forked from d3cim/mobile_user.js
Update 'user.js'
This commit is contained in:
parent
636e1d4d8d
commit
12a6436bfd
8
user.js
8
user.js
|
@ -1459,7 +1459,7 @@ user_pref("network.negotiate-auth.allow-insecure-ntlm-v1", false); // [DESKTOP]
|
|||
// Section : HTTPS (SSL/TLS / OCSP / Certs / HPKP / Ciphers)
|
||||
// >>>>>>>>>>>>>>>>>>>>
|
||||
// Pref : Enable HTTPS-only-mode [FF76+]
|
||||
// [SETTING] to add site exceptions: Page Info>HTTPS-Only mode>On/Off/Off temporarily
|
||||
// [SETTING] to add site exceptions: Ctrl+I>HTTPS-Only mode>On/Off/Off temporarily
|
||||
// [SETTING] Privacy & Security>HTTPS-Only Mode
|
||||
// [TEST] http://example.com [upgrade]
|
||||
// [TEST] http://neverssl.org/ [no upgrade]
|
||||
|
@ -1500,10 +1500,14 @@ user_pref("security.tls.version.enable-deprecated", false);
|
|||
// -------------------------------------
|
||||
// Pref : Disable SSL session tracking
|
||||
// SSL Session IDs are unique, last up to 24hrs in Firefox, and can be used for tracking
|
||||
// These are not used in PB mode. In normal windows they are isolated when using FPI
|
||||
// and/or containers. In FF85+ they are isolated by default (privacy.partition.network_state)
|
||||
// [WARNING] There are perf and passive fingerprinting costs, for little to no gain. Preventing
|
||||
// tracking via this method does not address IPs, nor handle any sanitizing of current identifiers
|
||||
// https://tools.ietf.org/html/rfc5077
|
||||
// https://bugzilla.mozilla.org/967977
|
||||
// https://arxiv.org/abs/1810.07304
|
||||
user_pref("security.ssl.disable_session_identifiers", true); // [DEFAULT: true] // [HIDDEN PREF]
|
||||
user_pref("security.ssl.disable_session_identifiers", true); // [HIDDEN PREF]
|
||||
// -------------------------------------
|
||||
// Pref : Disable TLS1.3 0-RTT (round-trip time)
|
||||
// https://github.com/tlswg/tls13-spec/issues/1001
|
||||
|
|
Loading…
Reference in New Issue