Skip to content

Instantly share code, notes, and snippets.

@0xFF3

0xFF3/config.md

Forked from 0xDE57/config.md
Created October 9, 2019 02:42
Show Gist options
  • Save 0xFF3/f8dfe6c0c1682eb36ee5f1663871bda2 to your computer and use it in GitHub Desktop.
Save 0xFF3/f8dfe6c0c1682eb36ee5f1663871bda2 to your computer and use it in GitHub Desktop.
Download ZIP
Firefox about:config privacy settings
Raw
config.md

ABOUT

about:config settings to harden the Firefox browser. Privacy and performance enhancments. To change these settings type 'about:config' in the url bar. Then search the setting you would like to change and modify the value. WARNING: Changing these settings may break certian websites from functioning and rendering normally. Some settings may also make firefox unstable/crash.

I am not liable for any damages/loss of data.

Not all these changes are neccesary and will be dependend upon your usage and hardware. Do some research on settings if you don't understand what they do.

These settings are best combined with your standard privacy extensions (HTTPS Everywhere, NoScript/Request Policy, uBlock origin, agent spoofing, Privacy Badger etc), and all plugins set to "Ask To Activate".

MISC

network.IDN_show_punycode = true
	Show punycode. Help protect from character 'spoofing' eg:
	xn--80ak6aa92e.com -> аррӏе.com
	[IDN homograph attacks](https://www.xudongz.com/blog/2017/idn-phishing/)

PRIVACY SETTINGS

plugins.enumerable_names = blank
	Disable site reading installed plugins.

network.http.sendRefererHeader = 0
	Tells website where you came from. Disabling may break some sites.
	0 = Disable referrer headers. 
	1 = Send only on clicked links.
	2 = (default) Send for links and image.
        
network.http.sendSecureXSiteReferrer = false
        Disable referrer headers between https websites.
		
network.http.referer.spoofSource = true
	Send fake referrer (if choose to send referrers).
		
privacy.trackingprotection.enabled = true
        Mozilla’s built in tracking protection.
		
geo.enabled = false
geo.wifi.uri = blank
geo.wifi.logging.enabled = false
        Disables geolocation and firefox logging geolocation requests.

browser.safebrowsing.enabled = false
browser.safebrowsing.malware.enabled = false	
browser.safebrowsing.updateURL = blank
browser.safebrowsing.appRepURL = blank
browser.safebrowsing.gethashURL = blank
browser.safebrowsing.reportURL = blank
browser.safebrowsing.reportPhishURL = blank
browser.safebrowsing.reportMalwareURL = blank
browser.safebrowsing.reportMalwareErrorURL = blank
browser.safebrowsing.reportGenericURL = blank
browser.safebrowsing.reportErrorURL = blank
browser.safebrowsing.malware.reportURL = blank
browser.safebrowsing.id = blank
        Disable Google Safe Browsing and  malware and phishing protection.
	Stop sending links and downloading lists from google.	
	Security risk, but privacy improvement.

browser.selfsupport.url = blank
	Calls home to everytime firefox is started.

browser.send_pings = false
	Prevent website tracking clicks.
		
browser.send_pings.require_same_host = true
	Only send pings if send and receiving host math (same website).
	
dom.event.clipboardevents.enabled = false
        Disable notifications of copy, paste, or cut functions. 
        Stop web page knowing which part of the page had been selected.
		
dom.event.contextmenu.enabled = false
        Disables website control over rightclick context menu.
        
dom.battery.enabled = false
	Disable website reading how much battery your mobile device has.

network.cookie.alwaysAcceptSessionCookies = false
        Disables acceptance of session cookies.
		
network.cookie.cookieBehavior = 2
        Disable cookies.
        0 = accept all cookies by default
        1 = only accept from the originating site (block third party cookies)
        2 = block all cookies by default
		
network.cookie.lifetimePolicy = 2
        cookies are deleted at the end of the session
        0 = Accept cookies normally
        1 = Prompt for each cookie
        2 = Accept for current session only
        3 = Accept for N days
    
network.http.speculative-parallel-limit = 0
	Disable prefetch link on hover.

network.dnsCacheEntries = 100
        Number of cached DNS entries. Lower number = More requests but less data stored.
    
network.dnsCacheExpiration = 60
        Time DNS entries are cached in seconds.
    
places.history.enabled = false
        Disables recording of visited websites.
    
browser.formfill.enable = false
        Disables saving of formdata.
    
browser.cache.disk.enable = false
        Disables caching on hardrive.
    
browser.cache.disk_cache_ssl = false
        Disables caching for ssl connections.
    
browser.cache.memory.enable = false
        Disables caching in memory.
   
browser.cache.offline.enable = false
        Disables offline cache.
    
network.dns.disableIPv6 = true
        If your OS or ISP does not support IPv6, there is no reason to have this preference set to false. 

network.predictor.enabled = false
network.dns.disablePrefetch = true   
network.prefetch-next = false
        Link prefetching is when a webpage hints to the browser that certain pages are likely to be visited, so the browser 		downloads them immediately so they can be displayed immediately when the user requests it. 

media.peerconnection.enabled = false    
network.websocket.enabled = false
        WebSockets is a technology that makes it possible to open an interactive communication 
        session between the user's browser and a server. (May leak IP when using proxy/VPN)
   
loop.enabled = false
	Disable 3rd party closed-source Hello integration.
	
browser.pocket.enabled = false
	Disable 3rd party closed-source Pocket integration.

PERFORMANCE

layout.frame_rate.precise = true
	Increases animation speed. May elliminate choppy scrolling.
	
webgl.force-enabled = true
layers.acceleration.force-enabled = true
layers.offmainthreadcomposition.enabled = true
layers.offmainthreadcomposition.async-animations = true
layers.async-video.enabled = true
html5.offmainthread = true
	Enable Hardware Acceleration and Off Main Thread Compositing (OMTC).
	It's likely your browser is already set to use these features.
	May introduce instability on some hardware.

MEMORY REDUCTION

browser.cache.memory.capacity = xx
	Limit memory cache size. (xx = value in MB)
	
browser.sessionhistory.max_entries = xx
	Limit maximum pages in session history. (how many URLs you can traverse using the Forward or Back button)
	
browser.sessionstore.max_tabs_undo = xx
	Limit max closed tabs you can reopen.
	
browser.tabs.animate = false
browser.download.animateNotifications = false
	Disable some animations.
	
config.trim_on_minimize = true
	Reduce memory usage when minimized. (Windows only)
	
image.mem.max_decoded_image_kb = xx
	How much info Firefox stores of uncompressed images.
	Higher value = improve speed at the expense of increased memory usage.
	
javascript.options.mem.max == xx
	Limit ammount of memory javasctipt may consume.
	-1 = Automatic

javascript.options.mem.high_water_mark == xx
	Tell garbage collector to start running when javascript is using xx MB of memory. 
	Garbage collection releases memory back to the system.

Flash Font Enumeration

This one is not for firefox, but for Flash if you have it installed. Font Enumeration allows a site to read which fonts you have installed which can be used to identify users.

Default Location:

Windows: 
	C:\Windows\SysWOW64\Macromed\Flash\mms.cfg
	C:\Windows\system32\Macromed\Flash\mms.cfg
Linux:
	/etc/adobe/mms.cfg
OSX:
	~/Library/Application Support/Google/Chrome/Default/Pepper Data/Shockwave Flash/System/mms.cfg

Add this line to the mms.cfg file:

DisableDeviceFontEnumeration = 1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment