forked from d3cim/mobile_user.js
Update user.js
✅ Credits adjusted ✅ Sorted some rules and added some descriptions ✅ Set Browser locale (fennec exclusive) ✅ Added Headers/Referers section to limit sended info ⛔️ Disabled search suggestions / forms / limited history contents and more..
This commit is contained in:
parent
130b27e17a
commit
a09b3c5d90
93
user.js
93
user.js
|
@ -1,8 +1,8 @@
|
|||
//
|
||||
/******************************************************************************
|
||||
* * * * * * * * * * * * * * @quindecim | user.js * * * * * * * * * * * * * *
|
||||
* for Fennec F-Droid *
|
||||
* * * * * a project based on gHacks user.js and Librefox Browser * * * * * *
|
||||
* *
|
||||
* project based on gHacksuser.js and Librefox Browser. Redesigned for Fennec *
|
||||
******************************************************************************/
|
||||
//
|
||||
// gHacks: https://github.com/ghacksuserjs/ghacks-user.js
|
||||
|
@ -111,8 +111,6 @@ user_pref("app.update.url.android", "");
|
|||
// Pref :
|
||||
user_pref("breakpad.reportURL", "");
|
||||
// Pref :
|
||||
user_pref("browser.search.suggest.enabled", false);
|
||||
// Pref :
|
||||
user_pref("captivedetect.canonicalURL", "");
|
||||
// Pref :
|
||||
user_pref("devtools.devices.url", "");
|
||||
|
@ -136,8 +134,6 @@ user_pref("identity.fxaccounts.remote.oauth.uri", "");
|
|||
user_pref("identity.fxaccounts.remote.profile.uri", "");
|
||||
// [FENNEC][BUG] If empty "Settings" faded
|
||||
user_pref("identity.fxaccounts.remote.webchannel.uri", "https://127.0.0.1");
|
||||
// Pref :
|
||||
user_pref("layout.css.visited_links_enabled", false);
|
||||
// Pref : Disable predictor / prefetching
|
||||
// Network predicator load pages before they are opened
|
||||
// with mose hover for example
|
||||
|
@ -150,9 +146,6 @@ user_pref("browser.snippets.syncPromo.enabled", false);
|
|||
user_pref("webextensions.storage.sync.enabled", false);
|
||||
user_pref("webextensions.storage.sync.serverURL", "");
|
||||
user_pref("privacy.item.syncAccount", false);
|
||||
// Pref : Referer: ALL: control the amount of information to send
|
||||
// 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port
|
||||
user_pref("network.http.referer.trimmingPolicy", 0);
|
||||
// Pref : Disable collection/sending of the health report (healthreport.sqlite*)
|
||||
user_pref("datareporting.policy.currentPolicyVersion", 0);
|
||||
user_pref("datareporting.policy.dataSubmissionEnabled", false);
|
||||
|
@ -213,12 +206,6 @@ user_pref("media.webspeech.recognition.enable", false);
|
|||
user_pref("dom.vibrator.enabled", false);
|
||||
// Pref : Don't use Mozilla-provided location-specific search engines
|
||||
user_pref("browser.search.geoSpecificDefaults", false);
|
||||
// Pref : Don't trim HTTP off of URLs in the address bar.
|
||||
// https://bugzilla.mozilla.org/show_bug.cgi?id=665580
|
||||
user_pref("browser.urlbar.trimURLs", false);
|
||||
// Pref : Don't try to guess domain names when entering an invalid domain name in URL bar
|
||||
// http://www-archive.mozilla.org/docs/end-user/domain-guessing.html
|
||||
user_pref("browser.fixup.alternate.enabled", false);
|
||||
// Pref : Don't monitor OS online/offline connection state
|
||||
// https://trac.torproject.org/projects/tor/ticket/18945
|
||||
user_pref("network.manage-offline-status", false);
|
||||
|
@ -390,6 +377,39 @@ user_pref("media.autoplay.enabled.user-gestures-needed", false);
|
|||
user_pref("media.block-autoplay-until-in-foreground", true);
|
||||
//
|
||||
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
||||
// Section : Location Bar / Search Bar / Suggestions / History / Forms
|
||||
// >>>>>>>>>>>>>>>>>>>>
|
||||
// Pref : Disable location bar using search
|
||||
// Don't leak typos to a search engine, give an error message instead
|
||||
user_pref("keyword.enabled", false);
|
||||
// Pref : Don't try to guess domain names when entering an invalid domain name in URL bar
|
||||
// http://www-archive.mozilla.org/docs/end-user/domain-guessing.html
|
||||
user_pref("browser.fixup.alternate.enabled", false);
|
||||
// Pref : Don't trim HTTP off of URLs in the address bar
|
||||
// https://bugzilla.mozilla.org/show_bug.cgi?id=665580
|
||||
user_pref("browser.urlbar.trimURLs", false);
|
||||
// Pref : Limit history leaks via enumeration (PER TAB: back/forward)
|
||||
// This is a PER TAB session history. You still have a full history stored under all history
|
||||
// Default=50, minimum=1=currentpage, 2 is the recommended minimum as some pages use it as a means of referral (e.g. hotlinking), 4 or 6 or 10 may be more practical
|
||||
user_pref("browser.sessionhistory.max_entries", 10);
|
||||
// Pref : Disable CSS querying page history - CSS history leak
|
||||
// [NOTE] This has NEVER been fully "resolved": in Mozilla/docs it is stated it's only in 'certain circumstances'
|
||||
// [TEST] http://lcamtuf.coredump.cx/yahh/ (see github wiki APPENDIX C on how to use)
|
||||
// https://dbaron.org/mozilla/visited-privacy
|
||||
// https://bugzilla.mozilla.org/147777
|
||||
// https://developer.mozilla.org/docs/Web/CSS/Privacy_and_the_:visited_selector
|
||||
user_pref("layout.css.visited_links_enabled", false);
|
||||
// Pref : Disable search bar LIVE search suggestions
|
||||
user_pref("browser.search.suggest.enabled", false);
|
||||
// Pref : Disable search and form history
|
||||
// [NOTE] You can clear formdata on exiting Firefox
|
||||
user_pref("browser.formfill.enable", false);
|
||||
// Pref : Disable date/time picker
|
||||
// This can leak your locale if not en-US
|
||||
// https://trac.torproject.org/projects/tor/ticket/21787
|
||||
user_pref("dom.forms.datetime", false);
|
||||
//
|
||||
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
||||
// Section : Security
|
||||
// >>>>>>>>>>>>>>>>>>>>
|
||||
// Pref : Pre-populate the current URL but do not pre-fetch the certificate in the
|
||||
|
@ -502,14 +522,6 @@ user_pref("privacy.firstparty.isolate", true);
|
|||
user_pref("privacy.firstparty.isolate.restrict_opener_access", true);
|
||||
//
|
||||
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
||||
// Section : Locale/Time/UserAgent
|
||||
// >>>>>>>>>>>>>>>>>>>>
|
||||
// Pref : Disable date/time picker
|
||||
// This can leak your locale if not en-US
|
||||
// https://trac.torproject.org/projects/tor/ticket/21787
|
||||
user_pref("dom.forms.datetime", false);
|
||||
//
|
||||
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
||||
// Section : Passwords
|
||||
// >>>>>>>>>>>>>>>>>>>>
|
||||
// Pref : Disable autofilling saved passwords on HTTP pages and show warning
|
||||
|
@ -603,6 +615,8 @@ user_pref("browser.search.geoip.url", "");
|
|||
user_pref("browser.search.geoip.timeout", 0);
|
||||
user_pref("browser.search.geoSpecificDefaults.url", "");
|
||||
user_pref("browser.snippets.geoUrl", "");
|
||||
// Pref : [FENNEC] Set Browser locale
|
||||
user_pref("intl.locale.os", "en-US");
|
||||
// Pref : Set OS & APP locale
|
||||
// If set to empty, the OS locales are used. If not set at all, default locale is used
|
||||
user_pref("intl.locale.requested", "en-US");
|
||||
|
@ -864,6 +878,39 @@ user_pref("dom.storageManager.enabled", false);
|
|||
user_pref("dom.storage_access.enabled", false);
|
||||
//
|
||||
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
||||
// Section : Headers / Referers
|
||||
// >>>>>>>>>>>>>>>>>>>>
|
||||
// Pref : Control when images/links send a referer
|
||||
// 0=never, 1=send only when links are clicked, 2=for links and images (default)
|
||||
user_pref("network.http.sendRefererHeader", 2);
|
||||
// Pref : Control the amount of information to send
|
||||
// 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port
|
||||
user_pref("network.http.referer.trimmingPolicy", 0);
|
||||
// Pref : Control when to send a referer
|
||||
// 0=always (default), 1=only if base domains match, 2=only if hosts match
|
||||
user_pref("network.http.referer.XOriginPolicy", 1);
|
||||
// Pref : Control the amount of information to send
|
||||
// 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port
|
||||
user_pref("network.http.referer.XOriginTrimmingPolicy", 0);
|
||||
// Pref : Disable spoofing a referer
|
||||
// [WARNING] Do not set this to true, as spoofing effectively disables the anti-CSRF (Cross-Site Request Forgery) protections that some sites may rely on
|
||||
user_pref("network.http.referer.spoofSource", false); // [DEFAULT: false]
|
||||
// Pref : Set the default Referrer Policy [FF59+]
|
||||
// 0=no-referer, 1=same-origin, 2=strict-origin-when-cross-origin, 3=no-referrer-when-downgrade
|
||||
// [NOTE] This is only a default, it can be overridden by a site-controlled Referrer Policy
|
||||
// https://www.w3.org/TR/referrer-policy/
|
||||
// https://developer.mozilla.org/docs/Web/HTTP/Headers/Referrer-Policy
|
||||
// https://blog.mozilla.org/security/2018/01/31/preventing-data-leaks-by-stripping-path-information-in-http-referrers/
|
||||
user_pref("network.http.referer.defaultPolicy", 3); // [DEFAULT: 3]
|
||||
user_pref("network.http.referer.defaultPolicy.pbmode", 2); // [DEFAULT: 2]
|
||||
// Pref : Hide (not spoof) referrer when leaving a .onion domain
|
||||
// [NOTE] Firefox cannot access .onion sites by default. We recommend you use the Tor Browser which is specifically designed for hidden services
|
||||
// https://bugzilla.mozilla.org/1305144
|
||||
user_pref("network.http.referer.hideOnionSource", true); // [DEFAULT: false]
|
||||
// Pref : Disable the DNT (Do Not Track) HTTP header
|
||||
user_pref("privacy.donottrackheader.enabled", false); // [DEFAULT: true]
|
||||
//
|
||||
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
||||
// Section : Resist Fingerprinting
|
||||
// >>>>>>>>>>>>>>>>>>>>
|
||||
// Pref : Enable hardening against various fingerprinting vectors (Tor Uplift project)
|
||||
|
|
Loading…
Reference in New Issue