How to Improve Security in Firefox, Chrome, and Ie

How to improve security in Firefox, Chrome, and IE

Block third-party cookies, delete your history on exit, and restrict JavaScript in Firefox and Chrome, but don't bother enabling do-not-track until the feature actually works.

Malware is most likely to reach your computer via your browser, according to the most recent Microsoft Security Intelligence Report.

(Credit: Microsoft Security Intelligence Report, Vol. 14)

Like their counterparts in the real world, computer criminals are always looking for vulnerabilities they can exploit. Instead of an open window or unattended wallet, malware purveyors watch for holes in software that allow them to install their spying and stealing payloads onto the computers of unsuspecting users.

As the most recent Volume 14 of the Microsoft Security Intelligence Report indicates, browsers have become the favorite target of computer crooks. In the last quarter of 2012, JavaScript and HTML were the most likely source of computer infections, according to statistics gleaned by the company from its Malicious Software Removal Tool.

Otherwise-trustworthy sites can sometimes host malware that infects your machine simply by opening a Web page. That's why the most effective way to prevent a malware infection is to use a real-time anti-malware scanner, such as Microsoft's free Windows Defender. The program is available for Windows XP, 2003, and Vista. It is built into Windows 7 and Windows 8 and RT.

Almost as important is to require permission for JavaScript to run by using a browser extension such as Giorgio Maoni's free NoScript for Firefox (the developer accepts donations) and Optimal Cycling's NotScripts for Google Chrome. Unfortunately, there is no equivalent JavaScript control for Internet Explorer. Setting IE to block scripts or prompt to allow them is impractical, which is ironic considering Microsoft's own advice to beware of sites hosting malicious scripts.

You can also protect your privacy by disabling third-party cookies and deleting your history when you exit. Unfortunately, there remains no reliable way to prevent sites and advertisers from collecting information about your Web activities, which renders your browser's do-not-track option useless.

Allow scripting on a site-by-site basis in Firefox and Chrome
In a post from October 2012 I described how to disable Java in IE, Firefox, Chrome, and Safari. The instructions in that article for IE 9 apply to version 10 of Microsoft's browser, although IE 10 doesn't include Java by default; you have to visit to download and install the add-on. In fact, the latest versions of Firefox and Chrome also lack Java in their default configurations.

The earlier post stated that if you keep your browsers up-to-date, JavaScript was probably safe to run. Now security experts recommend that you allow JavaScript to run only on the sites you trust. Many popular sites rely on JavaScript, and configuring your browser to allow scripting only on approved sites takes an effort.

To disable JavaScript in Firefox, click Tools > Options > Content and uncheck Enable JavaScript. (You may need to press the Alt key to show Firefox's menu bar on which the Tools menu appears, or right-click the toolbar and check Menu Bar.) The Advanced JavaScript options control the type of actions scripts can take, not whether they run at all.

When you disable JavaScript in Firefox, sites essentially break. Firefox offers no easy way to create a list of exceptions for the sites you trust to run the scripts. A better solution is to useNoScript.

After you install NoScript and restart Firefox, the program's icon appears in the bottom-right corner of the browser window. When you visit a site for the first time, a text box is displayed at the bottom of the screen indicating that scripts are forbidden.


The NoScript extension for Firefox blocks a page's scripts from running until you grant permission.

(Credit: Screenshot by Dennis O'Reilly/CNET)

Click the Options button on the right side of the text box to allow some or all scripts on the page, and to view blocked sites.


NoScript lets you decide which scripts to run on each page you open in Firefox.

(Credit: Screenshot by Dennis O'Reilly/CNET)

When you first start using NoScript, the process of allowing trustworthy sites to run scripts can be tedious. After a couple of days, the interruptions dwindle. You also soon realize you can get what you need from many sites without having to enable scripting.

Chrome makes it much easier to allow scripts to run on a site-by-site basis. To disable JavaScript in Chrome, click the settings icon in the top-right corner, choose Settings, scroll to and select "Show advanced settings," click the "Content settings" button under Privacy, and choose "Do not allow any site to run JavaScript."


Disable JavaScript in Chrome via the "Content settings" dialog.

(Credit: Screenshot by Dennis O'Reilly/CNET)

When you open a page whose scripts have been blocked, a scroll icon with a red X appears on the right side of the address bar. Click it to allow scripts on the page or open the browser's JavaScript exceptions list.


Allow scripts on a page-by-page basis by clicking the scroll icon on the right side of Chrome's address bar.

(Credit: Screenshot by Dennis O'Reilly/CNET)

In Chrome's JavaScript exceptions list, paste the site you wish to allow in the text box and click Done.



Chrome's JavaScript exceptions list lets you add the sites on which scripts will run.

(Credit: Screenshot by Dennis O'Reilly/CNET)

The free NotScripts Chrome extension allows you to select which scripts to allow and which to block on each page you visit, although the program doesn't offer the range of scripting controls available in NoScript. The Optimal Cycling site explains the add-on's limitations compared to NoScript. In a nutshell, Firefox and Chrome use fundamentally different designs, and Google may not be as forthcoming or cooperative as Mozilla.

One way NoScript and NotScripts differ is that NoScript requires that JavaScript be enabled in Firefox, while NotScripts works only when Chrome's JavaScript option is disabled. You also have to enter a password in the extension before it will work, as described on the Optimal Computing site.

Once the password is entered, a pyramid icon appears on the right side of Chrome's address bar. Click it to view a list of the scripts the extension has blocked and allowed on the current page. You can block or allow individual scripts or all on the page permanently or temporarily.


The NotScripts extension for Google Chrome lists the scripts that have been blocked and allowed on the current page.

(Credit: Screenshot by Dennis O'Reilly/CNET)

Once some or all scripts on the page have been allowed, a green box appears on the pyramid icon. You can also access the extension's options and the vendor's home page from the drop-down menu. (Note that the Optimal Computing site opened very slowly when I tested NotScripts. As with most free programs, don't expect much support from the developer.)

Disable third-party cookies and delete history on exit
By default, Firefox, Chrome, and Internet Explorer allow third-party cookies to be saved on your computer and also save your browser's history. Both settings are potential threats to your privacy. Fortunately, changing these settings in the three browsers takes less than a minute.

To do so in Firefox, click Tools > Options > Privacy and choose "Use custom settings for history" in the drop-down menu under History. In the options that appear, uncheck "Accept third-party cookies" and check "Clear history when Firefox closes."


Change Firefox's privacy settings to block third-party cookies and clear history when the program closes.

(Credit: Screenshot by Dennis O'Reilly/CNET)

To put a finer point on your privacy settings, click the Settings button and make your choices.


Firefox's settings for clearing history allow you to decide the information you want the browser to retain and to delete.

(Credit: Screenshot by Dennis O'Reilly/CNET)

To block third-party cookies and delete history on exit in Chrome, click the options icon in the top-right corner of the browser window, choose Settings, select "Show advanced settings" at the bottom of the screen, click "Content settings," choose "Keep local data until I quit my browser," and check "Block third-party cookies and site data."


Chrome's content settings include options for deleting local data when you quit the browser and for blocking third-party cookies.

(Credit: Screenshot by Dennis O'Reilly/CNET)

To clear Chrome's browsing data right away, click the options icon and choose Tools > Clear browsing data (or press Ctrl-Shift-Del). Make your selections and click the "Clear browsing data button."


Chrome's "Clear browsing data" options let you decide the type of data to delete and how far back the deletions should extend.

(Credit: Screenshot by Dennis O'Reilly/CNET)

Set Internet Explorer to delete your history each time you close the browser by clicking the gear icon in the top-right corner of the browser and choosing Internet Options. On the General tab, check "Delete browsing history on exit." This setting affects temporary files, history, cookies, saved passwords, and the data you enter in Web forms.

Block third-party cookies by choosing the Privacy tab in the Internet Options dialog. Click the Advanced button under Settings, check "Override automatic cookie handling," select Block under Third-party Cookies, and click OK twice.

Internet Explorer Advanced Privacy Settings

Internet Explorer's option to block third-party cookies is accessed via the Advanced Privacy Settings dialog.

(Credit: Screenshot by Dennis O'Reilly/CNET)

Can you trust your browser's "do not track" setting?
All three browsers now include the option to send a message to sites indicating that you don't want them to track you. Unfortunately, there's no assurance the sites receiving this information will honor your request. I will gladly sidestep the debate raging between privacy advocates, online advertisers, and browser developers. Lee Matthews examines the current state of browser do-not-track settings in an article on

Until a trustworthy do-not-track option is available, I'll stick with blocking third-party cookies and deleting my browser history each time the program closes. If you'd rather send the sites you visit a "please don't track me" message, follow these steps:

In Chrome, click the options icon in the top-right corner of the browser window, choose Settings, and select "Show advanced settings." Under Privacy, click "Send a 'Do Not Track' request with your browsing traffic."

In Internet Explorer 10, the do-not-track option is on by default in Windows 7 and 8. Unfortunately, the setting is being ignored, as Dante D'Orazio reported last October on The Verge.

To access IE's do-not-track option, click the gear icon in the top-right corner of the browser window, select Internet Options > Advanced, and scroll to the Security section. There you will find the option to "Always send Do Not Track header" checked by default. To enable IE's tracking protection, click the gear icon, choose Safety > Tracking Protection, and select Enable. Note that you'll also have to choose a tracking-protection list or create one yourself.

Last week Susan Fulton examined the lack of progress toward a single do-not-track standard in an article on the American Civil Liberties Union site. Since there's no guarantee any browser's do-not-track setting will prevent sites from tracking you, there's currently no point in enabling the feature



Janeth Kent

Janeth Kent

Licenciada en Bellas Artes y programadora por pasión. Cuando tengo un rato retoco fotos, edito vídeos y diseño cosas. El resto del tiempo escribo en MA-NO WEB DESIGN END DEVELOPMENT.


Related Posts

Understanding LCP, CLS, FID. All about Core Web Vitals in Google Search Console

A few months ago we talked about certain Google metrics that were displayed in Search Console. The reason for writing another post on this topic is that Google has changed…

Validating HTML forms using BULMA and vanilla JavaScript

Today we are going to write about contact forms and how to validate them using JavaScript. The contact form seems to be one of the top features of every basic home…

How to use Parallax.js effect on your website

Today, we're going to write about the parallax effect, similar to parallax scrolling, and how to implement it to improve your landing page. In webdev, they say mobile first -…

How to make the website's dark mode persistent with Local Storage, CSS and JS

Recently we wrote about how to do a switchable alternative color mode or theme, a very useful and popular feature to websites. Today’s article is going to be about how…

Dark Web: the creepy side of the Internet is not as dark as believed

People who surf the Dark Web are not necessarily looking for something illegal. Most people want to protect their privacy. And according to a recent study, 93 percent only use…

Cross cultural challenges in web design, an overview

The user experience design of a product essentially lies between the intentions of the product and the characteristics of your user. - David Kadavy - The task of building a culturally appropriate…

Website Traffic Getting Low? 4 Immediate Action to Take

If you have created a website, I am sure your end objective is to create a strong brand presence, boost engagement, and multiply revenue. An interesting statistic showed that there were…

The easiest way to align items using flexbox

With the release of flexbox in CSS, it has become an essential tool when placing elements next to each other, since, by default, the children of a display: flexare stacked…

Dark Mode on website using CSS and JavaScript

In today’s article we are going to learn how to build pretty much standard these days on the web pages and that is the alternative color mode and switching between…

JavaScript: Spread and Rest operators

In today’s article we are going to talk about one of the features of the ES6 version(ECMAScript 2015) of JavaScript which is Spread operator as well as Rest operator. These features…

How To Add Filter Effects to Images with CSS

To achieve interesting effects on your images, learn about the 'filter' and 'Backdrop-Filter' properties of CSS. CSS filters are a very attractive feature of CSS that allows you to apply certain…

Why You Should Hire Node.js Developer for Your Backend Development

When developers are building a new website, they mainly focus on both frontend and backend development. The frontend code helps create the interfaces through which the app interacts with the…

We use our own and third-party cookies to improve our services, compile statistical information and analyze your browsing habits. This allows us to personalize the content we offer and to show you advertisements related to your preferences. By clicking "Accept all" you agree to the storage of cookies on your device to improve website navigation, analyse traffic and assist our marketing activities. You can also select "System Cookies Only" to accept only the cookies required for the website to function, or you can select the cookies you wish to activate by clicking on "settings".

Accept All Only sistem cookies Configuration