Web Browser Security: Evaluating Browser Settings to Stay Safe Online

Image of a man and woman with a shield showing an SSL padlock

Web browser security settings. Many of us virtually live online, but how often do we even take a minute to evaluate web browser security settings before jumping online?

The web browser, whether it is Microsoft Edge, Mozilla Firefox, Google Chrome, Brave, Opera etc. has become a major fixture in our business and personal lives. We interact with the world using one of these tools every day.

Given how important the web browser is in our every day business or personal transactions, it makes sense to ensure that the browser you use is a safe as possible.

We will discuss some of the web browser security settings options available below, depending on your web browser of choice.

Note: We should point out however,  that increasing the security of a particular web browser may affect the functionality of some web sites. For example, disabling JavaScript may prevent some websites from working properly.

In other cases, denying camera or microphone access to web applications may prevent video conferencing software from running.

And some websites just would not function unless you allow them to collect all the data they can find about your online activities. (See how to protect your personal information online).

Why are web browser security settings important?

Your web browser is your primary connection to the rest of the internet, and multiple applications may rely on your browser, or elements within your browser, to function.

This makes the security settings within your browser even more important.

Many web applications try to enhance your browsing experience by enabling different types of functionality, but this functionality might be unnecessary and may leave you susceptible to being attacked.

The safest policy is to disable the majority of those features unless you decide they are necessary.

If you determine that a site is trustworthy, you can choose to enable the functionality temporarily and then disable it once you are finished visiting the site.

Where can you find the web browser security settings?

Each web browser is different, so you may have to look around. For example, on Microsoft Edge and Google Chrome, you can find them by clicking the ellipses button (three dots) on the top right on the browser, selecting Settings..., choosing the Privacy and Security tab, and adjust settings accordingly.

However, in Firefox, depending on whether you have the menu bar or not, you click Tools on the menu bar and select Options, or click on the three bars on the top right of the browser window and select  Options or Settings (for newer versions of Firefox). Use the Privacy & Security tab to explore the security options of Standard, Strict, or Custom.

Browsers have different security options and configurations, so familiarize yourself with the menu options, check the help feature, or refer to the vendor’s web site.

Even with these guides, it is helpful to have an understanding of what the different terms mean so that you can evaluate the features to determine which settings are appropriate for you.

How do you know what your web browser security settings should be?

Ideally, you would set your security for the highest level possible. However, restricting certain features may limit some web pages from loading or functioning properly.

The best approach is to adopt the highest level of security and only enable features when you require their functionality.

What do the different terms mean?

Different browsers use different terms, but here are some terms and options you may find:

  • Zones

    Your browser may give you the option of putting web sites into different segments, or zones, and allow you to define different security restrictions for each zone.For example, Internet Explorer identifies the following zones:

    • Internet – This is the general zone for all public web sites.
      To give you the best protection as you browse, you should set the security to the highest level; at the very least, you should maintain a medium level.
    • Local intranet – If you are in an office setting that has its own intranet, this zone contains those internal pages.
      This is an optional zone but may be useful if you personally maintain multiple web sites or if your organization has multiple sites.
      Even if you trust them, avoid applying low security levels to external sites—if they are attacked, you might also become a victim.
    • Restricted sites – If there are particular sites you think might not be safe, you can identify them and define heightened security settings.
      Because the security settings may not be enough to protect you, the best precaution is to avoid navigating to any sites that make you question whether or not they’re safe.
  • JavaScript

    Some web sites rely on web scripts such as JavaScript to achieve a certain appearance or functionality, but these scripts may be used in attacks (see Browsing Safely: Understanding Active Content and Cookies for more information).

  • Java and ActiveX controls

    These programs are used to develop or execute active content that provides some functionality, but they may put you at risk (see Browsing Safely: Understanding Active Content and Cookies for more information).

  • The Right Plug-ins Can Boost Web Browser Security

    Sometimes browsers require the installation of additional software known as plug-ins to provide additional functionality.

You may also find options that allow you to take the following security measures:

  • Manage cookies to enhance web browser security

    You can disable, restrict, or allow cookies as appropriate. Generally, it is best to disable cookies and then enable them if you visit a site you trust that requires them.

  • Increase Web Browser Security By Blocking Pop-up Windows

    Although turning this feature on could restrict the functionality of certain web sites, it will also minimize the number of pop-up ads you receive, some of which may be malicious. Major web browsers like Firefox and Chrome have applications or add-ons like uBlock Origins, NoScript, Privacy Guard, etc. that you can install to help you lock down your web browser.

  • Use different web browsers for specific needs

    One of the best ways to protect yourself from malicious Internet attacks is to use a different web browser with security settings configured for that purpose. For example, you can use one web browser with standard settings for banking and sensitive websites and use a more locked down browser for general Internet browsing and shopping.

Stay safe out there folks.

Mindi McDowell and Jason Rafail

 Cybersecurity and Infrastructure Security Agency (CISA).

Tech Prognosis is a trusted IT Services provider in Round Rock, Texas that specializes in providing information technology (I.T.) support for small businesses.