DEV Community

Discussion on: Famous websites with JavaScript disabled

mdamaceno profile image
Marco Damaceno

To protect yourself against XSS exploit. You enable JavaScript only on websites you trust. Like a firewall.

drmason13 profile image

Definitely a good security practice to use noscript in my eyes. Once you get used to it there's no need to go back to js on by default.

It's satisfying to see so many adverts, Google analytics and other crud getting blocked by noscript. I get a good sense of the website by how many third party scripts it runs and what they are called.

One major pain point is cloudfront type hosting. In particular the AWS console will load entirely necessary content from literally dozens of different cloudfront domains that all need to be trusted individually... Every AWS service can use a bunch of different domains :( you can always just disable noscript for a tab though when you hit annoying niche cases like that though :)

Noscript is great, highly recommend it!

Some comments have been hidden by the post's author - find out more