NoScript is recommended by many experts like Edward Snowden, Window Snyder, Rich Mogull, Douglas Crockford and William Stearns.
Features of NoScript:
We are allowed to decide the permissions of the exact address, or the exact domain, or the parent domain. If you enable a domain (e.g. wordpress.com), then all its subdomains are implicitly enabled as well. So, the same will be enabled while visiting this blog i.e. ritwiktweaks.wordpress.com or any other blog on wordpress. Also there would not be any protocol denial (both http and https will be allowed). But if you enable the permissions for any address (protocol://host e.g. https://ritwiktweaks.wordpress.com) , you’re enabling its subdirectories ( like http://ritwiktweaks.wordpress.com/category/article-bin/) as well but neither its parents nor siblings (so, wordpress.com and any other blog will not be automatically enabled).
Security against all malicious content
There also come an option to mark a site untrusted. For a site in Untrusted Blacklist, NoScript won’t even propose you to allow it again and if you later want to revert your decision, NoScript allows you to do so.
Cross-Site Scripting (XSS) vulnerabilities allow an attacker to inject his own malicious code from source site to destination site and can be used to steal credentials. This is often overlooked and thus is highly popular among hackers (which led to creation of Jikto). NoScript assures user security by providing Anti-XSS Protection.
NoScript has already been translated in 45 languages by different contributors from across the world and is ready for your use. Why waiting… grab it in your mother-tongue.
Install the add-on here.
For detailed features list, click here.