{ # https:#git.nixnet.services/Narsil/desktop_user.js # Author : Narsil : https:#git.nixnet.services/Narsil # Based on : arkenfox : https:#github.com/arkenfox/user.js # License : https:#git.nixnet.services/Narsil/desktop_user.js/raw/branch/master/LICENSE # Disable about:config warning "browser.aboutConfig.showWarning" = false; # STARTUP # Disable default browser check "browser.shell.checkDefaultBrowser" = false; # Set startup page [SETUP-CHROME] # 0=blank = 1=home = 2=last visited page = 3=resume previous session "browser.startup.page" = 0; # Set HOME+NEWWINDOW page "browser.startup.homepage" = "about:blank"; # Set NEWTAB page # true=Activity Stream (default) = false=blank page "browser.newtabpage.enabled" = false; # Disable sponsored content on Firefox Home (Activity Stream) "browser.newtabpage.activity-stream.showSponsored" = false; # [FF58+] Pocket > Sponsored Stories "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; # [FF83+] Sponsored shortcuts # Clear default topsites "browser.newtabpage.activity-stream.default.sites" = ""; "browser.topsites.contile.enabled" = false; "browser.topsites.useRemoteSetting" = false; # GEOLOCATION # Use Mozilla geolocation service instead of Google if permission is granted [FF74+] "geo.provider.network.url" = ""; #"geo.provider.network.logging.enabled" = true; # [HIDDEN PREF] # Disable using the OS's geolocation service "geo.provider.use_gpsd" = false; # [LINUX] [HIDDEN PREF] "geo.provider.geoclue.always_high_accuracy" = false; # [LINUX] "geo.provider.use_geoclue" = false; # [FF102+] [LINUX] # Disable region updates "browser.region.network.url" = ""; # [FF78+] Defense-in-depth "browser.region.update.enabled" = false; # [FF79+] # QUIETER FOX # Disable recommendation pane in about:addons (uses Google Analytics) "extensions.getAddons.showPane" = false; # [HIDDEN PREF] # Disable recommendations in about:addons' Extensions and Themes panes [FF68+] "extensions.htmlaboutaddons.recommendations.enabled" = false; # Disable personalized Extension Recommendations in about:addons and AMO [FF65+] "browser.discovery.enabled" = false; # Disable shopping experience [FF116+] "browser.shopping.experience2023.enabled" = false; # [DEFAULT: false] "browser.shopping.experience2023.opted" = 2; "browser.shopping.experience2023.active" = false; # TELEMETRY # Disable new data submission [FF41+] "datareporting.policy.dataSubmissionEnabled" = false; # Disable Health Reports "datareporting.healthreport.uploadEnabled" = false; # Disable telemetry "toolkit.telemetry.unified" = false; "toolkit.telemetry.enabled" = false; # see [NOTE] "toolkit.telemetry.server" = "data:,"; "toolkit.telemetry.archive.enabled" = false; "toolkit.telemetry.newProfilePing.enabled" = false; # [FF55+] "toolkit.telemetry.shutdownPingSender.enabled" = false; # [FF55+] "toolkit.telemetry.updatePing.enabled" = false; # [FF56+] "toolkit.telemetry.bhrPing.enabled" = false; # [FF57+] Background Hang Reporter "toolkit.telemetry.firstShutdownPing.enabled" = false; # [FF57+] # Skip checking omni.ja and other files "corroborator.enabled" = false; # Disable Telemetry Coverage "toolkit.telemetry.coverage.opt-out" = true; # [HIDDEN PREF] "toolkit.coverage.opt-out" = true; # [FF64+] [HIDDEN PREF] "toolkit.coverage.endpoint.base" = ""; # Disable PingCentre telemetry (used in several System Add-ons) [FF57+] "browser.ping-centre.telemetry" = false; # Disable Firefox Home (Activity Stream) telemetry "browser.newtabpage.activity-stream.feeds.telemetry" = false; "browser.newtabpage.activity-stream.telemetry" = false; # Disable WebVTT logging and test events "media.webvtt.debug.logging" = false; "media.webvtt.testing.events" = false; # Disable send content blocking log to about:protections "browser.contentblocking.database.enabled" = false; # Disable celebrating milestone toast when certain numbers of trackers are blocked "browser.contentblocking.cfr-milestone.enabled" = false; # Disable Default Browser Agent "default-browser-agent.enabled" = false; # [WINDOWS] # STUDIES # Disable Studies "app.shield.optoutstudies.enabled" = false; # Disable Normandy/Shield [FF60+] "app.normandy.enabled" = false; "app.normandy.api_url" = ""; # CRASH REPORTS # Disable Crash Reports "breakpad.reportURL" = ""; "browser.tabs.crashReporting.sendReport" = false; # [FF44+] #"browser.crashReports.unsubmittedCheck.enabled" = false; # [FF51+] [DEFAULT: false] # Enforce no submission of backlogged Crash Reports [FF58+] "browser.crashReports.unsubmittedCheck.autoSubmit2" = false; # [DEFAULT: false] # OTHER # Disable Captive Portal detection "captivedetect.canonicalURL" = ""; "network.captive-portal-service.enabled" = false; # [FF52+] # Disable Network Connectivity checks [FF65+] "network.connectivity-service.enabled" = false; # Disable contentblocking reports "browser.contentblocking.reportBreakage.url" = ""; "browser.contentblocking.report.cookie.url" = ""; "browser.contentblocking.report.cryptominer.url" = ""; "browser.contentblocking.report.fingerprinter.url" = ""; "browser.contentblocking.report.lockwise.enabled" = false; "browser.contentblocking.report.lockwise.how_it_works.url" = ""; "browser.contentblocking.report.manage_devices.url" = ""; "browser.contentblocking.report.monitor.enabled" = false; "browser.contentblocking.report.monitor.how_it_works.url" = ""; "browser.contentblocking.report.monitor.sign_in_url" = ""; "browser.contentblocking.report.monitor.url" = ""; "browser.contentblocking.report.proxy.enabled" = false; "browser.contentblocking.report.proxy_extension.url" = ""; "browser.contentblocking.report.social.url" = ""; "browser.contentblocking.report.tracker.url" = ""; "browser.contentblocking.report.endpoint_url" = ""; "browser.contentblocking.report.monitor.home_page_url" = ""; "browser.contentblocking.report.monitor.preferences_url" = ""; "browser.contentblocking.report.vpn.enabled" = false; "browser.contentblocking.report.hide_vpn_banner" = true; "browser.contentblocking.report.show_mobile_app" = false; "browser.vpn_promo.enabled" = false; "browser.promo.focus.enabled" = false; # Block unwanted connections "app.feedback.baseURL" = ""; "app.support.baseURL" = ""; "app.releaseNotesURL" = ""; "app.update.url.details" = ""; "app.update.url.manual" = ""; "app.update.staging.enabled" = false; # Remove default handlers and translation engine "gecko.handlerService.schemes.mailto.0.uriTemplate" = ""; "gecko.handlerService.schemes.mailto.0.name" = ""; "gecko.handlerService.schemes.mailto.1.uriTemplate" = ""; "gecko.handlerService.schemes.mailto.1.name" = ""; "gecko.handlerService.schemes.irc.0.uriTemplate" = ""; "gecko.handlerService.schemes.irc.0.name" = ""; "gecko.handlerService.schemes.ircs.0.uriTemplate" = ""; "gecko.handlerService.schemes.ircs.0.name" = ""; "browser.translation.engine" = ""; # Disable connections to Mozilla servers "services.settings.server" = ""; # SAFE BROWSING (SB) # Disable SB (Safe Browsing) "browser.safebrowsing.malware.enabled" = false; "browser.safebrowsing.phishing.enabled" = false; "browser.safebrowsing.passwords.enabled" = false; "browser.safebrowsing.allowOverride" = false; # Disable SB checks for downloads (both local lookups + remote) "browser.safebrowsing.downloads.enabled" = false; # Disable SB checks for downloads (remote) "browser.safebrowsing.downloads.remote.enabled" = false; "browser.safebrowsing.downloads.remote.url" = ""; # Disable SB checks for unwanted software "browser.safebrowsing.downloads.remote.block_potentially_unwanted" = false; "browser.safebrowsing.downloads.remote.block_uncommon" = false; # Disable "ignore this warning" on SB warnings [FF45+] #"browser.safebrowsing.allowOverride" = false; # Google connections "browser.safebrowsing.downloads.remote.block_dangerous" = false; "browser.safebrowsing.downloads.remote.block_dangerous_host" = false; "browser.safebrowsing.provider.google.updateURL" = ""; "browser.safebrowsing.provider.google.gethashURL" = ""; "browser.safebrowsing.provider.google4.updateURL" = ""; "browser.safebrowsing.provider.google4.gethashURL" = ""; "browser.safebrowsing.provider.google.reportURL" = ""; "browser.safebrowsing.reportPhishURL" = ""; "browser.safebrowsing.provider.google4.reportURL" = ""; "browser.safebrowsing.provider.google.reportMalwareMistakeURL" = ""; "browser.safebrowsing.provider.google.reportPhishMistakeURL" = ""; "browser.safebrowsing.provider.google4.reportMalwareMistakeURL" = ""; "browser.safebrowsing.provider.google4.reportPhishMistakeURL" = ""; "browser.safebrowsing.provider.google4.dataSharing.enabled" = false; "browser.safebrowsing.provider.google4.dataSharingURL" = ""; "browser.safebrowsing.provider.google.advisory" = ""; "browser.safebrowsing.provider.google.advisoryURL" = ""; # "browser.safebrowsing.provider.google.gethashURL" = ""; "browser.safebrowsing.provider.google4.advisoryURL" = ""; "browser.safebrowsing.blockedURIs.enabled" = false; "browser.safebrowsing.provider.mozilla.gethashURL" = ""; "browser.safebrowsing.provider.mozilla.updateURL" = ""; # BLOCK IMPLICIT OUTBOUND # Disable link prefetching "network.prefetch-next" = false; # Disable DNS prefetching "network.dns.disablePrefetch" = true; #"network.dns.disablePrefetchFromHTTPS" = true; # [DEFAULT: true] # Disable predictor / prefetching "network.predictor.enabled" = false; "network.predictor.enable-prefetch" = false; # [FF48+] [DEFAULT: false] # Disable link-mouseover opening connection to linked server "network.http.speculative-parallel-limit" = 0; # Disable mousedown speculative connections on bookmarks and history [FF98+] "browser.places.speculativeConnect.enabled" = false; # Enforce no "Hyperlink Auditing" (click tracking) #"browser.send_pings" = false; # [DEFAULT: false] # DNS / DoH / PROXY / SOCKS # Set the proxy server to do any DNS lookups when using SOCKS "network.proxy.socks_remote_dns" = true; # Disable using UNC (Uniform Naming Convention) paths [FF61+] "network.file.disable_unc_paths" = true; # [HIDDEN PREF] # Disable GIO as a potential proxy bypass vector "network.gio.supported-protocols" = ""; # [HIDDEN PREF] [DEFAULT: "" FF118+] # Disable proxy direct failover for system requests [FF91+] #"network.proxy.failover_direct" = false; # Disable proxy bypass for system request failures [FF95+] #"network.proxy.allow_bypass" = false; # Disable DNS-over-HTTPS (DoH)[FF60+] "network.trr.mode" = 5; "network.trr.confirmationNS" = ""; # Disable skipping DoH when parental controls are enabled "network.trr.uri" = ""; "network.trr.custom_uri" = ""; # LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS # Disable location bar making speculative connections [FF56+] "browser.urlbar.speculativeConnect.enabled" = false; # Disable location bar contextual suggestions "browser.urlbar.suggest.quicksuggest.nonsponsored" = false; # [FF95+] "browser.urlbar.suggest.quicksuggest.sponsored" = false; # [FF92+] # Disable live search suggestions "browser.search.suggest.enabled" = false; "browser.urlbar.suggest.searches" = false; # Disable urlbar trending search suggestions [FF118+] "browser.urlbar.trending.featureGate" = false; # Disable urlbar suggestions "browser.urlbar.addons.featureGate" = false; # [FF115+] "browser.urlbar.mdn.featureGate" = false; # [FF117+] [HIDDEN PREF] "browser.urlbar.pocket.featureGate" = false; # [FF116+] [DEFAULT: false] "browser.urlbar.weather.featureGate" = false; # [FF108+] [DEFAULT: false] # Disable urlbar clipboard suggestions [FF118+] #"browser.urlbar.clipboard.featureGate" = false; # [DEFAULT: false] # Disable search and form history "browser.formfill.enable" = false; # Disable tab-to-search [FF85+] "browser.urlbar.suggest.engines" = false; # Disable coloring of visited links "layout.css.visited_links_enabled" = false; # Enable separate default search engine in Private Windows and its UI setting "browser.search.separatePrivateDefault" = true; # [FF70+] "browser.search.separatePrivateDefault.ui.enabled" = true; # [FF71+] # Disable merino "browser.urlbar.merino.enabled" = false; # PASSWORDS # # Disable saving passwords and password alerts. "signon.rememberSignons" = false; "signon.generation.enabled" = false; "signon.management.page.breach-alerts.enabled" = false; "signon.management.page.breachAlertUrl" = ""; # Set when Firefox should prompt for the primary password # 0=once per session (default) = 1=every time it's needed = 2=after n minutes "security.ask_for_password" = 2; # Set how long in minutes Firefox should remember the primary password (0901) "security.password_lifetime" = 5; # [DEFAULT: 30] # Disable auto-filling username & password form fields "signon.autofillForms" = false; # Disable formless login capture for Password Manager [FF51+] "signon.formlessCapture.enabled" = false; # Limit (or disable) HTTP authentication credentials dialogs triggered by sub-resources [FF41+] # 0 = don't allow sub-resources to open HTTP authentication credentials dialogs # 1 = don't allow cross-origin sub-resources to open HTTP authentication credentials dialogs # 2 = allow sub-resources to open HTTP authentication credentials dialogs (default) "network.auth.subresource-http-auth-allow" = 1; # DISK AVOIDANCE # Disable disk cache "browser.cache.disk.enable" = false; # Disable media cache from writing to disk in Private Browsing "browser.privatebrowsing.forceMediaMemoryCache" = true; # [FF75+] "media.memory_cache_max_size" = 65536; # Disable storing extra session data [SETUP-CHROME] # 0=everywhere = 1=unencrypted sites = 2=nowhere "browser.sessionstore.privacy_level" = 2; # HTTPS (SSL/TLS / OCSP / CERTS / HPKP) # Require safe negotiation "security.ssl.require_safe_negotiation" = true; # Disable TLS1.3 0-RTT (round-trip time) [FF51+] "security.tls.enable_0rtt_data" = false; # OCSP (Online Certificate Status Protocol) # Enforce OCSP fetching to confirm current validity of certificates # 0=disabled = 1=enabled (default) = 2=enabled for EV certificates only "security.OCSP.enabled" = 0; # [DEFAULT: 1] # Set OCSP fetch failures (non-stapled) to hard-fail [SETUP-WEB] "security.OCSP.require" = false; # CERTS / HPKP (HTTP Public Key Pinning) # Enable strict PKP (Public Key Pinning) # 0=disabled = 1=allow user MiTM (default; such as your antivirus) = 2=strict "security.cert_pinning.enforcement_level" = 2; # Disable CRLite [FF73+] # 0 = disabled # 1 = consult CRLite but only collect telemetry (default) # 2 = consult CRLite and enforce both "Revoked" and "Not Revoked" results # 3 = consult CRLite and enforce "Not Revoked" results = but defer to OCSP for "Revoked" (default) "security.remote_settings.intermediates.enabled" = false; "security.remote_settings.intermediates.bucket" = ""; "security.remote_settings.intermediates.collection" = ""; "security.remote_settings.intermediates.signer" = ""; "security.remote_settings.crlite_filters.enabled" = false; "security.remote_settings.crlite_filters.bucket" = ""; "security.remote_settings.crlite_filters.collection" = ""; "security.remote_settings.crlite_filters.signer" = ""; "security.pki.crlite_mode" = 0; # MIXED CONTENT # Disable insecure passive content (such as images) on https pages [SETUP-WEB] #"security.mixed_content.block_display_content" = true; # Defense-in-depth # Enable HTTPS-Only mode in all windows "dom.security.https_only_mode" = true; # [FF76+] #"dom.security.https_only_mode_pbm" = true; # [FF80+] # Enable HTTPS-Only mode for local resources [FF77+] #"dom.security.https_only_mode.upgrade_local" = true; # Disable HTTP background requests [FF82+] "dom.security.https_only_mode_send_http_background_request" = false; # Disable ping to Mozilla for Man-in-the-Middle detection "security.certerrors.mitm.priming.enabled" = false; "security.certerrors.mitm.priming.endpoint" = ""; "security.pki.mitm_canary_issuer" = ""; "security.pki.mitm_canary_issuer.enabled" = false; "security.pki.mitm_detected" = false; # UI (User Interface) # Display warning on the padlock for "broken security" "security.ssl.treat_unsafe_negotiation_as_broken" = true; # Display advanced information on Insecure Connection warning pages "browser.xul.error_pages.expert_bad_cert" = true; # REFERERS # Control the amount of cross-origin information to send [FF52+] # 0=send full URI (default) = 1=scheme+host+port+path = 2=scheme+host+port "network.http.referer.XOriginTrimmingPolicy" = 2; # CONTAINERS # Enable Container Tabs and its UI setting [FF50+] "privacy.userContext.enabled" = true; "privacy.userContext.ui.enabled" = true; # Set behavior on "+ Tab" button to display container menu on left click [FF74+] #"privacy.userContext.newTabContainerOnLeftClick.enabled" = true; # PLUGINS / MEDIA / WEBRTC # Force WebRTC inside the proxy [FF70+] "media.peerconnection.ice.proxy_only_if_behind_proxy" = true; # Force a single network interface for ICE candidates generation [FF42+] "media.peerconnection.ice.default_address_only" = true; # Force exclusion of private IPs from ICE candidates [FF51+] #"media.peerconnection.ice.no_host" = true; # Disable GMP (Gecko Media Plugins) "media.gmp-provider.enabled" = false; "media.gmp-manager.url" = ""; "media.gmp-gmpopenh264.enabled" = false; # DOM (DOCUMENT OBJECT MODEL) # Prevent scripts from moving and resizing open windows "dom.disable_window_move_resize" = true; # MISCELLANEOUS # Remove temp files opened from non-PB windows with an external application "browser.download.start_downloads_in_tmp_dir" = true; # [FF102+] # Disable sending additional analytics to web servers "beacon.enabled" = false; # Remove temp files opened with an external application "browser.helperApps.deleteTempFileOnExit" = true; # Disable UITour backend so there is no chance that a remote page can use it "browser.uitour.enabled" = false; "browser.uitour.url" = ""; # Defense-in-depth # Reset remote debugging to disabled "devtools.debugger.remote-enabled" = false; # [DEFAULT: false] # Disable websites overriding Firefox's keyboard shortcuts [FF58+] # 0 (default) or 1=allow = 2=block #"permissions.default.shortcuts" = 2; # Remove special permissions for certain mozilla domains [FF35+] "permissions.manager.defaultsUrl" = ""; # Remove webchannel whitelist "webchannel.allowObject.urlWhitelist" = ""; # Use Punycode in Internationalized Domain Names to eliminate possible spoofing "network.IDN_show_punycode" = true; # Enforce PDFJS = disable PDFJS scripting "pdfjs.disabled" = false; # [DEFAULT: false] "pdfjs.enableScripting" = false; # [FF86+] # Disable middle click on new tab button opening URLs or searches using clipboard [FF115+] "browser.tabs.searchclipboardfor.middleclick" = false; # [DEFAULT: false NON-LINUX] # Disable the default checkedness for "Save card and address to Firefox" checkboxes "dom.payments.defaults.saveAddress" = false; "dom.payments.defaults.saveCreditCard" = false; # Disable Displaying Javascript in History URLs "browser.urlbar.filter.javascript" = true; # DOWNLOADS # Enable user interaction for security by always asking where to download "browser.download.useDownloadDir" = false; # Disable downloads panel opening on every download [FF96+] "browser.download.alwaysOpenPanel" = false; # Disable adding downloads to the system's "recent documents" list "browser.download.manager.addToRecentDocs" = false; # Enable user interaction for security by always asking how to handle new mimetypes [FF101+] "browser.download.always_ask_before_handling_new_types" = true; # EXTENSIONS # Limit allowed extension directories "extensions.enabledScopes" = 5; # [HIDDEN PREF] #"extensions.autoDisableScopes" = 15; # [DEFAULT: 15] # Disable bypassing 3rd party extension install prompts [FF82+] "extensions.postDownloadThirdPartyPrompt" = false; # Disable webextension restrictions on certain mozilla domains [FF60+] #"extensions.webextensions.restrictedDomains" = ""; # Disable extensions suggestions "extensions.webservice.discoverURL" = ""; # ETP (ENHANCED TRACKING PROTECTION) # Enable ETP Strict Mode [FF86+] "browser.contentblocking.category" = "strict"; # [HIDDEN PREF] # Disable ETP web compat features [FF93+] #"privacy.antitracking.enableWebcompat" = false; # SHUTDOWN & SANITIZING # Enable Firefox to clear items on shutdown "privacy.sanitize.sanitizeOnShutdown" = true; # SANITIZE ON SHUTDOWN: IGNORES "ALLOW" SITE EXCEPTIONS # Set/enforce what items to clear on shutdown [SETUP-CHROME] "privacy.clearOnShutdown.cache" = true; "privacy.clearOnShutdown.downloads" = true; # [DEFAULT: true] "privacy.clearOnShutdown.formdata" = true; # [DEFAULT: true] "privacy.clearOnShutdown.history" = true; # [DEFAULT: true] "privacy.clearOnShutdown.sessions" = true; # [DEFAULT: true] #"privacy.clearOnShutdown.siteSettings" = false; # [DEFAULT: false] # Set Session Restore to clear on shutdown [FF34+] #"privacy.clearOnShutdown.openWindows" = true; # SANITIZE ON SHUTDOWN: RESPECTS "ALLOW" SITE EXCEPTIONS FF103+ # Set "Cookies" and "Site Data" to clear on shutdown "privacy.clearOnShutdown.cookies" = true; # Cookies "privacy.clearOnShutdown.offlineApps" = true; # Site Data # SANITIZE MANUAL: IGNORES "ALLOW" SITE EXCEPTIONS # Reset default items to clear with Ctrl-Shift-Del "privacy.cpd.cache" = true; # [DEFAULT: true] "privacy.cpd.formdata" = true; # Form & Search History "privacy.cpd.history" = true; # Browsing & Download History "privacy.cpd.offlineApps" = true; # Offline Website Data "privacy.cpd.sessions" = true; # [DEFAULT: true] # "privacy.cpd.offlineApps" = true; # [DEFAULT: false] "privacy.cpd.cookies" = true; #"privacy.cpd.downloads" = true; # not used #"privacy.cpd.openWindows" = false; # Session Restore #"privacy.cpd.passwords" = false; #"privacy.cpd.siteSettings" = false; # Clear Session Restore data when sanitizing on shutdown or manually [FF34+] #"privacy.clearOnShutdown.openWindows" = true; #"privacy.cpd.openWindows" = true; # Reset default "Time range to clear" for "Clear Recent History" # 0=everything = 1=last hour = 2=last two hours = 3=last four hours = 4=today "privacy.sanitize.timeSpan" = 0; # FPP (fingerprintingProtection) # Enable FPP in PB mode [FF114+] #"privacy.fingerprintingProtection.pbmode" = true; # [DEFAULT: true FF118+] # Set global FPP overrides [FF114+] #"privacy.fingerprintingProtection.overrides" = ""; # RFP (resistFingerprinting) # Enable RFP "privacy.resistFingerprinting" = true; # [FF41+] #"privacy.resistFingerprinting.pbmode" = true; # [FF114+] # Set new window size rounding max values [FF55+] "privacy.window.maxInnerWidth" = 1400; "privacy.window.maxInnerHeight" = 900; # Disable mozAddonManager Web API [FF57+] "privacy.resistFingerprinting.block_mozAddonManager" = true; # Enable RFP letterboxing [FF67+] #"privacy.resistFingerprinting.letterboxing" = true; # [HIDDEN PREF] #"privacy.resistFingerprinting.letterboxing.dimensions" = ""; # [HIDDEN PREF] # Experimental RFP [FF91+] #"privacy.resistFingerprinting.exemptedDomains" = "*.example.invalid"; # Disable using system colors "browser.display.use_system_colors" = false; # [DEFAULT: false NON-WINDOWS] # Enforce non-native widget theme "widget.non-native-theme.enabled" = true; # [DEFAULT: true] # Enforce links targeting new windows to open in a new tab instead # 1=most recent window or tab = 2=new window = 3=new tab "browser.link.open_newwindow" = 3; # [DEFAULT: 3] # Set all open window methods to abide by "browser.link.open_newwindow" "browser.link.open_newwindow.restriction" = 0; # Disable WebGL (Web Graphics Library) "webgl.disabled" = true; # OPTIONAL OPSEC # Start Firefox in PB (Private Browsing) mode #"browser.privatebrowsing.autostart" = true; # Disable memory cache # capacity: -1=determine dynamically (default) = 0=none = n=memory capacity in kibibytes #"browser.cache.memory.enable" = false; #"browser.cache.memory.capacity" = 0; # Disable saving passwords #"signon.rememberSignons" = false; # Disable permissions manager from writing to disk [FF41+] [RESTART] #"permissions.memory_only" = true; # [HIDDEN PREF] # Disable intermediate certificate caching [FF41+] [RESTART] #"security.nocertdb" = true; # # Disable favicons in history and bookmarks "browser.chrome.site_icons" = false; # Exclude "Undo Closed Tabs" in Session Restore #"browser.sessionstore.max_tabs_undo" = 0; # Disable resuming session from crash #"browser.sessionstore.resume_from_crash" = false; # Disable "open with" in download dialog [FF50+] #"browser.download.forbid_open_with" = true; # Disable location bar suggestion types "browser.urlbar.suggest.history" = false; "browser.urlbar.suggest.bookmark" = false; "browser.urlbar.suggest.openpage" = false; "browser.urlbar.suggest.topsites" = false; # [FF78+] "browser.urlbar.suggest.weather" = false; # Disable location bar dropdown #"browser.urlbar.maxRichResults" = 0; # Disable location bar autofill "browser.urlbar.autoFill" = false; # Disable browsing and download history "places.history.enabled" = false; # Discourage downloading to desktop # 0=desktop = 1=downloads (default) = 2=custom #"browser.download.folderList" = 2; # Disable Form Autofill "extensions.formautofill.addresses.enabled" = false; # [FF55+] "extensions.formautofill.creditCards.enabled" = false; # [FF56+] # Limit events that can cause a pop-up #"dom.popup_allowed_events" = "click dblclick mousedown pointerdown"; # Disable page thumbnail collection #"browser.pagethumbnails.capturing_disabled" = true; # [HIDDEN PREF] # Disable location bar using search "keyword.enabled" = false; # Force GPU sandboxing (Linux = default on Windows) "security.sandbox.gpu.level" = 1; # Enable Site Isolation "fission.autostart" = true; "gfx.webrender.all" = true; # OPTIONAL HARDENING # Disable MathML (Mathematical Markup Language) [FF51+] "mathml.disabled" = true; # Disable in-content SVG (Scalable Vector Graphics) [FF53+] #"svg.disabled" = true; # Disable graphite "gfx.font_rendering.graphite.enabled" = false; # Disable asm.js [FF22+] "javascript.options.asmjs" = false; # Disable Ion and baseline JIT to harden against JS exploits "javascript.options.ion" = false; "javascript.options.baselinejit" = false; "javascript.options.jit_trustedprincipals" = true; # [FF75+] [HIDDEN PREF] # Disable WebAssembly [FF52+] "javascript.options.wasm" = false; # Disable rendering of SVG OpenType fonts "gfx.font_rendering.opentype_svg.enabled" = false; # Disable widevine CDM (Content Decryption Module) "media.gmp-widevinecdm.enabled" = false; # Disable all DRM content (EME: Encryption Media Extension) "media.eme.enabled" = false; "browser.eme.ui.enabled" = false; # Disable IPv6 if using a VPN #"network.dns.disableIPv6" = true; # Control when to send a cross-origin referer # * 0=always (default) = 1=only if base domains match = 2=only if hosts match #"network.http.referer.XOriginPolicy" = 2; # Set DoH bootstrap address [FF89+] #"network.trr.bootstrapAddr" = "10.0.0.1"; # [HIDDEN PREF] # DON'T TOUCH # Disable Firefox blocklist "extensions.blocklist.enabled" = false; # [DEFAULT: true] "extensions.blocklist.addonItemURL" = ""; "extensions.blocklist.detailsURL" = ""; "extensions.blocklist.itemURL" = ""; "services.blocklist.addons.collection" = ""; "services.blocklist.addons.signer" = ""; "services.blocklist.plugins.collection" = ""; "services.blocklist.plugins.signer" = ""; "services.blocklist.gfx.collection" = ""; "services.blocklist.gfx.signer" = ""; # Enforce no referer spoofing "network.http.referer.spoofSource" = true; # [DEFAULT: false] # Enforce a security delay on some confirmation dialogs such as install = open/save "security.dialog_enable_delay" = 1000; # [DEFAULT: 1000] # Enforce no First Party Isolation [FF51+] "privacy.firstparty.isolate" = false; # [DEFAULT: false] # Enforce SmartBlock shims (about:compat) [FF81+] "extensions.webcompat.enable_shims" = true; # [HIDDEN PREF] [DEFAULT: true] # Enforce no TLS 1.0/1.1 downgrades "security.tls.version.enable-deprecated" = false; # [DEFAULT: false] # Enforce disabling of Web Compatibility Reporter [FF56+] "extensions.webcompat-reporter.enabled" = false; # [DEFAULT: false] # Disable Quarantined Domains [FF115+] "extensions.quarantinedDomains.enabled" = false; # [DEFAULT: true] # prefsCleaner: previously active items removed from arkenfox 115-117 #"accessibility.force_disabled" = ""; #"browser.urlbar.dnsResolveSingleWordsAfterSearch" = ""; #"network.protocol-handler.external.ms-windows-store" = ""; #"privacy.partition.always_partition_third_party_non_cookie_storage" = ""; #"privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage" = ""; #"privacy.partition.serviceWorkers" = ""; # DON'T BOTHER # Disable APIs "geo.enabled" = false; #"full-screen-api.enabled" = false; # Set default permissions # 0=always ask (default) = 1=allow = 2=block "permissions.default.geo" = 2; "permissions.default.camera" = 2; "permissions.default.microphone" = 2; "permissions.default.desktop-notification" = 2; "permissions.default.xr" = 2; # Virtual Reality # Disable canvas capture stream "canvas.capturestream.enabled" = false; # Disable offscreen canvas "gfx.offscreencanvas.enabled" = false; # Disable non-modern cipher suites #"security.ssl3.ecdhe_ecdsa_aes_128_sha" = false; #"security.ssl3.ecdhe_ecdsa_aes_256_sha" = false; #"security.ssl3.ecdhe_rsa_aes_128_sha" = false; #"security.ssl3.ecdhe_rsa_aes_256_sha" = false; #"security.ssl3.rsa_aes_128_gcm_sha256" = false; # no PFS #"security.ssl3.rsa_aes_256_gcm_sha384" = false; # no PFS #"security.ssl3.rsa_aes_128_sha" = false; # no PFS #"security.ssl3.rsa_aes_256_sha" = false; # no PFS # Control TLS versions #"security.tls.version.min" = 3; # [DEFAULT: 3] #"security.tls.version.max" = 4; # Disable SSL session IDs [FF36+] #"security.ssl.disable_session_identifiers" = true; # Onions #"dom.securecontext.allowlist_onions" = true; #"network.http.referer.hideOnionSource" = true; # Referers #"network.http.sendRefererHeader" = 2; #"network.http.referer.trimmingPolicy" = 0; # Set the default Referrer Policy [FF59+] # 0=no-referer = 1=same-origin = 2=strict-origin-when-cross-origin = 3=no-referrer-when-downgrade #"network.http.referer.defaultPolicy" = 2; # [DEFAULT: 2] #"network.http.referer.defaultPolicy.pbmode" = 2; # [DEFAULT: 2] # Disable HTTP Alternative Services [FF37+] #"network.http.altsvc.enabled" = false; # Disable website control over browser right-click context menu #"dom.event.contextmenu.enabled" = false; # Disable icon fonts (glyphs) and local fallback rendering #"gfx.downloadable_fonts.enabled" = false; # [FF41+] #"gfx.downloadable_fonts.fallback_delay" = -1; # Disable Clipboard API #"dom.event.clipboardevents.enabled" = false; # Disable System Add-on updates "extensions.systemAddon.update.enabled" = false; # [FF62+] "extensions.systemAddon.update.url" = ""; # [FF44+] # Enable the DNT (Do Not Track) HTTP header "privacy.donottrackheader.enabled" = false; # Customize ETP settings #"network.cookie.cookieBehavior" = 5; # [DEFAULT: 5] #"privacy.fingerprintingProtection" = true; # [FF114+] [ETP FF119+] #"privacy.partition.network_state.ocsp_cache" = true; # [DEFAULT: true FF123+] #"privacy.query_stripping.enabled" = true; # [FF101+] "privacy.query_stripping.strip_list" = "__hsfp __hssc __hstc __s _hsenc _openstat dclid fbclid gbraid gclid hsCtaTracking igshid mc_eid ml_subscriber ml_subscriber_hash msclkid oft_c oft_ck oft_d oft_id oft_ids oft_k oft_lk oft_sk oly_anon_id oly_enc_id rb_clickid s_cid twclid vero_conv vero_id wbraid wickedid yclid"; #"network.http.referer.disallowCrossSiteRelaxingDefault" = true; #"network.http.referer.disallowCrossSiteRelaxingDefault.top_navigation" = true; # [FF100+] #"privacy.trackingprotection.enabled" = true; #"privacy.trackingprotection.socialtracking.enabled" = true; #"privacy.trackingprotection.cryptomining.enabled" = true; # [DEFAULT: true] #"privacy.trackingprotection.fingerprinting.enabled" = true; # [DEFAULT: true] # Allow embedded tweets and Reddit posts. Don't do it! #"urlclassifier.trackingSkipURLs" = "*.reddit.com = *.twitter.com = *.twimg.com"; # [HIDDEN PREF] #"urlclassifier.features.socialtracking.skipURLs" = "*.instagram.com = *.twitter.com = *.twimg.com"; # [HIDDEN PREF] # Disable service workers #"dom.serviceWorkers.enabled" = false; # Disable Web Notifications [FF22+] #"dom.webnotifications.enabled" = false; # Disable Push Notifications [FF44+] "dom.push.enabled" = false; "dom.push.connection.enabled" = false; "dom.push.serverURL" = ""; "dom.push.userAgentID" = ""; # Disable WebRTC (Web Real-Time Communication) "media.peerconnection.enabled" = false; # DON'T BOTHER: FINGERPRINTING # prefsCleaner: reset items useless for anti-fingerprinting #"browser.zoom.siteSpecific" = false; #"dom.enable_performance" = false; #"dom.enable_resource_timing" = false; #"dom.maxHardwareConcurrency" = 2; #"font.system.whitelist" = ""; # [HIDDEN PREF] #"general.appname.override" = ""; # [HIDDEN PREF] #"general.appversion.override" = ""; # [HIDDEN PREF] #"general.buildID.override" = "20181001000000"; # [HIDDEN PREF] #"general.oscpu.override" = ""; # [HIDDEN PREF] #"general.platform.override" = ""; # [HIDDEN PREF] #"general.useragent.override" = "Mozilla/5.0 (Windows NT 10.0; rv:102.0) Gecko/20100101 Firefox/102.0"; # [HIDDEN PREF] #"media.ondevicechange.enabled" = false; #"media.video_stats.enabled" = false; #"webgl.enable-debug-renderer-info" = false; "ui.use_standins_for_native_colors" = true; "browser.display.use_document_fonts" = 0; "device.sensors.enabled" = false; "dom.gamepad.enabled" = false; "dom.netinfo.enabled" = false; "dom.vibrator.enabled" = false; "dom.w3c_touch_events.enabled" = 0; "dom.webaudio.enabled" = false; "media.navigator.enabled" = false; "media.webspeech.synth.enabled" = false; # Disable API for measuring text width and height. "dom.textMetrics.actualBoundingBox.enabled" = false; "dom.textMetrics.baselines.enabled" = false; "dom.textMetrics.emHeight.enabled" = false; "dom.textMetrics.fontBoundingBox.enabled" = false; # NON-PROJECT RELATED # WELCOME & WHAT'S NEW NOTICES "browser.startup.homepage_override.mstone" = "ignore"; # [HIDDEN PREF] "startup.homepage_welcome_url" = ""; "startup.homepage_welcome_url.additional" = ""; "startup.homepage_override_url" = ""; # What's New page after updates # WARNINGS "browser.tabs.warnOnClose" = false; # [DEFAULT: false FF94+] "browser.tabs.warnOnCloseOtherTabs" = false; "browser.tabs.warnOnOpen" = false; "browser.warnOnQuitShortcut" = false; # [FF94+] "full-screen-api.warning.delay" = 0; "full-screen-api.warning.timeout" = 0; "browser.warnOnQuit" = false; # UPDATES # Disable auto-INSTALLING Firefox updates [NON-WINDOWS] "app.update.auto" = false; # Disable auto-CHECKING for extension and theme updates "extensions.update.enabled" = false; # Disable auto-INSTALLING extension and theme updates "extensions.update.autoUpdateDefault" = false; # Disable extension metadata "extensions.getAddons.cache.enabled" = false; # Disable search engine updates (e.g. OpenSearch) "browser.search.update" = false; # CONTENT BEHAVIOR "accessibility.typeaheadfind" = false; # enable "Find As You Type" "clipboard.autocopy" = false; # disable autocopy default [LINUX] "layout.spellcheckDefault" = 0; # 0=none = 1-multi-line = 2=multi-line & single-line # FIREFOX HOME CONTENT "browser.newtabpage.activity-stream.feeds.section.topstories" = false; # Recommended by Pocket "browser.newtabpage.activity-stream.section.highlights.includePocket" = false; "browser.newtabpage.activity-stream.feeds.topsites" = false; "browser.newtabpage.activity-stream.showSearch" = false; "browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = false; "browser.newtabpage.activity-stream.section.highlights.includeDownloads" = false; "browser.newtabpage.activity-stream.section.highlights.includeVisited" = false; # UX FEATURES "extensions.pocket.enabled" = false; # Pocket Account [FF46+] "extensions.screenshots.disabled" = true; # [FF55+] "identity.fxaccounts.enabled" = false; # Firefox Accounts & Sync [FF60+] [RESTART] "reader.parse-on-load.enabled" = false; # Reader View "browser.tabs.firefox-view" = false; # Firefox-view # OTHER #"browser.bookmarks.max_backups" = 2; "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons" = false; # disable CFR [FF67+] "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features" = false; # disable CFR [FF67+] "browser.messaging-system.whatsNewPanel.enabled" = false; # What's New toolbar icon [FF69+] "browser.urlbar.showSearchTerms.enabled" = false; "browser.sessionstore.interval" = 30000; # minimum interval between session save operations "network.manage-offline-status" = false; "browser.preferences.moreFromMozilla" = false; "browser.disableResetPrompt" = true; # [HIDDEN PREF] #"xpinstall.signatures.required" = false; # enforced extension signing (Nightly/ESR) # MORE #"security.insecure_connection_icon.enabled" = ""; # [DEFAULT: true FF70+] #"security.mixed_content.block_active_content" = ""; # [DEFAULT: true since at least FF60] "security.ssl.enable_ocsp_stapling" = false; # [DEFAULT: true FF26+] #"webgl.disable-fail-if-major-performance-caveat" = ""; # [DEFAULT: true FF86+] "webgl.enable-webgl2" = false; #"webgl.min_capability_mode" = ""; # DEPRECATED / RENAMED # ESR115.x still uses all the following prefs # FF116 # Set RFP's font visibility level [FF94+] #"layout.css.font-visibility.resistFingerprinting" = 1; # [DEFAULT: 1] # FF117 # Disable service worker Web Notifications [FF44+] #"dom.webnotifications.serviceworker.enabled" = false; # FF118 # Limit font visibility (Windows = Mac = some Linux) [FF94+] #"layout.css.font-visibility.private" = 1; #"layout.css.font-visibility.standard" = 1; #"layout.css.font-visibility.trackingprotection" = 1; # Disable permissions delegation [FF73+] #"permissions.delegation.enabled" = false; # FF119 # Use en-US locale regardless of the system or region locale #"javascript.use_us_english_locale" = true; # [HIDDEN PREF] # Disable skipping DoH when parental controls are enabled [FF70+] "network.dns.skipTRR-when-parental-control-enabled" = false; # }