NoScript settings I use for Twitter

Twitter Forcing You to Or is it NoScript settings?

Are you logging in to Twitter, and for some reason it redirects you to the Twitter mobile version even though you are on your desktop computer? is good when browsing on a mobile phone, but not what I want when I’m using Firefox on a widescreen monitor.

At first I thought it was something that Twitter didn’t like about the newest version of Firefox, but that isn’t what the problem actually was.

I like security, including blocking scripts that I don’t know about. I don’t want to visit a site and have some hacker JavaScript run on my browser. Anything you can do to block hackers is good.

So, I use the Firefox add-on NoScript. NoScript defaults to blocking all scripts, and then you white-list the scripts that you want to allow. You specify what scripts to run by the domain name, or sub-domain name.

It has a feature to temporarily allow all scripts on a page, for testing. It also has a feature to temporarily trust scripts from a specific domain name, for example allow this page to run today but not automatically. (I use this for testing what scripts I need to enable on a page for the page features to work how I want.) And you can revoke all temporary permissions. You can trust https: while blocking http: (without SSL) scripts.

NoScript is a very nice tool!

In Firefox, tap the Alt key to see the top menu, Tools, Add-Ons, scroll to the bottom of the page to click “See more add-ons“. Then in the search bar, type NoScript and click “NoScript Security Suite“.

Next you’ll have to spend some time, as you visit sites, enabling the scripts you want to allow. Most often, you only allow scripts for the https version of the site itself. Then you test if the site works right, and allow additional minimal domains until everything you want working, does work. You can Google the domain name and “scripts” to get an idea what the script’s reputation is.

Here’s what I was setting for Twitter, visible from which doesn’t redirect for mobile browsers:
NoScript settings lead Twitter to redirect to mobile

The problem (getting the mobile version) was due to my having the “Default” for and all it’s subdomains that aren’t specifically listed. (Again, the Default is all scripts and objects blocked.) But I couldn’t see that while I was being redirected to (which you also want to set “Trusted”).

In this specific case, I could see “…” and click the “S” icon to make it “Trusted”. If not, or if you want to specify several domains at once, click the third icon from the top left, the “No S” icon with the wrench, for Options. See Wikipedia Noscript and for a clear explanation of NoScript, and of course the NoScript help pages and

Which permissions do you want for a site? Here’s some ideas about setting them:

Allowing only HTTPS (not HTTP) — Look at the lock symbol by the domain name. If it is red, HTTP is allowed, if it is green, only HTTPS is allowed. Click the lock to toggle it.

Fetch is to be granted only if essential —

Now I have these settings for NoScript for Twitter:

NoScript settings I use for Twitter

Change … to Trusted, and … (for Twitter images) to Trusted.

DoubleClick tracks your site visits, for advertisers. I keep it set to Untrusted.

Google Analytics I set to Trusted. I haven’t researched at all, and I don’t notice anything about Twitter not working without it, so I leave it set to Default.

You can also click that “monster wrench” icon (third from the left on top), and add if you want.

(My current settings for Default are everything un-checked, so everything is blocked. My settings for Untrusted are everything blocked.)

You may need to force a refresh of the page, so it doesn’t load from the browser cache. On Windows, for Firefox or Chrome, either hold down Ctrl and click the Reload button, or hold down Ctrl and press F5. On OS/X Safari, pressing CMD + SHIFT + R reloads the page ignoring cache.






Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.