ooks/ooknet
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ooknet/home/modules/desktop/browser/firefox/settings/narsilUserjs.nix

1047 lines
39 KiB
Nix
Raw Blame History

{
# https:#git.nixnet.services/Narsil/desktop_user.js
# Author : Narsil : https:#git.nixnet.services/Narsil
# Based on : arkenfox : https:#github.com/arkenfox/user.js
# License : https:#git.nixnet.services/Narsil/desktop_user.js/raw/branch/master/LICENSE
# Disable about:config warning
"browser.aboutConfig.showWarning" = false;
# STARTUP
# Disable default browser check
"browser.shell.checkDefaultBrowser" = false;
# Set startup page [SETUP-CHROME]
# 0=blank = 1=home = 2=last visited page = 3=resume previous session
"browser.startup.page" = 0;
# Set HOME+NEWWINDOW page
"browser.startup.homepage" = "about:blank";
# Set NEWTAB page
# true=Activity Stream (default) = false=blank page
"browser.newtabpage.enabled" = false;
# Disable sponsored content on Firefox Home (Activity Stream)
"browser.newtabpage.activity-stream.showSponsored" = false; # [FF58+] Pocket > Sponsored Stories
"browser.newtabpage.activity-stream.showSponsoredTopSites" = false; # [FF83+] Sponsored shortcuts
# Clear default topsites
"browser.newtabpage.activity-stream.default.sites" = "";
"browser.topsites.contile.enabled" = false;
"browser.topsites.useRemoteSetting" = false;
# GEOLOCATION
# Use Mozilla geolocation service instead of Google if permission is granted [FF74+]
"geo.provider.network.url" = "";
#"geo.provider.network.logging.enabled" = true; # [HIDDEN PREF]
# Disable using the OS's geolocation service
"geo.provider.use_gpsd" = false; # [LINUX] [HIDDEN PREF]
"geo.provider.geoclue.always_high_accuracy" = false; # [LINUX]
"geo.provider.use_geoclue" = false; # [FF102+] [LINUX]
# Disable region updates
"browser.region.network.url" = ""; # [FF78+] Defense-in-depth
"browser.region.update.enabled" = false; # [FF79+]
# QUIETER FOX
# Disable recommendation pane in about:addons (uses Google Analytics)
"extensions.getAddons.showPane" = false; # [HIDDEN PREF]
# Disable recommendations in about:addons' Extensions and Themes panes [FF68+]
"extensions.htmlaboutaddons.recommendations.enabled" = false;
# Disable personalized Extension Recommendations in about:addons and AMO [FF65+]
"browser.discovery.enabled" = false;
# Disable shopping experience [FF116+]
"browser.shopping.experience2023.enabled" = false; # [DEFAULT: false]
"browser.shopping.experience2023.opted" = 2;
"browser.shopping.experience2023.active" = false;
# TELEMETRY
# Disable new data submission [FF41+]
"datareporting.policy.dataSubmissionEnabled" = false;
# Disable Health Reports
"datareporting.healthreport.uploadEnabled" = false;
# Disable telemetry
"toolkit.telemetry.unified" = false;
"toolkit.telemetry.enabled" = false; # see [NOTE]
"toolkit.telemetry.server" = "data:,";
"toolkit.telemetry.archive.enabled" = false;
"toolkit.telemetry.newProfilePing.enabled" = false; # [FF55+]
"toolkit.telemetry.shutdownPingSender.enabled" = false; # [FF55+]
"toolkit.telemetry.updatePing.enabled" = false; # [FF56+]
"toolkit.telemetry.bhrPing.enabled" = false; # [FF57+] Background Hang Reporter
"toolkit.telemetry.firstShutdownPing.enabled" = false; # [FF57+]
# Skip checking omni.ja and other files
"corroborator.enabled" = false;
# Disable Telemetry Coverage
"toolkit.telemetry.coverage.opt-out" = true; # [HIDDEN PREF]
"toolkit.coverage.opt-out" = true; # [FF64+] [HIDDEN PREF]
"toolkit.coverage.endpoint.base" = "";
# Disable PingCentre telemetry (used in several System Add-ons) [FF57+]
"browser.ping-centre.telemetry" = false;
# Disable Firefox Home (Activity Stream) telemetry
"browser.newtabpage.activity-stream.feeds.telemetry" = false;
"browser.newtabpage.activity-stream.telemetry" = false;
# Disable WebVTT logging and test events
"media.webvtt.debug.logging" = false;
"media.webvtt.testing.events" = false;
# Disable send content blocking log to about:protections
"browser.contentblocking.database.enabled" = false;
# Disable celebrating milestone toast when certain numbers of trackers are blocked
"browser.contentblocking.cfr-milestone.enabled" = false;
# Disable Default Browser Agent
"default-browser-agent.enabled" = false; # [WINDOWS]
# STUDIES
# Disable Studies
"app.shield.optoutstudies.enabled" = false;
# Disable Normandy/Shield [FF60+]
"app.normandy.enabled" = false;
"app.normandy.api_url" = "";
# CRASH REPORTS
# Disable Crash Reports
"breakpad.reportURL" = "";
"browser.tabs.crashReporting.sendReport" = false; # [FF44+]
#"browser.crashReports.unsubmittedCheck.enabled" = false; # [FF51+] [DEFAULT: false]
# Enforce no submission of backlogged Crash Reports [FF58+]
"browser.crashReports.unsubmittedCheck.autoSubmit2" = false; # [DEFAULT: false]
# OTHER
# Disable Captive Portal detection
"captivedetect.canonicalURL" = "";
"network.captive-portal-service.enabled" = false; # [FF52+]
# Disable Network Connectivity checks [FF65+]
"network.connectivity-service.enabled" = false;
# Disable contentblocking reports
"browser.contentblocking.reportBreakage.url" = "";
"browser.contentblocking.report.cookie.url" = "";
"browser.contentblocking.report.cryptominer.url" = "";
"browser.contentblocking.report.fingerprinter.url" = "";
"browser.contentblocking.report.lockwise.enabled" = false;
"browser.contentblocking.report.lockwise.how_it_works.url" = "";
"browser.contentblocking.report.manage_devices.url" = "";
"browser.contentblocking.report.monitor.enabled" = false;
"browser.contentblocking.report.monitor.how_it_works.url" = "";
"browser.contentblocking.report.monitor.sign_in_url" = "";
"browser.contentblocking.report.monitor.url" = "";
"browser.contentblocking.report.proxy.enabled" = false;
"browser.contentblocking.report.proxy_extension.url" = "";
"browser.contentblocking.report.social.url" = "";
"browser.contentblocking.report.tracker.url" = "";
"browser.contentblocking.report.endpoint_url" = "";
"browser.contentblocking.report.monitor.home_page_url" = "";
"browser.contentblocking.report.monitor.preferences_url" = "";
"browser.contentblocking.report.vpn.enabled" = false;
"browser.contentblocking.report.hide_vpn_banner" = true;
"browser.contentblocking.report.show_mobile_app" = false;
"browser.vpn_promo.enabled" = false;
"browser.promo.focus.enabled" = false;
# Block unwanted connections
"app.feedback.baseURL" = "";
"app.support.baseURL" = "";
"app.releaseNotesURL" = "";
"app.update.url.details" = "";
"app.update.url.manual" = "";
"app.update.staging.enabled" = false;
# Remove default handlers and translation engine
"gecko.handlerService.schemes.mailto.0.uriTemplate" = "";
"gecko.handlerService.schemes.mailto.0.name" = "";
"gecko.handlerService.schemes.mailto.1.uriTemplate" = "";
"gecko.handlerService.schemes.mailto.1.name" = "";
"gecko.handlerService.schemes.irc.0.uriTemplate" = "";
"gecko.handlerService.schemes.irc.0.name" = "";
"gecko.handlerService.schemes.ircs.0.uriTemplate" = "";
"gecko.handlerService.schemes.ircs.0.name" = "";
"browser.translation.engine" = "";
# Disable connections to Mozilla servers
"services.settings.server" = "";
# SAFE BROWSING (SB)
# Disable SB (Safe Browsing)
"browser.safebrowsing.malware.enabled" = false;
"browser.safebrowsing.phishing.enabled" = false;
"browser.safebrowsing.passwords.enabled" = false;
"browser.safebrowsing.allowOverride" = false;
# Disable SB checks for downloads (both local lookups + remote)
"browser.safebrowsing.downloads.enabled" = false;
# Disable SB checks for downloads (remote)
"browser.safebrowsing.downloads.remote.enabled" = false;
"browser.safebrowsing.downloads.remote.url" = "";
# Disable SB checks for unwanted software
"browser.safebrowsing.downloads.remote.block_potentially_unwanted" = false;
"browser.safebrowsing.downloads.remote.block_uncommon" = false;
# Disable "ignore this warning" on SB warnings [FF45+]
#"browser.safebrowsing.allowOverride" = false;
# Google connections
"browser.safebrowsing.downloads.remote.block_dangerous" = false;
"browser.safebrowsing.downloads.remote.block_dangerous_host" = false;
"browser.safebrowsing.provider.google.updateURL" = "";
"browser.safebrowsing.provider.google.gethashURL" = "";
"browser.safebrowsing.provider.google4.updateURL" = "";
"browser.safebrowsing.provider.google4.gethashURL" = "";
"browser.safebrowsing.provider.google.reportURL" = "";
"browser.safebrowsing.reportPhishURL" = "";
"browser.safebrowsing.provider.google4.reportURL" = "";
"browser.safebrowsing.provider.google.reportMalwareMistakeURL" = "";
"browser.safebrowsing.provider.google.reportPhishMistakeURL" = "";
"browser.safebrowsing.provider.google4.reportMalwareMistakeURL" = "";
"browser.safebrowsing.provider.google4.reportPhishMistakeURL" = "";
"browser.safebrowsing.provider.google4.dataSharing.enabled" = false;
"browser.safebrowsing.provider.google4.dataSharingURL" = "";
"browser.safebrowsing.provider.google.advisory" = "";
"browser.safebrowsing.provider.google.advisoryURL" = "";
# "browser.safebrowsing.provider.google.gethashURL" = "";
"browser.safebrowsing.provider.google4.advisoryURL" = "";
"browser.safebrowsing.blockedURIs.enabled" = false;
"browser.safebrowsing.provider.mozilla.gethashURL" = "";
"browser.safebrowsing.provider.mozilla.updateURL" = "";
# BLOCK IMPLICIT OUTBOUND
# Disable link prefetching
"network.prefetch-next" = false;
# Disable DNS prefetching
"network.dns.disablePrefetch" = true;
#"network.dns.disablePrefetchFromHTTPS" = true; # [DEFAULT: true]
# Disable predictor / prefetching
"network.predictor.enabled" = false;
"network.predictor.enable-prefetch" = false; # [FF48+] [DEFAULT: false]
# Disable link-mouseover opening connection to linked server
"network.http.speculative-parallel-limit" = 0;
# Disable mousedown speculative connections on bookmarks and history [FF98+]
"browser.places.speculativeConnect.enabled" = false;
# Enforce no "Hyperlink Auditing" (click tracking)
#"browser.send_pings" = false; # [DEFAULT: false]
# DNS / DoH / PROXY / SOCKS
# Set the proxy server to do any DNS lookups when using SOCKS
"network.proxy.socks_remote_dns" = true;
# Disable using UNC (Uniform Naming Convention) paths [FF61+]
"network.file.disable_unc_paths" = true; # [HIDDEN PREF]
# Disable GIO as a potential proxy bypass vector
"network.gio.supported-protocols" = ""; # [HIDDEN PREF] [DEFAULT: "" FF118+]
# Disable proxy direct failover for system requests [FF91+]
#"network.proxy.failover_direct" = false;
# Disable proxy bypass for system request failures [FF95+]
#"network.proxy.allow_bypass" = false;
# Disable DNS-over-HTTPS (DoH)[FF60+]
"network.trr.mode" = 5;
"network.trr.confirmationNS" = "";
# Disable skipping DoH when parental controls are enabled
"network.trr.uri" = "";
"network.trr.custom_uri" = "";
# LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS
# Disable location bar making speculative connections [FF56+]
"browser.urlbar.speculativeConnect.enabled" = false;
# Disable location bar contextual suggestions
"browser.urlbar.suggest.quicksuggest.nonsponsored" = false; # [FF95+]
"browser.urlbar.suggest.quicksuggest.sponsored" = false; # [FF92+]
# Disable live search suggestions
"browser.search.suggest.enabled" = false;
"browser.urlbar.suggest.searches" = false;
# Disable urlbar trending search suggestions [FF118+]
"browser.urlbar.trending.featureGate" = false;
# Disable urlbar suggestions
"browser.urlbar.addons.featureGate" = false; # [FF115+]
"browser.urlbar.mdn.featureGate" = false; # [FF117+] [HIDDEN PREF]
"browser.urlbar.pocket.featureGate" = false; # [FF116+] [DEFAULT: false]
"browser.urlbar.weather.featureGate" = false; # [FF108+] [DEFAULT: false]
# Disable urlbar clipboard suggestions [FF118+]
#"browser.urlbar.clipboard.featureGate" = false; # [DEFAULT: false]
# Disable search and form history
"browser.formfill.enable" = false;
# Disable tab-to-search [FF85+]
"browser.urlbar.suggest.engines" = false;
# Disable coloring of visited links
"layout.css.visited_links_enabled" = false;
# Enable separate default search engine in Private Windows and its UI setting
"browser.search.separatePrivateDefault" = true; # [FF70+]
"browser.search.separatePrivateDefault.ui.enabled" = true; # [FF71+]
# Disable merino
"browser.urlbar.merino.enabled" = false;
# PASSWORDS
#
# Disable saving passwords and password alerts.
"signon.rememberSignons" = false;
"signon.generation.enabled" = false;
"signon.management.page.breach-alerts.enabled" = false;
"signon.management.page.breachAlertUrl" = "";
# Set when Firefox should prompt for the primary password
# 0=once per session (default) = 1=every time it's needed = 2=after n minutes
"security.ask_for_password" = 2;
# Set how long in minutes Firefox should remember the primary password (0901)
"security.password_lifetime" = 5; # [DEFAULT: 30]
# Disable auto-filling username & password form fields
"signon.autofillForms" = false;
# Disable formless login capture for Password Manager [FF51+]
"signon.formlessCapture.enabled" = false;
# Limit (or disable) HTTP authentication credentials dialogs triggered by sub-resources [FF41+]
# 0 = don't allow sub-resources to open HTTP authentication credentials dialogs
# 1 = don't allow cross-origin sub-resources to open HTTP authentication credentials dialogs
# 2 = allow sub-resources to open HTTP authentication credentials dialogs (default)
"network.auth.subresource-http-auth-allow" = 1;
# DISK AVOIDANCE
# Disable disk cache
"browser.cache.disk.enable" = false;
# Disable media cache from writing to disk in Private Browsing
"browser.privatebrowsing.forceMediaMemoryCache" = true; # [FF75+]
"media.memory_cache_max_size" = 65536;
# Disable storing extra session data [SETUP-CHROME]
# 0=everywhere = 1=unencrypted sites = 2=nowhere
"browser.sessionstore.privacy_level" = 2;
# HTTPS (SSL/TLS / OCSP / CERTS / HPKP)
# Require safe negotiation
"security.ssl.require_safe_negotiation" = true;
# Disable TLS1.3 0-RTT (round-trip time) [FF51+]
"security.tls.enable_0rtt_data" = false;
# OCSP (Online Certificate Status Protocol)
# Enforce OCSP fetching to confirm current validity of certificates
# 0=disabled = 1=enabled (default) = 2=enabled for EV certificates only
"security.OCSP.enabled" = 0; # [DEFAULT: 1]
# Set OCSP fetch failures (non-stapled) to hard-fail [SETUP-WEB]
"security.OCSP.require" = false;
# CERTS / HPKP (HTTP Public Key Pinning)
# Enable strict PKP (Public Key Pinning)
# 0=disabled = 1=allow user MiTM (default; such as your antivirus) = 2=strict
"security.cert_pinning.enforcement_level" = 2;
# Disable CRLite [FF73+]
# 0 = disabled
# 1 = consult CRLite but only collect telemetry (default)
# 2 = consult CRLite and enforce both "Revoked" and "Not Revoked" results
# 3 = consult CRLite and enforce "Not Revoked" results = but defer to OCSP for "Revoked" (default)
"security.remote_settings.intermediates.enabled" = false;
"security.remote_settings.intermediates.bucket" = "";
"security.remote_settings.intermediates.collection" = "";
"security.remote_settings.intermediates.signer" = "";
"security.remote_settings.crlite_filters.enabled" = false;
"security.remote_settings.crlite_filters.bucket" = "";
"security.remote_settings.crlite_filters.collection" = "";
"security.remote_settings.crlite_filters.signer" = "";
"security.pki.crlite_mode" = 0;
# MIXED CONTENT
# Disable insecure passive content (such as images) on https pages [SETUP-WEB]
#"security.mixed_content.block_display_content" = true; # Defense-in-depth
# Enable HTTPS-Only mode in all windows
"dom.security.https_only_mode" = true; # [FF76+]
#"dom.security.https_only_mode_pbm" = true; # [FF80+]
# Enable HTTPS-Only mode for local resources [FF77+]
#"dom.security.https_only_mode.upgrade_local" = true;
# Disable HTTP background requests [FF82+]
"dom.security.https_only_mode_send_http_background_request" = false;
# Disable ping to Mozilla for Man-in-the-Middle detection
"security.certerrors.mitm.priming.enabled" = false;
"security.certerrors.mitm.priming.endpoint" = "";
"security.pki.mitm_canary_issuer" = "";
"security.pki.mitm_canary_issuer.enabled" = false;
"security.pki.mitm_detected" = false;
# UI (User Interface)
# Display warning on the padlock for "broken security"
"security.ssl.treat_unsafe_negotiation_as_broken" = true;
# Display advanced information on Insecure Connection warning pages
"browser.xul.error_pages.expert_bad_cert" = true;
# REFERERS
# Control the amount of cross-origin information to send [FF52+]
# 0=send full URI (default) = 1=scheme+host+port+path = 2=scheme+host+port
"network.http.referer.XOriginTrimmingPolicy" = 2;
# CONTAINERS
# Enable Container Tabs and its UI setting [FF50+]
"privacy.userContext.enabled" = true;
"privacy.userContext.ui.enabled" = true;
# Set behavior on "+ Tab" button to display container menu on left click [FF74+]
#"privacy.userContext.newTabContainerOnLeftClick.enabled" = true;
# PLUGINS / MEDIA / WEBRTC
# Force WebRTC inside the proxy [FF70+]
"media.peerconnection.ice.proxy_only_if_behind_proxy" = true;
# Force a single network interface for ICE candidates generation [FF42+]
"media.peerconnection.ice.default_address_only" = true;
# Force exclusion of private IPs from ICE candidates [FF51+]
#"media.peerconnection.ice.no_host" = true;
# Disable GMP (Gecko Media Plugins)
"media.gmp-provider.enabled" = false;
"media.gmp-manager.url" = "";
"media.gmp-gmpopenh264.enabled" = false;
# DOM (DOCUMENT OBJECT MODEL)
# Prevent scripts from moving and resizing open windows
"dom.disable_window_move_resize" = true;
# MISCELLANEOUS
# Remove temp files opened from non-PB windows with an external application
"browser.download.start_downloads_in_tmp_dir" = true; # [FF102+]
# Disable sending additional analytics to web servers
"beacon.enabled" = false;
# Remove temp files opened with an external application
"browser.helperApps.deleteTempFileOnExit" = true;
# Disable UITour backend so there is no chance that a remote page can use it
"browser.uitour.enabled" = false;
"browser.uitour.url" = ""; # Defense-in-depth
# Reset remote debugging to disabled
"devtools.debugger.remote-enabled" = false; # [DEFAULT: false]
# Disable websites overriding Firefox's keyboard shortcuts [FF58+]
# 0 (default) or 1=allow = 2=block
#"permissions.default.shortcuts" = 2;
# Remove special permissions for certain mozilla domains [FF35+]
"permissions.manager.defaultsUrl" = "";
# Remove webchannel whitelist
"webchannel.allowObject.urlWhitelist" = "";
# Use Punycode in Internationalized Domain Names to eliminate possible spoofing
"network.IDN_show_punycode" = true;
# Enforce PDFJS = disable PDFJS scripting
"pdfjs.disabled" = false; # [DEFAULT: false]
"pdfjs.enableScripting" = false; # [FF86+]
# Disable middle click on new tab button opening URLs or searches using clipboard [FF115+]
"browser.tabs.searchclipboardfor.middleclick" = false; # [DEFAULT: false NON-LINUX]
# Disable the default checkedness for "Save card and address to Firefox" checkboxes
"dom.payments.defaults.saveAddress" = false;
"dom.payments.defaults.saveCreditCard" = false;
# Disable Displaying Javascript in History URLs
"browser.urlbar.filter.javascript" = true;
# DOWNLOADS
# Enable user interaction for security by always asking where to download
"browser.download.useDownloadDir" = false;
# Disable downloads panel opening on every download [FF96+]
"browser.download.alwaysOpenPanel" = false;
# Disable adding downloads to the system's "recent documents" list
"browser.download.manager.addToRecentDocs" = false;
# Enable user interaction for security by always asking how to handle new mimetypes [FF101+]
"browser.download.always_ask_before_handling_new_types" = true;
# EXTENSIONS
# Limit allowed extension directories
"extensions.enabledScopes" = 5; # [HIDDEN PREF]
#"extensions.autoDisableScopes" = 15; # [DEFAULT: 15]
# Disable bypassing 3rd party extension install prompts [FF82+]
"extensions.postDownloadThirdPartyPrompt" = false;
# Disable webextension restrictions on certain mozilla domains [FF60+]
#"extensions.webextensions.restrictedDomains" = "";
# Disable extensions suggestions
"extensions.webservice.discoverURL" = "";
# ETP (ENHANCED TRACKING PROTECTION)
# Enable ETP Strict Mode [FF86+]
"browser.contentblocking.category" = "strict"; # [HIDDEN PREF]
# Disable ETP web compat features [FF93+]
#"privacy.antitracking.enableWebcompat" = false;
# SHUTDOWN & SANITIZING
# Enable Firefox to clear items on shutdown
"privacy.sanitize.sanitizeOnShutdown" = true;
# SANITIZE ON SHUTDOWN: IGNORES "ALLOW" SITE EXCEPTIONS
# Set/enforce what items to clear on shutdown [SETUP-CHROME]
"privacy.clearOnShutdown.cache" = true;
"privacy.clearOnShutdown.downloads" = true; # [DEFAULT: true]
"privacy.clearOnShutdown.formdata" = true; # [DEFAULT: true]
"privacy.clearOnShutdown.history" = true; # [DEFAULT: true]
"privacy.clearOnShutdown.sessions" = true; # [DEFAULT: true]
#"privacy.clearOnShutdown.siteSettings" = false; # [DEFAULT: false]
# Set Session Restore to clear on shutdown [FF34+]
#"privacy.clearOnShutdown.openWindows" = true;
# SANITIZE ON SHUTDOWN: RESPECTS "ALLOW" SITE EXCEPTIONS FF103+
# Set "Cookies" and "Site Data" to clear on shutdown
"privacy.clearOnShutdown.cookies" = true; # Cookies
"privacy.clearOnShutdown.offlineApps" = true; # Site Data
# SANITIZE MANUAL: IGNORES "ALLOW" SITE EXCEPTIONS
# Reset default items to clear with Ctrl-Shift-Del
"privacy.cpd.cache" = true; # [DEFAULT: true]
"privacy.cpd.formdata" = true; # Form & Search History
"privacy.cpd.history" = true; # Browsing & Download History
"privacy.cpd.offlineApps" = true; # Offline Website Data
"privacy.cpd.sessions" = true; # [DEFAULT: true]
# "privacy.cpd.offlineApps" = true; # [DEFAULT: false]
"privacy.cpd.cookies" = true;
#"privacy.cpd.downloads" = true; # not used
#"privacy.cpd.openWindows" = false; # Session Restore
#"privacy.cpd.passwords" = false;
#"privacy.cpd.siteSettings" = false;
# Clear Session Restore data when sanitizing on shutdown or manually [FF34+]
#"privacy.clearOnShutdown.openWindows" = true;
#"privacy.cpd.openWindows" = true;
# Reset default "Time range to clear" for "Clear Recent History"
# 0=everything = 1=last hour = 2=last two hours = 3=last four hours = 4=today
"privacy.sanitize.timeSpan" = 0;
# FPP (fingerprintingProtection)
# Enable FPP in PB mode [FF114+]
#"privacy.fingerprintingProtection.pbmode" = true; # [DEFAULT: true FF118+]
# Set global FPP overrides [FF114+]
#"privacy.fingerprintingProtection.overrides" = "";
# RFP (resistFingerprinting)
# Enable RFP
"privacy.resistFingerprinting" = true; # [FF41+]
#"privacy.resistFingerprinting.pbmode" = true; # [FF114+]
# Set new window size rounding max values [FF55+]
"privacy.window.maxInnerWidth" = 1400;
"privacy.window.maxInnerHeight" = 900;
# Disable mozAddonManager Web API [FF57+]
"privacy.resistFingerprinting.block_mozAddonManager" = true;
# Enable RFP letterboxing [FF67+]
#"privacy.resistFingerprinting.letterboxing" = true; # [HIDDEN PREF]
#"privacy.resistFingerprinting.letterboxing.dimensions" = ""; # [HIDDEN PREF]
# Experimental RFP [FF91+]
#"privacy.resistFingerprinting.exemptedDomains" = "*.example.invalid";
# Disable using system colors
"browser.display.use_system_colors" = false; # [DEFAULT: false NON-WINDOWS]
# Enforce non-native widget theme
"widget.non-native-theme.enabled" = true; # [DEFAULT: true]
# Enforce links targeting new windows to open in a new tab instead
# 1=most recent window or tab = 2=new window = 3=new tab
"browser.link.open_newwindow" = 3; # [DEFAULT: 3]
# Set all open window methods to abide by "browser.link.open_newwindow"
"browser.link.open_newwindow.restriction" = 0;
# Disable WebGL (Web Graphics Library)
"webgl.disabled" = true;
# OPTIONAL OPSEC
# Start Firefox in PB (Private Browsing) mode
#"browser.privatebrowsing.autostart" = true;
# Disable memory cache
# capacity: -1=determine dynamically (default) = 0=none = n=memory capacity in kibibytes
#"browser.cache.memory.enable" = false;
#"browser.cache.memory.capacity" = 0;
# Disable saving passwords
#"signon.rememberSignons" = false;
# Disable permissions manager from writing to disk [FF41+] [RESTART]
#"permissions.memory_only" = true; # [HIDDEN PREF]
# Disable intermediate certificate caching [FF41+] [RESTART]
#"security.nocertdb" = true; #
# Disable favicons in history and bookmarks
"browser.chrome.site_icons" = false;
# Exclude "Undo Closed Tabs" in Session Restore
#"browser.sessionstore.max_tabs_undo" = 0;
# Disable resuming session from crash
#"browser.sessionstore.resume_from_crash" = false;
# Disable "open with" in download dialog [FF50+]
#"browser.download.forbid_open_with" = true;
# Disable location bar suggestion types
"browser.urlbar.suggest.history" = false;
"browser.urlbar.suggest.bookmark" = false;
"browser.urlbar.suggest.openpage" = false;
"browser.urlbar.suggest.topsites" = false; # [FF78+]
"browser.urlbar.suggest.weather" = false;
# Disable location bar dropdown
#"browser.urlbar.maxRichResults" = 0;
# Disable location bar autofill
"browser.urlbar.autoFill" = false;
# Disable browsing and download history
"places.history.enabled" = false;
# Discourage downloading to desktop
# 0=desktop = 1=downloads (default) = 2=custom
#"browser.download.folderList" = 2;
# Disable Form Autofill
"extensions.formautofill.addresses.enabled" = false; # [FF55+]
"extensions.formautofill.creditCards.enabled" = false; # [FF56+]
# Limit events that can cause a pop-up
#"dom.popup_allowed_events" = "click dblclick mousedown pointerdown";
# Disable page thumbnail collection
#"browser.pagethumbnails.capturing_disabled" = true; # [HIDDEN PREF]
# Disable location bar using search
"keyword.enabled" = false;
# Force GPU sandboxing (Linux = default on Windows)
"security.sandbox.gpu.level" = 1;
# Enable Site Isolation
"fission.autostart" = true;
"gfx.webrender.all" = true;
# OPTIONAL HARDENING
# Disable MathML (Mathematical Markup Language) [FF51+]
"mathml.disabled" = true;
# Disable in-content SVG (Scalable Vector Graphics) [FF53+]
#"svg.disabled" = true;
# Disable graphite
"gfx.font_rendering.graphite.enabled" = false;
# Disable asm.js [FF22+]
"javascript.options.asmjs" = false;
# Disable Ion and baseline JIT to harden against JS exploits
"javascript.options.ion" = false;
"javascript.options.baselinejit" = false;
"javascript.options.jit_trustedprincipals" = true; # [FF75+] [HIDDEN PREF]
# Disable WebAssembly [FF52+]
"javascript.options.wasm" = false;
# Disable rendering of SVG OpenType fonts
"gfx.font_rendering.opentype_svg.enabled" = false;
# Disable widevine CDM (Content Decryption Module)
"media.gmp-widevinecdm.enabled" = false;
# Disable all DRM content (EME: Encryption Media Extension)
"media.eme.enabled" = false;
"browser.eme.ui.enabled" = false;
# Disable IPv6 if using a VPN
#"network.dns.disableIPv6" = true;
# Control when to send a cross-origin referer
# * 0=always (default) = 1=only if base domains match = 2=only if hosts match
#"network.http.referer.XOriginPolicy" = 2;
# Set DoH bootstrap address [FF89+]
#"network.trr.bootstrapAddr" = "10.0.0.1"; # [HIDDEN PREF]
# DON'T TOUCH
# Disable Firefox blocklist
"extensions.blocklist.enabled" = false; # [DEFAULT: true]
"extensions.blocklist.addonItemURL" = "";
"extensions.blocklist.detailsURL" = "";
"extensions.blocklist.itemURL" = "";
"services.blocklist.addons.collection" = "";
"services.blocklist.addons.signer" = "";
"services.blocklist.plugins.collection" = "";
"services.blocklist.plugins.signer" = "";
"services.blocklist.gfx.collection" = "";
"services.blocklist.gfx.signer" = "";
# Enforce no referer spoofing
"network.http.referer.spoofSource" = true; # [DEFAULT: false]
# Enforce a security delay on some confirmation dialogs such as install = open/save
"security.dialog_enable_delay" = 1000; # [DEFAULT: 1000]
# Enforce no First Party Isolation [FF51+]
"privacy.firstparty.isolate" = false; # [DEFAULT: false]
# Enforce SmartBlock shims (about:compat) [FF81+]
"extensions.webcompat.enable_shims" = true; # [HIDDEN PREF] [DEFAULT: true]
# Enforce no TLS 1.0/1.1 downgrades
"security.tls.version.enable-deprecated" = false; # [DEFAULT: false]
# Enforce disabling of Web Compatibility Reporter [FF56+]
"extensions.webcompat-reporter.enabled" = false; # [DEFAULT: false]
# Disable Quarantined Domains [FF115+]
"extensions.quarantinedDomains.enabled" = false; # [DEFAULT: true]
# prefsCleaner: previously active items removed from arkenfox 115-117
#"accessibility.force_disabled" = "";
#"browser.urlbar.dnsResolveSingleWordsAfterSearch" = "";
#"network.protocol-handler.external.ms-windows-store" = "";
#"privacy.partition.always_partition_third_party_non_cookie_storage" = "";
#"privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage" = "";
#"privacy.partition.serviceWorkers" = "";
# DON'T BOTHER
# Disable APIs
"geo.enabled" = false;
#"full-screen-api.enabled" = false;
# Set default permissions
# 0=always ask (default) = 1=allow = 2=block
"permissions.default.geo" = 2;
"permissions.default.camera" = 2;
"permissions.default.microphone" = 2;
"permissions.default.desktop-notification" = 2;
"permissions.default.xr" = 2; # Virtual Reality
# Disable canvas capture stream
"canvas.capturestream.enabled" = false;
# Disable offscreen canvas
"gfx.offscreencanvas.enabled" = false;
# Disable non-modern cipher suites
#"security.ssl3.ecdhe_ecdsa_aes_128_sha" = false;
#"security.ssl3.ecdhe_ecdsa_aes_256_sha" = false;
#"security.ssl3.ecdhe_rsa_aes_128_sha" = false;
#"security.ssl3.ecdhe_rsa_aes_256_sha" = false;
#"security.ssl3.rsa_aes_128_gcm_sha256" = false; # no PFS
#"security.ssl3.rsa_aes_256_gcm_sha384" = false; # no PFS
#"security.ssl3.rsa_aes_128_sha" = false; # no PFS
#"security.ssl3.rsa_aes_256_sha" = false; # no PFS
# Control TLS versions
#"security.tls.version.min" = 3; # [DEFAULT: 3]
#"security.tls.version.max" = 4;
# Disable SSL session IDs [FF36+]
#"security.ssl.disable_session_identifiers" = true;
# Onions
#"dom.securecontext.allowlist_onions" = true;
#"network.http.referer.hideOnionSource" = true;
# Referers
#"network.http.sendRefererHeader" = 2;
#"network.http.referer.trimmingPolicy" = 0;
# Set the default Referrer Policy [FF59+]
# 0=no-referer = 1=same-origin = 2=strict-origin-when-cross-origin = 3=no-referrer-when-downgrade
#"network.http.referer.defaultPolicy" = 2; # [DEFAULT: 2]
#"network.http.referer.defaultPolicy.pbmode" = 2; # [DEFAULT: 2]
# Disable HTTP Alternative Services [FF37+]
#"network.http.altsvc.enabled" = false;
# Disable website control over browser right-click context menu
#"dom.event.contextmenu.enabled" = false;
# Disable icon fonts (glyphs) and local fallback rendering
#"gfx.downloadable_fonts.enabled" = false; # [FF41+]
#"gfx.downloadable_fonts.fallback_delay" = -1;
# Disable Clipboard API
#"dom.event.clipboardevents.enabled" = false;
# Disable System Add-on updates
"extensions.systemAddon.update.enabled" = false; # [FF62+]
"extensions.systemAddon.update.url" = ""; # [FF44+]
# Enable the DNT (Do Not Track) HTTP header
"privacy.donottrackheader.enabled" = false;
# Customize ETP settings
#"network.cookie.cookieBehavior" = 5; # [DEFAULT: 5]
#"privacy.fingerprintingProtection" = true; # [FF114+] [ETP FF119+]
#"privacy.partition.network_state.ocsp_cache" = true; # [DEFAULT: true FF123+]
#"privacy.query_stripping.enabled" = true; # [FF101+]
"privacy.query_stripping.strip_list" = "__hsfp __hssc __hstc __s _hsenc _openstat dclid fbclid gbraid gclid hsCtaTracking igshid mc_eid ml_subscriber ml_subscriber_hash msclkid oft_c oft_ck oft_d oft_id oft_ids oft_k oft_lk oft_sk oly_anon_id oly_enc_id rb_clickid s_cid twclid vero_conv vero_id wbraid wickedid yclid";
#"network.http.referer.disallowCrossSiteRelaxingDefault" = true;
#"network.http.referer.disallowCrossSiteRelaxingDefault.top_navigation" = true; # [FF100+]
#"privacy.trackingprotection.enabled" = true;
#"privacy.trackingprotection.socialtracking.enabled" = true;
#"privacy.trackingprotection.cryptomining.enabled" = true; # [DEFAULT: true]
#"privacy.trackingprotection.fingerprinting.enabled" = true; # [DEFAULT: true]
# Allow embedded tweets and Reddit posts. Don't do it!
#"urlclassifier.trackingSkipURLs" = "*.reddit.com = *.twitter.com = *.twimg.com"; # [HIDDEN PREF]
#"urlclassifier.features.socialtracking.skipURLs" = "*.instagram.com = *.twitter.com = *.twimg.com"; # [HIDDEN PREF]
# Disable service workers
#"dom.serviceWorkers.enabled" = false;
# Disable Web Notifications [FF22+]
#"dom.webnotifications.enabled" = false;
# Disable Push Notifications [FF44+]
"dom.push.enabled" = false;
"dom.push.connection.enabled" = false;
"dom.push.serverURL" = "";
"dom.push.userAgentID" = "";
# Disable WebRTC (Web Real-Time Communication)
"media.peerconnection.enabled" = false;
# DON'T BOTHER: FINGERPRINTING
# prefsCleaner: reset items useless for anti-fingerprinting
#"browser.zoom.siteSpecific" = false;
#"dom.enable_performance" = false;
#"dom.enable_resource_timing" = false;
#"dom.maxHardwareConcurrency" = 2;
#"font.system.whitelist" = ""; # [HIDDEN PREF]
#"general.appname.override" = ""; # [HIDDEN PREF]
#"general.appversion.override" = ""; # [HIDDEN PREF]
#"general.buildID.override" = "20181001000000"; # [HIDDEN PREF]
#"general.oscpu.override" = ""; # [HIDDEN PREF]
#"general.platform.override" = ""; # [HIDDEN PREF]
#"general.useragent.override" = "Mozilla/5.0 (Windows NT 10.0; rv:102.0) Gecko/20100101 Firefox/102.0"; # [HIDDEN PREF]
#"media.ondevicechange.enabled" = false;
#"media.video_stats.enabled" = false;
#"webgl.enable-debug-renderer-info" = false;
"ui.use_standins_for_native_colors" = true;
"browser.display.use_document_fonts" = 0;
"device.sensors.enabled" = false;
"dom.gamepad.enabled" = false;
"dom.netinfo.enabled" = false;
"dom.vibrator.enabled" = false;
"dom.w3c_touch_events.enabled" = 0;
"dom.webaudio.enabled" = false;
"media.navigator.enabled" = false;
"media.webspeech.synth.enabled" = false;
# Disable API for measuring text width and height.
"dom.textMetrics.actualBoundingBox.enabled" = false;
"dom.textMetrics.baselines.enabled" = false;
"dom.textMetrics.emHeight.enabled" = false;
"dom.textMetrics.fontBoundingBox.enabled" = false;
# NON-PROJECT RELATED
# WELCOME & WHAT'S NEW NOTICES
"browser.startup.homepage_override.mstone" = "ignore"; # [HIDDEN PREF]
"startup.homepage_welcome_url" = "";
"startup.homepage_welcome_url.additional" = "";
"startup.homepage_override_url" = ""; # What's New page after updates
# WARNINGS
"browser.tabs.warnOnClose" = false; # [DEFAULT: false FF94+]
"browser.tabs.warnOnCloseOtherTabs" = false;
"browser.tabs.warnOnOpen" = false;
"browser.warnOnQuitShortcut" = false; # [FF94+]
"full-screen-api.warning.delay" = 0;
"full-screen-api.warning.timeout" = 0;
"browser.warnOnQuit" = false;
# UPDATES
# Disable auto-INSTALLING Firefox updates [NON-WINDOWS]
"app.update.auto" = false;
# Disable auto-CHECKING for extension and theme updates
"extensions.update.enabled" = false;
# Disable auto-INSTALLING extension and theme updates
"extensions.update.autoUpdateDefault" = false;
# Disable extension metadata
"extensions.getAddons.cache.enabled" = false;
# Disable search engine updates (e.g. OpenSearch)
"browser.search.update" = false;
# CONTENT BEHAVIOR
"accessibility.typeaheadfind" = false; # enable "Find As You Type"
"clipboard.autocopy" = false; # disable autocopy default [LINUX]
"layout.spellcheckDefault" = 0; # 0=none = 1-multi-line = 2=multi-line & single-line
# FIREFOX HOME CONTENT
"browser.newtabpage.activity-stream.feeds.section.topstories" = false; # Recommended by Pocket
"browser.newtabpage.activity-stream.section.highlights.includePocket" = false;
"browser.newtabpage.activity-stream.feeds.topsites" = false;
"browser.newtabpage.activity-stream.showSearch" = false;
"browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = false;
"browser.newtabpage.activity-stream.section.highlights.includeDownloads" = false;
"browser.newtabpage.activity-stream.section.highlights.includeVisited" = false;
# UX FEATURES
"extensions.pocket.enabled" = false; # Pocket Account [FF46+]
"extensions.screenshots.disabled" = true; # [FF55+]
"identity.fxaccounts.enabled" = false; # Firefox Accounts & Sync [FF60+] [RESTART]
"reader.parse-on-load.enabled" = false; # Reader View
"browser.tabs.firefox-view" = false; # Firefox-view
# OTHER
#"browser.bookmarks.max_backups" = 2;
"browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons" = false; # disable CFR [FF67+]
"browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features" = false; # disable CFR [FF67+]
"browser.messaging-system.whatsNewPanel.enabled" = false; # What's New toolbar icon [FF69+]
"browser.urlbar.showSearchTerms.enabled" = false;
"browser.sessionstore.interval" = 30000; # minimum interval between session save operations
"network.manage-offline-status" = false;
"browser.preferences.moreFromMozilla" = false;
"browser.disableResetPrompt" = true; # [HIDDEN PREF]
#"xpinstall.signatures.required" = false; # enforced extension signing (Nightly/ESR)
# MORE
#"security.insecure_connection_icon.enabled" = ""; # [DEFAULT: true FF70+]
#"security.mixed_content.block_active_content" = ""; # [DEFAULT: true since at least FF60]
"security.ssl.enable_ocsp_stapling" = false; # [DEFAULT: true FF26+]
#"webgl.disable-fail-if-major-performance-caveat" = ""; # [DEFAULT: true FF86+]
"webgl.enable-webgl2" = false;
#"webgl.min_capability_mode" = "";
# DEPRECATED / RENAMED
# ESR115.x still uses all the following prefs
# FF116
# Set RFP's font visibility level [FF94+]
#"layout.css.font-visibility.resistFingerprinting" = 1; # [DEFAULT: 1]
# FF117
# Disable service worker Web Notifications [FF44+]
#"dom.webnotifications.serviceworker.enabled" = false;
# FF118
# Limit font visibility (Windows = Mac = some Linux) [FF94+]
#"layout.css.font-visibility.private" = 1;
#"layout.css.font-visibility.standard" = 1;
#"layout.css.font-visibility.trackingprotection" = 1;
# Disable permissions delegation [FF73+]
#"permissions.delegation.enabled" = false;
# FF119
# Use en-US locale regardless of the system or region locale
#"javascript.use_us_english_locale" = true; # [HIDDEN PREF]
# Disable skipping DoH when parental controls are enabled [FF70+]
"network.dns.skipTRR-when-parental-control-enabled" = false;
#
}
Reference in a new issue View git blame Copy permalink