Add-ons
RequestPolicy Continued 1.0.beta14.1
by Martin Kimmerle
Be in control of which cross-site requests are allowed. Improve the privacy of your browsing by not letting other sites know your browsing habits. Secure yourself from Cross-Site Request Forgery (CSRF) and other attacks.
![[Warning]](https://addons.thunderbird.net/static/img/developers/test-warning.png?b=58a99cbb-667a0970)
Permissions
About this Add-on
*********************************************************************************
Quick Start — Support — Contributing
*********************************************************************************
Quick Start:
Support and Contributing:
*********************************************************************************
Frequently Asked Questions (FAQ)
*********************************************************************************
What is RequestPolicy?
RequestPolicy is an extension that improves the privacy and security of your browsing by giving you control over when cross-site requests are allowed by webpages you visit.
What are cross-site requests?
Cross-site requests are requests that your browser is told to make by a website you are visiting to a completely different website. Though usually legitimate requests, they often result in advertising companies and other websites knowing your browsing habits, including specific pages you view throughout the day. Among the attacks that cross-site requests are used in, they are particularly dangerous with Cross-Site Request Forgery (CSRF) attacks where your browser is told to make a request to another website and that other website thinks you (the person) meant to make the request.
With RequestPolicy, the default for any cross-site request is to deny it. Users are notified when requests on the current page have been blocked (the status bar flag icon at the bottom right of your browser turns red). Clicking on this status bar flag icon gives you a menu where you can view and modify which requests are blocked and allowed. You can whitelist requests you approve of by origin site, destination site, or specific origin-to-destination.
Why should I use RequestPolicy?
RequestPolicy improves both privacy and security when browsing.
Read more: privacy reasons • security reasons
Is RequestPolicy intended to be a replacement for NoScript?
No. Each of the two add-ons focuses on different, important issues. For the best security, we recommend using both RequestPolicy and NoScript. Read more.
*********************************************************************************
Usage Note
*********************************************************************************
As with any extension that blocks content, some websites will not work properly until you have allowed the required content. If a website you visit isn't working, you can use the RequestPolicy menu to allow the cross-site requests the website needs. After a short while of using RequestPolicy, you will have whitelisted all of the required cross-site requests for sites you frequently visit and you will use the RequestPolicy menu much less.
*********************************************************************************
Quick Start — Support — Contributing
*********************************************************************************
Quick Start:
- Learn how to use RequestPolicy
- FAQ (Frequently Asked Questions) — short FAQ: see below
Support and Contributing:
- source code repository — GitHub
- issue tracker — bugs, feature requests, etc.
- ChangeLog — list of changes by version
- contributing notes
*********************************************************************************
Frequently Asked Questions (FAQ)
*********************************************************************************
What is RequestPolicy?
RequestPolicy is an extension that improves the privacy and security of your browsing by giving you control over when cross-site requests are allowed by webpages you visit.
What are cross-site requests?
Cross-site requests are requests that your browser is told to make by a website you are visiting to a completely different website. Though usually legitimate requests, they often result in advertising companies and other websites knowing your browsing habits, including specific pages you view throughout the day. Among the attacks that cross-site requests are used in, they are particularly dangerous with Cross-Site Request Forgery (CSRF) attacks where your browser is told to make a request to another website and that other website thinks you (the person) meant to make the request.
With RequestPolicy, the default for any cross-site request is to deny it. Users are notified when requests on the current page have been blocked (the status bar flag icon at the bottom right of your browser turns red). Clicking on this status bar flag icon gives you a menu where you can view and modify which requests are blocked and allowed. You can whitelist requests you approve of by origin site, destination site, or specific origin-to-destination.
Why should I use RequestPolicy?
RequestPolicy improves both privacy and security when browsing.
Read more: privacy reasons • security reasons
Is RequestPolicy intended to be a replacement for NoScript?
No. Each of the two add-ons focuses on different, important issues. For the best security, we recommend using both RequestPolicy and NoScript. Read more.
*********************************************************************************
Usage Note
*********************************************************************************
As with any extension that blocks content, some websites will not work properly until you have allowed the required content. If a website you visit isn't working, you can use the RequestPolicy menu to allow the cross-site requests the website needs. After a short while of using RequestPolicy, you will have whitelisted all of the required cross-site requests for sites you frequently visit and you will use the RequestPolicy menu much less.
*********************************************************************************
