CINXE.COM
Get it! - NoScript: block scripts and own your browser!
<!doctype html> <html lang="en" class="__NoScript_ThemeWeb__ " > <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="keywords" content="Firefox; Chrome; Brave; Tor; security; XSS; Clickjacking; Script blocking; disable JavaScript; content blocking; safety; safe browsing; exploit; ransomware; attack; vulnerability; addon; add-on; extension; plugin;" /> <meta name="description" content="The NoScript Security Suite is a free extensions for Firefox, Chrome and other browsers, preemptively blocks malicious scripts and allows JavaScript and other potentially dangerous content only from sites you trust. Download it now for free!" /> <meta name="category" content="software,internet,development,downloads" /> <meta name="twitter:card" content="summary" /> <meta name="twitter:site" content="@noscript" /> <meta name="twitter:creator" content="@ma1" /> <meta name="twitter:title" content="Get it! - NoScript: Own Your Browser!" /> <meta name="twitter:description" content="The NoScript Security Suite is Free Software protecting Firefox (on Android, too!), Chrome, Edge, Brave and other web browsers. Install NoScript now!" /> <meta name="twitter:image" content="https://noscript.net/img/noscript-social.png?v=2" /> <meta property="og:type" content="website" /> <meta property="og:url" content="https://noscript.net/getit/" /> <meta property="og:site" content="NoScript Security Suite" /> <meta property="og:title" content="Get it! - NoScript: Own Your Browser!" /> <meta property="og:description" content="The NoScript Security Suite is Free Software protecting Firefox (on Android, too!), Chrome, Edge, Brave and other web browsers. Install NoScript now!" /> <meta property="og:image" content="https://noscript.net/img/noscript-social.png?v=2" /> <meta property="og:image:alt" content="Screenshot of a browser configuring site permissions with NoScript" /> <meta name="theme-color" content="#ffffff"> <meta name="msapplication-TileColor" content="#da532c"> <link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png"> <link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png"> <link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png"> <link rel="manifest" href="/site.webmanifest"> <link rel="mask-icon" href="/safari-pinned-tab.svg" color="#5bbad5"> <link rel="stylesheet" href="/theme.css?v=1742457801591" type="text/css" /> <script src="/js/darklight.js"></script> <title>Get it! - NoScript: block scripts and own your browser!</title> </head> <body> <a class="skip-to-content" href="#main-content">Skip to content.</a> <header> <h1>NoScript</h1> <h2>own YOUR browser!</h2> <a href="#main-menu" id="main-menu-toggle" class="menu-toggle" aria-label="Open main menu"> <span class="sr-only">Open main menu</span> <span class="btn-menu" aria-hidden="true">☰</span> </a> <a class="donate" href="/donate" title="NoScript is free software and can't exist without your help. Please donate now!">Donate</a> <button class="darklight" title="Toggle dark/light theme" aria-label="Toggle dark/light theme" aria-hidden="true"></button> </header> <nav id="main-menu" class="main-menu" aria-label="Main menu"> <a href="#main-menu-toggle" id="main-menu-close" class="menu-close" aria-label="Close main menu"> <span class="sr-only">Close main menu</span> <span class="btn-close" aria-hidden="true">✖</span> </a> <ul><li><a href="/">What is it?</a></li> <li class="active"><a href="/getit/">Get it!</a></li> <li><a href="/usage/">Usage</a></li> <li><a href="/community/">Community</a></li> <li><a href="/faq/">FAQ</a></li></ul> </nav> <a href="#main-menu-toggle" class="backdrop" tabindex="-1" aria-hidden="true" hidden></a> <main id="main-content"> <h2 id="title">Get it! </h2> <nav class="table-of-contents"><ol><li><a href="#latest-stable">Latest stable</a></li><li><a href="#direct-download-for-firefox">Direct download for Firefox</a></li><li><a href="#development-build">Development build</a><ol><li><a href="#rc-for-firefox">RC for Firefox</a></li><li><a href="#nonstore-versions-for-chromium">Non-store versions for Chromium</a></li><li><a href="#recent-development-history">Recent development history</a></li></ol></li><li><a href="#browser-compatibility-and-obsolete-versions">Browser compatibility and obsolete versions</a><ol><li><a href="#disclaimer">Disclaimer</a></li></ol></li></ol></nav><h3 id="latest-stable" tabindex="-1">Latest stable</h3> <ul class="getfor"> <li><a href="https://addons.mozilla.org/addon/noscript/" title="Get NoScript for Firefox" class="firefox" target="_blank">Get NoScript for Firefox</a> NoScript for <strong>Firefox</strong> (desktop and <strong>mobile</strong>!), <strong>Tor Browser</strong> and other <strong>Mozilla</strong>-based browsers from <a href="https://addons.mozilla.org/addon/noscript/" title="Get NoScript for Firefox" target="_blank">Mozilla Add-ons</a></li> <li><a href="https://chromewebstore.google.com/detail/noscript/doojmbjmlfjjnbmnoijecmcbfeoakpjm" title="Get NoScript for Chromium" class="chromium" target="_blank">Get NoScript for Chromium</a> NoScript for <strong>Chrome</strong> and other <strong>Chromium</strong>-based browsers (eg. <strong>Edge</strong>, <strong>Brave</strong>, <strong>Vivaldi</strong>...) from the <a href="https://chromewebstore.google.com/detail/noscript/doojmbjmlfjjnbmnoijecmcbfeoakpjm" title="Get NoScript for Chromium" target="_blank">Chrome Web Store</a></li> </ul> <ul> <li><a href="https://github.com/hackademix/noscript/" target="_blank">Source code</a></li> <li><a href="/changelog">Full changelog</a></li> </ul> <h3 id="direct-download-for-firefox" tabindex="-1"><strong id="direct">Direct download</strong> for Firefox</h3> <p>You can get the latest stable version <strong>for Firefox desktop only</strong> also using this <a href="https://secure.informaction.com/download/releases/noscript-12.1.1.xpi" target="_blank"><strong>direct NoScript 12.1.1 download link</strong></a>. To install, just drag and drop it onto your address bar.</p> <pre><code class="changelog">v 12.1.1 ============================================================ x Fix automatic reloading broken if the background script / service worker is not already initialized on UI load x Re-enable signing logging v 12.1 ============================================================ x [nscl] Improved work-around for Youtube placeholder displacement (tor-browser#43296) x [L10n] Updated pl x Avoid synchronous policy fetching if document is already complete (e.g. on extension updates) x Remove more MV3-only entries from MV2 manifest x Remove pre-release version check on signing x More informative debug logging x Fixed misplaced update_url in development builds (thanks DJ-Leith for reporting) x Switch Firefox development build version format to *.9xx (like Chromium) x Cross-browser and cross-manifest compatibility down to Gecko 115 x Improved cross-browser and cross-manifest development and build ergonomics x Fixed RequestGuard on Firefox still using CSP.blocks() as an instance method x Improved cross-browser and cross-manifest support x Do not reload affected tabs before saving XSS user choices, if any x [nscl] Several performance and reliability enhancements from NSCL x [nscl] Updated to latest NoScript Commons Library x Fixed offscreen placeholder container preventing user interaction on the left of placeholders (tor-browser#43282) x Fix localization-related console spam when opening options panel (tor-browser#43269) x Fixed offscreen placeholder container preventing user interaction on the left of placeholders (tor-browser#43282) x Fix localization-related console spam when opening options panel (tor-browser#43269) </code></pre> <h3 id="development-build" tabindex="-1"><strong id="devel">Development build</strong></h3> <p>NoScript development happens very fast to keep up with emerging web threats. If you're brave enough and you need a specific feature or fix not released yet, or you simply want to provide feedback before official release, you may want to try the latest release candidate.</p> <h4 id="rc-for-firefox" tabindex="-1">RC for Firefox</h4> <p><a href="https://secure.informaction.com/download/betas/noscript-12.1.1.904.xpi" target="_blank"><strong>Install NoScript 12.1.1.904 on Firefox Desktop by simply clicking here</strong></a>.</p> <p>On Firefox for Android, unfortunately, a pre-release can only be downloaded (same link as above) and temporarily installed on Nightly by using the <a href="https://github.com/mozilla/web-ext" target="_blank">web-ext tool</a>, which is only suitable for hardcore developers and contributors.</p> <h4 id="nonstore-versions-for-chromium" tabindex="-1">Non-store versions for Chromium</h4> <p>On Chromium based browsers you can download either:</p> <ul> <li><a href="https://secure.informaction.com/download/betas/noscript-12.1.1.904-chrome.zip" target="_blank"><strong>NoScript 12.1.1.904 (MV3)</strong></a> - experimental, supporting the Google-mandated but limiting, unproven and unstable latest extensions technology. <strong>Requires Chromium version 128 or above</strong> (latest stable version recommended).</li> <li><a href="https://secure.informaction.com/download/releases/noscript-11.4.44-chrome.zip" target="_blank"><strong>NoScript 11.4.44 (MV2)</strong></a> - legacy, unsupported by Google but proven and stable. Best option for browsers based on Chromium 127 and below.</li> </ul> <p>In order to install next MV3 version until it reaches the Chrome Store, or the MV2 version if you're affected by some MV3-caused bug which could not have been fixed yet, you need to unzip the downloaded <code>noscript-$VERSION-chrome.zip</code> file and load its content as an <a href="https://developer.chrome.com/docs/extensions/mv3/getstarted/#unpacked" target="_blank">unpacked extension</a> in developer mode.</p> <p>Please follow these steps:</p> <ol> <li>Open the Extension Management page by navigating to chrome://extensions. Alternatively, open this page by clicking on the Extensions menu button and selecting Manage Extensions at the bottom of the menu. Alternatively, open this page by clicking on the Chrome menu, hovering over More Tools then selecting Extensions</li> <li>Enable <em>Developer Mode</em> by clicking the toggle switch next to Developer mode.</li> <li>Unzip the zipped "noscript-12.1.1.904-chrome.zip" package to a directory of your choice.</li> <li>Click the [Load unpacked] button and select the extension directory you've unzipped the extension to (the one containing the "manifest.json" file)</li> </ol> <p>You're done. Happy testing!</p> <h4 id="recent-development-history" tabindex="-1">Recent development history</h4> <pre><code class="changelog">v 12.1.1.904 ============================================================ x UI support for extra floating capabilities (x-load) x Integrate event handlers suppression with blocking if needed (thanks Adithya Suresh Kumar for reporting) x [nscl] Refactor xray proxification v 12.1.1.903 ============================================================ x Broader event handlers suppression (thanks Adithya Suresh Kumar for reporting) v 12.1.1.902 ============================================================ x Fix incorrect assumptions about some DOM element properties reflecting URLs (thanks Adithya Suresh Kumar for reporting) v 12.1.1.901 ============================================================ x [nscl] Fix race condition between multiple extensions using MV3/DNR SyncMessage (JShelter#146, thanks polcak for reporting) x Suppress some event handlers (tor-browser#43491, thanks Adithya Suresh Kumar for reporting) x [build] Publish XPIs only after their signed x [nscl] Updated to latest NoScript Commons Library x [L10n] Updated he x [build] Improved version bump commit logic v 12.1.0.901 ============================================================ x Fix automatic reloading broken if the background script / service worker is not already initialized on UI load x Re-enable signing logging v 12.0.904 ============================================================ x [nscl] Improved work-around for Youtube placeholder displacement (tor-browser#43296) x [L10n] Updated pl v 12.0.903 ============================================================ x Avoid synchronous policy fetching if document is already complete (e.g. on extension updates) x Remove more MV3-only entries from MV2 manifest x Remove pre-release version check on signing v 12.0.902 ============================================================ x More informative debug logging x Fixed misplaced update_url in development builds (thanks DJ-Leith for reporting) v 12.0.901 ============================================================ x Switch Firefox development build version format to *.9xx (like Chromium) x Cross-browser and cross-manifest compatibility down to Gecko 115 x Improved cross-browser and cross-manifest development and build ergonomics x Fixed RequestGuard on Firefox still using CSP.blocks() as an instance method x Improved cross-browser and cross-manifest support x Do not reload affected tabs before saving XSS user choices, if any v 11.5.3rc2 ============================================================ x [nscl] Several performance and reliability enhancements from NSCL x [nscl] Updated to latest NoScript Commons Library x Fixed offscreen placeholder container preventing user interaction on the left of placeholders (tor-browser#43282) x Fix localization-related console spam when opening options panel (tor-browser#43269) v 12.0.8 ============================================================ x Filter out tabs with no accessible url from context matching routine x [nscl] Remove RuleCondition.responseHeaders usage breaking Chromium older than 128 (e.g. Kiwi Browser, issue #398) v 12.0.7 ============================================================ x Boostrap from REQUIRED.js (created at build time by manifest.js) v 12.0.6 ============================================================ x [nscl] Better SyncMessage recovery from DNR/XHR interaction browser bugs x More reliable implementation of DNR-based unrestricted tabs x Make debugging DNR a bit easier x Workaround for current tab on current window not always available to UI popup on Vivaldi v 12.0.5 ============================================================ x Fixed contextual policies MV3 implementation (issue #394). v 12.0.4 ============================================================ x [nscl] MV3 work-around for Permissions-Policy breaking SyncMessage v 12.0.3 ============================================================ x Improved startup behavior x Do not retry failed synchronous policy retrievals if document is not loading x Coalesce activity reports by origin x More robust initialization sequence x Fix DNRPolicy matching for entries including explicit protocol v 12.0.2 ============================================================ x Make "Temporarily set top-level sites to TRUSTED" work on Manifest V3 (issue #388) x Fix UI reporting noise from requests of uninteresting types (e.g. images) x Fixes naked domains with no HTTPS lock and explicit port numbers not correctly matched in mapped MV3 DNR rules (issue #387) v 12.0.1 ============================================================ x Restructure inclusion of file/ftp protocol-specific content scripts x Fixed TabTies session (de)serialization bugs x [nscl] Fixed media blocking regresssion affecting Youtube (issue #386) v 12.0.0 ============================================================ x [nscl] Switch all the Chromium usages of patchWindow() to the new Worlds API x [nscl] Switch patchWorkers.js implementation from patchWindow.js to Worlds.js x [nscl] Switch WebGLHook implementation from patchWindow.js to Worlds.js x Optimized fall-back reporting for non-HTTP documents and included script type x Remove uuid from DNR reporting CSP to prevent it from being abused for tracking x Import versioning module just once x Infrastructure to replace patchWindow.js with MAIN world content scripts x MV3 compatibility x DeclarativeNetRequest-backed policy enforcement x Fixed theming race condition and other bugs x Require explicit call to run tests x fixup! Gecko strict compatibility versionining to prevent Chromium-only NoScript 12.x from being accidentally installed on Firefox x Simplified Wakening x Gecko strict compatibility versionining to prevent Chromium-only NoScript 12.x from being accidentally installed on Firefox v 11.5.3rc1 ============================================================ x Fixed offscreen placeholder container preventing user interaction on the left of placeholders (tor-browser#43282) x Fix localization-related console spam when opening options panel (tor-browser#43269) v 11.5.2rc1 ============================================================ x [tor-browser#43257] More efficient, flexible and race-resistant placeholder styling v 11.5.1rc4 ============================================================ x [tor-browser#43258] Fixed LifeCycle error on update v 11.5.1rc3 ============================================================ x [nscl] Panic abort on buggy pages (like https://github.com/) going in infinite loops when webgl is disabled x Refactoring to use DocRewriter v 11.5.1rc2 ============================================================ x [tor-browser#43258] Remove content script crypto.subtle dependency x Synchronize Sites.onionSecure on any settings update v 11.5.1rc1 ============================================================ x [tor-browser#32668] More reliable Security Level Reset on Tor / Mullvad Browser v 11.5.0rc1 ============================================================ x [tor-browser#32668] Use the Security Level as the default policy for Options Reset on Tor Browser x [tor] Stateless-compatible Tor Browser integration x [L10n] Updated pt_BR x Stateless-compatible temporary permissions x Switch from deferWebTraffic to Wakening x Stateless-compatibile TabGuard x Switch to non-persistent background page x [xss] Refactor for non-persistence x Removed Fennec-specific code x Bump min Gecko compatibility to 115.0 (stateless background script support) </code></pre> <h3 id="deprecated-obsolete-and-unsupported-classic-versions" tabindex="-1">Browser compatibility and obsolete versions</h3> <p><a href="#latest-stable">NoScript 12.1.1</a> is compatible with browsers based on Gecko versions 115 and above (e.g. Firefox and Tor Browser, on desktop and Android) and on Chromium versions 128 and above (Chrome, Edge, Vivaldi, Brave...)</p> <p><a href="https://secure.informaction.com/download/betas/noscript-11.4.44rc2.xpi" target="_blank">NoScript 11.4.44rc2</a> is compatible with Gecko versions 59-114.</p> <p><a href="https://classic.noscript.net/" target="_blank"><img src="https://classic.noscript.net/noscript/logo.png" alt="NoScript Classic Logo" class="left"></a></p> <p>You can still download <a href="https://secure.informaction.com/download/releases/noscript-5.1.9.xpi" target="_blank"><strong>NoScript "Classic"</strong> (5.1.9)</a> (<a href="https://secure.informaction.com/download/releases/noscript-5.1.9.xpi.sha256" target="_blank">SHA256</a>) for Seamonkey, Palemoon, Waterfox Classic and possibly other "vintage" (pre-Gecko 57) Firefox forks <a href="https://secure.informaction.com/download/releases/noscript-5.1.9.xpi" target="_blank">here</a>.</p> <p><strong>Notice:</strong> <em>you may need to open about:config and set your <strong>xpinstall.signatures.required</strong> preference to <strong>false</strong> in order to install NoScript 5.x, since Mozilla doesn't support signatures for legacy add-ons anymore. If you're <a href="https://forums.informaction.com/viewtopic.php?p=98662#p98662" target="_blank">using a non ESR Firefox, you may also need this hack</a>.</em></p> <p>Users of Firefox 58 and below are urged to upgrade their very unsafe browser. For those few who can't,</p> <ul> <li><a href="https://secure.informaction.com/download/releases/noscript-10.1.7.3.xpi" target="_blank">latest NoScript version compatible with Gecko 57 - Gecko 58 is 10.1.7.3</a>;</li> <li><a href="https://secure.informaction.com/download/releases/noscript-5.1.9.xpi" target="_blank">latest NoScript version compatible with Gecko 46 - Gecko 56 is 5.1.9</a> (<a href="https://secure.informaction.com/download/releases/noscript-5.1.9.xpi.sha256" target="_blank">SHA256</a>);</li> <li><a href="https://secure.informaction.com/download/releases/noscript-2.9.0.14.xpi" target="_blank">latest NoScript version compatible with Gecko 13 - Gecko 45 is 2.9.0.14</a> (<a href="https://secure.informaction.com/download/releases/noscript-2.9.0.14.xpi.sha256" target="_blank">SHA256</a>);</li> <li><a href="https://secure.informaction.com/download/betas/noscript-2.9.0.1rc1.xpi" target="_blank">latest NoScript version compatible with Gecko 1.9 - Gecko 12 is 2.9.0.1rc1</a> (<a href="https://secure.informaction.com/download/betas/noscript-2.9.0.1rc1.xpi.sha256" target="_blank">SHA256</a>);</li> <li><a href="https://secure.informaction.com/download/releases/noscript-1.10.xpi" target="_blank">latest NoScript version compatible with Gecko < 1.9 is 1.10</a> (<a href="https://secure.informaction.com/download/releases/noscript-1.10.xpi.sha256" target="_blank">SHA256</a>).</li> </ul> <h4 id="disclaimer" tabindex="-1">Disclaimer</h4> <p>We cannot update nor support NoScript 5.x and below anymore, because it was based on a completely different and now obsolete technology. However you can still find usage information and a FAQ section for those ancient versions in the <a href="https://classic.noscript.net/" target="_blank">NoScript Classic archived website</a>.</p> </main> <footer> <div class="copyright"> <p>© 2025 Giorgio Maone.</p> <p> <a rel="license" href="http://creativecommons.org/licenses/by-sa/4.0/"> <img alt="Creative Commons License" style="border-width:0" src="https://i.creativecommons.org/l/by-sa/4.0/88x31.png" /></a> <br /> This work is licensed under a <a rel="license" href="http://creativecommons.org/licenses/by-sa/4.0/">Creative Commons Attribution-ShareAlike 4.0 International License</a>. </p> </div> <div id="social-verification"> <a rel="me" href="https://mastodon.social/@noscript"></a> <a rel="me" href="https://todon.eu/@ma1"></a> </div> </footer> </body> </html>