# ABOUT

about:config settings to harden the Firefox browser. Privacy and performance enhancments.</br>
To change these settings type 'about:config' in the url bar.
Then search the setting you would like to change and modify the value.</br>
WARNING: Changing these settings may break certian websites from functioning and 
rendering normally. Some settings may also make firefox unstable/crash.
### I am not liable for any damages/loss of data. 
	
Not all these changes are neccesary and will be dependent upon your usage and hardware. 
Do some research on settings if you don't understand what they do.
	
These settings are best combined with your standard privacy extensions 
(HTTPS Everywhere, NoScript/Request Policy, uBlock origin, agent spoofing, Privacy Badger etc), and all plugins set to "Ask To Activate".
	

# CONTROL & MISC
```
dom.event.contextmenu.enabled = false
	Don't allow websites to prevent use of right-click, 
	or otherwise messing with the context menu.

dom.event.clipboardevents.enabled = false
	Don't allow websites to prevent copy and paste

network.IDN_show_punycode = true
	Show punycode. Help protect from character 'spoofing' eg:
	xn--80ak6aa92e.com -> аррӏе.com
	[IDN homograph attacks](https://www.xudongz.com/blog/2017/idn-phishing/)

```

# PRIVACY SETTINGS

```
plugins.enumerable_names = blank
	Disable site reading installed plugins.

network.http.sendRefererHeader = 0
	Tells website where you came from. Disabling may break some sites.
	0 = Disable referrer headers. 
	1 = Send only on clicked links.
	2 = (default) Send for links and image.
        
network.http.sendSecureXSiteReferrer = false
        Disable referrer headers between https websites.
		
network.http.referer.spoofSource = true
	Send fake referrer (if choose to send referrers).
		
privacy.trackingprotection.enabled = true
        Mozilla’s built in tracking protection.
		
geo.enabled = false
geo.wifi.uri = blank
geo.wifi.logging.enabled = false
        Disables geolocation and firefox logging geolocation requests.

browser.safebrowsing.enabled = false
browser.safebrowsing.malware.enabled = false	
browser.safebrowsing.updateURL = blank
browser.safebrowsing.appRepURL = blank
browser.safebrowsing.gethashURL = blank
browser.safebrowsing.reportURL = blank
browser.safebrowsing.reportPhishURL = blank
browser.safebrowsing.reportMalwareURL = blank
browser.safebrowsing.reportMalwareErrorURL = blank
browser.safebrowsing.reportGenericURL = blank
browser.safebrowsing.reportErrorURL = blank
browser.safebrowsing.malware.reportURL = blank
browser.safebrowsing.id = blank
        Disable Google Safe Browsing and malware and phishing protection.
	Stop sending links and downloading lists from google.	
	Security risk, but privacy improvement.

browser.selfsupport.url = blank
	Calls home to everytime firefox is started.

browser.send_pings = false
	Prevent website tracking clicks.
		
browser.send_pings.require_same_host = true
	Only send pings if send and receiving host match (same website).
	
dom.event.clipboardevents.enabled = false
        Disable notifications of copy, paste, or cut functions. 
        Stop web page knowing which part of the page had been selected.
		
dom.event.contextmenu.enabled = false
        Disables website control over rightclick context menu.
        
dom.battery.enabled = false
	Disable website reading how much battery your mobile device or laptop has.

network.cookie.alwaysAcceptSessionCookies = false
        Disables acceptance of session cookies.
		
network.cookie.cookieBehavior = 2
        Disable cookies.
        0 = accept all cookies by default
        1 = only accept from the originating site (block third party cookies)
        2 = block all cookies by default
		
network.cookie.lifetimePolicy = 2
        cookies are deleted at the end of the session
        0 = Accept cookies normally
        1 = Prompt for each cookie
        2 = Accept for current session only
        3 = Accept for N days
    
network.http.speculative-parallel-limit = 0
	Disable prefetch link on hover.

network.dnsCacheEntries = 100
        Number of cached DNS entries. Lower number = More requests but less data stored.
    
network.dnsCacheExpiration = 60
        Time DNS entries are cached in seconds.
    
places.history.enabled = false
        Disables recording of visited websites.
    
browser.formfill.enable = false
        Disables saving of formdata.
    
browser.cache.disk.enable = false
        Disables caching on hardrive.
    
browser.cache.disk_cache_ssl = false
        Disables caching for ssl connections.
    
browser.cache.memory.enable = false
        Disables caching in memory.
   
browser.cache.offline.enable = false
        Disables offline cache.
    
network.dns.disableIPv6 = true
        If your OS or ISP does not support IPv6, there is no reason to have this preference set to false. 

network.predictor.enabled = false
network.dns.disablePrefetch = true   
network.prefetch-next = false
        Link prefetching is when a webpage hints to the browser that certain pages are likely to be visited, 
	so the browser downloads them immediately so they can be displayed immediately when the user requests it. 

media.peerconnection.enabled = false    
network.websocket.enabled = false
        WebSockets is a technology that makes it possible to open an interactive communication 
        session between the user's browser and a server. (May leak IP when using proxy/VPN)
   
loop.enabled = false
	Disable 3rd party closed-source Hello integration.
	
browser.pocket.enabled = false
	Disable 3rd party closed-source Pocket integration.
```	
	
	
# PERFORMANCE
```
layout.frame_rate.precise = true
	Increases animation speed. May elliminate choppy scrolling.
	
webgl.force-enabled = true
layers.acceleration.force-enabled = true
layers.offmainthreadcomposition.enabled = true
layers.offmainthreadcomposition.async-animations = true
layers.async-video.enabled = true
html5.offmainthread = true
	Enable Hardware Acceleration and Off Main Thread Compositing (OMTC).
	It's likely your browser is already set to use these features.
	May introduce instability on some hardware.

```

# MEMORY REDUCTION

```
browser.cache.memory.capacity = xx
	Limit memory cache size. (xx = value in MB)
	
browser.sessionhistory.max_entries = xx
	Limit maximum pages in session history. (how many URLs you can traverse using the Forward or Back button)
	
browser.sessionstore.max_tabs_undo = xx
	Limit max closed tabs you can reopen.
	
browser.tabs.animate = false
browser.download.animateNotifications = false
	Disable some animations.
	
config.trim_on_minimize = true
	Reduce memory usage when minimized. (Windows only)
	
image.mem.max_decoded_image_kb = xx
	How much info Firefox stores of uncompressed images.
	Higher value = improve speed at the expense of increased memory usage.
	
javascript.options.mem.max == xx
	Limit ammount of memory javasctipt may consume.
	-1 = Automatic

javascript.options.mem.high_water_mark == xx
	Tell garbage collector to start running when javascript is using xx MB of memory. 
	Garbage collection releases memory back to the system.
```

# Flash Font Enumeration
This one is not for firefox, but for Flash if you have it installed.
Font Enumeration allows a site to read which fonts you have installed 
which can be used to identify users.

Default Location:	
```
Windows: 
	C:\Windows\SysWOW64\Macromed\Flash\mms.cfg
	C:\Windows\system32\Macromed\Flash\mms.cfg
Linux:
	/etc/adobe/mms.cfg
OSX:
	~/Library/Application Support/Google/Chrome/Default/Pepper Data/Shockwave Flash/System/mms.cfg
```

Add this line to the mms.cfg file:
```
DisableDeviceFontEnumeration = 1
```
**Better yet, simply uninstall flash. Flash is garbage...**

</br>
___
</br>
**I do my best to keep this list up to date. Additions and corrections are grately appreciated.**