Mozilla Firefox is without the shadow of a doubt the browser that you can customize the most. This shows not only when it comes to (most) feature additions or changes, as there is usually a way to return to the old, but also when you dive into the depths of the about:config page.
The page lists a lot of preferences that you can all modify. Most are not accessible elsewhere in the browser, and you often find preferences listed here that Mozilla has implemented but not enabled yet for all users.
While you find all kinds of preferences here, for instance options to change the color of link anchors, you will also find many security and privacy related preferences here.
Making changes to those can improve security or privacy.
The following list attempts to list all privacy and security preferences of relevance. With that said it is a work in progress considering that there are that many preferences available.
If you notice that a preference is missing, or discovered a new one, use the contact option here on this site to let us know about it and we will implement the change right away.
Tip: you may also want to check our extensive Ghacks user.js file which is the best privacy and security preferences collection for Firefox.
If you are new to Firefox's about:config page you may need some pointers on how to use the page. To open it do the following:
The search is your best friend. Just start typing a preference name and Firefox will automatically filter the list so that only matching results remain.
You can change preference values with a double-click, and create new preferences with a right-click and the selection of new from the context menu.
Note that there is no way to remove entries from the list from within Firefox.
Pro Tip: All bold preferences are modified preferences. The about:support page lists all of them.
beacon.enabled
Sends data to servers when leaving pages.
browser.cache.check_doc_frequency
Determines how often Firefox checks if a newer than cached version is available.
browser.cache.disk.capacity
The maximum space that Firefox uses for the disk cache.
browser.cache.disk.enable
Defines Firefox's use of the disk cache.
browser.cache.disk_cache_ssl
Defines whether contents of SSL (https) web pages get cached by Firefox on disk.
browser.cache.memory.max_entry_size
The maximum size of a single entry in the memory cache in Kilobyte.
browser.cache.memory.enable
Whether a memory cache is used by the browser.
browser.cache.offline.capacity
The capacity of the offline cache. Needs browser.cache.offline.enable set to true.
browser.cache.offline.enable
Whether web applications and sites can use an offline cache on the local system.
browser.download.manager.alertOnEXEOpen (deprecated)
This defines whether a warning message is displayed by Firefox when you click on an executable file in the download manager.
browser.download.manager.retention (deprecated)
Defines when Firefox removes finished downloads from the Download Manager:
browser.download.manager.scanWhenDone (deprecated)
Whether Firefox will scan downloaded files with installed antivirus software.
browser.fixup.alternate.enabled
Defines whether Firefox's "fixup" feature is used.
browser.fixup.alternate.prefix
The prefix that Firefox adds to the word entered if Fixup is enabled.
browser.fixup.alternate.suffix
The suffix that Firefox adds to single words entered if Fixup is enabled.
browser.fixup.hide_user_pass
If passwords entered in the address should be included in the "Fixit" operation as well.
browser.formfill.enable
Defines whether Firefox will save text entered into web forms.
places.history.enabled
Defines if Firefox should remember visited pages.
browser.privatebrowsing.autostart
Defines if Firefox is started in private browsing mode on start.
browser.safebrowsing.enabled
Determines whether Firefox should check urls that are opened in it against a web forgery database (uses Google by default)
browser.safebrowsing.malware.enabled
Whether Firefox will use malware information to determine if downloads are malicious.
browser.search.defaultenginename
Defines the name of the (installed) search engine that is used for searches in Firefox (both address bar and search bar).
browser.search.suggest.enabled
Defines whether search suggestions are displayed in Firefox.
browser.selfsupport.url
Determines whether the Heartbeat feedback feature is enabled in Firefox.
browser.send_pings
Informs servers about links that get clicked on by the user.
browser.sessionhistory.max_entries
The number of previous pages that Firefox keeps saved for every open site in the browser (back and forward functionality).
browser.startup.homepage
Defines the homepage of the browser.
browser.startup.page
This defines how Firefox will start up.
browser.urlbar.autocomplete.enabled
Whether Firefox will display auto-complete suggestions when you type in the address bar.
dom.allow_scripts_to_close_windows
Defines whether scripts can close windows in the browser.
dom.battery.enabled
Gives web applications access to the battery status of mobile devices. May be used in fingerprinting techniques.
dom.disable_image_src_set
Determines whether JavaScript is allowed to manipulate images displayed in the browser.
dom.disable_open_during_load
Defines whether Firefox's built-in popup blocker is enabled.
dom.disable_window_*
Several preferences that determine if and how scripts may manipulate browser windows.
dom.event.clipboardevents.enabled
Determines whether websites are allowed to access clipboard contents (check out: Block websites from reading or modifying Clipboard contents in Firefox for additional information).
dom.event.contextmenu.enabled
Determines whether websites are allowed to block access to the right-click context menu.
dom.ipc.plugins.enabled
This preference determines if plugins are run in a separate process
dom.ipc. plugins.enabled.timeoutSecs (deprecated)
dom.ipc.plugins.timeoutSecs
The time in seconds before out-of-process plugins are terminated if they are not responsive.
dom.max_chrome_script_run_time and dom.max_script_run_time
Defines the time a script may run in the browser. Default values are 20 and 10.
dom.popup_allowed_events
Defines the JavaScript events that are allowed to create popup windows.
dom.popup_maximum
The maximum number of popups that can be spawned in Firefox.
dom.storage.enabled
This parameter defines whether "client-side session and persistent storage" capabilities are enabled in Firefox (meaning if the feature can be used by websites and applications to store data on the client computer).
extensions.blocklist.enabled
Firefox ships with a remote killswitch for extensions and plugins. It is highly recommended to keep this at its default value as it was used in the past to block malicious extensions.
extensions.getAddons.cache.enabled
This sends a daily ping to Mozilla about installed add-ons and recent start-up times.
extensions.update.enabled
Defines whether extension updates are enabled in Firefox.
geo.enabled
Determines if location aware browsing is enabled.
geo.wifi.logging.enabled (deprecated)
Defines whether geolocation requests are logged by Firefox.
geo.wifi.uri
The data provider used to power Firefox's geolocation feature. (Check out how to switch to a Mozilla operated service)
media.peerconnection.enabled
This preference determines whether WebRTC is enabled in Firefox. WebRTC is used for telephony and video chat functionality but leaks local and remote IP addresses as well. May also be used in browser fingerprinting.
media.video_stats.enabled
Provides web applications with information about video playback statistics such as the framerate.
network.cookie.alwaysAcceptSessionCookies
Determines whether Firefox will accept so-called session cookies (removed when browser exits) automatically. Depends on network.cookie.lifetimePolicy set to 1.
network.cookie.cookieBehavior
Defines if cookies are allowed in Firefox.
network.cookie.lifetime.days
Defines the number of days that cookies are stored by Firefox if network.cookie.cookieBehavior is set to 3.
network.cookie.lifetimePolicy
This defines when cookies expire in Firefox.
network.dnsCacheEntries
Defines how many entries Firefox will keep in the browser's DNS cache.
network.dnsCacheExpiration
The time cached DNS entries will be saved by Firefox.
network.http.referer.XOriginPolicy
Defines when to set the referrer (the page a visit originated from).
network.http.referer.spoofSource
Whether the real or a fake referrer is used by Firefox.
network.http.referer.trimmingPolicy
Defines whether the referrer is trimmed or not.
network.http.sendRefererHeader
Controls when to send the referer header and document.referrer is set.
network.http.sendSecureXSiteReferrer
Defines whether a Referer header is sent when you are navigating from one secure site to another.
network.http.use-cache
Defines whether Firefox caches http requests.
network.prefetch-next
Defines whether Firefox will accept link prefetching directives by websites.
network.seer.enabled (deprecated)
A component of Firefox's Necko Predictive Network Actions feature that improves page load time by performing overhead for connections before the connections are actually needed.
plugin.scan.plid.all
Scans the Windows Registry key for plugin references. If found, adds them to Firefox.
plugin.state.flash
The default state of the Flash plugin. See How to make sure Firefox plugins never activate again for more information.
plugin.state.java
The default state of the Java plugin.
privacy.clearOnShutdown.*
Defines which sets of data get cleared when Firefox shuts down. A value of true means the data set is cleared on exit, false that it is kept.
privacy.cpd.*
Defines the items that are selected automatically when you bring up the Clear Browsing Data dialog (using Ctrl-Shift-Del for instance). True means the data set is selected, false it is not.
privacy.donottrackheader.enabled
Sets the Do Not Track header which informs websites and services about the tracking preference.
privacy.sanitize.sanitizeOnShutdown
Whether the browsing history is automatically cleared on shutdown.
privacy.trackingprotection.enabled
Defines whether Firefox's Tracking Protection feature is enabled.
security.OCSP.enable
Defines if OCSP Stapling is enabled in Firefox which determines how certificate information are retrieved (check Firefox 25 gets OCSP Stapling which improves privacy for detailed information).
security.tls.version.min and security.tls.version.max
Defines the minimum and maximum allowed version of SSL or TSL when communicating with encrypted servers. Setting it to 0 is not recommended because of known vulnerabilities.
Please click on the following link to open the newsletter signup page: Ghacks Newsletter Sign up
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.