DEV Community

loading...

Discussion on: Famous websites with JavaScript disabled

Collapse
mdamaceno profile image
Marco Damaceno

To protect yourself against XSS exploit. You enable JavaScript only on websites you trust. Like a firewall.

Collapse
drmason13 profile image
David

Definitely a good security practice to use noscript in my eyes. Once you get used to it there's no need to go back to js on by default.

It's satisfying to see so many adverts, Google analytics and other crud getting blocked by noscript. I get a good sense of the website by how many third party scripts it runs and what they are called.

One major pain point is cloudfront type hosting. In particular the AWS console will load entirely necessary content from literally dozens of different cloudfront domains that all need to be trusted individually... Every AWS service can use a bunch of different domains :( you can always just disable noscript for a tab though when you hit annoying niche cases like that though :)

Noscript is great, highly recommend it!

Some comments have been hidden by the post's author - find out more