Currently, extensions that need to do comprehensive policing and modification of outgoing HTTP requests (such as HTTPS Everywhere and NoScript) use a mixture of different hackish XPCOM tricks. One summary of these hacks is here: https://bugzilla.mozilla.org/show_bug.cgi?id=677643#c26 These hacks are quite hard for most extensions developers to understand. They are also prone to being buggy; for instance: https://trac.torproject.org/projects/tor/ticket/3190 https://trac.torproject.org/projects/tor/ticket/4194 https://trac.torproject.org/projects/tor/ticket/4149 https://bugzilla.mozilla.org/show_bug.cgi?id=677643 It would be better to specify and implement a comprehensive API for extensions to police or alter outgoing requests for security and other purposes.

The "new Content Policy API" discussed here: https://groups.google.com/group/mozilla.dev.platform/browse_thread/thread/bde2c5a32d3dc9d8 may turn out to be the answer to this (if it is and there are tickets for it, we could merge this bug with those).

Bulk change to priority: https://bugzilla.mozilla.org/show_bug.cgi?id=1399258