NoScript

own YOUR browser!

Open main menu

Get it!

Latest stable

Direct download for Firefox

You can get the latest stable version for Firefox desktop only also using this direct NoScript 12.6 download link. To install, just drag and drop it onto your address bar.

Special thanks to Adithya Suresh Kumar for extensively reporting about a new browser fingerprinting risk, allowing NoScript 12.6 to deploy a mitigation technique for it.

v 12.6
============================================================
x Make contextual policies override restriction cascading
  (tor-browser#43397)
x [Chromium] Fix 12.5.9xx prompt closure regression
x [Chromium] Full x-load checks Chromium support
x Better offscreen placeholders for x-load
x [l10n] [Chromium] Make x-load capability localization
  Chromium-compatible
x [L10n] Updated de, fr, he, ru, tr zh_CN
x [UX] Honor non-contextual x-load capability granted from
  NoScript Options (thanks barbaz for RFE)
x Prevent data: URIs from messing with srcset parsing
  (thanks fatboy for reporting)
x Regard as "mutually safe" for x-load directories sharing a
  common ancestor
x [UX] Make x-load capability visible for CUSTOM file:
  entries in NoScript Options (thanks barbaz for RFE)
x [UX] Fixed prompt window leaks (tor-browser#43281)
x [UX] Make object unblocking temporary and contextual by
  default, with choices in the prompt
x [nscl] Option to clone Permissions without context
x Always honor the "Collapse blocked objects" option
x Refactor top-level auto-trust and make it contextual
  (issue #417)
x [nscl] Remove noisy debug statement
x [UX] UI support for extra floating capabilities (x-load)
x Integrate event handlers suppression with blocking if
  needed (thanks Adithya Suresh Kumar for reporting)
x [nscl] Refactor xray proxification
x Fix incorrect assumptions about some DOM element
  properties reflecting URLs (thanks Adithya Suresh Kumar
  for reporting)
x [nscl] Fix race condition between multiple extensions
  using MV3/DNR SyncMessage (JShelter#146, thanks polcak for
  reporting)
x Suppress some event handlers (tor-browser#43491, thanks
  Adithya Suresh Kumar for reporting)
x [build] Publish XPIs only after their signed
x [build] Improved version bump commit logic

Development build

NoScript development happens very fast to keep up with emerging web threats. If you're brave enough and you need a specific feature or fix not released yet, or you simply want to provide feedback before official release, you may want to try the latest release candidate.

RC for Firefox

Install NoScript 13.0.4.901 on Firefox Desktop by simply clicking here.

On Firefox for Android, unfortunately, a pre-release can only be downloaded (same link as above) and temporarily installed on Nightly by using the web-ext tool, which is only suitable for hardcore developers and contributors.

Non-store versions for Chromium

On Chromium based browsers you can download either:

In order to install next MV3 version until it reaches the Chrome Store, or the MV2 version if you're affected by some MV3-caused bug which could not have been fixed yet, you need to unzip the downloaded noscript-$VERSION-chrome.zip file and load its content as an unpacked extension in developer mode.

Please follow these steps:

  1. Open the Extension Management page by navigating to chrome://extensions. Alternatively, open this page by clicking on the Extensions menu button and selecting Manage Extensions at the bottom of the menu. Alternatively, open this page by clicking on the Chrome menu, hovering over More Tools then selecting Extensions
  2. Enable Developer Mode by clicking the toggle switch next to Developer mode.
  3. Unzip the zipped "noscript-13.0.4.901-chrome.zip" package to a directory of your choice.
  4. Click the [Load unpacked] button and select the extension directory you've unzipped the extension to (the one containing the "manifest.json" file)

You're done. Happy testing!

Recent development history

v 13.0.4.901
============================================================
x Automatic reload on permissions change for promiscuous
  tabbed/tab-less sites

v 13.0.3.901
============================================================
x [UX] Avoid creating extra tabs for sidebar measurement
  when possible
x [L10n] Updated ru

v 13.0.2.901
============================================================
x [UX] Best effort to hide/show tab-less sites depending on
  the statusbar visibility

v 13.0.1.901
============================================================
x Fix always set parent entry of temporary contextual
  policies created from DEFAULT to temporary (issue #440,
  thanks SandboxerX86 for reporting)

v 13.0.0.901
============================================================
x [L10n] Updated de, fr, sq, zh_CN
x Better filtering of tab-less requests

v 12.9.909
============================================================
x Disable tab-less support on Chromium

v 12.9.908
============================================================
x Fix options page bustage regression from issue #429

v 12.9.907
============================================================
x [UX] Permissions UI support for tab-less (e.g. sidebar)
  content (issue #429)

v 12.9.906
============================================================
x [Chromium] Prerendered frame support in context policies
  enforcing

v 12.9.905
============================================================
x Fixed webRequest header patching regression from
  contextual overrides (addresses issue #436)

v 12.9.904
============================================================
x Fix some automatic top-level TRUST bugs (issue #437)

v 12.9.903
============================================================
x Discard "zombie" prompts from the backlog
x Honor restrictions diablement for x-load checks
x [UX] Improved UX for file:// contextual permissions
  (issue#435)
x [nscl] Harmonize file:// URLs parsing and matching across
  Gecko and Chromium
x [XSS] Prevent false positives from the uptain.de
  e-commerce back-end
x More consistent contextual permission checks

v 12.9.902
============================================================
x Fixed click to play sometimes broken for file:/// URLs

v 12.9.901
============================================================
x Fixed automatic temporary permissions require reload
  (thanks scottg for reporting)

Browser compatibility and obsolete versions

NoScript 12.6 is compatible with browsers based on Gecko versions 115 and above (e.g. Firefox and Tor Browser, on desktop and Android) and on Chromium versions 128 and above (Chrome, Edge, Vivaldi, Brave...)

NoScript 11.4.44rc2 is compatible with Gecko versions 59-114.

NoScript Classic Logo

You can still download NoScript "Classic" (5.1.9) (SHA256) for Seamonkey, Palemoon, Waterfox Classic and possibly other "vintage" (pre-Gecko 57) Firefox forks here.

Notice: you may need to open about:config and set your xpinstall.signatures.required preference to false in order to install NoScript 5.x, since Mozilla doesn't support signatures for legacy add-ons anymore. If you're using a non ESR Firefox, you may also need this hack.

Users of Firefox 58 and below are urged to upgrade their very unsafe browser. For those few who can't,

Disclaimer

We cannot update nor support NoScript 5.x and below anymore, because it was based on a completely different and now obsolete technology. However you can still find usage information and a FAQ section for those ancient versions in the NoScript Classic archived website.