NoScript is an incredibly useful Extension for Firefox. Unfortunately, the default settings are less then optimal. The intent of this guide is to explain how to configure NoScript to gain the benefits of less scripts, while minimizing the hassle. As of writing this, NoScript is at version 2.6.9.36. As that version number changes, this guide will become less useful on exact settings.
I’m assuming you already have Firefox and NoScript installed. If not, get those done first, then come back. I’ll wait…
NoScript’s options can be reached by clicking on the NoScript icon (top right of screen, by default) and then Options (towards bottom of menu). There are 6 tabs for options. I’ll group my recommended changes and list them below. Then explain why I think they should be made. As with everything: it’s your computer, use as you see fit.
Highly recommended changes:
1. On the Notifications tab, uncheck “Show message about blocked scripts”. It’s near the top of the menu.
2. On the Appearance tab, uncheck “Allow Scripts Globally (dangerous)”. It’s on the left edge, near the middle.
Suggested Changes:
1. On the Whitelist tab, select and then remove all of the websites above the “about:”‘s. ie, all the black (not grey) sites above “about:blank”.
2. On the Embeddings tab, check “Forbid “. It’s on the right, near the top.
3. Still on the Embeddings tab, check “Forbid “. It’s on the right, near the top.
4. Still on the Embeddings tab, check “Forbid WebGL”. It’s on the left, near the middle.
5. On the Appearance tab, uncheck “Allow all this page”. It’s on the right, near the middle.
Might be useful changes:
1. On the Notifications tab, uncheck “Display the release notes on updates”. It’s near the bottom of the menu.
And that’s the list of changes from default to make. Now on to my reasoning why they are worth making. I’ll be address them in the same order as above.
If “Show message about blocked scripts” is checked, there will be a bar at the bottom of every site you go to, informing you there are scripts that are being blocked. This serves as a reminder that NoScript is blocking things, which changes how the page look. If you are aware that it’s blocking stuff (which is why you installed it), you don’t need the constant reminder. On the other hand, if you think you won’t be able to remember to ‘allow’ sites that look odd, it may be worth leaving the reminder active.
If “Allow Scripts Globally” is checked, there is an easily accessible option to turn off NoScript. As the option itself says, doing this is dangerous. Dangerous enough that I think the requirement of having to go to the options first is an appropriate buffer for misclicks. The odds of you accidentally clicking on “Options”, then “Whitelist”, then “Scripts Globally Allowed” is much lower then accidentally clicking on just “Allow Scripts Globally”.
There is a decently long list of preallowed sites in the default whitelist. I cannot say for certain that any of them are ‘bad’, but I don’t know all of them. It’s simpler/quicker to remove them all, and re-add those that you do need, then to figure out which ones are actually ‘good’.
I treat the three extra “Forbid” under “Embeddings” the same. If you’re blocking stuff, why not block it all. You can always re-allow the sites you want. Why let untrusted sites run some kinds of things, but not others.
“Allow All” puts all of the sites attached to the page you are currently on into the whitelist. As most sites only need 1 or 2 sites to be allowed, while also having multiple you’d rather remained blocked, this option is counterproductive. If you just want this one site to work, there is “Temporarily allow all this page”. This has the same immediate effect, without the longer term impact of adding things to the whitelist.
By default, release notes are displayed when there is an update. As this tends to happen rather often, and most people don’t care about this level of detail, I turn it off. If you are ever curious, and want to see the notes, you can always click on “Options”, then “Changelog”.
And that’s that. If you’ve followed my directions, you now have NoScript configured in what I consider a much more useful manner. But your mileage may vary, feel free to explore the NoScript options and try different things. Should you ever mangle the settings beyond use, there is a convenient “Reset” button on the bottom of the options window.
Enjoy your quicker and quieter web browsing.