The most comprehensive Firefox privacy and security settings collection has been updated to version 0.11 to take into account changes in newer versions of Firefox.
Ghacks champion Pants created the initial list in 2015, and has been on it ever since that day with help of others including earthling and Tom Hawack.
The new user.js file replaces the old one. The download includes the user.js file, the changelog, and two HTML documents that lists all preferences, information and comments.
You are probably wondering what is new in version 0.11 of the file. First of all, the preferences have been updated to take into account changes in Firefox.
Mozilla has added, changed or removed preferences since the last release of the Ghacks user.js file.
Apart from that, there are new sections that you may find interesting.
There are new sections for Service Workers, First Party Isolation, Fingerprint resisting and Tor uplift. The add-ons section has been filled with links to recommended add-ons on top of that.
Some fun stats about the latest privacy and security user.js file:
- The list features a total of 464 preferences of which 48 are commented out.
- 33 items contain warnings.
- The file links to 71 http and 243 https resources for research
Here is the change log:
2300: NEW SECTION for Service Workers (items renumbered from other sections)
2698: NEW SECTION for FPI (First Party Isolation) - commented out, it's not ready yet to go prime time
2699: NEW SECTION for privacy.resistFingerprinting (was 2630)
9998: NEW SECTION for To Investigate - Tor Uplift
: APPENDIX B for Add-ons
9996: PALE MOON, section renumbered and no longer maintained
2302: was 1012 dom.caches.enabled .. ALL the stuff in the 2300s were moved there, some are new
2301+2303+2304: were 2432+2430+2431 respectively, also new prefs
1216: was 2609 insecure active content
1217: was 2610 insecure passive content
2024: was 3014 media.mediasource.webm.enabled
: some other numbers may have been reused, moved
Loads of them, just look in the deprecated section, its in order of version dropped, then number.
0301: app.update.silent and app.update.staging.enabled
0336: browser.selfsupport.enabled (also merged 0371 with this)
0410: the entire section: many prefs deprecated, replaced with others, new section 0410g
0440: mozilla flash blocklisting
0818: taskbar preview
0820: disable search reset
0907: force warnings for logins on non-secure sites
1012: browser.sessionstore.resume_from_crash (note: old number was moved to 2300s)
1209: TLS extra prefs to control min and max and fallback versions
1213: cyphers disable 3DES
1214: cyphers disable 128 bit ecdhe
1215: disable MS Family Safety cert
1218: HSTS Priming
1219: HSTS preload
1220: disable intermediate CA caching
1602: returned DNT (do not track) from deprecated
1808: disable audio auto-play in non-active tabs
1820+1825+1830+1840+1850: revamp, additions etc to GMP, DRM, OpenH264, Widevine, EME
2012: webgl.dxgl.enabled + webgl.enable-webgl2
2022: extra prefs for screensharing
2024: MSE (Media Source Extensions)
2025: enable/disable media types
2026: disable canvas capture stream
2027: disable camera image capture
2028: disable offscreen canvas
2415b: limit events that can cause a popup
2425: disable Archive API
2450: offline data storage
2504: new vr prefs
2510: Web Audio API
2627: revamped section from a single pref about build ID into all your UA/Navigator objects
2650: e10s stuff, never used by me, may be obsolete as e10s rollout changes with each release
2651: control e10s number of container processes
2652: enable console e10s shim warnings
2664: DeviceStorage API
2665: sanitize webchannel whitelist
2666: HTTP Alternative Services
2668: extension directory lockdown
2669: strip paths when sending URLs to PAC scripts
2671: svg.disabled (FF53+)
2706: Storage API
2707: clear localStorage when a WebExtension is uninstalled
3022: hide recently bookmarked items
Appendix A: new test sites: Browserprint, HTML Security, Symantec, AudioContext, HTML5, Keyboard Events, rel=noopener
Appendix A: new section:; 5 Safe Browsing, Tracking Protection tests
: custom pref renamed and configured as the Monty Python parrot
: custom pref expanded to each section with euphemisms for the parrot's demise
1211: SHA-1 variables/definitions have been changed by mozilla, recommeneded value has changed
2201: dom.event.contextmenu.enabled is now active
2404: dom.indexedDB.enabled - i turned this on and use an extension to toggle it on and off for sites
: some other prefs may have been turned on/off
3019: network.proxy.type - it is not my place to control end users connections/proxies/vpns etc