Can I use plugins, add-ons, or extensions in Tor Browser?

JavaScript

JavaScript is a programming language that websites use to offer interactive elements such as video, animation, audio, and status timelines. Unfortunately, JavaScript can also enable attacks on the security of the browser, which might lead to deanonymization.

Tor Browser includes an add-on called NoScript. It's accessible through "Add-ons and themes" on the hamburger menu (≡). Locate the NoScript add-on and click on it to open a panel where you can customize its settings.

In the panel, next to the Toolbar button, select 'Show'. This will display the NoScript button to the right of the browser address bar. This button enables you to manage JavaScript and other scripts on web pages, allowing you to control their execution individually or block them entirely.

Users who require a high degree of security in their web browsing should set Tor Browser's Security Level to "Safer" (which disables JavaScript for non-HTTPS websites) or "Safest" (which does so for all websites). However, disabling JavaScript will prevent many websites from displaying correctly, so Tor Browser's default setting is to allow all websites to run scripts in "Standard" mode.

Browser Add-ons

Tor Browser is based on Firefox, and any browser add-ons or themes that are compatible with Firefox can also be installed in Tor Browser.

However, the only add-ons that have been tested for use with Tor Browser are those included by default. Installing any other browser add-ons may break functionality in Tor Browser or cause more serious problems that affect your privacy and security. It is strongly discouraged to install additional add-ons, and the Tor Project will not offer support for these configurations.

FAQ

Why does Tor Browser ship with JavaScript enabled?

We configure NoScript to allow JavaScript by default in Tor Browser because many websites will not work with JavaScript disabled. Most users would give up on Tor entirely if we disabled JavaScript by default because it would cause so many problems for them. Ultimately, we want to make Tor Browser as secure as possible while also making it usable for the majority of people, so for now, that means leaving JavaScript enabled by default.

For users who want to have JavaScript disabled on all HTTP sites by default, we recommend changing your Tor Browser's Security Levels option. This can be done by clicking on the Security level icon (the shield right next to the URL bar) and then clicking on "Settings...". The "Standard" level allows JavaScript, the "Safer" level blocks JavaScript on HTTP sites and the "Safest" level blocks JavaScript altogether.

Should I install a new add-on or extension in Tor Browser, like AdBlock Plus or uBlock Origin?

It's strongly discouraged to install new add-ons in Tor Browser, because they can compromise your privacy and security.

Installing new add-ons may affect Tor Browser in unforeseen ways and potentially make your Tor Browser fingerprint unique. If your copy of Tor Browser has a unique fingerprint, your browsing activities can be deanonymized and tracked even though you are using Tor Browser.

Each browser's settings and features create what is called a "browser fingerprint". Most browsers inadvertently create a unique fingerprint for each user which can be tracked across the internet. Tor Browser is specifically engineered to have a nearly identical (we're not perfect!) fingerprint across its users. This means each Tor Browser user looks like many other Tor Browser users, making it difficult to track any individual user.

There's also a good chance a new add-on will increase the attack surface of Tor Browser. This may allow sensitive data to be leaked or allow an attacker to infect Tor Browser. The add-on itself could even be maliciously designed to spy on you.

Tor Browser already comes installed with one add-on - NoScript - and adding anything else could deanonymize you.