Use Noscript to block JS over unencrypted connections

Discussion in 'other security issues & news' started by Gullible Jones, Aug 30, 2015.

  1. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,461
    Something awesome I just found:

    http://www.ghacks.net/2010/10/31/how-to-force-https-connections/

    Makes lot of sense IMO. The most Javascript intensive websites tend to be banking, web mail, e-commerce, and other things that demand encryption. Whereas sites where you don't need JS tend to be unencrypted HTTP. Likewise, a lot of ad servers connect unencrypted by default, so this handily nixes them.

    Edit: note, something similar might be doable in a centralized fashion, using Squid or Privoxy or such on a router - blocking JS files over HTTP connections going through the proxy. Embedded JS would be much trickier though.
     
  2. Alhaitham

    Alhaitham Registered Member

    Joined:
    May 18, 2013
    Posts:
    173
    Location:
    Egypt
    Nice.

    Thanks.
     
  3. Wroll

    Wroll Registered Member

    Joined:
    Nov 29, 2011
    Posts:
    549
    Location:
    Italy
    You can also do it with uMatrix.
     
  4. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,461
Loading...