Update 'user.js'
This commit is contained in:
parent
61a6234940
commit
68caddd032
46
user.js
46
user.js
|
|
@ -126,7 +126,7 @@ user_pref("browser.search.region", "US"); // [HIDDEN PREF]
|
|||
// https://addons.mozilla.org/about ***/
|
||||
user_pref("intl.accept_languages", "en-US, en");
|
||||
// -------------------------------------
|
||||
// Enforce US English locale regardless of the system locale
|
||||
// Use US English locale regardless of the system locale
|
||||
// [SETUP-WEB] May break some input methods e.g xim/ibus for CJK languages
|
||||
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=867501,1629630 ***/
|
||||
user_pref("javascript.use_us_english_locale", true); // [HIDDEN PREF]
|
||||
|
|
@ -305,19 +305,6 @@ user_pref("media.webvtt.testing.events", false);
|
|||
// https://bugzilla.mozilla.org/show_bug.cgi?id=1608308
|
||||
user_pref("corroborator.enabled", false);
|
||||
// -------------------------------------
|
||||
// Disable Remote Settings
|
||||
// https://github.com/mozilla-services/remote-settings-lambdas
|
||||
// https://remote-settings.readthedocs.io/en/latest/
|
||||
user_pref("security.remote_settings.intermediates.enabled", false);
|
||||
user_pref("security.remote_settings.intermediates.bucket", "");
|
||||
user_pref("security.remote_settings.intermediates.collection", "");
|
||||
user_pref("security.remote_settings.intermediates.signer", "");
|
||||
user_pref("security.remote_settings.crlite_filters.enabled", false);
|
||||
user_pref("security.remote_settings.crlite_filters.bucket", "");
|
||||
user_pref("security.remote_settings.crlite_filters.collection", "");
|
||||
user_pref("security.remote_settings.crlite_filters.signer", "");
|
||||
user_pref("security.pki.crlite_mode", 0);
|
||||
// -------------------------------------
|
||||
// Block unwanted connections
|
||||
user_pref("app.feedback.baseURL", "");
|
||||
user_pref("app.support.baseURL", "");
|
||||
|
|
@ -516,7 +503,7 @@ user_pref("network.dns.disableIPv6", true);
|
|||
user_pref("network.http.altsvc.enabled", false);
|
||||
user_pref("network.http.altsvc.oe", false);
|
||||
// -------------------------------------
|
||||
// Enforce the proxy server to do any DNS lookups when using SOCKS
|
||||
// Set the proxy server to do any DNS lookups when using SOCKS
|
||||
// e.g. in Tor, this stops your local DNS server from knowing your Tor destination
|
||||
// as a remote Tor node will handle the DNS request
|
||||
// https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/WebBrowsers ***/
|
||||
|
|
@ -784,9 +771,6 @@ user_pref("security.ssl.require_safe_negotiation", true);
|
|||
// user_pref("security.tls.version.min", 3); // [DEFAULT: 3]
|
||||
// user_pref("security.tls.version.max", 4);
|
||||
// -------------------------------------
|
||||
// Enforce TLS 1.0 and 1.1 downgrades as session only
|
||||
user_pref("security.tls.version.enable-deprecated", false);
|
||||
// -------------------------------------
|
||||
// Disable SSL session tracking [FF36+]
|
||||
// SSL Session IDs are unique and last up to 24hrs in Firefox (or longer with prolongation attacks)
|
||||
// These are not used in PB mode. In normal windows they are isolated when using FPI
|
||||
|
|
@ -854,12 +838,26 @@ user_pref("security.family_safety.mode", 0);
|
|||
// https://shiftordie.de/blog/2017/02/21/fingerprinting-firefox-users-with-cached-intermediate-ca-certificates-fiprinca/ ***/
|
||||
// user_pref("security.nocertdb", true); // [HIDDEN PREF]
|
||||
// -------------------------------------
|
||||
// Enforce strict pinning
|
||||
// Enable strict pinning
|
||||
// PKP (Public Key Pinning) 0=disabled 1=allow user MiTM (such as your antivirus), 2=strict
|
||||
// [SETUP-WEB] If you rely on an AV (antivirus) to protect your web browsing
|
||||
// by inspecting ALL your web traffic, then leave at current default=1
|
||||
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16206 ***/
|
||||
user_pref("security.cert_pinning.enforcement_level", 2);
|
||||
// -------------------------------------
|
||||
// Disable CRLite [FF73+]
|
||||
// In FF84+ it covers valid certs and in mode 2 doesn't fall back to OCSP
|
||||
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1429800,1670985
|
||||
// https://blog.mozilla.org/security/tag/crlite/ ***/
|
||||
user_pref("security.remote_settings.intermediates.enabled", false);
|
||||
user_pref("security.remote_settings.intermediates.bucket", "");
|
||||
user_pref("security.remote_settings.intermediates.collection", "");
|
||||
user_pref("security.remote_settings.intermediates.signer", "");
|
||||
user_pref("security.remote_settings.crlite_filters.enabled", false);
|
||||
user_pref("security.remote_settings.crlite_filters.bucket", "");
|
||||
user_pref("security.remote_settings.crlite_filters.collection", "");
|
||||
user_pref("security.remote_settings.crlite_filters.signer", "");
|
||||
user_pref("security.pki.crlite_mode", 0);
|
||||
//
|
||||
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
||||
// MIXED CONTENT ***/
|
||||
|
|
@ -1344,7 +1342,7 @@ user_pref("permissions.manager.defaultsUrl", "");
|
|||
// Remove webchannel whitelist ***/
|
||||
user_pref("webchannel.allowObject.urlWhitelist", "");
|
||||
// -------------------------------------
|
||||
// Enforce Punycode for Internationalized Domain Names to eliminate possible spoofing
|
||||
// Use Punycode in Internationalized Domain Names to eliminate possible spoofing
|
||||
// Firefox has *some* protections, but it is better to be safe than sorry
|
||||
// [SETUP-WEB] Might be undesirable for non-latin alphabet users since legitimate IDN's are also punycoded
|
||||
// [TEST] https://www.xn--80ak6aa92e.com/ (www.apple.com)
|
||||
|
|
@ -1407,7 +1405,7 @@ user_pref("widget.non-native-theme.enabled", true); // [DEFAULT: true FF89+]
|
|||
// [SETTING] To set your default "downloads": General>Downloads>Save files to ***/
|
||||
// user_pref("browser.download.folderList", 2);
|
||||
// -------------------------------------
|
||||
// Enforce user interaction for security by always asking where to download
|
||||
// Enable user interaction for security by always asking where to download
|
||||
// [SETUP-CHROME] On Android this blocks longtapping and saving images
|
||||
// [SETTING] General>Downloads>Always ask you where to save files ***/
|
||||
user_pref("browser.download.useDownloadDir", false);
|
||||
|
|
@ -1441,13 +1439,13 @@ user_pref("extensions.autoDisableScopes", 15); // [DEFAULT: 15]
|
|||
// SECURITY ***/
|
||||
// >>>>>>>>>>>>>>>>>>>>>
|
||||
// Enforce CSP (Content Security Policy)
|
||||
// [WARNING] CSP is a very important and widespread security feature. Don't disable it!
|
||||
// [NOTE] CSP is a very important and widespread security feature. Don't disable it!
|
||||
// https://developer.mozilla.org/docs/Web/HTTP/CSP ***/
|
||||
user_pref("security.csp.enable", true); // [DEFAULT: true]
|
||||
// -------------------------------------
|
||||
// Enforce a security delay on some confirmation dialogs such as install, open/save
|
||||
// https://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ ***/
|
||||
user_pref("security.dialog_enable_delay", 700);
|
||||
user_pref("security.dialog_enable_delay", 1000); // [DEFAULT: 1000]
|
||||
// -------------------------------------
|
||||
// Enable Site Isolation
|
||||
user_pref("fission.autostart", true);
|
||||
|
|
@ -1743,7 +1741,7 @@ user_pref("ui.systemUsesDarkTheme", 0); // [HIDDEN PREF]
|
|||
// https://bugzilla.mozilla.org/1288359
|
||||
user_pref("dom.webaudio.enabled", false);
|
||||
// -------------------------------------
|
||||
// Limit font visibility (non-ANDROID) [FF79+]
|
||||
// Limit font visibility (Windows, Mac, some Linux) [FF79+]
|
||||
// Uses hardcoded lists with two parts: kBaseFonts + kLangPackFonts
|
||||
// 1=only base system fonts, 2=also fonts from optional language packs, 3=also user-installed fonts
|
||||
// [NOTE] Bundled fonts are auto-allowed
|
||||
|
|
|
|||
Loading…
Reference in New Issue