2019-04-24 23:38:24 +00:00
//
/ * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
2019-04-28 23:52:16 +00:00
* Fennec F - Droid | user . js *
2019-04-25 16:58:17 +00:00
* *
2019-04-28 23:52:16 +00:00
* https : //github.com/quindecim/fennec_user.js *
2019-04-24 23:38:24 +00:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * /
//
2019-04-28 23:52:16 +00:00
// Author : @quindecim
2019-04-24 23:38:24 +00:00
//
2019-04-28 23:52:16 +00:00
//
// Based on : gHacks: https://github.com/ghacksuserjs/ghacks-user.js
// Librefox: https://github.com/intika/Librefox
// pyllyukko: https://github.com/pyllyukko/user.js
2019-05-04 17:30:35 +00:00
// OrangeManBad: https://git.nixnet.xyz/OrangeManBad/user.js
2019-04-28 23:52:16 +00:00
//
2019-05-02 09:06:56 +00:00
// License : https://github.com/quindecim/fennec_user.js/blob/master/LICENSE.txt
2019-04-24 23:38:24 +00:00
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2019-04-27 09:27:34 +00:00
// Section : Quiet Fox
// >>>>>>>>>>>>>>>>>>>>>
// Pref : Never check updates for search engines
// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_auto-update-checking
user _pref ( "browser.search.update" , false ) ;
user _pref ( "browser.search.update.interval" , - 1 ) ;
user _pref ( "browser.search.update.log" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-01 09:22:54 +00:00
// Pref : Tell the search service that we don't really expose the "current engine"
2019-05-07 08:26:05 +00:00
user _pref ( "browser.search.noCurrentEngine" , true ) ; // [DEFAULT: true] // [FENNEC]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-27 09:27:34 +00:00
// Pref : Disable sending Flash Player crash reports
user _pref ( "dom.ipc.plugins.flash.subprocess.crashreporter.enabled" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-27 09:27:34 +00:00
// Pref : Disable sending the URL of the website where a plugin crashed
user _pref ( "dom.ipc.plugins.reportCrashURL" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-07 08:26:05 +00:00
// Pref : Disable SSDP (Simple Service Discovery Protocol)
// https://en.wikipedia.org/wiki/Simple_Service_Discovery_Protocol
// https://bugzilla.mozilla.org/show_bug.cgi?id=1111967
user _pref ( "browser.casting.enabled" , false ) ; // [DEFAULT: false]
// -------------------------------------
2019-05-06 07:59:33 +00:00
// Pref : Disable Telemetry
2019-04-27 09:27:34 +00:00
user _pref ( "toolkit.telemetry.enabled" , false ) ;
2019-05-02 09:06:56 +00:00
user _pref ( "toolkit.telemetry.debugSlowSql" , false ) ;
2019-04-27 09:27:34 +00:00
user _pref ( "toolkit.telemetry.reportingpolicy.firstRun" , false ) ;
user _pref ( "toolkit.telemetry.server" , "data:," ) ;
user _pref ( "toolkit.telemetry.server_owner" , "" ) ;
user _pref ( "toolkit.telemetry.unified" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-06 07:59:33 +00:00
// Pref : Disable Telemetry Coverage
// https://blog.mozilla.org/data/2018/08/20/effectively-measuring-search-in-firefox/
user _pref ( "toolkit.telemetry.coverage.opt-out" , true ) ; // [HIDDEN PREF]
user _pref ( "toolkit.coverage.opt-out" , true ) ; // [HIDDEN PREF]
// -------------------------------------
2019-04-27 09:27:34 +00:00
// Pref : Disable collection/sending of the health report (healthreport.sqlite*)
user _pref ( "datareporting.policy.currentPolicyVersion" , 0 ) ;
user _pref ( "datareporting.policy.dataSubmissionEnabled" , false ) ;
user _pref ( "datareporting.policy.currentPolicyAcceptedVersion" , 0 ) ;
user _pref ( "datareporting.policy.dataSubmissionPolicyAcceptedVersion" , 0 ) ;
user _pref ( "datareporting.policy.dataSubmissionPolicyBypassNotification" , false ) ;
user _pref ( "datareporting.policy.dataSubmissionPolicyNotifiedTime" , "" ) ;
user _pref ( "datareporting.policy.FirstRunURL" , "" ) ;
user _pref ( "datareporting.policy.firstRunURL" , "" ) ;
user _pref ( "datareporting.policy.minimumPolicyVersion" , 0 ) ;
user _pref ( "datareporting.policy.minimumPolicyVersion.channel-beta" , 0 ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-01 09:22:54 +00:00
// Pref : Disable In-Browser Feed Handling
// https://wiki.mozilla.org/Feed_Handling
// http://kb.mozillazine.org/Browser.contentHandlers.types.%2A.uri
2019-05-07 08:26:05 +00:00
user _pref ( "browser.contentHandlers.types.0.title" , "" ) ; // [FENNEC]
user _pref ( "browser.contentHandlers.types.0.type" , "" ) ; // [FENNEC]
user _pref ( "browser.contentHandlers.types.0.uri" , "" ) ; // [FENNEC]
user _pref ( "browser.contentHandlers.types.1.title" , "" ) ; // [FENNEC]
user _pref ( "browser.contentHandlers.types.1.type" , "" ) ; // [FENNEC]
user _pref ( "browser.contentHandlers.types.1.uri" , "" ) ; // [FENNEC]
user _pref ( "browser.contentHandlers.types.2.title" , "" ) ; // [FENNEC]
user _pref ( "browser.contentHandlers.types.2.type" , "" ) ; // [FENNEC]
user _pref ( "browser.contentHandlers.types.2.uri" , "" ) ; // [FENNEC]
user _pref ( "browser.contentHandlers.types.3.title" , "" ) ; // [FENNEC]
user _pref ( "browser.contentHandlers.types.3.type" , "" ) ; // [FENNEC]
user _pref ( "browser.contentHandlers.types.3.uri" , "" ) ; // [FENNEC]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-27 09:27:34 +00:00
// Pref : Disable personalized Extension Recommendations in about:addons and AMO
2019-04-27 17:36:54 +00:00
// [NOTE] This pref has no effect when Health Reports are disabled
2019-04-27 09:27:34 +00:00
// https://support.mozilla.org/kb/personalized-extension-recommendations
user _pref ( "browser.discovery.enabled" , false ) ; // [DEFAULT: false]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-27 09:27:34 +00:00
// Pref : Disable Crash Reports
user _pref ( "breakpad.reportURL" , "" ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-27 09:27:34 +00:00
// Pref : Disable automatic captive portal detection
// https://en.wikipedia.org/wiki/Captive_portal
// https://wiki.mozilla.org/Necko/CaptivePortal
// https://trac.torproject.org/projects/tor/ticket/21790
user _pref ( "captivedetect.canonicalURL" , "" ) ;
user _pref ( "network.captive-portal-service.enabled" , false ) ;
user _pref ( "network.captive-portal-service.backoffFactor" , "" ) ;
user _pref ( "network.captive-portal-service.maxInterval" , - 1 ) ;
user _pref ( "network.captive-portal-service.minInterval" , - 1 ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-27 09:27:34 +00:00
// Pref : Disable Network Connectivity checks
// https://bugzilla.mozilla.org/1460537
user _pref ( "network.connectivity-service.enabled" , false ) ; // [DEFAULT: true]
user _pref ( "network.connectivity-service.IPv4.url" , "" ) ;
user _pref ( "network.connectivity-service.IPv6.url" , "" ) ;
user _pref ( "network.connectivity-service.DNSv4.domain" , "" ) ;
user _pref ( "network.connectivity-service.DNSv6.domain" , "" ) ;
2019-05-07 08:26:05 +00:00
// -------------------------------------
// Pref : Disable auto updating of lightweight themes (LWT)
// Not to be confused with themes, which use the Theme API
// Mozilla plan to convert existing LWTs and remove LWT support in the future
// https://blog.mozilla.org/addons/2018/09/20/future-themes-here/
user _pref ( "lightweightThemes.persisted.headerURL" , false ) ;
user _pref ( "lightweightThemes.persistedThemeID" , "" ) ; // [FENNEC]
user _pref ( "lightweightThemes.selectedThemeID" , "" ) ; // [FENNEC]
2019-04-27 09:27:34 +00:00
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2019-04-24 23:38:24 +00:00
// Section : IJWY To Shut Up
// I Just Want You To Shut Up : Closing all non necessary communication to mozilla.org etc.
// >>>>>>>>>>>>>>>>>>>>>
2019-05-01 09:22:54 +00:00
// Pref : Block unwanted connections
2019-04-30 16:29:58 +00:00
user _pref ( "app.feedback.baseURL" , "" ) ;
2019-05-07 08:26:05 +00:00
user _pref ( "app.feedbackURL" , "" ) ; // [FENNEC]
user _pref ( "app.channelURL" , "" ) ; // [FENNEC]
user _pref ( "app.creditsURL" , "" ) ; // [FENNEC]
user _pref ( "app.faqURL" , "" ) ; // [FENNEC]
user _pref ( "app.privacyURL" , "" ) ; // [FENNEC]
2019-05-01 09:22:54 +00:00
user _pref ( "app.releaseNotesURL" , "" ) ;
user _pref ( "app.support.baseURL" , "" ) ;
2019-05-07 08:26:05 +00:00
user _pref ( "app.supportURL" , "" ) ; // [FENNEC]
user _pref ( "browser.chromeURL" , "" ) ; // [FENNEC]
// -------------------------------------
// Pref : Disable app from auto-update
user _pref ( "app.update.autodownload" , "" ) ;
user _pref ( "app.update.channel" , "" ) ;
user _pref ( "app.update.timerFirstInterval" , - 1 ) ;
user _pref ( "app.update.timerMinimumDelay" , - 1 ) ;
user _pref ( "app.update.url.android" , "" ) ;
// user_pref("app.update.url.android", "https://aus5.mozilla.org/update/4/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/%MOZ_VERSION%/update.xml"); // [URL SANITIZED from locale]
// -------------------------------------
// Pref : Updates addons automatically
// https://blog.mozilla.org/addons/how-to-turn-off-add-on-updates/
user _pref ( "extensions.update.enabled" , true ) ;
// -------------------------------------
// Pref : Disable System Add-on updates
user _pref ( "extensions.systemAddon.update.url" , "" ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
// Pref : Block unwanted connections
user _pref ( "identity.sync.tokenserver.uri" , "" ) ;
user _pref ( "media.decoder-doctor.new-issue-endpoint" , "" ) ;
user _pref ( "network.trr.confirmationNS" , "" ) ;
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Test To Make FFox Silent
2019-05-02 09:06:56 +00:00
user _pref ( "security.content.signature.root_hash" , "" ) ;
user _pref ( "urlclassifier.phishTable" , "" ) ;
user _pref ( "urlclassifier.passwordAllowTable" , "" ) ;
2019-04-24 23:38:24 +00:00
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Miscellaneous
// >>>>>>>>>>>>>>>>>>>>>>
2019-05-01 09:22:54 +00:00
// Pref : Test user.js in about:config
2019-05-07 08:26:05 +00:00
user _pref ( "user.js.applied" , true ) ; // [FENNEC]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-27 09:27:34 +00:00
// Pref : Disable Web Compatibility Reporter
// Web Compatibility Reporter adds a "Report Site Issue" button to send data to Mozilla
user _pref ( "extensions.webcompat-reporter.enabled" , false ) ;
user _pref ( "extensions.webcompat-reporter.newIssueEndpoint" , "" ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref :
user _pref ( "devtools.devices.url" , "" ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref :
2019-04-30 16:29:58 +00:00
user _pref ( "layout.accessiblecaret.hapticfeedback" , false ) ; // [DEFAULT: true]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-30 16:29:58 +00:00
// Pref :
2019-05-06 07:59:33 +00:00
user _pref ( "dom.registerProtocolHandler.insecure.enabled" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable Firefox Accounts and Sync
user _pref ( "identity.fxaccounts.auth.uri" , "" ) ;
user _pref ( "identity.fxaccounts.remote.oauth.uri" , "" ) ;
user _pref ( "identity.fxaccounts.remote.profile.uri" , "" ) ;
2019-05-02 09:06:56 +00:00
user _pref ( "identity.fxaccounts.remote.webchannel.uri" , "https://0.0.0.0" ) ; // [FENNEC - BUG] If left blank, it causes faded "Settings" on some devices
// -------------------------------------
2019-04-26 00:08:12 +00:00
// Pref : Disable sync
2019-04-24 23:38:24 +00:00
user _pref ( "services.sync.enabled" , false ) ;
user _pref ( "privacy.item.syncAccount" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-01 09:22:54 +00:00
// Pref : Disable snippets
2019-05-07 08:26:05 +00:00
user _pref ( "browser.snippets.enabled" , false ) ; // [FENNEC]
user _pref ( "browser.snippets.firstrunHomepage.enabled" , false ) ; // [FENNEC]
user _pref ( "browser.snippets.statsUrl" , "" ) ; // [FENNEC]
user _pref ( "browser.snippets.updateInterval" , - 1 ) ; // [FENNEC]
user _pref ( "browser.snippets.updateUrl" , "" ) ; // [FENNEC]
user _pref ( "browser.snippets.syncPromo.enabled" , false ) ; // [FENNEC]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Force Punycode for Internationalized Domain Names
// http://kb.mozillazine.org/Network.IDN_show_punycode
// https://www.xudongz.com/blog/2017/idn-phishing/
// https://wiki.mozilla.org/IDN_Display_Algorithm
// https://en.wikipedia.org/wiki/IDN_homograph_attack
// https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/
// CIS Mozilla Firefox 24 ESR v1.0.0 - 3.6
user _pref ( "network.IDN_show_punycode" , true ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-07 08:26:05 +00:00
// Pref : Disable page thumbnail collection
// Look in profile/thumbnails directory, you may want to clean that out
user _pref ( "browser.pagethumbnails.capturing_disabled" , true ) ; // [HIDDEN PREF]
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable prefetching of <link rel="next"> URLs
// http://kb.mozillazine.org/Network.prefetch-next
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ#Is_there_a_preference_to_disable_link_prefetching.3F
2019-05-01 09:22:54 +00:00
// Link prefetching is when a webpage hints to the browser that certain pages are likely to be visited, so the browser downloads them immediately so they can be displayed immediately when the user requests it.
2019-04-24 23:38:24 +00:00
user _pref ( "network.prefetch-next" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable speculative pre-connections
// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_speculative-pre-connections
// https://bugzilla.mozilla.org/show_bug.cgi?id=814169
user _pref ( "network.http.speculative-parallel-limit" , 0 ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-07 08:26:05 +00:00
// Pref : Do not automatically send selection to clipboard on Linux and some UNIX-like platforms
// http://kb.mozillazine.org/Clipboard.autocopy
user _pref ( "clipboard.autocopy" , false ) ;
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable "beacon" asynchronous HTTP transfers (used for analytics)
// https://developer.mozilla.org/en-US/docs/Web/API/navigator.sendBeacon
user _pref ( "beacon.enabled" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable speech recognition
// https://dvcs.w3.org/hg/speech-api/raw-file/tip/speechapi.html
// https://developer.mozilla.org/en-US/docs/Web/API/SpeechRecognition
// https://wiki.mozilla.org/HTML5_Speech_API
2019-05-04 17:30:35 +00:00
user _pref ( "media.webspeech.recognition.enable" , false ) ; // [DEFAULT: true]
user _pref ( "media.webspeech.recognition.force_enable" , false ) ; // [DEFAULT: false]
user _pref ( "media.webspeech.test.enable" , false ) ; // [DEFAULT: false]
user _pref ( "media.webspeech.test.fake_fsm_events" , false ) ; // [DEFAULT: false]
user _pref ( "media.webspeech.test.fake_recognition_service" , false ) ; // [DEFAULT: false]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Don't use Mozilla-provided location-specific search engines
user _pref ( "browser.search.geoSpecificDefaults" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Don't monitor OS online/offline connection state
// https://trac.torproject.org/projects/tor/ticket/18945
user _pref ( "network.manage-offline-status" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Set File URI Origin Policy
// http://kb.mozillazine.org/Security.fileuri.strict_origin_policy
// CIS Mozilla Firefox 24 ESR v1.0.0 - 3.8
user _pref ( "security.fileuri.strict_origin_policy" , true ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable SVG in OpenType fonts
// https://wiki.mozilla.org/SVGOpenTypeFonts
// https://github.com/iSECPartners/publications/tree/master/reports/Tor%20Browser%20Bundle
user _pref ( "gfx.font_rendering.opentype_svg.enabled" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Ensure you have a security delay when installing add-ons (milliseconds)
// http://kb.mozillazine.org/Disable_extension_install_delay_-_Firefox
// http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/
2019-05-02 09:06:56 +00:00
user _pref ( "security.dialog_enable_delay" , 700 ) ;
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable remote debugging
2019-05-01 09:22:54 +00:00
user _pref ( "devtools.debugger.remote-enabled" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-01 09:22:54 +00:00
// Pref : Force local debugging
2019-04-24 23:38:24 +00:00
// https://developer.mozilla.org/en-US/docs/Tools/Remote_Debugging/Debugging_Firefox_Desktop
// https://developer.mozilla.org/en-US/docs/Tools/Tools_Toolbox#Advanced_settings
user _pref ( "devtools.debugger.force-local" , true ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Prevent accessibility services from accessing your browser
// https://support.mozilla.org/kb/accessibility-services
user _pref ( "accessibility.force_disabled" , 1 ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Remove temp files opened with an external application
// https://bugzilla.mozilla.org/302433
user _pref ( "browser.helperApps.deleteTempFileOnExit" , true ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable various developer tools in browser context
// https://github.com/pyllyukko/user.js/issues/179#issuecomment-246468676
user _pref ( "devtools.chrome.enabled" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable MathML (Mathematical Markup Language)
// [TEST] http://browserspy.dk/mathml.php
// https://bugzilla.mozilla.org/1173199
user _pref ( "mathml.disabled" , true ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable in-content SVG (Scalable Vector Graphics)
// [SETUP-WEB] Expect breakage incl. youtube player controls. Best left for a "hardened" profile.
// https://bugzilla.mozilla.org/1216893
// user_pref("svg.disabled", true);
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-07 08:26:05 +00:00
// Pref : Disable middle mouse click paste
// This preference determines how to handle middle clicks in text fields.
// Useless on Android
user _pref ( "middlemouse.paste" , false ) ;
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable middle mouse click opening links from clipboard
// https://trac.torproject.org/projects/tor/ticket/10089
// http://kb.mozillazine.org/Middlemouse.contentLoadURL
user _pref ( "middlemouse.contentLoadURL" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Limit HTTP redirects (this does not control redirects with HTML meta tags or JS)
2019-05-02 09:06:56 +00:00
// [NOTE] A low setting of 5 or under will probably break some sites (e.g. gmail logins). To control HTML Meta tag and JS redirects, use an extension.
user _pref ( "network.http.redirection-limit" , 15 ) ; // [DEFAULT: 20]
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Remove webchannel whitelist
user _pref ( "webchannel.allowObject.urlWhitelist" , "" ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable exposure of system colors to CSS or canvas
// [NOTE] May cause black on black for elements with undefined colors
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=232227,1330876
// user_pref("ui.use_native_colors", true);
// Pref : Discourage downloading to desktop (0=desktop 1=downloads 2=last used)
user _pref ( "browser.download.folderList" , 2 ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Enforce user interaction for security by always asking the user where to download
2019-05-06 07:59:33 +00:00
// [FENNEC] Fix for images not downloading
user _pref ( "browser.download.useDownloadDir" , true ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable adding downloads to the system's "recent documents" list
user _pref ( "browser.download.manager.addToRecentDocs" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable "open with" in download dialog
2019-05-01 09:22:54 +00:00
// This is very useful to enable when the browser is sandboxed (e.g. via AppArmor) in such a way that it is forbidden to run external applications.
2019-04-24 23:38:24 +00:00
// [NOTE] This may interfere with some users' workflow or methods
// https://bugzilla.mozilla.org/1281959
user _pref ( "browser.download.forbid_open_with" , true ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Lock down allowed extension directories
2019-05-01 09:22:54 +00:00
// This will break extensions, language packs, themes and any other XPI files which are installed outside of profile directories
2019-04-24 23:38:24 +00:00
// https://mike.kaply.com/2012/02/21/understanding-add-on-scopes/
// archived: https://archive.is/DYjAM
2019-05-07 08:26:05 +00:00
user _pref ( "extensions.enabledScopes" , 1 ) ; // [DEFAULT: 1] // [HIDDEN PREF]
2019-04-24 23:38:24 +00:00
user _pref ( "extensions.autoDisableScopes" , 15 ) ; // [DEFAULT: 15]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Enable warning when websites try to install add-ons
user _pref ( "xpinstall.whitelist.required" , true ) ; // [DEFAULT: true]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Enable CSP (Content Security Policy)
// https://developer.mozilla.org/docs/Web/HTTP/CSP
user _pref ( "security.csp.enable" , true ) ; // [DEFAULT: true]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Block top level window data: URIs
// https://bugzilla.mozilla.org/1331351
// https://www.wordfence.com/blog/2017/01/gmail-phishing-data-uri/
// https://www.fxsitecompat.com/en-CA/docs/2017/data-url-navigations-on-top-level-window-will-be-blocked/
user _pref ( "security.data_uri.block_toplevel_data_uri_navigations" , true ) ; // [DEFAULT: true]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-01 09:22:54 +00:00
// Pref : Block web content in file processes
// You may want to disable this for corporate or developer environments
// https://bugzilla.mozilla.org/1343184
// user_pref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false); // [DEFAULT: true]
2019-05-07 08:26:05 +00:00
// -------------------------------------
// Pref : Enable only whitelisted URL protocol handlers
// http://kb.mozillazine.org/Network.protocol-handler.external-default
// http://kb.mozillazine.org/Network.protocol-handler.warn-external-default
// http://kb.mozillazine.org/Network.protocol-handler.expose.%28protocol%29
// https://news.ycombinator.com/item?id=13047883
// https://bugzilla.mozilla.org/show_bug.cgi?id=167475
// https://github.com/pyllyukko/user.js/pull/285#issuecomment-298124005
// [NOTE] Disabling nonessential protocols breaks all interaction with custom protocols such as mailto:, irc:, magnet: ... and breaks opening third-party mail/messaging/torrent/... clients when clicking on links with these protocols
// If you want to enable a protocol, set network.protocol-handler.expose.(protocol) to true and network.protocol-handler.external.(protocol) to:
// * true, if the protocol should be handled by an external application
// * false, if the protocol should be handled internally by Firefox
user _pref ( "network.protocol-handler.warn-external-default" , true ) ;
user _pref ( "network.protocol-handler.external.javascript" , false ) ;
user _pref ( "network.protocol-handler.external.data" , false ) ;
user _pref ( "network.protocol-handler.expose-all" , false ) ;
user _pref ( "network.protocol-handler.expose.http" , true ) ;
user _pref ( "network.protocol-handler.expose.https" , true ) ;
user _pref ( "network.protocol-handler.expose.javascript" , true ) ;
user _pref ( "network.protocol-handler.expose.moz-extension" , true ) ;
user _pref ( "network.protocol-handler.expose.ftp" , true ) ;
user _pref ( "network.protocol-handler.expose.file" , true ) ;
user _pref ( "network.protocol-handler.expose.about" , true ) ;
user _pref ( "network.protocol-handler.expose.chrome" , true ) ;
user _pref ( "network.protocol-handler.expose.blob" , true ) ;
user _pref ( "network.protocol-handler.expose.data" , true ) ;
2019-04-24 23:38:24 +00:00
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2019-04-27 17:36:54 +00:00
// Section : Web Workers
// >>>>>>>>>>>>>>>>>>>>>>
// Pref : Disable service workers
// Service workers essentially act as proxy servers that sit between web apps, and the browser and network, are event driven, and can control the web page/site it is associated with, intercepting and modifying navigation and resource requests, and caching resources.
// [NOTE] Service worker APIs are hidden (in Firefox) and cannot be used when in PB mode.
// [NOTE] Service workers only run over HTTPS. Service Workers have no DOM access.
user _pref ( "dom.serviceWorkers.enabled" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-27 17:36:54 +00:00
// Pref : Disable web notifications
// https://developer.mozilla.org/docs/Web/API/Notifications_API
user _pref ( "dom.webnotifications.enabled" , false ) ;
user _pref ( "dom.webnotifications.serviceworker.enabled" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-27 17:36:54 +00:00
// Pref : Disable push notifications
// Web apps can receive messages pushed to them from a server, whether or not the web app is in the foreground, or even currently loaded
// https://developer.mozilla.org/docs/Web/API/Push_API
user _pref ( "dom.push.alwaysConnect" , false ) ;
user _pref ( "dom.push.enabled" , false ) ;
user _pref ( "dom.push.debug" , false ) ;
user _pref ( "dom.push.connection.enabled" , false ) ;
user _pref ( "dom.push.serverURL" , "" ) ;
user _pref ( "dom.push.userAgentID" , "" ) ;
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : DOM (Document Object Model) & Javascript
// >>>>>>>>>>>>>>>>>>>>>>
// Pref : Disable right-click menu manipulation via JavaScript
user _pref ( "dom.event.contextmenu.enabled" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-27 17:36:54 +00:00
// Pref : Disable website access to clipboard events/content
// Disabling clipboard events breaks Ctrl+C/X/V copy/cut/paste functionaility in JS-based web applications (Google Docs...)
// https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Preference_reference/dom.event.clipboardevents.enabled
user _pref ( "dom.event.clipboardevents.enabled" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-27 17:36:54 +00:00
// Pref : Disable "Confirm you want to leave" dialog on page close
// Does not prevent JS leaks of the page close event.
// https://developer.mozilla.org/docs/Web/Events/beforeunload
// https://support.mozilla.org/questions/1043508
user _pref ( "dom.disable_beforeunload" , true ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-27 17:36:54 +00:00
// Pref : Disable shaking the screen (Vibrator API)
user _pref ( "dom.vibrator.enabled" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-07 08:26:05 +00:00
// Pref : Disable clipboard commands (cut/copy) from "non-privileged" content
// This disables document.execCommand("cut"/"copy") to protect your clipboard
// https://bugzilla.mozilla.org/1170911
user _pref ( "dom.allow_cut_copy" , false ) ; // [HIDDEN PREF]
// -------------------------------------
2019-04-27 17:36:54 +00:00
// Pref : Disable asm.js
// http://asmjs.org/
// https://www.mozilla.org/security/advisories/mfsa2015-29/
// https://www.mozilla.org/security/advisories/mfsa2015-50/
// https://www.mozilla.org/security/advisories/mfsa2017-01/#CVE-2017-5375
// https://www.mozilla.org/security/advisories/mfsa2017-05/#CVE-2017-5400
// https://rh0dev.github.io/blog/2017/the-return-of-the-jit/
user _pref ( "javascript.options.asmjs" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-27 17:36:54 +00:00
// Pref : Disable Ion and baseline JIT to help harden JS against exploits
// If false, causes the odd site issue and there is also a performance loss
// https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817
// user_pref("javascript.options.ion", false);
// user_pref("javascript.options.baselinejit", false);
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-27 17:36:54 +00:00
// Pref : Disable WebAssembly
// https://webassembly.org/
// https://developer.mozilla.org/docs/WebAssembly
// https://en.wikipedia.org/wiki/WebAssembly
// https://trac.torproject.org/projects/tor/ticket/21549
2019-05-07 08:26:05 +00:00
user _pref ( "javascript.options.wasm" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-27 17:36:54 +00:00
// Pref : Disable Intersection Observer API
// Almost a year to complete, three versions late to stable (as default false), number #1 cause of crashes in nightly numerous times, and is (primarily) an ad network API for "ad viewability checks" down to a pixel level
// https://developer.mozilla.org/docs/Web/API/Intersection_Observer_API
// https://w3c.github.io/IntersectionObserver/
// https://bugzilla.mozilla.org/1243846
user _pref ( "dom.IntersectionObserver.enabled" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-27 17:36:54 +00:00
// Pref : Disable Shared Memory (Spectre mitigation)
// https://github.com/tc39/ecmascript_sharedmem/blob/master/TUTORIAL.md
// https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
user _pref ( "javascript.options.shared_memory" , false ) ; // [DEFAULT: false]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-27 17:36:54 +00:00
// Pref : Enforce DOMHighResTimeStamp API
// [WARNING] Required for normalization of timestamps and any timer resolution mitigations
user _pref ( "dom.event.highrestimestamp.enabled" , true ) ; // [DEFAULT: true]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-27 17:36:54 +00:00
// Pref : Enable (limited but sufficient) window.opener protection
// Makes rel=noopener implicit for target=_blank in anchor and area elements when no rel attribute is set
user _pref ( "dom.targetBlankNoOpener.enabled" , true ) ; // [DEFAULT: false]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2019-04-24 23:38:24 +00:00
// Section : Media / Camera / Mic
// >>>>>>>>>>>>>>>>>>>>>>
2019-04-27 17:36:54 +00:00
// Pref : WebSockets is a technology that makes it possible to open an interactive communication session between the user's browser and a server. (May leak IP when using proxy/VPN)
2019-04-24 23:38:24 +00:00
user _pref ( "media.peerconnection.enabled" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Limit WebRTC IP leaks if using WebRTC
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1189041,1297416
// https://wiki.mozilla.org/Media/WebRTC/Privacy
user _pref ( "media.peerconnection.ice.default_address_only" , true ) ;
user _pref ( "media.peerconnection.ice.no_host" , true ) ;
user _pref ( "media.peerconnection.use_document_iceservers" , false ) ;
user _pref ( "media.peerconnection.identity.enabled" , false ) ;
2019-04-30 16:29:58 +00:00
user _pref ( "media.peerconnection.identity.timeout" , - 1 ) ;
2019-04-24 23:38:24 +00:00
user _pref ( "media.peerconnection.turn.disable" , true ) ;
user _pref ( "media.peerconnection.ice.tcp" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
// Pref : Disable WebGL I/II
// [WARNING] WebGL introduce high fingerprinting... (webgl is direct hardware js)
2019-04-24 23:38:24 +00:00
user _pref ( "webgl.disabled" , true ) ;
user _pref ( "webgl.enable-webgl2" , false ) ;
user _pref ( "webgl.min_capability_mode" , true ) ;
user _pref ( "pdfjs.enableWebGL" , false ) ;
2019-05-04 17:30:35 +00:00
user _pref ( "webgl.disable-extensions" , true ) ; // [DEFAULT: false]
user _pref ( "webgl.disable-wgl" , true ) ; // [DEFAULT: false]
2019-04-24 23:38:24 +00:00
user _pref ( "webgl.disable-fail-if-major-performance-caveat" , true ) ;
2019-05-04 17:30:35 +00:00
user _pref ( "webgl.can-lose-context-in-foreground" , false ) ; // [DEFAULT: true]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable audiocapture
user _pref ( "media.getusermedia.browser.enabled" , false ) ;
user _pref ( "media.getusermedia.audiocapture.enabled" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable camera
user _pref ( "device.camera.enabled" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable canvas capture stream
// https://developer.mozilla.org/docs/Web/API/HTMLCanvasElement/captureStream
user _pref ( "canvas.capturestream.enabled" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable camera image capture
// https://trac.torproject.org/projects/tor/ticket/16339
user _pref ( "dom.imagecapture.enabled" , false ) ; // [DEFAULT: false]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable offscreen canvas
// https://developer.mozilla.org/docs/Web/API/OffscreenCanvas
user _pref ( "gfx.offscreencanvas.enabled" , false ) ; // [DEFAULT: false]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable autoplay of HTML5 media
// 0=Allowed, 1=Blocked, 2=Prompt
// [NOTE] You can set exceptions under site permissions
user _pref ( "media.autoplay.default" , 1 ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable autoplay of HTML5 media if you interacted with the site
user _pref ( "media.autoplay.enabled.user-gestures-needed" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable audio autoplay in non-active tabs
// https://www.ghacks.net/2016/11/14/firefox-51-blocks-automatic-audio-playback-in-non-active-tabs/
user _pref ( "media.block-autoplay-until-in-foreground" , true ) ;
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2019-04-25 16:58:17 +00:00
// Section : Location Bar / Search Bar / Suggestions / History / Forms
// >>>>>>>>>>>>>>>>>>>>
2019-05-07 08:26:05 +00:00
// Pref : Do not submit invalid URIs entered in the address bar to the default search engine
// http://kb.mozillazine.org/Keyword.enabled
user _pref ( "keyword.enabled" , true ) ; // [DEFAULT: true]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-25 16:58:17 +00:00
// Pref : Don't try to guess domain names when entering an invalid domain name in URL bar
// http://www-archive.mozilla.org/docs/end-user/domain-guessing.html
user _pref ( "browser.fixup.alternate.enabled" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-25 16:58:17 +00:00
// Pref : Don't trim HTTP off of URLs in the address bar
// https://bugzilla.mozilla.org/show_bug.cgi?id=665580
user _pref ( "browser.urlbar.trimURLs" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-25 16:58:17 +00:00
// Pref : Limit history leaks via enumeration (PER TAB: back/forward)
// This is a PER TAB session history. You still have a full history stored under all history
2019-05-02 09:06:56 +00:00
// Minimum=1=currentpage, 2 is the recommended minimum as some pages use it as a means of referral (e.g. hotlinking), 4 or 6 or 10 may be more practical
user _pref ( "browser.sessionhistory.max_entries" , 8 ) ; // [DEFAULT: 50]
// -------------------------------------
2019-04-25 16:58:17 +00:00
// Pref : Disable CSS querying page history - CSS history leak
// [NOTE] This has NEVER been fully "resolved": in Mozilla/docs it is stated it's only in 'certain circumstances'
// [TEST] http://lcamtuf.coredump.cx/yahh/ (see github wiki APPENDIX C on how to use)
// https://dbaron.org/mozilla/visited-privacy
// https://bugzilla.mozilla.org/147777
// https://developer.mozilla.org/docs/Web/CSS/Privacy_and_the_:visited_selector
user _pref ( "layout.css.visited_links_enabled" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-25 16:58:17 +00:00
// Pref : Disable search bar LIVE search suggestions
2019-05-02 09:06:56 +00:00
user _pref ( "browser.search.suggest.enabled" , false ) ;
// -------------------------------------
2019-04-25 16:58:17 +00:00
// Pref : Disable search and form history
// [NOTE] You can clear formdata on exiting Firefox
user _pref ( "browser.formfill.enable" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-25 16:58:17 +00:00
// Pref : Disable date/time picker
2019-04-26 00:08:12 +00:00
// [WARNING] This can leak your locale if not en-US
2019-04-25 16:58:17 +00:00
// https://trac.torproject.org/projects/tor/ticket/21787
2019-04-26 00:08:12 +00:00
// user_pref("dom.forms.datetime", false);
2019-04-25 16:58:17 +00:00
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2019-04-24 23:38:24 +00:00
// Section : Security
// >>>>>>>>>>>>>>>>>>>>
// Pref : Blocking GD Parking Scam Site
user _pref ( "network.dns.localDomains" , "librefox.com" ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-06 07:59:33 +00:00
// Pref : Enable HSTS preload list (pre-set HSTS sites list provided by Mozilla)
2019-04-24 23:38:24 +00:00
// https://blog.mozilla.org/security/2012/11/01/preloading-hsts/
// https://wiki.mozilla.org/Privacy/Features/HSTS_Preload_List
// https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
2019-05-06 07:59:33 +00:00
user _pref ( "network.stricttransportsecurity.preloadlist" , true ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable insecure TLS version fallback
// https://bugzilla.mozilla.org/show_bug.cgi?id=1084025
// https://github.com/pyllyukko/user.js/pull/206#issuecomment-280229645
user _pref ( "security.tls.version.fallback-limit" , 3 ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Only allow TLS 1.[0-3]
// http://kb.mozillazine.org/Security.tls.version.*
user _pref ( "security.tls.version.min" , 2 ) ;
2019-05-07 08:26:05 +00:00
// -------------------------------------
// Pref : Enable CSP 1.1 script-nonce directive support
// https://bugzilla.mozilla.org/show_bug.cgi?id=855326
user _pref ( "security.csp.experimentalEnabled" , true ) ;
// -------------------------------------
// Pref : Enable OCSP Must-Staple support
// https://blog.mozilla.org/security/2015/11/23/improving-revocation-ocsp-must-staple-and-short-lived-certificates/
// https://www.entrust.com/ocsp-must-staple/
// https://github.com/schomery/privacy-settings/issues/40
// [NOTE] Firefox falls back on plain OCSP when must-staple is not configured on the host certificate
user _pref ( "security.ssl.enable_ocsp_must_staple" , true ) ;
2019-04-24 23:38:24 +00:00
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2019-04-27 09:27:34 +00:00
// Section : Block Implicit Outbound
2019-04-24 23:38:24 +00:00
// >>>>>>>>>>>>>>>>>>>>
2019-04-27 09:27:34 +00:00
// Pref : Disable prefetching of <link rel="next"> URLs
2019-05-02 09:06:56 +00:00
// Link prefetching is when a webpage hints to the browser that certain pages are likely to be visited, so the browser downloads them immediately so they can be displayed immediately when the user requests it.
2019-04-27 09:27:34 +00:00
// http://kb.mozillazine.org/Network.prefetch-next
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ#Is_there_a_preference_to_disable_link_prefetching.3F
user _pref ( "network.prefetch-next" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable DNS prefetching
// http://kb.mozillazine.org/Network.dns.disablePrefetch
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Controlling_DNS_prefetching
user _pref ( "network.dns.disablePrefetch" , true ) ;
2019-05-07 08:26:05 +00:00
user _pref ( "network.dns.disablePrefetchFromHTTPS" , true ) ; // [HIDDEN PREF]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-27 09:27:34 +00:00
// Pref : Disable speculative pre-connections
// Disable prefetch link on hover.
// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_speculative-pre-connections
// https://bugzilla.mozilla.org/show_bug.cgi?id=814169
user _pref ( "network.http.speculative-parallel-limit" , 0 ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-27 09:27:34 +00:00
// Pref : Disable pinging URIs specified in HTML <a> ping= attributes
// http://kb.mozillazine.org/Browser.send_pings
user _pref ( "browser.send_pings" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-27 09:27:34 +00:00
// Pref : When browser pings are enabled, only allow pinging the same host as the origin page
// http://kb.mozillazine.org/Browser.send_pings.require_same_host
user _pref ( "browser.send_pings.require_same_host" , true ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-27 09:27:34 +00:00
// Pref : Disable predictor / prefetching
// Network predicator load pages before they are opened with mose hover for example
2019-05-01 09:22:54 +00:00
user _pref ( "network.predictor.enabled" , false ) ;
user _pref ( "network.predictor.cleaned-up" , true ) ;
2019-04-27 09:27:34 +00:00
user _pref ( "network.predictor.enable-prefetch" , false ) ;
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2019-05-07 08:26:05 +00:00
// Section : HTTP* / TCP/IP / DNS / PROXY / SOCKS etc.
2019-04-27 09:27:34 +00:00
// >>>>>>>>>>>>>>>>>>>>
// Pref : Disable IPv6
// If your OS or ISP does not support IPv6, there is no reason to have this preference set to false.
user _pref ( "network.dns.disableIPv6" , true ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-27 09:27:34 +00:00
// Pref : Disable HTTP2 (which was based on SPDY which is now deprecated)
// HTTP2 raises concerns with "multiplexing" and "server push", does nothing to enhance privacy, and in fact opens up a number of server-side fingerprinting opportunities.
// [SETUP-PERF] Relax this if you have FPI enabled and you understand the consequences. FPI isolates these, but it was designed with the Tor protocol in mind, and the Tor Browser has extra protection, including enhanced sanitizing per Identity.
// https://http2.github.io/faq/
// https://blog.scottlogic.com/2014/11/07/http-2-a-quick-look.html
// https://queue.acm.org/detail.cfm?id=2716278
// https://github.com/ghacksuserjs/ghacks-user.js/issues/107
// user_pref("network.http.spdy.enabled", false);
// user_pref("network.http.spdy.enabled.deps", false);
// user_pref("network.http.spdy.enabled.http2", false);
// user_pref("network.http.spdy.websockets", false);
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-27 09:27:34 +00:00
// Pref : Disable HTTP Alternative Services
// [SETUP-PERF] Relax this if you have FPI enabled and you understand the consequences. FPI isolates these, but it was designed with the Tor protocol in mind, and the Tor Browser has extra protection, including enhanced sanitizing per Identity.
// https://tools.ietf.org/html/rfc7838#section-9
// https://www.mnot.net/blog/2016/03/09/alt-svc
// user_pref("network.http.altsvc.enabled", false);
// user_pref("network.http.altsvc.oe", false);
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-27 09:27:34 +00:00
// Pref : Enforce the proxy server to do any DNS lookups when using SOCKS
// e.g. in Tor, this stops your local DNS server from knowing your Tor destination as a remote Tor node will handle the DNS request
// http://kb.mozillazine.org/Network.proxy.socks_remote_dns
// https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/WebBrowsers
2019-05-04 17:30:35 +00:00
user _pref ( "network.proxy.socks_remote_dns" , true ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-27 09:27:34 +00:00
// Pref : Remove paths when sending URLs to PAC scripts
// CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC)
// https://bugzilla.mozilla.org/1255474
user _pref ( "network.proxy.autoconfig_url.include_path" , false ) ; // [DEFAULT: false]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable (or setup) DNS-over-HTTPS (DoH)
// TRR = Trusted Recursive Resolver
// .mode: 0=off, 1=race, 2=TRR first, 3=TRR only, 4=race for stats, but always use native result
// [WARNING] DoH bypasses hosts and gives info to yet another party (e.g. Cloudflare)
2019-05-02 09:06:56 +00:00
// [BUG] This seem to disable socks_remote_dns ?! need to check with wireshark
// If true, just settings urls to null should be enough to disable without impacting socks_remote_dns.
2019-04-24 23:38:24 +00:00
// https://www.ghacks.net/2018/04/02/configure-dns-over-https-in-firefox/
// https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/
user _pref ( "network.trr.mode" , 0 ) ;
user _pref ( "network.trr.bootstrapAddress" , "" ) ;
user _pref ( "network.trr.uri" , "" ) ;
2019-05-07 08:26:05 +00:00
// -------------------------------------
// Pref : Enable Subresource Integrity
// https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity
// https://wiki.mozilla.org/Security/Subresource_Integrity
user _pref ( "security.sri.enable" , true ) ; // [DEFAULT: true]
2019-04-27 09:27:34 +00:00
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2019-04-28 23:52:16 +00:00
// Section : HTTPS (SSL/TLS / OCSP / Certs / HPKP / Ciphers)
// >>>>>>>>>>>>>>>>>>>>
// Pref : Disable old SSL/TLS "insecure" renegotiation (vulnerable to a MiTM attack)
// [SETUP-WEB] <2% of secure sites do NOT support the newer "secure" renegotiation
// https://wiki.mozilla.org/Security:Renegotiation
// https://www.ssllabs.com/ssl-pulse/
user _pref ( "security.ssl.require_safe_negotiation" , true ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Control TLS versions with min and max
// 1=TLS 1.0, 2=TLS 1.1, 3=TLS 1.2, 4=TLS 1.3
// [NOTE] Jul-2017: Telemetry indicates approx 2% of TLS web traffic uses 1.0 or 1.1
// http://kb.mozillazine.org/Security.tls.version.*
// https://www.ssl.com/how-to/turn-off-ssl-3-0-and-tls-1-0-in-your-browser/
// archived: https://archive.is/hY2Mm
user _pref ( "security.tls.version.min" , 3 ) ;
user _pref ( "security.tls.version.max" , 4 ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Disable SSL Error Reporting
// https://firefox-source-docs.mozilla.org/browser/base/sslerrorreport/preferences.html
user _pref ( "security.ssl.errorReporting.enabled" , false ) ;
user _pref ( "security.ssl.errorReporting.automatic" , false ) ;
user _pref ( "security.ssl.errorReporting.url" , "" ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-07 08:26:05 +00:00
// Pref : Disable SSL session tracking
// SSL Session IDs are unique, last up to 24hrs in Firefox, and can be used for tracking
// https://tools.ietf.org/html/rfc5077
// https://bugzilla.mozilla.org/967977
// https://arxiv.org/abs/1810.07304
user _pref ( "security.ssl.disable_session_identifiers" , true ) ; // [DEFAULT: true] // [HIDDEN PREF]
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Disable TLS1.3 0-RTT (round-trip time)
// https://github.com/tlswg/tls13-spec/issues/1001
// https://blog.cloudflare.com/tls-1-3-overview-and-q-and-a/
user _pref ( "security.tls.enable_0rtt_data" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-04 17:30:35 +00:00
// Pref : Require a valid OCSP response for OCSP enabled certificates
// https://groups.google.com/forum/#!topic/mozilla.dev.security/n1G-N2-HTVA
// Disabling this will make OCSP bypassable by MitM attacks suppressing OCSP responses
// [NOTE] `security.OCSP.require` will make the connection fail when the OCSP responder is unavailable
// [NOTE] `security.OCSP.require` is known to break browsing on some [captive portals](https://en.wikipedia.org/wiki/Captive_portal)
user _pref ( "security.OCSP.require" , true ) ;
// -------------------------------------
// Pref : Enable OSCP (Online Certificate Status Protocol)
// https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol
// https://www.imperialviolet.org/2014/04/19/revchecking.html
// https://www.maikel.pro/blog/current-state-certificate-revocation-crls-ocsp/
// https://wiki.mozilla.org/CA:RevocationPlan
// https://wiki.mozilla.org/CA:ImprovingRevocation
// https://wiki.mozilla.org/CA:OCSP-HardFail
// https://news.netcraft.com/archives/2014/04/24/certificate-revocation-why-browsers-remain-affected-by-heartbleed.html
// https://news.netcraft.com/archives/2013/04/16/certificate-revocation-and-the-performance-of-ocsp.html
// [NOTE] OCSP leaks your IP and domains you visit to the CA when OCSP Stapling is not available on visited host
// [NOTE] OCSP is vulnerable to replay attacks when nonce is not configured on the OCSP responder
// [NOTE] OCSP adds latency (performance)
// [NOTE] Short-lived certificates are not checked for revocation (security.pki.cert_short_lifetime_in_days, default:10)
// CIS Version 1.2.0 October 21st, 2011 2.2.4
2019-04-28 23:52:16 +00:00
user _pref ( "security.OCSP.enabled" , 0 ) ;
2019-05-04 17:30:35 +00:00
// -------------------------------------
// Pref : Enable OCSP Stapling support
// Stapling have the site itself proof that his certificate is good through the CA so apparently nothing is leaked in this case.
// https://en.wikipedia.org/wiki/OCSP_stapling
// https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/
2019-04-28 23:52:16 +00:00
user _pref ( "security.ssl.enable_ocsp_stapling" , true ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Disallow SHA-1
// 0=all SHA1 certs are allowed
// 1=all SHA1 certs are blocked
// 2=deprecated option that now maps to 1
// 3=only allowed for locally-added roots (e.g. anti-virus)
// 4=only allowed for locally-added roots or for certs in 2015 and earlier
// https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/
// https://bugzilla.mozilla.org/show_bug.cgi?id=1302140
// https://shattered.io/
user _pref ( "security.pki.sha1_enforcement_level" , 1 ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Disable Windows 8.1's Microsoft Family Safety cert
// 0=disable detecting Family Safety mode and importing the root
// 1=only attempt to detect Family Safety mode (don't import the root)
// 2=detect Family Safety mode and import the root
// https://trac.torproject.org/projects/tor/ticket/21686
user _pref ( "security.family_safety.mode" , 0 ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Enfore Public Key Pinning
// https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning
// https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning
// 2= strict (pinning is always enforced)
user _pref ( "security.cert_pinning.enforcement_level" , 2 ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Disable insecure active content on https pages
// https://trac.torproject.org/projects/tor/ticket/21323
user _pref ( "security.mixed_content.block_active_content" , true ) ; // [DEFAULT: true]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Disable insecure passive content (such as images) on https pages
user _pref ( "security.mixed_content.upgrade_display_content" , true ) ;
user _pref ( "security.mixed_content.block_display_content" , true ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Block unencrypted requests from Flash on encrypted pages to mitigate MitM attacks
// https://bugzilla.mozilla.org/1190623
user _pref ( "security.mixed_content.block_object_subrequest" , true ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Disable 3DES (effective key size < 128)
// https://en.wikipedia.org/wiki/3des#Security
// http://en.citizendium.org/wiki/Meet-in-the-middle_attack
// https://www-archive.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html
user _pref ( "security.ssl3.rsa_des_ede3_sha" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Disable 128 bits
user _pref ( "security.ssl3.ecdhe_ecdsa_aes_128_sha" , false ) ;
user _pref ( "security.ssl3.ecdhe_rsa_aes_128_sha" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-07 08:26:05 +00:00
// Pref : Enable GCM ciphers (TLSv1.2 only)
// https://en.wikipedia.org/wiki/Galois/Counter_Mode
user _pref ( "security.ssl3.ecdhe_rsa_aes_128_gcm_sha256" , true ) ; // [DEFAULT: true]
user _pref ( "security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256" , true ) ; // [DEFAULT: true]
// -------------------------------------
// Pref : Enable ciphers with ECDHE and key size > 128bits
user _pref ( "security.ssl3.ecdhe_rsa_aes_256_sha" , true ) ; // [DEFAULT: true]
user _pref ( "security.ssl3.ecdhe_ecdsa_aes_256_sha" , true ) ; // [DEFAULT: true]
// -------------------------------------
// Pref : Enable ChaCha20 and Poly1305
// https://www.mozilla.org/en-US/firefox/47.0/releasenotes/
// https://tools.ietf.org/html/rfc7905
// https://bugzilla.mozilla.org/show_bug.cgi?id=917571
// https://bugzilla.mozilla.org/show_bug.cgi?id=1247860
// https://cr.yp.to/chacha.html
user _pref ( "security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256" , true ) ;
user _pref ( "security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256" , true ) ;
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Disable DHE (Diffie-Hellman Key Exchange)
// https://www.eff.org/deeplinks/2015/10/how-to-protect-yourself-from-nsa-attacks-1024-bit-DH
user _pref ( "security.ssl3.dhe_rsa_aes_128_sha" , false ) ;
user _pref ( "security.ssl3.dhe_rsa_aes_256_sha" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-07 08:26:05 +00:00
// Pref : Fallbacks due compatibility reasons
user _pref ( "security.ssl3.rsa_aes_128_sha" , true ) ;
user _pref ( "security.ssl3.rsa_aes_256_sha" , true ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Warn the user when server doesn't support RFC 5746 ("safe" renegotiation)
// https://wiki.mozilla.org/Security:Renegotiation#security.ssl.treat_unsafe_negotiation_as_broken
// https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555
user _pref ( "security.ssl.treat_unsafe_negotiation_as_broken" , true ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Control "Add Security Exception" dialog on SSL warnings
// 0=do neither 1=pre-populate url 2=pre-populate url + pre-fetch cert (default)
// http://kb.mozillazine.org/Browser.ssl_override_behavior
// https://github.com/pyllyukko/user.js/issues/210
user _pref ( "browser.ssl_override_behavior" , 1 ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Display advanced information on Insecure Connection warning pages (only works when it's possible to add an exception), i.e. it doesn't work for HSTS discrepancies
// https://subdomain.preloaded-hsts.badssl.com/
// [TEST] https://expired.badssl.com/
user _pref ( "browser.xul.error_pages.expert_bad_cert" , true ) ;
2019-05-07 08:26:05 +00:00
// -------------------------------------
// Pref : Disable GIO as a potential proxy bypass vector
// Gvfs/GIO has a set of supported protocols like obex, network, archive, computer, dav, cdda, gphoto2, trash, etc. By default only smb and sftp protocols are accepted so far.
// https://bugzilla.mozilla.org/1433507
// https://trac.torproject.org/23044
// https://en.wikipedia.org/wiki/GVfs
// https://en.wikipedia.org/wiki/GIO_(software)
user _pref ( "network.gio.supported-protocols" , "" ) ; // [HIDDEN PREF]
2019-04-28 23:52:16 +00:00
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2019-04-27 09:27:34 +00:00
// Section : User Settings
// >>>>>>>>>>>>>>>>>>>>
2019-04-30 16:29:58 +00:00
// Pref : Disable DNT (Do Not Track)
2019-04-24 23:38:24 +00:00
user _pref ( "privacy.donottrackheader.enabled" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Set long press behaviour on "+ Tab" button to display container menu
// 0=disables long press, 1=when clicked, the menu is shown
// 2=the menu is shown after X milliseconds
// [NOTE] The menu does not contain a non-container tab option
// https://bugzilla.mozilla.org/1328756
user _pref ( "privacy.userContext.longPressBehavior" , 2 ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Enable Container Tabs setting in preferences
// https://bugzilla.mozilla.org/1279029
user _pref ( "privacy.userContext.ui.enabled" , true ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Enable Container Tabs
user _pref ( "privacy.userContext.enabled" , true ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Enable a private container for thumbnail loads
2019-04-28 23:52:16 +00:00
user _pref ( "privacy.usercontext.about_newtab_segregation.enabled" , true ) ; // [DEFAULT: true]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Set long press behaviour on "+ Tab" button to display container menu
// 0=disables long press, 1=when clicked, the menu is shown
// 2=the menu is shown after X milliseconds
// [NOTE] The menu does not contain a non-container tab option
// https://bugzilla.mozilla.org/1328756
user _pref ( "privacy.userContext.longPressBehavior" , 2 ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Changing block list (Tracking protection)
// Default value "test-track-simple,base-track-digest256"
user _pref ( "urlclassifier.trackingTable" , "" ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Enable First Party Isolation
// [SETUP-WEB] May break cross-domain logins and site functionality until perfected
// https://bugzilla.mozilla.org/1260931
// Enabled via addons
user _pref ( "privacy.firstparty.isolate" , true ) ;
user _pref ( "privacy.firstparty.isolate.restrict_opener_access" , true ) ;
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Passwords
// >>>>>>>>>>>>>>>>>>>>
// Pref : Disable autofilling saved passwords on HTTP pages and show warning
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1217152,1319119
user _pref ( "signon.autofillForms.http" , false ) ;
user _pref ( "security.insecure_field_warning.contextual.enabled" , true ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
// Pref : Disable password manager
// CIS Version 1.2.0 October 21st, 2011 2.5.2
2019-04-24 23:38:24 +00:00
// [NOTE] This does not clear any passwords already saved
user _pref ( "signon.rememberSignons" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Set how often Firefox should ask for the master password
// 0=the first time (default), 1=every time it's needed, 2=every n minutes
user _pref ( "security.ask_for_password" , 2 ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-07 08:26:05 +00:00
// Pref : Set how often in minutes Firefox should ask for the master password
user _pref ( "security.password_lifetime" , 1 ) ; // [DEFAULT: 30]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable auto-filling username & password form fields
2019-05-02 09:06:56 +00:00
// Can leak in cross-site forms AND be spoofed.
2019-04-24 23:38:24 +00:00
// [NOTE] Password will still be auto-filled after a user name is manually entered
// http://kb.mozillazine.org/Signon.autofillForms
user _pref ( "signon.autofillForms" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable websites autocomplete
// Don't let sites dictate use of saved logins and passwords.
user _pref ( "signon.storeWhenAutocompleteOff" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable formless login capture
// https://bugzilla.mozilla.org/show_bug.cgi?id=1166947
user _pref ( "signon.formlessCapture.enabled" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Limit (or disable) HTTP authentication credentials dialogs triggered by sub-resources
// Hardens against potential credentials phishing
// 0=don't allow sub-resources to open HTTP authentication credentials dialogs
// 1=don't allow cross-origin sub-resources to open HTTP authentication credentials dialogs
// 2=allow sub-resources to open HTTP authentication credentials dialogs (default)
2019-05-02 09:06:56 +00:00
// https://www.fxsitecompat.com/en-CA/docs/2015/http-auth-dialog-can-no-longer-be-triggered-by-cross-origin-resources/
2019-04-24 23:38:24 +00:00
user _pref ( "network.auth.subresource-http-auth-allow" , 1 ) ;
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2019-04-27 09:27:34 +00:00
// Section : Window Meddling & Leaks / Popups
// >>>>>>>>>>>>>>>>>>>>
// Pref : Prevent websites from disabling new window features
// http://kb.mozillazine.org/Prevent_websites_from_disabling_new_window_features
user _pref ( "dom.disable_window_open_feature.close" , true ) ; // [DEFAULT: false]
user _pref ( "dom.disable_window_open_feature.location" , true ) ; // [DEFAULT: false]
user _pref ( "dom.disable_window_open_feature.menubar" , true ) ; // [DEFAULT: false]
user _pref ( "dom.disable_window_open_feature.minimizable" , true ) ; // [DEFAULT: false]
user _pref ( "dom.disable_window_open_feature.personalbar" , true ) ; // [DEFAULT: false]
user _pref ( "dom.disable_window_open_feature.resizable" , true ) ; // [DEFAULT: true]
user _pref ( "dom.disable_window_open_feature.status" , true ) ; // [DEFAULT: true]
user _pref ( "dom.disable_window_open_feature.titlebar" , true ) ; // [DEFAULT: false]
user _pref ( "dom.disable_window_open_feature.toolbar" , true ) ; // [DEFAULT: false]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-27 09:27:34 +00:00
// Pref : Prevent scripts from moving and resizing open windows
user _pref ( "dom.disable_window_move_resize" , true ) ; // [DEFAULT: true]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-27 09:27:34 +00:00
// Pref : Open links targeting new windows in a new tab instead
// This stops malicious window sizes and some screen resolution leaks.
// You can still right-click a link and open in a new window.
// [TEST] https://people.torproject.org/~gk/misc/entire_desktop.html
// https://trac.torproject.org/projects/tor/ticket/9881
2019-04-27 17:36:54 +00:00
user _pref ( "browser.link.open_newwindow" , 3 ) ; // [DEFAULT: 3]
2019-04-27 09:27:34 +00:00
user _pref ( "browser.link.open_newwindow.restriction" , 0 ) ; // [DEFAULT: 0]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-27 09:27:34 +00:00
// Pref : Disable Fullscreen API (requires user interaction) to prevent screen-resolution leaks
// [NOTE] You can still manually toggle the browser's fullscreen state, but this pref will disable embedded video fullscreen controls, e.g. youtube
// [TEST] https://developer.mozilla.org/samples/domref/fullscreen.html
// user_pref("full-screen-api.enabled", false);
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-27 09:27:34 +00:00
// Pref : Block popup windows
user _pref ( "dom.disable_open_during_load" , true ) ; // [DEFAULT: true]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-27 09:27:34 +00:00
// Pref : Set max popups from a single non-click event
2019-05-06 07:59:33 +00:00
// [NOTE] Non-click events should never spawn a popup?
// http://kb.mozillazine.org/Dom.popup_maximum
user _pref ( "dom.popup_maximum" , 0 ) ; // [DEFAULT: 20]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-27 09:27:34 +00:00
// Pref : Limit events that can cause a popup
// http://kb.mozillazine.org/Dom.popup_allowed_events
user _pref ( "dom.popup_allowed_events" , "click dblclick" ) ; // [DEFAULT: "change click dblclick mouseup pointerup notificationclick reset submit touchend"]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2019-04-24 23:38:24 +00:00
// Section : Cache / Session (Re)Store / Favicons
// >>>>>>>>>>>>>>>>>>>>
2019-05-02 09:06:56 +00:00
// [INTRO] ETAG and other cache tracking/fingerprinting techniques can be averted by disabling *BOTH* disk and memory cache. ETAGs can also be neutralized by modifying response headers. Another solution is to use a hardened configuration with Temporary Containers. Alternatively, you can *LIMIT* exposure by clearing cache on close. Or on a regular basis manually or with an extension.
2019-04-24 23:38:24 +00:00
// https://en.wikipedia.org/wiki/HTTP_ETag#Tracking_using_ETags
// https://robertheaton.com/2014/01/20/cookieless-user-tracking-for-douchebags/
// https://www.grepular.com/Preventing_Web_Tracking_via_the_Browser_Cache
// https://github.com/ghacksuserjs/ghacks-user.js/wiki/4.2.4-Header-Editor
// https://medium.com/@stoically/enhance-your-privacy-in-firefox-with-temporary-containers-33925cd6cd21
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable disk cache
user _pref ( "browser.cache.disk.enable" , false ) ;
user _pref ( "browser.cache.disk.smart_size.enabled" , false ) ;
user _pref ( "browser.cache.disk.smart_size.first_run" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable disk cache for SSL pages
2019-05-04 17:30:35 +00:00
// http://kb.mozillazine.org/Browser.cache.disk_cache_ssl
2019-04-24 23:38:24 +00:00
user _pref ( "browser.cache.disk_cache_ssl" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable memory cache
// [NOTE] Not recommended due to performance issues
// user_pref("browser.cache.memory.enable", false);
// user_pref("browser.cache.memory.capacity", 0);
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable fastback cache
// To improve performance when pressing back/forward Firefox stores visited pages so they don't have to be re-parsed. This is not the same as memory cache.
// 0=none, -1=auto (that's minus 1).
// [WARNING] Not recommended unless you know what you're doing
// http://kb.mozillazine.org/Browser.sessionhistory.max_total_viewers
// user_pref("browser.sessionhistory.max_total_viewers", 0);
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Exclude "Undo Closed Tabs" in Session Restore
2019-04-26 00:08:12 +00:00
user _pref ( "browser.sessionstore.max_tabs_undo" , 0 ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable storing extra session data
// Extra session data contains contents of forms, scrollbar positions, cookies and POST data
// Define on which sites to save extra session data:
// 0=everywhere, 1=unencrypted sites, 2=nowhere
user _pref ( "browser.sessionstore.privacy_level" , 2 ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable resuming session from crash
// user_pref("browser.sessionstore.resume_from_crash", false);
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Set the minimum interval between session save operations
2019-05-02 09:06:56 +00:00
// Increasing this can help on older machines and some websites, as well as reducing writes. Default is 15000 (15 secs). Try 30000 (30 secs), 60000 (1 min) etc.
// This can also affect entries in the "Recently Closed Tabs" feature: i.e. the longer the interval the more chance a quick tab open/close won't be captured.
2019-04-24 23:38:24 +00:00
// This longer interval *may* affect history but we cannot replicate any history not recorded
// https://bugzilla.mozilla.org/1304389
user _pref ( "browser.sessionstore.interval" , 30000 ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable favicons in web notifications
user _pref ( "alerts.showFavicons" , false ) ;
2019-05-07 08:26:05 +00:00
// -------------------------------------
// Pref : Delete Search and Form History
// CIS Version 1.2.0 October 21st, 2011 2.5.6
user _pref ( "browser.formfill.expire_days" , 0 ) ;
2019-04-24 23:38:24 +00:00
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Geolocation
// >>>>>>>>>>>>>>>>>>>>
// Pref : Disable location
user _pref ( "geo.enabled" , false ) ;
2019-05-01 09:22:54 +00:00
user _pref ( "geo.wifi.xhr.timeout" , - 1 ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable GeoIP lookup on your address to set default search engine region
// https://trac.torproject.org/projects/tor/ticket/16254
// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_geolocation-for-default-search-engine
2019-05-07 08:26:05 +00:00
user _pref ( "browser.search.countryCode" , "US" ) ; // [HIDDEN PREF]
2019-04-24 23:38:24 +00:00
user _pref ( "browser.search.region" , "US" ) ;
user _pref ( "browser.search.geoip.url" , "" ) ;
2019-05-01 09:22:54 +00:00
user _pref ( "browser.search.geoip.timeout" , - 1 ) ;
2019-04-24 23:38:24 +00:00
user _pref ( "browser.search.geoSpecificDefaults.url" , "" ) ;
user _pref ( "browser.snippets.geoUrl" , "" ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-04 17:30:35 +00:00
// Pref : Set language to match
2019-04-24 23:38:24 +00:00
user _pref ( "intl.accept_languages" , "en-US, en" ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Use APP locale over OS locale in regional preferences
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1379420,1364789
user _pref ( "intl.regional_prefs.use_os_locales" , false ) ;
2019-05-07 08:26:05 +00:00
// -------------------------------------
// Pref : Enforce US English locale regardless of the system locale
// https://bugzilla.mozilla.org/867501
user _pref ( "javascript.use_us_english_locale" , true ) ; // [HIDDEN PREF]
2019-04-24 23:38:24 +00:00
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Fonts
// >>>>>>>>>>>>>>>>>>>>>>
// Pref : Disable websites choosing fonts (0=block, 1=allow)
// If you disallow fonts, this drastically limits/reduces font enumeration (by JS) which is a high entropy fingerprinting vector.
// [NOTE] Disabling fonts can uglify the web a fair bit.
user _pref ( "browser.display.use_document_fonts" , 0 ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-04 17:30:35 +00:00
// Pref : Set more legible default fonts
2019-04-24 23:38:24 +00:00
// [NOTE] Example below for Windows/Western only
// user_pref("font.name.serif.x-unicode", "Georgia");
2019-04-28 23:52:16 +00:00
// user_pref("font.name.serif.x-western", "Georgia"); // [DEFAULT: Times New Roman]
2019-04-24 23:38:24 +00:00
// user_pref("font.name.sans-serif.x-unicode", "Arial");
2019-04-28 23:52:16 +00:00
// user_pref("font.name.sans-serif.x-western", "Arial"); // [DEFAULT: Arial]
2019-04-24 23:38:24 +00:00
// user_pref("font.name.monospace.x-unicode", "Lucida Console");
2019-04-28 23:52:16 +00:00
// user_pref("font.name.monospace.x-western", "Lucida Console"); // [DEFAULT: Courier New]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-04 17:30:35 +00:00
// Pref : Disable icon fonts (glyphs) and local fallback rendering
2019-04-24 23:38:24 +00:00
// https://bugzilla.mozilla.org/789788
// https://trac.torproject.org/projects/tor/ticket/8455
user _pref ( "gfx.downloadable_fonts.enabled" , false ) ;
user _pref ( "gfx.downloadable_fonts.fallback_delay" , - 1 ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-04 17:30:35 +00:00
// Pref : Disable rendering of SVG OpenType fonts
2019-04-24 23:38:24 +00:00
// https://wiki.mozilla.org/SVGOpenTypeFonts - iSECPartnersReport recommends to disable this
user _pref ( "gfx.font_rendering.opentype_svg.enabled" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-04 17:30:35 +00:00
// Pref : Disable WOFF2 (Web Open Font Format)
2019-04-24 23:38:24 +00:00
user _pref ( "gfx.downloadable_fonts.woff2.enabled" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-04 17:30:35 +00:00
// Pref : Disable CSS Font Loading API
2019-04-24 23:38:24 +00:00
// [NOTE] Disabling fonts can uglify the web a fair bit.
user _pref ( "layout.css.font-loading-api.enabled" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-04 17:30:35 +00:00
// Pref : Disable special underline handling for a few fonts which you will probably never use
2019-04-24 23:38:24 +00:00
// Any of these fonts on your system can be enumerated for fingerprinting.
// http://kb.mozillazine.org/Font.blacklist.underline_offset
user _pref ( "font.blacklist.underline_offset" , "" ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-04 17:30:35 +00:00
// Pref : Disable graphite which turned back on by default
2019-04-24 23:38:24 +00:00
// https://www.mozilla.org/security/advisories/mfsa2017-15/#CVE-2017-7778
user _pref ( "gfx.font_rendering.graphite.enabled" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-04 17:30:35 +00:00
// Pref : Limit system font exposure to a whitelist [RESTART]
2019-04-24 23:38:24 +00:00
// If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed.
// [WARNING] Creating your own probably highly-unique whitelist will raise your entropy. Eventually privacy.resistFingerprinting will cover this.
// https://bugzilla.mozilla.org/1121643
// user_pref("font.system.whitelist", "");
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Plugins
// >>>>>>>>>>>>>>>>>>>>
2019-05-04 17:30:35 +00:00
// Pref : Set default plugin state (i.e. new plugins on discovery) to never activate
2019-04-24 23:38:24 +00:00
// 0=disabled, 1=ask to activate, 2=active - you can override individual plugins
user _pref ( "plugin.default.state" , 0 ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Enable plugins click-to-play
// https://wiki.mozilla.org/Firefox/Click_To_Play
// https://blog.mozilla.org/security/2012/10/11/click-to-play-plugins-blocklist-style/
user _pref ( "plugins.click_to_play" , true ) ;
user _pref ( "plugin.sessionPermissionNow.intervalInMinutes" , 0 ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable all GMP (Gecko Media Plugins)
user _pref ( "media.gmp-provider.enabled" , false ) ;
user _pref ( "media.gmp-manager.certs.1.issuerName" , "" ) ;
user _pref ( "media.gmp-manager.certs.1.commonName" , "" ) ;
user _pref ( "media.gmp-manager.certs.2.issuerName" , "" ) ;
user _pref ( "media.gmp-manager.certs.2.commonName" , "" ) ;
user _pref ( "media.gmp-manager.url" , "data:text/plain," ) ;
user _pref ( "media.gmp-manager.url.override" , "data:text/plain," ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable all DRM content (EME: Encryption Media Extension)
// https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next
user _pref ( "media.eme.enabled" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable the OpenH264 Video Codec by Cisco to "Never Activate".
// This is the bundled codec used for video chat in WebRTC.
user _pref ( "media.gmp-gmpopenh264.enabled" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-01 09:22:54 +00:00
// Pref : Disable widevine CDM (Content Decryption Module)
user _pref ( "media.mediadrm-widevinecdm.visible" , false ) ; // [DEFAULT: true]
2019-04-24 23:38:24 +00:00
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Blocklists / Safe Browsing / Tracking Protection
// >>>>>>>>>>>>>>>>>>>>
// Pref : Enable add-on and certificate blocklists (OneCRL) from Mozilla
2019-05-04 17:30:35 +00:00
// https://wiki.mozilla.org/Blocklisting
// https://blocked.cdn.mozilla.net/
// http://kb.mozillazine.org/Extensions.blocklist.enabled
// http://kb.mozillazine.org/Extensions.blocklist.url
// https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl/
// Updated at interval defined in extensions.blocklist.interval (default: 86400)
user _pref ( "extensions.blocklist.enabled" , true ) ;
// -------------------------------------
// Pref : Decrease system information leakage to Mozilla blocklist update servers
// https://trac.torproject.org/projects/tor/ticket/16931
// https://www.reddit.com/r/firefox/comments/9v5lue/firefox_tip_sanitize_firefox_blocklist_url_so_it/
user _pref ( "extensions.blocklist.url" , "https://blocklists.settings.services.mozilla.com/v1/blocklist/3/%20/%20/" ) ; // [URL SANITIZED]
// -------------------------------------
// Pref : Opt-out of add-on metadata updates
// https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/
user _pref ( "extensions.getAddons.cache.enabled" , false )
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable Google Safe Browsing (Block dangerous and deceptive contents)
user _pref ( "browser.safebrowsing.allowOverride" , false ) ;
user _pref ( "browser.safebrowsing.blockedURIs.enabled" , false ) ;
user _pref ( "browser.safebrowsing.debug" , false ) ;
user _pref ( "browser.safebrowsing.downloads.enabled" , false ) ;
user _pref ( "browser.safebrowsing.downloads.remote.block_dangerous" , false ) ;
user _pref ( "browser.safebrowsing.downloads.remote.block_dangerous_host" , false ) ;
user _pref ( "browser.safebrowsing.downloads.remote.block_potentially_unwanted" , false ) ;
user _pref ( "browser.safebrowsing.downloads.remote.block_uncommon" , false ) ;
user _pref ( "browser.safebrowsing.downloads.remote.enabled" , false ) ;
user _pref ( "browser.safebrowsing.downloads.remote.url" , "" ) ;
2019-05-01 09:22:54 +00:00
user _pref ( "browser.safebrowsing.downloads.remote.timeout_ms" , - 1 ) ;
2019-04-24 23:38:24 +00:00
user _pref ( "browser.safebrowsing.id" , "" ) ;
user _pref ( "browser.safebrowsing.malware.enabled" , false ) ;
user _pref ( "browser.safebrowsing.passwords.enabled" , false ) ;
user _pref ( "browser.safebrowsing.phishing.enabled" , false ) ;
user _pref ( "browser.safebrowsing.provider.google.advisoryURL" , "" ) ;
user _pref ( "browser.safebrowsing.provider.google.pver" , "" ) ;
user _pref ( "browser.safebrowsing.provider.google.advisoryName" , "" ) ;
user _pref ( "browser.safebrowsing.provider.google.gethashURL" , "" ) ;
user _pref ( "browser.safebrowsing.provider.google.lists" , "" ) ;
user _pref ( "browser.safebrowsing.provider.google.reportMalwareMistakeURL" , "" ) ;
user _pref ( "browser.safebrowsing.provider.google.reportPhishMistakeURL" , "" ) ;
user _pref ( "browser.safebrowsing.provider.google.reportURL" , "" ) ;
user _pref ( "browser.safebrowsing.provider.google.updateURL" , "" ) ;
user _pref ( "browser.safebrowsing.provider.google4.advisoryName" , "" ) ;
user _pref ( "browser.safebrowsing.provider.google4.advisoryURL" , "" ) ;
user _pref ( "browser.safebrowsing.provider.google4.gethashURL" , "" ) ;
user _pref ( "browser.safebrowsing.provider.google4.lists" , "" ) ;
user _pref ( "browser.safebrowsing.provider.google4.reportMalwareMistakeURL" , "" ) ;
user _pref ( "browser.safebrowsing.provider.google4.reportPhishMistakeURL" , "" ) ;
user _pref ( "browser.safebrowsing.provider.google4.reportURL" , "" ) ;
user _pref ( "browser.safebrowsing.provider.google4.updateURL" , "" ) ;
user _pref ( "browser.safebrowsing.provider.google4.dataSharing.enabled" , false ) ;
user _pref ( "browser.safebrowsing.provider.google4.dataSharingURL" , "" ) ;
user _pref ( "browser.safebrowsing.provider.google4.gethashURL" , "" ) ;
user _pref ( "browser.safebrowsing.provider.google4.pver" , "" ) ;
user _pref ( "browser.safebrowsing.provider.mozilla.gethashURL" , "" ) ;
user _pref ( "browser.safebrowsing.provider.mozilla.lists" , "" ) ;
user _pref ( "browser.safebrowsing.provider.mozilla.lists.base" , "" ) ;
user _pref ( "browser.safebrowsing.provider.mozilla.lists.content" , "" ) ;
user _pref ( "browser.safebrowsing.provider.mozilla.nextupdatetime" , "" ) ;
user _pref ( "browser.safebrowsing.provider.mozilla.pver" , "" ) ;
user _pref ( "browser.safebrowsing.provider.mozilla.updateURL" , "" ) ;
user _pref ( "browser.safebrowsing.reportPhishURL" , "" ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable Mozilla's tracking protection and Flash blocklist updates
user _pref ( "browser.safebrowsing.provider.mozilla.lists.base" , "" ) ;
user _pref ( "browser.safebrowsing.provider.mozilla.lists.content" , "" ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable passive Tracking Protection
// Passive TP annotates channels to lower the priority of network loads for resources on the tracking protection list.
// [NOTE] It has no effect if TP is enabled, but keep in mind that by default TP is only enabled in Private Windows
// This is included for people who want to completely disable Tracking Protection.
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1170190,1141814
user _pref ( "privacy.trackingprotection.annotate_channels" , false ) ;
user _pref ( "privacy.trackingprotection.lower_network_priority" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable passive Tracking Protection in all windows
user _pref ( "privacy.trackingprotection.enabled" , false ) ;
user _pref ( "privacy.trackingprotection.pbmode.enabled" , false ) ;
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Persistent Storage
// >>>>>>>>>>>>>>>>>>>>
// Pref : Disable 3rd-party cookies and site-data
// [NOTE] Can breaks payment gateways
user _pref ( "network.cookie.cookieBehavior" , 1 ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Set third-party cookies (i.e ALL) (if enabled) to session-only and set third-party non-secure (i.e HTTP) cookies to session-only
// [NOTE] .sessionOnly overrides .nonsecureSessionOnly except when .sessionOnly=false and .nonsecureSessionOnly=true. This allows you to keep HTTPS cookies, but session-only HTTP ones
// https://feeding.cloud.geek.nz/posts/tweaking-cookies-for-privacy-in-firefox/
// http://kb.mozillazine.org/Network.cookie.thirdparty.sessionOnly
user _pref ( "network.cookie.thirdparty.sessionOnly" , true ) ;
user _pref ( "network.cookie.thirdparty.nonsecureSessionOnly" , true ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Delete cookies and site data on close
2019-05-07 08:26:05 +00:00
// 0=keep until they expire (default), 1=user is prompted, 2=keep until you close Firefox
2019-04-24 23:38:24 +00:00
// [NOTE] The setting below is disabled (but not changed) if you block all cookies
// user_pref("network.cookie.lifetimePolicy", 2);
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable HTTP sites setting cookies with the "secure" directive
// https://developer.mozilla.org/Firefox/Releases/52#HTTP
user _pref ( "network.cookie.leave-secure-alone" , true ) ; // [DEFAULT: true]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Enable support for same-site cookies
// https://bugzilla.mozilla.org/795346
// https://blog.mozilla.org/security/2018/04/24/same-site-cookies-in-firefox-60/
// https://www.sjoerdlangkemper.nl/2016/04/14/preventing-csrf-with-samesite-cookie-attribute/
user _pref ( "network.cookie.same-site.enabled" , true ) ; // [DEFAULT: true]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable DOM (Document Object Model) Storage
// [WARNING] This will break a LOT of sites' functionality AND extensions!
// You are better off using an extension for more granular control
// user_pref("dom.storage.enabled", false);
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-07 08:26:05 +00:00
// Pref : Disable IndexedDB
// https://developer.mozilla.org/en-US/docs/IndexedDB
// https://en.wikipedia.org/wiki/Indexed_Database_API
// https://wiki.mozilla.org/Security/Reviews/Firefox4/IndexedDB_Security_Review
// http://forums.mozillazine.org/viewtopic.php?p=13842047
// https://github.com/pyllyukko/user.js/issues/8
// [NOTE] IndexedDB could be used for tracking purposes, but is required for some add-ons to work (notably uBlock), so is left enabled
// user_pref("dom.indexedDB.enabled", false); // [DEFAULT: true]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Do not download URLs for the offline cache
// http://kb.mozillazine.org/Browser.cache.offline.enable
user _pref ( "browser.cache.offline.enable" , false ) ;
user _pref ( "browser.cache.offline.capacity" , 0 ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable offline cache on insecure sites
// https://blog.mozilla.org/security/2018/02/12/restricting-appcache-secure-contexts/
user _pref ( "browser.cache.offline.insecure.enable" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-04 17:30:35 +00:00
// Pref : Display a notification bar when websites offer data for offline use
2019-05-01 09:22:54 +00:00
// http://kb.mozillazine.org/Browser.offline-apps.notify
user _pref ( "browser.offline-apps.notify" , true ) ; // [DEFAULT: true]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Enforce websites to ask to store data for offline use
// https://support.mozilla.org/questions/1098540
// https://bugzilla.mozilla.org/959985
// user_pref("offline-apps.allow_by_default", false);
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable service workers cache and cache storage
// https://w3c.github.io/ServiceWorker/#privacy
user _pref ( "dom.caches.enabled" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable Storage API
// The API gives sites the ability to find out how much space they can use, how much they are already using, and even control whether or not they need to be alerted before the user agent disposes of site data in order to make room for other things.
// https://developer.mozilla.org/docs/Web/API/StorageManager
// https://developer.mozilla.org/docs/Web/API/Storage_API
// https://blog.mozilla.org/l10n/2017/03/07/firefox-l10n-report-aurora-54/
user _pref ( "dom.storageManager.enabled" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-24 23:38:24 +00:00
// Pref : Disable Storage Access API
// https://developer.mozilla.org/en-US/docs/Web/API/Storage_Access_API
user _pref ( "dom.storage_access.enabled" , false ) ;
2019-05-07 08:26:05 +00:00
// -------------------------------------
// Pref : Enforce websites to ask to store data for offline use
// https://support.mozilla.org/questions/1098540
// https://bugzilla.mozilla.org/959985
user _pref ( "offline-apps.allow_by_default" , false ) ; // [DEFAULT: true]
2019-04-24 23:38:24 +00:00
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2019-04-25 16:58:17 +00:00
// Section : Headers / Referers
// >>>>>>>>>>>>>>>>>>>>
// Pref : Control when images/links send a referer
// 0=never, 1=send only when links are clicked, 2=for links and images (default)
user _pref ( "network.http.sendRefererHeader" , 2 ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-25 16:58:17 +00:00
// Pref : Control the amount of information to send
// 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port
2019-04-26 00:08:12 +00:00
user _pref ( "network.http.referer.trimmingPolicy" , 2 ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-25 16:58:17 +00:00
// Pref : Control when to send a referer
// 0=always (default), 1=only if base domains match, 2=only if hosts match
2019-04-26 00:08:12 +00:00
user _pref ( "network.http.referer.XOriginPolicy" , 2 ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-25 16:58:17 +00:00
// Pref : Control the amount of information to send
// 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port
2019-04-26 00:08:12 +00:00
user _pref ( "network.http.referer.XOriginTrimmingPolicy" , 2 ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-25 16:58:17 +00:00
// Pref : Disable spoofing a referer
2019-04-26 00:08:12 +00:00
user _pref ( "network.http.referer.spoofSource" , true ) ; // [DEFAULT: false]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-26 00:08:12 +00:00
// Pref : Set the default Referrer Policy
2019-04-25 16:58:17 +00:00
// 0=no-referer, 1=same-origin, 2=strict-origin-when-cross-origin, 3=no-referrer-when-downgrade
// [NOTE] This is only a default, it can be overridden by a site-controlled Referrer Policy
// https://www.w3.org/TR/referrer-policy/
// https://developer.mozilla.org/docs/Web/HTTP/Headers/Referrer-Policy
// https://blog.mozilla.org/security/2018/01/31/preventing-data-leaks-by-stripping-path-information-in-http-referrers/
user _pref ( "network.http.referer.defaultPolicy" , 3 ) ; // [DEFAULT: 3]
user _pref ( "network.http.referer.defaultPolicy.pbmode" , 2 ) ; // [DEFAULT: 2]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-25 16:58:17 +00:00
// Pref : Hide (not spoof) referrer when leaving a .onion domain
// [NOTE] Firefox cannot access .onion sites by default. We recommend you use the Tor Browser which is specifically designed for hidden services
// https://bugzilla.mozilla.org/1305144
user _pref ( "network.http.referer.hideOnionSource" , true ) ; // [DEFAULT: false]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-07 08:26:05 +00:00
// Pref : Reject .onion hostnames before passing the to DNS
// https://bugzilla.mozilla.org/show_bug.cgi?id=1228457
user _pref ( "network.dns.blockDotOnion" , true ) ; // [DEFAULT: true]
// -------------------------------------
2019-04-25 16:58:17 +00:00
// Pref : Disable the DNT (Do Not Track) HTTP header
user _pref ( "privacy.donottrackheader.enabled" , false ) ; // [DEFAULT: true]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2019-04-28 23:52:16 +00:00
// Section : RFP (Resist Fingerprinting) / RFP Alternatives / APIs
2019-04-24 23:38:24 +00:00
// >>>>>>>>>>>>>>>>>>>>
// Pref : Enable hardening against various fingerprinting vectors (Tor Uplift project)
// https://wiki.mozilla.org/Security/Tor_Uplift/Tracking
// https://bugzilla.mozilla.org/show_bug.cgi?id=1333933
2019-04-28 23:52:16 +00:00
user _pref ( "privacy.resistFingerprinting" , true ) ; // [DEFAULT: false]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Disable WebRTC, getUserMedia, screen sharing, audio capture, video capture
// https://wiki.mozilla.org/Media/getUserMedia
// https://blog.mozilla.org/futurereleases/2013/01/12/capture-local-camera-and-microphone-streams-with-getusermedia-now-enabled-in-firefox/
// https://developer.mozilla.org/en-US/docs/Web/API/Navigator
user _pref ( "media.navigator.enabled" , false ) ;
user _pref ( "media.navigator.video.enabled" , false ) ;
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Spoof CPU Core
2019-05-02 09:06:56 +00:00
// [NOTE] *may* affect core performance, will affect content.
2019-04-28 23:52:16 +00:00
// Default settings seems to be the best
// https://bugzilla.mozilla.org/1008453
// https://trac.torproject.org/projects/tor/ticket/21675
// https://trac.torproject.org/projects/tor/ticket/22127
// https://html.spec.whatwg.org/multipage/workers.html#navigator.hardwareconcurrency
2019-05-02 09:06:56 +00:00
// user_pref("dom.maxHardwareConcurrency", 2);
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Disable resource timing API
// https://www.w3.org/TR/resource-timing/#privacy-security
user _pref ( "dom.enable_resource_timing" , false ) ; // [DEFAULT: true]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Disable DOM timing API
// https://wiki.mozilla.org/Security/Reviews/Firefox/NavigationTimingAPI
// https://www.w3.org/TR/navigation-timing/#privacy
user _pref ( "dom.enable_performance" , false ) ; // [DEFAULT: true]
user _pref ( "dom.enable_performance_navigation_timing" , false ) ; // [DEFAULT: true]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Disable sensor API
// https://trac.torproject.org/projects/tor/ticket/15758
// https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api/
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1357733,1292751
user _pref ( "device.sensors.enabled" , false ) ; // [DEFAULT: true]
2019-05-01 09:22:54 +00:00
user _pref ( "device.sensors.ambientLight.enabled" , false ) ; // [DEFAULT: false]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Disable gamepad API - USB device ID enumeration
// Optional protection depending on your connected devices
// https://trac.torproject.org/projects/tor/ticket/13023
user _pref ( "dom.gamepad.enabled" , false ) ; // [DEFAULT: true]
2019-04-30 16:29:58 +00:00
user _pref ( "dom.gamepad.extensions.enabled" , false ) ; // [DEFAULT: true]
user _pref ( "dom.gamepad.haptic_feedback.enabled" , false ) ; // [DEFAULT: false]
user _pref ( "dom.gamepad.test.enabled" , false ) ; // [DEFAULT: true]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Disable giving away network info
// e.g. bluetooth, cellular, ethernet, wifi, wimax, other, mixed, unknown, none
// https://developer.mozilla.org/docs/Web/API/Network_Information_API
// https://wicg.github.io/netinfo/
// https://bugzilla.mozilla.org/960426
user _pref ( "dom.netinfo.enabled" , false ) ; // [DEFAULT: true]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Disable the SpeechSynthesis (Text-to-Speech) part of the Web Speech API
// https://developer.mozilla.org/docs/Web/API/Web_Speech_API
// https://developer.mozilla.org/docs/Web/API/SpeechSynthesis
// https://wiki.mozilla.org/HTML5_Speech_API
user _pref ( "media.webspeech.synth.enabled" , false ) ; // [DEFAULT: false]
2019-05-04 17:30:35 +00:00
user _pref ( "media.webspeech.synth_force_global_queue" , false ) ; // [DEFAULT: false]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Disable video statistics - JS performance fingerprinting
// https://trac.torproject.org/projects/tor/ticket/15757
// https://bugzilla.mozilla.org/654550
user _pref ( "media.video_stats.enabled" , false ) ; // [DEFAULT: true]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-04 17:30:35 +00:00
// Pref : Force touch events enabled by default
// Fingerprinting attack vector - leaks screen res & actual screen coordinates.
2019-04-28 23:52:16 +00:00
// 0=disabled, 1=enabled, 2=autodetect
2019-05-04 17:30:35 +00:00
// This pref is set to 2 by default, which results in the Touch API being exposed only when touch hardware is present. So we should either set it to "1" (enable) or "0" (disable) to ensure that JS code can't fingerprint the user's hardware.
// [FENNEC - BUG] If disabled, unables you to copy or paste any text.
2019-04-28 23:52:16 +00:00
// https://developer.mozilla.org/docs/Web/API/Touch_events
// https://trac.torproject.org/projects/tor/ticket/10286
2019-04-30 16:29:58 +00:00
user _pref ( "dom.w3c_touch_events.enabled" , 1 ) ; // [DEFAULT: 2]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Disable MediaDevices change detection
// https://developer.mozilla.org/docs/Web/Events/devicechange
// https://developer.mozilla.org/docs/Web/API/MediaDevices/ondevicechange
user _pref ( "media.ondevicechange.enabled" , false ) ; // [DEFAULT: true]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Disable WebGL debug info being available to websites
// https://bugzilla.mozilla.org/1171228
// https://developer.mozilla.org/docs/Web/API/WEBGL_debug_renderer_info
user _pref ( "webgl.enable-debug-renderer-info" , false ) ; // [DEFAULT: true]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Disable PointerEvents
// https://developer.mozilla.org/en-US/docs/Web/API/PointerEvent
2019-04-30 16:29:58 +00:00
user _pref ( "dom.w3c_pointer_events.enabled" , false ) ; // [DEFAULT: false]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Disable WebGL debug info being available to websites
// https://bugzilla.mozilla.org/1171228
// https://developer.mozilla.org/docs/Web/API/WEBGL_debug_renderer_info
user _pref ( "webgl.enable-debug-renderer-info" , false ) ; // [DEFAULT: true]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Disable Battery Status API
// Initially a Linux issue (high precision readout) that was fixed.
// However, it is still another metric for fingerprinting, used to raise entropy.
// e.g. do you have a battery or not, current charging status, charge level, times remaining etc
// https://bugzilla.mozilla.org/1313580
user _pref ( "dom.battery.enabled" , false ) ; // [DEFAULT: true]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Disable virtual reality devices APIs
// https://developer.mozilla.org/en-US/Firefox/Releases/36#Interfaces.2FAPIs.2FDOM
// https://developer.mozilla.org/en-US/docs/Web/API/WebVR_API
user _pref ( "dom.vr.enabled" , false ) ; // [DEFAULT: true]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Disable hardware acceleration to reduce graphics fingerprinting
// [SETUP-PERF] Affects text rendering (fonts will look different), impacts video performance, and parts of Quantum that utilize the GPU will also be affected as they are rolled out
// https://wiki.mozilla.org/Platform/GFX/HardwareAcceleration
// user_pref("layers.acceleration.disabled", true); // [DEFAULT: false]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Disable Web Audio API
// https://bugzilla.mozilla.org/show_bug.cgi?id=1288359
user _pref ( "dom.webaudio.enabled" , false ) ; // [DEFAULT: true]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-04-28 23:52:16 +00:00
// Pref : Disable Media Capabilities API
// [SETUP-PERF] This *may* affect media performance if disabled, no one is sure
// https://github.com/WICG/media-capabilities
// https://wicg.github.io/media-capabilities/#security-privacy-considerations
// user_pref("media.media-capabilities.enabled", false); // [DEFAULT: true]
2019-05-01 09:22:54 +00:00
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Personal
// >>>>>>>>>>>>>>>>>>>>
// Pref : Enable "Always enable zoom" feature by default
// Just for a better experience
user _pref ( "browser.ui.zoom.force-user-scalable" , true ) ; // [DEFAULT: false]
2019-05-02 09:06:56 +00:00
// -------------------------------------
2019-05-01 09:22:54 +00:00
// Pref : Disable location bar autocomplete and suggestion types
// https://bugzilla.mozilla.org/1502392
// http://kb.mozillazine.org/Disabling_autocomplete_-_Firefox#Firefox_3.5
user _pref ( "browser.urlbar.autocomplete.enabled" , false ) ; // [DEFAULT: true]
2019-05-07 08:26:05 +00:00
// -------------------------------------
// Pref : Set bookmarks backups
// To compensate for the case of bookmarks being lost due to a system crash.
// http://kb.mozillazine.org/Browser.bookmarks.max_backups
user _pref ( "browser.bookmarks.max_backups" , 2 ) ; // [DEFAULT: 5]
2019-05-04 17:30:35 +00:00
//
//