About this extension

Winner of the "PC World - World Class Award" and bundled with the Tor Browser, NoScript gives you the best available protection on the web. It allows JavaScript, Flash, and other executable content to run only from trusted domains of your choice (e.g. your banking site), thus mitigating remotely exploitable vulnerabilities, such as Spectre and Meltdown.

It protects your "trust boundaries" against cross-site scripting attacks (XSS), cross-zone DNS rebinding / CSRF attacks (router hacking), and Clickjacking attempts, thanks to its unique ClearClick technology.

Such a preemptive approach prevents exploitation of security vulnerabilities (known and unknown!) with no loss of functionality where you need it.
Experts do agree: Firefox is really safer with NoScript!

FAQ: https://noscript.net/faq
Forum: https://noscript.net/forum

A Basic NoScript 10 Guide

Still confused by NoScript 10's new UI?
Check this user-contributed NoScript 10 primer.
and this NoScript 10 "Quantum" vs NoScript 5 "Classic" (or "Legacy") comparison.

Developer comments

Security issues affecting Firefox or the Tor Browser which can be fixed by a NoScript update are guaranteed to be addressed within 24 hours. This sometimes requires many updates to be issued in a short timespan, and when this happens you may notice NoScript UI's asking to "reload this page in order to operate properly". This is normal on "live" updates, and it just means the UI is out of sync with the page content, but there's no need to worry as all the restrictions to scripts and active content are still in place.

Rate your experience

Report this add-on

Release notes for 12.1.1

v 12.1.1
============================================================
x Fix automatic reloading broken if the background script /
service worker is not already initialized on UI load
x Re-enable signing logging

v 12.1
============================================================
x [nscl] Improved work-around for Youtube placeholder
displacement (tor-browser#43296)
x [L10n] Updated pl
x Avoid synchronous policy fetching if document is already
complete (e.g. on extension updates)
x Remove more MV3-only entries from MV2 manifest
x Remove pre-release version check on signing
x More informative debug logging
x Fixed misplaced update_url in development builds (thanks
DJ-Leith for reporting)
x Switch Firefox development build version format to *.9xx
(like Chromium)
x Cross-browser and cross-manifest compatibility down to
Gecko 115
x Improved cross-browser and cross-manifest development and
build ergonomics
x Fixed RequestGuard on Firefox still using CSP.blocks() as
an instance method
x Improved cross-browser and cross-manifest support
x Do not reload affected tabs before saving XSS user
choices, if any
x [nscl] Several performance and reliability enhancements
from NSCL
x [nscl] Updated to latest NoScript Commons Library
x Fixed offscreen placeholder container preventing user
interaction on the left of placeholders
(tor-browser#43282)
x Fix localization-related console spam when opening options
panel (tor-browser#43269)
x Fixed offscreen placeholder container preventing user
interaction on the left of placeholders
(tor-browser#43282)
x Fix localization-related console spam when opening options
panel (tor-browser#43269)

Used by