Configuring the correct browser security settings is one of the simplest ways to keep yourself safe online.
While following safe browser practices can do a lot to ward off most threats, it’s always best to go a little deeper with your settings to protect yourself from sites and files that should be safe but might not be.
In this post, I list the most important security settings you can configure in your browser.
Warning: This list is mainly filled with recommendations for improving security. Disabling some of these settings may cause performance issues or make your browsing experience less convenient.
Browser Security Settings: Overview
Browser security is as important as ever. With new threats on the rise and AI enabling hackers to scale attacks effortlessly, everyone should be doing everything they can to protect themselves.
Attacks you might fall victim to at the browser level include session hijacking, phishing attempts, malware installed through malicious extensions and downloaded files, cross-site scripting, and man-in-the-middle attacks.
These attacks can lead to consequences like data loss, account takeovers, keylogging, revenue loss, identity theft and downtime.
Along with following safe browsing practices, consider taking a minute to reconfigure your browser settings for increased security.
You’ll be better protected and more informed of potential threats.
Related: How to Train Employees On Cybersecurity
I’ll be covering the following settings in this post:
- Enabling automatic browser updates
- Blocking third-party cookies
- Deleting site permissions you no longer need
- Elevating your browser’s protection level
- Enabling HTTPS-only mode
- Blocking popups
- Blocking deceptive content
- Blocking ads (but whitelisting trusted sources)
- Enabling warnings for extension installations
- Disabling data sharing
- Disabling saved passwords
- Disabling preloading
- Disabling automatic downloads
- Enabling website typo protection
- Blocking access to your microphone and camera
- Disabling saved payment methods
What About Do Not Track Requests?
A lot of browsers have a Do Not Track (DNT) setting these days, which sends requests to websites asking them not to save tracking cookies in your browser.
However, experienced users see this setting as more of a placebo rather than a security setting that has any real impact. This is because websites aren’t required to listen to DNT requests and are well within their legal rights to ignore them and continue tracking your data.
And when it comes down to it, the DNT signal this setting adds to your browser’s header makes your traffic more unique than others, ironically making it another way for websites to track you. It’s best to leave this setting off for these reasons.
With all that said, let’s switch gears and talk about browser security settings that are actually helpful.
1. Enable Automatic Browser Updates
Automatic updates are typically enabled by default on all web browsers (most don’t even have a setting to disable them), but in case they aren’t, go ahead and enable them.
By installing updates as soon as they’re available, you ensure your browser has the latest security patches, preventing you from falling victim to new threats.
2. Block Third-Party Cookies
Cookies are text files that contain small bits of data, which get installed on your computer when you visit a website.
Cookies improve the browsing experience by saving information like your login details and site settings so you don’t need to reconfigure them the next time you visit a site.
However, third-party cookies are able to track your sessions, allowing advertisers to serve you personalized content and ads based on your browsing history.
Blocking third-party cookies is seen as a necessity for privacy for this reason. However, you should re-enable them or whitelist specific sites if you notice issues after blocking them entirely.
Related: Unexpected Ways Hackers Can Access Your Accounts
3. Delete Site Permissions You No Longer Need
Sometimes we need to give sites access to our data in order to use certain features.
A restaurant might need access to your location. Communication platforms typically need to access your device’s microphone and camera for video calls.
Settings like these are saved as individual permissions in your browser, allowing you to disable them for specific sites.
Go through them every so often to ensure you don’t have permissions enabled for sites you no longer visit.
4. Change Your Browser’s Protection Mode
Some browsers have different levels of protection you can enable to help protect you from harmful sites, extensions and files.
For example, Google’s Enhanced Protection Mode sends you warnings about dangerous sites, conducts in-depth scans of downloaded files and protects you across every device you use Google on.
Firefox’s Strict protection mode blocks social trackers, cross-site cookies, tracking content in private browsing windows and more.
5. Enable HTTPS-Only Mode
Some browsers allow you to enable a setting that ensures you only browse websites that have secure connections (meaning their URLs use HTTPS instead of HTTP).
This is another setting you’ll need to try out on your own, though, as some websites (especially older sites) still use HTTP even though they’re secure in every other way.
Your browser should allow you to add exceptions for individual sites.
6. Block Popups
This is an older browser setting that has been around for quite some time, so you’re likely already using it. Even so, it’s worth mentioning.
Some sites use popups for key features, but a lot of the time, popups are malicious in nature. Some are malware in disguise while others are just obnoxious.
Block popups by default in your browser, and whitelist sites you trust.
7. Block Deceptive Content
Firefox has an anti-phishing feature that helps protect you from malicious files, extensions and apps that disguise themselves as legitimate content.
It should be enabled by default. Its purpose is to block dangerous downloads and warn you about software you do not intend to install.
8. Block Ads by Default
Publishers use ads to fund their operations, and some websites won’t even let you browse them if you have an adblocker enabled.
The problem is some ads are designed to track you, which leads to privacy concerns for some. Other ads are designed to deliver malware, even on sites that appeared to be safe.
For these reasons, you’re better off installing an adblocker but whitelisting sites you trust and want to support.
9. Enable Warnings for Extension Installation Requests
All browsers should warn you if a website tries to install an extension in your browser. It’ll give you the option to approve or deny the request.
Firefox has an extra setting that allows you to disable this warning, but it’s best to leave it enabled.
10. Disable Data Sharing
If you’re concerned about online privacy, consider disabling anything related to data sharing in your browser.
This includes usage data and crash reports as well as automatic data sharing with websites.
Open your browser’s settings, and enter “data” in the search bar. Disable any setting related to data sharing.
11. Disable Saved Passwords
Most browsers have built-in password managers these days, and while they’re fairly secure for the most part, they’re not as secure as they could be.
For better password security, remove all saved passwords in your browser, and use a third-party password manager instead.
More importantly, set up multifactor authentication for all of your accounts.
12. Disable Preloading
Preloading is a functionality that helps websites load faster before you even visit them.
In some browsers, when you perform a web search, the browser predicts which websites you might visit and loads them in the background so that they’ll load faster when you do visit them.
This allows websites to save cookies in your browser even though you’ve never visited them, so it’s best to disable preloading for privacy concerns.
13. Disable Automatic Downloads
It’s best not to save downloads to your computer automatically. You should always force your browser to check where you’d like to store new files.
This prevents malicious files from installing themselves on your device.
Choose a designated file location for new downloads, and enable a setting that says, “Ask where to save each file before downloading.”
Some browsers, such as Firefox, have a setting that allows you to block dangerous downloads altogether.
In Chrome, enable Enhanced Protection Mode to block dangerous downloads.
14. Enable Website Typo Protection
Microsoft Edge has a feature that alerts you if a website URL is mistyped. It’s called “Website Typo Protection,” and it should be enabled by default.
Hackers sometimes disguise malicious links and forms by recreating a legitimate website and pointing it to a misspelling of that website’s domain name.
Enabling this setting triggers an alert whenever you mistype a website’s name.
Fortunately, most browsers can detect sites that are unsafe and will prevent you from accessing them even without this setting.
15. Block Access to Your Camera and Microphone
Safe websites ask for permission to access your camera and microphone only when they require them, typically for video or voice chats.
However, malicious sites circumvent these settings and access your device’s camera and microphone without your permission.
Block access to both in your browser’s settings, and whitelist websites you trust.
16. Disable Saved Payment Methods
Try not to save payment methods in your browser. Use a third-party password manager instead or a wallet app.
And while this is more of a financial tip than a cybersecurity tip, consider using a credit card for all online purchases rather than a debit card. Credit cards have better protection against fraud, especially if you need to dispute a charge.
