A Guide to Bettering Firefox
Web browsers are kind of awful. They do too much (why would I want a combination image viewer/pdf reader/media player/html renderer?), and as a result, they are bloated beyond belief. They strain developer resources, require sandboxing because of the insane default that JavaScript is arbitrarily executed, and yet, they're the most prolific method of application distribution in the modern day. Web browsers have become the most convenient place for many to do their computing, so, with this page, I'm trying to define a more sane functionality for the browser I use—Firefox.
Why Firefox?
I use Firefox because it is the easiest web browser from which the kinds of modifications I need are available. If there were a web browser that implemented these modifications as sane defaults (and I do plan on creating my own that does), I would immediately switch to it; but until there is a satisfactory browser, which can do what I want from Firefox, I will stick either with it or a fork of it like LibreWolf.
If you don't want to use Firefox, then at least choose your browser carefully.
In addition to the modifications and extensions listed here, my
script,
xdg-sanity
, can be used to prevent your web
browser from being used to open remote content that has a MIME
type other than text/html
.
Modifications to about:config
Read more about about:config
here.
These settings are advanced user settings, and I'm not responsible for misconfigured browsers, broken web pages, or thermonuclear war.
Make any entries that do not have anything written for their values blank.
Performance
gfx.webrender.all = true
Disable or Enable Features
widget.use-xdg-desktop-portal = true
dom.event.contextmenu.enabled = false
extensions.screenshots.disabled = true
browser.quitShortcut.disabled = true
reader.parse-on-load.enabled = false
-
services.sync.prefs.sync.extensions.activeThemeID = false
Allows Firefox to use KDE Plasma filechooser on GNU/Linux.
Prevents site from blocking the context menu from being opened.
Disables redundant in-app screenshots.
Disables ctrl+q quit shortcut.
Disables reader mode.
Prevents automatic application of themes on new devices.
Disable DRM
-
media.gmp-widevinecdm.enabled = false
-
media.gmp-widevinecdm.visible = false
Disable Pocket
Read more here
-
browser.newtabpage.activity-stream.section.highlights.includePocket = false
-
extensions.pocket.enabled = false
extensions.pocket.site
-
extensions.pocket.oAuthConsumerKey
extensions.pocket.api
-
services.sync.prefs.sync.browser.newtabpage.activity-stream.section.highlights.includePocket = false
Privacy
privacy.resistFingerprinting = true
privacy.firstparty.isolate = true
media.navigator.enabled = false
geo.enabled = false
browser.send_pings = false
dom.netinfo.enabled = false
beacon.enabled = false
dom.enable_resource_timing = false
-
dom.event.clipboardevents.enabled = false
Disables quality-of-life features such as automatic site dark mode detection.
Restricts cache, storage, and cookies to the domain that issued the data in them.
Disables location tracking.
Disables browsers sending POST requests when you click a link.
Prevents sites from being able to see what text you copied or cut and when you did it.
Peripherals
-
camera.control.face_detection.enabled = false
-
camera.control.face_detection.enabled = false
-
dom.battery.enabled = false
Webpage Prefetching & Caching
-
browser.urlbar.speculativeConnect.enabled = false
-
browser.cache.offline.enable = false
network.prefetch-next = false
-
browser.cache.check_doc_frequency = 0
Mozilla Telemetry
-
toolkit.telemetry.cachedClientID
-
browser.aboutHomeSnippets.updateUrL
-
browser.startup.homepage_override.mstone = ignore
-
browser.startup.homepage_override.buildID
-
startup.homepage_welcome_url
-
startup.homepage_welcome_url.additional
startup.homepage_override_url
User-Agent Spoofing
general.platform.override = Win32
-
general.useragent.override = ""
Returns Win32
when the
navigator.platform
object is utilized
in JavaScript.
Set this equal to the latest Chrome user-agent string.
DNS over HTTPS
Read about DOH here.
-
network.trr.uri = ""
network.trr.mode = 2
Select a DNS-over-HTTPS server to use—I use the dnswarden adblocking one, but if your polity censors your internet access, you should use the uncensored one. There is a list of alternatives available on GitHub.
This sets HTTPS over DNS to be on unless the DNS server cannot be reached.
Header Sanitization
-
network.http.referer.spoofSource = true
-
network.http.referer.hideOnionSource = true
Disable Google Safe Browsing
This is an exhaustive list of all the settings you need to
change. Typing only browser.safebrowsing
into the
about:config
search box will return all of them,
but make sure to apply the correct value to each.
-
browser.safebrowsing.allowOverride = true
-
browser.safebrowsing.malware.enabled = false
-
browser.safebrowsing.phishing.enabled = false
-
browser.safebrowsing.downloads.enabled = false
-
browser.safebrowsing.blockedURIs.enabled = false
-
browser.safebrowsing.downloads.remote.block_dangerous_host = false
-
browser.safebrowsing.downloads.remote.block_dangerous = false
-
browser.safebrowsing.downloads.remote.block_potentially_unwanted = false
-
browser.safebrowsing.downloads.remote.enabled = false
-
browser.safebrowsing.downloads.remote.url
browser.safebrowsing.id
-
browser.safebrowsing.provider.google4.updateURL
-
browser.safebrowsing.provider.google4.reportURL
-
browser.safebrowsing.provider.google4.reportPhishMistakeURL
-
browser.safebrowsing.provider.google4.reportMalwareMistakeURL
-
browser.safebrowsing.provider.google4.lists
-
browser.safebrowsing.provider.google4.gethashURL
-
browser.safebrowsing.provider.google4.dataSharingURL
-
browser.safebrowsing.provider.google4.dataSharing.enabled = false
-
browser.safebrowsing.provider.google4.advisoryURL
-
browser.safebrowsing.provider.google4.advisoryName
-
browser.safebrowsing.provider.google4.pver
-
browser.safebrowsing.provider.google4.lastupdatetime
-
browser.safebrowsing.provider.google4.nextupdatetime
-
browser.safebrowsing.provider.google.advisoryName
-
browser.safebrowsing.provider.google.advisoryURL
-
browser.safebrowsing.provider.google.updateURL
-
browser.safebrowsing.provider.google.reportURL
-
browser.safebrowsing.provider.google.gethashURL
-
browser.safebrowsing.provider.google.reportPhishMistakeURL
-
browser.safebrowsing.provider.google.reportMalwareMistakeURL
-
browser.safebrowsing.provider.google.pver
-
browser.safebrowsing.provider.google.lists
-
browser.safebrowsing.provider.mozilla.gethashURL
-
browser.safebrowsing.provider.mozilla.lastupdatetime
-
browser.safebrowsing.provider.mozilla.pver
-
browser.safebrowsing.provider.mozilla.updateURL
-
browser.safebrowsing.provider.mozilla.lists
-
browser.safebrowsing.provider.mozilla.lists.base
-
browser.safebrowsing.provider.mozilla.lists.content
Extensions
Note: Containerization extensions like Facebook Container or Google Container are redundant with Total Cookie Protection and Enhanced Cookie Clearing.
If there is any extension you feel is missing from this list, feel free to send me a git patch through e-mail adding it along with a description as to why you believe it should be included. Before contacting me, please read through the whole list, this, and this.
Standard Privacy Extensions
-
Privacy Pass – Stores tokens to bypass captchas.
-
uBlock Origin – Ad blocking, cosmetic filtering, malicious script protection, and tracker blocking; all in one package. Add this blocklist to implement ClearURLs functionality with removeparam and this blocklist and turn on the "EasyList Cookie" blocklist for GDPR consent popup-blocking functionality.
Advanced Privacy Extensions
These extensions may hinder or break certain functionality on websites using heavy amounts of JavaScript.
-
CanvasBlocker – Fakes fingerprint readout for some JavaScript APIs (blocking the canvas can break some functions of image rendering).
-
GNU LibreJS – Extension that blocks all but freely licensed JavaScript.
-
JShelter – Restricts access to JavaScript APIs to prevent fingerprinting.
Tools
-
Bypass Paywalls – Bypasses paywalls for some sites.
-
FireMonkey – Lightweight user script and style manager utilizing native Firefox APIs to support userscripts from sources like GreasyFork and OpenUserJS as well as Stylish themes from Userstyles.
-
Flagfox – Displays information about a website's physical location and IP address in the address bar.
-
FoxyProxy Standard / Basic – Advanced proxy manager which replaces Firefox's lacking settings.
-
LibRedirect – Redirects services like Twitter and YouTube to their privacy-respecting front-ends or alternatives.