This page contains firefox configuration notes, it's based on firefox hardning guide and firefox config privacy tweeks but lacks some information and adds other configuration not covered on those documents. Read stop firefox making automatic connections to get less noise.
For better implementation (protection) use a file such as; user.js.
- clear the browser cache (DISK AND RAM) by pressing a single button or easy shortcuts.
- let you know who connects with browser.
- allows to restrict features per website.
- blocks cookies based on how they behave.
- enforces https over http.
- proxy plugin to configure proxy settings by domain patterns.
- Brief makes reading RSS feeds as easy and intuitive as it gets. Designed to have exactly the right set of features, it is powerful and simple at the same time.
- Archive web pages, detects dead pages, 404s, DNS failures & other web breakdowns, offering archived versions via the Internet Archive's Wayback Machine.
Disable firefox home or any other option when opening new window or tab, other else third party get notification each time you open a tab or start the browser.
Open about:config on firefox, privacy-settings add-on can help set some or add others.
Disable pocket, system compares browser history and serves ads;
extensions.pocket.enabled = false
Disabling 0-RTT enhances security and privacy;
security.tls.enable_0rtt_data = false
TLS version 1.0 and 1.1 (1.0 esecially) have some known flaws;
security.tls.version.min = 3
Forces only safe encryption negotiation between clients and servers, prevent code injection attack;
security.ssl.require_safe_negotiation = true
3DES cipher, which has multiple known security weaknesses;
security.ssl3.rsa_des_ede3_sha = false
disable TLS false start;
security.ssl.enable_false_start = false
WebRTC is a protocol related to digital rights management that helps content websites track users. It has the capability to give up your real IP address even while connected to a VPN or Tor;
media.peerconnection.enabled = false media.peerconnection.video.vp9_enabled = false
A result of the Tor Uplift effort, this preference isolates all browser identifier sources (e.g. cookies) to the first party domain, with the goal of preventing tracking across different domains;
privacy.firstparty.isolate = true
A result of the Tor Uplift effort, this preference makes Firefox more resistant to browser fingerprinting;
privacy.resistFingerprinting = true
Disables offline cache;
browser.cache.offline.enable = false
The attribute would be useful for letting websites track visitors’ clicks;
browser.send_pings = false
Even with Firefox set to not remember history, your closed tabs are stored temporarily at Menu -> History -> Recently Closed Tabs.
browser.sessionstore.max_tabs_undo = 0
Disable preloading of autocomplete URLs. Firefox preloads URLs that autocomplete when a user types into the address bar, which is a concern if URLs are suggested that the user does not want to connect to;
browser.urlbar.speculativeConnect.enabled = false
Website owners can track the battery status of your device;
dom.battery.enabled = false
Disable that websites can get notifications if you copy, paste, or cut something from a web page, and it lets them know which part of the page had been selected;
dom.event.clipboardevents.enabled = false
geo.enabled = false
Websites can track the microphone and camera status of your device;
media.navigator.enabled = false
0 = Accept all cookies by default 1 = Only accept from the originating site (block third party cookies) 2 = Block all cookies by default network.cookie.cookieBehavior = 1
cookies are deleted at the end of the session;
0 = Accept cookies normally 1 = Prompt for each cookie 2 = Accept for current session only 3 = Accept for N days network.cookie.lifetimePolicy = 2
Send only the scheme, host, and port in the Referer header;
0 = Send the full URL in the Referer header 1 = Send the URL without its query string in the Referer header 2 = Send only the scheme, host, and port in the Referer header network.http.referer.trimmingPolicy = 2
Only send Referer header when the full hostnames match. (Note: if you notice significant breakage, you might try 1 combined with an XOriginTrimmingPolicy tweak below.)
0 = Send Referer in all cases 1 = Send Referer to same eTLD sites 2 = Send Referer only when the full hostnames match network.http.referer.XOriginPolicy = 2
When sending Referer across origins, only send scheme, host, and port in the Referer header of cross-origin requests;
0 = Send full url in Referer 1 = Send url without query string in Referer 2 = Only send scheme, host, and port in Referer network.http.referer.XOriginTrimmingPolicy = 2
WebGL is a potential security risk;
webgl.disabled = true
Requires that information be cached in the browser, this can include valuable information like usernames and passwords;
browser.formfill.enable = false
Network pre-fetch broadcast habits;
network.prefetch-next = false network.dns.disablePrefetch = true
Disable cache, let websites write to disk is a privacy and security risk;
browser.cache.disk.enable = false browser.cache.disk_cache_ssl = false browser.cache.memory.enable = false browser.cache.offline.enable = false browser.cache.insecure.enable = false
Disable plugin scanning what extensions and plugins installed on Firefox. Disabling this feature improves both privacy and functionality while browsing privately;
plugin.scan.plid.all = false
Disable telemetry, features that explicitly collect data; (search telemetry and disable any other enabled feature that seems appropriate to disable that's not listed bellow)
browser.newtabpage.activity-stream.feeds.telemetry = false devtools.onboarding.telemetry-logged = false toolkit.telemetry.archive.enabled toolkit.telemetry.bhrping.enabled toolkit.telemetry.firstshutdownping.enabled toolkit.telemetry.hybridcontent.enabled toolkit.telemetry.newprofileping.enabled toolkit.telemetry.unified toolkit.telemetry.updateping.enabled toolkit.telemetry.shutdownpingsender.enabled
Disable tracking surface. Data usage grows since the TLS certificate chains need to be downloaded on each connection. right click on a blank area of the page and select new -> boolean and then paste;
Next form choose false, so it becomes; security.ssl.disable_session_identifiers = false
"Compared to regular unprotected DNS lookups done over UDP or TCP, DOH increases privacy, security and sometimes even performance. It also makes it easy to use a name server of your choice for a particular application instead of the one configured globally (often by someone else) for your entire system." Daniel.
Firefox provides (leaks) an optional resolver mechanism using a dedicated DNS-over-HTTPS server. Force disable set mode to 5 and uri to "", or set your own preferences;
network.trr.mode = 5 network.trr.uri = ""
Disable resolving and connecting to captive portal, this is used on retarded hot-spots;
network.captive-portal-service.enabled = false network.connectivity-service.enabled = false
Push notifications system uses servers, maintained by Google or Mozilla depending on platform that interact with these sites and the user's browser;
dom.push.enabled = false
Disable leaking each download. This feature checks signatures of software before download remotely;
browser.safebrowsing.downloads.remote.enabled = false
Remove "authorities" as much as possible from trusted "state".