Enable click-to-play for Flash & Java in Chrome, Firefox & Safari

Want to help support this blog? Try out Oh Dear, the best all-in-one monitoring tool for your entire website, co-founded by me (the guy that wrote this blogpost). Start with a 10-day trial, no strings attached.

We offer uptime monitoring, SSL checks, broken links checking, performance & cronjob monitoring, branded status pages & so much more. Try us out today!

Profile image of Mattias Geniar

Mattias Geniar, July 13, 2015

Follow me on Twitter as @mattiasgeniar

The last few days at least 4 major vulnerabilities for Flash were revealed, as part of the leaked files from the Hacking Team compromise.

If you hadn’t done it before, now would be a great time to configure Chrome to not automatically play flash, but require a click-to-play action. The alternative would be to completely uninstall Flash, but that may not always be desirable if you consume content that still requires Flash.

Enabling the click-to-play is easily configured.

Click-to-play in Chrome

First, go to the settings page, either via the menu in the upper right or by typing chrome://settings in the address bar.

Search for plugins in the search field and click on Content Settings.


Once in Content Settings, scroll down until you reach the Plugins section and chose the third option, Let me choose when to run plugin content.


Now whenever you reach flash content, you will be required to activate the plugin first by ctrl+click on the plugin area.


Alternatively, you can enable plugin content again by clicking the little icon in the right-hand side of the address bar.


Click-to-play in Safari

Thanks to Chris for the explanation, here’s how to do it in Safari.

For safari open Preferences and on the Security Tab open “Website Settings” next to “Internet Plugins". They set the option “When visiting other website” to “Ask".


Click-to-play in Firefox

Thanks to Jan for this heads-up. Here’s how to activate the “click to play” in Firefox.

In Firefox, go to Tools and Add-ons, then navigate to Plugins in the left-hand menu.

Go to the Flash plugin and change the dropdown on the right to “Ask to activate”.


If you hadn’t done so already, these recent security exploits for Flash should motivate you to enable click-to-play for browser plugins as soon as possible.

Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.