Update 'config/mozilla.cfg'

 Enforced fallback text encoding to match en-US
 Forced Encrypted Server Name Indication (eSNI) (for TLS 1.3 if TRR/DoH is enabled)
 Enabled (again) disk cache for SSL page - READ HERE
 (https://github.com/ghacksuserjs/ghacks-user.js/issues/792) Synced all the buildIDs with Tor's ones
️ Disabled remaining Activity Stream (order and Pocket)
️ Disabled more telemetry | FF70+
️ Disabled all the contentblocking reports
️ Disabled check route, IPv4 and IPv6, to akamaitechnologies.com | FF70+
️ Disabled new FF accounts and sync prefs | FF70+
️ Disabled more FF Lockwise prefs
️ Disabled cryptomining, fingerprinting and social TP's ping to Mozilla servers | FF70+
️ Disabled all the TP blocked elements by default
️ Disabled sensors.test.events | FF70+
ℹ️ Removed "Use APP locale over OS locale in regional preferences"
ℹ️ Reordered and renamed many prefs with better criteria
ℹ️ Removed all the http:// links
ℹ️ Removed ESR60.x support
ℹ️ Moved some preferences from FF70+ into deprecated section (keeping them active for ESR68.x)
This commit is contained in:
quindecim 2019-10-23 04:18:20 -04:00
parent 4128fbae83
commit 9db5f62550
1 changed files with 120 additions and 366 deletions

View File

@ -45,6 +45,8 @@ lockPref("browser.newtabpage.activity-stream.feeds.section.topstories.options",
lockPref("browser.newtabpage.activity-stream.section.highlights.includePocket", false); // [DESKTOP]
lockPref("browser.newtabpage.activity-stream.showSponsored", false); // [DESKTOP]
lockPref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", false); // [DESKTOP]
lockPref("browser.newtabpage.activity-stream.pocketCta", ""); // [DESKTOP]
lockPref("browser.newtabpage.activity-stream.sectionOrder", ""); // [DESKTOP]
// -------------------------------------
// Pref : Set Homepage
lockPref("browser.startup.homepage", "about:blank"); // [DESKTOP]
@ -89,8 +91,6 @@ lockPref("browser.newtabpage.activity-stream.section.highlights.includeDownloads
lockPref("browser.newtabpage.activity-stream.section.highlights.includeVisited", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable new tab tile ads & preload
// http://www.thewindowsclub.com/disable-remove-ad-tiles-from-firefox
// http://forums.mozillazine.org/viewtopic.php?p=13876331#p13876331
// https://wiki.mozilla.org/Tiles/Technical_Documentation#Ping
// https://gecko.readthedocs.org/en/latest/browser/browser/DirectoryLinksProvider.html#browser-newtabpage-directory-source
// https://gecko.readthedocs.org/en/latest/browser/browser/DirectoryLinksProvider.html#browser-newtabpage-directory-ping
@ -145,7 +145,6 @@ lockPref("services.sync.prefs.sync.accessibility.browsewithcaret", false); // [D
lockPref("services.sync.prefs.sync.accessibility.typeaheadfind", false); // [DESKTOP]
lockPref("services.sync.prefs.sync.accessibility.typeaheadfind.linksonly", false); // [DESKTOP]
lockPref("services.sync.prefs.sync.addons.ignoreUserEnabledChanges", true); // [DESKTOP]
lockPref("services.sync.prefs.sync.browser.contentblocking.enabled", false); // [DESKTOP]
lockPref("services.sync.prefs.sync.browser.ctrlTab.recentlyUsedOrder", false); // [DESKTOP]
lockPref("services.sync.prefs.sync.browser.download.useDownloadDir", false); // [DESKTOP]
lockPref("services.sync.prefs.sync.browser.formfill.enable", false); // [DESKTOP]
@ -217,9 +216,7 @@ lockPref("services.sync.prefs.sync.privacy.resistFingerprinting.reduceTimerPreci
lockPref("services.sync.prefs.sync.privacy.sanitize.sanitizeOnShutdown", false); // [DESKTOP]
lockPref("services.sync.prefs.sync.privacy.trackingprotection.enabled", false); // [DESKTOP]
lockPref("services.sync.prefs.sync.privacy.trackingprotection.pbmode.enabled", false); // [DESKTOP]
lockPref("services.sync.prefs.sync.privacy.trackingprotection.cryptomining.annotate.enabled", false); // [DESKTOP]
lockPref("services.sync.prefs.sync.privacy.trackingprotection.cryptomining.enabled", false); // [DESKTOP]
lockPref("services.sync.prefs.sync.privacy.trackingprotection.fingerprinting.annotate.enabled", false); // [DESKTOP]
lockPref("services.sync.prefs.sync.privacy.trackingprotection.fingerprinting.enabled", false); // [DESKTOP]
lockPref("services.sync.prefs.sync.media.autoplay.default", false); // [DESKTOP]
lockPref("services.sync.prefs.sync.security.OCSP.enabled", false); // [DESKTOP]
@ -309,6 +306,9 @@ lockPref("security.certerrors.recordEventTelemetry", false); // [DESKTOP]
lockPref("privacy.trackingprotection.origin_telemetry.enabled", false);
lockPref("telemetry.origin_telemetry_test_mode.enabled", false);
lockPref("toolkit.telemetry.ecosystemtelemetry.enabled", false); // [DESKTOP]
lockPref("security.protectionspopup.recordEventTelemetry", false); // [DESKTOP]
lockPref("toolkit.telemetry.geckoview.streaming", false);
lockPref("toolkit.telemetry.isGeckoViewMode", false);
// -------------------------------------
// Pref : Disable Telemetry Coverage
// https://blog.mozilla.org/data/2018/08/20/effectively-measuring-search-in-firefox/
@ -403,14 +403,27 @@ lockPref("extensions.abuseReport.url", "");
// https://groups.google.com/d/topic/mozilla.dev.platform/nyVkCx-_sFw/discussion
lockPref("loop.logDomains", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable contentblocking reportBreakage
lockPref("browser.contentblocking.reportBreakage.enabled", false); // [DESKTOP]
// Pref : Disable contentblocking reports
lockPref("browser.contentblocking.reportBreakage.url", ""); // [DESKTOP]
lockPref("browser.contentblocking.rejecttrackers.reportBreakage.enabled", false); // [DESKTOP]
lockPref("browser.contentblocking.report.cookie.url", ""); // [DESKTOP]
lockPref("browser.contentblocking.report.cryptominer.url", ""); // [DESKTOP]
lockPref("browser.contentblocking.report.fingerprinter.url", ""); // [DESKTOP]
lockPref("browser.contentblocking.report.lockwise.enabled", false); // [DESKTOP]
lockPref("browser.contentblocking.report.lockwise.how_it_works.url", ""); // [DESKTOP]
lockPref("browser.contentblocking.report.lockwise.url", ""); // [DESKTOP]
lockPref("browser.contentblocking.report.manage_devices.url", ""); // [DESKTOP]
lockPref("browser.contentblocking.report.monitor.enabled", false); // [DESKTOP]
lockPref("browser.contentblocking.report.monitor.how_it_works.url", ""); // [DESKTOP]
lockPref("browser.contentblocking.report.monitor.sign_in_url", ""); // [DESKTOP]
lockPref("browser.contentblocking.report.proxy.enabled", false); // [DESKTOP]
lockPref("browser.contentblocking.report.proxy_extension.url", ""); // [DESKTOP]
lockPref("browser.contentblocking.report.social.url", ""); // [DESKTOP]
lockPref("browser.contentblocking.report.tracker.url", ""); // [DESKTOP]
// -------------------------------------
// Pref : Disable send content blocking log to about:protections
// https://bugzilla.mozilla.org/show_bug.cgi?id=1549832
lockPref("browser.contentblocking.database.enabled", false); // [DESKTOP]
lockPref("browser.contentblocking.database.enabled", false);
// -------------------------------------
// Pref : Onboarding tour disable because of included telemetry
// [NOTE] This setting is just in case it comeback
@ -436,7 +449,6 @@ lockPref("extensions.screenshots.upload-disabled", true); // [DESKTOP]
// -------------------------------------
// Pref : Disable spellchecker functionality by default
// 0=none, 1-multi-line, 2=multi-line & single-line
// http://kb.mozillazine.org/Layout.spellcheckDefault
// https://support.mozilla.org/en-US/kb/how-do-i-use-firefox-spell-checker
defaultPref("layout.spellcheckDefault", 0); // [DESKTOP]
// -------------------------------------
@ -487,7 +499,9 @@ lockPref("accessibility.support.url", ""); // [DESKTOP]
lockPref("browser.dictionaries.download.url", ""); // [DESKTOP]
lockPref("browser.geolocation.warning.infoURL", ""); // [DESKTOP]
lockPref("browser.newtabpage.activity-stream.asrouter.providers.cfr", ""); // [DESKTOP]
lockPref("browser.newtabpage.activity-stream.asrouter.providers.cfr-fxa", ""); // [DESKTOP]
lockPref("browser.newtabpage.activity-stream.asrouter.providers.onboarding", ""); // [DESKTOP]
lockPref("browser.newtabpage.activity-stream.asrouter.providers.whats-new-panel", ""); // [DESKTOP]
lockPref("browser.newtabpage.activity-stream.fxaccounts.endpoint", ""); // [DESKTOP]
lockPref("browser.search.searchEnginesURL", ""); // [DESKTOP]
lockPref("extensions.getAddons.themes.browseURL", ""); // [DESKTOP]
@ -501,7 +515,9 @@ lockPref("startup.homepage_welcome_url", ""); // [DESKTOP]
lockPref("startup.homepage_welcome_url.additional", ""); // [DESKTOP]
lockPref("startup.homepage_override_url", ""); // [DESKTOP]
lockPref("browser.search.param.yahoo-fr", ""); // [DESKTOP]
lockPref("privacy.restrict3rdpartystorage.partitionedHosts", ""); // [DESKTOP]
lockPref("privacy.restrict3rdpartystorage.partitionedHosts", "");
lockPref("network.netlink.route.check.IPv4", "");
lockPref("network.netlink.route.check.IPv6", "");
// -------------------------------------
// Pref : Devtools cleanup
lockPref("devtools.devices.url", "");
@ -600,6 +616,8 @@ lockPref("identity.fxaccounts.migrateToDevEdition", false); // [DESKTOP]
lockPref("identity.fxaccounts.contextParam", ""); // [DESKTOP]
lockPref("identity.fxaccounts.commands.enabled", false); // [DESKTOP]
lockPref("identity.fxaccounts.autoconfig.uri", ""); // [DESKTOP]
lockPref("identity.fxaccounts.service.monitorLoginUrl", ""); // [DESKTOP]
lockPref("identity.fxaccounts.service.sendLoginUrl", ""); // [DESKTOP]
// -------------------------------------
// Pref : Disable snippets
lockPref("browser.snippets.enabled", false); // [FENNEC]
@ -611,10 +629,9 @@ lockPref("browser.snippets.syncPromo.enabled", false); // [FENNEC]
// -------------------------------------
// Pref : Disable Webextensions sync
lockPref("webextensions.storage.sync.enabled", false); // [DESKTOP]
lockPref("webextensions.storage.sync.serverURL", ""); // [DESKTOP]
lockPref("webextensions.storage.sync.serverURL", "");
// -------------------------------------
// Pref : Force Punycode for Internationalized Domain Names
// http://kb.mozillazine.org/Network.IDN_show_punycode
// https://www.xudongz.com/blog/2017/idn-phishing/
// https://wiki.mozilla.org/IDN_Display_Algorithm
// https://en.wikipedia.org/wiki/IDN_homograph_attack
@ -626,7 +643,6 @@ lockPref("network.IDN_show_punycode", true);
lockPref("browser.pagethumbnails.capturing_disabled", true); // [HIDDEN PREF]
// -------------------------------------
// Pref : Do not automatically send selection to clipboard on Linux and some UNIX-like platforms
// http://kb.mozillazine.org/Clipboard.autocopy
defaultPref("clipboard.autocopy", false);
// -------------------------------------
// Pref : Disable "beacon" asynchronous HTTP transfers (used for analytics)
@ -651,7 +667,6 @@ lockPref("browser.search.geoSpecificDefaults", false);
lockPref("network.manage-offline-status", false); // [DEFAULT: true]
// -------------------------------------
// Pref : Set File URI Origin Policy
// http://kb.mozillazine.org/Security.fileuri.strict_origin_policy
lockPref("security.fileuri.strict_origin_policy", true);
// -------------------------------------
// Pref : Disable SVG in OpenType fonts
@ -660,8 +675,6 @@ lockPref("security.fileuri.strict_origin_policy", true);
lockPref("gfx.font_rendering.opentype_svg.enabled", false);
// -------------------------------------
// Pref : Ensure you have a security delay when installing add-ons (milliseconds)
// http://kb.mozillazine.org/Disable_extension_install_delay_-_Firefox
// http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/
lockPref("security.dialog_enable_delay", 700);
// -------------------------------------
// Pref : Disable WebIDE to prevent remote debugging and ADB extension download
@ -693,7 +706,7 @@ lockPref("browser.helperApps.deleteTempFileOnExit", true);
defaultPref("devtools.chrome.enabled", false);
// -------------------------------------
// Pref : Disable MathML (Mathematical Markup Language)
// [TEST] http://browserspy.dk/mathml.php
// [TEST] https://browserleaks.com/features - look for Modernizr.mathml
// https://bugzilla.mozilla.org/1173199
lockPref("mathml.disabled", true);
// -------------------------------------
@ -704,7 +717,6 @@ lockPref("middlemouse.paste", false);
// -------------------------------------
// Pref : Disable middle mouse click opening links from clipboard
// https://trac.torproject.org/projects/tor/ticket/10089
// http://kb.mozillazine.org/Middlemouse.contentLoadURL
lockPref("middlemouse.contentLoadURL", false);
// -------------------------------------
// Pref : Limit HTTP redirects (this does not control redirects with HTML meta tags or JS)
@ -723,7 +735,7 @@ lockPref("browser.download.folderList", 2);
// -------------------------------------
// Pref : Enforce user interaction for security by always asking the user where to download
// [FENNEC] Fix for images not downloading
defaultPref("browser.download.useDownloadDir", true);
defaultPref("browser.download.useDownloadDir", false);
// -------------------------------------
// Pref : Disable adding downloads to the system's "recent documents" list
lockPref("browser.download.manager.addToRecentDocs", false);
@ -755,9 +767,6 @@ defaultPref("security.csp.enable", true); // [DEFAULT: true]
lockPref("security.data_uri.block_toplevel_data_uri_navigations", true); // [DEFAULT: true]
// -------------------------------------
// Pref : Enable only whitelisted URL protocol handlers
// http://kb.mozillazine.org/Network.protocol-handler.external-default
// http://kb.mozillazine.org/Network.protocol-handler.warn-external-default
// http://kb.mozillazine.org/Network.protocol-handler.expose.%28protocol%29
// https://news.ycombinator.com/item?id=13047883
// https://bugzilla.mozilla.org/show_bug.cgi?id=167475
// https://github.com/pyllyukko/user.js/pull/285#issuecomment-298124005
@ -816,7 +825,6 @@ lockPref("extensions.pocket.site", ""); // [DESKTOP]
lockPref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable Displaying Javascript in History URLs
// http://kb.mozillazine.org/Browser.urlbar.filter.javascript
lockPref("browser.urlbar.filter.javascript", true); // [DESKTOP]
// -------------------------------------
// Pref : Disable Firefox's built-in PDF reader
@ -859,7 +867,7 @@ lockPref("dom.ipc.processPriorityManager.enabled", true); // [DESKTOP] // [TEST]
// Pref : Disable service workers
// Service workers essentially act as proxy servers that sit between web apps, and the browser and network, are event driven, and can control the web page/site it is associated with, intercepting and modifying navigation and resource requests, and caching resources.
// [NOTE] Service worker APIs are hidden (in Firefox) and cannot be used when in PB mode.
// [NOTE] Service workers only run over HTTPS. Service Workers have no DOM access.
// [NOTE] Service workers only run over HTTPS. Service workers have no DOM access.
lockPref("dom.serviceWorkers.enabled", false);
// -------------------------------------
// Pref : Disable push service
@ -868,6 +876,7 @@ lockPref("dom.push.enabled", false);
lockPref("dom.push.serverURL", "");
// -------------------------------------
// Pref : Disable web notifications
// [NOTE] Web Notifications can also use service workers and are behind a prompt
// https://developer.mozilla.org/docs/Web/API/Notifications_API
lockPref("notification.feature.enabled", false); // [FENNEC]
lockPref("dom.webnotifications.enabled", false);
@ -914,7 +923,6 @@ lockPref("dom.vibrator.enabled", false);
// lockPref("dom.allow_cut_copy", false);
// -------------------------------------
// Pref : Disable asm.js
// http://asmjs.org/
// https://www.mozilla.org/security/advisories/mfsa2015-29/
// https://www.mozilla.org/security/advisories/mfsa2015-50/
// https://www.mozilla.org/security/advisories/mfsa2017-01/#CVE-2017-5375
@ -954,13 +962,13 @@ lockPref("javascript.options.shared_memory", false); // [DEFAULT: false]
lockPref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: false]
// -------------------------------------
// Pref : Don't reveal build ID
// Value taken from Tor Browser
// Value taken from Tor Browser for Desktop
// https://bugzilla.mozilla.org/show_bug.cgi?id=583181
lockPref("general.buildID.override", "20100101");
lockPref("browser.startup.homepage_override.buildID", "20190307050101");
lockPref("media.gmp-manager.buildID", "20190307050101"); // [DESKTOP]
lockPref("extensions.lastAppBuildID", "20190307050101");
lockPref("browser.startup.homepage_override.buildID", "20190402010101");
lockPref("extensions.lastAppBuildId", "20190402010101");
lockPref("media.gmp-manager.buildID", "20190402010101");
lockPref("browser.sessionstore.upgradeBackup.latestBuildID", ""); // [DESKTOP]
lockPref("general.buildID.override", "20100101");
// -------------------------------------
// Pref : Disable raw TCP socket support (mozTCPSocket)
// https://trac.torproject.org/projects/tor/ticket/18863
@ -984,7 +992,6 @@ lockPref("media.peerconnection.identity.enabled", false);
lockPref("media.peerconnection.turn.disable", true);
lockPref("media.peerconnection.ice.tcp", false);
lockPref("media.peerconnection.video.enabled", false);
// lockPref("media.peerconnection.identity.timeout", 0);
// -------------------------------------
// Pref : Disable WebGL I/II
// [WARNING] WebGL introduce high fingerprinting... (webgl is direct hardware js)
@ -1029,6 +1036,7 @@ lockPref("gfx.offscreencanvas.enabled", false); // [DEFAULT: false]
// 0=Allow all, 1=Block non-muted media, 5=Block all
// [NOTE] You can set exceptions under site permissions
lockPref("media.autoplay.default", 5);
lockPref("media.autoplay.allow-muted", false);
lockPref("media.autoplay.block-event.enabled", true); // [DEFAULT: false]
lockPref("media.autoplay.block-webaudio", true); // [DEFAULT: false]
// -------------------------------------
@ -1043,11 +1051,9 @@ lockPref("media.block-autoplay-until-in-foreground", true); // [DEFAULT: true]
// Section : Location Bar / Search Bar / Suggestions / History / Forms
// >>>>>>>>>>>>>>>>>>>>
// Pref : Do not submit invalid URIs entered in the address bar to the default search engine
// http://kb.mozillazine.org/Keyword.enabled
lockPref("keyword.enabled", true); // [DEFAULT: true]
// -------------------------------------
// Pref : Don't try to guess domain names when entering an invalid domain name in URL bar
// http://www-archive.mozilla.org/docs/end-user/domain-guessing.html
lockPref("browser.fixup.alternate.enabled", false);
// -------------------------------------
// Pref : Don't trim HTTP off of URLs in the address bar
@ -1059,16 +1065,15 @@ lockPref("browser.urlbar.trimURLs", false);
// Minimum=1=currentpage, 2 is the recommended minimum as some pages use it as a means of referral (e.g. hotlinking), 4 or 6 or 10 may be more practical
lockPref("browser.sessionhistory.max_entries", 20); // [DEFAULT: 50]
// -------------------------------------
// Pref : Disable CSS querying page history - CSS history leak
// Pref : Disable coloring of visited links - CSS history leak
// [NOTE] This has NEVER been fully "resolved": in Mozilla/docs it is stated it's only in 'certain circumstances'
// [TEST] http://lcamtuf.coredump.cx/yahh/ (see github wiki APPENDIX C on how to use)
// [TEST] https://earthlng.github.io/testpages/visited_links.html (see github wiki APPENDIX C on how to use)
// https://dbaron.org/mozilla/visited-privacy
// https://bugzilla.mozilla.org/147777
// https://developer.mozilla.org/docs/Web/CSS/Privacy_and_the_:visited_selector
lockPref("layout.css.visited_links_enabled", false);
// -------------------------------------
// Pref : Disable search suggestions in the search bar
// http://kb.mozillazine.org/Browser.search.suggest.enabled
lockPref("browser.search.suggest.enabled", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable "Show search suggestions in location bar results"
@ -1215,28 +1220,28 @@ lockPref("security.certerror.hideAddException", true); // [DESKTOP]
// In case of a crash, we don't want to prompt for a safe-mode browser that has extensions disabled.
// https://support.mozilla.org/en-US/questions/951221#answer-410562
lockPref("toolkit.startup.max_resumed_crashes", -1); // [DESKTOP]
// -------------------------------------
// Pref : Force Encrypted Server Name Indication (eSNI) for TLS 1.3 if TRR/DoH is enabled
// [NOTE] I don't encourage DoH (but it is a useful and valid mechanism for those who need it)
lockPref("network.security.esni.enabled", true);
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Block Implicit Outbound
// >>>>>>>>>>>>>>>>>>>>
// Pref : Disable prefetching of <link rel="next"> URLs
// Link prefetching is when a webpage hints to the browser that certain pages are likely to be visited, so the browser downloads them immediately so they can be displayed immediately when the user requests it.
// http://kb.mozillazine.org/Network.prefetch-next
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Link_prefetching_FAQ#Is_there_a_preference_to_disable_link_prefetching.3F
lockPref("network.prefetch-next", false);
// -------------------------------------
// Pref : Disable DNS prefetching
// http://kb.mozillazine.org/Network.dns.disablePrefetch
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Controlling_DNS_prefetching
lockPref("network.dns.disablePrefetch", true);
lockPref("network.dns.disablePrefetchFromHTTPS", true); // [HIDDEN PREF]
// -------------------------------------
// Pref : Disable pinging URIs specified in HTML <a> ping= attributes
// http://kb.mozillazine.org/Browser.send_pings
lockPref("browser.send_pings", false);
// -------------------------------------
// Pref : When browser pings are enabled, only allow pinging the same host as the origin page
// http://kb.mozillazine.org/Browser.send_pings.require_same_host
lockPref("browser.send_pings.require_same_host", true);
// -------------------------------------
// Pref : Disable speculative pre-connections
@ -1271,7 +1276,6 @@ lockPref("network.dns.disableIPv6", true);
// -------------------------------------
// Pref : Enforce the proxy server to do any DNS lookups when using SOCKS
// e.g. in Tor, this stops your local DNS server from knowing your Tor destination as a remote Tor node will handle the DNS request
// http://kb.mozillazine.org/Network.proxy.socks_remote_dns
// https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/WebBrowsers
defaultPref("network.proxy.socks_remote_dns", true);
// -------------------------------------
@ -1281,7 +1285,7 @@ defaultPref("network.proxy.autoconfig_url.include_path", false); // [DEFAULT: fa
// -------------------------------------
// Pref : Disable (or setup) DNS-over-HTTPS (DoH)
// TRR = Trusted Recursive Resolver
// .mode: 0=off, 1=race, 2=TRR first, 3=TRR only, 4=race for stats, but always use native result
// 0=off by default, 1=race, 2=TRR first, 3=TRR only, 4=race for stats, but always use native result, 5=explicitly off
// [WARNING] DoH bypasses hosts and gives info to yet another party (e.g. Cloudflare)
// [BUG] This seem to disable socks_remote_dns ?! need to check with wireshark
// If true, just settings urls to null should be enough to disable without impacting socks_remote_dns.
@ -1325,7 +1329,6 @@ lockPref("security.ssl.require_safe_negotiation", true);
// Pref : Control TLS versions with min and max
// 1=TLS 1.0, 2=TLS 1.1, 3=TLS 1.2, 4=TLS 1.3
// [NOTE] Jul-2017: Telemetry indicates approx 2% of TLS web traffic uses 1.0 or 1.1
// http://kb.mozillazine.org/Security.tls.version.*
// https://www.ssl.com/how-to/turn-off-ssl-3-0-and-tls-1-0-in-your-browser/
// archived: https://archive.is/hY2Mm
lockPref("security.tls.version.min", 3);
@ -1415,7 +1418,7 @@ lockPref("security.mixed_content.block_object_subrequest", true);
// -------------------------------------
// Pref : Disable 3DES (effective key size < 128)
// https://en.wikipedia.org/wiki/3des#Security
// http://en.citizendium.org/wiki/Meet-in-the-middle_attack
// https://en.wikipedia.org/wiki/Meet-in-the-middle_attack
// https://www-archive.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html
lockPref("security.ssl3.rsa_des_ede3_sha", false);
lockPref("security.ssl3.dhe_dss_des_ede3_sha", false); // [DESKTOP]
@ -1509,7 +1512,6 @@ lockPref("security.ssl.treat_unsafe_negotiation_as_broken", true);
// -------------------------------------
// Pref : Control "Add Security Exception" dialog on SSL warnings
// 0=do neither 1=pre-populate url 2=pre-populate url + pre-fetch cert (default)
// http://kb.mozillazine.org/Browser.ssl_override_behavior
// https://github.com/pyllyukko/user.js/issues/210
lockPref("browser.ssl_override_behavior", 1);
// -------------------------------------
@ -1560,8 +1562,12 @@ lockPref("privacy.firstparty.isolate.restrict_opener_access", true);
// https://lockwise.firefox.com/
// https://support.mozilla.org/en-US/kb/firefox-lockwise-managing-account-data
lockPref("signon.management.page.enabled", false); // [DESKTOP]
lockPref("signon.management.page.faqURL", ""); // [DESKTOP]
lockPref("signon.management.page.feedbackURL", ""); // [DESKTOP]
lockPref("signon.management.overrideURI", ""); // [DESKTOP]
lockPref("signon.management.page.breach-alerts.enabled", false); // [DESKTOP]
lockPref("signon.management.page.breachAlertUrl", ""); // [DESKTOP]
lockPref("signon.management.page.hideMobileFooter", true); // [DESKTOP]
lockPref("signon.management.page.mobileAndroidURL", ""); // [DESKTOP]
lockPref("signon.management.page.mobileAppleURL", ""); // [DESKTOP]
// -------------------------------------
// Pref : Disable autofilling saved passwords on HTTP pages and show warning
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1217152,1319119
@ -1591,9 +1597,8 @@ lockPref("security.ask_for_password", 2);
lockPref("security.password_lifetime", 1); // [DEFAULT: 30]
// -------------------------------------
// Pref : Disable auto-filling username & password form fields
// Can leak in cross-site forms AND be spoofed.
// [NOTE] Password will still be auto-filled after a user name is manually entered
// http://kb.mozillazine.org/Signon.autofillForms
// Can leak in cross-site forms and be spoofed
// NOTE] Username & password is still available when you enter the field
lockPref("signon.autofillForms", false);
lockPref("signon.autofillForms.autocompleteOff", true);
// -------------------------------------
@ -1627,7 +1632,6 @@ defaultPref("signon.generation.enabled", false);
// Section : Window Meddling & Leaks / Popups
// >>>>>>>>>>>>>>>>>>>>
// Pref : Prevent websites from disabling new window features
// http://kb.mozillazine.org/Prevent_websites_from_disabling_new_window_features
lockPref("dom.disable_window_open_feature.close", true); // [DEFAULT: false]
lockPref("dom.disable_window_open_feature.location", true); // [DEFAULT: false]
lockPref("dom.disable_window_open_feature.menubar", true); // [DEFAULT: false]
@ -1660,11 +1664,9 @@ lockPref("privacy.popups.showBrowserMessage", true); // [DEFAULT: true]
// -------------------------------------
// Pref : Set max popups from a single non-click event
// [NOTE] Non-click events should never spawn a popup?
// http://kb.mozillazine.org/Dom.popup_maximum
lockPref("dom.popup_maximum", 0); // [DEFAULT: 20]
// -------------------------------------
// Pref : Limit events that can cause a popup
// http://kb.mozillazine.org/Dom.popup_allowed_events
lockPref("dom.popup_allowed_events", "click dblclick"); // [DEFAULT: "change click dblclick auxclick mouseup pointerup notificationclick reset submit touchend"]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
@ -1682,12 +1684,7 @@ lockPref("browser.cache.disk.enable", false);
lockPref("browser.cache.disk.smart_size.enabled", false);
lockPref("browser.cache.disk.smart_size.first_run", false);
// -------------------------------------
// Pref : Disable disk cache for SSL pages
// http://kb.mozillazine.org/Browser.cache.disk_cache_ssl
lockPref("browser.cache.disk_cache_ssl", false);
// -------------------------------------
// Pref : Disable memory cache
// [NOTE] Not recommended due to performance issues
// lockPref("browser.cache.memory.enable", false);
// lockPref("browser.cache.memory.capacity", 0);
// -------------------------------------
@ -1695,7 +1692,6 @@ lockPref("browser.cache.disk_cache_ssl", false);
// To improve performance when pressing back/forward Firefox stores visited pages so they don't have to be re-parsed. This is not the same as memory cache.
// 0=none, -1=auto (that's minus 1).
// [WARNING] Not recommended unless you know what you're doing
// http://kb.mozillazine.org/Browser.sessionhistory.max_total_viewers
// lockPref("browser.sessionhistory.max_total_viewers", 0);
// -------------------------------------
// Pref : Exclude "Undo Closed Tabs" in Session Restore
@ -1745,7 +1741,7 @@ lockPref("security.insecure_password.ui.enabled", true); // [DESKTOP]
lockPref("toolkit.winRegisterApplicationRestart", false); // [WINDOWS] // [DESKTOP]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Geolocation
// Section : Geolocation / Language / Locale
// >>>>>>>>>>>>>>>>>>>>
// Pref : Disable geolocation
lockPref("geo.enabled", false);
@ -1758,13 +1754,9 @@ lockPref("browser.search.geoip.url", "");
lockPref("browser.search.geoSpecificDefaults.url", "");
lockPref("browser.snippets.geoUrl", "");
// -------------------------------------
// Pref : Set Accept-Language HTTP header
// Pref : Set preferred language for displaying web pages
defaultPref("intl.accept_languages", "en-US, en");
// -------------------------------------
// Pref : Use APP locale over OS locale in regional preferences
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1379420,1364789
lockPref("intl.regional_prefs.use_os_locales", false);
// -------------------------------------
// Pref : Enforce US English locale regardless of the system locale
// https://bugzilla.mozilla.org/867501
lockPref("javascript.use_us_english_locale", true); // [HIDDEN PREF]
@ -1777,6 +1769,12 @@ lockPref("geo.wifi.uri", ""); // [DESKTOP]
// -------------------------------------
// Pref : Disable logging geolocation to the console
lockPref("geo.wifi.logging.enabled", false); // [HIDDEN PREF] // [DESKTOP]
// -------------------------------------
// Pref : Enforce fallback text encoding to match en-US
// When the content or server doesn't declare a charset the browser will fallback to the "Current locale" based on your application language
// [TEST] https://hsivonen.com/test/moz/check-charset.htm
// https://trac.torproject.org/projects/tor/ticket/20025
lockPref("intl.charset.fallback.override", "windows-1252");
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Fonts
@ -1808,7 +1806,6 @@ lockPref("font.name.monospace.x-western", "Lucida Console"); // [DEFAULT: Courie
defaultPref("layout.css.font-loading-api.enabled", false);
// -------------------------------------
// Pref : Disable special underline handling for a few fonts which you will probably never use
// http://kb.mozillazine.org/Font.blacklist.underline_offset
// https://github.com/ghacksuserjs/ghacks-user.js/issues/744
// lockPref("font.blacklist.underline_offset", "");
// -------------------------------------
@ -1892,8 +1889,6 @@ lockPref("shumway.disabled", true); // [DESKTOP]
// https://wiki.mozilla.org/Security/Safe_Browsing
// https://wiki.mozilla.org/Blocklisting
// https://blocked.cdn.mozilla.net/
// http://kb.mozillazine.org/Extensions.blocklist.enabled
// http://kb.mozillazine.org/Extensions.blocklist.url
// https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl/
lockPref("services.blocklist.update_enabled", false); // [DESKTOP]
lockPref("services.blocklist.plugins.signer", "");
@ -2006,7 +2001,6 @@ lockPref("privacy.trackingprotection.lower_network_priority", false);
// Pref : Disable passive Tracking Protection in all windows
lockPref("privacy.trackingprotection.enabled", false);
lockPref("privacy.trackingprotection.pbmode.enabled", false);
lockPref("privacy.trackingprotection.introURL", ""); // [DESKTOP]
// -------------------------------------
// Pref : Disable cryptomining trackingprotection
// [NOTE] uBlock is far superior and you can customize the lists as you wish
@ -2015,10 +2009,11 @@ lockPref("privacy.trackingprotection.introURL", ""); // [DESKTOP]
// https://github.com/theel0ja/firefox-recommendations/blob/master/README.md
// https://github.com/hoshsadiq/adblock-nocoin-list
lockPref("browser.contentblocking.cryptomining.preferences.ui.enabled", false); // [DESKTOP]
lockPref("privacy.trackingprotection.cryptomining.annotate.enabled", false);
lockPref("privacy.trackingprotection.cryptomining.enabled", false);
lockPref("urlclassifier.features.cryptomining.blacklistTables", "");
lockPref("urlclassifier.features.cryptomining.whitelistTables", "");
lockPref("urlclassifier.features.cryptomining.annotate.whitelistTables", "");
lockPref("urlclassifier.features.cryptomining.annotate.blacklistTables", "");
// -------------------------------------
// Pref : Disable fingerprinting trackingprotection
// [NOTE] uBlock is far superior and you can customize the lists as you wish
@ -2026,24 +2021,33 @@ lockPref("urlclassifier.features.cryptomining.whitelistTables", "");
// https://github.com/AdroitAdorKhan/EnergizedProtection
// https://github.com/theel0ja/firefox-recommendations/blob/master/README.md
lockPref("browser.contentblocking.fingerprinting.preferences.ui.enabled", false); // [DESKTOP]
lockPref("privacy.trackingprotection.fingerprinting.annotate.enabled", false);
lockPref("privacy.trackingprotection.fingerprinting.enabled", false);
lockPref("urlclassifier.features.fingerprinting.blacklistTables", "");
lockPref("urlclassifier.features.fingerprinting.whitelistTables", "");
lockPref("urlclassifier.features.fingerprinting.annotate.whitelistTables", "");
lockPref("urlclassifier.features.fingerprinting.annotate.blacklistTables", "");
// -------------------------------------
// Pref : Disable social trackingprotection
// [NOTE] uBlock is far superior and you can customize the lists as you wish
// https://m.wiki.mozilla.org/Security/Tracking_protection#Lists
// https://github.com/AdroitAdorKhan/EnergizedProtection
// https://github.com/theel0ja/firefox-recommendations/blob/master/README.md
lockPref("privacy.trackingprotection.socialtracking.annotate.enabled", false);
lockPref("privacy.trackingprotection.socialtracking.enabled", false);
lockPref("urlclassifier.features.socialtracking.blacklistTables", "");
lockPref("urlclassifier.features.socialtracking.whitelistTables", "");
lockPref("urlclassifier.features.socialtracking.annotate.whitelistTables", "");
lockPref("urlclassifier.features.socialtracking.annotate.blacklistTables", "");
lockPref("privacy.socialtracking.block_cookies.enabled", false); // [DESKTOP]
lockPref("privacy.socialtracking.notification.enabled", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable PingCentre telemetry (used in several System Add-ons)
// Currently blocked by 'datareporting.healthreport.uploadEnabled'
lockPref("browser.ping-centre.telemetry", false); // [DESKTOP]
lockPref("browser.ping-centre.production.endpoint", ""); // [DESKTOP]
lockPref("browser.ping-centre.staging.endpoint", ""); // [DESKTOP]
// -------------------------------------
// Pref : Disable all the trackingprotection blocked elements by default
lockPref("browser.contentblocking.features.strict", ""); // [DESKTOP]
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : System add-ons / Experiments
@ -2089,14 +2093,12 @@ lockPref("extensions.formautofill.heuristics.enabled", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable 3rd-party cookies and site-data
// 0=(Allow) cookies and site data, 1=(Block) All third-party cookies, 2=(Block) All cookies, 3=(Block) Cookies from unvisited sites, 4=(Block) Third-party trackers
// [NOTE] Value 4 is tied to the Tracking Protection lists
// [NOTE] Can breaks payment gateways
defaultPref("network.cookie.cookieBehavior", 1);
// -------------------------------------
// Pref : Set third-party cookies (i.e ALL) (if enabled) to session-only and set third-party non-secure (i.e HTTP) cookies to session-only
// [NOTE] .sessionOnly overrides .nonsecureSessionOnly except when .sessionOnly=false and .nonsecureSessionOnly=true. This allows you to keep HTTPS cookies, but session-only HTTP ones
// https://feeding.cloud.geek.nz/posts/tweaking-cookies-for-privacy-in-firefox/
// http://kb.mozillazine.org/Network.cookie.thirdparty.sessionOnly
lockPref("network.cookie.thirdparty.sessionOnly", true);
lockPref("network.cookie.thirdparty.nonsecureSessionOnly", true);
// -------------------------------------
@ -2119,7 +2121,6 @@ lockPref("network.cookie.same-site.enabled", true); // [DEFAULT: true]
// https://developer.mozilla.org/en-US/docs/IndexedDB
// https://en.wikipedia.org/wiki/Indexed_Database_API
// https://wiki.mozilla.org/Security/Reviews/Firefox4/IndexedDB_Security_Review
// http://forums.mozillazine.org/viewtopic.php?p=13842047
// https://github.com/pyllyukko/user.js/issues/8
// https://github.com/ghacksuserjs/ghacks-user.js/issues/80#issuecomment-294178018
// https://superuser.com/questions/1250944/how-can-this-website-reidentify-me-even-after-deleting-all-of-my-browsers-histo
@ -2127,7 +2128,6 @@ lockPref("network.cookie.same-site.enabled", true); // [DEFAULT: true]
// lockPref("dom.indexedDB.enabled", false); // [DEFAULT: true]
// -------------------------------------
// Pref : Do not download URLs for the offline cache
// http://kb.mozillazine.org/Browser.cache.offline.enable
lockPref("browser.cache.offline.enable", false);
lockPref("browser.cache.offline.capacity", 0);
// -------------------------------------
@ -2136,7 +2136,6 @@ lockPref("browser.cache.offline.capacity", 0);
lockPref("browser.cache.offline.insecure.enable", false);
// -------------------------------------
// Pref : Display a notification bar when websites offer data for offline use
// http://kb.mozillazine.org/Browser.offline-apps.notify
lockPref("browser.offline-apps.notify", false); // [DEFAULT: true]
// -------------------------------------
// Pref : Disable service workers cache and cache storage
@ -2293,6 +2292,7 @@ lockPref("device.sensors.ambientLight.enabled", false); // [DEFAULT: false]
lockPref("device.sensors.motion.enabled", false); // [DEFAULT: true]
lockPref("device.sensors.orientation.enabled", false); // [DEFAULT: true]
lockPref("device.sensors.proximity.enabled", false); // [DEFAULT: false]
lockPref("device.sensors.test.events", false); // [DEFAULT: false]
// -------------------------------------
// Pref : Disable gamepad API - USB device ID enumeration
// Optional protection depending on your connected devices
@ -2404,9 +2404,6 @@ lockPref("dom.network.enabled", false); // [DESKTOP]
// Pref : Disable third-party cookie UI
lockPref("browser.contentblocking.rejecttrackers.ui.enabled", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable tracking protection UI list editing under url bar popup
lockPref("browser.contentblocking.trackingprotection.control-center.ui.enabled", false); // [DESKTOP]
// -------------------------------------
// Pref : Disable tracking protection UI list editing under preferences
lockPref("browser.contentblocking.trackingprotection.ui.enabled", false); // [DESKTOP]
// -------------------------------------
@ -2425,13 +2422,12 @@ defaultPref("toolkit.cosmeticAnimations.enabled", false); // [DESKTOP]
defaultPref("browser.ui.zoom.force-user-scalable", true); // [DEFAULT: false]
// -------------------------------------
// Pref : Disable inline autocomplete in URL bar
// http://kb.mozillazine.org/Inline_autocomplete
// https://support.mozilla.org/en-US/kb/address-bar-autocomplete-firefox#w_url-autocomplete
defaultPref("browser.urlbar.autoFill", false); // [DESKTOP]
defaultPref("browser.urlbar.autoFill.typed", false); // [DESKTOP]
// -------------------------------------
// Pref : Set bookmarks backups
// To compensate for the case of bookmarks being lost due to a system crash.
// http://kb.mozillazine.org/Browser.bookmarks.max_backups
lockPref("browser.bookmarks.max_backups", 0); // [DEFAULT: 5]
// -------------------------------------
// Pref : Set home provider syncing only on wifi
@ -2468,288 +2464,6 @@ defaultPref("browser.urlbar.doubleClickSelectsAll", false); // [DESKTOP]
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Deprecated / Removed / Legacy / Renamed
// >>>>>>>>>>>>>>>>>>>>
// ESR60.x still uses all the following prefs
// -------------------------------------
// FF52+
// -------------------------------------
// Pref : Disable telephony API
// https://wiki.mozilla.org/WebAPI/Security/WebTelephony
lockPref("dom.telephony.enabled", false);
// -------------------------------------
// Pref : Disable Adobe Primetime
lockPref("media.gmp-eme-adobe.enabled", false);
lockPref("media.gmp-eme-adobe.visible", false);
// -------------------------------------
// FF53+
// -------------------------------------
// Pref : Disable RC4
// https://bugzilla.mozilla.org/show_bug.cgi?id=1130670
// https://hg.mozilla.org/mozilla-central/rev/1f7832017dbb
lockPref("security.tls.unrestricted_rc4_fallback", false);
// -------------------------------------
// FF54+
// -------------------------------------
// Pref : Disable Archive API
// https://bugzilla.mozilla.org/show_bug.cgi?id=1342361
// https://hg.mozilla.org/mozilla-central/rev/fe12200aa33a
lockPref("dom.archivereader.enabled", false);
// -------------------------------------
// FF55+
// -------------------------------------
// Pref : Disable Heartbeat (Mozilla user rating telemetry)
// https://bugzilla.mozilla.org/show_bug.cgi?id=1361578
// https://hg.mozilla.org/mozilla-central/rev/5a8f2dcbeac0
lockPref("browser.selfsupport.enabled", false);
lockPref("browser.selfsupport.url", "");
// -------------------------------------
// FF57+
// -------------------------------------
// Pref : Disable SSDP (Simple Service Discovery Protocol)
// https://bugzilla.mozilla.org/show_bug.cgi?id=1393582
// https://hg.mozilla.org/mozilla-central/rev/bf7793529f82
lockPref("browser.casting.enabled", false);
// -------------------------------------
// Pref : Disable WebIDE to prevent remote debugging and ADB extension download
// https://bugzilla.mozilla.org/show_bug.cgi?id=1393497
// https://hg.mozilla.org/mozilla-central/rev/9815926c3bc1
lockPref("devtools.webide.autoinstallFxdtAdapters", false);
// -------------------------------------
// Pref : Disable social integration with FF
// https://bugzilla.mozilla.org/show_bug.cgi?id=1406193
// https://hg.mozilla.org/mozilla-central/rev/125a67a1750f
lockPref("social.directories", "");
lockPref("social.remote-install.enabled", false);
lockPref("social.whitelist", "");
// -------------------------------------
// FF58+
// -------------------------------------
// Pref : Disable backlogged Crash Reports
// https://bugzilla.mozilla.org/show_bug.cgi?id=1424373
// https://hg.mozilla.org/releases/mozilla-esr52/rev/292a2d5bcb1f4a07e875b0b60a925f31992e898f
// https://hg.mozilla.org/releases/mozilla-esr52/rev/19ea736e7e3d20555ee6633b9d7803c1225979e1
lockPref("browser.crashReports.unsubmittedCheck.autoSubmit", false);
// -------------------------------------
// FF59+
// -------------------------------------
// Pref : Devtools cleanup
// https://bugzilla.mozilla.org/show_bug.cgi?id=1416703
// https://hg.mozilla.org/mozilla-central/rev/cf62d0c0ce5a
lockPref("devtools.telemetry.supported_performance_marks", "");
// -------------------------------------
// Pref : Disable face detection
// https://bugzilla.mozilla.org/show_bug.cgi?id=1416703
// https://hg.mozilla.org/integration/mozilla-inbound/rev/27b171e4cd2d1d51e95df1bfb6fc567500b6284d
lockPref("camera.control.face_detection.enabled", false);
// -------------------------------------
// Pref : Disable FlyWeb (discovery of LAN/proximity IoT devices that expose a Web interface)
// https://bugzilla.mozilla.org/show_bug.cgi?id=1374574
// https://hg.mozilla.org/mozilla-central/rev/07ca590ac669
// https://hg.mozilla.org/mozilla-central/rev/ff75ef015293
// https://hg.mozilla.org/mozilla-central/rev/5a8a3d887e19
lockPref("dom.flyweb.enabled", false);
// -------------------------------------
// Pref : Disable Scripting of Plugins by JavaScript
// https://bugzilla.mozilla.org/show_bug.cgi?id=1416703
// https://hg.mozilla.org/mozilla-central/rev/eb9c29a3067d
lockPref("security.xpconnect.plugin.unrestricted", false);
// -------------------------------------
// FF60+
// -------------------------------------
// Pref : Disable Activity Stream
// https://bugzilla.mozilla.org/show_bug.cgi?id=1433324
// https://hg.mozilla.org/mozilla-central/rev/f3069763fab6
// https://hg.mozilla.org/mozilla-central/rev/088e727e5cf7
lockPref("browser.newtabpage.activity-stream.enabled", false);
// -------------------------------------
// Pref : Disable new tab tile ads & preload
// https://bugzilla.mozilla.org/show_bug.cgi?id=1433324
// https://bugzilla.mozilla.org/show_bug.cgi?id=1433133
// https://bugzilla.mozilla.org/show_bug.cgi?id=1370930
// https://hg.mozilla.org/mozilla-central/rev/ad6392e366d4
lockPref("browser.newtabpage.activity-stream.aboutHome.enabled", false);
lockPref("browser.newtabpage.directory.source", "data:text/plain,{}");
lockPref("browser.newtabpage.enhanced", false);
// -------------------------------------
// Pref : Disable Studies and SHIELD
// https://bugzilla.mozilla.org/show_bug.cgi?id=1436113
// https://hg.mozilla.org/mozilla-central/rev/94f5c92fc711
lockPref("extensions.shield-recipe-client.enabled", false);
lockPref("extensions.shield-recipe-client.api_url", "");
// -------------------------------------
// Pref : Disable Firefox Accounts and Sync
// https://bugzilla.mozilla.org/show_bug.cgi?id=1427674
// https://hg.mozilla.org/mozilla-central/rev/b014201f939f
lockPref("identity.fxaccounts.remote.webchannel.uri", "");
// -------------------------------------
// FF61+
// -------------------------------------
// Pref : Disable Experiments
// https://bugzilla.mozilla.org/show_bug.cgi?id=1450801
// https://hg.mozilla.org/mozilla-central/rev/b81ac6c5c207
// https://hg.mozilla.org/mozilla-central/rev/9e68f15bcb09
// https://bugzilla.mozilla.org/show_bug.cgi?id=1420908
// https://hg.mozilla.org/mozilla-central/rev/98389f291fe6
// https://hg.mozilla.org/mozilla-central/rev/8a77da7f1488
lockPref("experiments.enabled", false);
lockPref("experiments.manifest.uri", "");
lockPref("experiments.supported", false);
lockPref("experiments.activeExperiment", false);
// -------------------------------------
// Pref : Disable remote JAR files being opened, regardless of content type
// https://bugzilla.mozilla.org/show_bug.cgi?id=1427726
// https://hg.mozilla.org/integration/autoland/rev/a9185d7a30d8
lockPref("network.jar.block-remote-files", true);
// -------------------------------------
// Pref : Disable JAR from opening Unsafe File Types
// https://bugzilla.mozilla.org/show_bug.cgi?id=1427726
// https://hg.mozilla.org/integration/autoland/rev/064ca3f3d42b
lockPref("network.jar.open-unsafe-types", false);
// -------------------------------------
// Pref : Disable Activity Stream (others)
lockPref("browser.newtabpage.activity-stream.showTopSites", false);
// -------------------------------------
// Pref : Block unwanted connections
lockPref("toolkit.telemetry.infoURL", "");
// -------------------------------------
// FF62+
// -------------------------------------
// Pref : Disable Java plugin
// 0=deactivated, 1=ask, 2=enabled
// https://bugzilla.mozilla.org/1461243
lockPref("plugin.state.java", 0);
// -------------------------------------
// FF63+
// -------------------------------------
// Pref : DisableGeoIP-based search results
// [NOTE] May not be hidden if Firefox has changed your settings due to your locale
// https://bugzilla.mozilla.org/1462015
// https://hg.mozilla.org/mozilla-central/rev/0866ebeda09d
lockPref("browser.search.countryCode", "US"); // [HIDDEN PREF]
// -------------------------------------
// Pref : Disable app from auto-update
// lockPref("app.update.enabled", false);
// -------------------------------------
// Pref : Disable "Savant" Shield study
// https://bugzilla.mozilla.org/1457226
lockPref("shield.savant.enabled", false);
// -------------------------------------
// Pref : Disable favicons in tabs and new bookmarks
// Merged into "browser.chrome.site_icons"
// https://bugzilla.mozilla.org/1453751
lockPref("browser.chrome.favicons", false);
// -------------------------------------
// Pref : Disable autoplay of HTML5 media
// Replaced by "media.autoplay.default"
// https://bugzilla.mozilla.org/1470082
lockPref("media.autoplay.enabled", false);
// -------------------------------------
// Pref: Set cookie lifetime in days
// https://bugzilla.mozilla.org/1457170
// defaultPref("network.cookie.lifetime.days", 90); // [DEFAULT: 90]
// -------------------------------------
// Pref: Enable "Ctrl+Tab cycles through tabs in recently used order"
// Rreplaced by "browser.ctrlTab.recentlyUsedOrder"
// https://bugzilla.mozilla.org/1473595
defaultPref("browser.ctrlTab.previews", true);
// -------------------------------------
// Pref : Disable In-Browser Feed Handling
// https://bugzilla.mozilla.org/show_bug.cgi?id=1477670
// https://hg.mozilla.org/mozilla-central/rev/5b714ea69f17
// https://hg.mozilla.org/mozilla-central/rev/04ce1d287d58
// https://hg.mozilla.org/mozilla-central/rev/3abafc9e0915
// https://hg.mozilla.org/mozilla-central/rev/452156f0fc6d
lockPref("browser.contentHandlers.types.0.title", "");
lockPref("browser.contentHandlers.types.0.type", "");
lockPref("browser.contentHandlers.types.0.uri", "");
lockPref("browser.contentHandlers.types.1.title", "");
lockPref("browser.contentHandlers.types.1.type", "");
lockPref("browser.contentHandlers.types.1.uri", "");
lockPref("browser.contentHandlers.types.2.title", "");
lockPref("browser.contentHandlers.types.2.type", "");
lockPref("browser.contentHandlers.types.2.uri", "");
lockPref("browser.contentHandlers.types.3.title", "");
lockPref("browser.contentHandlers.types.3.type", "");
lockPref("browser.contentHandlers.types.3.uri", "");
// -------------------------------------
// Pref : Disable Activity Stream (others)
lockPref("browser.newtabpage.activity-stream.feeds.theme", false);
lockPref("browser.newtabpage.activity-stream.tippyTop.service.endpoint", "");
// -------------------------------------
// FF64+
// -------------------------------------
// Pref : Disable Onboarding
// [NOTE] This setting is just in case it comeback
// Onboarding is an interactive tour/setup for new installs/profiles and features. Every time
// about:home or about:newtab is opened, the onboarding overlay is injected into that page
// [NOTE] Onboarding uses Google Analytics, and leaks resource://URIs
// https://wiki.mozilla.org/Firefox/Onboarding
// https://github.com/mozilla/onboard/commit/db4d6c8726c89a5d6a241c1b1065827b525c5baf
// https://bugzilla.mozilla.org/863246#c154
lockPref("browser.onboarding.enabled", false);
lockPref("browser.onboarding.notification.tour-ids-queue", "");
// -------------------------------------
// Pref : Disable WebIDE to prevent remote debugging and ADB extension download
// https://developer.mozilla.org/docs/Tools/WebIDE
// https://trac.torproject.org/projects/tor/ticket/16222
lockPref("devtools.webide.autoinstallADBHelper", false);
lockPref("devtools.webide.adbAddonURL", "");
// -------------------------------------
// Pref : Disable CSP violation events
// https://developer.mozilla.org/docs/Web/API/SecurityPolicyViolationEvent
// https://bugzilla.mozilla.org/1488165
lockPref("security.csp.enable_violation_events", false);
// -------------------------------------
// FF65+
// -------------------------------------
// Pref : Disable location bar autocomplete and suggestion types
// https://bugzilla.mozilla.org/1502392
defaultPref("browser.urlbar.autocomplete.enabled", false);
// -------------------------------------
// Pref : When "browser.fixup.alternate.enabled" is enabled, strip password from 'user:password@...' URLs
// https://github.com/pyllyukko/user.js/issues/290#issuecomment-303560851
lockPref("browser.fixup.hide_user_pass", true);
// -------------------------------------
// FF66+
// -------------------------------------
// Pref : Disable Browser Error Reporter
// https://support.mozilla.org/en-US/kb/firefox-nightly-error-collection
// https://firefox-source-docs.mozilla.org/browser/browser/BrowserErrorReporter.html
lockPref("browser.chrome.errorReporter.enabled", false);
lockPref("browser.chrome.errorReporter.submitUrl", "");
lockPref("browser.chrome.errorReporter.infoURL", "");
// -------------------------------------
// Pref : Disable Mozilla permission to silently opt you into tests
// https://bugzilla.mozilla.org/1415625
lockPref("network.allow-experiments", false);
// -------------------------------------
// FF67+
// -------------------------------------
// Pref : Enforce DOMHighResTimeStamp API
// [WARNING] Required for normalization of timestamps and any timer resolution mitigations
lockPref("dom.event.highrestimestamp.enabled", true); // [DEFAULT: true]
// -------------------------------------
// Pref : Disable Extension Recommendations (CFR: "Contextual Feature Recommender"
// https://support.mozilla.org/en-US/kb/extension-recommendations
lockPref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr", false);
// -------------------------------------
// FF68+
// -------------------------------------
// Pref : Disable Activity Stream Snippets
// Runs code received from a server (aka Remote Code Execution) and sends information back to a metrics server
// https://abouthome-snippets-service.readthedocs.io/
lockPref("browser.aboutHomeSnippets.updateUrl", "");
lockPref("browser.newtabpage.activity-stream.disableSnippets", true);
// -------------------------------------
// Pref : Disable auto updating of lightweight themes (LWT)
// https://blog.mozilla.org/addons/2018/09/20/future-themes-here/
// https://bugzilla.mozilla.org/1525762
lockPref("lightweightThemes.update.enabled", false);
// -------------------------------------
// Pref : Enable CSP 1.1 experimental hash-source directive
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=855326,883975
// https://bugzilla.mozilla.org/1386214
defaultPref("security.csp.experimentalEnabled", true);
// -------------------------------------
// ESR68.x still uses all the following prefs
// -------------------------------------
// FF69+
@ -2786,7 +2500,7 @@ lockPref("services.sync.prefs.sync.browser.sessionstore.restore_on_demand", fals
// https://hg.mozilla.org/mozilla-central/rev/69d1b01b2847
lockPref("gfx.downloadable_fonts.woff2.enabled", false);
// -------------------------------------
// Pref : Enable plugins click-to-play
// Pref : Enforce click-to-play for plugins
// https://bugzilla.mozilla.org/1519434
// https://hg.mozilla.org/mozilla-central/rev/38fc0d299eb0
lockPref("plugins.click_to_play", true);
@ -2798,3 +2512,43 @@ lockPref("media.autoplay.allow-muted", false);
// -------------------------------------
// FF70+
// -------------------------------------
// Pref : Disable disk cache for SSL pages
// lockPref("browser.cache.disk_cache_ssl", false);
// -------------------------------------
// Pref : Disable a part of breakage report UI
// https://bugzilla.mozilla.org/show_bug.cgi?id=1566985
// https://hg.mozilla.org/mozilla-central/rev/513e87bb151b
// https://hg.mozilla.org/mozilla-central/rev/708f0175c5e6
lockPref("browser.contentblocking.reportBreakage.enabled", false);
lockPref("browser.contentblocking.rejecttrackers.reportBreakage.enabled", false);
// -------------------------------------
// Pref : Disable tracking protection UI list editing under url bar popup
// https://bugzilla.mozilla.org/show_bug.cgi?id=1572139
lockPref("browser.contentblocking.trackingprotection.control-center.ui.enabled", false);
// -------------------------------------
// Pref : Disable parts of trackingprotection and related syncs
// https://bugzilla.mozilla.org/show_bug.cgi?id=1570971
// https://hg.mozilla.org/mozilla-central/rev/8247f9a13f56
// https://bugzilla.mozilla.org/show_bug.cgi?id=1564367
// https://hg.mozilla.org/mozilla-central/rev/a931afa2c4bd
// https://bugzilla.mozilla.org/show_bug.cgi?id=1560040
// https://hg.mozilla.org/mozilla-central/rev/11dc1c09bb58
lockPref("privacy.trackingprotection.cryptomining.annotate.enabled", false);
lockPref("privacy.trackingprotection.fingerprinting.annotate.enabled", false);
lockPref("privacy.trackingprotection.introURL", "");
lockPref("privacy.trackingprotection.socialtracking.annotate.enabled", false);
lockPref("services.sync.prefs.sync.browser.contentblocking.enabled", false);
lockPref("services.sync.prefs.sync.privacy.trackingprotection.cryptomining.annotate.enabled", false);
lockPref("services.sync.prefs.sync.privacy.trackingprotection.fingerprinting.annotate.enabled", false);
// -------------------------------------
// Pref : Disable about:logins (Firefox Lockwise)
// https://bugzilla.mozilla.org/show_bug.cgi?id=1567548
// https://hg.mozilla.org/mozilla-central/rev/198896f94464
// https://bugzilla.mozilla.org/show_bug.cgi?id=1572569
// https://hg.mozilla.org/mozilla-central/rev/9a1a98370eca
lockPref("signon.management.page.faqURL", "");
lockPref("signon.management.page.feedbackURL", "");
// -------------------------------------
// Pref : Use APP locale over OS locale in regional preferences
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1379420,1364789
// lockPref("intl.regional_prefs.use_os_locales", false);