The 6 Firefox add-ons I cannot live without (for debugging + performance tuning)

There are some things in life you take for granted. The water when you get when you turn on the shower, the heat when you try to warm a house and the firefox plugins you've gathered over the years. Except that last (well, the others too -- but that's something else) isn't really that straight forward. And it deserves some attention and careful fondling.

So, here's a list of the Firefox extensions i need to do my thing. That means debugging websites, performance tuning, testing, ... Since the browser really is your primary weapon, you need it to be well-armed. And trust me, these are some fine guns.

Live HTTP Headers

Live HTTP Headers

A, such bliss. See all the HTTP headers that are sent and received to and from the server. Think request URLs, Cache, Encoding, Cookies, Custom headers, ... This is a must have if you're ever configuring a caching server (Varnish), debugging AJAX requests or are just generally interested in what HTTP headers are used on any site.

No matter how many HTTP benchmarks you run, there's nothing like "real" simulation using "real" HTTP headers sending back and forth to track down problems. Where a "curl -I <url>" can do wonders, it doesn't send everything your browser would. It's also useful if you want to see your own custom HTTP headers.

Life-of-request Info


So simple, yet so powerful. This shows you some interesting statistics in your bottom bar in Firefox. It tells you "Time to first byte" (aka: how long it took for the server to send a response), "time to completion" (how long server took + browser to render the page), the "total page size" and "number of requests". Especially the first counter is interesting, as that tells you how long your request has been "in process" at the server. For a quick idea on performance, LORI is very nice.


Show IP

A very simple addon, that just shows you the current IP address of the server you're working on in your bottom bar. Easy to spot if you're on your own system, or a development server (in case you're cheating with altering your hosts-file). And can be used to see on which actual server you're working on a Round Robin DNS configuration. Right clicking allows you to get the IP directly on your clipboard.



This, again, is a very powerful tool. SwitchHosts allows you to change your hosts-file on-the-fly within your browser. Want to test your site on a new server? Simple: just add a new host entry in your browser, refresh the page and you're loading the exact URL on a different server. This takes away the annoyance of changing hosts-file on a Windows client, or interfering DNS cache in your browser. Just click, change and refresh the page.


Tamper Data

Ever created a form where you wanted to test how users could "cheat" on input? Thought a select list was safe enough to not validate those return values? Guess again. Tamper data lets you change the data you're sending back to the server. Allows you to easily manipulate all POST data that gets sent. Before the POST data goes out, Tamper Data intercepts it and let's you change all values you are about to send.

The left screen lets you modify the HTTP request, while the right had side let's you input anything in the POST form fields.

This is a great starting point for webapp pentesting, when fiddling with the GET parameters gets you nowhere.

Web Developer

Web Developer

Some think it's too large, some get annoyed by the place it takes within your browser. I love it for 2 simple reasons: cookie manipulation and CSS style information. Web Developer can do so much more, but just the on-the-fly editing of cookies and viewing what CSS styles are applied to what DOM object makes it a must-have.

It also includes a CSS and JavaScript error console to easily track down problems, in case FireBug is too much for you (like it is in my case).

What's missing?

I'm always looking for added-value. So I'm curious to know what add-ons you're using, and why I should consider them. Share'm with me! :-)

The Social Box

You can sign up for more updates via Twitter or Facebook below. On Twitter, I regularly talk about technology or tweet about interesting stories. Topics that don't necessarily make it to this blog. Facebook contains a steady update of blogposts and some more lightweight stories.

Write a Comment

Do you care about the markup if your comment? You can use the following HTML tags:

<code>command</code>: command highlighting
<pre>text</pre>: pre-formatted code, can be multi-line (black background, white letters)

example <pre> tag
<blockquote>text</blockquote> quoted text
quoted example

None of this is needed of course, it's all optional!



  1. Nice, I didn’t even know Yslow was a Firebug extension how, I only knew it from the Yahoo pages. The others are really interesting too, I’ll be checking them out the next few days. Thanks Pieter! :-)

  2. Thank you, nicely written and some extensions I hadn’t heard of before!

    I like ModifyHeaders as well for header tampering, although IMO the UI is a little wonky. It fills in a nice gap that Live HTTP Headers doesn’t support, which is sending a particular header for *every* request (e.g. if you are working with SiteMinder or something similar).

  3. Calomel SSL Validation is useful when you want to know more about SSL

    Can’t live without HTTPwatch

    Dynatrace Ajax edition now works in Firefox, which is great news.

    I use Notable a lot for taking screenshots and then annotating them to highlight things to the customer

    User Agent Switcher is useful for simulating different browsers/devices (get the list from here