NoScript Security Suite: blocks content loaded from other domains
uBlock Origin: blocks ads
Privacy Badger: detects and fights attempts are cross-site user tracking
TrackMeNot: sends garbage data to various search engines known to track users to mask your real searches
HTTPS Everywhere: uses SSL/TLS by default with sites known to support it
Decentraleyes: it replaces Google tracker-laden scripts with compatible, trackerless local versions
CanvasBlocker: alters JavaScript when attempts at fingerprinting your browser are detected
Privacy Settings: allows access to various privacy settings without needing to dive into about:config
―
P.S. Instead of NoScript, you may wish to use uMatrix. The two are functionally similar, but some users prefer the interface of uMatrix and also the fact that uMatrix allows you to allow and disallow content of different types from different domains, exclusively on the current domain.
―
I replaced a recommendation to use an extension called AdNauseam with TrackMeNot because AdNauseam is not compatible with popular ad blockers. TrackMeNot is similar in sending garbage data to mask your legitimate information, but doesn’t rely on loading ad trackers to do so.