ABE, the Application Boundaries Enforcer which is included in NoScript is something I take advantage of. It allows you to define rules that prevent ClickJacking/UI redressing and CSRF. It allows you to restrict what sites can direct your browser (form/link/redirect) to a another site. You can also prohibit embedding certian sites (think ClickJacking/UI Redressing attacks).
So how can one take advantage of this? I offer a snippet of my ABE “USER” policy.
Site ib.nab.com.au Accept ALL from SELF Anonymize
Site mail.google.com docs.google.com spreadsheets.google.com panel.dreamhost.com Accept ALL from mail.google.com https://www.google.com docs.google.com spreadsheets.google.com panel.dreamhost.com Deny
The next two rules allow me to click on links outside my site that bring me to my site, but it won’t authenticate me for that request, so they can’t do damage.
Site http://stevenroddis.com http://www.stevenroddis.com Accept ALL from stevenroddis.com www.stevenroddis.com Anonymize Site https://www.stevenroddis.com Accept ALL from SELF Anonymize
After some tweaking with the Google Apps rule, I haven’t had any false positives. So I’m continuing to enjoy enhanced proactive protection.