Unfortunately NoScript for post-Quantum FF has not some features. For example I would like to allow some 3rd-party scripts only on particular website, a block it on the others.
On further evaluation and testing I agree and won't be using this test to influence my decision. Knee-jerk reactions are something I should not be doing.
LoL Put NoScript on almost anything and you stifle any javascript starts. I only let it run to read the DETAILS to see if, or rather how many results actually qualify as something to consider or not.
Test results is on by default. Of course you have to enable scripting to turn off test result reporting.
https://browseraudit.com/ Snap run with Chrome 92 xxxxx using uBlock Origin + NoScript + Cookie Notice Blocker Windows 8.1 Professional
Spoiler: Firefox_BA Firefox build 91.0.2. with uBlock Origin, ClearURLs and Skip Redirect ext. 4 of the 8 warnings were related to "access-control-expose-headers."
I don't feel so missing seeing @Sampei Nihira stats closely mirror my own. Wonder what we can do to really improve our scores on Browser Audit.
@plat1098, would you mind sharing your Skip Redirect lists; no skip urls, skip urls and no skip parameters? I have never heard of this extension before now and am eager to properly test it. Thanks!
Added Clear URLs and Skip Redirect courtesy @plat1098 from the Chrome Web Store. Running a new Audit.
Firefox 91.0.2 running on Linux MX-19.4 with ublockO and LocalCDN addons. uBlock in Hard mode utilizing only stock filters plus several custom filter borrowed from Lenny_Fox and Windows_Security from another forum
DANG @JRViejo - Great stats. might have to look at Firefox- Chrome is awesome but I yet to produce that tally. But will keep trying
I use both ext at defaults, out of the box and both work exceedingly well that way. It seems you can import/export URLs but I haven't seen the need here myself for the past few months of daily use. No impacts at all along w/uBO. Spoiler: clearurl some setttings default Spoiler: skip red partial sets default
My audit test showed just the one critical result, "Cookie set by JavaScript should not be sent over HTTP". How to stop this? Edit in: FWIW, I did try the experimental flags suggested by WildByDesign (Future V8 VM features) which add the latest V8 javascript virtual machine features. I received the exact same test results with this enabled.
It this point I'm more curious than anything else. @JRViejo, how are you getting so few warnings? I'm testing the same setup you you mentioned and I cannot get my warnings down below 28. Are you using any special about:config settings?
n8chavez, I have made quite a few changes, via about:config, over the years to each version. Since some display personal info, I will not list them, however, to see your own changes, type about:support and scroll down to Important Modified Preferences to see yours. My non-critical test warnings are as follows: Content Security Policy: connect-src Block - WebSocket connecting to wss://browseraudit.com with connect-src 'self' Content Security Policy: sandbox Allow - Access from child iframe on https://browseraudit.com to cookie on .browseraudit.com with sandbox allow-same-origin Allow - Access from child iframe on https://test.browseraudit.com to cookie on .browseraudit.com with sandbox allow-same-origin Cross-Origin Resource Sharing: Access-Control-Expose-Headers Allow - Caller can access Content-Type with no Access-Control-Expose-Headers header Block - Caller can't access Content-Length with no Access-Control-Expose-Headers header Block - Caller can't access Content-Length with Access-Control-Expose-Headers: Connection Block - Caller can't access Content-Length with Access-Control-Expose-Headers: Date, Connection Response Headers: X-Frame-Options Block - frame from same origin with ALLOW-FROM test.browseraudit.com Block - frame from remote origin with ALLOW-FROM test.browseraudit.com