Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

How do I know what sites to enable in NoScript?


I have NoScript to maybe cut down on bandwidth. On dial-up with a Mozilla
browser. I can’t get high speed, we’re rural and don’t have the money. I guess
I want to know if NoScript is worth it because I never know for sure which
sites to allow.

In this excerpt from
Answercast #98
I look at ways to use NoScript to reducing scripting on web
pages and increase browsing speed.

Become a Patron of Ask Leo! and go ad-free!

Enabling sites in NoScript

You know, I never really thought about NoScript as a way to cut down on
bandwidth usage but in fact that is a very valid reason to use it.

When a website or a web page loads, if NoScript is not enabled, if scripting
is allowed on that page, it’s very possible that the page will cause additional
files to be downloaded – additional files of javascript; the very thing that
NoScript prevents. If NoScript is enabled (in other words if you’ve got
NoScript preventing scripting in your browser) then many of the instructions
that would cause additional files to be loaded, may not even be executed.

So that’s actually pretty cool, I haven’t thought of that; I like that

Which sites to allow

As to which sites to allow and disallow? I’ve used NoScript for a really
long time and the answer is not very clean. It’s practical, but it’s not the
ideal solution:

  • If you go to a site and it’s not working properly… allow it in NoScript –
    and see if it starts working.

Nine times out of ten that’s exactly what people do. That’s all they really
need to do; they go to a site and they find out, for whatever reason, that site
isn’t working properly. Maybe they can’t login; maybe the content is screwed
up; maybe they can’t post comments; who knows – but the point is that there’s
something about their first visit to a site that causes it to not work

Knowing that and knowing that you’re running NoScript, then you can simply
say, “Okay, always allow this site,” and then repeat the process. Refresh the
page; see if it starts working better; chances are it will.

Continually tweak the settings

Now, this may be an iterative process. By that I mean you may need to do it
more than once because web pages often include content, or information, or
files from other web pages.

For example, Ask Leo! includes content from Google. So that means that the
first time you visit Ask Leo! you may need to allow Ask Leo! The next time you
refresh that page, it still may not be all quite there – but now you might need
to allow Google.

NoScript will show you which sites it sees in the HTML that it’s blocked and
you can then selectively allow each one of those until the site is working to
your satisfaction. That’s what people do.

There isn’t really a super clean solution for knowing what to do and not do
with NoScript. But this concept of “just do it until it works” – enable things
until the site you care about works – is the most practical, and I would claim,
by far the most common approach that people take.

(Transcript lightly edited for readability.)

End of Answercast 98 Back to –
Audio Segment

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

8 comments on “How do I know what sites to enable in NoScript?”

  1. I have the same question about Noscripts (I’m using the comparable program Notscriots scripts in Google Chrome). Very often I’ll get to a page and something on the page, for example a video, isn’t working. When I click on Notscripts sometimes I get a list of 15 different sites all that need permission to run. Many of them have a obscure names. It’s sure is a witchhunt to figure out which is the script that’s not running that will allow the video to play.

  2. When visiting a site for the first time, I start with TEMPORARILY allowing a site – on a site-by-site basis – until the page “works”. If I expect to return often, I may “ALWAYS allow…”. I never allow sites like doubleclick to run. If I’m not sure about a site, I do a search on it. You can also mouse over the site name on the NoScript drop down list, then shift+click or middle click to get info about it.

  3. NoScript is worth every penny you – voluntarily – might pay for it. It provides excellent protection against malicious scripting, and I should not run Firefox as my default browser without it.

    If in a hurry, full functionality of any page can easily be achieved by simply choosing “Temporarily allow all this page” from the drop-down menu. Unless you would visit unsavory sites, this option will be just fine, without any adverse effects on your system.

    Websites that are well designed (like Leo’s) will work very nearly just as well with tight NoScript settings as with additional permissions. If not, there seems to be a hierarchy in the drop-down menu allowing for increased functionality. Should a feature (say, the ability to post comments) not work, start at the top and – temporarily, to be on the safe side – allow one listed item after the other until the page works as desired. Based on experience, individual permissions can then be made permanent and/or whole sites white-listed.

    Too many websites nowadays let others use them as points of entry to you and your system: Why should e.g., Facebook or Twitter know what you are up to on the web if you are not even a member?
    NoScript helps to eliminate these interlopers, so a little effort in setting it up properly is warranted.

  4. I use NoScript, to save bandwidth, and save my computers from malicious scripting

    Malicious JavaScript is very high up the list of malware delivery mechanisms

    I also use AdBlock Plus & FlashBlock to save data usage
    no ads delivered = less bytes used per page
    no flash played unless clicked = less bytes used per page
    = smaller monthly bill

    re: when to allow with NoScript
    only allow enough to make the page work
    you can visit the MS page for KB913086 with Firefox & NoScript disallowing all scripts and the download links on the page still work

    however, you must allow the 2 top level domains on Youtube for the videos & comments to work &

    allowing scripting on sites should be taken on a case by case basis, and with system security in mind

    if it’s a page you’ve never been to before and it doesn’t display anything until you allow something then leave
    better to leave safely than to allow scripting only to find your system compromised

  5. I suggest using Web Of trust (WOT) along with NoScript. WOT can help you decide if a site is safe to allow via NoScript.

    From the NoScript drop-down list of allowed and dis-allowed sites, middle click on a web site for an interface to WOT.

    Also see www mywot com

  6. I noticed the comment about WOT with NoScript and wanted to mention I use Dr. Web Link Checker, NoScript, WOT and McAfee SiteAdvisor for Firefox.
    First I used the Search Box to see if Leo has written anything about the Firefox Extension “Dr. Web Link Checker”.
    Then I looked through Leo’s Full Archive page and didn’t see any article with Dr. (or Doctor) Web mentioned in part of an Article Title there, so I thought I’d suggest to Firefox users to Add it to their Add-Ons section.
    (I hit the F3 Key and searched the whole page for any line with ” web ” in it, but after not seeing Dr. Web on that page I decided to make my comment).
    I like it even though Right-Clicking and selecting it and waiting for the Result screen to show up takes a bit of time.
    I just thought to pass this idea along to everyone who reads Comments here on Ask-Leo.
    A lot of times I’ve found help in the Comments below Leo’s Article(s).
    Thanks Leo! 73

  7. thanks, leo, for your clear and simple explanation of how to use “noscript”.. :) it is that simple, you simply allow scripting for a webpage, as needed..


Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.