Skip to content

Instantly share code, notes, and snippets.

@thej

thej/config.md

Forked from 0xDE57/config.md
Created September 8, 2018 13:02
Show Gist options
  • Save thej/9b5627307d8b4e75a94e740b89882cf7 to your computer and use it in GitHub Desktop.
Save thej/9b5627307d8b4e75a94e740b89882cf7 to your computer and use it in GitHub Desktop.
Download ZIP
Firefox about:config privacy settings
Raw
config.md

ABOUT

about:config settings to harden the Firefox browser. Privacy and performance enhancments.
To change these settings type 'about:config' in the url bar.
Then search the setting you would like to change and modify the value.
WARNING: Changing these settings may break certian websites from functioning and rendering normally.
Some settings may also make firefox unstable/crash. Change settings as desired.
I am not liable for any damages/loss of data.

Not all these changes are neccesary and will be dependend upon your usage and hardware. 
Do some research on settings if you don't understand what they do.

These settings are best combined with your standard privacy extensions (NoScript, uBlock, agent spoofing, etc),
your plugins (Flash) set to "Ask To Activate" and Common Sense 2015.


This one is not for firefox, but for Flash is you have it installed.
Add this line to the mms.cfg file:
DisableDeviceFontEnumeration = 1
Font Enumeration allows a site to read which fonts you have installed 
which can be used to identiy users.

Windows: 
	C:\Windows\SysWOW64\Macromed\Flash\mms.cfg
	C:\WINDOWS\system32\Macromed\Flash\mms.cfg
Linux:
	/etc/adobe/mms.cfg
OSX:
	~/Library/Application Support/Google/Chrome/Default/Pepper Data/Shockwave Flash/System/mms.cfg

PRIVACY SETTINGS

plugins.enumerable_names = blank Disable site reading installed plugins.

network.http.sendRefererHeader = 0 Tells website where you came from. Disabling may break some sites. 0 = Disable referrer headers. 1 = Send only on clicked links. 2 = (default) Send for links and image.

network.http.sendSecureXSiteReferrer = false Disable referrer headers between https websites.

network.http.referer.spoofSource = true Send fake referrer (if choose to send referrers).

privacy.trackingprotection.enabled = true Mozilla’s built in tracking protection.

geo.enabled = false geo.wifi.uri = blank geo.wifi.logging.enabled = false1 Disables geolocation and firefox logging geolocation requests.

browser.safebrowsing.enabled = false browser.safebrowsing.malware.enabled = false browser.safebrowsing.updateURL = blank browser.safebrowsing.appRepURL = blank browser.safebrowsing.gethashURL = blank browser.safebrowsing.reportURL = blank browser.safebrowsing.reportPhishURL = blank browser.safebrowsing.reportMalwareURL = blank browser.safebrowsing.reportMalwareErrorURL = blank browser.safebrowsing.reportGenericURL = blank browser.safebrowsing.reportErrorURL = blank browser.safebrowsing.malware.reportURL = blank browser.safebrowsing.id = blank Disable Google Safe Browsing and malware and phishing protection. Stop sending links and downloading lists from google. Security risk, but privacy improvement.

browser.selfsupport.url = blank Calls home to everytime firefox is started.

browser.send_pings = false Prevent website tracking clicks.

browser.send_pings.require_same_host = true Only send pings if send and receiving host math (same website).

dom.event.clipboardevents.enabled = false Disable notifications of copy, paste, or cut functions. Lets web page know which part of the page had been selected.

dom.event.contextmenu.enabled = false Disables website control over rightclick context menu.

dom.battery.enabled = false Disable website reading how much battery your mobile device has.

network.cookie.alwaysAcceptSessionCookies = false Disables acceptance of session cookies.

network.cookie.cookieBehavior = 2 Disable cookies. 0 = accept all cookies by default 1 = only accept from the originating site (block third party cookies) 2 = block all cookies by default

network.cookie.lifetimePolicy = 2 cookies are deleted at the end of the session 0 = Accept cookies normally 1 = Prompt for each cookie 2 = Accept for current session only 3 = Accept for N days

network.http.speculative-parallel-limit = 0 Disable prefetch link on hover.

network.dnsCacheEntries = 100 Number of cached DNS entries. Lower number = More requests but less data stored.

network.dnsCacheExpiration = 60 Time DNS entries are cached in seconds.

places.history.enabled = false Disables recording of visited websites.

browser.formfill.enable = false Disables saving of formdata.

browser.cache.disk.enable = false Disables caching on hardrive.

browser.cache.disk_cache_ssl = false Disables caching for ssl connections.

browser.cache.memory.enable = false Disables caching in memory.

browser.cache.offline.enable = false Disables offline cache.

network.dns.disableIPv6 = true If your OS or ISP does not support IPv6, there is no reason to have this preference set to false.

network.predictor.enabled = false network.dns.disablePrefetch = true
network.prefetch-next = false Link prefetching is when a webpage hints to the browser that certain pages are likely to be visited, so the browser downloads them immediately so they can be displayed immediately when the user requests it.

media.peerconnection.enabled = false
network.websocket.enabled = false WebSockets is a technology that makes it possible to open an interactive communication session between the user's browser and a server. (May leak IP when using proxy/VPN)

loop.enabled = false Disable 3rd party closed-source Hello integration.

browser.pocket.enabled = false Disable 3rd party closed-source Pocket integration.

PERFORMANCE

layout.frame_rate.precise = true Increases animation speed. May elliminate choppy scrolling.

webgl.force-enabled = true layers.acceleration.force-enabled = true layers.offmainthreadcomposition.enabled = true layers.offmainthreadcomposition.async-animations = true layers.async-video.enabled Enable Hardware Acceleration and Off Main Thread Compositing (OMTC). It's likely your browser is already set to use these features. May introduce instability on some hardware.

MEMORY REDUCTION

browser.cache.memory.capacity = xx Limit memory cache size. (xx = value in MB)

browser.sessionhistory.max_entries = xx Limit maximum pages in session history. (how many URLs you can traverse using the Forward or Back button)

browser.sessionstore.max_tabs_undo = xx Limit max closed tabs you can reopen.

browser.tabs.animate = false browser.download.animateNotifications = false Disable some animations.

config.trim_on_minimize = true Reduce memory usage when minimized. (Windows only)

image.mem.max_decoded_image_kb = xx How much info Firefox stores of uncompressed images. Higher value = improve speed at the expense of increased memory usage.

javascript.options.mem.max == xx Limit ammount of memory javasctipt may consume. -1 = Automatic

javascript.options.mem.high_water_mark == xx Tell garbage collector to start running when javascript is using xx MB of memory. Garbage collection releases memory back to the system.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment