⛔️ Disabled `PiP` (Picture-in-Picture) feature
⛔️ Disabled autoplay of HTML5 media if you interacted with the site | FF78
⛔️ Disabled using the OS's geolocation service | FF78
⛔️ Disabled one more webextension sync process | FF78
⛔️ Disabled Top Sites as suggestion from the search bar | FF78
⛔️ Disabled chrome animations (RFP spoofs this for web content)
⛔️ Disabled FF from sending search terms to ISPs | FF77
⛔️ Disabled new contentblocking report connections prefs | FF78
⛔️ Disabled "Open with PdfJS" dialog | FF78
⛔️ Disabled new stories related activity-stream prefs | FF78
ℹ️ Grouped CBC ciphers
ℹ️ Modified some links, tag and descriptions
ℹ️ Moved some preferences from FF77+ into deprecated section (keeping them active for ESR68.x.x)
⛔️ Disabled and locked EME (FF will not download Encrypted Media Extensions, like Widevine, or ask the user to install them) | FF77
⛔️ Disabled PDFjs viewer and .pdf document permissions (like preventing the copying of text) | FF77
✅ Added, but not enabled, https_only_mode.upgrade_local (still experimental) | FF77
✅ Enforced prefers-reduced-motion as no-preference
⛔️ Disabled permissions manager from writing to disk
ℹ️ Modified some links, tag and descriptions
ℹ️ Moved some preferences from FF76+ into deprecated section (keeping them active for ESR68.x.x)
✅ Added, but not enabled, HTTPS-only-mode (experimental) | FF76
✅ Enabled Ion for installed extensions only | FF76
⛔️ Disabled compatibility heuristics to 3rd-party cookie blocking | FF76
⛔️ Disabled the default checkedness for "Save card and address to Firefox" checkboxes
⛔️ Disabled permissions manager from writing to disk
⛔️ Disabled media cache from writing to disk in Private Browsing
⛔️ Disabled purge trackers logging (main pref already disabled) | FF76
⛔️ Disabled staging auto-updates | FF76
⛔️ Disable (temporarily) "Megabar" design
⛔️ Disable Ion and baseline JIT to help harden JS against exploits
⛔️ Disabled one more telemetry pref | FF76
⛔️ Disabled one more pref related to the new about:welcome page | FF76
⛔️ Disabled ExperimentManager and relative API | FF76
ℹ️ Removed few duplicates
ℹ️ Modified some links, tag and descriptions
ℹ️ Moved some preferences from FF75+ into deprecated section (keeping them active for ESR68.x.x)
⛔️ Disabled Firefox to AutoUpdate without user consent | FF75
⛔️ Disabled DefaultBrowserAgent | FF75 | [WINDOWS]
⛔️ Disabled some UserMessaging (don't recommend extensions, browser features and specific suggestions in the URL bar) | FF75
ℹ️ Sorted SearchEngines removed in alphabetical order
✅ Enforced no system colors (they can be fingerprinted)
⛔️ Disabled Firefox to autoupdate without user consent
⛔️ Disabled Default Browser Agent | FF75 | [WINDOWS]
⛔️ Disabled Crash Report for Reporting API | FF75
⛔️ Disabled lockwise app callout to the ETP card | FF75
⛔️ Disabled Remote Settings | FF75
⛔️ Disabled permissions delegation | FF73
⛔️ Disabled geo -country.network.scan and -country.network.url
⛔️ Disabled purge site data after identifying tracking site via cookies feature (relax this with privacy.clearOnShutdown.* enabled)
⛔️ Disabled caching content of the homepage (not needed when set to about:blank) | FF75
⛔️ Disabled few more browser.newtabpage.activity-stream.* prefs | FF75
⛔️ Disabled JSWindowActors to separate about:welcome page
ℹ️ Fixed a typo that didn't allow the correct deactivation of extensions.getAddons.cache.enabled pref
ℹ️ Added some links and descriptions
ℹ️ Moved some preferences from FF74+ into deprecated section (keeping them active for ESR68.x.x)
✅ Enforced FPI (First Party Isolation) by allow communication only if FPDs also match
⛔️ Disabled activity-stream.feeds.recommendationproviderswitcher
⛔️ Disabled activity-stream.discoverystream.personalization.modelKeys
⛔️ Disabled Corroborate.jsm telemetry
⛔️ Disabled experiments extensions (ex legacy) | FF74
⛔️ Disabled Network Predictor on SSL
⛔️ Disabled the remaining non-modern cipher suites
⛔️ Disabled one more pref to prevent 'Restore Session' after a crash
ℹ️ Increased history leaks via enumeration (PER TAB: back/forward) from 3 to 4
ℹ️ Removed all the redundant buildIDs values. Let privacy.resistFingerprinting do the rest
ℹ️ Renamed using the OS's geolocation service pref | FF74
ℹ️ Renamed logging geolocation to the console pref | FF74
ℹ️ Removed TLS version min 1.2 (FF implemented it by itself)
ℹ️ Created a dedicated section for FPI (First Party Isolation)
ℹ️ Added some links and descriptions
ℹ️ Moved some preferences from FF73+ into deprecated section (keeping them active for ESR68.x.x)
✅ Enabled SanitizeOnShutdown (All) (clear all data on shutdown, including Browsing & Download History, Cookies, Active Logins, Cache, Form & Search History, Site Preferences and Offline Website Data)
⛔️ Disabled FormHistory (turn off saving information on web forms and the search bar)
⛔️ Disabled SafeMode (disable safe mode within the browser)
⛔️ Disabled NewTabPage (disable the New Tab page)
ℹ️ Set to keep cookies until you close FF
✅ Synced all the buildIDs with Tor's ones
✅ Added a pref (commented by default) to "Enable start in Private Browsing mode"
✅ Forced Startup page to blank
✅ Enabled clear cookies and site settings when you close FF
⛔️ Disabled activity-stream.feeds.asrouterfeed from FF Home Content section
⛔️Disabled telemetry for app menu protections button | FF73
⛔️ Disabled tickle time under wifi network (no more packets transmitted trought 4886 port over Wi-Fi)
⛔️ Disabled some more unwanted connections
⛔️ Disabled two more VR prefs | FF73
⛔️ Disabled by default the permission for VR | FF73
ℹ️ Reduced history leaks via enumeration (PER TAB: back/forward) from 20 to 3
ℹ️ Set to keep cookies until you close FF
ℹ️ Added some links and descriptions
ℹ️ Moved some preferences from FF72+ into deprecated section (keeping them active for ESR68.x)
✅ Synced all the buildIDs with Tor's ones
✅ Added a pref (commented by default) to set the days before cookies are delated if you choose for:
network.cookie.lifetimePolicy = 3
⛔️ Disabled two more webgl prefs
⛔️ Disabled two more signon prefs
⛔️ Disabled one more extensions.blocklist pref
ℹ️ Added some links and descriptions
ℹ️ Moved some preferences from FF71+ into deprecated section (keeping them active for ESR68.x)
Synced all the buildIDs with Tor's ones
✅ Enabled all the internal pages and disabled the related warnings | FF71+
✅ Sanitized app.releaseNotesURL
✅ Forget about last download directory used
⛔️ Disabled celebrating milestone toast when certain numbers of trackers are blocked | FF71+
⛔️ Disabled ping to Mozilla for Man-in-the-Middle detection
⛔️ Disabled deprecated TLS versions
⛔️ Disabled all the WebAssembly remaining prefs
⛔️ Disabled telemetry | FF71+
⛔️ Disabled report browser errors in Nightly to Mozilla
ℹ️ Remove all the timeout prefs
ℹ️ Reordered and renamed some prefs with better criteria
ℹ️ Moved some preferences from FF70+ into deprecated section (keeping them active for ESR68.x)
⛔️ Disabled Cryptomining and Fingerprinting trackingprotection
⛔️ Disabled OfferToSaveLogins by default
⛔️ Disabled PasswordManager (remove access to the password manager via preferences and blocks about:logins)
✅ Enforced fallback text encoding to match en-US
✅ Forced Encrypted Server Name Indication (eSNI) (for TLS 1.3 if TRR/DoH is enabled)
✅ Enabled (again) disk cache for SSL page - READ HERE
(https://github.com/ghacksuserjs/ghacks-user.js/issues/792)✅ Synced all the buildIDs with Tor's ones
⛔️ Disabled remaining Activity Stream (order and Pocket)
⛔️ Disabled more telemetry | FF70+
⛔️ Disabled all the contentblocking reports
⛔️ Disabled check route, IPv4 and IPv6, to akamaitechnologies.com | FF70+
⛔️ Disabled new FF accounts and sync prefs | FF70+
⛔️ Disabled more FF Lockwise prefs
⛔️ Disabled cryptomining, fingerprinting and social TP's ping to Mozilla servers | FF70+
⛔️ Disabled all the TP blocked elements by default
⛔️ Disabled sensors.test.events | FF70+
ℹ️ Removed "Use APP locale over OS locale in regional preferences"
ℹ️ Reordered and renamed many prefs with better criteria
ℹ️ Removed all the http:// links
ℹ️ Removed ESR60.x support
ℹ️ Moved some preferences from FF70+ into deprecated section (keeping them active for ESR68.x)
✅ Sanitized almost all URLs for requests to Mozilla servers from LOCALE
✅ Synced all the buildIDs with Tor's ones
⛔️ Removed all the warnings on quit and from accessing about:config page
⛔️ Disabled more unwanted connections
⛔️ Disabled vendor useragent info leakage to Mozilla
⛔️ Disabled entering in safe mode
⛔️ Disabled completely PingCentre telemetry (used in several System Add-ons)
ℹ️ Moved some preferences from FF69+ into deprecated section (keeping them active for ESR60.x and ESR68.x)
ℹ️ Added new links for better descriptions
✅ Added new folder in Bookmarks Menu (Ctrl+Shift+O) called "ADVANCED" that contains the more used about: pages of FF:
- about:restartrequired | (restart FF)
- about:config
- about:about
- about:policies
- about:networking
- about:profiles
- about:support
✅ Added StartPage as default search engine | Only ESR60.x
⛔️ Removed Amazon.com, eBay as suggested search engine | Only ESR60.x
⛔️ Disabled FF password generator | FF69+
⛔️ Locked social trackingprotection | FF70+
⛔️ Locked more sub-sync prefs | FF69+
⛔️ Locked more sub-webgl prefs | FF69+
⛔️ Locked more sub-gamepad prefs | FF69+
⛔️ Locked one more telemetry pref | FF69+
⛔️ Locked send content blocking log to about:protections | FF69+
⛔️ Locked WebVTT logging and test events | FF69+
⛔️ Locked about:logins (Firefox Lockwise) page
ℹ️ Updated author link, added mirrors
ℹ️ Moved lots of preferences from FF52-FF63 and newest ones from FF69+ into deprecated section (keeping them active for ESR60.x)
ℹ️ Defaulted back theme and density values
ℹ️ Fixed typos
Rewritten the file from scratch.
Synced all the prefs already configured with mozilla.cfg and added new ones (not settable with the .cfg file), such as:
⛔️ Disabled master password creation
⛔️ Disabled set Desktop background
⛔️ Disabled feedback commands
⛔️ Disabled Firefox Studies
⛔️ Disabled profile import
⛔️ Disabled system addon updates
⛔️ Disabled Firefox home (Search, Top Sites, Highlights, Pocket, Snippets)
⛔️ Removed all defaults bookmarks
⛔️ Removed "Bing", "Google", "Twitter" as search engines and set "DuckDuckGo" as deafult (this policy is only available on the ESR.)
✅ Created new section "Deprecated": moved inside it the already existing prefs and added some missing ones that have been removed, renamed or changed over time (these prefs remain active for ESR60.x versions)
ℹ️ Fixed some descriptions for a better explanation
✅ Defaulted to an empty value about DoH resolvers instead Cloudflare and co. (FF68)
⛔️ Locked entirely add-on and certificate blocklists (OneCRL) from Mozilla
⛔️ Locked more sync (FF68)
⛔️ Locked more telemetry (FF68)
⛔️ Locked recommendations in about:addons Extensions and Themes panes (FF68)
⛔️ Locked report extension option in about:addons (FF68)
⛔️ Decreased more system information leakage to Mozilla addons update servers
⛔️ Locked the Enterprise Roots preference (FF68)
⛔️ Locked access to navigator.mediaDevices features on HTTP web pages (FF68)
⛔️ Locked FF Remote Agent (FF68)
⛔️ Locked more VR features (FF68)
ℹ️ Fixed some typo
ℹ️ Fixed FF doesen't save theme selected by user
ℹ️ Removed "Defaulting Proxy settings" because the two values I entered are the same of default now
✅ Enabled Ion and baseline JIT javascript (due addons and navigation issues)
✅ Enabled double click selects a string segment in URL bar
✅ Enabled one-click select all URL bar
⛔️ Locked recent Highlights in the Library
⛔️ Locked warnings about close/open multiple tabs
⛔️ Locked warnings by entering full screen mode
⛔️ Locked more unwanted connections
⛔️ Locked missing prefs in already disabled pref
⛔️ Disabled by default urlbar suggest history, bookmarks and open tabs
⛔️ Locked new requests asking to access your hardware components (geo, camera, mic, notifications)
⛔️ Locked completly password manager
⛔️ Locked completly Virtual Reality feauture
ℹ️ Sorted some prefs
ℹ️ Defaulted instead locked some prefs
- close tabs with db-click action
- URL bar autocomplete and history/bookmarks suggestions dropdown
✅ Enabled FF Process Priority Manager (FF69+) [TEST for WINDOWS]
✅ Locked missing prefs in already existing prefs
⛔️ Locked more telemetry
⛔️ Locked FF Recommended Extensions suggestions (FF68+)
⛔️ Locked Ion, baseline JIT and RegExp to help harden JS against exploits
⛔️ Locked more webGL (FF68+)
ℹ️ Set more legible default fonts
✅ Masked more builID in according to TBB
✅ reEnabled reader mode
⛔️ Locked documents loading fonts (this drastically limits/reduces font enumeration)
⛔️ Locked first run page (no more firefox welcome)
⛔️ Locked javascript Ion, baseline JIT and RegExp to help harden JS against exploits (disabled in TBB, performance loss??) [need test]
⛔️ Locked new cryptomining and fingerprinting trackingprotection
ℹ️ Added some descriptions
✅ Added missing prefs (for prevention) in already disabled prefs
✅ Locked FF to display long lines in view-source page
⛔️ Locked FF warnings (about:config/networking)
⛔️ Locked pinned sites from searchbar
⛔️ Locked all sensors
⛔️ Disabled dark theme on forms (usefull with system dark theme e.g. Linux)
⛔️ Locked ctrl+tab back to the old one
ℹ️ Set FF to “don’t read add-ons from the user’s directory or the system.” (usefull for portable versions)
ℹ️ Disabled RFP-letterboxing (for now, let's see if FF will implement this pref in resistFingerprinting)
✅ Added missing prefs (for prevention) in already disabled prefs
✅ Added some deprecated prefs (for prevention)
✅ Added some descriptions
⛔️ Locked more sync prefs (for prevention)
⛔️ Locked more telemetry/coverage/healthreport/onboarding prefs (for prevention)
⛔️ Locked GCLI (Graphical Command Line Interface)
⛔️ Locked Firefox screenshot extension
⛔️ Defaulted spellchecker functionality
⛔️ Locked "Savant" Shield study (for prevention)
⛔️ Locked social integration with FF (for prevention)
⛔️ Locked useragent updates and site specific overrides
⛔️ Locked mailnews
⛔️ Locked website protocol handlers (irc,mailto,webcal)
⛔️ Locked more unwanted connections
⛔️ Locked more URL protocol handlers
⛔️ Locked remote JAR files being opened
⛔️ Removed special permissions for certain mozilla domains
⛔️ Locked Firefox Tips / Search suggestions
⛔️ Locked OCSP (again..)
⛔️ Locked Adbobe Primetime
⛔️ Defaulted Reader mode (less RAM consumption..just a bit) [useless?]
ℹ️ Set SSL version min 1.2
ℹ️ Cleanup devtools
ℹ️ Now Display "insecure" icon and "Not Secure" text on HTTP sites also in private browsing mode
ℹ️ Now clear on shutdown also history and downloads
✅ Enabled app from auto-update
⛔️ Disabled check default browser
⛔️ Disabled and locked camera requests
⛔️ Disabled and locked camera requests
⛔️ Disabled and locked microphone requests
⛔️ Disabled and locked location requests
⛔️ Disabled and locked notifications requests
⛔️ Disabled and locked trackingprotection
⛔️ Disabled accept third-party cookies
⛔️ Disabled offer to save logins
ℹ️ Set SSL version min `1.2`
Narsil
quindecim
quindecim