Chapter 20
Configuring and Using Web Browsers
As more apps are run from the cloud rather than local or network locations, web browsers have become vital application tools. Maintaining browser security and performance settings are important skills to understand. This chapter covers IT Fundamentals+ Objective 3.5, which covers browser configuration settings.
Foundation Topics
Caching/Clearing Cache
Browser caching is a feature that enables a web browser to display already-viewed content much more quickly when you visit the page again. Here’s how it works: When you open a web page, your browser stores a copy of the page elements that usually don’t change very often (scripts, images, banners, and so on). Click to another page, and then click back to the first page, and the page you returned to opens very quickly because the browser is using cached page elements.
Normally, this process works very well. However, if a web page has major changes right after you first view it, the browser might be displaying out-of-date information. To ensure that your browser is displaying the latest page, you can clear the browser cache.
The browser cache (also known as cached data and files or cached images and files) is one of several items you can clear when you select the option to clear browsing data. Here’s how to get to the browser cache settings in several popular browsers.
Google Chrome
To clear the cache, click the three-dot menu button, More Tools, Clear browsing data…. The Clear browsing data, Basic dialog (shown in Figure 20-1) lets you select the time period to clear and what to clear. Cached images and files is selected by default. Click the Advanced tab to choose additional items and see details. Click Clear Data to clear selected information.
Microsoft Edge
To clear the cache, click the three-dot menu button, Settings, Choose what to clear (Clear browsing data). Click Clear to clear the selected items (see Figure 20-1).
Mozilla Firefox
To clear the cache, click the three-line menu button, Options, Privacy & Security. To choose what to clear, click Clear History. Select the time range to clear. Click the Details arrow to choose what to clear (see Figure 20-2). Click Clear Now.
Microsoft Internet Explorer
To clear the cache, click the gear (settings) icon, then click Safety. Click Delete Browsing History. By default, temporary Internet and website files, cookies and website data, and history will be deleted. Favorite website data will be kept. Make any changes desired and then click Delete (see Figure 20-2).
Deactivate Client-Side Scripting
Browser pages can use two types of scripts. Server-side (back-end) scripts perform tasks at the server, such as creating dynamic HTML pages. Client-side scripts are used to process user input and are usually written in JavaScript. Client-side scripts can be a security risk, so browsers have options to deactivate client-side scripts, including settings and add-ons. The following sections provide details for managing JavaScript settings in leading browsers.
Note
Changing browser settings is awkward if you have websites you depend on that must use client-side scripting. I recommend using extensions and plug-ins for greater control over scripting.
Google Chrome
In Google Chrome, open Settings, Advanced Settings, Privacy & Security, Content Settings and then select JavaScript. You can allow or block JavaScript by specifying websites or you can block all websites from using JavaScript.
Mozilla Firefox
In Mozilla Firefox, enter about:config into the navigation window and click I accept the risk to continue. Search for javascript.enabled. Right-click the line and select Toggle to turn it off.
Microsoft Edge
Current versions of Windows 10 do not include any built-in options for disabling scripting in Microsoft Edge (the default browser). However, you can use a script blocker add-on.
Microsoft Internet Explorer
In Internet Explorer, you can set different zones to have different security options. To start, click the gear icon or open the Tools menu, and then click Internet Options. Click the Security tab and then click the zone to change, typically the Internet zone. Click Custom level. To change scripting settings, scroll down to the Scripting section and select Active scripting. Click Disable to disable all scripting. To enable all scripting, click Enable. To be prompted when a page has a script, click Prompt. Click OK, then OK again on the next dialog to close the window.
Browser Add-Ons/Extensions
Browser add-ons and extensions enable users to customize a browser’s features and add additional options. Browser add-ons and extensions can be used to disable potentially dangerous scripts. However, there are many more possibilities, especially for Google Chrome, Mozilla Firefox, and Internet Explorer. Microsoft Edge only offers about a hundred—a far smaller number than Chrome, Firefox, or Internet Explorer.
Exactly what you can do with your browser with extensions varies, but there are plenty of options. Here are a few of the extension categories available for Google Chrome:
Blogging
News & Weather
Photos
Search Tools
For a complete list, visit https://chrome.google.com/webstore/category/extensions.
And here are few of the extension categories available for Mozilla Firefox:
Download management
Photos, music, and videos
Shopping
Privacy & security
For a complete list, visit https://addons.mozilla.org/en-US/firefox/extensions/.
To see the extensions available for Microsoft Edge from Microsoft, visit https://www.microsoft.com/en-us/store/collections/edgeextensions/pc (additional extensions may be available from third parties). To see the extensions available from Microsoft for Internet Explorer, see https://www.microsoft.com/en-us/IEGallery. Third-party extensions are also available from other vendors.
Add
To add an extension, open a web browser and navigate to its extension website. Search for or browse to locate the extension you want and then click it. With Chrome, click + ADD TO CHROME to install it; then follow the prompts to finish the process. With Firefox, click +Add to Firefox to install it. With Microsoft Edge, click Get the app to install it. With Internet Explorer, click Add and then follow the prompts to finish the process.
Enable/Disable
After you install an extension, you may need to enable it before you can use it. Google Chrome enables extensions automatically. If you need to disable an extension, click the three-dot menu button, click More tools, Extensions, and then slide its control to the left. To enable a disabled extension, slide its control to the right.
Mozilla Firefox also enables extensions automatically. If you need to disable an extension, click the three-line menu button, click Add-ons, and click its Disable button. To enable a disabled extension, click Enable.
Microsoft Edge does not enable newly installed extensions automatically. After you install an extension, Edge prompts you to turn it on or keep it off (see Figure 20-3). To disable an installed extension, click the three-dot menu button, click Extensions, click the extension, and slide the control to Off.
To manage installed extensions in Internet Explorer, click the gear (Settings) button or open the Tools menu and click Manage add-ons. Currently loaded toolbars and extensions are shown first. To see all add-ons, select that option from the Show menu at the lower left. To enable a disabled extension, click it, then right-click it and choose Enable. To disable an enabled extension, click it, then right-click it and choose Disable.
Remove
If you decide a particular extension isn’t what you want to use, you can remove it. To remove an extension in Google Chrome or Mozilla Firefox, open the extension dialog and click the extension’s Remove button. To remove an extension in Microsoft Edge, open the extension dialog, click the extension to remove, and click Uninstall. To remove an extension in Internet Explorer, double-click it and click Remove from the More information dialog. If the Remove option is not available, use the Add/Remove Programs dialog in Control Panel to uninstall it.
You might need to close and restart your browser to complete the process. With some browsers, you must enable an extension before you can remove or uninstall it.
Private Browsing
Normal web browsing is an open book to anyone who wants to know where you’ve been on the Internet. Browsers record the websites you visit, so if you’re trying to surprise your loved ones with a surprise vacation, don’t let them use your account login, or they can see what you’re up to.
Private browsing prevents your browser from recording browser history, storing searches, storing cookies (which are used by advertisers to track your activity), and saving temporary files. However, private browsing does not prevent your activity from being visible to corporate monitoring (if you use a corporate computer) or your Internet service provider. Downloads and bookmarks will be saved (see Figure 20-4).
In Google Chrome, this feature is called Incognito. Click the three-dot menu button and select New incognito window to start. In Mozilla Firefox, start Private Browsing by clicking the three-line menu button and selecting New Private Window (see Figure 20-5). In Microsoft Edge, click the three-dot menu button and click New InPrivate Window. With Internet Explorer, open the Safety menu or click the gear (menu) button and select Safety, then click InPrivate Browsing.
When you are finished with private browsing, close all private browsing windows and tabs.
Proxy Settings
Many corporate networks do not permit direct access to the Internet for web browsing or other web-based activities. To preserve bandwidth, help protect against hostile inbound web traffic, or to filter Internet traffic, proxy servers are used to capture outbound and inbound traffic.
If a web browser on the network requests a page, the proxy server checks to see if an updated copy of the page is already in its web page storage. If it is, the proxy server’s copy of the web page is sent as a response. If not, the proxy server updates its copy and then sends an updated copy.
Web browsers must be configured to use proxy servers. Many networks provide a proxy script at login to make these settings for network users. However, you can also set the proxy server values manually or specify the location for a proxy script the system needs to load. Proxy server settings are also used by other types of web-enabled software, including instant messaging apps and FTP apps.
There are typically four proxy settings that can be used. Depending on the network, all proxy servers might use the same setting or might use different settings:
HTTP proxy: Used for web browsers.
SSL proxy: Used for Secure Sockets Layer (SSL) encrypted web traffic.
FTP proxy: Used for File Transfer Protocol.
SOCKS Host: Used for socket secure connections for exchanging network packets. The user may be prompted to select the version of SOCKS Host to use.
Figure 20-6 shows a typical manual proxy server setup for Mozilla Firefox. Other browsers have similar dialogs.
Do not configure a proxy server manually unless your network manager or your ISP directs you to do so. If a proxy server is needed, you will be given specific settings to make.
Certificates
Security certificates are used by secure websites to verify that these websites can be trusted. Certificates are provided by companies known as certificate authorities (CAs), and the certificates are provided to your web browser. To see the certificate for a secure site, click the padlock and then click the Certificate link (see Figure 20-7) to view the certificate information (refer to Figure 20-8).
Valid
A valid certificate is a certificate that is issued by a recognized certificate authority for the company that owns the website and has a current date range (see Figure 20-8).
Invalid
An invalid certificate has one or more of the problems shown in Table 20-1.
Table 20-1 Invalid Certificate Issues
Problem |
Meaning |
Error Code* |
Expired |
Certificates are good for a specified date range. If you visit a secure website after the date range on the certificate, the certificate is expired. |
ERR_CERT_DATE_INVALID C SEC_ERROR_EXPIRED_CERTIFICATE F DLG_FLAGS_SEC_CERT_DATE_INVALID E,I |
Wrong host |
The certificate being used by a website does not match the name of the owner. This can indicate the certificate is being used fraudulently. |
ERR_CERT_COMMON_NAME_INVALID C SSL_ERROR_BAD_CERT_DOMAIN F DLG_FLAGS_SEC_CERT_CN_INVALID E,I |
Self-signed |
Website used a self-signed certificate, not a certificate from a certificate authority. |
ERR_CERT_AUTHORITY_INVALID C SEC_ERROR_UNKNOWN_ISSUER F DLG_FLAGS_INVALID_CA E,I |
Untrusted root certificate |
The issuer certificate is unknown. |
Same error messages as self-signed. |
Revoked |
Certificate revoked by certificate authority. |
Refer to Figure 20-9. |
*C = Google Chrome, F = Mozilla Firefox, E = Microsoft Edge, I = Internet Explorer
To see safe examples of these and other secure website errors, visit badssl.com and click a Certificate link. Figure 20-9 illustrates how Google Chrome, Mozilla Firefox, and Microsoft Edge display a Revoked error.
Popup Blockers
A popup is a small browser window that shows up in front of all other open browser windows. Popups have been used for advertisements as well as fake virus infection scares, but they are sometimes used for mapping and other desirable content. Current browsers are designed to block popups by default.
When a website displays a popup, the user is prompted to decide what to do. Figure 20-10 displays the prompts for Chrome, Firefox, and Edge. If you choose the option to allow popups from a particular website, you can view and manage the list of allowed websites.
To manage popup settings with Chrome, click the Manage button or open settings/content/popups. To manage popups with Firefox, click the Edit Pop-up Blocker Options or open the Preferences: Privacy & Security menu. To manage popups with Microsoft Edge, you must use the Windows Registry Editor. See details at the answers.microsoft.com website. I have shortened the URL for you: https://bit.ly/2J12JEC.
Caution
Editing the Registry is potentially dangerous. Be sure to make a backup copy of the Registry before you make any changes. A good visual guide to backing up the Registry and using the Registry Editor is available at https://www.wikihow.com/Edit-the-Windows-Registry.
Script Blockers
Although you can stop JavaScript scripts with built-in settings in web browsers, this is awkward when you need to allow some scripts and block others. Google Chrome offers extensions such as ScriptSafe and Script Blocker. These and others are available from the Chrome Web Store.
Firefox can use add-ons such as NoScript Security Suite and uBlock Origin. These and others are available from the Firefox Add-ons website.
The Microsoft Store’s Extensions for Microsoft Edge website includes several ad blockers and the script manager uBlock Origin.
Note
To learn more about browser extensions, see “Browser Add-Ons/Extensions” earlier in this chapter.
Compatible Browser for Application(s)
Although current browsers are designed to more strictly follow web standards, many websites have been tested with specific browsers or may be optimized for certain browsers only. Figure 20-11 illustrates a typical compatibility statement from a web-based app (Gliffy diagram creator).
If you are unable to use your browser with a particular website, check the following:
Check your browser version against the website’s list of approved browsers.
Make sure you are using the latest version of the browser.
Turn off any script blocker software.
Caution
A “WARNING: Your current browser is Outdated!” message and clickable link can be used to trick users into installing malware. If you need to update your browser, visit the browser vendor’s official download website. Don’t click a link; instead, close the browser window.
Some applications that work with browsers will work only with certain browser versions. In other words, it is sometimes necessary to ask, “Is my browser compatible with my app?” Internet Explorer includes a Compatibility View setting that can be used to enable it to display pages that were designed for older versions of IE. To learn more, see https://support.microsoft.com/en-us/help/17472/windows-internet-explorer-11-fix-site-display-problems-compatibility-v.
If you need compatibility with older versions of third-party browsers, you can usually download older versions of the browser from the vendor’s website.
Exam Preparation Tasks
Review All Key Topics
Review the most important topics in this chapter, noted with the Key Topics icon in the outer margin of the page. Table 20-2 lists these key topics and the page number on which each is found.
Table 20-2 Key Topics for Chapter 20
Key Topic Element |
Description |
Page Number |
Clear browsing data menus in Google Chrome (left) and Microsoft Edge (right). |
||
Paragraph |
Allow or block JavaScript in Google Chrome. |
|
Installing an extension in Microsoft Edge. |
||
An Incognito (private browsing) window in Google Chrome. |
||
List |
Proxy settings. |
|
A valid certificate for a banking website. |
||
Invalid Certificate Issues. |
||
Popup dialogs from Chrome, Firefox, and Edge browsers. |
||
Tested browsers and versions from the Gliffy website. |
Define Key Terms
Define the following key terms from this chapter and check your answers in the glossary:
popup blocker
Practice Questions for Objective 3.5
1. Your web browser is still showing an old logo on a website you visit every day. Which of the following is a good solution?
Deactivate client-side scripting.
Clear cache.
Install an add-on.
Remove an extension.
2. You are preparing a surprise party for a co-worker who shares your computer. How can you hide your searches?
Clear cache.
Turn on proxy settings.
Refuse security certificates.
Use private browsing.
3. You are using your company’s in-house wireless network and its security certificate has expired. What should you do?
Run anti-malware software on your computer.
Call the IT department.
Do nothing.
Tell your co-workers the wireless network has been hacked.
4. You are making reservations for a trip, and every time you want to finish a reservation, your browser tells you it has blocked a popup. Which of the following is the best way to deal with this issue?
Use a different web browser.
Accept popups for the site.
Disable popup blocking.
Call the hotel to make a reservation.
5. You want to demonstrate what certificate errors look like to your co-workers. What should you do?
Search for news stories about fake websites and navigate to them.
Disable your computer’s security certificates.
Hope you find a certificate error so you can screen-capture it.
Go to badssl.com.
6. A co-worker has accidentally enabled popups for a website that must be visited frequently but whose popups are just annoying. The browser is Microsoft Edge. What do you do to remove that website from the allowed list?
Download NoScript.
Use Registry Editor.
Edit Privacy & Security settings.
Use settings/content/popups to make changes.
7. A website you visit has a security certificate, but the certificate was not issued by a certificate authority. Which of the following messages will be displayed by your browser?
NET::ERR_CERT_AUTHORITY_INVALID
NET::ERR_CERT_COMMON_NAME_INVALID
NET::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN
NET::ERR_CERT_DATE_INVALID
8. You are trying to log in to an ecommerce website you use frequently. You have recently installed some browser extensions and suspect one of them might be causing problems. Which of the following types of extensions would you disable first?
Translation
Popup blocker
Script blocker
Screen capture
9. You have just installed an extension in Microsoft Edge. Which of the following best describes how it works?
It is automatically enabled.
You are prompted to turn it on.
You must enable scripting to make it work.
You must set up a proxy for the extension.
10. You are visiting a website and a “WARNING: Your current browser is Outdated!” message appears. What should you do?
Click the link to get a new version of your browser.
Close the window.
Ignore the message.
Switch to a different browser.
11. Which of the following is not true about private browsing?
Does not store bookmarks
Does not keep a record of searches
Does not save temporary files
Does not store cookies
12. When you connect to your corporate network, your connection uses a proxy server, but when you connect to your home network, your connection does not use a proxy server. It’s not necessary for you to change proxy settings when you change networks. Which of the following explains why?
Your system is using NoScript.
A proxy script is used by your corporate network.
The system ignores proxy settings when on the home network.
Your system has an extension to handle changed settings.
13. You need to disable client-side scripting in Microsoft Edge. Which of the following methods will work?
Disable JavaScript in Content Settings.
Toggle JavaScript off in config.
Disable JavaScript proxy.
Use script blocker.
14. You are providing telephone support for a client who wants to plan a surprise party and wants to use private browsing. The client is using Google Chrome. Which of the following do you tell them to use?
InPrivate
Private
NoScript
Incognito
15. Your client has installed an extension that is causing problems on some websites but is useful on others. Your client can have only one browser installed on their system. How would you advise them to handle this issue?
Remove the extension and add it as needed.
Set up a proxy for certain websites.
Disable client-side scripting.
Disable the extension and enable it as needed.
16. Your client has just taken over a website from a different firm and has not yet arranged for new security certificates. Visitors to the website might see which of the following errors?
NET::ERR_CERT_AUTHORITY_INVALID
NET::ERR_CERT_COMMON_NAME_INVALID
NET::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN
NET::ERR_CERT_DATE_INVALID
17. What does a proxy server do first when a web browser on the network requests a page?
Adds page to allowed list
Checks to see if an updated copy of the page is already stored
Updates its copy of the page and then sends an updated copy
Searches for a javascript.enabled setting
18. If you are unable to use your browser with a particular website, which of the following should you do?
Check your browser version against the website’s list of approved browsers.
Make sure you are using the latest version of the browser.
Turn off any script blocker software.
All of the above.
19. Your client calls on Saturday and asks how to view certificate information for a secure site. What should you tell them?
Click the padlock, then click the Certificate link to view the certificate.
Only certificate authorities can view certificate information.
Press Ctrl+Alt+Del and select Certificate Manager.
Certificate information can only be viewed Monday through Friday.
20. How do you enable a disabled extension in Google Chrome?
Click the three-dot menu button, click Extensions, click the extension, and slide the control to on.
Click the three-line menu button, click Add-ons, and click its Enable button.
Click the three-dot menu button, click More tools, Extensions, and slide its control to the left.
Click the three-dot menu button, click More tools, Extensions, and slide its control to the right.
Your Next Steps (More Certs)
If you want to concentrate on web security in your IT career, there are several certifications to consider. . CompTIA’s Security+ certificate is a popular credential. Learn more at https://certification.comptia.org/certifications/security.
The Certified Internet Web Professional (CIW) certifications are designed specifically for Internet-focused IT personnel. Information on the CIW Web Security certifications is available at https://www.ciwcertified.com/ciw-certifications/web-security-series.
If you want to develop apps for Google, mobile web, or Android, check out the Google Developers Certification page at https://developers.google.com/training/certification/.