menu.|
NewsFox by Andrey Gromyko, R Pruitt (legacy)
|If you read a lot of syndicated feeds (RSS/ATOM) NewsFox is, in my opinion, the best extension for reading and managing your news feeds within Firefox, even given its caveats. It offers a lot of configuration options for reading, organizing and marking the status of feeds, and it has a clean, intuitive, customizable, 3 pane interface.||NewsFox can briefly hang the Firefox GUI while checking feeds. The problem worsens as more threads are enabled in the settings. I don’t like that you cannot create sub-folders within a folder.|
ScrapBook X by Danny Lin (legacy)
|A fork of the original ScrapBook extension, ScrapBook X is a very handy tool for storing and organizing scraps of text, whole web pages, or images that you want to save. I use it often when i research subject matter, such as when i wrote the NPR article. You can import, combine and export your scrap book, including exporting as HTML. If you need more power, try Zotero.|
Scroll Up Folder by Bruce Bujon (Perfect Slayer) (legacy)
|Scroll Up Folder is a nice little extension which makes it super simple to navigate within a domain by moving up or down the URL structure using your mouse wheel when you hover over the address bar. For example, you can go from ||For some reason the author coded this extension so that it adds “www.” to the domain when navigating to the root domain even when “www.” is not present, though i’ve never yet had any problems with this.|
Search Site by DW-dev (legacy)
|Search Site is a great little extension that adds another icon in the right side of the Search Bar that, when clicked, will search only the current website for your search terms. Though there are others like it, i particularly like the way it’s integrated. If another icon is too much for you, you can hide it and just use Ctrl+Enter instead.|
|The name, Sidebars List, doesn’t do justice to its functionality. The primary function of this add-on, at least for me, is not to list the sidebars, but rathrer to access the sidebar quickly by clicking the left edge of the browser window and this works great, especially when the window is maximized. See the Sidebars List tweak here if you want to completely hide the splitter/switch.|
Violentmonkey by Gerald
|Violentmonkey is for running user created scripts which are typically used to change how a website functions or looks. Some of the most popular scripts allow you to download videos from sites like YouTube, or enhance the functionality of sites like Facebook and Google. You can even find some proof of concept scripts for defeating CAPTCHA’s, though they don’t appear to be fully baked yet. For a selection of scripts that i personally find useful, see the bottom of this page. At this time i think Violentmonkey is a better alternative to Greasemonkey or Tampermonkey.||Installing user scripts is a security and stability risk! While this holds true for extensions as well, scripts are generally not scrutinized to the degree that extensions are when download from Mozilla. Be sure to read the feedback from others, as well as the history of the developer, before installing scripts.|
Header Editor code examples
There’s many things you can do with the Header Editor extension. Following are a few examples:
In this first example, we can empty the ETag HTTP header in order to help preserve our privacy. To begin, create a new rule in Header Editor named
ETag Removal. For the rule type, select ‘Modify the response header’. For the match type, select ‘All’. For the execute type, select ‘Normal’. For the header name, enter
etag. Leave the header value empty and make sure to save the configuration.
The X-Forwarded-For header can be used by the web server to obtain your IP address through a proxy and is therefore a privacy risk. To empty this header, create a new rule in Header Editor named
X-Forward-For Removal. For the rule type, select ‘Modify the response header’. For the match type, select ‘All’. For the execute type, select ‘Normal’. For the header name, enter
X-Forward-For. Leave the header value empty and make sure to save the configuration.
In this last example we will redirect all
youtube.com links to
youtube-nocookie.com links. This should prevent YouTube from placing cookies in the browser when visiting web pages with embedded YouTube videos. To create this redirect, create a new rule in Header Editor named
YouTube 'nocookie'. For the rule type, select ‘Redirect request’. For the match type, select ‘Regular expression’. For the match rule, enter
https?://(?:www.)?youtube.com/embed/(.+). The exclude rules field can be left blank. For the execute type, select ‘Normal’. In the redirect to field, enter
https://www.youtube-nocookie.com/embed/$1. Make sure to save the configuration.
Useful Violentmonkey/Greasemonkey scripts
ViewTube – One of the better scripts for dealing with YouTube stupidity, this script prevents auto-play and allows you to view videos in a variety of formats, including HTML5 or by using an external player such as VLC. ViewTube also makes it easy to download video files in all of the various formats and levels of quality it can detect. ViewTube works with many video sharing sites other than YouTube and can be extended to work with even more using the ViewTube+ add-on which you can download from the home page.
In the privacy department, there are a few scripts written by members of the ghacksuserjs project which offers a security and privacy-centric
user.js template to make Firefox and websites respect your privacy. Currently these scripts include Conceal history.length, Conceal window.name and Clear window.opener, all of which can be found in the User Scripts section of their wiki. To add these scripts to Greasemonkey, open
about:addons in your browser and click the User Scripts heading. Now go to the wiki page and copy one of the scripts, then click New User Script… link at the top of the User Scripts settings page. A form will appear at the bottom of which should be a button labeled Use Script From Clipboard. After the script is pasted, a new window should display with the full script after which you can save it and you’re done.
See my guide Firefox: Troubleshooting Add-On Issues.
Doing it without an add-on
Enhancing privacy and security
See my Firefox Configuration Guide for Privacy Freaks and Performance Buffs article for more information.
See my Firefox Scroll Tweak tutorial for how to enable dynamic, silky smooth scrolling without using an extension.
Copying text without formatting
Sometimes you may want to copy text without the added HTML markup. While i am not aware of any way to do this without an extension, you can do the next best thing, which is paste the text without the formatting. To do this, simply paste using Ctrl+Shift+V instead of Ctrl+V. This works on Windows and Linux.
Removing the Firefox window title-bar on Linux, KDE
See this article: Tutorial: Remove Firefox Title Bar On Linux KDE – Alternate Methods
If you like an add-on, or any other free software, please donate to the developer. Trust me when i tell you that most developers of free software usually receive nothing, or next to nothing for all their hours of hard work and the support they provide. Developers are usually very appreciative of a donation regardless of how small it may be.
Recent changes to this pageClick to expand...
- added CanvasBlocker
- minor edits