diff --git a/config/mozilla.cfg b/config/mozilla.cfg
index 31acb44..bd1f0ab 100644
--- a/config/mozilla.cfg
+++ b/config/mozilla.cfg
@@ -1,561 +1,450 @@
+// **********************************************************************************
+// user.js | Firefox desktop
+// https://git.nixnet.services/Narsil/mozilla.cfg
+// **********************************************************************************
//
-/**********************************************************************************
- * mozilla.cfg | Firefox *
- * *
- * https://git.nixnet.xyz/quindecim/mozilla.cfg *
- *********************************************************************************/
+// Author : Narsil : https://git.nixnet.services/Narsil
//
-// Author : quindecim : https://git.nixnet.xyz/quindecim
-// https://git.lushka.al/quindecim | MIRROR
-// https://git.lelux.fi/quindecim | MIRROR
+// Based on : arkenfox : https://github.com/arkenfox/user.js
//
-//
-// Based on : gHacks : https://github.com/ghacksuserjs/ghacks-user.js
-// Librefox : https://github.com/intika/Librefox
-// pyllyukko : https://github.com/pyllyukko/user.js
-// OrangeManBad : https://git.nixnet.xyz/OrangeManBad/user.js
-//
-// License : https://git.nixnet.xyz/quindecim/mozilla.cfg/src/branch/master/LICENSE.txt
+// License : https://git.nixnet.services/Narsil/mozilla.cfg/raw/branch/master/LICENSE
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// PROTECTION
// >>>>>>>>>>>>>>>>>>>>>
-// Pref : Locking mozilla.cfg file itself
+// Locking mozilla.cfg file itself
lockPref("general.config.filename", "mozilla.cfg");
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
-// Section : Startup
+// START: internal custom pref to test for syntax error
// >>>>>>>>>>>>>>>>>>>>>
-// Pref : Enable start in Private Browsing mode
-// lockPref("browser.privatebrowsing.autostart", true);
-// -------------------------------------
-// Pref : Disable default browser check
-lockPref("browser.shell.checkDefaultBrowser", false); // [DESKTOP]
-// -------------------------------------
-// Pref : Set START page
-// (0=blank, 1=home, 2=last visited page, 3=resume previous session)
-// [NOTE] Session Restore is not used in PB mode and is cleared with history
-lockPref("browser.startup.page", 0); // [DESKTOP]
-// -------------------------------------
-// Pref : Set NEWTAB page
-// true=Activity Stream, false=blank page
-lockPref("browser.newtabpage.enabled", false); // [DESKTOP]
-lockPref("browser.newtab.url", "about:blank"); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable Extension Recommendations (CFR: "Contextual Feature Recommender")
-// https://support.mozilla.org/en-US/kb/extension-recommendations
-lockPref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false); // [DESKTOP]
-lockPref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable Activity Stream Top Stories, Pocket-based and/or sponsored content
-lockPref("browser.newtabpage.activity-stream.feeds.section.topstories", false); // [DESKTOP]
-lockPref("browser.newtabpage.activity-stream.feeds.section.topstories.options", ""); // [DESKTOP]
-lockPref("browser.newtabpage.activity-stream.section.highlights.includePocket", false); // [DESKTOP]
-lockPref("browser.newtabpage.activity-stream.showSponsored", false); // [DESKTOP]
-lockPref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", false); // [DESKTOP]
-lockPref("browser.newtabpage.activity-stream.pocketCta", ""); // [DESKTOP]
-lockPref("browser.newtabpage.activity-stream.sectionOrder", ""); // [DESKTOP]
-// -------------------------------------
-// Pref : Set Homepage and disable caching content
-lockPref("browser.startup.homepage", "about:blank"); // [DESKTOP]
-lockPref("browser.startup.homepage.abouthome_cache.enabled", false); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable Activity Stream Snippets
-// Runs code received from a server (aka Remote Code Execution) and sends information back to a metrics server
-// https://abouthome-snippets-service.readthedocs.io/
-lockPref("browser.newtabpage.activity-stream.asrouter.providers.snippets", ""); // [DESKTOP]
-lockPref("browser.newtabpage.activity-stream.feeds.snippets", false); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable Activity Stream telemetry
-lockPref("browser.newtabpage.activity-stream.feeds.telemetry", false); // [DESKTOP]
-lockPref("browser.newtabpage.activity-stream.telemetry", false); // [DESKTOP]
-lockPref("browser.newtabpage.activity-stream.telemetry.ut.events", false); // [DESKTOP]
-lockPref("browser.newtabpage.activity-stream.telemetry.structuredIngestion", false); // [DESKTOP]
-lockPref("browser.newtabpage.activity-stream.telemetry.structuredIngestion.endpoint", ""); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable Activity Stream feeds
-lockPref("browser.newtabpage.activity-stream.feeds.aboutpreferences", false); // [DESKTOP]
-lockPref("browser.newtabpage.activity-stream.feeds.favicon", false); // [DESKTOP]
-lockPref("browser.newtabpage.activity-stream.feeds.messagecenterfeed", false); // [DESKTOP]
-lockPref("browser.newtabpage.activity-stream.feeds.migration", false); // [DESKTOP]
-lockPref("browser.newtabpage.activity-stream.feeds.newtabinit", false); // [DESKTOP]
-lockPref("browser.newtabpage.activity-stream.feeds.places", false); // [DESKTOP]
-lockPref("browser.newtabpage.activity-stream.feeds.prefs", false); // [DESKTOP]
-lockPref("browser.newtabpage.activity-stream.feeds.section.highlights", false); // [DESKTOP]
-lockPref("browser.newtabpage.activity-stream.feeds.sections", false); // [DESKTOP]
-lockPref("browser.newtabpage.activity-stream.feeds.systemtick", false); // [DESKTOP]
-lockPref("browser.newtabpage.activity-stream.feeds.topsites", false); // [DESKTOP]
-lockPref("browser.newtabpage.activity-stream.feeds.asrouterfeed", false); // [DESKTOP]
-lockPref("browser.newtabpage.activity-stream.feeds.recommendationproviderswitcher", false); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable Activity Stream (others)
-lockPref("browser.newtabpage.activity-stream.messageCenterExperimentEnabled", false);
-lockPref("browser.newtabpage.activity-stream.showSearch", false); // [DESKTOP]
-lockPref("browser.newtabpage.activity-stream.discoverystream.config", ""); // [DESKTOP]
-lockPref("browser.newtabpage.activity-stream.discoverystream.endpoints", ""); // [DESKTOP]
-lockPref("browser.newtabpage.activity-stream.discoverystream.rec.impressions", ""); // [DESKTOP]
-lockPref("browser.newtabpage.activity-stream.discoverystream.spoc.impressions", ""); // [DESKTOP]
-lockPref("browser.newtabpage.activity-stream.discoverystream.endpointSpocsClear", "");
-lockPref("browser.newtabpage.activity-stream.section.highlights.includeBookmarks", false); // [DESKTOP]
-lockPref("browser.newtabpage.activity-stream.section.highlights.includeDownloads", false); // [DESKTOP]
-lockPref("browser.newtabpage.activity-stream.section.highlights.includeVisited", false); // [DESKTOP]
-lockPref("browser.newtabpage.activity-stream.discoverystream.personalization.modelKeys", ""); // [DESKTOP]
-lockPref("browser.newtabpage.activity-stream.improvesearch.handoffToAwesomebar", false); // [DESKTOP]
-lockPref("browser.newtabpage.activity-stream.discoverystream.isCollectionDismissible", false); // [DESKTOP]
-lockPref("browser.newtabpage.activity-stream.discoverystream.region-basic-layout", false); // [DESKTOP]
-lockPref("browser.newtabpage.activity-stream.discoverystream.region-layout-config", ""); // [DESKTOP]
-lockPref("browser.newtabpage.activity-stream.discoverystream.region-spocs-config", ""); // [DESKTOP]
-lockPref("browser.newtabpage.activity-stream.discoverystream.region-stories-config", ""); // [DESKTOP]
-lockPref("browser.newtabpage.activity-stream.discoverystream.recs.personalized", false); // [DESKTOP]
-lockPref("browser.newtabpage.activity-stream.discoverystream.spocs.personalized", false); // [DESKTOP]
-lockPref("browser.newtabpage.activity-stream.feeds.system.topsites", false); // [DESKTOP]
-lockPref("browser.newtabpage.activity-stream.feeds.system.topstories", false); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable new tab tile ads & preload
-// https://wiki.mozilla.org/Tiles/Technical_Documentation#Ping
-// https://gecko.readthedocs.org/en/latest/browser/browser/DirectoryLinksProvider.html#browser-newtabpage-directory-source
-// https://gecko.readthedocs.org/en/latest/browser/browser/DirectoryLinksProvider.html#browser-newtabpage-directory-ping
-lockPref("browser.newtab.preload", false); // [DESKTOP]
-lockPref("browser.newtabpage.directory.ping", ""); // [DESKTOP]
-lockPref("browser.newtabpage.activity-stream.asrouter.messageProviders", ""); // [DESKTOP]
-// -------------------------------------
-// Pref : Don't reveal build ID
-// Value taken from Tor Browser
-// https://bugzilla.mozilla.org/show_bug.cgi?id=583181
-lockPref("browser.startup.homepage_override.mstone", "ignore");
-// -------------------------------------
-// Pref : Disable separate about:welcome page
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1617783
-lockPref("browser.aboutwelcome.enabled", false); // [DESKTOP]
-lockPref("trailhead.firstrun.branches", ""); // [DESKTOP]
-lockPref("browser.aboutwelcome.overrideContent", ""); // [DESKTOP]
+//
+// Disable about:config warning
+lockPref("browser.aboutConfig.showWarning", false);
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
-// Section : Quiet Fox
+// STARTUP
// >>>>>>>>>>>>>>>>>>>>>
-// Pref : Disable app from auto-update
-// true=application updates are installed without user approval.
-// false=application updates are downloaded but the user can choose when to install the update.
-lockPref("app.update.auto", false); // [DESKTOP]
-lockPref("app.update.autodownload", "never"); // [FENIX]
-// lockPref("app.update.channel", "");
-lockPref("app.update.url.details", "https://www.mozilla.org/en-US/firefox/notes"); // [URL SANITIZED] // [DESKTOP]
-// lockPref("app.update.url.manual", ""); // [DESKTOP]
-lockPref("app.update.url.android", ""); // [FENIX]
-lockPref("app.update.staging.enabled", false); // [DESKTOP]
-lockPref("app.update.log.file", false); // [DESKTOP]
+//
+// Disable default browser check
+lockPref("browser.shell.checkDefaultBrowser", false);
// -------------------------------------
-// Pref : Disable sync
-lockPref("sync.enabled", false); // [DEPRECATED] // [DESKTOP]
-lockPref("services.sync.enabled", false);
+// Set startup page [SETUP-CHROME]
+// 0=blank, 1=home, 2=last visited page, 3=resume previous session
+lockPref("browser.startup.page", 0);
// -------------------------------------
-// Pref : Disable other sync settings (by prevention)
-lockPref("services.sync.maxResyncs", 0); // [DESKTOP]
-lockPref("services.sync.telemetry.maxPayloadCount", 0); // [DESKTOP]
-lockPref("services.sync.addons.ignoreUserEnabledChanges", true); // [DESKTOP]
-lockPref("services.sync.engine.addons", false); // [DESKTOP]
-lockPref("services.sync.engine.addresses", false); // [DESKTOP]
-lockPref("services.sync.engine.bookmarks", false); // [DESKTOP]
-lockPref("services.sync.engine.bookmarks.buffer", false); // [DESKTOP]
-lockPref("services.sync.engine.creditcards", false); // [DESKTOP]
-lockPref("services.sync.engine.creditcards.available", false); // [DESKTOP]
-lockPref("services.sync.engine.history", false); // [DESKTOP]
-lockPref("services.sync.engine.passwords", false); // [DESKTOP]
-lockPref("services.sync.engine.prefs", false); // [DESKTOP]
-lockPref("services.sync.engine.tabs", false); // [DESKTOP]
-lockPref("services.sync.log.appender.file.logOnError", false); // [DESKTOP]
-lockPref("services.sync.log.appender.file.logOnSuccess", false); // [DESKTOP]
-lockPref("services.sync.log.cryptoDebug", false); // [DESKTOP]
-lockPref("services.sync.sendVersionInfo", false); // [DESKTOP]
-lockPref("services.sync.syncedTabs.showRemoteIcons", true); // [DESKTOP]
-lockPref("services.sync.prefs.sync.accessibility.blockautorefresh", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.accessibility.browsewithcaret", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.accessibility.typeaheadfind", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.accessibility.typeaheadfind.linksonly", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.addons.ignoreUserEnabledChanges", true); // [DESKTOP]
-lockPref("services.sync.prefs.sync.browser.ctrlTab.recentlyUsedOrder", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.browser.download.useDownloadDir", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.browser.formfill.enable", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.browser.link.open_newwindow", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.browser.newtabpage.enabled", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.browser.newtabpage.pinned", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.browser.search.update", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.browser.startup.homepage", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.browser.startup.page", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.browser.tabs.loadInBackground", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.browser.tabs.warnOnClose", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.browser.tabs.warnOnOpen", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.browser.urlbar.autocomplete.enabled", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.browser.urlbar.matchBuckets", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.browser.urlbar.maxRichResults", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.browser.urlbar.suggest.bookmark", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.browser.urlbar.suggest.history", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.browser.urlbar.suggest.history.onlyTyped", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.browser.urlbar.suggest.openpage", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.browser.urlbar.suggest.searches", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.browser.contentblocking.category", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.browser.contentblocking.introCount", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.browser.crashReports.unsubmittedCheck.autoSubmit2", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.feeds.section.highlights", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.feeds.section.topstories", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.feeds.snippets", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.feeds.topsites", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includeBookmarks", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includeDownloads", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includePocket", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includeVisited", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.rows", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.section.topstories.rows", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.showSearch", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.topSitesRows", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.browser.taskbar.previews.enable", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.dom.disable_open_during_load", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.dom.disable_window_flip", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.dom.disable_window_move_resize", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.dom.event.contextmenu.enabled", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.extensions.personas.current", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.extensions.update.enabled", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.intl.accept_languages", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.layout.spellcheckDefault", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.lightweightThemes.selectedThemeID", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.lightweightThemes.usedThemes", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.network.cookie.cookieBehavior", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.network.cookie.lifetimePolicy", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.network.cookie.thirdparty.sessionOnly", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.permissions.default.image", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.pref.advanced.images.disable_button.view_image", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.pref.advanced.javascript.disable_button.advanced", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.pref.downloads.disable_button.edit_actions", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.pref.privacy.disable_button.cookie_exceptions", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.cache", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.cookies", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.downloads", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.formdata", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.history", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.offlineApps", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.sessions", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.privacy.clearOnShutdown.siteSettings", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.privacy.donottrackheader.enabled", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.privacy.reduceTimerPrecision", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.privacy.resistFingerprinting", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.privacy.resistFingerprinting.reduceTimerPrecision.jitter", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.privacy.resistFingerprinting.reduceTimerPrecision.microseconds", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.privacy.sanitize.sanitizeOnShutdown", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.privacy.trackingprotection.enabled", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.privacy.trackingprotection.pbmode.enabled", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.privacy.trackingprotection.cryptomining.enabled", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.privacy.trackingprotection.fingerprinting.enabled", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.media.autoplay.default", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.security.OCSP.enabled", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.security.OCSP.require", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.security.default_personal_cert", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.security.tls.version.max", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.security.tls.version.min", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.services.sync.syncedTabs.showRemoteIcons", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.spellchecker.dictionary", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.xpinstall.whitelist.required", false); // [DESKTOP]
-lockPref("services.sync.declinedEngines", ""); // [DESKTOP]
-lockPref("services.sync.jpake.serverURL", ""); // [DEPRECATED] // [DESKTOP]
-lockPref("services.sync.migrated", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.browser.safebrowsing.downloads.enabled", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.browser.safebrowsing.malware.enabled", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.browser.safebrowsing.passwords.enabled", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.browser.safebrowsing.phishing.enabled", false); // [DESKTOP]
-lockPref("services.sync.engine.addresses.available", false); // [DESKTOP]
-lockPref("services.sync.addons.trustedSourceHostnames", ""); // [DESKTOP]
-lockPref("services.sync.engine.tabs.filteredUrls", ""); // [DESKTOP]
-lockPref("services.sync.log.appender.console", ""); // [DESKTOP]
-lockPref("services.sync.log.appender.dump", ""); // [DESKTOP]
-lockPref("services.sync.log.appender.file.level", ""); // [DESKTOP]
-lockPref("services.sync.log.logger", ""); // [DESKTOP]
-lockPref("services.sync.log.logger.engine", ""); // [DESKTOP]
-lockPref("services.sync.prefs.sync.media.eme.enabled", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.privacy.fuzzyfox.clockgrainus", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.privacy.fuzzyfox.enabled", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.signon.rememberSignons", false); // [DESKTOP]
-lockPref("services.sync.serverURL", ""); // [DESKTOP]
-lockPref("services.sync.lastversion", ""); // [DESKTOP]
-lockPref("sync.serverURL", ""); // [DEPRECATED] // [DESKTOP]
-lockPref("sync.jpake.serverURL", ""); // [DEPRECATED] // [DESKTOP]
-lockPref("services.sync.prefs.sync.browser.contentblocking.features.strict", false); // [DESKTOP]
-lockPref("services.sync.prefs.dangerously_allow_arbitrary", false); // [DESKTOP]
-lockPref("services.sync.prefs.sync.app.shield.optoutstudies.enabled", false);
-lockPref("services.sync.prefs.sync.browser.discovery.enabled", false);
-lockPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.showSponsored", false);
-lockPref("services.sync.prefs.sync.browser.search.widget.inNavBar", false);
-lockPref("services.sync.prefs.sync.extensions.activeThemeID", false);
+// Set HOME+NEWWINDOW page
+lockPref("browser.startup.homepage", "about:blank");
// -------------------------------------
-// Pref : Never check updates for search engines
-// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_auto-update-checking
-lockPref("browser.search.update", false);
-lockPref("browser.search.update.log", false);
+// Set NEWTAB page
+// true=Activity Stream (default), false=blank page
+lockPref("browser.newtabpage.enabled", false);
+lockPref("browser.newtab.preload", false);
// -------------------------------------
-// Pref : Tell the search service that we don't really expose the "current engine"
-lockPref("browser.search.noCurrentEngine", true); // [DEFAULT: true] // [FENNEC]
+// Disable some Activity Stream items
+lockPref("browser.newtabpage.activity-stream.feeds.telemetry", false);
+lockPref("browser.newtabpage.activity-stream.telemetry", false);
+lockPref("browser.newtabpage.activity-stream.feeds.snippets", false); // [DEFAULT: false]
+lockPref("browser.newtabpage.activity-stream.feeds.section.topstories", false);
+lockPref("browser.newtabpage.activity-stream.section.highlights.includePocket", false);
+lockPref("browser.newtabpage.activity-stream.showSponsored", false);
+lockPref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", false); // [FF66+]
+lockPref("browser.newtabpage.activity-stream.showSponsoredTopSites", false); // [FF83+]
+lockPref("browser.newtabpage.activity-stream.showSearch", false);
+lockPref("browser.newtabpage.activity-stream.showTopSites", false);
+lockPref("browser.newtabpage.activity-stream.feeds.topsites", false);
+lockPref("browser.newtabpage.activity-stream.section.highlights.includeBookmarks", false);
+lockPref("browser.newtabpage.activity-stream.section.highlights.includeDownloads", false);
+lockPref("browser.newtabpage.activity-stream.section.highlights.includeVisited", false);
+lockPref("browser.newtabpage.activity-stream.discoverystream.enabled", false);
// -------------------------------------
-// Pref : Disable sending Flash Player crash reports
-lockPref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false);
+// Clear default topsites
+lockPref("browser.newtabpage.activity-stream.default.sites", "");
+lockPref("browser.topsites.contile.enabled", false);
+lockPref("browser.topsites.useRemoteSetting", false);
+//
+// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+// GEOLOCATION / LANGUAGE / LOCALE
+// >>>>>>>>>>>>>>>>>>>>>
+//
+// Use Mozilla geolocation service instead of Google if permission is granted [FF74+]
+lockPref("geo.provider.network.url", "");
+// lockPref("geo.provider.network.logging.enabled", true); // [HIDDEN PREF]
// -------------------------------------
-// Pref : Disable sending the URL of the website where a plugin crashed
-lockPref("dom.ipc.plugins.reportCrashURL", false);
+// Disable using the OS's geolocation service
+lockPref("geo.provider.ms-windows-location", false); // [WINDOWS]
+lockPref("geo.provider.use_corelocation", false); // [MAC]
+lockPref("geo.provider.use_gpsd", false); // [LINUX]
// -------------------------------------
-// Pref : Disable Telemetry
-// https://wiki.mozilla.org/Platform/Features/Telemetry
-// https://wiki.mozilla.org/Privacy/Reviews/Telemetry
-// https://wiki.mozilla.org/Telemetry
-// https://www.mozilla.org/en-US/legal/privacy/firefox.html#telemetry
-// https://support.mozilla.org/t5/Firefox-crashes/Mozilla-Crash-Reporter/ta-p/1715
-// https://wiki.mozilla.org/Security/Reviews/Firefox6/ReviewNotes/telemetry
-// https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/telemetry/internals/preferences.html#id1
-lockPref("toolkit.telemetry.enabled", false);
-lockPref("toolkit.telemetry.debugSlowSql", false);
-lockPref("toolkit.telemetry.reportingpolicy.firstRun", false);
-lockPref("toolkit.telemetry.server", "data:,");
-lockPref("toolkit.telemetry.server_owner", "");
-lockPref("toolkit.telemetry.unified", false);
-lockPref("toolkit.telemetry.unifiedIsOptIn", false); // [DESKTOP]
-lockPref("toolkit.telemetry.archive.enabled", false); // [DESKTOP]
-lockPref("toolkit.telemetry.cachedClientID", ""); // [DESKTOP]
-lockPref("toolkit.telemetry.newProfilePing.enabled", false); // [DESKTOP]
-lockPref("toolkit.telemetry.shutdownPingSender.enabled", false); // [DESKTOP]
-lockPref("toolkit.telemetry.updatePing.enabled", false); // [DESKTOP]
-lockPref("toolkit.telemetry.bhrPing.enabled", false); // [DESKTOP]
-lockPref("toolkit.telemetry.firstShutdownPing.enabled", false); // [DESKTOP]
-lockPref("toolkit.telemetry.previousBuildID", ""); // [DESKTOP]
-lockPref("toolkit.telemetry.prompted", 2); // [DESKTOP]
-lockPref("toolkit.telemetry.rejected", true); // [DESKTOP]
-lockPref("security.identitypopup.recordEventTelemetry", false);
-lockPref("security.certerrors.recordEventTelemetry", false); // [DESKTOP]
-lockPref("privacy.trackingprotection.origin_telemetry.enabled", false);
-lockPref("telemetry.origin_telemetry_test_mode.enabled", false);
-lockPref("toolkit.telemetry.ecosystemtelemetry.enabled", false); // [DESKTOP]
-lockPref("security.protectionspopup.recordEventTelemetry", false); // [DESKTOP]
-lockPref("toolkit.telemetry.geckoview.streaming", false);
-lockPref("toolkit.telemetry.isGeckoViewMode", false);
-lockPref("toolkit.telemetry.testing.overrideProductsCheck", false);
-lockPref("security.app_menu.recordEventTelemetry", false); // [DESKTOP]
-lockPref("browser.urlbar.eventTelemetry.enabled", false); // [DESKTOP]
+// Disable region updates
+lockPref("browser.region.network.url", ""); // [FF78+]
+lockPref("browser.region.update.enabled", false); // [FF79+]
// -------------------------------------
-// Pref : Disable Telemetry Coverage
-// https://blog.mozilla.org/data/2018/08/20/effectively-measuring-search-in-firefox/
-lockPref("toolkit.coverage.enabled", false); // [DESKTOP]
-lockPref("toolkit.telemetry.coverage.opt-out", true); // [HIDDEN PREF] // [DESKTOP]
-lockPref("toolkit.coverage.opt-out", true); // [HIDDEN PREF] // [DESKTOP]
-lockPref("toolkit.coverage.endpoint.base", ""); // [DESKTOP]
+// Set search region
+lockPref("browser.search.region", "US"); // [HIDDEN PREF]
// -------------------------------------
-// Pref : Disable collection/sending of the health report (healthreport.sqlite*)
-lockPref("datareporting.healthreport.uploadEnabled", false); // [DESKTOP]
-lockPref("datareporting.healthreport.service.enabled", false); // [DESKTOP]
-lockPref("datareporting.healthreport.infoURL", ""); // [DESKTOP]
-lockPref("datareporting.policy.dataSubmissionEnabled", false);
-lockPref("datareporting.policy.currentPolicyVersion", 0);
-lockPref("datareporting.policy.currentPolicyAcceptedVersion", 0);
-lockPref("datareporting.policy.dataSubmissionPolicyAcceptedVersion", 0);
-lockPref("datareporting.policy.dataSubmissionPolicyBypassNotification", false);
-lockPref("datareporting.policy.dataSubmissionPolicyNotifiedTime", "");
-lockPref("datareporting.policy.firstRunURL", "");
-lockPref("datareporting.policy.minimumPolicyVersion", 0);
-lockPref("datareporting.policy.minimumPolicyVersion.channel-beta", 0);
+// Set preferred language for displaying pages
+defaultPref("intl.accept_languages", "en-US, en");
// -------------------------------------
-// Pref : Disable personalized Extension Recommendations in about:addons and AMO
-// [NOTE] This pref has no effect when Health Reports are disabled
-// https://support.mozilla.org/kb/personalized-extension-recommendations
-lockPref("browser.discovery.enabled", false); // [DEFAULT: false]
+// Use en-US locale regardless of the system or region locale
+lockPref("javascript.use_us_english_locale", true); // [HIDDEN PREF]
+//
+// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+// QUIETER FOX
+// >>>>>>>>>>>>>>>>>>>>>
+//
+// RECOMMENDATIONS
+//
+// Disable recommendation pane in about:addons (uses Google Analytics)
+lockPref("extensions.getAddons.showPane", false); // [HIDDEN PREF]
// -------------------------------------
-// Pref : Disable Crash Reports
-lockPref("breakpad.reportURL", "");
-lockPref("browser.tabs.crashReporting.email", ""); // [DESKTOP]
-lockPref("browser.tabs.crashReporting.emailMe", false); // [DESKTOP]
-lockPref("browser.tabs.crashReporting.includeURL", false); // [DESKTOP]
-lockPref("browser.tabs.crashReporting.requestEmail", false); // [DESKTOP]
-lockPref("browser.tabs.crashReporting.sendReport", false); // [DESKTOP]
-lockPref("browser.crashReports.unsubmittedCheck.enabled", false); // [DESKTOP]
-lockPref("toolkit.crashreporter.infoURL", ""); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable Crash Report for Reporting API
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1607364
-lockPref("dom.reporting.crash.enabled", false);
-// -------------------------------------
-// Pref : Disable automatic captive portal detection
-// https://www.eff.org/deeplinks/2017/08/how-captive-portals-interfere-wireless-security-and-privacy
-// https://wiki.mozilla.org/Necko/CaptivePortal
-lockPref("captivedetect.canonicalURL", "");
-lockPref("network.captive-portal-service.enabled", false);
-lockPref("network.captive-portal-service.backoffFactor", "");
-// lockPref("network.captive-portal-service.maxInterval", 0);
-// lockPref("network.captive-portal-service.minInterval", 0);
-// -------------------------------------
-// Pref : Disable Network Connectivity checks
-// https://bugzilla.mozilla.org/1460537
-lockPref("network.connectivity-service.enabled", false); // [DEFAULT: true]
-lockPref("network.connectivity-service.IPv4.url", "");
-lockPref("network.connectivity-service.IPv6.url", "");
-lockPref("network.connectivity-service.DNSv4.domain", "");
-lockPref("network.connectivity-service.DNSv6.domain", "");
-// -------------------------------------
-// Pref : Disable auto updating of lightweight themes (LWT)
-// Not to be confused with themes, which use the Theme API
-// Mozilla plan to convert existing LWTs and remove LWT support in the future
-// https://blog.mozilla.org/addons/2018/09/20/future-themes-here/
-lockPref("lightweightThemes.persisted.headerURL", false);
-lockPref("lightweightThemes.persistedThemeID", ""); // [FENNEC]
-// lockPref("lightweightThemes.selectedThemeID", ""); // [BUG - FF doesen't save theme selected by user]
-lockPref("lightweightThemes.getMoreURL", ""); // [DESKTOP]
-lockPref("lightweightThemes.persisted.footerURL", false); // [DESKTOP]
-lockPref("lightweightThemes.recommendedThemes", ""); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable Studies and SHIELD
-lockPref("app.shield.optoutstudies.enabled", false); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable backlogged Crash Reports
-lockPref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable about:addons Recommendations pane (uses Google Analytics)
-lockPref("extensions.getAddons.showPane", false); // [HIDDEN PREF] // [DESKTOP]
-// -------------------------------------
-// Pref : Disable recommendations in about:addons Extensions and Themes panes
-// https://www.ghacks.net/2019/05/15/enable-new-firefox-recommended-extensions-suggestions-in-firefox-68-nightly/
-lockPref("extensions.htmlaboutaddons.inline-options.enabled", false);
+// Disable recommendations in about:addons' Extensions and Themes panes [FF68+]
lockPref("extensions.htmlaboutaddons.recommendations.enabled", false);
-lockPref("extensions.getAddons.discovery.api_url", ""); // [DESKTOP]
-lockPref("extensions.recommendations.privacyPolicyUrl", "");
-lockPref("extensions.recommendations.themeRecommendationUrl", "");
// -------------------------------------
-// Pref : Disable extension's report option in about:addons
-lockPref("extensions.abuseReport.enabled", false);
-lockPref("extensions.abuseReport.url", "");
-lockPref("extensions.abuseReport.amoDetailsURL", "");
-lockPref("extensions.abuseReport.amWebAPI.enabled", false);
+// Disable personalized Extension Recommendations in about:addons and AMO [FF65+]
+lockPref("browser.discovery.enabled", false);
+//
+// TELEMETRY
+//
+// Disable new data submission [FF41+]
+lockPref("datareporting.policy.dataSubmissionEnabled", false);
// -------------------------------------
-// Pref : Disable Firefox Hello metrics collection
-// https://groups.google.com/d/topic/mozilla.dev.platform/nyVkCx-_sFw/discussion
-lockPref("loop.logDomains", false); // [DESKTOP]
+// Disable Health Reports
+lockPref("datareporting.healthreport.uploadEnabled", false);
// -------------------------------------
-// Pref : Disable contentblocking reports
-lockPref("browser.contentblocking.reportBreakage.url", ""); // [DESKTOP]
-lockPref("browser.contentblocking.report.cookie.url", ""); // [DESKTOP]
-lockPref("browser.contentblocking.report.cryptominer.url", ""); // [DESKTOP]
-lockPref("browser.contentblocking.report.fingerprinter.url", ""); // [DESKTOP]
-lockPref("browser.contentblocking.report.lockwise.enabled", false); // [DESKTOP]
-lockPref("browser.contentblocking.report.lockwise.how_it_works.url", ""); // [DESKTOP]
-lockPref("browser.contentblocking.report.manage_devices.url", ""); // [DESKTOP]
-lockPref("browser.contentblocking.report.monitor.enabled", false); // [DESKTOP]
-lockPref("browser.contentblocking.report.monitor.how_it_works.url", ""); // [DESKTOP]
-lockPref("browser.contentblocking.report.monitor.sign_in_url", ""); // [DESKTOP]
-lockPref("browser.contentblocking.report.monitor.url", ""); // [DESKTOP]
-lockPref("browser.contentblocking.report.proxy.enabled", false); // [DESKTOP]
-lockPref("browser.contentblocking.report.proxy_extension.url", ""); // [DESKTOP]
-lockPref("browser.contentblocking.report.social.url", ""); // [DESKTOP]
-lockPref("browser.contentblocking.report.tracker.url", ""); // [DESKTOP]
-lockPref("browser.contentblocking.allowlist.annotations.enabled", false); // [FENNEC]
-lockPref("browser.contentblocking.allowlist.storage.enabled", false); // [FENNEC]
-lockPref("browser.contentblocking.report.endpoint_url", ""); // [DESKTOP]
-lockPref("browser.contentblocking.report.monitor.home_page_url", ""); // [DESKTOP]
-lockPref("browser.contentblocking.report.monitor.preferences_url", ""); // [DESKTOP]
+// Disable telemetry
+lockPref("toolkit.telemetry.unified", false);
+lockPref("toolkit.telemetry.enabled", false); // see [NOTE]
+lockPref("toolkit.telemetry.server", "data:,");
+lockPref("toolkit.telemetry.archive.enabled", false);
+lockPref("toolkit.telemetry.newProfilePing.enabled", false); // [FF55+]
+lockPref("toolkit.telemetry.shutdownPingSender.enabled", false); // [FF55+]
+lockPref("toolkit.telemetry.updatePing.enabled", false); // [FF56+]
+lockPref("toolkit.telemetry.bhrPing.enabled", false); // [FF57+] Background Hang Reporter
+lockPref("toolkit.telemetry.firstShutdownPing.enabled", false); // [FF57+]
// -------------------------------------
-// Pref : Disable lockwise app callout to the ETP card
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1612091
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1612088
-lockPref("browser.contentblocking.report.show_mobile_app", false);
-lockPref("browser.contentblocking.report.lockwise.mobile-android.url", "");
-lockPref("browser.contentblocking.report.lockwise.mobile-ios.url", "");
-lockPref("browser.contentblocking.report.mobile-android.url", "");
-lockPref("browser.contentblocking.report.mobile-ios.url", "");
+// Disable Telemetry Coverage
+lockPref("toolkit.telemetry.coverage.opt-out", true); // [HIDDEN PREF]
+lockPref("toolkit.coverage.opt-out", true); // [FF64+] [HIDDEN PREF]
+lockPref("toolkit.coverage.endpoint.base", "");
// -------------------------------------
-// Pref : Disable send content blocking log to about:protections
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1549832
-lockPref("browser.contentblocking.database.enabled", false);
+// Disable PingCentre telemetry (used in several System Add-ons) [FF57+]
+lockPref("browser.ping-centre.telemetry", false);
+//
+// STUDIES
+//
+// Disable Studies
+lockPref("app.shield.optoutstudies.enabled", false);
// -------------------------------------
-// Pref : Disable celebrating milestone toast when certain numbers of trackers are blocked
-lockPref("browser.contentblocking.cfr-milestone.enabled", false); // [DESKTOP]
+// Disable Normandy/Shield [FF60+]
+lockPref("app.normandy.enabled", false);
+lockPref("app.normandy.api_url", "");
+//
+// CRASH REPORTS
+//
+// Disable Crash Reports
+lockPref("breakpad.reportURL", "");
+lockPref("browser.tabs.crashReporting.sendReport", false); // [FF44+]
+// lockPref("browser.crashReports.unsubmittedCheck.enabled", false); // [FF51+] [DEFAULT: false]
// -------------------------------------
-// Pref : Onboarding tour disable because of included telemetry
-// [NOTE] This setting is just in case it comeback
-lockPref("browser.onboarding.notification.finished", true); // [DESKTOP] // [DEPRECATED]
-lockPref("browser.onboarding.tour.onboarding-tour-customize.completed", true); // [DESKTOP] // [DEPRECATED]
-lockPref("browser.onboarding.tour.onboarding-tour-performance.completed", true); // [DESKTOP] // [DEPRECATED]
-lockPref("devtools.onboarding.telemetry.logged", false); // [DESKTOP]
+// Enforce no submission of backlogged Crash Reports [FF58+]
+lockPref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); // [DEFAULT: false]
+//
+// OTHER
+//
+// Disable Captive Portal detection
+lockPref("captivedetect.canonicalURL", "");
+lockPref("network.captive-portal-service.enabled", false); // [FF52+]
// -------------------------------------
-// Pref : Disable check default browser on first run
-lockPref("browser.shell.didSkipDefaultBrowserCheckOnFirstRun", true); // [DESKTOP]
+// Disable Network Connectivity checks [FF65+]
+lockPref("network.connectivity-service.enabled", false);
// -------------------------------------
-// Pref : Disable GCLI (Graphical Command Line Interface)
-// https://wiki.mozilla.org/DevTools/Features/GCLI
-lockPref("devtools.gcli.imgurUploadURL", ""); // [DESKTOP]
-lockPref("devtools.gcli.jquerySrc", ""); // [DESKTOP]
-lockPref("devtools.gcli.underscoreSrc", ""); // [DESKTOP]
-lockPref("devtools.gcli.lodashSrc", ""); // [DESKTOP]
+// Disable contentblocking reports
+lockPref("browser.contentblocking.reportBreakage.url", "");
+lockPref("browser.contentblocking.report.cookie.url", "");
+lockPref("browser.contentblocking.report.cryptominer.url", "");
+lockPref("browser.contentblocking.report.fingerprinter.url", "");
+lockPref("browser.contentblocking.report.lockwise.enabled", false);
+lockPref("browser.contentblocking.report.lockwise.how_it_works.url", "");
+lockPref("browser.contentblocking.report.manage_devices.url", "");
+lockPref("browser.contentblocking.report.monitor.enabled", false);
+lockPref("browser.contentblocking.report.monitor.how_it_works.url", "");
+lockPref("browser.contentblocking.report.monitor.sign_in_url", "");
+lockPref("browser.contentblocking.report.monitor.url", "");
+lockPref("browser.contentblocking.report.proxy.enabled", false);
+lockPref("browser.contentblocking.report.proxy_extension.url", "");
+lockPref("browser.contentblocking.report.social.url", "");
+lockPref("browser.contentblocking.report.tracker.url", "");
+lockPref("browser.contentblocking.report.endpoint_url", "");
+lockPref("browser.contentblocking.report.monitor.home_page_url", "");
+lockPref("browser.contentblocking.report.monitor.preferences_url", "");
+lockPref("browser.contentblocking.report.vpn.enabled", false);
// -------------------------------------
-// Pref : Disable Firefox screenshot extension
-// https://support.mozilla.org/en-US/kb/firefox-screenshots
-lockPref("extensions.screenshots.disabled", true); // [DESKTOP]
-lockPref("extensions.screenshots.upload-disabled", true); // [DESKTOP]
+// Block unwanted connections
+lockPref("app.feedback.baseURL", "");
+lockPref("app.support.baseURL", "");
+lockPref("app.releaseNotesURL", "");
+lockPref("app.update.url.details", "");
+lockPref("app.update.url.manual", "");
+lockPref("app.update.staging.enabled", false);
// -------------------------------------
-// Pref : Disable spellchecker functionality by default
-// 0=none, 1-multi-line, 2=multi-line & single-line
-// https://support.mozilla.org/en-US/kb/how-do-i-use-firefox-spell-checker
-defaultPref("layout.spellcheckDefault", 0); // [DESKTOP]
+// Remove default handlers and translation engine
+lockPref("gecko.handlerService.schemes.mailto.0.uriTemplate", "");
+lockPref("gecko.handlerService.schemes.mailto.0.name", "");
+lockPref("gecko.handlerService.schemes.mailto.1.uriTemplate", "");
+lockPref("gecko.handlerService.schemes.mailto.1.name", "");
+lockPref("gecko.handlerService.schemes.irc.0.uriTemplate", "");
+lockPref("gecko.handlerService.schemes.irc.0.name", "");
+lockPref("gecko.handlerService.schemes.ircs.0.uriTemplate", "");
+lockPref("gecko.handlerService.schemes.ircs.0.name", "");
+lockPref("browser.translation.engine", "");
// -------------------------------------
-// Pref : Enable Firefox internal pages and disable the related warnings
-lockPref("general.aboutConfig.enable", true);
-lockPref("general.warnOnAboutConfig", false); // [XUL/XHTML]
-lockPref("browser.aboutConfig.showWarning", false); // [DESKTOP] // [HTML]
+// Disable connections to Mozilla servers
+lockPref("services.settings.server", "");
+//
+// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+// SAFE BROWSING (SB)
+// >>>>>>>>>>>>>>>>>>>>>
+//
+// Disable SB (Safe Browsing)
+lockPref("browser.safebrowsing.malware.enabled", false);
+lockPref("browser.safebrowsing.phishing.enabled", false);
+lockPref("browser.safebrowsing.passwords.enabled", false);
+lockPref("browser.safebrowsing.allowOverride", false);
// -------------------------------------
-// Pref : Disable recent Highlights in the Library
-lockPref("browser.library.activity-stream.enabled", false); // [DESKTOP]
+// Disable SB checks for downloads (both local lookups + remote)
+lockPref("browser.safebrowsing.downloads.enabled", false);
// -------------------------------------
-// Pref : Disable warnings about close/open multiple tabs
-lockPref("browser.tabs.warnOnClose", false); // [DESKTOP]
-lockPref("browser.tabs.warnOnCloseOtherTabs", false); // [DESKTOP]
-lockPref("browser.tabs.warnOnOpen", false); // [DESKTOP]
-lockPref("browser.warnOnQuit", false); // [DESKTOP]
+// Disable SB checks for downloads (remote)
+lockPref("browser.safebrowsing.downloads.remote.enabled", false);
+lockPref("browser.safebrowsing.downloads.remote.url", "");
// -------------------------------------
-// Pref : Disable warnings by entering full screen mode
-lockPref("full-screen-api.warning.delay", 0);
-lockPref("full-screen-api.warning.timeout", 0);
+// Disable SB checks for unwanted software
+lockPref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false);
+lockPref("browser.safebrowsing.downloads.remote.block_uncommon", false);
// -------------------------------------
-// Pref : Disable WebVTT logging and test events
-// https://developer.mozilla.org/en-US/docs/Web/API/WebVTT_API
-// https://git.sny.no/gecko/commit/?id=5701a142f2a5e89b1b716e0edec0f18d5e513678
-lockPref("media.webvtt.debug.logging", false);
-lockPref("media.webvtt.testing.events", false);
+// Disable "ignore this warning" on SB warnings [FF45+]
+// lockPref("browser.safebrowsing.allowOverride", false);
// -------------------------------------
-// Pref : Disable Firefox Developer Tools
-// https://developer.mozilla.org/en-US/docs/Tools
-// lockPref("devtools.enabled", false);
+// Google connections
+lockPref("browser.safebrowsing.downloads.remote.block_dangerous", false);
+lockPref("browser.safebrowsing.downloads.remote.block_dangerous_host", false);
+lockPref("browser.safebrowsing.provider.google.updateURL", "");
+lockPref("browser.safebrowsing.provider.google.gethashURL", "");
+lockPref("browser.safebrowsing.provider.google4.updateURL", "");
+lockPref("browser.safebrowsing.provider.google4.gethashURL", "");
+lockPref("browser.safebrowsing.provider.google.reportURL", "");
+lockPref("browser.safebrowsing.reportPhishURL", "");
+lockPref("browser.safebrowsing.provider.google4.reportURL", "");
+lockPref("browser.safebrowsing.provider.google.reportMalwareMistakeURL", "");
+lockPref("browser.safebrowsing.provider.google.reportPhishMistakeURL", "");
+lockPref("browser.safebrowsing.provider.google4.reportMalwareMistakeURL", "");
+lockPref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", "");
+lockPref("browser.safebrowsing.provider.google4.dataSharing.enabled", false);
+lockPref("browser.safebrowsing.provider.google4.dataSharingURL", "");
+lockPref("browser.safebrowsing.provider.google.advisory", "");
+lockPref("browser.safebrowsing.provider.google.advisoryURL", "");
+lockPref("browser.safebrowsing.provider.google.gethashURL", "");
+lockPref("browser.safebrowsing.provider.google4.advisoryURL", "");
+lockPref("browser.safebrowsing.blockedURIs.enabled", false);
+lockPref("browser.safebrowsing.provider.mozilla.gethashURL", "");
+lockPref("browser.safebrowsing.provider.mozilla.updateURL", "");
+//
+// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+// BLOCK IMPLICIT OUTBOUND
+// >>>>>>>>>>>>>>>>>>>>>
+//
+// Disable link prefetching
+lockPref("network.prefetch-next", false);
// -------------------------------------
-// Pref : Disable SSDP (Simple Service Discovery Protocol)
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1111967
-lockPref("browser.casting.enabled", false); // [FENNEC]
+// Disable DNS prefetching
+lockPref("network.dns.disablePrefetch", true);
+// lockPref("network.dns.disablePrefetchFromHTTPS", true); // [DEFAULT: true]
// -------------------------------------
-// Pref : Disable in-browser feed handling
-// This preferences determines which web sites are listed in the “Subscription Options” dialog.
-lockPref("browser.contentHandlers.types.0.title", ""); // [FENNEC]
-lockPref("browser.contentHandlers.types.0.type", ""); // [FENNEC]
-lockPref("browser.contentHandlers.types.0.uri", ""); // [FENNEC]
-lockPref("browser.contentHandlers.types.1.title", ""); // [FENNEC]
-lockPref("browser.contentHandlers.types.1.type", ""); // [FENNEC]
-lockPref("browser.contentHandlers.types.1.uri", ""); // [FENNEC]
-lockPref("browser.contentHandlers.types.2.title", ""); // [FENNEC]
-lockPref("browser.contentHandlers.types.2.type", ""); // [FENNEC]
-lockPref("browser.contentHandlers.types.2.uri", ""); // [FENNEC]
-lockPref("browser.contentHandlers.types.3.title", ""); // [FENNEC]
-lockPref("browser.contentHandlers.types.3.type", ""); // [FENNEC]
-lockPref("browser.contentHandlers.types.3.uri", ""); // [FENNEC]
+// Disable predictor / prefetching
+lockPref("network.predictor.enabled", false);
+lockPref("network.predictor.enable-prefetch", false); // [FF48+] [DEFAULT: false]
// -------------------------------------
-// Pref : Disable tickle time under wifi network
-// It transmit UDP busy-work to the LAN when anticipating low latency network reads and on wifi to mitigate 802.11 Power Save Polling delays
-// If you're on wifi and an IPv4 DHCP network we will send 0 length UDP packets at port 4886 of your gateway at the default rate of 60hz for 400ms from the start of the transaction in an attempt to improve RTT during the critical early phases
-// https://bugzilla.mozilla.org/show_bug.cgi?id=888268
-lockPref("network.tickle-wifi.enabled", false);
+// Disable link-mouseover opening connection to linked server
+lockPref("network.http.speculative-parallel-limit", 0);
// -------------------------------------
-// Pref : Disable Corroborate.jsm telemetry
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1608308
-lockPref("corroborator.enabled", false); // [DESKTOP]
+// Disable mousedown speculative connections on bookmarks and history [FF98+]
+lockPref("browser.places.speculativeConnect.enabled", false);
// -------------------------------------
-// Pref : Disable Remote Settings
-// https://github.com/mozilla-services/remote-settings-lambdas
-// https://remote-settings.readthedocs.io/en/latest/
+// Enforce no "Hyperlink Auditing" (click tracking)
+// lockPref("browser.send_pings", false); // [DEFAULT: false]
+//
+// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+// DNS / DoH / PROXY / SOCKS / IPv6
+// >>>>>>>>>>>>>>>>>>>>>
+//
+// Disable IPv6
+lockPref("network.dns.disableIPv6", true);
+// -------------------------------------
+// Set the proxy server to do any DNS lookups when using SOCKS
+lockPref("network.proxy.socks_remote_dns", true);
+// -------------------------------------
+// Disable using UNC (Uniform Naming Convention) paths [FF61+]
+lockPref("network.file.disable_unc_paths", true); // [HIDDEN PREF]
+// -------------------------------------
+// Disable GIO as a potential proxy bypass vector
+lockPref("network.gio.supported-protocols", ""); // [HIDDEN PREF]
+// -------------------------------------
+// Disable proxy direct failover for system requests [FF91+]
+// lockPref("network.proxy.failover_direct", false);
+// -------------------------------------
+// Disable proxy bypass for system request failures [FF95+]
+// lockPref("network.proxy.allow_bypass", false); // [HIDDEN PREF FF95-96]
+// -------------------------------------
+// Disable DNS-over-HTTPS (DoH) rollout [FF60+]
+defaultPref("network.trr.mode", 5);
+defaultPref("network.trr.uri", "");
+defaultPref("network.trr.confirmationNS", "");
+//
+// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+// LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS
+// >>>>>>>>>>>>>>>>>>>>>
+//
+// Disable location bar using search
+// lockPref("keyword.enabled", false);
+// -------------------------------------
+// Disable location bar domain guessing
+lockPref("browser.fixup.alternate.enabled", false);
+// -------------------------------------
+// Display all parts of the url in the location bar
+lockPref("browser.urlbar.trimURLs", false);
+// -------------------------------------
+// Disable live search suggestions
+lockPref("browser.search.suggest.enabled", false);
+lockPref("browser.urlbar.suggest.searches", false);
+lockPref("browser.urlbar.showSearchSuggestionsFirst", false);
+// -------------------------------------
+// Disable location bar making speculative connections [FF56+]
+lockPref("browser.urlbar.speculativeConnect.enabled", false);
+// -------------------------------------
+// Disable location bar leaking single words to a DNS provider **after searching** [FF78+]
+// 0=never resolve single words, 1=heuristic (default), 2=always resolve
+lockPref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0);
+// -------------------------------------
+// Disable location bar contextual suggestions [FF92+]
+lockPref("browser.urlbar.suggest.quicksuggest.nonsponsored", false); // [FF95+]
+lockPref("browser.urlbar.suggest.quicksuggest.sponsored", false);
+// -------------------------------------
+// Disable tab-to-search [FF85+]
+lockPref("browser.urlbar.suggest.engines", false);
+// -------------------------------------
+// Disable search and form history
+lockPref("browser.formfill.enable", false);
+// -------------------------------------
+// Disable Form Autofill
+lockPref("extensions.formautofill.addresses.enabled", false); // [FF55+]
+lockPref("extensions.formautofill.available", "off"); // [FF56+]
+lockPref("extensions.formautofill.creditCards.available", false); // [FF57+]
+lockPref("extensions.formautofill.creditCards.enabled", false); // [FF56+]
+lockPref("extensions.formautofill.heuristics.enabled", false); // [FF55+]
+// -------------------------------------
+// Disable coloring of visited links
+lockPref("layout.css.visited_links_enabled", false);
+//
+// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+// PASSWORDS
+// >>>>>>>>>>>>>>>>>>>>>
+//
+// Disable saving passwords and password alerts.
+defaultPref("signon.rememberSignons", false);
+defaultPref("signon.generation.enabled", false);
+defaultPref("signon.management.page.breach-alerts.enabled", false);
+defaultPref("signon.management.page.breachAlertUrl", "");
+// -------------------------------------
+// Set when Firefox should prompt for the primary password
+// 0=once per session (default), 1=every time it's needed, 2=after n minutes
+defaultPref("security.ask_for_password", 2);
+// -------------------------------------
+// Set how long in minutes Firefox should remember the primary password (0901)
+defaultPref("security.password_lifetime", 5); // [DEFAULT: 30]
+// -------------------------------------
+// Disable auto-filling username & password form fields
+lockPref("signon.autofillForms", false);
+// -------------------------------------
+// Disable formless login capture for Password Manager [FF51+]
+lockPref("signon.formlessCapture.enabled", false);
+// -------------------------------------
+// Limit (or disable) HTTP authentication credentials dialogs triggered by sub-resources [FF41+]
+// 0 = don't allow sub-resources to open HTTP authentication credentials dialogs
+// 1 = don't allow cross-origin sub-resources to open HTTP authentication credentials dialogs
+// 2 = allow sub-resources to open HTTP authentication credentials dialogs (default)
+lockPref("network.auth.subresource-http-auth-allow", 1);
+// -------------------------------------
+// Enforce no automatic authentication on Microsoft sites [FF91+] [WINDOWS 10+]
+lockPref("network.http.windows-sso.enabled", false); // [DEFAULT: false]
+//
+// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+// DISK AVOIDANCE
+// >>>>>>>>>>>>>>>>>>>>>
+//
+// Disable disk cache
+defaultPref("browser.cache.disk.enable", false);
+// -------------------------------------
+// Disable media cache from writing to disk in Private Browsing
+defaultPref("browser.privatebrowsing.forceMediaMemoryCache", true); // [FF75+]
+defaultPref("media.memory_cache_max_size", 65536);
+// -------------------------------------
+// Disable storing extra session data [SETUP-CHROME]
+// 0=everywhere, 1=unencrypted sites, 2=nowhere
+lockPref("browser.sessionstore.privacy_level", 2);
+// -------------------------------------
+// Set the minimum interval between session save operations
+lockPref("browser.sessionstore.interval", 30000); // [DEFAULT: 15000]
+// -------------------------------------
+// Disable automatic Firefox start and session restore after reboot [FF62+] [WINDOWS]
+lockPref("toolkit.winRegisterApplicationRestart", false);
+// -------------------------------------
+// Disable favicons in shortcuts
+lockPref("browser.shell.shortcutFavicons", false);
+//
+// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+// HTTPS (SSL/TLS / OCSP / CERTS / HPKP)
+// >>>>>>>>>>>>>>>>>>>>>
+//
+// Require safe negotiation
+lockPref("security.ssl.require_safe_negotiation", true);
+// -------------------------------------
+// Disable TLS1.3 0-RTT (round-trip time) [FF51+]
+lockPref("security.tls.enable_0rtt_data", false);
+//
+// OCSP (Online Certificate Status Protocol)
+//
+// Enforce OCSP fetching to confirm current validity of certificates
+// 0=disabled, 1=enabled (default), 2=enabled for EV certificates only
+defaultPref("security.OCSP.enabled", 0); // [DEFAULT: 1]
+// -------------------------------------
+// Set OCSP fetch failures (non-stapled) to hard-fail [SETUP-WEB]
+defaultPref("security.OCSP.require", false);
+//
+// CERTS / HPKP (HTTP Public Key Pinning)
+//
+// Disable or limit SHA-1 certificates
+// 0 = allow all
+// 1 = block all
+// 3 = only allow locally-added roots (e.g. anti-virus) (default)
+// 4 = only allow locally-added roots or for certs in 2015 and earlier
+defaultPref("security.pki.sha1_enforcement_level", 1);
+// -------------------------------------
+// Disable Windows 8.1's Microsoft Family Safety cert [FF50+] [WINDOWS]
+// 0=disable detecting Family Safety mode and importing the root
+// 1=only attempt to detect Family Safety mode (don't import the root)
+// 2=detect Family Safety mode and import the root
+lockPref("security.family_safety.mode", 0);
+// -------------------------------------
+// Enable strict pinning
+// PKP (Public Key Pinning) 0=disabled, 1=allow user MiTM (such as your antivirus), 2=strict
+lockPref("security.cert_pinning.enforcement_level", 2);
+// -------------------------------------
+// Disable CRLite [FF73+]
+// 0 = disabled
+// 1 = consult CRLite but only collect telemetry (default)
+// 2 = consult CRLite and enforce both "Revoked" and "Not Revoked" results
+// 3 = consult CRLite and enforce "Not Revoked" results, but defer to OCSP for "Revoked" (FF99+)
lockPref("security.remote_settings.intermediates.enabled", false);
lockPref("security.remote_settings.intermediates.bucket", "");
lockPref("security.remote_settings.intermediates.collection", "");
@@ -564,2411 +453,709 @@ lockPref("security.remote_settings.crlite_filters.enabled", false);
lockPref("security.remote_settings.crlite_filters.bucket", "");
lockPref("security.remote_settings.crlite_filters.collection", "");
lockPref("security.remote_settings.crlite_filters.signer", "");
+defaultPref("security.pki.crlite_mode", 0);
+//
+// MIXED CONTENT
+//
+// Disable insecure passive content (such as images) on https pages [SETUP-WEB]
+lockPref("security.mixed_content.block_display_content", true);
// -------------------------------------
-// Pref : Disable Default Browser Agent
-// https://firefox-source-docs.mozilla.org/main/latest/toolkit/mozapps/defaultagent/default-browser-agent/index.html
-lockPref("default-browser-agent.enabled", false); // [WINDOWS] // [DESKTOP]
+// Enable HTTPS-Only mode in all windows [FF76+]
+lockPref("dom.security.https_only_mode", true); // [FF76+]
+// lockPref("dom.security.https_only_mode_pbm", true); // [FF80+]
// -------------------------------------
-// Pref : Disable location bar leaking single words to a DNS provider (after searching)
-// 0=never resolve single words, 1=heuristic (default), 2=always resolve
-// [NOTE] For FF78 value 1 and 2 are the same and always resolve but that will change in future versions
-// https://bugzilla.mozilla.org/1642623
-lockPref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); // [DESKTOP]
+// Enable HTTPS-Only mode for local resources [FF77+]
+// lockPref("dom.security.https_only_mode.upgrade_local", true);
+// -------------------------------------
+// Disable HTTP background requests [FF82+]
+lockPref("dom.security.https_only_mode_send_http_background_request", false);
+//
+// UI (User Interface)
+//
+// Display warning on the padlock for "broken security"
+lockPref("security.ssl.treat_unsafe_negotiation_as_broken", true);
+// -------------------------------------
+// Control "Add Security Exception" dialog on SSL warnings
+// 0=do neither, 1=pre-populate, url 2=pre-populate url + pre-fetch cert (default)
+lockPref("browser.ssl_override_behavior", 1);
+// -------------------------------------
+// Display advanced information on Insecure Connection warning pages
+lockPref("browser.xul.error_pages.expert_bad_cert", true);
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
-// Section : IJWY To Shut Up
-// I Just Want You To Shut Up : Closing all non necessary communication to mozilla.org etc.
+// FONTS
// >>>>>>>>>>>>>>>>>>>>>
-// Pref : Block unwanted connections
-lockPref("app.feedback.baseURL", "");
-lockPref("app.feedbackURL", ""); // [FENNEC]
-lockPref("app.channelURL", ""); // [FENNEC]
-lockPref("app.creditsURL", ""); // [FENNEC]
-lockPref("app.faqURL", ""); // [FENNEC]
-lockPref("app.privacyURL", ""); // [FENNEC]
-lockPref("app.releaseNotesURL", "https://www.mozilla.org/en-US/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=whatsnew"); // [URL SANITIZED]
-lockPref("app.support.baseURL", "");
-lockPref("app.supportURL", ""); // [FENNEC]
-lockPref("app.vendorURL", ""); // [DESKTOP]
-lockPref("media.decoder-doctor.new-issue-endpoint", "");
-lockPref("network.trr.confirmationNS", "");
-lockPref("services.settings.default_signer", ""); // [DESKTOP]
-lockPref("services.settings.server", ""); // [DESKTOP]
-lockPref("accessibility.support.url", ""); // [DESKTOP]
-lockPref("browser.dictionaries.download.url", ""); // [DESKTOP]
-lockPref("browser.geolocation.warning.infoURL", ""); // [DESKTOP]
-lockPref("browser.newtabpage.activity-stream.asrouter.providers.cfr", ""); // [DESKTOP]
-lockPref("browser.newtabpage.activity-stream.asrouter.providers.cfr-fxa", ""); // [DESKTOP]
-lockPref("browser.newtabpage.activity-stream.asrouter.providers.onboarding", ""); // [DESKTOP]
-lockPref("browser.newtabpage.activity-stream.asrouter.providers.whats-new-panel", ""); // [DESKTOP]
-lockPref("browser.newtabpage.activity-stream.fxaccounts.endpoint", ""); // [DESKTOP]
-lockPref("browser.search.searchEnginesURL", ""); // [DESKTOP]
-lockPref("extensions.getAddons.themes.browseURL", ""); // [DESKTOP]
-lockPref("security.content.signature.root_hash", "");
-lockPref("identity.mobilepromo.android", ""); // [DESKTOP]
-lockPref("identity.mobilepromo.ios", ""); // [DESKTOP]
-lockPref("identity.sendtabpromo.url", ""); // [DESKTOP]
-lockPref("toolkit.datacollection.infoURL", ""); // [DESKTOP]
-lockPref("dom.keyboardevent.keypress.hack.dispatch_non_printable_keys", "");
-lockPref("dom.keyboardevent.keypress.hack.use_legacy_keycode_and_charcode", "");
-lockPref("startup.homepage_welcome_url", ""); // [DESKTOP]
-lockPref("startup.homepage_welcome_url.additional", ""); // [DESKTOP]
-lockPref("startup.homepage_override_url", ""); // [DESKTOP]
-lockPref("browser.search.param.yahoo-fr", ""); // [DESKTOP]
-lockPref("privacy.restrict3rdpartystorage.partitionedHosts", "");
-lockPref("browser.xr.warning.infoURL", ""); // [DESKTOP]
-// -------------------------------------
-// Pref : Devtools cleanup
-lockPref("devtools.devices.url", "");
-lockPref("devtools.devedition.promo.url", ""); // [DESKTOP]
-lockPref("devtools.performance.recording.ui-base-url", ""); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable website protocol handlers
-lockPref("gecko.handlerService.schemes.irc.0.name", ""); // [DESKTOP]
-lockPref("gecko.handlerService.schemes.irc.0.uriTemplate", ""); // [DESKTOP]
-lockPref("gecko.handlerService.schemes.ircs.0.name", ""); // [DESKTOP]
-lockPref("gecko.handlerService.schemes.ircs.0.uriTemplate", ""); // [DESKTOP]
-lockPref("gecko.handlerService.schemes.mailto.0.name", ""); // [DESKTOP]
-lockPref("gecko.handlerService.schemes.mailto.0.uriTemplate", ""); // [DESKTOP]
-lockPref("gecko.handlerService.schemes.mailto.1.name", ""); // [DESKTOP]
-lockPref("gecko.handlerService.schemes.mailto.1.uriTemplate", ""); // [DESKTOP]
-lockPref("gecko.handlerService.schemes.webcal.0.uriTemplate", ""); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable browser translate integration
-// https://www.ghacks.net/2018/09/09/mozilla-working-on-google-translate-integration-in-firefox/
-lockPref("browser.translation.engine", ""); // [DESKTOP]
-lockPref("browser.translation.detectLanguage", false); // [DESKTOP]
-lockPref("browser.translation.neverForLanguages", ""); // [DESKTOP]
-lockPref("browser.translation.ui.show", false); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable useragent updates and site specific overrides
-lockPref("general.useragent.updates.enabled", false); // [FENNEC]
-lockPref("general.useragent.updates.url", ""); // [FENNEC]
-// -------------------------------------
-// Pref : Decrease vendor useragent info leakage to Mozilla
-// https://github.com/pyllyukko/user.js/issues/299
-lockPref("general.useragent.vendor", ""); // [DESKTOP]
-lockPref("general.useragent.vendorComment", ""); // [DESKTOP]
-lockPref("general.useragent.vendorSub", ""); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable mailnews
-lockPref("mailnews.messageid_browser.url", ""); // [DESKTOP]
-lockPref("mailnews.mx_service_url", ""); // [DESKTOP]
-// -------------------------------------
-// Pref : Remove pinned sites from searchbar
-lockPref("browser.newtabpage.activity-stream.default.sites", ""); // [DESKTOP]
-lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.havePinned", ""); // [DESKTOP]
-lockPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.searchEngines", ""); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable report browser errors in Nightly to Mozilla
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1426482
-lockPref("browser.chrome.errorReporter.infoURL", "");
//
-// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
-// Section : Miscellaneous
-// >>>>>>>>>>>>>>>>>>>>>>
-// Pref : Test mozilla.cfg in about:config
-lockPref("_config.applied", true);
-// -------------------------------------
-// Pref : Updates addons automatically
-// https://blog.mozilla.org/addons/how-to-turn-off-add-on-updates/
-lockPref("extensions.update.enabled", true);
-lockPref("extensions.autoupdate.enabled", true);
-// -------------------------------------
-// Pref : Decrease system information leakage to Mozilla extensions update servers
-lockPref("extensions.update.url", "https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID%&version=%ITEM_VERSION%&maxAppVersion=%ITEM_MAXAPPVERSION%&status=%ITEM_STATUS%&appID=%APP_ID%&appVersion=%APP_VERSION%&appOS=%APP_OS%&appABI=%APP_ABI%&locale=en-US¤tAppVersion=%CURRENT_APP_VERSION%&updateType=%UPDATE_TYPE%&compatMode=%COMPATIBILITY_MODE%"); // [URL SANITIZED]
-lockPref("extensions.update.background.url", "https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID%&version=%ITEM_VERSION%&maxAppVersion=%ITEM_MAXAPPVERSION%&status=%ITEM_STATUS%&appID=%APP_ID%&appVersion=%APP_VERSION%&appOS=%APP_OS%&appABI=%APP_ABI%&locale=en-US¤tAppVersion=%CURRENT_APP_VERSION%&updateType=%UPDATE_TYPE%&compatMode=%COMPATIBILITY_MODE%"); // [URL SANITIZED]
-// -------------------------------------
-// Pref : Decrease system information leakage to Mozilla addons update servers
-lockPref("extensions.getAddons.browseAddons", ""); // [URL SANITIZED] // [FENNEC]
-lockPref("extensions.getAddons.get.url", "https://services.addons.mozilla.org/api/v3/addons/search/?guid=%IDS%&lang=en-US"); // [URL SANITIZED]
-lockPref("extensions.getAddons.link.url", "https://addons.mozilla.org/en-US/firefox/"); // [URL SANITIZED]
-lockPref("extensions.getAddons.search.browseURL", "https://addons.mozilla.org/en-US/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%"); // [URL SANITIZED]
-// -------------------------------------
-// Pref : Disable Web Compatibility Reporter
-// Web Compatibility Reporter adds a "Report Site Issue" button to send data to Mozilla
-lockPref("extensions.webcompat-reporter.enabled", false);
-lockPref("extensions.webcompat-reporter.newIssueEndpoint", "");
-// -------------------------------------
-// Pref : Don't let XPIProvider install distribution add-ons
-lockPref("extensions.installDistroAddons", false); // [DEFAULT: false] // [FENNEC]
-// -------------------------------------
-// Pref : Disable experiments extensions
-lockPref("extensions.experiments.enabled", false);
-// -------------------------------------
-// Pref : Provide haptic feedback on longPress selection events
-lockPref("layout.accessiblecaret.hapticfeedback", false); // [DEFAULT: true]
-// -------------------------------------
-// Pref : Disable Firefox Accounts and Sync
-lockPref("identity.fxaccounts.enabled", false); // [DESKTOP]
-lockPref("identity.fxaccounts.auth.uri", "");
-lockPref("identity.fxaccounts.remote.oauth.uri", "");
-lockPref("identity.fxaccounts.remote.profile.uri", "");
-lockPref("identity.sync.tokenserver.uri", "");
-lockPref("identity.fxaccounts.remote.webchannel.uri", ""); // [FENNEC - BUG] If left blank, it causes faded "Settings" on some devices
-lockPref("identity.fxaccounts.remote.root", ""); // [DESKTOP]
-lockPref("identity.fxaccounts.pairing.enabled", false); // [DESKTOP]
-lockPref("identity.fxaccounts.remote.pairing.uri", ""); // [DESKTOP]
-lockPref("identity.fxaccounts.toolbar.accessed", false); // [DESKTOP]
-lockPref("identity.fxaccounts.toolbar.enabled", false); // [DESKTOP]
-lockPref("identity.fxaccounts.migrateToDevEdition", false); // [DESKTOP]
-lockPref("identity.fxaccounts.contextParam", ""); // [DESKTOP]
-lockPref("identity.fxaccounts.commands.enabled", false); // [DESKTOP]
-lockPref("identity.fxaccounts.autoconfig.uri", ""); // [DESKTOP]
-lockPref("identity.fxaccounts.service.monitorLoginUrl", ""); // [DESKTOP]
-lockPref("identity.fxaccounts.service.sendLoginUrl", ""); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable snippets
-lockPref("browser.snippets.enabled", false); // [FENNEC]
-lockPref("browser.snippets.firstrunHomepage.enabled", false); // [FENNEC]
-lockPref("browser.snippets.statsUrl", ""); // [FENNEC]
-lockPref("browser.snippets.updateUrl", ""); // [FENNEC]
-lockPref("browser.snippets.syncPromo.enabled", false); // [FENNEC]
-// lockPref("browser.snippets.updateInterval", 0); // [FENNEC]
-// -------------------------------------
-// Pref : Disable Webextensions sync
-lockPref("webextensions.storage.sync.enabled", false); // [DESKTOP]
-lockPref("webextensions.storage.sync.serverURL", "");
-lockPref("webextensions.storage.sync.kinto", false);
-// -------------------------------------
-// Pref : Force Punycode for Internationalized Domain Names
-// https://www.xudongz.com/blog/2017/idn-phishing/
-// https://wiki.mozilla.org/IDN_Display_Algorithm
-// https://en.wikipedia.org/wiki/IDN_homograph_attack
-// https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/
-lockPref("network.IDN_show_punycode", true);
-// -------------------------------------
-// Pref : Disable page thumbnail collection
-// Look in profile/thumbnails directory, you may want to clean that out
-lockPref("browser.pagethumbnails.capturing_disabled", true); // [HIDDEN PREF]
-// -------------------------------------
-// Pref : Do not automatically send selection to clipboard on Linux and some UNIX-like platforms
-defaultPref("clipboard.autocopy", false);
-// -------------------------------------
-// Pref : Disable "beacon" asynchronous HTTP transfers (used for analytics)
-// https://developer.mozilla.org/en-US/docs/Web/API/navigator.sendBeacon
-lockPref("beacon.enabled", false);
-// -------------------------------------
-// Pref : Disable speech recognition
-// https://dvcs.w3.org/hg/speech-api/raw-file/tip/speechapi.html
-// https://developer.mozilla.org/en-US/docs/Web/API/SpeechRecognition
-// https://wiki.mozilla.org/HTML5_Speech_API
-lockPref("media.webspeech.recognition.enable", false); // [DEFAULT: true]
-lockPref("media.webspeech.recognition.force_enable", false); // [DEFAULT: false]
-lockPref("media.webspeech.test.enable", false); // [DEFAULT: false]
-lockPref("media.webspeech.test.fake_fsm_events", false); // [DEFAULT: false]
-lockPref("media.webspeech.test.fake_recognition_service", false); // [DEFAULT: false]
-// -------------------------------------
-// Pref : Don't use Mozilla-provided location-specific search engines
-lockPref("browser.search.geoSpecificDefaults", false);
-// -------------------------------------
-// Pref : Don't monitor OS online/offline connection state
-// https://gitlab.torproject.org/legacy/trac/-/issues/18945
-lockPref("network.manage-offline-status", false); // [DEFAULT: true]
-// -------------------------------------
-// Pref : Set File URI Origin Policy
-lockPref("security.fileuri.strict_origin_policy", true);
-// -------------------------------------
-// Pref : Disable SVG in OpenType fonts
-// https://wiki.mozilla.org/SVGOpenTypeFonts
-// https://github.com/iSECPartners/publications/tree/master/reports/Tor%20Browser%20Bundle
+// Disable rendering of SVG OpenType fonts
lockPref("gfx.font_rendering.opentype_svg.enabled", false);
// -------------------------------------
-// Pref : Ensure you have a security delay when installing add-ons (milliseconds)
-lockPref("security.dialog_enable_delay", 700);
-// -------------------------------------
-// Pref : Disable ADB extension download
-// https://developer.mozilla.org/docs/Tools/WebIDE
-// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16222
-defaultPref("devtools.debugger.remote-enabled", false);
-lockPref("devtools.remote.adb.extensionURL", ""); // [DESKTOP]
-lockPref("devtools.remote.adb.extensionID", ""); // [DESKTOP]
-// -------------------------------------
-// Pref : Force local debugging
-// https://developer.mozilla.org/en-US/docs/Tools/Remote_Debugging/Debugging_Firefox_Desktop
-// https://developer.mozilla.org/en-US/docs/Tools/Tools_Toolbox#Advanced_settings
-lockPref("devtools.debugger.force-local", true);
-// -------------------------------------
-// Pref : Prevent accessibility services from accessing your browser
-// https://support.mozilla.org/kb/accessibility-services
-lockPref("accessibility.force_disabled", 1);
-// -------------------------------------
-// Pref : Remove temp files opened with an external application
-// https://bugzilla.mozilla.org/302433
-lockPref("browser.helperApps.deleteTempFileOnExit", true);
-// -------------------------------------
-// Pref : Disable various developer tools in browser context
-// https://github.com/pyllyukko/user.js/issues/179#issuecomment-246468676
-defaultPref("devtools.chrome.enabled", false);
-// -------------------------------------
-// Pref : Disable MathML (Mathematical Markup Language)
-// [TEST] https://browserleaks.com/features - look for Modernizr.mathml
-// https://bugzilla.mozilla.org/1173199
-lockPref("mathml.disabled", true);
-// -------------------------------------
-// Pref : Disable middle mouse click paste leaking on Linux
-// https://bugzilla.mozilla.org/1528289
-// Useless on Android
-lockPref("middlemouse.paste", false);
-// -------------------------------------
-// Pref : Disable middle mouse click opening links from clipboard
-// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10089
-lockPref("middlemouse.contentLoadURL", false);
-// -------------------------------------
-// Pref : Limit HTTP redirects (this does not control redirects with HTML meta tags or JS)
-// [NOTE] A low setting of 5 or under will probably break some sites (e.g. gmail logins). To control HTML Meta tag and JS redirects, use an extension.
-lockPref("network.http.redirection-limit", 15); // [DEFAULT: 20]
-// -------------------------------------
-// Pref : Remove webchannel whitelist
-lockPref("webchannel.allowObject.urlWhitelist", "");
-// -------------------------------------
-// Pref : Disable exposure of system colors to CSS or canvas
-// [NOTE] May cause black on black for elements with undefined colors
-// https://bugzilla.mozilla.org/buglist.cgi?bug_id=232227,1330876
-// lockPref("ui.use_native_colors", true);
-// -------------------------------------
-// Pref : Discourage downloading to desktop (0=desktop 1=downloads 2=last used)
-lockPref("browser.download.folderList", 2);
-// -------------------------------------
-// Pref : Enforce user interaction, for security, by always asking the user where to download and then forget
-// [FENNEC] Fix for downloading issues
-lockPref("browser.download.useDownloadDir", false); // [FENNEC - BUG] It causes the breakage of all downloads
-lockPref("browser.download.lastDir", ""); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable adding downloads to the system's "recent documents" list
-lockPref("browser.download.manager.addToRecentDocs", false);
-// -------------------------------------
-// Pref : Disable "open with" in download dialog
-// This is very useful to enable when the browser is sandboxed (e.g. via AppArmor) in such a way that it is forbidden to run external applications.
-// [NOTE] This may interfere with some users' workflow or methods
-// https://bugzilla.mozilla.org/1281959
-lockPref("browser.download.forbid_open_with", true);
-// -------------------------------------
-// Pref : Lock down allowed extension directories
-// This will break extensions, language packs, themes and any other XPI files which are installed outside of profile directories
-// https://mike.kaply.com/2012/02/21/understanding-add-on-scopes/
-// archived: https://archive.is/DYjAM
-lockPref("extensions.enabledScopes", 5); // [DEFAULT: 1] // [HIDDEN PREF]
-lockPref("extensions.autoDisableScopes", 15); // [DEFAULT: 15]
-// -------------------------------------
-// Pref : Enable warning when websites try to install add-ons
-lockPref("xpinstall.whitelist.required", true); // [DEFAULT: true]
-// -------------------------------------
-// Pref : Enforce CSP (Content Security Policy)
-// [WARNING] CSP is a very important and widespread security feature. Don't disable it!
-// https://developer.mozilla.org/docs/Web/HTTP/CSP
-defaultPref("security.csp.enable", true); // [DEFAULT: true]
-// -------------------------------------
-// Pref : Block top level window data: URIs
-// https://bugzilla.mozilla.org/1331351
-// https://www.wordfence.com/blog/2017/01/gmail-phishing-data-uri/
-// https://www.fxsitecompat.com/en-CA/docs/2017/data-url-navigations-on-top-level-window-will-be-blocked/
-lockPref("security.data_uri.block_toplevel_data_uri_navigations", true); // [DEFAULT: true]
-// -------------------------------------
-// Pref : Enable only whitelisted URL protocol handlers
-// https://news.ycombinator.com/item?id=13047883
-// https://bugzilla.mozilla.org/show_bug.cgi?id=167475
-// https://github.com/pyllyukko/user.js/pull/285#issuecomment-298124005
-// [NOTE] Disabling nonessential protocols breaks all interaction with custom protocols such as mailto:, irc:, magnet: ... and breaks opening third-party mail/messaging/torrent/... clients when clicking on links with these protocols
-// If you want to enable a protocol, set network.protocol-handler.expose.(protocol) to true and network.protocol-handler.external.(protocol) to:
-// * true, if the protocol should be handled by an external application
-// * false, if the protocol should be handled internally by Firefox
-lockPref("network.protocol-handler.warn-external-default", true);
-lockPref("network.protocol-handler.external.javascript", false);
-lockPref("network.protocol-handler.external.data", false);
-lockPref("network.protocol-handler.external.about", false); // [DESKTOP]
-lockPref("network.protocol-handler.external.blob", false); // [DESKTOP]
-lockPref("network.protocol-handler.external.chrome", false); // [DESKTOP]
-lockPref("network.protocol-handler.external.file", false); // [DESKTOP]
-lockPref("network.protocol-handler.external.ftp", false); // [DESKTOP]
-lockPref("network.protocol-handler.external.http", false); // [DESKTOP]
-lockPref("network.protocol-handler.external.https", false); // [DESKTOP]
-lockPref("network.protocol-handler.external.moz-extension", false); // [DESKTOP]
-lockPref("network.protocol-handler.external.ms-windows-store", false); // [DESKTOP]
-lockPref("network.protocol-handler.expose-all", false);
-lockPref("network.protocol-handler.expose.http", true);
-lockPref("network.protocol-handler.expose.https", true);
-lockPref("network.protocol-handler.expose.javascript", true);
-lockPref("network.protocol-handler.expose.moz-extension", true);
-lockPref("network.protocol-handler.expose.ftp", true);
-lockPref("network.protocol-handler.expose.file", true);
-lockPref("network.protocol-handler.expose.about", true);
-lockPref("network.protocol-handler.expose.chrome", true);
-lockPref("network.protocol-handler.expose.blob", true);
-lockPref("network.protocol-handler.expose.data", true);
-// -------------------------------------
-// Pref : Don't allow meta-refresh when backgrounded
-lockPref("browser.meta_refresh_when_inactive.disabled", true);
-// -------------------------------------
-// Pref : Optimize images memory usage
-lockPref("image.downscale-during-decode.enabled", true);
-// -------------------------------------
-// Pref : Disable firstrun showup
-lockPref("browser.firstrun.show.uidiscovery", false); // [DEFAULT: true]
-lockPref("browser.firstrun.show.localepicker", false); // [DEFAULT: false]
-// -------------------------------------
-// Pref : Disable sending console to logcat on release builds.
-lockPref("consoleservice.logcat", false); // [FENNEC]
-// -------------------------------------
-// Pref : Disable Pocket
-// https://support.mozilla.org/en-US/kb/save-web-pages-later-pocket-firefox
-// https://github.com/pyllyukko/user.js/issues/143
-lockPref("browser.pocket.enabled", false); // [DESKTOP]
-lockPref("extensions.pocket.enabled", false); // [DESKTOP]
-lockPref("extensions.pocket.api", ""); // [DESKTOP]
-lockPref("extensions.pocket.oAuthConsumerKey", ""); // [DESKTOP]
-lockPref("extensions.pocket.site", ""); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable Displaying Javascript in History URLs
-lockPref("browser.urlbar.filter.javascript", true); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable Firefox's built-in PDF reader
-// This setting controls if the option "Display in Firefox" is available in the setting below and by effect controls whether PDFs are handled in-browser or externally ("Ask" or "Open With")
-// PROS: pdfjs is lightweight, open source, and as secure/vetted as any pdf reader out there (more than most)
-// Exploits are rare (1 serious case in 4 yrs), treated seriously and patched quickly.
-// It doesn't break "state separation" of browser content (by not sharing with OS, independent apps).
-// It maintains disk avoidance and application data isolation. It's convenient. You can still save to disk.
-// CONS: You may prefer a different pdf reader for security reasons
-// CAVEAT: JS can still force a pdf to open in-browser by bundling its own code (rare)
-defaultPref("pdfjs.disabled", true); // [DEFAULT: false] // [DESKTOP]
-lockPref("pdfjs.enabledCache.state", false); // [DESKTOP]
-lockPref("pdfjs.previousHandler.alwaysAskBeforeHandling", true); // [DESKTOP]
-defaultPref("browser.helperApps.showOpenOptionForPdfJS", false); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable exposure of system colors to CSS or canvas
-// [NOTE] See second listed bug: may cause black on black for elements with undefined colors
-// https://bugzilla.mozilla.org/buglist.cgi?bug_id=232227,1330876
-lockPref("ui.use_standins_for_native_colors", true); // [DESKTOP]
-// -------------------------------------
-// Pref : Close tab with double click action
-defaultPref("browser.tabs.closeTabByDblclick", true); // [DESKTOP]
-// -------------------------------------
-// Pref : Remove special permissions for certain mozilla domains
-// resource://app/defaults/permissions
-lockPref("permissions.manager.defaultsUrl", ""); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable in-content SVG rendering
-// Disabling SVG support breaks many UI elements on many sites incl. youtube player controls
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1216893
-// https://github.com/iSECPartners/publications/raw/master/reports/Tor%20Browser%20Bundle/Tor%20Browser%20Bundle%20-%20iSEC%20Deliverable%201.3.pdf#16
-// lockPref("svg.disabled", true);
-// -------------------------------------
-// Pref : Enable FF Process Priority Manager
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1548364
-lockPref("dom.ipc.processPriorityManager.enabled", true); // [DESKTOP] // [TEST]
-// -------------------------------------
-// Pref : Enforce no system colors
-// [NOTE] They can be fingerprinted
-lockPref("browser.display.use_system_colors", false); // [DEFAULT: false]
-// -------------------------------------
-// Pref : Disable purge site data after identifying tracking site via cookies
-// [NOTE] Relax this with 'privacy.clearOnShutdown.*' enabled
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1599262
-// https://www.ghacks.net/2020/03/04/firefox-75-will-purge-site-data-if-associated-with-tracking-cookies/
-lockPref("privacy.purge_trackers.enabled", false);
-// -------------------------------------
-// Pref : Disable permissions delegation
-// Currently applies to cross-origin geolocation, camera, mic and screen-sharing permissions, and fullscreen requests. Disabling delegation means any prompts for these will show/use their correct 3rd party origin
-// https://groups.google.com/forum/#!topic/mozilla.dev.platform/BdFOMAuCGW8/discussion
-lockPref("permissions.delegation.enabled", false);
-// -------------------------------------
-// Pref : Disable the default checkedness for "Save card and address to Firefox" checkboxes
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1477106
-lockPref("dom.payments.defaults.saveAddress", false);
-lockPref("dom.payments.defaults.saveCreditCard", false);
+// Limit font visibility (Windows, Mac, some Linux) [FF94+]
+// 1=only base system fonts, 2=also fonts from optional language packs, 3=also user-installed fonts
+// lockPref("layout.css.font-visibility.private", 1);
+// lockPref("layout.css.font-visibility.standard", 1);
+// lockPref("layout.css.font-visibility.trackingprotection", 1);
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
-// Section : Web Workers
-// >>>>>>>>>>>>>>>>>>>>>>
-// Pref : Disable service workers
-// Service workers essentially act as proxy servers that sit between web apps, and the browser and network, are event driven, and can control the web page/site it is associated with, intercepting and modifying navigation and resource requests, and caching resources.
-// [NOTE] Service worker APIs are hidden (in Firefox) and cannot be used when in PB mode.
-// [NOTE] Service workers only run over HTTPS. Service workers have no DOM access.
-lockPref("dom.serviceWorkers.enabled", false);
+// HEADERS / REFERERS
+// >>>>>>>>>>>>>>>>>>>>>
+//
+// Control when to send a cross-origin referer
+// 0=always (default), 1=only if base domains match, 2=only if hosts match
+defaultPref("network.http.referer.XOriginPolicy", 2);
// -------------------------------------
-// Pref : Disable push service
-// The upstream autopush endpoint must have the Google API key corresponding to the App's sender ID; we bake this assumption directly into the URL.
-lockPref("dom.push.enabled", false);
-lockPref("dom.push.serverURL", "");
-// -------------------------------------
-// Pref : Disable web notifications
-// [NOTE] Web Notifications can also use service workers and are behind a prompt
-// https://developer.mozilla.org/docs/Web/API/Notifications_API
-lockPref("notification.feature.enabled", false); // [FENNEC]
-lockPref("dom.webnotifications.enabled", false);
-lockPref("dom.webnotifications.serviceworker.enabled", false);
-// -------------------------------------
-// Pref : Prevent tooltips from showing up
-lockPref("browser.chrome.toolbar_tips", false);
-// -------------------------------------
-// Pref : Disable push notifications
-// Web apps can receive messages pushed to them from a server, whether or not the web app is in the foreground, or even currently loaded
-// https://developer.mozilla.org/docs/Web/API/Push_API
-lockPref("dom.push.alwaysConnect", false);
-lockPref("dom.push.debug", false);
-lockPref("dom.push.connection.enabled", false);
-lockPref("dom.push.userAgentID", "");
-lockPref("dom.push.udp.wakeupEnabled", false); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable hiding mime types not associated with a plugin
-lockPref("browser.download.hide_plugins_without_extensions", false); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable PiP (Picture-in-picture)
-lockPref("media.videocontrols.picture-in-picture.enabled", false);
-lockPref("media.videocontrols.picture-in-picture.video-toggle.enabled", false);
-lockPref("media.videocontrols.picture-in-picture.video-toggle.flyout-enabled", false); // [FENIX]
-lockPref("media.videocontrols.picture-in-picture.audio-toggle.enabled", false); // [DESKTOP]
-lockPref("media.videocontrols.picture-in-picture.keyboard-controls.enabled", false); // [DESKTOP]
-lockPref("media.videocontrols.picture-in-picture.video-toggle.always-show", false); // [DESKTOP]
+// Control the amount of cross-origin information to send [FF52+]
+// 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port
+defaultPref("network.http.referer.XOriginTrimmingPolicy", 2);
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
-// Section : DOM (Document Object Model) & Javascript
-// >>>>>>>>>>>>>>>>>>>>>>
-// Pref : Disable right-click menu manipulation via JavaScript
-lockPref("dom.event.contextmenu.enabled", false);
+// CONTAINERS
+// >>>>>>>>>>>>>>>>>>>>>
+//
+// Enable Container Tabs and its UI setting [FF50+]
+lockPref("privacy.userContext.enabled", true);
+lockPref("privacy.userContext.ui.enabled", true);
// -------------------------------------
-// Pref : Disable website access to clipboard events/content
-// [NOTE] This will break some sites' functionality e.g. Outlook, Twitter, Facebook, Wordpress
-// [WARNING] If both 'middlemouse.paste' and 'general.autoScroll' are true (at least one is default (false) then enabling this pref can leak clipboard content
-// https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Preference_reference/dom.event.clipboardevents.enabled
-// https://www.ghacks.net/2014/01/08/block-websites-reading-modifying-clipboard-contents-firefox/
-// https://bugzilla.mozilla.org/1528289
-lockPref("dom.event.clipboardevents.enabled", false);
+// Set behavior on "+ Tab" button to display container menu on left click [FF74+]
+// lockPref("privacy.userContext.newTabContainerOnLeftClick.enabled", true);
+//
+// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+// PLUGINS / MEDIA / WEBRTC
+// >>>>>>>>>>>>>>>>>>>>>
+//
+// Disable WebRTC (Web Real-Time Communication)
+defaultPref("media.peerconnection.enabled", false);
// -------------------------------------
-// Pref : Disable "Confirm you want to leave" dialog on page close
-// Does not prevent JS leaks of the page close event.
-// https://developer.mozilla.org/docs/Web/Events/beforeunload
-// https://support.mozilla.org/questions/1043508
+// Force WebRTC inside the proxy [FF70+]
+lockPref("media.peerconnection.ice.proxy_only_if_behind_proxy", true);
+// -------------------------------------
+// Force a single network interface for ICE candidates generation [FF42+]
+lockPref("media.peerconnection.ice.default_address_only", true);
+// -------------------------------------
+// Force exclusion of private IPs from ICE candidates [FF51+]
+// lockPref("media.peerconnection.ice.no_host", true);
+// -------------------------------------
+// Disable GMP (Gecko Media Plugins)
+defaultPref("media.gmp-provider.enabled", false);
+defaultPref("media.gmp-manager.url", "");
+defaultPref("media.gmp-gmpopenh264.enabled", false);
+// -------------------------------------
+// Disable widevine CDM (Content Decryption Module)
+defaultPref("media.gmp-widevinecdm.enabled", false);
+// -------------------------------------
+// Disable all DRM content (EME: Encryption Media Extension)
+defaultPref("media.eme.enabled", false);
+defaultPref("browser.eme.ui.enabled", false);
+// -------------------------------------
+// Disable autoplay of HTML5 media [FF63+]
+// 0=Allow all, 1=Block non-muted media (default), 5=Block all
+// lockPref("media.autoplay.default", 5);
+// -------------------------------------
+// Disable autoplay of HTML5 media if you interacted with the site [FF78+]
+// 0=sticky (default), 1=transient, 2=user
+lockPref("media.autoplay.blocking_policy", 2);
+//
+// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+// DOM (DOCUMENT OBJECT MODEL)
+// >>>>>>>>>>>>>>>>>>>>>
+//
+// Disable "Confirm you want to leave" dialog on page close
lockPref("dom.disable_beforeunload", true);
// -------------------------------------
-// Pref : Disable shaking the screen (Vibrator API)
-lockPref("dom.vibrator.enabled", false);
+// Prevent scripts from moving and resizing open windows
+lockPref("dom.disable_window_move_resize", true);
// -------------------------------------
-// Pref : Disable clipboard commands (cut/copy) from "non-privileged" content
-// This disable document.execCommand("cut"/"copy") to protect your clipboard
-// https://bugzilla.mozilla.org/1170911
-// lockPref("dom.allow_cut_copy", false);
+// Block popup windows
+lockPref("dom.disable_open_during_load", true);
// -------------------------------------
-// Pref : Disable asm.js
-// https://www.mozilla.org/security/advisories/mfsa2015-29/
-// https://www.mozilla.org/security/advisories/mfsa2015-50/
-// https://www.mozilla.org/security/advisories/mfsa2017-01/#CVE-2017-5375
-// https://www.mozilla.org/security/advisories/mfsa2017-05/#CVE-2017-5400
-// https://rh0dev.github.io/blog/2017/the-return-of-the-jit/
+// Limit events that can cause a popup [SETUP-WEB]
+lockPref("dom.popup_allowed_events", "click dblclick mousedown pointerdown");
+//
+// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+// MISCELLANEOUS
+// >>>>>>>>>>>>>>>>>>>>>
+//
+// Prevent accessibility services from accessing your browser [RESTART]
+lockPref("accessibility.force_disabled", 1);
+// -------------------------------------
+// Disable sending additional analytics to web servers
+lockPref("beacon.enabled", false);
+// -------------------------------------
+// Remove temp files opened with an external application
+lockPref("browser.helperApps.deleteTempFileOnExit", true);
+// -------------------------------------
+// Disable page thumbnail collection
+lockPref("browser.pagethumbnails.capturing_disabled", true); // [HIDDEN PREF]
+// -------------------------------------
+// Disable UITour backend so there is no chance that a remote page can use it
+lockPref("browser.uitour.enabled", false);
+lockPref("browser.uitour.url", "");
+// -------------------------------------
+// Disable various developer tools in browser context
+defaultPref("devtools.chrome.enabled", false);
+// -------------------------------------
+// Reset remote debugging to disabled
+defaultPref("devtools.debugger.remote-enabled", false); // [DEFAULT: false]
+// -------------------------------------
+// Disable middle mouse click opening links from clipboard
+lockPref("middlemouse.contentLoadURL", false);
+// -------------------------------------
+// Disable websites overriding Firefox's keyboard shortcuts [FF58+]
+// 0 (default) or 1=allow, 2=block
+// lockPref("permissions.default.shortcuts", 2);
+// -------------------------------------
+// Remove special permissions for certain mozilla domains [FF35+]
+lockPref("permissions.manager.defaultsUrl", "");
+// -------------------------------------
+// Remove webchannel whitelist
+lockPref("webchannel.allowObject.urlWhitelist", "");
+// -------------------------------------
+// Use Punycode in Internationalized Domain Names to eliminate possible spoofing
+lockPref("network.IDN_show_punycode", true);
+// -------------------------------------
+// Enforce PDFJS, disable PDFJS scripting [SETUP-CHROME]
+lockPref("pdfjs.disabled", false); // [DEFAULT: false]
+lockPref("pdfjs.enableScripting", false); // [FF86+]
+// -------------------------------------
+// Disable links launching Windows Store on Windows 8/8.1/10 [WINDOWS]
+lockPref("network.protocol-handler.external.ms-windows-store", false);
+// -------------------------------------
+// Disable permissions delegation [FF73+]
+lockPref("permissions.delegation.enabled", false);
+//
+// DOWNLOADS
+//
+// Enable user interaction for security by always asking where to download
+defaultPref("browser.download.useDownloadDir", false);
+// -------------------------------------
+// Disable downloads panel opening on every download [FF96+]
+lockPref("browser.download.alwaysOpenPanel", false);
+// -------------------------------------
+// Disable adding downloads to the system's "recent documents" list
+lockPref("browser.download.manager.addToRecentDocs", false);
+//
+// EXTENSIONS
+//
+// Lock down allowed extension directories
+lockPref("extensions.enabledScopes", 5); // [HIDDEN PREF]
+lockPref("extensions.autoDisableScopes", 15); // [DEFAULT: 15]
+// -------------------------------------
+// Disable bypassing 3rd party extension install prompts [FF82+]
+lockPref("extensions.postDownloadThirdPartyPrompt", false);
+// -------------------------------------
+// Disable webextension restrictions on certain mozilla domains [FF60+]
+// lockPref("extensions.webextensions.restrictedDomains", "");
+// -------------------------------------
+// Disable extensions suggestions
+lockPref("extensions.webservice.discoverURL", "");
+//
+// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+// ETP (ENHANCED TRACKING PROTECTION)
+// >>>>>>>>>>>>>>>>>>>>>
+//
+// Enable ETP Strict Mode [FF86+]
+lockPref("browser.contentblocking.category", "strict");
+// -------------------------------------
+// Disable ETP web compat features [FF93+]
+// lockPref("privacy.antitracking.enableWebcompat", false);
+// -------------------------------------
+// Enable state partitioning of service workers [FF96+]
+lockPref("privacy.partition.serviceWorkers", true);
+//
+// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+// SHUTDOWN & SANITIZING
+// >>>>>>>>>>>>>>>>>>>>>
+//
+// COOKIES + SITE DATA : ALLOWS EXCEPTIONS
+//
+// Delete cookies and site data on exit
+// 0=keep until they expire (default), 2=keep until you close Firefox
+defaultPref("network.cookie.lifetimePolicy", 2);
+// -------------------------------------
+// Delete cache on exit [FF96+]
+// lockPref("privacy.clearsitedata.cache.enabled", true);
+// -------------------------------------
+// Set third-party cookies to session-only
+lockPref("network.cookie.thirdparty.sessionOnly", true);
+lockPref("network.cookie.thirdparty.nonsecureSessionOnly", true); // [FF58+]
+//
+// SANITIZE ON SHUTDOWN : ALL OR NOTHING
+//
+// Enable Firefox to clear items on shutdown
+defaultPref("privacy.sanitize.sanitizeOnShutdown", true);
+// -------------------------------------
+// Set/enforce what items to clear on shutdown [SETUP-CHROME]
+defaultPref("privacy.clearOnShutdown.cache", true);
+defaultPref("privacy.clearOnShutdown.downloads", true); // [DEFAULT: true]
+defaultPref("privacy.clearOnShutdown.formdata", true); // [DEFAULT: true]
+defaultPref("privacy.clearOnShutdown.history", true); // [DEFAULT: true]
+defaultPref("privacy.clearOnShutdown.sessions", true); // [DEFAULT: true]
+defaultPref("privacy.clearOnShutdown.offlineApps", true); // [DEFAULT: false]
+defaultPref("privacy.clearOnShutdown.cookies", true);
+// defaultPref("privacy.clearOnShutdown.siteSettings", false); // [DEFAULT: false]
+// -------------------------------------
+// Reset default items to clear with Ctrl-Shift-Del [SETUP-CHROME]
+lockPref("privacy.cpd.cache", true); // [DEFAULT: true]
+lockPref("privacy.cpd.formdata", true); // Form & Search History
+lockPref("privacy.cpd.history", true); // Browsing & Download History
+lockPref("privacy.cpd.offlineApps", true); // Offline Website Data
+lockPref("privacy.cpd.sessions", true); // [DEFAULT: true]
+lockPref("privacy.cpd.offlineApps", true); // [DEFAULT: false]
+lockPref("privacy.cpd.cookies", true);
+// lockPref("privacy.cpd.downloads", true); // not used
+// lockPref("privacy.cpd.passwords", false); // [DEFAULT: false] not listed
+// lockPref("privacy.cpd.siteSettings", false); // [DEFAULT: false]
+// -------------------------------------
+// Clear Session Restore data when sanitizing on shutdown or manually [FF34+]
+// lockPref("privacy.clearOnShutdown.openWindows", true);
+// lockPref("privacy.cpd.openWindows", true);
+// -------------------------------------
+// Reset default "Time range to clear" for "Clear Recent History"
+// 0=everything, 1=last hour, 2=last two hours, 3=last four hours, 4=today
+lockPref("privacy.sanitize.timeSpan", 0);
+//
+// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+// RFP (RESIST FINGERPRINTING)
+// >>>>>>>>>>>>>>>>>>>>>
+//
+// Enable privacy.resistFingerprinting [FF41+]
+lockPref("privacy.resistFingerprinting", true);
+// -------------------------------------
+// Set new window size rounding max values [FF55+]
+// lockPref("privacy.window.maxInnerWidth", 1600);
+// lockPref("privacy.window.maxInnerHeight", 900);
+// -------------------------------------
+// Disable mozAddonManager Web API [FF57+]
+lockPref("privacy.resistFingerprinting.block_mozAddonManager", true); // [HIDDEN PREF]
+// -------------------------------------
+// Enable RFP letterboxing [FF67+]
+// lockPref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF]
+// lockPref("privacy.resistFingerprinting.letterboxing.dimensions", ""); // [HIDDEN PREF]
+// -------------------------------------
+// Experimental RFP [FF91+]
+// lockPref("privacy.resistFingerprinting.exemptedDomains", "*.example.invalid");
+// lockPref("privacy.resistFingerprinting.testGranularityMask", 0);
+// -------------------------------------
+// Set RFP's font visibility level [FF94+]
+// lockPref("layout.css.font-visibility.resistFingerprinting", 1); // [DEFAULT: 1]
+// -------------------------------------
+// Disable showing about:blank as soon as possible during startup [FF60+]
+lockPref("browser.startup.blankWindow", false);
+// -------------------------------------
+// Disable using system colors
+lockPref("browser.display.use_system_colors", false); // [DEFAULT false NON-WINDOWS]
+// -------------------------------------
+// Enforce non-native widget theme
+lockPref("widget.non-native-theme.enabled", true); // [DEFAULT: true]
+// -------------------------------------
+// Enforce links targeting new windows to open in a new tab instead
+// 1=most recent window or tab, 2=new window, 3=new tab
+lockPref("browser.link.open_newwindow", 3); // [DEFAULT: 3]
+// -------------------------------------
+// Set all open window methods to abide by "browser.link.open_newwindow"
+lockPref("browser.link.open_newwindow.restriction", 0);
+// -------------------------------------
+// Disable WebGL (Web Graphics Library)
+defaultPref("webgl.disabled", true);
+// -------------------------------------
+// Enable URL query stripping
+lockPref("privacy.query_stripping.enabled", true);
+// -------------------------------------
+// Set the strip list for URL query stripping
+lockPref("privacy.query_stripping.strip_list", "__hsfp __hssc __hstc __s _hsenc _openstat dclid fbclid gbraid gclid hsCtaTracking igshid mc_eid ml_subscriber ml_subscriber_hash msclkid oly_anon_id oly_enc_id rb_clickid s_cid twclid vero_conv vero_id wbraid wickedid yclid");
+//
+// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+// OPTIONAL OPSEC
+// >>>>>>>>>>>>>>>>>>>>>
+//
+// Start Firefox in PB (Private Browsing) mode
+// lockPref("browser.privatebrowsing.autostart", true);
+// -------------------------------------
+// Disable memory cache
+// capacity: -1=determine dynamically (default), 0=none, n=memory capacity in kibibytes
+// lockPref("browser.cache.memory.enable", false);
+// lockPref("browser.cache.memory.capacity", 0);
+// -------------------------------------
+// Disable saving passwords
+// lockPref("signon.rememberSignons", false);
+// -------------------------------------
+// Disable permissions manager from writing to disk [FF41+] [RESTART]
+// lockPref("permissions.memory_only", true); // [HIDDEN PREF]
+// -------------------------------------
+// Disable intermediate certificate caching [FF41+] [RESTART]
+// lockPref("security.nocertdb", true); // [HIDDEN PREF]
+// -------------------------------------
+// Disable favicons in history and bookmarks
+lockPref("browser.chrome.site_icons", false);
+// -------------------------------------
+// Exclude "Undo Closed Tabs" in Session Restore
+// lockPref("browser.sessionstore.max_tabs_undo", 0);
+// -------------------------------------
+// Disable resuming session from crash
+// lockPref("browser.sessionstore.resume_from_crash", false);
+// -------------------------------------
+// Disable "open with" in download dialog [FF50+]
+// lockPref("browser.download.forbid_open_with", true);
+// -------------------------------------
+// Disable location bar suggestion types
+defaultPref("browser.urlbar.suggest.history", false);
+defaultPref("browser.urlbar.suggest.bookmark", false);
+defaultPref("browser.urlbar.suggest.openpage", false);
+defaultPref("browser.urlbar.suggest.topsites", false); // [FF78+]
+// -------------------------------------
+// Disable location bar dropdown
+// lockPref("browser.urlbar.maxRichResults", 0);
+// -------------------------------------
+// Disable location bar autofill
+lockPref("browser.urlbar.autoFill", false);
+// -------------------------------------
+// Disable browsing and download history
+defaultPref("places.history.enabled", false);
+// -------------------------------------
+// Disable Windows jumplist [WINDOWS]
+// lockPref("browser.taskbar.lists.enabled", false);
+// lockPref("browser.taskbar.lists.frequent.enabled", false);
+// lockPref("browser.taskbar.lists.recent.enabled", false);
+// lockPref("browser.taskbar.lists.tasks.enabled", false);
+// -------------------------------------
+// Disable Windows taskbar preview [WINDOWS]
+// lockPref("browser.taskbar.previews.enable", false); // [DEFAULT: false]
+// -------------------------------------
+// Discourage downloading to desktop
+// 0=desktop, 1=downloads (default), 2=last used
+// lockPref("browser.download.folderList", 2);
+// -------------------------------------
+// Enable Site Isolation
+lockPref("fission.autostart", true);
+lockPref("gfx.webrender.all", true);
+//
+// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+// OPTIONAL HARDENING
+// >>>>>>>>>>>>>>>>>>>>>
+//
+// Disable MathML (Mathematical Markup Language) [FF51+]
+lockPref("mathml.disabled", true);
+// -------------------------------------
+// Disable in-content SVG (Scalable Vector Graphics) [FF53+]
+// lockPref("svg.disabled", true);
+// -------------------------------------
+// Disable graphite
+lockPref("gfx.font_rendering.graphite.enabled", false);
+// -------------------------------------
+// Disable asm.js [FF22+]
lockPref("javascript.options.asmjs", false);
// -------------------------------------
-// Pref : Disable Ion, baseline JIT and RegExp to help harden JS against exploits
-// [NOTE] In FF75+, when (both) Ion and JIT are disabled, **and** the new hidden pref is enabled, then Ion can still be used by extensions
-// [WARNING] Disabling Ion/JIT can cause some site issues and performance loss
-// https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817
-// https://gitlab.torproject.org/legacy/trac/-/issues/26019
-lockPref("javascript.options.ion", false);
-lockPref("javascript.options.baselinejit", false); // [FENNEC - BUG] Addons issues
-lockPref("javascript.options.jit_trustedprincipals", true); // [HIDDEN PREF] // [DESKTOP ?]
-lockPref("javascript.options.native_regexp", false);
+// Disable Ion and baseline JIT to harden against JS exploits
+defaultPref("javascript.options.ion", false);
+defaultPref("javascript.options.baselinejit", false);
+defaultPref("javascript.options.jit_trustedprincipals", true); // [FF75+] [HIDDEN PREF]
// -------------------------------------
-// Pref : Disable WebAssembly
-// https://webassembly.org/
-// https://developer.mozilla.org/docs/WebAssembly
-// https://en.wikipedia.org/wiki/WebAssembly
-// https://gitlab.torproject.org/legacy/trac/-/issues/21549
-lockPref("javascript.options.wasm", false);
-lockPref("javascript.options.wasm_baselinejit", false);
-lockPref("javascript.options.wasm_cranelift", false);
-lockPref("javascript.options.wasm_gc", false);
-lockPref("javascript.options.wasm_ionjit", false);
-lockPref("javascript.options.wasm_reftypes", false);
-lockPref("javascript.options.wasm_trustedprincipals", false);
-lockPref("javascript.options.wasm_verbose", false);
-lockPref("javascript.options.wasm_multi_value", false);
-// -------------------------------------
-// Pref : Disable Intersection Observer API
-// Almost a year to complete, three versions late to stable (as default false), number #1 cause of crashes in nightly numerous times, and is (primarily) an ad network API for "ad viewability checks" down to a pixel level
-// https://developer.mozilla.org/docs/Web/API/Intersection_Observer_API
-// https://w3c.github.io/IntersectionObserver/
-// https://bugzilla.mozilla.org/1243846
-lockPref("dom.IntersectionObserver.enabled", false);
-// -------------------------------------
-// Pref : Disable Shared Memory (Spectre mitigation)
-// https://github.com/tc39/ecmascript_sharedmem/blob/master/TUTORIAL.md
-// https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
-lockPref("javascript.options.shared_memory", false); // [DEFAULT: true]
-// -------------------------------------
-// Pref : Enable (limited but sufficient) window.opener protection
-// Makes rel=noopener implicit for target=_blank in anchor and area elements when no rel attribute is set
-lockPref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: false]
-// -------------------------------------
-// Pref : Don't reveal build ID
-// https://bugzilla.mozilla.org/show_bug.cgi?id=583181
-// lockPref("browser.startup.homepage_override.buildID", "");
-// lockPref("extensions.lastAppBuildId", "");
-// lockPref("media.gmp-manager.buildID", "");
-// lockPref("browser.sessionstore.upgradeBackup.latestBuildID", ""); // [DESKTOP]
-// lockPref("general.buildID.override", "");
-// -------------------------------------
-// Pref : Disable raw TCP socket support (mozTCPSocket)
-// https://gitlab.torproject.org/legacy/trac/-/issues/18863
-// https://www.mozilla.org/en-US/security/advisories/mfsa2015-97/
-// https://developer.mozilla.org/docs/Mozilla/B2G_OS/API/TCPSocket
-lockPref("dom.mozTCPSocket.enabled", false); // [DESKTOP]
+// Disable WebAssembly [FF52+]
+defaultPref("javascript.options.wasm", false);
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
-// Section : Media / Camera / Mic
-// >>>>>>>>>>>>>>>>>>>>>>
-// Pref : WebSockets is a technology that makes it possible to open an interactive communication session between the user's browser and a server. (May leak IP when using proxy/VPN)
-lockPref("media.peerconnection.enabled", false);
+// DON'T TOUCH
+// >>>>>>>>>>>>>>>>>>>>>
+//
+// Disable Firefox blocklist
+lockPref("extensions.blocklist.enabled", false); // [DEFAULT: true]
+lockPref("extensions.blocklist.addonItemURL", "");
+lockPref("extensions.blocklist.detailsURL", "");
+lockPref("extensions.blocklist.itemURL", "");
+lockPref("services.blocklist.addons.collection", "");
+lockPref("services.blocklist.addons.signer", "");
+lockPref("services.blocklist.plugins.collection", "");
+lockPref("services.blocklist.plugins.signer", "");
+lockPref("services.blocklist.gfx.collection", "");
+lockPref("services.blocklist.gfx.signer", "");
// -------------------------------------
-// Pref : Limit WebRTC IP leaks if using WebRTC
-// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1189041,1297416
-// https://wiki.mozilla.org/Media/WebRTC/Privacy
-lockPref("media.peerconnection.ice.default_address_only", true);
-lockPref("media.peerconnection.ice.no_host", true);
-lockPref("media.peerconnection.use_document_iceservers", false);
-lockPref("media.peerconnection.identity.enabled", false);
-lockPref("media.peerconnection.turn.disable", true);
-lockPref("media.peerconnection.ice.tcp", false);
-lockPref("media.peerconnection.video.enabled", false);
+// Enforce no referer spoofing
+lockPref("network.http.referer.spoofSource", true); // [DEFAULT: false]
// -------------------------------------
-// Pref : Disable WebGL I/II
-// [WARNING] WebGL introduce high fingerprinting... (webgl is direct hardware js)
-lockPref("webgl.disabled", true);
-lockPref("webgl.enable-webgl2", false);
-lockPref("webgl.min_capability_mode", true);
-lockPref("pdfjs.enableWebGL", false);
-lockPref("webgl.disable-wgl", true); // [DEFAULT: false]
-lockPref("webgl.disable-fail-if-major-performance-caveat", true);
-lockPref("webgl.can-lose-context-in-foreground", false); // [DEFAULT: true]
-lockPref("webgl.force-enabled", false);
-lockPref("webgl.vendor-string-override", " ");
-lockPref("webgl.renderer-string-override", " ");
-lockPref("webgl.all-angle-options", false);
-lockPref("webgl.allow-immediate-queries", false);
-lockPref("webgl.default-antialias", false);
-lockPref("webgl.enable-surface-texture", false);
-lockPref("webgl.cgl.multithreaded", false);
-lockPref("webgl.dxgl.enabled", false);
+// Enforce a security delay on some confirmation dialogs such as install, open/save
+lockPref("security.dialog_enable_delay", 1000); // [DEFAULT: 1000]
// -------------------------------------
-// Pref : Disable screensharing and audiocapture
-lockPref("media.getusermedia.screensharing.enabled", false); // [DESKTOP]
-lockPref("media.getusermedia.browser.enabled", false);
-lockPref("media.getusermedia.audiocapture.enabled", false);
+// Enforce window.opener protection [FF65+]
+lockPref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: true]
// -------------------------------------
-// Pref : Disable camera support
-lockPref("device.camera.enabled", false); // [DEFAULT: true] // [FENNEC]
-lockPref("media.realtime_decoder.enabled", false); // [DEFAULT: true] // [FENNEC]
+// Enforce "window.name" protection [FF82+]
+lockPref("privacy.window.name.update.enabled", true); // [DEFAULT: true]
// -------------------------------------
-// Pref : Disable canvas capture stream
-// https://developer.mozilla.org/docs/Web/API/HTMLCanvasElement/captureStream
-lockPref("canvas.capturestream.enabled", false);
+// Enforce Local Storage Next Generation (LSNG) [FF65+]
+lockPref("dom.storage.next_gen", true); // [DEFAULT: true FF92+]
// -------------------------------------
-// Pref : Disable camera image capture
-// https://gitlab.torproject.org/legacy/trac/-/issues/16339
-lockPref("dom.imagecapture.enabled", false); // [DEFAULT: false]
+// Enforce no First Party Isolation [FF51+]
+defaultPref("privacy.firstparty.isolate", false); // [DEFAULT: false]
// -------------------------------------
-// Pref : Disable offscreen canvas
-// https://developer.mozilla.org/docs/Web/API/OffscreenCanvas
-lockPref("gfx.offscreencanvas.enabled", false); // [DEFAULT: false]
+// Enforce SmartBlock shims [FF81+]
+lockPref("extensions.webcompat.enable_shims", true); // [DEFAULT: true]
// -------------------------------------
-// Pref : Disable autoplay of HTML5 media
-// 0=Allow all, 1=Block non-muted media, 5=Block all
-// [NOTE] You can set exceptions under site permissions
-lockPref("media.autoplay.default", 5);
-lockPref("media.autoplay.block-event.enabled", true); // [DEFAULT: false]
-lockPref("media.autoplay.block-webaudio", true); // [DEFAULT: false]
+// Enforce/reset TLS 1.0/1.1 downgrades to session only
+lockPref("security.tls.version.enable-deprecated", false); // [DEFAULT: false]
// -------------------------------------
-// Pref : Disable autoplay of HTML5 media if you interacted with the site
-// 0=sticky (default), 1=transient, 2=user
-// https://html.spec.whatwg.org/multipage/interaction.html#sticky-activation
-lockPref("media.autoplay.blocking_policy", 2);
+// Enforce disabling of Web Compatibility Reporter [FF56+]
+lockPref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false]
// -------------------------------------
-// Pref : Disable autoplay of HTML5 media in non-active tabs
-// https://www.ghacks.net/2016/11/14/firefox-51-blocks-automatic-audio-playback-in-non-active-tabs/
-lockPref("media.block-autoplay-until-in-foreground", true); // [DEFAULT: true]
+// PrefsCleaner: prefsCleaner: reset items removed from arkenfox FF92+
+// lockPref("dom.caches.enabled", "");
+// lockPref("dom.storageManager.enabled", "");
+// lockPref("dom.storage_access.enabled", "");
+// lockPref("privacy.firstparty.isolate.block_post_message", "");
+// lockPref("privacy.firstparty.isolate.restrict_opener_access", "");
+// lockPref("privacy.firstparty.isolate.use_site", "");
+// lockPref("security.insecure_connection_text.enabled", "");
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
-// Section : Location Bar / Search Bar / Suggestions / History / Forms
-// >>>>>>>>>>>>>>>>>>>>
-// Pref : Do not submit invalid URIs entered in the address bar to the default search engine
-lockPref("keyword.enabled", true); // [DEFAULT: true]
-// -------------------------------------
-// Pref : Don't try to guess domain names when entering an invalid domain name in URL bar
-lockPref("browser.fixup.alternate.enabled", false);
-// -------------------------------------
-// Pref : Don't trim HTTP off of URLs in the address bar
-// https://bugzilla.mozilla.org/show_bug.cgi?id=665580
-lockPref("browser.urlbar.trimURLs", false);
-// -------------------------------------
-// Pref : Limit history leaks via enumeration (PER TAB: back/forward)
-// This is a PER TAB session history. You still have a full history stored under all history
-// Minimum=1=currentpage, 2 is the recommended minimum as some pages use it as a means of referral (e.g. hotlinking), 4 or 6 or 10 may be more practical
-lockPref("browser.sessionhistory.max_entries", 4); // [DEFAULT: 50]
-// -------------------------------------
-// Pref : Disable coloring of visited links - CSS history leak
-// [NOTE] This has NEVER been fully "resolved": in Mozilla/docs it is stated it's only in 'certain circumstances'
-// [TEST] https://earthlng.github.io/testpages/visited_links.html (see github wiki APPENDIX C on how to use)
-// https://dbaron.org/mozilla/visited-privacy
-// https://bugzilla.mozilla.org/147777
-// https://developer.mozilla.org/docs/Web/CSS/Privacy_and_the_:visited_selector
-lockPref("layout.css.visited_links_enabled", false);
-// -------------------------------------
-// Pref : Disable live search suggestions
-lockPref("browser.search.suggest.enabled", false);
-lockPref("browser.search.suggest.enabled.private", false);
-lockPref("browser.urlbar.suggest.searches", false); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable "Would you like to turn on search suggestions" prompt message
-lockPref("browser.search.suggest.prompted", true); // [FENNEC]
-// -------------------------------------
-// Pref : Disable information entered in web page forms and the search bar
-// [NOTE] You can clear formdata on exiting Firefox
-defaultPref("browser.formfill.enable", false);
-// -------------------------------------
-// Pref : Disable date/time picker
-// [WARNING] This can leak your locale if not en-US
-// https://gitlab.torproject.org/legacy/trac/-/issues/21787
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1287503
-// lockPref("dom.forms.datetime", false);
-// -------------------------------------
-// Pref : Disable Windows jumplist
-lockPref("browser.taskbar.lists.enabled", false); // [WINDOWS] // [DESKTOP]
-lockPref("browser.taskbar.lists.frequent.enabled", false); // [WINDOWS] // [DESKTOP]
-lockPref("browser.taskbar.lists.recent.enabled", false); // [WINDOWS] // [DESKTOP]
-lockPref("browser.taskbar.lists.tasks.enabled", false); // [WINDOWS] // [DESKTOP]
-// -------------------------------------
-// Pref : Disable Windows taskbar preview
-lockPref("browser.taskbar.previews.enable", false); // [WINDOWS] // [DESKTOP]
-// -------------------------------------
-// Pref : Disable UITour backend so there is no chance that a remote page can use it
-lockPref("browser.uitour.enabled", false); // [DESKTOP]
-lockPref("browser.uitour.url", ""); // [DESKTOP]
-lockPref("browser.uitour.themeOrigin", ""); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable location bar making speculative connections
-// https://bugzilla.mozilla.org/1348275
-lockPref("browser.urlbar.speculativeConnect.enabled", false); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable location bar suggesting "preloaded" top websites
-// https://bugzilla.mozilla.org/1211726
-lockPref("browser.urlbar.usepreloadedtopurls.enabled", false); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable Firefox Tips / Search suggestions
-lockPref("browser.urlbar.daysBeforeHidingSuggestionsPrompt", 0); // [DESKTOP]
-lockPref("browser.urlbar.searchSuggestionsChoice", false); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable URL bar autocomplete and history/bookmarks suggestions dropdown
-// http://kb.mozillazine.org/Disabling_autocomplete_-_Firefox#Firefox_3.5
-lockPref("browser.urlbar.autocomplete.enabled", false); // [FENNEC]
-defaultPref("browser.urlbar.suggest.history", false); // [DESKTOP]
-defaultPref("browser.urlbar.suggest.bookmark", false); // [DESKTOP]
-defaultPref("browser.urlbar.suggest.openpage", false); // [DESKTOP]
-defaultPref("browser.urlbar.suggest.topsites", false); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable browsing and download history
-// lockPref("places.history.enabled", false); // [DESKTOP]
+// DON'T BOTHER
+// >>>>>>>>>>>>>>>>>>>>>
//
-// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
-// Section : Security
-// >>>>>>>>>>>>>>>>>>>>
-// Pref : Blocking GD Parking Scam Site
-defaultPref("network.dns.localDomains", "");
+// Disable APIs
+defaultPref("geo.enabled", false);
+// lockPref("full-screen-api.enabled", false);
+defaultPref("browser.cache.offline.enable", false);
+defaultPref("dom.vr.enabled", false); // [DEFAULT: false FF97+]
// -------------------------------------
-// Pref : Enable HSTS preload list (pre-set HSTS sites list provided by Mozilla)
-// https://blog.mozilla.org/security/2012/11/01/preloading-hsts/
-// https://wiki.mozilla.org/Privacy/Features/HSTS_Preload_List
-// https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
-lockPref("network.stricttransportsecurity.preloadlist", true);
+// Set default permissions
+// 0=always ask (default), 1=allow, 2=block
+defaultPref("permissions.default.geo", 2);
+defaultPref("permissions.default.camera", 2);
+defaultPref("permissions.default.microphone", 2);
+defaultPref("permissions.default.desktop-notification", 2);
+defaultPref("permissions.default.xr", 2); // Virtual Reality
// -------------------------------------
-// Pref : Disable insecure TLS version fallback
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1084025
-// https://github.com/pyllyukko/user.js/pull/206#issuecomment-280229645
-lockPref("security.tls.version.fallback-limit", 3);
+// Disable non-modern cipher suites
+lockPref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false);
+lockPref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false);
+lockPref("security.ssl3.ecdhe_rsa_aes_128_sha", false);
+lockPref("security.ssl3.ecdhe_rsa_aes_256_sha", false);
+lockPref("security.ssl3.rsa_aes_128_gcm_sha256", false); // no PFS
+lockPref("security.ssl3.rsa_aes_256_gcm_sha384", false); // no PFS
+lockPref("security.ssl3.rsa_aes_128_sha", false); // no PFS
+lockPref("security.ssl3.rsa_aes_256_sha", false); // no PFS
// -------------------------------------
-// Pref : Enable OCSP Must-Staple support
-// https://blog.mozilla.org/security/2015/11/23/improving-revocation-ocsp-must-staple-and-short-lived-certificates/
-// https://www.entrust.com/ocsp-must-staple/
-// https://github.com/schomery/privacy-settings/issues/40
-// [NOTE] Firefox falls back on plain OCSP when must-staple is not configured on the host certificate
-lockPref("security.ssl.enable_ocsp_must_staple", true);
+// Control TLS versions
+// lockPref("security.tls.version.min", 3); // [DEFAULT: 3]
+// lockPref("security.tls.version.max", 4);
// -------------------------------------
-// Pref : Control remote debugging
-lockPref("devtools.remote.usb.enabled", false); // [DEFAULT: false]
-lockPref("devtools.remote.wifi.enabled", false); // [DEFAULT: false]
+// Disable SSL session IDs [FF36+]
+// lockPref("security.ssl.disable_session_identifiers", true); // [HIDDEN PREF]
// -------------------------------------
-// Pref : Disable dump function
-// True if you always want dump() to work
-// On Android, you also need to do the following for the output to show up in logcat:
-// $ adb shell stop
-// $ adb shell setprop log.redirect-stdio true
-// $ adb shell start
-lockPref("browser.dom.window.dump.enabled", false); // [DEFAULT: true]
-lockPref("devtools.console.stdout.chrome", false); // [DEFAULT: true]
+// Onions
+// lockPref("dom.securecontext.allowlist_onions", true);
+// lockPref("network.http.referer.hideOnionSource", true);
// -------------------------------------
-// Pref : Disable number linkification
-lockPref("browser.ui.linkify.phone", false); // [DEFAULT: false] // [FENNEC]
+// Referers
+// lockPref("network.http.sendRefererHeader", 2);
+// lockPref("network.http.referer.trimmingPolicy", 0);
// -------------------------------------
-// Pref : Controls which bits of private data to clear.
-lockPref("privacy.item.cache", true); // [DEFAULT: true] // [FENNEC]
-lockPref("privacy.item.cookies", true); // [DEFAULT: true]
-lockPref("privacy.item.offlineApps", true); // [DEFAULT: true] // [FENNEC]
-lockPref("privacy.item.history", true); // [DEFAULT: true] // [FENNEC]
-lockPref("privacy.item.searchHistory", true); // [DEFAULT: true] // [FENNEC]
-lockPref("privacy.item.formdata", true); // [DEFAULT: true] // [FENNEC]
-lockPref("privacy.item.downloads", true); // [DEFAULT: true] // [FENNEC]
-lockPref("privacy.item.passwords", true); // [DEFAULT: true] // [FENNEC]
-lockPref("privacy.item.sessions", true); // [DEFAULT: true] // [FENNEC]
-lockPref("privacy.item.geolocation", true); // [DEFAULT: true] // [FENNEC]
-lockPref("privacy.item.siteSettings", true); // [DEFAULT: true] // [FENNEC]
-lockPref("privacy.item.syncAccount", true); // [DEFAULT: true] // [FENNEC]
+// Set the default Referrer Policy [FF59+]
+// 0=no-referer, 1=same-origin, 2=strict-origin-when-cross-origin, 3=no-referrer-when-downgrade
+// lockPref("network.http.referer.defaultPolicy", 2); // [DEFAULT: 2]
+// lockPref("network.http.referer.defaultPolicy.pbmode", 2); // [DEFAULT: 2]
// -------------------------------------
-// Pref : Disable tab hiding API by default
-defaultPref("extensions.webextensions.tabhide.enabled", false); // [DEFAULT: true] // [DESKTOP]
-// -------------------------------------
-// Pref : WebSockets is a technology that makes it possible to open an interactive communication session between the user's browser and a server. (May leak IP when using proxy/VPN)
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1091016
-lockPref("network.websocket.enabled", false); // [HIDDEN PREF] // [DEPRECATED] // [DESKTOP]
-// -------------------------------------
-// Pref : Block new requests asking to access your hardware components
-// This will prevent any websites not listed in a specific list from requesting permission to access your components
-lockPref("permissions.default.geo", 2); // [DESKTOP]
-lockPref("permissions.default.camera", 2); // [DESKTOP]
-lockPref("permissions.default.microphone", 2); // [DESKTOP]
-lockPref("permissions.default.desktop-notification", 2); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable the Enterprise Roots preference
-// https://support.mozilla.org/en-US/kb/how-disable-enterprise-roots-preference
-lockPref("security.enterprise_roots.enabled", false);
-lockPref("security.certerrors.mitm.auto_enable_enterprise_roots", false); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable access to navigator.mediaDevices features on HTTP web pages
-// https://developer.mozilla.org/en-US/docs/Web/API/Navigator/mediaDevices
-lockPref("media.devices.insecure.enabled", false);
-// -------------------------------------
-// Pref : Disable verbosity of the internal logger
-lockPref("remote.log.level", ""); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable security bypass buttons
-// Prevent the user from bypassing security in certain cases.
-// "security.certerror.hideAddException" prevents adding an exception when an invalid certificate is shown.
-// "browser.safebrowsing.allowOverride" prevents selecting "ignore the risk" and visiting a harmful site anyway.
-lockPref("browser.safebrowsing.allowOverride", false); // [DESKTOP]
-lockPref("security.certerror.hideAddException", true); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable safe mode
-// In case of a crash, we don't want to prompt for a safe-mode browser that has extensions disabled.
-// https://support.mozilla.org/en-US/questions/951221#answer-410562
-lockPref("toolkit.startup.max_resumed_crashes", -1); // [DESKTOP]
-// -------------------------------------
-// Pref : Force Encrypted Server Name Indication (eSNI) for TLS 1.3 if TRR/DoH is enabled
-// [NOTE] I don't encourage DoH (but it is a useful and valid mechanism for those who need it)
-// https://wiki.mozilla.org/Trusted_Recursive_Resolver#ESNI
-// https://en.wikipedia.org/wiki/Server_Name_Indication#Security_implications_(ESNI)
-lockPref("network.security.esni.enabled", true);
-// -------------------------------------
-// Pref : Disable ping to Mozilla for Man-in-the-Middle detection
-// https://blog.torproject.org/new-release-tor-browser-901
-lockPref("security.certerrors.mitm.priming.enabled", false); // [DESKTOP]
-lockPref("security.certerrors.mitm.priming.endpoint", ""); // [DESKTOP]
-lockPref("security.pki.mitm_canary_issuer", "");
-lockPref("security.pki.mitm_canary_issuer.enabled", false);
-lockPref("security.pki.mitm_detected", false);
-//
-// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
-// Section : Block Implicit Outbound
-// >>>>>>>>>>>>>>>>>>>>
-// Pref : Disable prefetching of URLs
-// Link prefetching is when a webpage hints to the browser that certain pages are likely to be visited, so the browser downloads them immediately so they can be displayed immediately when the user requests it.
-// https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ#Is_there_a_preference_to_disable_link_prefetching.3F
-lockPref("network.prefetch-next", false);
-// -------------------------------------
-// Pref : Disable DNS prefetching
-// https://developer.mozilla.org/en-US/docs/Web/HTTP/Controlling_DNS_prefetching
-lockPref("network.dns.disablePrefetch", true);
-lockPref("network.dns.disablePrefetchFromHTTPS", true); // [HIDDEN PREF ESR] [DEFAULT: true]
-// -------------------------------------
-// Pref : Disable pinging URIs specified in HTML ping= attributes
-lockPref("browser.send_pings", false);
-// -------------------------------------
-// Pref : When browser pings are enabled, only allow pinging the same host as the origin page
-lockPref("browser.send_pings.require_same_host", true);
-// -------------------------------------
-// Pref : Disable speculative pre-connections
-// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_speculative-pre-connections
-// https://bugzilla.mozilla.org/show_bug.cgi?id=814169
-lockPref("network.http.speculative-parallel-limit", 0);
-// -------------------------------------
-// Pref : Disable predictor / prefetching
-// Network predicator load pages before they are opened with mose hover for example
-lockPref("network.predictor.enabled", false);
-lockPref("network.predictor.enable-prefetch", false);
-lockPref("network.predictor.enable-hover-on-ssl", false);
-//
-// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
-// Section : HTTP* / TCP/IP / DNS / PROXY / SOCKS etc.
-// >>>>>>>>>>>>>>>>>>>>
-// Pref : Disable IPv6
-// IPv6 can be abused, especially regarding MAC addresses. They also do not play nice with VPNs. That's even assuming your ISP and/or router and/or website can handle it.
-// [STATS] Firefox telemetry (June 2020) shows only 5% of all connections are IPv6
-// [NOTE] This is just an application level fallback. Disabling IPv6 is best done at an OS/network level, and/or configured properly in VPN setups. If you are not masking your IP, then this won't make much difference. If you are masking your IP, then it can only help.
-// [TEST] https://ipleak.org/
-lockPref("network.dns.disableIPv6", true);
-// -------------------------------------
-// Pref : Disable HTTP2 (which was based on SPDY which is now deprecated)
-// HTTP2 raises concerns with "multiplexing" and "server push", does nothing to enhance privacy, and in fact opens up a number of server-side fingerprinting opportunities.
-// [SETUP-PERF] Relax this if you have FPI enabled and you understand the consequences. FPI isolates these, but it was designed with the Tor protocol in mind, and the Tor Browser has extra protection, including enhanced sanitizing per Identity.
-// https://http2.github.io/faq/
-// https://blog.scottlogic.com/2014/11/07/http-2-a-quick-look.html
-// https://queue.acm.org/detail.cfm?id=2716278
-// https://github.com/ghacksuserjs/ghacks-user.js/issues/107
+// Disable HTTP2
// lockPref("network.http.spdy.enabled", false);
// lockPref("network.http.spdy.enabled.deps", false);
// lockPref("network.http.spdy.enabled.http2", false);
-// lockPref("network.http.spdy.websockets", false);
+// lockPref("network.http.spdy.websockets", false); // [FF65+]
// -------------------------------------
-// Pref : Enforce the proxy server to do any DNS lookups when using SOCKS
-// e.g. in Tor, this stops your local DNS server from knowing your Tor destination as a remote Tor node will handle the DNS request
-// https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/WebBrowsers
-defaultPref("network.proxy.socks_remote_dns", true);
+// Disable HTTP Alternative Services [FF37+]
+// lockPref("network.http.altsvc.enabled", false);
+// lockPref("network.http.altsvc.oe", false); // [DEFAULT: false FF94+]
// -------------------------------------
-// Pref : Remove paths when sending URLs to PAC scripts
-// https://bugzilla.mozilla.org/1255474
-defaultPref("network.proxy.autoconfig_url.include_path", false); // [DEFAULT: false]
+// Disable website control over browser right-click context menu
+// lockPref("dom.event.contextmenu.enabled", false);
// -------------------------------------
-// Pref : Disable (or setup) DNS-over-HTTPS (DoH)
-// TRR = Trusted Recursive Resolver
-// 0=off by default, 1=race, 2=TRR first, 3=TRR only, 4=race for stats, but always use native result, 5=explicitly off
-// [WARNING] DoH bypasses hosts and gives info to yet another party (e.g. Cloudflare)
-// [BUG] This seem to disable socks_remote_dns ?! need to check with wireshark
-// If true, just settings urls to null should be enough to disable without impacting socks_remote_dns.
-// https://www.ghacks.net/2018/04/02/configure-dns-over-https-in-firefox/
-// https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/
-defaultPref("network.trr.mode", 0);
-defaultPref("network.trr.bootstrapAddress", "");
-defaultPref("network.trr.uri", "");
-defaultPref("network.trr.resolvers", "[]");
+// Disable icon fonts (glyphs) and local fallback rendering
+// lockPref("gfx.downloadable_fonts.enabled", false); // [FF41+]
+// lockPref("gfx.downloadable_fonts.fallback_delay", -1);
// -------------------------------------
-// Pref : Enable Subresource Integrity
-// https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity
-// https://wiki.mozilla.org/Security/Subresource_Integrity
-lockPref("security.sri.enable", true); // [DEFAULT: true]
+// Disable Clipboard API
+// lockPref("dom.event.clipboardevents.enabled", false);
// -------------------------------------
-// Pref : Disable using UNC (Uniform Naming Convention) paths
-// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/26424
-lockPref("network.file.disable_unc_paths", true); // [HIDDEN PREF] // [DESKTOP]
+// Disable System Add-on updates
+lockPref("extensions.systemAddon.update.enabled", false); // [FF62+]
+lockPref("extensions.systemAddon.update.url", ""); // [FF44+]
// -------------------------------------
-// Pref : Disable HTTP Alternative Services
-// https://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/#comment-3970881
-// https://www.mnot.net/blog/2016/03/09/alt-svc
-lockPref("network.http.altsvc.enabled", false); // [DESKTOP]
-lockPref("network.http.altsvc.oe", false); // [DESKTOP]
+// Enable the DNT (Do Not Track) HTTP header
+// lockPref("privacy.donottrackheader.enabled", true);
// -------------------------------------
-// Pref : Disallow NTLMv1
-// https://bugzilla.mozilla.org/show_bug.cgi?id=828183
-lockPref("network.negotiate-auth.allow-insecure-ntlm-v1", false); // [DESKTOP]
-// It is still allowed through HTTPS. uncomment the following to disable it completely.
-// lockPref("network.negotiate-auth.allow-insecure-ntlm-v1-https", false); // [DESKTOP]
+// Customize ETP settings
+lockPref("network.cookie.cookieBehavior", 5);
+lockPref("privacy.partition.network_state.ocsp_cache", true);
+lockPref("network.http.referer.disallowCrossSiteRelaxingDefault", true);
+lockPref("privacy.trackingprotection.enabled", true);
+lockPref("privacy.trackingprotection.socialtracking.enabled", true);
+lockPref("privacy.trackingprotection.cryptomining.enabled", true); // [DEFAULT: true]
+lockPref("privacy.trackingprotection.fingerprinting.enabled", true); // [DEFAULT: true]
+// -------------------------------------
+// Allow embedded tweets and Reddit posts. Don't do it!
+// lockPref("urlclassifier.trackingSkipURLs", "*.reddit.com, *.twitter.com, *.twimg.com"); // [HIDDEN PREF]
+// lockPref("urlclassifier.features.socialtracking.skipURLs", "*.instagram.com, *.twitter.com, *.twimg.com"); // [HIDDEN PREF]
+// -------------------------------------
+// Disable service workers
+// lockPref("dom.serviceWorkers.enabled", false);
+// -------------------------------------
+// Disable Web Notifications
+// lockPref("dom.webnotifications.enabled", false); // [FF22+]
+// lockPref("dom.webnotifications.serviceworker.enabled", false); // [FF44+]
+// -------------------------------------
+// Disable Push Notifications [FF44+]
+lockPref("dom.push.enabled", false);
+lockPref("dom.push.connection.enabled", false);
+lockPref("dom.push.serverURL", "");
+lockPref("dom.push.userAgentID", "");
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
-// Section : HTTPS (SSL/TLS / OCSP / Certs / HPKP / Ciphers)
-// >>>>>>>>>>>>>>>>>>>>
-// Pref : Enable HTTPS-only-mode
-// [NOTE] This is experimental
-// https://www.ghacks.net/2020/03/24/firefox-76-gets-optional-https-only-mode/
-// https://bugzilla.mozilla.org/1613063
-// defaultPref("dom.security.https_only_mode", true);
-// defaultPref("dom.security.https_only_mode.upgrade_local", true);
-// -------------------------------------
-// Pref : Require safe negotiation
-// Blocks connections to servers that don't support RFC 5746 as they're potentially vulnerable to a MiTM attack. A server *without* RFC 5746 can be safe from the attack if it disables renegotiations but the problem is that the browser can't know that.
-// Setting this pref to true is the only way for the browser to ensure there will be no unsafe renegotiations on the channel between the browser and the server.
-// https://wiki.mozilla.org/Security:Renegotiation
-// https://tools.ietf.org/html/rfc5746
-// https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
-lockPref("security.ssl.require_safe_negotiation", true);
-// -------------------------------------
-// Pref : Enforce TLS 1.0 and 1.1 downgrades as session only
-lockPref("security.tls.version.enable-deprecated", false);
-// -------------------------------------
-// Pref : Disable SSL Error Reporting
-// https://firefox-source-docs.mozilla.org/browser/base/sslerrorreport/preferences.html
-lockPref("security.ssl.errorReporting.enabled", false);
-lockPref("security.ssl.errorReporting.automatic", false);
-lockPref("security.ssl.errorReporting.url", "");
-// -------------------------------------
-// Pref : Disable SSL session tracking
-// SSL Session IDs are unique, last up to 24hrs in Firefox, and can be used for tracking
-// https://tools.ietf.org/html/rfc5077
-// https://bugzilla.mozilla.org/967977
-// https://arxiv.org/abs/1810.07304
-lockPref("security.ssl.disable_session_identifiers", true); // [DEFAULT: true] // [HIDDEN PREF]
-// -------------------------------------
-// Pref : Disable TLS1.3 0-RTT (round-trip time)
-// https://github.com/tlswg/tls13-spec/issues/1001
-// https://blog.cloudflare.com/tls-1-3-overview-and-q-and-a/
-lockPref("security.tls.enable_0rtt_data", false);
-// -------------------------------------
-// Pref : Require a valid OCSP response for OCSP enabled certificates
-// https://groups.google.com/forum/#!topic/mozilla.dev.security/n1G-N2-HTVA
-// Disabling this will make OCSP bypassable by MitM attacks suppressing OCSP responses
-// [NOTE] `security.OCSP.require` will make the connection fail when the OCSP responder is unavailable
-// [NOTE] `security.OCSP.require` is known to break browsing on some [captive portals](https://en.wikipedia.org/wiki/Captive_portal)
-lockPref("security.OCSP.require", true);
-// -------------------------------------
-// Pref : Enable OSCP (Online Certificate Status Protocol)
-// https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol
-// https://www.imperialviolet.org/2014/04/19/revchecking.html
-// https://www.maikel.pro/blog/current-state-certificate-revocation-crls-ocsp/
-// https://wiki.mozilla.org/CA:RevocationPlan
-// https://wiki.mozilla.org/CA:ImprovingRevocation
-// https://wiki.mozilla.org/CA:OCSP-HardFail
-// https://news.netcraft.com/archives/2014/04/24/certificate-revocation-why-browsers-remain-affected-by-heartbleed.html
-// https://news.netcraft.com/archives/2013/04/16/certificate-revocation-and-the-performance-of-ocsp.html
-// [NOTE] OCSP leaks your IP and domains you visit to the CA when OCSP Stapling is not available on visited host
-// [NOTE] OCSP is vulnerable to replay attacks when nonce is not configured on the OCSP responder
-// [NOTE] OCSP adds latency (performance)
-// [NOTE] Short-lived certificates are not checked for revocation (security.pki.cert_short_lifetime_in_days, default:10)
-lockPref("security.OCSP.enabled", 0);
-// -------------------------------------
-// Pref : Enable OCSP Stapling support
-// Stapling have the site itself proof that his certificate is good through the CA so apparently nothing is leaked in this case.
-// https://en.wikipedia.org/wiki/OCSP_stapling
-// https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/
-lockPref("security.ssl.enable_ocsp_stapling", true);
-// -------------------------------------
-// Pref : Disallow SHA-1
-// 0=all SHA1 certs are allowed
-// 1=all SHA1 certs are blocked
-// 2=deprecated option that now maps to 1
-// 3=only allowed for locally-added roots (e.g. anti-virus)
-// 4=only allowed for locally-added roots or for certs in 2015 and earlier
-// https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1302140
-// https://shattered.io/
-lockPref("security.pki.sha1_enforcement_level", 1);
-// -------------------------------------
-// Pref : Disable Windows 8.1's Microsoft Family Safety cert
-// 0=disable detecting Family Safety mode and importing the root
-// 1=only attempt to detect Family Safety mode (don't import the root)
-// 2=detect Family Safety mode and import the root
-// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21686
-lockPref("security.family_safety.mode", 0);
-// -------------------------------------
-// Pref : Enfore Public Key Pinning
-// https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning
-// https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning
-// 2= strict (pinning is always enforced)
-lockPref("security.cert_pinning.enforcement_level", 2);
-// -------------------------------------
-// Pref : Disable insecure active content on https pages
-// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16206
-lockPref("security.mixed_content.block_active_content", true); // [DEFAULT: true]
-// -------------------------------------
-// Pref : Disable insecure passive content (such as images) on https pages
-lockPref("security.mixed_content.upgrade_display_content", true);
-lockPref("security.mixed_content.block_display_content", true);
-// -------------------------------------
-// Pref : Block unencrypted requests from Flash on encrypted pages to mitigate MitM attacks
-// https://bugzilla.mozilla.org/1190623
-lockPref("security.mixed_content.block_object_subrequest", true);
-// -------------------------------------
-// Pref : Disable 3DES (effective key size < 128)
-// https://en.wikipedia.org/wiki/3des#Security
-// https://en.wikipedia.org/wiki/Meet-in-the-middle_attack
-// https://www-archive.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html
-lockPref("security.ssl3.rsa_des_ede3_sha", false);
-lockPref("security.ssl3.dhe_dss_des_ede3_sha", false); // [DESKTOP]
-lockPref("security.ssl3.dhe_rsa_des_ede3_sha", false); // [DESKTOP]
-lockPref("security.ssl3.ecdh_ecdsa_des_ede3_sha", false); // [DESKTOP]
-lockPref("security.ssl3.ecdh_rsa_des_ede3_sha", false); // [DESKTOP]
-lockPref("security.ssl3.ecdhe_ecdsa_des_ede3_sha", false); // [DESKTOP]
-lockPref("security.ssl3.ecdhe_rsa_des_ede3_sha", false); // [DESKTOP]
-lockPref("security.ssl3.rsa_fips_des_ede3_sha", false); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable 40/56/128-bit ciphers
-lockPref("security.ssl3.rsa_rc4_40_md5", false); // 40-bit // [DESKTOP]
-lockPref("security.ssl3.rsa_rc2_40_md5", false); // 40-bit // [DESKTOP]
-lockPref("security.ssl3.rsa_1024_rc4_56_sha", false); // 56-bit // [DESKTOP]
-lockPref("security.ssl3.rsa_camellia_128_sha", false); // 128-bit // [DESKTOP]
-lockPref("security.ssl3.ecdhe_rsa_aes_128_sha", false); // 128-bit
-lockPref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); // 128-bit
-lockPref("security.ssl3.ecdh_rsa_aes_128_sha", false); // 128-bit // [DESKTOP]
-lockPref("security.ssl3.ecdh_ecdsa_aes_128_sha", false); // 128-bit // [DESKTOP]
-lockPref("security.ssl3.dhe_rsa_camellia_128_sha", false); // 128-bit // [DESKTOP]
-lockPref("security.ssl3.dhe_rsa_aes_128_sha", false); // 128-bit // [DESKTOP]
-// -------------------------------------
-// Pref : Disable 256 bits ciphers without PFS
-lockPref("security.ssl3.rsa_camellia_256_sha", false); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable SEED cipher
-// https://en.wikipedia.org/wiki/SEED
-lockPref("security.ssl3.rsa_seed_sha", false); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable null ciphers
-lockPref("security.ssl3.rsa_null_sha", false); // [DESKTOP]
-lockPref("security.ssl3.rsa_null_md5", false); // [DESKTOP]
-lockPref("security.ssl3.ecdhe_rsa_null_sha", false); // [DESKTOP]
-lockPref("security.ssl3.ecdhe_ecdsa_null_sha", false); // [DESKTOP]
-lockPref("security.ssl3.ecdh_rsa_null_sha", false); // [DESKTOP]
-lockPref("security.ssl3.ecdh_ecdsa_null_sha", false); // [DESKTOP]
-// -------------------------------------
-// Pref : Enable GCM ciphers (TLS 1.2 only)
-// https://en.wikipedia.org/wiki/Galois/Counter_Mode
-lockPref("security.ssl3.ecdhe_rsa_aes_128_gcm_sha256", true); // [DEFAULT: true]
-lockPref("security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256", true); // [DEFAULT: true]
-// -------------------------------------
-// Pref : Enable ChaCha20 and Poly1305
-// https://www.mozilla.org/en-US/firefox/47.0/releasenotes/
-// https://tools.ietf.org/html/rfc7905
-// https://bugzilla.mozilla.org/show_bug.cgi?id=917571
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1247860
-// https://cr.yp.to/chacha.html
-lockPref("security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256", true);
-lockPref("security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256", true);
-// -------------------------------------
-// Pref : Ciphers with CBC & SHA-1 (disabled)
-lockPref("security.ssl3.ecdhe_rsa_aes_256_sha", false); // [DEFAULT: true]
-lockPref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false); // [DEFAULT: true]
-lockPref("security.ssl3.rsa_aes_128_sha", false); // [DEFAULT: true]
-lockPref("security.ssl3.rsa_aes_256_sha", false); // [DEFAULT: true]
-// -------------------------------------
-// Pref : Disable ciphers with DSA (max 1024 bits)
-lockPref("security.ssl3.dhe_dss_aes_128_sha", false); // [DESKTOP]
-lockPref("security.ssl3.dhe_dss_aes_256_sha", false); // [DESKTOP]
-lockPref("security.ssl3.dhe_dss_camellia_128_sha", false); // [DESKTOP]
-lockPref("security.ssl3.dhe_dss_camellia_256_sha", false); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable ciphers susceptible to the logjam attack
-// https://weakdh.org/
-lockPref("security.ssl3.dhe_rsa_camellia_256_sha", false); // [DESKTOP]
-lockPref("security.ssl3.dhe_rsa_aes_256_sha", false); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable ciphers with ECDH (non-ephemeral)
-lockPref("security.ssl3.ecdh_rsa_aes_256_sha", false); // [DESKTOP]
-lockPref("security.ssl3.ecdh_ecdsa_aes_256_sha", false); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable RC4
-// https://developer.mozilla.org/en-US/Firefox/Releases/38#Security
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1138882
-// https://rc4.io/
-// https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2566
-lockPref("security.ssl3.ecdh_ecdsa_rc4_128_sha", false); // [DESKTOP]
-lockPref("security.ssl3.ecdh_rsa_rc4_128_sha", false); // [DESKTOP]
-lockPref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false); // [DESKTOP]
-lockPref("security.ssl3.ecdhe_rsa_rc4_128_sha", false); // [DESKTOP]
-lockPref("security.ssl3.rsa_rc4_128_md5", false); // [DESKTOP]
-lockPref("security.ssl3.rsa_rc4_128_sha", false); // [DESKTOP]
-// -------------------------------------
-// Pref : Display warning on the padlock for "broken security"
-// [BUG] Warning padlock not indicated for subresources on a secure page!
-// [STATS] SSL Labs (June 2020) reports 98.8% of sites have secure renegotiation
-// https://wiki.mozilla.org/Security:Renegotiation
-// https://bugzilla.mozilla.org/1353705
-// https://www.ssllabs.com/ssl-pulse/
-lockPref("security.ssl.treat_unsafe_negotiation_as_broken", true);
-// -------------------------------------
-// Pref : Control "Add Security Exception" dialog on SSL warnings
-// 0=do neither 1=pre-populate url 2=pre-populate url + pre-fetch cert (default)
-// https://github.com/pyllyukko/user.js/issues/210
-lockPref("browser.ssl_override_behavior", 1);
-// -------------------------------------
-// Pref : Display advanced information on Insecure Connection warning pages (only works when it's possible to add an exception), i.e. it doesn't work for HSTS discrepancies
-// https://subdomain.preloaded-hsts.badssl.com/
-// [TEST] https://expired.badssl.com/
-lockPref("browser.xul.error_pages.expert_bad_cert", true);
-// -------------------------------------
-// Pref : Disable GIO as a potential proxy bypass vector
-// Gvfs/GIO has a set of supported protocols like obex, network, archive, computer, dav, cdda, gphoto2, trash, etc. By default only smb and sftp protocols are accepted so far.
-// https://bugzilla.mozilla.org/1433507
-// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/26424
-// https://en.wikipedia.org/wiki/GVfs
-// https://en.wikipedia.org/wiki/GIO_(software)
-lockPref("network.gio.supported-protocols", ""); // [HIDDEN PREF]
+// DON'T BOTHER: FINGERPRINTING
+// >>>>>>>>>>>>>>>>>>>>>
//
-// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
-// Section : User Settings
-// >>>>>>>>>>>>>>>>>>>>
-// Pref : Set behaviour on "+ Tab" button to display container menu on left click
-// [NOTE] The menu is always shown on long press and right click each new tab
-// defaultPref("privacy.userContext.newTabContainerOnLeftClick.enabled", true); // [DESKTOP]
+// Disable APIs
+lockPref("device.sensors.enabled", false);
+// lockPref("dom.enable_performance", false);
+// lockPref("dom.enable_resource_timing", false);
+lockPref("dom.gamepad.enabled", false);
+lockPref("dom.netinfo.enabled", false); // [DEFAULT: false NON-ANDROID: false ANDROID FF99+]
+lockPref("dom.webaudio.enabled", false);
+lockPref("dom.vibrator.enabled", false);
// -------------------------------------
-// Pref : Enable Container Tabs setting in preferences
-// https://bugzilla.mozilla.org/1279029
-defaultPref("privacy.userContext.ui.enabled", true); // [DESKTOP]
-// -------------------------------------
-// Pref : Enable Container Tabs
-defaultPref("privacy.userContext.enabled", true); // [DESKTOP]
-// -------------------------------------
-// Pref : Enable a private container for thumbnail loads
-defaultPref("privacy.usercontext.about_newtab_segregation.enabled", true); // [DESKTOP]
-//
-// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
-// Section : Passwords
-// >>>>>>>>>>>>>>>>>>>>
-// Pref : Disable about:logins (Firefox Lockwise)
-// https://lockwise.firefox.com/
-// https://support.mozilla.org/en-US/kb/firefox-lockwise-managing-account-data
-lockPref("signon.management.page.breach-alerts.enabled", false); // [DESKTOP]
-lockPref("signon.management.page.breachAlertUrl", ""); // [DESKTOP]
-lockPref("signon.management.page.hideMobileFooter", true); // [DESKTOP]
-lockPref("signon.management.page.mobileAndroidURL", ""); // [DESKTOP]
-lockPref("signon.management.page.mobileAppleURL", ""); // [DESKTOP]
-lockPref("signon.management.page.showPasswordSyncNotification", false); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable autofilling saved passwords on HTTP pages and show warning
-// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1217152,1319119
-lockPref("signon.autofillForms.http", false);
-lockPref("security.insecure_field_warning.contextual.enabled", true);
-// -------------------------------------
-// Pref : Disable password manager
-// [NOTE] This does not clear any passwords already saved
-lockPref("signon.rememberSignons", false);
-lockPref("signon.rememberSignons.visibilityToggle", false);
-lockPref("signon.schemeUpgrades", false);
-lockPref("signon.showAutoCompleteFooter", false);
-lockPref("signon.autologin.proxy", false);
-lockPref("signon.privateBrowsingCapture.enabled", false);
-lockPref("signon.debug", false);
-// -------------------------------------
-// Pref : Disable Firefox import password from signons.sqlite file
-// https://support.mozilla.org/en-US/questions/1020818
-lockPref("signon.importedFromSqlite", false);
-lockPref("signon.recipes.path", "");
-// -------------------------------------
-// Pref : Set how often Firefox should ask for the master password
-// 0=the first time (default), 1=every time it's needed, 2=every n minutes
-lockPref("security.ask_for_password", 2);
-// -------------------------------------
-// Pref : Set how often in minutes Firefox should ask for the master password
-lockPref("security.password_lifetime", 1); // [DEFAULT: 30]
-// -------------------------------------
-// Pref : Disable auto-filling username & password form fields
-// Can leak in cross-site forms and be spoofed
-// NOTE] Username & password is still available when you enter the field
-lockPref("signon.autofillForms", false);
-lockPref("signon.autofillForms.autocompleteOff", true);
-lockPref("signon.showAutoCompleteOrigins", false);
-// -------------------------------------
-// Pref : Disable websites autocomplete
-// Don't let sites dictate use of saved logins and passwords.
-lockPref("signon.storeWhenAutocompleteOff", false);
-// -------------------------------------
-// Pref : Disable formless login capture
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1166947
-lockPref("signon.formlessCapture.enabled", false);
-// -------------------------------------
-// Pref : Limit (or disable) HTTP authentication credentials dialogs triggered by sub-resources
-// Hardens against potential credentials phishing
-// 0=don't allow sub-resources to open HTTP authentication credentials dialogs
-// 1=don't allow cross-origin sub-resources to open HTTP authentication credentials dialogs
-// 2=allow sub-resources to open HTTP authentication credentials dialogs (default)
-// https://www.fxsitecompat.com/en-CA/docs/2015/http-auth-dialog-can-no-longer-be-triggered-by-cross-origin-resources/
-lockPref("network.auth.subresource-http-auth-allow", 1);
-// -------------------------------------
-// Pref : Prevent cross-origin images from triggering an HTTP-Authentication prompt
-// https://bugzilla.mozilla.org/1357835
-lockPref("network.auth.subresource-img-cross-origin-http-auth-allow", false); // [DEPRECATED] // [DESKTOP]
-// -------------------------------------
-// Pref : Disable Firefox built-in password generator
-// https://wiki.mozilla.org/Toolkit:Password_Manager/Password_Generation
-// [NOTE] Best still create passwords with random characters and numbers in sequence by yourself
-defaultPref("signon.generation.available", false);
-defaultPref("signon.generation.enabled", false);
-//
-// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
-// Section : Window Meddling & Leaks / Popups
-// >>>>>>>>>>>>>>>>>>>>
-// Pref : Prevent websites from disabling new window features
-lockPref("dom.disable_window_open_feature.close", true); // [DEFAULT: false]
-lockPref("dom.disable_window_open_feature.location", true); // [DEFAULT: false]
-lockPref("dom.disable_window_open_feature.menubar", true); // [DEFAULT: false]
-lockPref("dom.disable_window_open_feature.minimizable", true); // [DEFAULT: false]
-lockPref("dom.disable_window_open_feature.personalbar", true); // [DEFAULT: false]
-lockPref("dom.disable_window_open_feature.resizable", true); // [DEFAULT: true]
-lockPref("dom.disable_window_open_feature.status", true); // [DEFAULT: true]
-lockPref("dom.disable_window_open_feature.titlebar", true); // [DEFAULT: false]
-lockPref("dom.disable_window_open_feature.toolbar", true); // [DEFAULT: false]
-// -------------------------------------
-// Pref : Prevent scripts from moving and resizing open windows
-lockPref("dom.disable_window_move_resize", true); // [DEFAULT: true]
-// -------------------------------------
-// Pref : Open links targeting new windows in a new tab instead
-// This stops malicious window sizes and some screen resolution leaks.
-// You can still right-click a link and open in a new window.
-// [TEST] https://people.torproject.org/~gk/misc/entire_desktop.html
-// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/9881
-defaultPref("browser.link.open_newwindow", 3); // [DEFAULT: 3]
-defaultPref("browser.link.open_newwindow.restriction", 0); // [DEFAULT: 0]
-// -------------------------------------
-// Pref : Disable Fullscreen API (requires user interaction) to prevent screen-resolution leaks
-// [NOTE] You can still manually toggle the browser's fullscreen state, but this pref will disable embedded video fullscreen controls, e.g. youtube
-// [TEST] https://ghacksuserjs.github.io/TorZillaPrint/TorZillaPrint.html#screen
-// lockPref("full-screen-api.enabled", false);
-// -------------------------------------
-// Pref : Block popup windows
-defaultPref("dom.disable_open_during_load", true); // [DEFAULT: true]
-lockPref("privacy.popups.showBrowserMessage", true); // [DEFAULT: true]
-// -------------------------------------
-// Pref : Set max popups from a single non-click event
-// [NOTE] Non-click events should never spawn a popup?
-lockPref("dom.popup_maximum", 0); // [DEFAULT: 20]
-// -------------------------------------
-// Pref : Limit events that can cause a popup
-lockPref("dom.popup_allowed_events", "click dblclick"); // [DEFAULT: "change click dblclick auxclick mouseup pointerup notificationclick reset submit touchend"]
-//
-// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
-// Section : Cache / Session (Re)Store / Favicons
-// >>>>>>>>>>>>>>>>>>>>
-// [INTRO] ETAG and other cache tracking/fingerprinting techniques can be averted by disabling *BOTH* disk and memory cache. ETAGs can also be neutralized by modifying response headers. Another solution is to use a hardened configuration with Temporary Containers. Alternatively, you can *LIMIT* exposure by clearing cache on close. Or on a regular basis manually or with an extension.
-// https://en.wikipedia.org/wiki/HTTP_ETag#Tracking_using_ETags
-// https://robertheaton.com/2014/01/20/cookieless-user-tracking-for-douchebags/
-// https://www.grepular.com/Preventing_Web_Tracking_via_the_Browser_Cache
-// https://github.com/ghacksuserjs/ghacks-user.js/wiki/4.2.4-Header-Editor
-// https://medium.com/@stoically/enhance-your-privacy-in-firefox-with-temporary-containers-33925cd6cd21
-// -------------------------------------
-// Pref : Disable disk cache
-lockPref("browser.cache.disk.enable", false);
-lockPref("browser.cache.disk.smart_size.enabled", false);
-lockPref("browser.cache.disk.smart_size.first_run", false);
-// -------------------------------------
-// Pref : Disable memory cache
-// Capacity: -1=determine dynamically (default), 0=none, n=memory capacity in kilobytes
-// lockPref("browser.cache.memory.enable", false);
-// lockPref("browser.cache.memory.capacity", 0); // [HIDDEN PREF ESR]
-// -------------------------------------
-// Pref : Disable permissions manager from writing to disk
-// [NOTE] This means any permission changes are session only
-// https://bugzilla.mozilla.org/967812
-lockPref("permissions.memory_only", true); // [HIDDEN PREF]
-// -------------------------------------
-// Pref : Disable media cache from writing to disk in Private Browsing
-// [NOTE] MSE (Media Source Extensions) are already stored in-memory in PB
-lockPref("browser.privatebrowsing.forceMediaMemoryCache", true);
-lockPref("media.memory_cache_max_size", 16384);
-// -------------------------------------
-// Pref : Disable fastback cache
-// To improve performance when pressing back/forward Firefox stores visited pages so they don't have to be re-parsed. This is not the same as memory cache.
-// 0=none, -1=auto (that's minus 1).
-// [WARNING] Not recommended unless you know what you're doing
-// lockPref("browser.sessionhistory.max_total_viewers", 0);
-// -------------------------------------
-// Pref : Exclude "Undo Closed Tabs" in Session Restore
-lockPref("browser.sessionstore.max_tabs_undo", 0);
-// -------------------------------------
-// Pref : Disable storing extra session data
-// Extra session data contains contents of forms, scrollbar positions, cookies and POST data
-// Define on which sites to save extra session data:
-// 0=everywhere, 1=unencrypted sites, 2=nowhere
-lockPref("browser.sessionstore.privacy_level", 2);
-// -------------------------------------
-// Pref : Set the minimum interval between session save operations
-// Increasing this can help on older machines and some websites, as well as reducing writes. Default is 15000 (15 secs). Try 30000 (30 secs), 60000 (1 min) etc.
-// This can also affect entries in the "Recently Closed Tabs" feature: i.e. the longer the interval the more chance a quick tab open/close won't be captured.
-// This longer interval *may* affect history but we cannot replicate any history not recorded
-// https://bugzilla.mozilla.org/1304389
-// lockPref("browser.sessionstore.interval", 30000);
-// -------------------------------------
-// Pref : Disable favicons in web notifications
-lockPref("alerts.showFavicons", false);
-// -------------------------------------
-// Pref : Delete Search and Form History
-lockPref("browser.formfill.expire_days", 0);
-// -------------------------------------
-// Pref : Disable favicons in shortcuts
-// URL shortcuts use a cached randomly named .ico file which is stored in your profile/shortcutCache directory. The .ico remains after the shortcut is deleted.
-// false=shortcuts use a generic Firefox icon
-lockPref("browser.shell.shortcutFavicons", false); // [DESKTOP]
-// -------------------------------------
-// Pref : Display "insecure" icon and "Not Secure" text on HTTP sites
-lockPref("security.insecure_connection_icon.enabled", true); // [DESKTOP] [DEFAULT: true]
-lockPref("security.insecure_connection_text.enabled", true); // [DESKTOP]
-lockPref("security.insecure_connection_icon.pbmode.enabled", true); // [DESKTOP]
-lockPref("security.insecure_connection_text.pbmode.enabled", true); // [DESKTOP]
-// -------------------------------------
-// Pref : Enable insecure password warnings (login forms in non-HTTPS pages)
-// https://blog.mozilla.org/tanvi/2016/01/28/no-more-passwords-over-http-please/
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1319119
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1217156
-lockPref("security.insecure_password.ui.enabled", true); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable automatic Firefox start and session restore after reboot
-// https://bugzilla.mozilla.org/603903
-lockPref("toolkit.winRegisterApplicationRestart", false); // [WINDOWS] // [DESKTOP]
-// -------------------------------------
-// Pref : Disable "Restore Session", even after a crash
-lockPref("browser.sessionstore.resume_from_crash", false);
-lockPref("browser.sessionstore.resume_session_once", false); // [DESKTOP]
-//
-// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
-// Section : Geolocation / Language / Locale
-// >>>>>>>>>>>>>>>>>>>>
-// Pref : Disable geolocation
-lockPref("geo.enabled", false);
-// -------------------------------------
-// Pref : Disable geographically specific results/search engines e.g. "browser.search.*.US", i.e. ignore all of Mozilla's various search engines in multiple locales
-lockPref("browser.search.geoSpecificDefaults.url", "");
-lockPref("browser.snippets.geoUrl", "");
-// -------------------------------------
-// Pref : Set preferred language for displaying web pages
-defaultPref("intl.accept_languages", "en-US, en");
-// -------------------------------------
-// Pref : Enforce US English locale regardless of the system locale
-// [NOTE] May break some input methods e.g xim/ibus for CJK languages
-// https://bugzilla.mozilla.org/867501
-// https://bugzilla.mozilla.org/1629630
-lockPref("javascript.use_us_english_locale", true); // [HIDDEN PREF]
-// -------------------------------------
-// Pref : Disable using the OS's geolocation service
-lockPref("geo.provider.ms-windows-location", false); // [WINDOWS] // [DESKTOP]
-lockPref("geo.provider.use_corelocation", false); // [MAC] // [DESKTOP]
-lockPref("geo.provider.use_gpsd", false); // [LINUX] // [DESKTOP]
-lockPref("geo.provider.network.url", "");
-lockPref("browser.region.update.enabled", false); // [FENIX]
-lockPref("browser.region.log", false);
-lockPref("browser.region.network.scan", false);
-lockPref("browser.region.network.url", "");
-// -------------------------------------
-// Pref : Disable logging geolocation to the console
-lockPref("geo.provider.network.logging.enabled", false); // [HIDDEN PREF] // [DESKTOP]
-// -------------------------------------
-// Pref : Enforce fallback text encoding to match en-US
-// When the content or server doesn't declare a charset the browser will fallback to the "Current locale" based on your application language
-// [TEST] https://hsivonen.com/test/moz/check-charset.htm
-// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/20025
-lockPref("intl.charset.fallback.override", "windows-1252");
-//
-// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
-// Section : Fonts
-// >>>>>>>>>>>>>>>>>>>>>>
-// Pref : Disable websites choosing fonts (0=block, 1=allow)
-// This can limit most (but not all) JS font enumeration which is a high entropy fingerprinting vector.
-// [NOTE] Disabling fonts can uglify the web a fair bit.
-// https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/
+// Disable other
defaultPref("browser.display.use_document_fonts", 0);
+// lockPref("browser.zoom.siteSpecific", false);
+lockPref("dom.w3c_touch_events.enabled", 0);
+lockPref("media.navigator.enabled", false);
+// lockPref("media.ondevicechange.enabled", false);
+// lockPref("media.video_stats.enabled", false);
+lockPref("media.webspeech.synth.enabled", false);
+// lockPref("webgl.enable-debug-renderer-info", false);
// -------------------------------------
-// Pref : Set more legible default fonts
-lockPref("font.name.serif.x-unicode", "Georgia");
-lockPref("font.name.serif.x-western", "Georgia"); // [DEFAULT: Times New Roman]
-lockPref("font.name.sans-serif.x-unicode", "Arial");
-lockPref("font.name.sans-serif.x-western", "Arial"); // [DEFAULT: Arial]
-lockPref("font.name.monospace.x-unicode", "Lucida Console");
-lockPref("font.name.monospace.x-western", "Lucida Console"); // [DEFAULT: Courier New]
-// -------------------------------------
-// Pref : Disable icon fonts (glyphs) and local fallback rendering
-// [NOTE] You can do this with uBlock Origin
-// https://bugzilla.mozilla.org/789788
-// https://gitlab.torproject.org/legacy/trac/-/issues/8455
-// https://github.com/gorhill/uBlock/wiki/Per-site-switches#no-remote-fonts
-// defaultPref("gfx.downloadable_fonts.enabled", false);
-// defaultPref("gfx.downloadable_fonts.fallback_delay", -1);
-// -------------------------------------
-// Pref : Disable CSS Font Loading API
-// [NOTE] Disabling fonts can uglify the web a fair bit.
-defaultPref("layout.css.font-loading-api.enabled", false);
-// -------------------------------------
-// Pref : Disable special underline handling for a few fonts which you will probably never use
-// https://github.com/ghacksuserjs/ghacks-user.js/issues/744
-// lockPref("font.blacklist.underline_offset", "");
-// -------------------------------------
-// Pref : Disable graphite
-// [NOTE] Graphite has had many critical security issues in the past
-// https://www.mozilla.org/security/advisories/mfsa2017-15/#CVE-2017-7778
-// https://en.wikipedia.org/wiki/Graphite_(SIL)
-lockPref("gfx.font_rendering.graphite.enabled", false);
-// -------------------------------------
-// Pref : Limit system font exposure to a whitelist [RESTART]
-// If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed.
-// [WARNING] Creating your own probably highly-unique whitelist will raise your entropy. Eventually privacy.resistFingerprinting will cover this.
-// https://bugzilla.mozilla.org/1121643
-// lockPref("font.system.whitelist", "");
+// Spoof
+// lockPref("dom.maxHardwareConcurrency", 2);
+// lockPref("font.system.whitelist", ""); // [HIDDEN PREF]
+// lockPref("general.appname.override", ""); // [HIDDEN PREF]
+// lockPref("general.appversion.override", ""); // [HIDDEN PREF]
+// lockPref("general.buildID.override", "20181001000000"); // [HIDDEN PREF]
+// lockPref("general.oscpu.override", ""); // [HIDDEN PREF]
+// lockPref("general.platform.override", ""); // [HIDDEN PREF]
+// lockPref("general.useragent.override", "Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0"); // [HIDDEN PREF]
+// lockPref("ui.use_standins_for_native_colors", true);
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
-// Section : Plugins
-// >>>>>>>>>>>>>>>>>>>>
-// Pref : Disable plugins
-lockPref("plugin.disable", true); // [DEFAULT: true] // [FENNEC]
-lockPref("dom.ipc.plugins.enabled", false); // [DEFAULT: false] // [FENNEC]
-lockPref("plugins.crash.supportUrl", ""); // [DESKTOP]
-// -------------------------------------
-// Pref : Set default plugin state (i.e. new plugins on discovery) to never activate
-// 0=disabled, 1=ask to activate, 2=active - you can override individual plugins
-lockPref("plugin.default.state", 0);
-// -------------------------------------
-// Pref : Disable scanning for plugins
-lockPref("plugin.scan.plid.all", false); // [WINDOWS] // [DESKTOP]
-// -------------------------------------
-// Pref : Disable all GMP (Gecko Media Plugins)
-lockPref("media.gmp-provider.enabled", false);
-lockPref("media.gmp-manager.certs.1.issuerName", "");
-lockPref("media.gmp-manager.certs.1.commonName", "");
-lockPref("media.gmp-manager.certs.2.issuerName", "");
-lockPref("media.gmp-manager.certs.2.commonName", "");
-lockPref("media.gmp-manager.url", "");
-lockPref("media.gmp-manager.url.override", "");
-lockPref("media.gmp-manager.updateEnabled", false); // [DESKTOP]
-lockPref("media.gmp.trial-create.enabled", false); // [WINDOWS] // [DESKTOP]
-// -------------------------------------
-// Pref : Disable all DRM content (EME: Encryption Media Extension)
-// [NOTE] if you need CDM, e.g. Netflix, Amazon Prime, Hulu, whatever
-// https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next
-defaultPref("media.eme.enabled", false);
-// -------------------------------------
-// Pref : Disable the OpenH264 Video Codec by Cisco to "Never Activate".
-// This is the bundled codec used for video chat in WebRTC.
-lockPref("media.gmp-gmpopenh264.enabled", false);
-lockPref("media.gmp-gmpopenh264.autoupdate", false); // [DESKTOP]
-lockPref("media.gmp-gmpopenh264.visible", false);
-// -------------------------------------
-// Pref : Disable widevine CDM (Content Decryption Module)
-// [NOTE] if you need CDM, e.g. Netflix, Amazon Prime, Hulu, whatever
-lockPref("media.gmp-widevinecdm.enabled", false); // [DESKTOP]
-lockPref("media.gmp-widevinecdm.visible", false); // [DESKTOP]
-lockPref("media.mediadrm-widevinecdm.visible", false); // [DEFAULT: true] // [FENNEC]
-lockPref("media.gmp-widevinecdm.autoupdate", false); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable Flash plugin
-// 0=deactivated, 1=ask, 2=enabled
-// [NOTE] You can still override individual sites via site permissions
-// https://www.ghacks.net/2013/07/09/how-to-make-sure-that-a-firefox-plugin-never-activates-again/
-lockPref("plugin.state.flash", 0); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable Gnome Shell Integration NPAPI plugin
-lockPref("plugin.state.libgnome-shell-browser-plugin",0); // [DESKTOP]
-// -------------------------------------
-// Pref : Enable Auto Notification of Outdated Plugins
-// https://wiki.mozilla.org/Firefox3.6/Plugin_Update_Awareness_Security_Review
-// https://hg.mozilla.org/mozilla-central/rev/304560
-lockPref("plugins.update.notifyUser", true); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable Shumway (Mozilla Flash renderer)
-// https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Shumway
-lockPref("shumway.disabled", true); // [DESKTOP]
+// PERSONAL
+// >>>>>>>>>>>>>>>>>>>>>
//
-// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
-// Section : Blocklists / Safe Browsing / Tracking Protection
-// >>>>>>>>>>>>>>>>>>>>
-// Pref : Disable add-on and certificate blocklists (OneCRL) from Mozilla
-// https://wiki.mozilla.org/Security/Tracking_protection
-// https://wiki.mozilla.org/Services/TrackingProtection/Shavar_Server_-_Testing
-// https://wiki.mozilla.org/Security/Safe_Browsing
-// https://wiki.mozilla.org/Blocklisting
-// https://blocked.cdn.mozilla.net/
-// https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl/
-lockPref("services.blocklist.update_enabled", false); // [DESKTOP]
-lockPref("services.blocklist.plugins.signer", "");
-lockPref("services.blocklist.plugins.collection", "");
-lockPref("services.blocklist.pinning.signer", "");
-lockPref("services.blocklist.pinning.enabled", false);
-lockPref("services.blocklist.pinning.collection", "");
-lockPref("services.blocklist.pinning.bucket", ""); // [DESKTOP]
-lockPref("services.blocklist.onecrl.signer", "");
-lockPref("services.blocklist.onecrl.collection", "");
-lockPref("services.blocklist.gfx.signer", "");
-lockPref("services.blocklist.gfx.collection", "");
-lockPref("services.blocklist.bucket", "");
-lockPref("services.blocklist.addons.signer", ""); // [DESKTOP]
-lockPref("services.blocklist.addons.collection", "");
-lockPref("extensions.blocklist.lastModified", ""); // [DESKTOP]
-lockPref("extensions.blocklist.itemURL", "");
-lockPref("extensions.blocklist.enabled", false);
-lockPref("extensions.blocklist.detailsURL", "");
-lockPref("services.settings.security.onecrl.bucket", "");
-lockPref("services.settings.security.onecrl.collection", "");
-lockPref("services.settings.security.onecrl.signer", "");
-lockPref("urlclassifier.blockedTable", "");
-lockPref("urlclassifier.disallow_completions", "");
-lockPref("urlclassifier.downloadAllowTable", "");
-lockPref("urlclassifier.downloadBlockTable", "");
-lockPref("urlclassifier.flashAllowExceptTable", "");
-lockPref("urlclassifier.flashAllowTable", "");
-lockPref("urlclassifier.flashExceptTable", "");
-lockPref("urlclassifier.flashSubDocExceptTable", "");
-lockPref("urlclassifier.flashSubDocTable", "");
-lockPref("urlclassifier.flashTable", "");
-lockPref("urlclassifier.malwareTable", "");
-lockPref("urlclassifier.passwordAllowTable", "");
-lockPref("urlclassifier.phishTable", "");
-lockPref("urlclassifier.trackingAnnotationSkipURLs", ""); // [DESKTOP]
-lockPref("urlclassifier.trackingAnnotationTable", ""); // [DESKTOP]
-lockPref("urlclassifier.trackingAnnotationWhitelistTable", "");
-lockPref("urlclassifier.trackingTable", "");
-lockPref("urlclassifier.trackingWhitelistTable", "");
+// WELCOME & WHAT'S NEW NOTICES
+//
+lockPref("browser.startup.homepage_override.mstone", "ignore"); // master switch
+lockPref("startup.homepage_welcome_url", "");
+lockPref("startup.homepage_welcome_url.additional", "");
+lockPref("startup.homepage_override_url", ""); // What's New page after updates
+//
+// WARNINGS
+//
+defaultPref("browser.tabs.warnOnClose", false); // [DEFAULT false FF94+]
+defaultPref("browser.tabs.warnOnCloseOtherTabs", false);
+defaultPref("browser.tabs.warnOnOpen", false);
+defaultPref("browser.warnOnQuitShortcut", false); // [FF94+]
+lockPref("full-screen-api.warning.delay", 0);
+lockPref("full-screen-api.warning.timeout", 0);
+defaultPref("browser.warnOnQuit", false);
+//
+// UPDATES
+//
+// Disable auto-INSTALLING Firefox updates [NON-WINDOWS]
+lockPref("app.update.auto", false);
// -------------------------------------
-// Pref : Opt-out of add-on metadata updates
-// https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/
+// Disable auto-CHECKING for extension and theme updates
+lockPref("extensions.update.enabled", false);
+// -------------------------------------
+// Disable auto-INSTALLING extension and theme updates
+lockPref("extensions.update.autoUpdateDefault", false);
+// -------------------------------------
+// Disable extension metadata
lockPref("extensions.getAddons.cache.enabled", false);
// -------------------------------------
-// Pref : Disable Google Safe Browsing (Block dangerous and deceptive contents)
-lockPref("browser.safebrowsing.enabled", false); // [DESKTOP]
-lockPref("browser.safebrowsing.blockedURIs.enabled", false);
-lockPref("browser.safebrowsing.debug", false);
-lockPref("browser.safebrowsing.downloads.enabled", false); // [DEFAULT: false]
-lockPref("browser.safebrowsing.downloads.remote.block_dangerous", false);
-lockPref("browser.safebrowsing.downloads.remote.block_dangerous_host", false);
-lockPref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false);
-lockPref("browser.safebrowsing.downloads.remote.block_uncommon", false);
-lockPref("browser.safebrowsing.downloads.remote.enabled", false);
-lockPref("browser.safebrowsing.downloads.remote.url", "");
-lockPref("browser.safebrowsing.id", "");
-lockPref("browser.safebrowsing.malware.enabled", false);
-lockPref("browser.safebrowsing.passwords.enabled", false);
-lockPref("browser.safebrowsing.phishing.enabled", false);
-lockPref("browser.safebrowsing.provider.google.advisoryURL", "");
-lockPref("browser.safebrowsing.provider.google.pver", "");
-lockPref("browser.safebrowsing.provider.google.advisoryName", "");
-lockPref("browser.safebrowsing.provider.google.gethashURL", "");
-lockPref("browser.safebrowsing.provider.google.lastupdatetime", ""); // [DESKTOP]
-lockPref("browser.safebrowsing.provider.google.lists", "");
-lockPref("browser.safebrowsing.provider.google.nextupdatetime", ""); // [DESKTOP]
-lockPref("browser.safebrowsing.provider.google.reportMalwareMistakeURL", "");
-lockPref("browser.safebrowsing.provider.google.reportPhishMistakeURL", "");
-lockPref("browser.safebrowsing.provider.google.reportURL", "");
-lockPref("browser.safebrowsing.provider.google.updateURL", "");
-lockPref("browser.safebrowsing.provider.google4.advisoryName", "");
-lockPref("browser.safebrowsing.provider.google4.advisoryURL", "");
-lockPref("browser.safebrowsing.provider.google4.gethashURL", "");
-lockPref("browser.safebrowsing.provider.google4.lastupdatetime", ""); // [DESKTOP]
-lockPref("browser.safebrowsing.provider.google4.lists", "");
-lockPref("browser.safebrowsing.provider.google4.nextupdatetime", ""); // [DESKTOP]
-lockPref("browser.safebrowsing.provider.google4.reportMalwareMistakeURL", "");
-lockPref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", "");
-lockPref("browser.safebrowsing.provider.google4.reportURL", "");
-lockPref("browser.safebrowsing.provider.google4.updateURL", "");
-lockPref("browser.safebrowsing.provider.google4.dataSharing.enabled", false);
-lockPref("browser.safebrowsing.provider.google4.dataSharingURL", "");
-lockPref("browser.safebrowsing.provider.google4.pver", "");
-lockPref("browser.safebrowsing.provider.mozilla.gethashURL", "");
-lockPref("browser.safebrowsing.provider.mozilla.lastupdatetime", ""); // [DESKTOP]
-lockPref("browser.safebrowsing.provider.mozilla.lists", "");
-lockPref("browser.safebrowsing.provider.mozilla.lists.base", "");
-lockPref("browser.safebrowsing.provider.mozilla.lists.content", "");
-lockPref("browser.safebrowsing.provider.mozilla.nextupdatetime", "");
-lockPref("browser.safebrowsing.provider.mozilla.pver", "");
-lockPref("browser.safebrowsing.provider.mozilla.updateURL", "");
-lockPref("browser.safebrowsing.reportPhishURL", "");
-// -------------------------------------
-// Pref : Disable passive Tracking Protection
-// Passive TP annotates channels to lower the priority of network loads for resources on the tracking protection list.
-// [NOTE] It has no effect if TP is enabled, but keep in mind that by default TP is only enabled in Private Windows
-// This is included for people who want to completely disable Tracking Protection.
-// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1170190,1141814
-lockPref("privacy.trackingprotection.annotate_channels", false);
-lockPref("privacy.trackingprotection.lower_network_priority", false);
-// -------------------------------------
-// Pref : Disable passive Tracking Protection in all windows
-lockPref("privacy.trackingprotection.enabled", false);
-lockPref("privacy.trackingprotection.pbmode.enabled", false);
-// -------------------------------------
-// Pref : Disable cryptomining trackingprotection
-// [NOTE] uBlock is far superior and you can customize the lists as you wish
-// https://m.wiki.mozilla.org/Security/Tracking_protection#Lists
-// https://github.com/AdroitAdorKhan/EnergizedProtection
-// https://github.com/theel0ja/firefox-recommendations/blob/master/README.md
-// https://github.com/hoshsadiq/adblock-nocoin-list
-lockPref("browser.contentblocking.cryptomining.preferences.ui.enabled", false); // [DESKTOP]
-lockPref("privacy.trackingprotection.cryptomining.enabled", false);
-lockPref("urlclassifier.features.cryptomining.blacklistTables", "");
-lockPref("urlclassifier.features.cryptomining.whitelistTables", "");
-lockPref("urlclassifier.features.cryptomining.annotate.whitelistTables", "");
-lockPref("urlclassifier.features.cryptomining.annotate.blacklistTables", "");
-// -------------------------------------
-// Pref : Disable fingerprinting trackingprotection
-// [NOTE] uBlock is far superior and you can customize the lists as you wish
-// https://m.wiki.mozilla.org/Security/Tracking_protection#Lists
-// https://github.com/AdroitAdorKhan/EnergizedProtection
-// https://github.com/theel0ja/firefox-recommendations/blob/master/README.md
-lockPref("browser.contentblocking.fingerprinting.preferences.ui.enabled", false); // [DESKTOP]
-lockPref("privacy.trackingprotection.fingerprinting.enabled", false);
-lockPref("urlclassifier.features.fingerprinting.blacklistTables", "");
-lockPref("urlclassifier.features.fingerprinting.whitelistTables", "");
-lockPref("urlclassifier.features.fingerprinting.annotate.whitelistTables", "");
-lockPref("urlclassifier.features.fingerprinting.annotate.blacklistTables", "");
-// -------------------------------------
-// Pref : Disable social trackingprotection
-// [NOTE] uBlock is far superior and you can customize the lists as you wish
-// https://m.wiki.mozilla.org/Security/Tracking_protection#Lists
-// https://github.com/AdroitAdorKhan/EnergizedProtection
-// https://github.com/theel0ja/firefox-recommendations/blob/master/README.md
-lockPref("privacy.trackingprotection.socialtracking.enabled", false);
-lockPref("urlclassifier.features.socialtracking.blacklistTables", "");
-lockPref("urlclassifier.features.socialtracking.whitelistTables", "");
-lockPref("urlclassifier.features.socialtracking.annotate.whitelistTables", "");
-lockPref("urlclassifier.features.socialtracking.annotate.blacklistTables", "");
-lockPref("privacy.socialtracking.block_cookies.enabled", false); // [DESKTOP]
-lockPref("privacy.socialtracking.notification.enabled", false); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable PingCentre telemetry (used in several System Add-ons)
-// Currently blocked by 'datareporting.healthreport.uploadEnabled'
-lockPref("browser.ping-centre.telemetry", false); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable all the trackingprotection blocked elements by default
-lockPref("browser.contentblocking.features.strict", ""); // [DESKTOP]
+// Disable search engine updates (e.g. OpenSearch)
+lockPref("browser.search.update", false);
+//
+// APPEARANCE
+//
+// lockPref("browser.download.autohideButton", false); // [FF57+]
+// lockPref("toolkit.legacyUserProfileCustomizations.stylesheets", true); // [FF68+] allow userChrome/userContent
+// lockPref("ui.prefersReducedMotion", 1); // disable chrome animations [FF77+] [RESTART] [HIDDEN PREF]
+// 0=no-preference, 1=reduce: with RFP this only affects chrome
+// lockPref("ui.systemUsesDarkTheme", 1); // [FF67+] [HIDDEN PREF]
+// 0=light, 1=dark: with RFP this only affects chrome
+//
+// CONTENT BEHAVIOR
+//
+lockPref("accessibility.typeaheadfind", false); // enable "Find As You Type"
+lockPref("clipboard.autocopy", false); // disable autocopy default [LINUX]
+lockPref("layout.spellcheckDefault", 0); // 0=none, 1-multi-line, 2=multi-line & single-line
+//
+// UX BEHAVIOR
+//
+// lockPref("browser.backspace_action", 2); // 0=previous page, 1=scroll up, 2=do nothing
+// lockPref("browser.quitShortcut.disabled", true); // disable Ctrl-Q quit shortcut [LINUX] [MAC] [FF87+]
+// lockPref("browser.tabs.closeWindowWithLastTab", false);
+// lockPref("browser.tabs.loadBookmarksInTabs", true); // open bookmarks in a new tab [FF57+]
+// lockPref("browser.urlbar.decodeURLsOnCopy", true); // [FF53+]
+// lockPref("general.autoScroll", false); // middle-click enabling auto-scrolling [DEFAULT: false on Linux]
+// lockPref("ui.key.menuAccessKey", 0); // disable alt key toggling the menu bar [RESTART]
+// lockPref("view_source.tab", false); // view "page/selection source" in a new window [FF68+]
+//
+// UX FEATURES
+//
+lockPref("browser.messaging-system.whatsNewPanel.enabled", false); // What's New toolbar icon [FF69+]
+lockPref("extensions.pocket.enabled", false); // Pocket Account [FF46+]
+lockPref("extensions.screenshots.disabled", true); // [FF55+]
+lockPref("identity.fxaccounts.enabled", false); // Firefox Accounts & Sync [FF60+] [RESTART]
+defaultPref("reader.parse-on-load.enabled", false); // Reader View
+//
+// OTHER
+//
+// lockPref("browser.bookmarks.max_backups", 2);
+lockPref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false); // disable CFR [FF67+]
+lockPref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false); // disable CFR [FF67+]
+lockPref("network.manage-offline-status", false);
+lockPref("browser.preferences.moreFromMozilla", false);
+// lockPref("xpinstall.signatures.required", false); // enforced extension signing (Nightly/ESR)
+//
+// MORE
+//
+// lockPref("security.insecure_connection_icon.enabled", ""); // [DEFAULT: true FF70+]
+// lockPref("security.mixed_content.block_active_content", ""); // [DEFAULT: true since at least FF60]
+defaultPref("security.ssl.enable_ocsp_stapling", false); // [DEFAULT: true FF26+]
+// lockPref("webgl.disable-fail-if-major-performance-caveat", ""); // [DEFAULT: true FF86+]
+defaultPref("webgl.enable-webgl2", false);
+// lockPref("webgl.min_capability_mode", "");
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
-// Section : System add-ons / Experiments
-// >>>>>>>>>>>>>>>>>>>>
-// Pref : Sanitize System Add-on updates URL
-// https://firefox-source-docs.mozilla.org/toolkit/mozapps/extensions/addon-manager/SystemAddons.html
-// https://blog.mozilla.org/data/2018/08/20/effectively-measuring-search-in-firefox/
-// https://github.com/pyllyukko/user.js/issues/419
-// https://dxr.mozilla.org/mozilla-central/source/toolkit/mozapps/extensions/AddonManager.jsm#1248-1257
-// [NOTE] Disabling system add-on updates prevents Mozilla from "hotfixing" your browser to patch critical problems (one possible use case from the documentation)
-// lockPref("extensions.systemAddon.update.enabled", false);
-lockPref("extensions.systemAddon.update.url", "https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/en-US/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml"); // [URL SANITIZED]
-// -------------------------------------
-// Pref : Disable Normandy/Shield
-// Shield is an telemetry system (including Heartbeat) that can also push and test "recipes"
-// https://wiki.mozilla.org/Firefox/Shield
-// https://github.com/mozilla/normandy
-lockPref("app.normandy.enabled", false); // [DESKTOP]
-lockPref("app.normandy.api_url", ""); // [DESKTOP]
-lockPref("app.normandy.first_run", false); // [DESKTOP]
-lockPref("app.normandy.shieldLearnMoreUrl", ""); // [DESKTOP]
-lockPref("app.normandy.user_id", ""); // [DESKTOP]
-lockPref("features.normandy-remote-settings.enabled", false); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable Form Autofill
-// [NOTE] Stored data is NOT secure (uses a JSON file)
-// [NOTE] Heuristics controls Form Autofill on forms without @autocomplete attributes
-// https://wiki.mozilla.org/Firefox/Features/Form_Autofill
-// https://www.ghacks.net/2017/05/24/firefoxs-new-form-autofill-is-awesome/
-lockPref("extensions.formautofill.addresses.enabled", false); // [DESKTOP]
-lockPref("extensions.formautofill.available", "off"); // [DESKTOP]
-lockPref("extensions.formautofill.creditCards.enabled", false); // [DESKTOP]
-lockPref("extensions.formautofill.heuristics.enabled", false); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable ExperimentManager and relative API
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1620021
-lockPref("messaging-system.rsexperimentloader.enabled", false); // [DESKTOP]
-lockPref("messaging-system.log", ""); // [DESKTOP]
-//
-// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
-// Section : Persistent Storage
-// >>>>>>>>>>>>>>>>>>>>
-// Pref : Delete cookies and site data on close
-// 0=keep until they expire (default),1=Prompt for each cookie, 2=keep until you close Firefox, 3=Accept for N days
-// https://addons.mozilla.org/en-US/firefox/addon/cookie-autodelete/
-lockPref("network.cookie.lifetimePolicy", 2);
-// -------------------------------------
-// Pref : Sets the number of days that the lifetime of cookies should be limited to
-// [NOTE] Only use if network.cookie.lifetimePolicy is set to 3
-// defaultPref("network.cookie.lifetime.days", 1); // [DEFAULT: 90]
-// -------------------------------------
-// Pref : Disable 3rd-party cookies and site-data
-// 0=(Allow) cookies and site data, 1=(Block) All third-party cookies, 2=(Block) All cookies, 3=(Block) Cookies from unvisited websites, 4=(Block) Cross-site and social media trackers
-// [NOTE] Can breaks payment gateways
-defaultPref("network.cookie.cookieBehavior", 1);
-// -------------------------------------
-// Pref : Disable compatibility heuristics to 3rd-party cookie blocking
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1625568
-lockPref("network.cookie.rejectForeignWithExceptions.enabled", false);
-// -------------------------------------
-// Pref : Set third-party cookies (i.e ALL) (if enabled) to session-only and set third-party non-secure (i.e HTTP) cookies to session-only
-// [NOTE] .sessionOnly overrides .nonsecureSessionOnly except when .sessionOnly=false and .nonsecureSessionOnly=true. This allows you to keep HTTPS cookies, but session-only HTTP ones
-// https://feeding.cloud.geek.nz/posts/tweaking-cookies-for-privacy-in-firefox/
-lockPref("network.cookie.thirdparty.sessionOnly", true);
-lockPref("network.cookie.thirdparty.nonsecureSessionOnly", true);
-// -------------------------------------
-// Pref : Disable HTTP sites setting cookies with the "secure" directive
-// https://developer.mozilla.org/Firefox/Releases/52#HTTP
-lockPref("network.cookie.leave-secure-alone", true); // [DEFAULT: true]
-// -------------------------------------
-// Pref : Enable support for same-site cookies
-// https://bugzilla.mozilla.org/795346
-// https://blog.mozilla.org/security/2018/04/24/same-site-cookies-in-firefox-60/
-// https://www.sjoerdlangkemper.nl/2016/04/14/preventing-csrf-with-samesite-cookie-attribute/
-lockPref("network.cookie.same-site.enabled", true); // [DEFAULT: true]
-// -------------------------------------
-// Pref : Disable DOM (Document Object Model) Storage
-// [WARNING] This will break a LOT of sites' functionality AND extensions!
-// You are better off using an extension for more granular control
-// lockPref("dom.storage.enabled", false);
-// -------------------------------------
-// Pref : Do not download URLs for the offline cache
-lockPref("browser.cache.offline.storage.enable", false);
-lockPref("browser.cache.offline.enable", false);
-lockPref("browser.cache.offline.capacity", 0);
-// -------------------------------------
-// Pref : Disable service workers cache and cache storage
-// [NOTE] Service worker cache are cleared on exit
-// https://w3c.github.io/ServiceWorker/#privacy
-// lockPref("dom.caches.enabled", false);
-// -------------------------------------
-// Pref : Disable Storage API
-// The API gives sites the ability to find out how much space they can use, how much they are already using, and even control whether or not they need to be alerted before the user agent disposes of site data in order to make room for other things.
-// https://developer.mozilla.org/docs/Web/API/StorageManager
-// https://developer.mozilla.org/docs/Web/API/Storage_API
-// https://blog.mozilla.org/l10n/2017/03/07/firefox-l10n-report-aurora-54/
-lockPref("dom.storageManager.enabled", false);
-// -------------------------------------
-// Pref : Disable Storage Access API
-// https://developer.mozilla.org/en-US/docs/Web/API/Storage_Access_API
-lockPref("dom.storage_access.enabled", false);
-// -------------------------------------
-// Pref : Disable download history
-lockPref("browser.download.manager.retention", 0); // [DESKTOP]
-// -------------------------------------
-// Pref : Enable Firefox to clear items on shutdown
-defaultPref("privacy.sanitize.sanitizeOnShutdown", true); // [DESKTOP]
-// -------------------------------------
-// Pref : Set what items to clear when Firefox closes
-// https://support.mozilla.org/en-US/kb/Clear%20Recent%20History#w_how-do-i-make-firefox-clear-my-history-automatically
-// [NOTE] Installing user.js will remove your browsing history, caches and local storage.
-// [NOTE] Installing user.js **will remove your saved passwords** (https://github.com/pyllyukko/user.js/issues/27)
-// [NOTE] Clearing open windows on Firefox exit causes 2 windows to open when Firefox starts https://bugzilla.mozilla.org/show_bug.cgi?id=1334945
-// [NOTE] If 'history' is true, downloads will also be cleared regardless of the value
-defaultPref("privacy.clearOnShutdown.cache", true); // [DESKTOP]
-defaultPref("privacy.clearOnShutdown.cookies", true); // [DESKTOP]
-defaultPref("privacy.clearOnShutdown.downloads", true); // [DESKTOP]
-defaultPref("privacy.clearOnShutdown.formdata", true); // [DESKTOP]
-defaultPref("privacy.clearOnShutdown.history", true); // [DESKTOP]
-defaultPref("privacy.clearOnShutdown.offlineApps", true); // [DESKTOP]
-defaultPref("privacy.clearOnShutdown.sessions", true); // [DESKTOP]
-defaultPref("privacy.clearOnShutdown.siteSettings", true); // [DESKTOP]
-// lockPref("privacy.clearOnShutdown.openWindows", true); // [DESKTOP]
-// -------------------------------------
-// Pref : Reset default 'Time range to clear' for 'Clear Recent History'
-// Firefox remembers your last choice. This will reset the value when you start Firefox.
-// 0=everything, 1=last hour, 2=last two hours, 3=last four hours, 4=today, 5=last five minutes, 6=last twenty-four hours
-// [NOTE] The values 5 + 6 are not listed in the dropdown, which will display a blank value if they are used, but they do work as advertised
-defaultPref("privacy.sanitize.timeSpan", 0); // [DESKTOP]
-//
-// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
-// Section : Headers / Referers
-// >>>>>>>>>>>>>>>>>>>>
-// Pref : Control when images/links send a referer
-// 0=never, 1=send only when links are clicked, 2=for links and images (default)
-lockPref("network.http.sendRefererHeader", 2);
-// -------------------------------------
-// Pref : Control the amount of information to send
-// 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port
-lockPref("network.http.referer.trimmingPolicy", 2);
-// -------------------------------------
-// Pref : Control when to send a referer
-// 0=always (default), 1=only if base domains match, 2=only if hosts match
-lockPref("network.http.referer.XOriginPolicy", 2);
-// -------------------------------------
-// Pref : Control the amount of information to send
-// 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port
-lockPref("network.http.referer.XOriginTrimmingPolicy", 2);
-// -------------------------------------
-// Pref : Send a referer header with the target URI as the source
-// https://bugzilla.mozilla.org/show_bug.cgi?id=822869
-// https://github.com/pyllyukko/user.js/issues/227
-// https://github.com/pyllyukko/user.js/issues/94
-// [NOTE] Spoofing referers breaks functionality on websites relying on authentic referer headers
-// [NOTE] Spoofing referers breaks visualisation of 3rd-party sites on the Lightbeam addon
-// [NOTE] Spoofing referers disable CSRF protection on some login pages not implementing origin-header/cookie+token based CSRF protection
-lockPref("network.http.referer.spoofSource", true); // [DEFAULT: false]
-// -------------------------------------
-// Pref : Set the default Referrer Policy
-// 0=no-referer, 1=same-origin, 2=strict-origin-when-cross-origin, 3=no-referrer-when-downgrade
-// [NOTE] This is only a default, it can be overridden by a site-controlled Referrer Policy
-// https://www.w3.org/TR/referrer-policy/
-// https://developer.mozilla.org/docs/Web/HTTP/Headers/Referrer-Policy
-// https://blog.mozilla.org/security/2018/01/31/preventing-data-leaks-by-stripping-path-information-in-http-referrers/
-defaultPref("network.http.referer.defaultPolicy", 3); // [DEFAULT: 3]
-defaultPref("network.http.referer.defaultPolicy.pbmode", 2); // [DEFAULT: 2]
-defaultPref("network.http.referer.defaultPolicy.trackers", 3); // [DEFAULT: 3]
-defaultPref("network.http.referer.defaultPolicy.trackers.pbmode", 2); // [DEFAULT: 2]
-// -------------------------------------
-// Pref : Hide (not spoof) referrer when leaving a .onion domain
-// [NOTE] Firefox cannot access .onion sites by default. We recommend you use the Tor Browser which is specifically designed for hidden services
-// https://bugzilla.mozilla.org/1305144
-lockPref("network.http.referer.hideOnionSource", true); // [DEFAULT: false]
-// -------------------------------------
-// Pref : Reject .onion hostnames before passing the to DNS
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1228457
-lockPref("network.dns.blockDotOnion", true); // [DEFAULT: true]
-// -------------------------------------
-// Pref : Disable the DNT (Do Not Track) HTTP header
-lockPref("privacy.donottrackheader.enabled", false); // [DEFAULT: true]
-//
-// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
-// Section : FPI (First Party Isolation)
-// >>>>>>>>>>>>>>>>>>>>
-// Pref : Enable FPI (First Party Isolation)
-// [NOTE] May break cross-domain logins and site functionality until perfected
-// https://bugzilla.mozilla.org/1260931
-lockPref("privacy.firstparty.isolate", true);
-// -------------------------------------
-// Pref : Enforce FPI restriction for window.opener [FF54+]
-// [NOTE] Setting this to false may reduce the breakage in the previous pref
-// FF65+ blocks postMessage with targetOrigin "*" if originAttributes don't match. But to reduce breakage it ignores the 1st-party domain (FPD) originAttribute.
-// The 2nd pref removes that limitation and will only allow communication if FPDs also match.
-// https://bugzilla.mozilla.org/1319773#c22
-// https://bugzilla.mozilla.org/1492607
-// https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage
-lockPref("privacy.firstparty.isolate.restrict_opener_access", true);
-lockPref("privacy.firstparty.isolate.block_post_message", true); // [HIDDEN PREF ESR]
-//
-// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
-// Section : RFP (Resist Fingerprinting) / RFP Alternatives / APIs
-// >>>>>>>>>>>>>>>>>>>>
-// Pref : Enable hardening against various fingerprinting vectors (Tor Uplift project)
-// https://wiki.mozilla.org/Security/Tor_Uplift/Tracking
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1333933
-lockPref("privacy.resistFingerprinting", true); // [DEFAULT: false]
-// -------------------------------------
-// Pref : Disable mozAddonManager Web API
-// [NOTE] As a side-effect allowed extensions to work on AMO. You also need to sanitize or clear extensions.webextensions.restrictedDomains to keep that side-effect
-// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988
-lockPref("privacy.resistFingerprinting.block_mozAddonManager", true); // [HIDDEN PREF] // [DESKTOP]
-// -------------------------------------
-// Pref : Enable RFP letterboxing
-// Dynamically resizes the inner window by applying letterboxing, using dimensions which waste the least content area, If you use the dimension pref, then it will only apply those resolutions. The format is "width1xheight1, width2xheight2, ..." (e.g. "800x600, 1000x1000, 1600x900")
-// [WARNING] The dimension pref is only meant for testing, and we recommend you DO NOT USE it
-// https://bugzilla.mozilla.org/1407366
-// lockPref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF] // [DESKTOP]
-// lockPref("privacy.resistFingerprinting.letterboxing.dimensions", ""); // [HIDDEN PREF] // [DESKTOP]
-// -------------------------------------
-// Pref : Disable WebRTC, getUserMedia, screen sharing, audio capture, video capture
-// https://wiki.mozilla.org/Media/getUserMedia
-// https://blog.mozilla.org/futurereleases/2013/01/12/capture-local-camera-and-microphone-streams-with-getusermedia-now-enabled-in-firefox/
-// https://developer.mozilla.org/en-US/docs/Web/API/Navigator
-lockPref("media.navigator.enabled", false);
-lockPref("media.navigator.video.enabled", false);
-// -------------------------------------
-// Pref : Spoof CPU Core
-// [NOTE] *may* affect core performance, will affect content.
-// Default settings seems to be the best
-// https://bugzilla.mozilla.org/1008453
-// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21675
-// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/22127
-// https://html.spec.whatwg.org/multipage/workers.html#navigator.hardwareconcurrency
-// lockPref("dom.maxHardwareConcurrency", 2);
-// -------------------------------------
-// Pref : Disable resource timing API
-// https://www.w3.org/TR/resource-timing/#privacy-security
-lockPref("dom.enable_resource_timing", false); // [DEFAULT: true]
-// -------------------------------------
-// Pref : Disable DOM timing API
-// https://wiki.mozilla.org/Security/Reviews/Firefox/NavigationTimingAPI
-// https://www.w3.org/TR/navigation-timing/#privacy
-lockPref("dom.enable_performance", false); // [DEFAULT: true]
-lockPref("dom.enable_performance_navigation_timing", false); // [DEFAULT: true]
-// -------------------------------------
-// Pref : Disable sensor API
-// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/15758
-// https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api/
-// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1357733,1292751
-lockPref("device.sensors.enabled", false); // [DEFAULT: true]
-lockPref("device.sensors.ambientLight.enabled", false); // [DEFAULT: false]
-lockPref("device.sensors.motion.enabled", false); // [DEFAULT: true]
-lockPref("device.sensors.orientation.enabled", false); // [DEFAULT: true]
-lockPref("device.sensors.proximity.enabled", false); // [DEFAULT: false]
-lockPref("device.sensors.test.events", false); // [DEFAULT: false]
-// -------------------------------------
-// Pref : Disable gamepad API - USB device ID enumeration
-// Optional protection depending on your connected devices
-// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/13023
-lockPref("dom.gamepad.enabled", false); // [DEFAULT: true]
-lockPref("dom.gamepad.extensions.enabled", false); // [DEFAULT: true]
-lockPref("dom.gamepad.haptic_feedback.enabled", false); // [DEFAULT: false]
-lockPref("dom.gamepad.test.enabled", false); // [DEFAULT: true]
-lockPref("dom.gamepad.extensions.lightindicator", false); // [DEFAULT: false]
-lockPref("dom.gamepad.extensions.multitouch", false); // [DEFAULT: false]
-// -------------------------------------
-// Pref : Disable giving away network info
-// e.g. bluetooth, cellular, ethernet, wifi, wimax, other, mixed, unknown, none
-// https://developer.mozilla.org/docs/Web/API/Network_Information_API
-// https://wicg.github.io/netinfo/
-// https://bugzilla.mozilla.org/960426
-lockPref("dom.netinfo.enabled", false); // [DEFAULT: true]
-// -------------------------------------
-// Pref : Disable the SpeechSynthesis (Text-to-Speech) part of the Web Speech API
-// https://developer.mozilla.org/docs/Web/API/Web_Speech_API
-// https://developer.mozilla.org/docs/Web/API/SpeechSynthesis
-// https://wiki.mozilla.org/HTML5_Speech_API
-lockPref("media.webspeech.synth.enabled", false); // [DEFAULT: true]
-lockPref("media.webspeech.synth_force_global_queue", false); // [DEFAULT: false]
-// -------------------------------------
-// Pref : Disable video statistics - JS performance fingerprinting
-// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/15757
-// https://bugzilla.mozilla.org/654550
-lockPref("media.video_stats.enabled", false); // [DEFAULT: true]
-// -------------------------------------
-// Pref : Force touch events enabled by default
-// Fingerprinting attack vector - leaks screen res & actual screen coordinates.
-// 0=disabled, 1=enabled, 2=autodetect
-// This pref is set to 2 by default, which results in the Touch API being exposed only when touch hardware is present. So we should either set it to "1" (enable) or "0" (disable) to ensure that JS code can't fingerprint the user's hardware.
-// https://developer.mozilla.org/docs/Web/API/Touch_events
-// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10286
-defaultPref("dom.w3c_touch_events.enabled", 0); // [DEFAULT: 2] // [FENNEC - BUG] ff disabled, disallow copy/paste any text
-// -------------------------------------
-// Pref : Disable MediaDevices change detection
-// https://developer.mozilla.org/docs/Web/Events/devicechange
-// https://developer.mozilla.org/docs/Web/API/MediaDevices/ondevicechange
-lockPref("media.ondevicechange.enabled", false); // [DEFAULT: true]
-// -------------------------------------
-// Pref : Disable WebGL debug info being available to websites
-// https://bugzilla.mozilla.org/1171228
-// https://developer.mozilla.org/docs/Web/API/WEBGL_debug_renderer_info
-lockPref("webgl.enable-debug-renderer-info", false); // [DEFAULT: true]
-// -------------------------------------
-// Pref : Disable PointerEvents
-// https://developer.mozilla.org/en-US/docs/Web/API/PointerEvent
-lockPref("dom.w3c_pointer_events.enabled", false); // [DEFAULT: false]
-// -------------------------------------
-// Pref : Disable Battery Status API
-// Initially a Linux issue (high precision readout) that was fixed.
-// However, it is still another metric for fingerprinting, used to raise entropy.
-// e.g. do you have a battery or not, current charging status, charge level, times remaining etc
-// https://bugzilla.mozilla.org/1313580
-lockPref("dom.battery.enabled", false); // [DEFAULT: true]
-// -------------------------------------
-// Pref : Disable virtual reality devices APIs
-// https://developer.mozilla.org/en-US/Firefox/Releases/36#Interfaces.2FAPIs.2FDOM
-// https://developer.mozilla.org/en-US/docs/Web/API/WebVR_API
-lockPref("dom.vr.enabled", false); // [DEFAULT: true]
-lockPref("dom.vr.autoactivate.enabled", false);
-lockPref("dom.vr.oculus.enabled", false);
-lockPref("dom.vr.oculus.invisible.enabled", false);
-lockPref("dom.vr.openvr.enabled", false);
-lockPref("dom.vr.osvr.enabled", false);
-lockPref("dom.vr.poseprediction.enabled", false);
-lockPref("dom.vr.puppet.enabled", false);
-lockPref("dom.vr.require-gesture", true);
-lockPref("gfx.vr.osvr.clientKitLibPath", "");
-lockPref("gfx.vr.osvr.clientLibPath", "");
-lockPref("gfx.vr.osvr.commonLibPath", "");
-lockPref("gfx.vr.osvr.utilLibPath", "");
-lockPref("dom.vr.process.enabled", false);
-lockPref("dom.vr.webxr.enabled", false);
-lockPref("dom.vr.always_support_ar", false);
-lockPref("dom.vr.always_support_vr", false);
-// -------------------------------------
-// Pref : Block by default permission for Virtual Reality
-// 0=always ask (default), 1=allow, 2=block
-lockPref("permissions.default.xr", 2); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable hardware acceleration to reduce graphics fingerprinting
-// [WARNING] Affects text rendering (fonts will look different), impacts video performance, and parts of Quantum that utilize the GPU will also be affected as they are rolled out
-// https://wiki.mozilla.org/Platform/GFX/HardwareAcceleration
-defaultPref("gfx.direct2d.disabled", true); // [DESKTOP] // [WINDOWS]
-defaultPref("layers.acceleration.disabled", true); // [DEFAULT: false]
-defaultPref("layers.acceleration.force-enabled", false); // [FENNEC - BUG] Force close during startup
-// -------------------------------------
-// Pref : Disable Web Audio API
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1288359
-lockPref("dom.webaudio.enabled", false); // [DEFAULT: true]
-// -------------------------------------
-// Pref : Disable Media Capabilities API
-// [SETUP-PERF] This *may* affect media performance if disabled, no one is sure
-// https://github.com/WICG/media-capabilities
-// https://wicg.github.io/media-capabilities/#security-privacy-considerations
-// lockPref("media.media-capabilities.enabled", false); // [DEFAULT: true]
-// -------------------------------------
-// Pref : Disable showing about:blank as soon as possible during startup
-// true=no longer masks the RFP chrome resizing activity
-// https://bugzilla.mozilla.org/1448423
-lockPref("browser.startup.blankWindow", false); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable network API
-// https://developer.mozilla.org/en-US/docs/Web/API/Connection/onchange
-// https://www.torproject.org/projects/torbrowser/design/#fingerprinting-defenses
-lockPref("dom.network.enabled", false); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable chrome animations
-// 0=no-preference, 1=reduce. RFP spoofs this for web content
-lockPref("ui.prefersReducedMotion", 1); // [HIDDEN PREF]
-//
-// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
-// Section : UI (User Interface)
+// DEPRECATED / REMOVED / LEGACY / RENAMED
// >>>>>>>>>>>>>>>>>>>>>
-// Pref : Disable third-party cookie UI
-lockPref("browser.contentblocking.rejecttrackers.ui.enabled", false); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable tracking protection UI list editing under preferences
-lockPref("browser.contentblocking.trackingprotection.ui.enabled", false); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable auto hide download button
-defaultPref("browser.download.autohideButton", false); // [DESKTOP]
//
-// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
-// Section : Personal
-// >>>>>>>>>>>>>>>>>>>>
-// Pref : Enable "Always enable zoom" feature by default
-// When true, zooming will be enabled on all sites, even ones that declare user-scalable=no
-defaultPref("browser.ui.zoom.force-user-scalable", true); // [DEFAULT: false]
-// -------------------------------------
-// Pref : Disable inline autocomplete in URL bar
-// https://support.mozilla.org/en-US/kb/address-bar-autocomplete-firefox#w_url-autocomplete
-defaultPref("browser.urlbar.autoFill", false); // [DESKTOP]
-defaultPref("browser.urlbar.autoFill.typed", false); // [DESKTOP]
-// -------------------------------------
-// Pref : Set bookmarks backups
-// To compensate for the case of bookmarks being lost due to a system crash.
-lockPref("browser.bookmarks.max_backups", 0); // [DEFAULT: 5]
-// -------------------------------------
-// Pref : Set home provider syncing only on wifi
-// 0=sync always, 1=sync only when on wifi
-lockPref("home.sync.updateMode", 1); // [DEFAULT: 0] // [FENNEC]
-// lockPref("home.sync.checkIntervalSecs", 3600); // [FENNEC]
-// -------------------------------------
-// Pref : Middle-click mouse enabling auto-scrolling
-defaultPref("general.autoScroll", true); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable buttons
-lockPref("pref.general.disable_button.default_browser", true); // [DESKTOP]
-lockPref("pref.privacy.disable_button.view_passwords", true); // [DESKTOP]
-// -------------------------------------
-// Pref : Disable Reader mode
-// defaultPref("reader.parse-on-load.enabled", false);
-// -------------------------------------
-// Pref : Disable dark theme on forms
-defaultPref("widget.content.gtk-theme-override", "Adwaita"); // [DESKTOP]
-// -------------------------------------
-// Pref: Disable "Ctrl+Tab cycles through tabs in recently used order"
-// https://bugzilla.mozilla.org/1473595
-defaultPref("browser.ctrlTab.recentlyUsedOrder", false); // [DESKTOP]
-// -------------------------------------
-// Pref : Display long lines in view-source page
-defaultPref("view_source.wrap_long_lines", true);
+// ESR91.x still uses all the following prefs
+//
+// FF93
+// Disable non-modern cipher suites
+lockPref("security.ssl3.rsa_des_ede3_sha", false); // 3DES
+// -------------------------------------
+// FF94
+// Limit font visibility (Windows, Mac, some Linux) [FF79+]
+// lockPref("layout.css.font-visibility.level", 1);
+// -------------------------------------
+// FF95
+// Disable location bar contextual suggestions [FF92+]
+lockPref("browser.urlbar.suggest.quicksuggest", false);
+//
+// FF96
+// Disable auto-INSTALLING Firefox updates via a background service [FF90+] [WINDOWS]
+lockPref("app.update.background.scheduling.enabled", false);
+//
+// FF97
+// Onions - replaced by new "allowlist"
+// lockPref("dom.securecontext.whitelist_onions", true);
+//
+// FF99
+// Enforce CSP (Content Security Policy)
+lockPref("security.csp.enable", true); // [DEFAULT: true]
//
-// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
-// Section : Deprecated / Removed / Legacy / Renamed
-// >>>>>>>>>>>>>>>>>>>>
-// ESR68.x still uses all the following prefs
-// -------------------------------------
-// FF69+
-// -------------------------------------
-// Pref : Disable app from auto-update
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1515484
-// https://hg.mozilla.org/mozilla-central/rev/62e0ef6e50dd
-lockPref("app.update.silent", false);
-// -------------------------------------
-// Pref : Disable prerendering newtab
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1555448
-// https://hg.mozilla.org/mozilla-central/rev/e2f99cd199eb
-lockPref("browser.newtabpage.activity-stream.prerender", false);
-// -------------------------------------
-// Pref : Disable virtual reality devices APIs
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1558358
-// https://hg.mozilla.org/mozilla-central/rev/d97d53e8c4f9
-lockPref("dom.vr.external.enabled", false);
-lockPref("dom.vr.service.enabled", false);
-lockPref("dom.vr.test.enabled", false);
-// -------------------------------------
-// Pref : Disable Telemetry
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1548646
-// https://hg.mozilla.org/mozilla-central/rev/4f4de4742c98
-lockPref("security.identitypopup.recordEventElemetry", false);
-// -------------------------------------
-// Pref : Disable other sync settings (by prevention)
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1560154
-// https://hg.mozilla.org/mozilla-central/rev/68aacb4ba7f9
-lockPref("services.sync.prefs.sync.browser.sessionstore.restore_on_demand", false);
-// -------------------------------------
-// Pref : Disable WOFF2 (Web Open Font Format)
-// https://bugzilla.mozilla.org/1556991
-// https://hg.mozilla.org/mozilla-central/rev/69d1b01b2847
-lockPref("gfx.downloadable_fonts.woff2.enabled", false);
-// -------------------------------------
-// Pref : Enforce click-to-play for plugins
-// https://bugzilla.mozilla.org/1519434
-// https://hg.mozilla.org/mozilla-central/rev/38fc0d299eb0
-lockPref("plugins.click_to_play", true);
-// -------------------------------------
-// Pref : Disable autoplay of HTML5 media
-// https://bugzilla.mozilla.org/1562331
-// https://hg.mozilla.org/mozilla-central/rev/3780202d7104
-lockPref("media.autoplay.allow-muted", false);
-// -------------------------------------
-// FF70+
-// -------------------------------------
-// Pref : Disable disk cache for SSL pages
-// lockPref("browser.cache.disk_cache_ssl", false);
-// -------------------------------------
-// Pref : Disable a part of breakage report UI
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1566985
-// https://hg.mozilla.org/mozilla-central/rev/513e87bb151b
-// https://hg.mozilla.org/mozilla-central/rev/708f0175c5e6
-lockPref("browser.contentblocking.reportBreakage.enabled", false);
-lockPref("browser.contentblocking.rejecttrackers.reportBreakage.enabled", false);
-// -------------------------------------
-// Pref : Disable tracking protection UI list editing under url bar popup
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1572139
-lockPref("browser.contentblocking.trackingprotection.control-center.ui.enabled", false);
-// -------------------------------------
-// Pref : Disable parts of trackingprotection and related syncs
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1570971
-// https://hg.mozilla.org/mozilla-central/rev/8247f9a13f56
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1564367
-// https://hg.mozilla.org/mozilla-central/rev/a931afa2c4bd
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1560040
-// https://hg.mozilla.org/mozilla-central/rev/11dc1c09bb58
-lockPref("privacy.trackingprotection.cryptomining.annotate.enabled", false);
-lockPref("privacy.trackingprotection.fingerprinting.annotate.enabled", false);
-lockPref("privacy.trackingprotection.introURL", "");
-lockPref("privacy.trackingprotection.socialtracking.annotate.enabled", false);
-lockPref("services.sync.prefs.sync.browser.contentblocking.enabled", false);
-lockPref("services.sync.prefs.sync.privacy.trackingprotection.cryptomining.annotate.enabled", false);
-lockPref("services.sync.prefs.sync.privacy.trackingprotection.fingerprinting.annotate.enabled", false);
-// -------------------------------------
-// Pref : Disable about:logins (Firefox Lockwise)
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1567548
-// https://hg.mozilla.org/mozilla-central/rev/198896f94464
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1572569
-// https://hg.mozilla.org/mozilla-central/rev/9a1a98370eca
-lockPref("signon.management.page.faqURL", "");
-lockPref("signon.management.page.feedbackURL", "");
-// -------------------------------------
-// Pref : Use APP locale over OS locale in regional preferences
-// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1379420,1364789
-// lockPref("intl.regional_prefs.use_os_locales", false);
-// -------------------------------------
-// FF71+
-// -------------------------------------
-// Pref : Display a notification bar when websites offer data for offline use
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1574480
-// https://hg.mozilla.org/mozilla-central/rev/9fedd8400ab2
-lockPref("browser.offline-apps.notify", false);
-lockPref("services.sync.prefs.sync.browser.offline-apps.notify", false);
-// -------------------------------------
-// Pref : Disable useragent updates and site specific overrides
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1513574
-// https://hg.mozilla.org/mozilla-central/rev/59d191ed3f5b
-lockPref("general.useragent.site_specific_overrides", false);
-// -------------------------------------
-// Pref : Enable / Disable Firefox internal page, and related warnings
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1589387
-// https://hg.mozilla.org/integration/autoland/rev/2379847488eb
-lockPref("network.warnOnAboutNetworking", false);
-// -------------------------------------
-// Pref : Enforce websites to ask to store data for offline use
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1574480
-// https://hg.mozilla.org/mozilla-central/rev/9fedd8400ab2
-lockPref("offline-apps.allow_by_default", false);
-// -------------------------------------
-// Pref : Disable other sync settings (by prevention)
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1570567
-// https://hg.mozilla.org/mozilla-central/rev/38ae84bb1ca3
-lockPref("services.sync.fxa.privacyURL", "");
-lockPref("services.sync.fxa.termsURL", "");
-// -------------------------------------
-// Pref : Disable offline cache on insecure sites
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1237782
-// https://hg.mozilla.org/mozilla-central/rev/d52a0108ed8e
-lockPref("browser.cache.offline.insecure.enable", false);
-// -------------------------------------
-// Pref : Disable WebIDE to prevent remote debugging
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1539462
-// https://hg.mozilla.org/integration/autoland/rev/eaa523b98e72
-lockPref("devtools.webide.enabled", false);
-lockPref("devtools.webide.autoinstallADBExtension", false);
-lockPref("devtools.webide.templatesURL", "");
-lockPref("devtools.webide.adaptersAddonURL", "");
-// -------------------------------------
-// Pref : Disable social trackingprotection notification
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1570631
-// https://hg.mozilla.org/mozilla-central/rev/94c10676584a
-lockPref("privacy.socialtracking.notification.enabled", false);
-// -------------------------------------
-// FF72+
-// -------------------------------------
-// Pref : Disable PingCentre telemetry (used in several System Add-ons)
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1597697
-// https://hg.mozilla.org/mozilla-central/rev/7fcdfe9a24e4
-lockPref("browser.ping-centre.production.endpoint", "");
-lockPref("browser.ping-centre.staging.endpoint", "");
-lockPref("browser.newtabpage.activity-stream.telemetry.ping.endpoint", "");
-// -------------------------------------
-// Pref : Disable Firefox Tips / Search suggestions
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1525296
-// https://hg.mozilla.org/mozilla-central/rev/0fb16f92be6f
-lockPref("browser.urlbar.timesBeforeHidingSuggestionsHint", 0);
-// -------------------------------------
-// Pref : Block unwanted connections
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1593693
-// https://hg.mozilla.org/mozilla-central/rev/ca070ea1fc32
-lockPref("network.netlink.route.check.IPv4", "");
-lockPref("network.netlink.route.check.IPv6", "");
-// -------------------------------------
-// Pref : Set default plugin state (i.e. new plugins on discovery) to never activate
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1596090
-// https://hg.mozilla.org/mozilla-central/rev/df333402f126
-lockPref("plugin.defaultXpi.state", 0);
-// -------------------------------------
-// Pref : Disable Telemetry
-// https://bugzilla.mozilla.org/1520491
-// https://hg.mozilla.org/mozilla-central/rev/76b117a14bca
-lockPref("toolkit.telemetry.hybridContent.enabled", false);
-// -------------------------------------
-// Pref : Disable IndexedDB
-// https://bugzilla.mozilla.org/1488583
-// https://hg.mozilla.org/mozilla-central/rev/c2ab1dc00f21
-// lockPref("dom.indexedDB.enabled", false);
-// -------------------------------------
-// FF73+
-// -------------------------------------
-// Pref : Decrease system information leakage to Mozilla addons update servers
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1572140
-// https://hg.mozilla.org/mozilla-central/rev/6537d7cbffe8
-lockPref("extensions.getAddons.compatOverides.url", "");
-// -------------------------------------
-// Pref : Remove remote discovery pane from about:addons
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1337627
-// https://hg.mozilla.org/mozilla-central/rev/e542391fb8c5
-lockPref("extensions.htmlaboutaddons.discover.enabled", false);
-// -------------------------------------
-// Pref : Remove extensions.htmlaboutaddons.enabled pref
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1564525
-// https://hg.mozilla.org/mozilla-central/rev/7bcf4117a172
-lockPref("extensions.htmlaboutaddons.enabled", false);
-// -------------------------------------
-// Pref : Disable ship remote agent in Firefox Nightly
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1544393
-// https://hg.mozilla.org/mozilla-central/rev/5a69d75cf9b1
-lockPref("remote.enabled", false);
-lockPref("remote.force-local", true);
-// -------------------------------------
-// Pref : Disable login manager storage
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1602631
-// https://hg.mozilla.org/mozilla-central/rev/860cbb7db3c8
-lockPref("signon.storeSignons", false);
-// -------------------------------------
-// FF74+
-// -------------------------------------
-// Pref : Disable legacy extensions
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1524327
-// https://hg.mozilla.org/comm-central/rev/c1457ba6362c
-lockPref("extensions.legacy.enabled", false);
-// -------------------------------------
-// Pref : Disable about:logins (Firefox Lockwise)
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1606888
-// https://hg.mozilla.org/mozilla-central/rev/0c7b5a9964dd
-lockPref("signon.management.page.enabled", false);
-// -------------------------------------
-// Pref : Disable WebGL extensions
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1477756
-// https://hg.mozilla.org/mozilla-central/rev/ccfa767dba64
-lockPref("webgl.disable-extensions", true);
-// -------------------------------------
-// Pref : Disable using the OS's geolocation service
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1613627
-// https://hg.mozilla.org/mozilla-central/rev/261683a6e351
-lockPref("geo.wifi.uri", "");
-// -------------------------------------
-// Pref : Disable logging geolocation to the console
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1613627
-// https://hg.mozilla.org/mozilla-central/rev/261683a6e351
-lockPref("geo.wifi.logging.enabled", false); // [HIDDEN PREF]
-// -------------------------------------
-// Pref : Set behaviour on "+ Tab" button to display container menu
-// 0=no menu (default), 1=show when clicked, 2=show on long press
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1606265
-// https://hg.mozilla.org/mozilla-central/rev/4a6071f143a5
-defaultPref("privacy.userContext.longPressBehavior", 2);
-// -------------------------------------
-// FF75+
-// -------------------------------------
-// Pref : Disable contentblocking reports
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1612088
-// https://hg.mozilla.org/mozilla-central/rev/b582c518daeb
-lockPref("browser.contentblocking.report.lockwise.url", "");
-// -------------------------------------
-// Pref : Disable GeoIP lookup on your address to set default search engine region
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1589618
-// https://hg.mozilla.org/mozilla-central/rev/eeda4bdcd130
-lockPref("browser.search.geoip.url", "");
-// -------------------------------------
-// Pref : Enable one-click select all URL bar
-// https://bugzilla.mozilla.org/show_bug.cgi?id=333714
-// https://hg.mozilla.org/mozilla-central/rev/9d574c79405d
-defaultPref("browser.urlbar.clickSelectsAll", true);
-// -------------------------------------
-// Pref : Enable double click selects a string segment in URL bar
-// https://bugzilla.mozilla.org/show_bug.cgi?id=333714
-// https://hg.mozilla.org/mozilla-central/rev/9d574c79405d
-defaultPref("browser.urlbar.doubleClickSelectsAll", false);
-// -------------------------------------
-// Pref : Disable virtual reality devices APIs
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1602102
-// https://hg.mozilla.org/mozilla-central/rev/bb85b121d2ac
-lockPref("dom.vr.openvr.action_input", false);
-// -------------------------------------
-// Pref : Disable GeoIP-based search defaults
-// [NOTE] May not be hidden if Firefox has changed your settings due to your locale
-// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16206
-// https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_geolocation-for-default-search-engine
-// lockPref("browser.search.region", "US"); // [HIDDEN PREF]
-// -------------------------------------
-// FF76+
-// -------------------------------------
-// Pref : Decrease system information leakage to Mozilla blocklist update servers
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1618188
-// https://hg.mozilla.org/mozilla-central/rev/06ca3c111fc7
-lockPref("extensions.blocklist.url", "");
-// -------------------------------------
-// Pref : Disable app from auto-update
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1568994
-// https://hg.mozilla.org/mozilla-central/rev/12efcfc5555a
-// https://hg.mozilla.org/mozilla-central/rev/cd6bf21b54db
-lockPref("app.update.url", "");
-// -------------------------------------
-// Pref : Disable add-on and certificate blocklists (OneCRL) from Mozilla
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1618188
-// https://hg.mozilla.org/mozilla-central/rev/06ca3c111fc7
-lockPref("extensions.blocklist.useXML", false);
-// -------------------------------------
-// Pref : Disable predictor / prefetching
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1544868
-// https://hg.mozilla.org/mozilla-central/rev/3763471a8781
-lockPref("network.predictor.cleaned-up", true);
-// -------------------------------------
-// FF77+
-// -------------------------------------
-// Pref : Lock web content in file processes
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1603007
-// https://hg.mozilla.org/mozilla-central/rev/b25250e2c618
-lockPref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false);
-// -------------------------------------
-// Pref : Remove dom.registerProtocolHandler.insecure.enabled
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1597267
-// https://hg.mozilla.org/mozilla-central/rev/89f07125aee8
-lockPref("dom.registerProtocolHandler.insecure.enabled", false);
-// -------------------------------------
-// Pref : Disable about:addons Recommendations pane (uses Google Analytics)
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1620438
-// https://hg.mozilla.org/mozilla-central/rev/03da091fad18
-lockPref("extensions.webservice.discoverURL", "");
-// -------------------------------------
-// Pref : Disable about:logins (Firefox Lockwise)
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1569253
-// https://hg.mozilla.org/mozilla-central/rev/fbd06f30bb6d
-lockPref("signon.management.overrideURI", "");
-// -------------------------------------
-// FF78+
-// -------------------------------------
-// Pref : Disable autoplay of HTML5 media if you interacted with the site
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1509933
-// https://hg.mozilla.org/mozilla-central/rev/5b34a70e2378
-// https://hg.mozilla.org/mozilla-central/rev/95805db3a142
-lockPref("media.autoplay.enabled.user-gestures-needed", true);
-// -------------------------------------
-// Pref : Disable browser animations
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1640501
-// https://hg.mozilla.org/comm-central/rev/4d4bad93b27d
-lockPref("toolkit.cosmeticAnimations.enabled", false);
-// -------------------------------------
-// Pref : Control TLS versions with min and max
-// 1=TLS 1.0, 2=TLS 1.1, 3=TLS 1.2, 4=TLS 1.3
-// [WARNING] Leave these at default, otherwise you alter your TLS fingerprint.
-// Firefox telemetry (April 2020) shows only 0.25% of TLS web traffic uses 1.0 or 1.1
-// https://www.ssllabs.com/ssl-pulse/
-// lockPref("security.tls.version.min", 3);
-// lockPref("security.tls.version.max", 4);
-// -------------------------------------
-// Pref : Disable extension's report option in about:addons
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1614653
-// https://hg.mozilla.org/mozilla-central/rev/92e149d41267
-// https://hg.mozilla.org/mozilla-central/rev/682318515715
-lockPref("extensions.abuseReport.openDialog", false);
-// -------------------------------------
-// Pref : Disable using the OS's geolocation service
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1627538
-// https://hg.mozilla.org/mozilla-central/rev/710b5a3282f8
-lockPref("geo.provider-country.network.scan", false);
-lockPref("geo.provider-country.network.url", "");
-// -------------------------------------
-// FF79+
-// -------------------------------------