Add-ons essential for your everyday online privacy. You also need HTTPS Everywhere https://www.eff.org/https-everywhere and https://startpage.com. For special privacy, use Torbrowser instead.
Blocks annoying video ads on YouTube, Facebook ads, banners and much more.
Adblock Plus blocks all annoying ads, and supports websites by not blocking unobtrusive ads by default (configurable).
The best security you can get in a web browser!
Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks.
Collector's Note Although it's quite annoying having to enable scripts when sites don't work, real security (eg. protection from Facebook cross-site hacks) is impossible without it. Also increases your privacy.
Fix the web. Gets rid of a site's cookies and LocalStorage as soon as you close its tabs. Protects against trackers and zombie-cookies. Trustworthy services can be whitelisted.
Protect your Passwords, Payments, and Privacy.
Collector's Note Better than Ghostery and others.
Make some popular websites respect your privacy settings.
Please see the known issues below!
Be in control of which cross-site requests are allowed. Improve the privacy of your browsing by not letting other sites know your browsing habits. Secure yourself from Cross-Site Request Forgery (CSRF) and other attacks.
Control what gets sent as the HTTP Referer on a per-site basis.
Collector's Note For that last bit of control over what information your browser sends.
Cryptocat lets you instantly set up encrypted conversations. It's an open source, private, safer chatting alternative. Cryptocat uses the OTR encrypted messaging protocol to offer accessible communications to everyone.
Various enhancements for build-in "master password" (MP)
-Locks master security device on demand or after specified time
-Prompts for MP on browser startup
-Suppresses all or duplicate MP prompts
-Locks up entire application or individual windows
Connect securely to https websites by checking certificates with network notaries. See http://www.perspectives-project.org
CsFire autonomously protects you against dangerous or malicious cross-domain requests, such as Cross-Site Request Forgery (CSRF). CSRF is very prevalent and dangerous, as stated by the OWASP top 10, as well as the CWE/SANS top 25 programming errors.
Collector's Note You may have to make a few of your own policies, but the UI makes this easy.
IDND pops up a warning message whenever the domain of the site you are visiting contains a suspicious mix of characters from different language scripts.