Firefox Web Browser and Security Add-Ons

Updated 23 June 2021

Table of Contents

...Loading Table of Contents...

    A web browser is one of the digital tools most of us use daily. It is the main way many people access the internet. Many people are familiar with Internet Explorer, Edge, Safari, and Chrome, browsers that come installed with our devices.

    Because we rely so much on browsers, they are often targets for people who want to compromise your privacy or security. Follow the steps below to choose a more secure browser and make its protection stronger.

    Look for the guide to your operating system

    Many of the links on this page will take you to Mozilla's instructions for using Firefox. On that page, click the menus under "Customize this article" on the upper right hand side to see instructions for your operating system (Linux, Mac, Windows), or search for these articles for Android or iOS.

    Change your device’s default browser

    • Do NOT use:
      • Safari
      • Edge
      • Internet Explorer
    • DO use:
      • We strongly recommend the Firefox web browser, made by Mozilla. It has better built-in security than others. Firefox is free and open source software (FOSS).
      • Google Chrome also has high quality security, and would be another option. However, because it is a Google product, consider whether Chrome might send more data about you to Google than you are comfortable with. It will be able to connect your browser history with your email accounts and other personal information.
      • Learn how to set your default browser. Use the drop-down menus under "Customize this article" to find the right instructions for your device. Or, try the links below.


    • Android devices differ, but look in your device's settings for something like Apps or Applications > (possibly Advanced) > Default App(lications > Browser (app)





    Learn why we recommend this

    Not all web browsers are created equal. Some protect your privacy and security more effectively than others.

    Make sure your browser is up to date

    Turn off the browser's built-in password manager

    Learn why we recommend this

    Firefox can save and encrypt passwords for you. However, we recommend you turn this feature off and use separate password manager like KeePassXC instead. Browser-based password managers put you at greater risk of an attacker tricking your browser into giving up your passwords.

    Review the camera, microphone, and other site permissions

    Learn why we recommend this

    Permissions can be like a door or window you left open in your house: if one website can get in, others may be able to as well. Make sure only websites you use and trust have permission to use sensitive features like your camera or microphone. Malware might use those permissions to let someone see or hear where you are.

    Disable in all browsers: Flash and Java

    Disable in your browsers (Firefox, Chrome, Internet Explorer, Safari):

    Check to ensure that the following are disabled in your browser:

    Disable in email

    Learn why we recommend this

    Flash and Java are software packages that make it easy for someone to run malicious code on your device without your permission.

    Check Enhanced Tracking Protections settings

    Learn why we recommend this

    Cookies and other trackers gather details of who you are, where you are, and what you have looked at online. Consider what might happen if these fell into the hands of your adversary, and take these steps to limit tracking.

    Set default search engine

    All browsers



    Learn why we recommend this

    Search engines like Google and Bing build profiles of people who use them, track your device specifically, and share their users' personal information with third parties. Your browser uses one search engine by default when you type in what you want to search for.

    Use protective browser plugins

    All devices

    • You can choose which add-ons to install and decide how to configure them, depending on your circumstances.
    • If you are using a computer that is managed by someone else (at an Internet cafe, for example, or in your place of work), you might have to make these adjustments repeatedly.
    • Install and configure:
      • HTTPS Everywhere
        • Why? Makes it so someone snooping on the network cannot see as much of what you are viewing and posting online, by protecting your browsing with encryption.
      • Privacy Badger
        • Why? Blocks trackers that gather data on where you have been online.
      • uBlock Origin
        • Why? Blocks advertising and trackers, some of which might be malicious.
      • Cookie Autodelete for Firefox and Chrome
        • Why? Deletes trackers that gather data on where you have been online.
      • Facebook Container, if you use Facebook (Firefox only)
        • Why? Keeps Facebook from gathering data on where you have been online and associating it with your profile.
      • Zoom Redirector for Firefox and Chrome
        • Why? By making Zoom links open in your browser, this add-on keeps the call within your browser's protections.
      • Optional, but recommended: NoScript
        • Note that NoScript will often make it appear that there is nothing on pages you visit, or that they are broken. Learn how to configure NoScript so this happens less often.
        • Why? It may be possible for an adversary to get to your device using malicious code in a script downloaded along with a webpage you are viewing. NoScript blocks all code from unknown websites, protecting your device from infection.
    Learn why we recommend this

    When you browse the Web, you come into contact with a great deal of code from unknown sources. This is one reason why the overwhelming majority of malware and spyware infections originate from web pages. Additionally, people who maintain and advertise on websites use "cookies," which are small pieces of information that track you while you browse. And more fundamentally, websites do not always encrypt what they send or receive from you; they do not all use HTTPS.

    We recommend installing these browser plugins or add-ons to protect against these security and privacy issues.

    Manage add-ons and pop-ups

    Learn why we recommend this

    Malicious people may try to trick you into installing malware in the form of add-ons to your browser. They may do this using a pop-up window. Make sure your browser is set to protect you from these tricks. Additionally, ensure add-ons you do want are up to date, and remove ones you are not using. Just as old food can spoil, old code can let in bugs and endanger you.

    Delete browsing history



    Learn why we recommend this

    Your browsing history is a list of websites you have visited. The default option in Firefox is "Remember my browsing and download history", which means that Firefox will remember your browsing, download, form, and search histories. Firefox will also accept cookies (small pieces of information that track your online activity) from the websites you visit. These cookies allow websites to record information on your device that Firefox will send back to them and their advertising partners.

    Browser history can be helpful to you: your browser will suggest pages you have visited before, so you don't have to re-type addresses or get sent to sites that are malicious. But there are trade-offs. If someone had access to the history of what you viewed on the internet, there is a lot they could learn about you, the people you work with, and the things you have been reading about.

    Consider not showing what you last viewed on startup

    Learn why we recommend this

    If you are worried that your device will be seized or searched, turn off the feature that shows the webpages you had open when you last closed your browser.

    Connect over HTTPS

    Learn why we recommend this

    The S in HTTPS stands for "secure." This is the protocol you should use to access web pages in your browser. HTTPS encrypts and protects what you are looking at as it travels between your device and the server the website is on.

    Use private browsing



    Learn why we recommend this

    "Private browsing" is a mode where the browser does not track cookies or save your browser history. Using it is a quick way to hide some of your activity if you otherwise tell your browser it is ok to keep a record of the pages you have searched. It can be especially useful if there is someone you live with who is threatening you and who has access to your device.

    Frequently Asked Questions

    Q: I thought I got the internet through Facebook, Google, or Wikipedia. Do I need a browser?

    A: If you are in a country where Wikipedia, Google, or Facebook provides your free access to the internet (a service known as zero-rating), you may think of these organizations or companies as the internet. But the internet is a much larger, loose network of computers that your device connects to in order to access pages, videos, files, and other content. The internet includes computers owned by governments, military groups, and universities. The internet also includes Facebook, Google, and Wikipedia--not the other way around.

    Using Firefox, instead of an internet browser that is owned by a for-profit company like Google or Facebook, makes it less likely that what you look at online will be shared with a person, company, or government agency who you do not want to know these things.

    Q: Why would I want so many different add-ons to defend myself against malicious websites? If NoScript protects me from potentially dangerous scripts, for example, why do I also need other add-ons which function in a similar way?

    A: It is often a good idea to use more than one tool to address the same general security issue (anti-virus programs are an important exception to this rule, since they tend to conflict with one another). These Firefox add-ons use very different techniques to protect your browser from a variety of threats. NoScript, for example, blocks all scripts from unknown websites, but users tend to 'whitelist' the websites they visit frequently, which allows them to load potentially-malicious scripts. NoScript users also tend to allow unknown sites to load scripts, on a temporary basis, if those scripts are necessary for the page to function properly.