Privacy/Privacy Task Force/firefox about config privacy tweeks
Contents
Firefox: Privacy Related "about:config" Tweaks
This is a collection of privacy related about:config tweaks. We'll show you how to enhance the privacy of your Firefox browser.
Preparation
- Enter "about:config" in the firefox address bar and press enter.
- Press the button "I'll be careful, I promise!"
- Follow the instructions below...
Getting started
-
privacy.firstparty.isolate = true
A result of the Tor Uplift effort, this preference isolates all browser identifier sources (e.g. cookies) to the first party domain, with the goal of preventing tracking across different domains.
-
privacy.resistFingerprinting = true
A result of the Tor Uplift effort, this preference makes Firefox more resistant to browser fingerprinting.
-
browser.cache.offline.enable = false
Disables offline cache.
-
browser.send_pings = false
The attribute would be useful for letting websites track visitors’ clicks.
-
browser.sessionstore.max_tabs_undo = 0
Even with Firefox set to not remember history, your closed tabs are stored temporarily at Menu -> History -> Recently Closed Tabs.
-
browser.urlbar.speculativeConnect.enabled = false
Disable preloading of autocomplete URLs. Firefox preloads URLs that autocomplete when a user types into the address bar, which is a concern if URLs are suggested that the user does not want to connect to. Source
-
dom.battery.enabled = false
Website owners can track the battery status of your device. Source
-
dom.event.clipboardevents.enabled = false
Disable that websites can get notifications if you copy, paste, or cut something from a web page, and it lets them know which part of the page had been selected.
-
geo.enabled = false
Disables geolocation.
-
media.navigator.enabled = false
Websites can track the microphone and camera status of your device.
-
network.cookie.cookieBehavior = 1
Disable cookies
0 = Accept all cookies by default 1 = Only accept from the originating site (block third party cookies) 2 = Block all cookies by default
-
network.cookie.lifetimePolicy = 2
cookies are deleted at the end of the session
0 = Accept cookies normally 1 = Prompt for each cookie 2 = Accept for current session only 3 = Accept for N days
-
network.http.referer.trimmingPolicy = 2
Send only the scheme, host, and port in the Referer header
0 = Send the full URL in the Referer header 1 = Send the URL without its query string in the Referer header 2 = Send only the scheme, host, and port in the Referer header
-
network.http.referer.XOriginPolicy = 2
Only send Referer header when the full hostnames match. (Note: if you notice significant breakage, you might try 1 combined with an XOriginTrimmingPolicy tweak below.) Source
0 = Send Referer in all cases 1 = Send Referer to same eTLD sites 2 = Send Referer only when the full hostnames match
-
network.http.referer.XOriginTrimmingPolicy = 2
When sending Referer across origins, only send scheme, host, and port in the Referer header of cross-origin requests. Source
0 = Send full url in Referer 1 = Send url without query string in Referer 2 = Only send scheme, host, and port in Referer
-
webgl.disabled = true
WebGL is a potential security risk.
Related Information
- ffprofile.com - Helps you to create a Firefox profile with the defaults you like.
- mozillazine.org - Security and privacy-related preferences.
- user.js Firefox hardening stuff - This is a user.js configuration file for Mozilla Firefox that's supposed to harden Firefox's settings and make it more secure.
- Privacy Settings - A Firefox addon to alter built-in privacy settings easily with a toolbar panel.