get it!

The 2006 100 Best Products's Best Security/Privacy Add-on 2010-2011
Flattr NoScript

Stable AMO Version, see changelog for details.

Cross-browser NoScript on the chrome web store

NoScript (and other extensions) suddenly disabled and cannot be reinstalled? It may be this Mozilla certificate issue, check here for details and fixes.

Supported browsers: Firefox (Desktop and Mobile on Android), SeaMonkey, Tor Browser (where it is built-in), Chromium/Chrome.
Other browsers based on Gecko versions >= 45 might work, but are not tested.

Direct download

You can get latest stable version here, too, using this direct download link for NoScript 11.0.3
To install, just drag and drop it onto your address bar.

v 11.0.3
x [Tor] Work-around for prompts being huge when
  resistFingerprinting is enabled
x [XSS] Fixed false positives due to overzealous HTML
  attribute checking
x [XSS] Enabled InjectionChecker logging when debugging mode
  is on
x Work-around for browser.i18n.getMessage() API in content
  scripts giving away browser's real locale (Tor issue #31287)
x Updated TLDs
x [L10n] Updated Transifex-managed he, is, nb, ru, sq, zh_TW

If you find any problem installing it, this FAQ may help.

You can still download NoScript "Classic" (5.1.9) for Palemoon, Seamonkey, Waterfox and possibly other "vintage" (pre-Gecko 57) Firefox forks here: we'll do our best to provide security fixes as long as supporting browser still guarantee their own security updates.

Notice: you may need to open about:config and set your xpinstall.signatures.required preference to false in order to install NoScript 5.x, since Mozilla doesn't support signatures for legacy add-ons anymore. If you're using a non ESR Firefox, you may also need this hack.

v 5.1.9
x Fixed automatic reload bug (thanks ThomasW and barbaz for

Users of Firefox 44 and below are urged to upgrade their very unsafe browser. For those few who can't,

Development version

If you're brave enough and you need a specific feature or fix not released yet, or you simply want to provide feedback before official release, you may want try this
"Quantum" NoScript 11.0.4rc11 development build

Here, if you need it, the "Classic" NoScript 5.1.9rc1 development build for browsers based on Gecko 56 and below. Please notice you may need to open about:config and set your xpinstall.signatures.required preference to false in order to install, since Mozilla doesn't support signatures for legacy add-ons anymore.

Starting with NoScript, NoScript's public source code repository is hosted on Github.

Recent development history:

v 11.0.4rc11
x [Tor] Display .onion sites as "secure" in the UI (tickets
  #27313 and #27307)
x Fixed typo causing Chromium builds not to be created in
  the XPI directory

v 11.0.4rc10
x Support for splitting sync storage items into chunks, to
  allow synchronization of big policies across devices
x [L10n] Updated ca, nl
x Overwrite Chromium zip on reiterated builds

v 11.0.4rc9
x IPv4 subnet shortcut matching

v 11.0.4rc8
x Fallback to local storage for any item exceeding limits
  (fixes persistence problems on Chromium)
x Alternate version numbering for Chromium pre-releases
x [L10n] Updated nl

v 11.0.4rc7
x Prevent startup tabs from remaining stuck with about:blank

v 11.0.4rc6
x Fix Chromium dev builds failing when signing Firefox
x Prevent startup race conditions breaking pinned tabs

v 11.0.4rc5
x Make extra efforts to ensure safety net reloads happen
  only once on startup

v 11.0.4rc4
x SyncMessage support for asynchronous listeners
x Simplified, less noisy and more resilient Messages
  abstraction implementation (thanks barbaz for reporting)
x Handle edge-case policy retrieval for file:// pages loaded
  by session restore on startup and alike
x Improved Chromium development-build workflow

v 11.0.4rc3
x Make policy fetching resilient to missing tab information
x More verbose error logging while processing syncMessage
x Fix CSP violation reporting management of "fake"
  blocked-uri like "eval"
x Leaner and faster SyncMessage shim tab id tracking hack
  for Firefox

v 11.0.4rc2
x Recursive webgl context monkeypatching across same origin
  windows (thanks skriptimaahinen for concept and patch)
x Replaced cookie-based hacks with synchronous messaging
  (currently shimmed) to retrieve fallback and
  per-tab restriction policies
x Work-around for Chromium not supporting frameAncestors
  in webRequest
x Block CSP violation reports requests synchronously,
x  before they fail on .invalid DNS resolution, on Chromium

v 11.0.4rc1
x [L10n] Updated Transifex-managed da, it, nl, ru, sv_SE
x [XSS] Updated HTML5 events
x Updated TLDs
x Fixed "Cascade top document restrictions" option not always
  applied to embedded elements (thanks barbaz for reporting)
x Removed XSS prompt for timeouts


If you find something wrong about NoScript, read the FAQ page and/or let me know: I'll try to fix it as soon as I can.

You can also discuss about NoScript on this Forum.

Have your safest browsing experience!

Download in a Flash... with FlashGot!