diff --git a/user.js b/user.js
index f92a778..e4638d5 100644
--- a/user.js
+++ b/user.js
@@ -85,21 +85,8 @@ user_pref("browser.newtabpage.activity-stream.default.sites", "");
 // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
 // GEOLOCATION ***/
 // >>>>>>>>>>>>>>>>>>>>>
-// Disable Location-Aware Browsing
-// [WARNING] The API state is fingerprintable. Permission is already behind a prompt
-// https://www.mozilla.org/firefox/geolocation/ ***/
-user_pref("geo.enabled", false);
-user_pref("browser.search.geoip.url", ""); // [HIDDEN PREF]
-// -------------------------------------
-// Set a default permission for Location [FF58+]
-// 0=always ask (default), 1=allow, 2=block
-// [NOTE] Best left at default "always ask", fingerprintable via Permissions API
-// [SETTING] to add site exceptions: Ctrl+I>Permissions>Access Your Location
-// [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Location>Settings ***/
-// user_pref("permissions.default.geo", 2);
-// -------------------------------------
-// Use Mozilla geolocation service instead of Google if geolocation is granted [FF74+]
-// Optionally enable logging to the console (defaults to false) ***/
+// Use Mozilla geolocation service instead of Google if permission is granted [FF74+]
+// Optionally enable logging to the console (defaults to false)
 user_pref("geo.provider.network.url", "");
 // user_pref("geo.provider.network.logging.enabled", true); // [HIDDEN PREF]
 // -------------------------------------
@@ -116,10 +103,7 @@ user_pref("browser.region.update.enabled", false); // [[FF79+]
 // Set search region
 // May not be hidden if Firefox has changed your settings due to your region ***/
 user_pref("browser.search.region", "US"); // [HIDDEN PREF]
-//
-// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
-// LANGUAGE / LOCALE ***/
-// >>>>>>>>>>>>>>>>>>>>>
+// -------------------------------------
 // Set preferred language for displaying web pages
 // https://addons.mozilla.org/about ***/
 user_pref("intl.accept_languages", "en-US, en");
@@ -987,10 +971,10 @@ user_pref("network.http.referer.XOriginPolicy", 2);
 // 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/
 user_pref("network.http.referer.XOriginTrimmingPolicy", 2);
 // -------------------------------------
-// Disable spoofing a referer
-// [WARNING] Do not set this to true, as spoofing effectively disables the anti-CSRF
-// (Cross-Site Request Forgery) protections that some sites may rely on ***/
-// user_pref("network.http.referer.spoofSource", false); // [DEFAULT: false]
+// Enforce no spoofing of referer
+// Spoofing effectively disables the anti-CSRF (Cross-Site Request Forgery)
+// protections that some sites may rely on
+user_pref("network.http.referer.spoofSource", false); // [DEFAULT: false]
 // -------------------------------------
 // Set the default Referrer Policy [FF59+]
 // 0=no-referer, 1=same-origin, 2=strict-origin-when-cross-origin, 3=no-referrer-when-downgrade
@@ -1049,13 +1033,6 @@ user_pref("media.getusermedia.screensharing.enabled", false);
 user_pref("media.getusermedia.browser.enabled", false);
 user_pref("media.getusermedia.audiocapture.enabled", false);
 // -------------------------------------
-// Set a default permission for Camera/Microphone [FF58+]
-// 0=always ask (default), 1=allow, 2=block
-// [SETTING] to add site exceptions: Ctrl+I>Permissions>Use the Camera/Microphone
-// [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Camera/Microphone>Settings ***/
-user_pref("permissions.default.camera", 2);
-user_pref("permissions.default.microphone", 2);
-// -------------------------------------
 // Disable GMP (Gecko Media Plugins)
 // https://wiki.mozilla.org/GeckoMediaPlugins
 // user_pref("media.gmp-provider.enabled", false);
@@ -1116,13 +1093,6 @@ user_pref("dom.push.enabled", false);
 user_pref("dom.push.connection.enabled", false);
 user_pref("dom.push.serverURL", "");
 user_pref("dom.push.userAgentID", "");
-// -------------------------------------
-// Set a default permission for Notifications [FF58+]
-// 0=always ask (default), 1=allow, 2=block
-// [NOTE] Best left at default "always ask", fingerprintable via Permissions API
-// [SETTING] to add site exceptions: Ctrl+I>Permissions>Receive Notifications
-// [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Notifications>Settings ***/
-// user_pref("permissions.default.desktop-notification", 2);
 //
 // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
 // DOM (DOCUMENT OBJECT MODEL) & JAVASCRIPT ***/
@@ -1214,17 +1184,6 @@ user_pref("dom.battery.enabled", false);
 // https://wicg.github.io/media-capabilities/#security-privacy-considerations ***/
 // user_pref("media.media-capabilities.enabled", false);
 // -------------------------------------
-// Disable virtual reality devices
-// [WARNING] The API state is fingerprintable. Permission is already behind a prompt
-// https://developer.mozilla.org/docs/Web/API/WebVR_API
-user_pref("dom.vr.enabled", false);
-// -------------------------------------
-// Set a default permission for Virtual Reality [FF73+]
-// 0=always ask (default), 1=allow, 2=block
-// [SETTING] to add site exceptions: Ctrl+I>Permissions>Access Virtual Reality Devices
-// [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Virtual Reality>Settings ***/
-// user_pref("permissions.default.xr", 2);
-// -------------------------------------
 // Disable WebGL (Web Graphics Library)
 // [SETUP-WEB] When disabled, may break some websites. When enabled, provides high entropy,
 // especially with readPixels(). Some of the other entropy is lessened with RFP
@@ -1358,12 +1317,6 @@ user_pref("privacy.window.name.update.enabled", true);
 // Disable bypassing 3rd party extension install prompts [FF82+]
 // https://bugzilla.mozilla.org/buglist.cgi?bug_id=1659530,1681331 ***/
 user_pref("extensions.postDownloadThirdPartyPrompt", false);
-// -------------------------------------
-// Disable Fullscreen API (requires user interaction)
-// [NOTE] You can still toggle fullscreen with F11
-// [WARNING] This is fingerprintable and will break embedded video/game FS controls, e.g. youtube
-// [TEST] https://arkenfox.github.io/TZP/tzp.html#screen
-// user_pref("full-screen-api.enabled", false);
 // 
 // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
 // DOWNLOADS ***/
@@ -1449,11 +1402,6 @@ user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true); // [FF58+]
 // [SETTING] Privacy & Security>Cookies and Site Data>Delete cookies and site data when Firefox is closed ***/
 user_pref("network.cookie.lifetimePolicy", 2);
 // -------------------------------------
-// Disable offline cache (appCache)
-// [NOTE] In FF90+ the storage capability has been removed.
-// [WARNING] The API state is fingerprintable. Storage capability was removed in FF90+
-// user_pref("browser.cache.offline.enable", false);
-// -------------------------------------
 // Disable service worker cache and cache storage
 // [NOTE] We clear service worker cache on exit
 // https://w3c.github.io/ServiceWorker/#privacy
@@ -1671,6 +1619,31 @@ user_pref("network.manage-offline-status", false); // see bugzilla 620472
 user_pref("_config.applied", true);
 //
 // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+// DON'T BOTHER
+// >>>>>>>>>>>>>>>>>>>>>
+// Disable APIs
+// Location-Aware Browsing, Full Screen, offline cache (appCache), Virtual Reality
+// [WHY] The API state is easily fingerprintable. Geo and VR are behind prompts
+// appCache storage capability was removed in FF90. Full screen requires user interaction,
+user_pref("geo.enabled", false);
+// user_pref("full-screen-api.enabled", false);
+// user_pref("browser.cache.offline.enable", false);
+user_pref("dom.vr.enabled", false);
+// -------------------------------------
+// Set default permissions
+// Location, Camera, Microphone, Notifications [FF58+] Virtual Reality [FF73+]
+// 0=always ask (default), 1=allow, 2=block
+// [WHY] These are fingerprintable via Permissions API, except VR. Just add site
+// exceptions as block for frequently visited annoying sites: i.e not global
+// [SETTING] to add site exceptions: Ctrl+I>Permissions>
+// [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Settings
+user_pref("permissions.default.geo", 2);
+user_pref("permissions.default.camera", 2);
+user_pref("permissions.default.microphone", 2);
+user_pref("permissions.default.desktop-notification", 2);
+user_pref("permissions.default.xr", 0); // Virtual Reality
+//
+// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
 // DON'T BOTHER: NON-RFP
 // >>>>>>>>>>>>>>>>>>>>>
 // Spoof number of CPU cores [FF48+] ***/