airglow923/firefox-about-config.md

Last active August 9, 2025 08:02

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/airglow923/4d2b8a4c29b8e217d77a6873915987de.js"></script>
Save airglow923/4d2b8a4c29b8e217d77a6873915987de to your computer and use it in GitHub Desktop.

Firefox security configurations (about:config)

Raw

app.normandy.api_url = ""
app.normandy.enabled = false
app.shield.optoutstudies.enabled = false
app.update.auto = false [OS except Windows]
app.update.background.scheduling.enabled = false [Windows]

beacon.enabled = false

breakpad.reportURL = ""

browser.cache.disk.enable = false
browser.contentblocking.category = "strict"
browser.discovery.enabled = false
browser.display.use_system_colors = false
browser.download.manager.addToRecentDocs = false
browser.download.useDownloadDir = false
browser.fixup.alternate.enabled = false
browser.formfill.enable = false
browser.helperApps.deleteTempFileOnExit = true
browser.newtab.preload = false
browser.newtabpage.activity-stream.default.sites = ""
browser.newtabpage.activity-stream.feeds.discoverystreamfeed = false
browser.newtabpage.activity-stream.feeds.section.topstories = false
browser.newtabpage.activity-stream.feeds.snippets = false
browser.newtabpage.activity-stream.feeds.telemetry = false
browser.newtabpage.activity-stream.section.highlights.includePocket = false
browser.newtabpage.activity-stream.showSponsored = false
browser.newtabpage.activity-stream.showSponsoredTopSites = false
browser.newtabpage.activity-stream.telemetry = false
browser.newtabpage.enabled = false
browser.pagethumbnails.capturing_disabled = true*
browser.ping-centre.telemetry = false
browser.privatebrowsing.forceMediaMemoryCache = true
browser.region.network.url = ""
browser.region.update.enabled = false
browser.safebrowsing.allowOverride = false
browser.safebrowsing.blockedURIs.enabled = false
browser.safebrowsing.downloads.enabled = false
browser.safebrowsing.downloads.remote.block_potentially_unwanted = false
browser.safebrowsing.downloads.remote.block_uncommon = false
browser.safebrowsing.downloads.remote.enabled = false
browser.safebrowsing.downloads.remote.url = ""
browser.safebrowsing.malware.enabled = false
browser.safebrowsing.phishing.enabled = false
browser.safebrowsing.provider.google.gethashURL = ""
browser.safebrowsing.provider.google.updateURL = ""
browser.safebrowsing.provider.google4.dataSharingURL = ""
browser.safebrowsing.provider.google4.gethashURL = ""
browser.safebrowsing.provider.google4.updateURL = ""
browser.search.suggest.enabled = false
browser.sessionstore.privacy_level = 2
browser.sessionstore.resume_from_crash = false
browser.shell.shortcutFavicons = false
browser.startup.blankWindow = false
browser.tabs.crashReporting.sendReport = false
browser.urlbar.quicksuggest.enabled = false
browser.urlbar.quicksuggest.scenario = "history"
browser.urlbar.speculativeConnect.enabled = false
browser.urlbar.suggest.quicksuggest.nonsponsored = false
browser.urlbar.suggest.quicksuggest.sponsored = false
browser.urlbar.suggest.searches = false
browser.urlbar.trimURLs = false
browser.xul.error_pages.expert_bad_cert = true

captivedetect.canonicalURL = ""

datareporting.healthreport.uploadEnabled = false
datareporting.policy.dataSubmissionEnabled = false

dom.battery.enabled = false
dom.disable_open_during_load = true
dom.popup_allowed_events = click dblclick mousedown pointerdown
dom.security.https_only_mode = true
dom.security.https_only_mode_ever_enabled = true
dom.security.https_only_mode_send_http_background_request = false

extensions.Screenshots.disabled = true
extensions.enabledScopes = 5*
extensions.formautofill.addresses.enabled = false
extensions.formautofill.available = "off"
extensions.formautofill.creditCards.available = false
extensions.formautofill.creditCards.enabled = false
extensions.formautofill.heuristics.enabled = false
extensions.getAddons.showPane = false*
extensions.htmlaboutaddons.recommendations.enabled = false
extensions.pocket.enabled = false
extensions.postDownloadThirdPartyPrompt = false
extensions.webextensions.restrictedDomains = ""

fission.autostart = true

geo.enabled = false
geo.provider.ms-windows-location = false
geo.provider.network.url = "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%"
geo.provider.use_corelocation = false [macOS]
geo.provider.use_geoclue = false [Linux]
geo.provider.use_gpsd = false [Linux]

gfx.webrender.all = true

intl.accept_languages = "en-US, en"

javascript.options.baselinejit = false
javascript.options.blinterp = false
javascript.options.ion = false
javascript.options.wasm_baselinejit = false
javascript.use_us_english_locale = true*

media.autoplay.default = 5
media.eme.enabled = false
media.peerconnection.enabled = false
media.peerconnection.ice.default_address_only = true
media.peerconnection.ice.no_host = true
media.peerconnection.ice.proxy_only_if_behind_proxy = true

network.IDN_show_punycode = true
network.auth.subresource-http-auth-allow = 1
network.captive-portal-service.enabled = false
network.connectivity-service.enabled = false
network.cookie.cookieBehavior = 1
network.dns.disableIPv6 = true
network.dns.disablePrefetch = true
network.dns.disablePrefetchFromHTTPS = true
network.dns.echconfig.enabled = true
network.dns.http3_echconfig.enabled = true
network.dns.use_https_rr_as_altsvc = true
network.file.disable_unc_paths = true*
network.gio.supported-protocols = ""*
network.http.http3.enable = true
network.http.referer.XOriginPolicy = 2
network.http.referer.XOriginTrimmingPolicy = 2
network.http.referer.spoofSource = true
network.http.referer.trimmingPolicy = 2

network.http.sendRefererHeader = 0
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
breaks some sites as requests without referrers are often considered bots

network.http.speculative-parallel-limit = 0
network.predictor.enable-prefetch = false
network.predictor.enabled = false
network.prefetch-next = false
network.trr.mode = 3
network.trr.uri = https://mozilla.cloudflare-dns.com/dns-query
network.trr.useGET = true

pdfjs.enableScripting = false

permissions.manager.defaultsUrl = ""

privacy.donottrackheader.enabled = true
privacy.firstparty.isolate = true
privacy.partition.always_partition_third_party_non_cookie_storage = true
privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage = true
privacy.partition.serviceWorkers = true
privacy.query_stripping.enabled = true
privacy.resistFingerprinting = true
privacy.resistFingerprinting.block_mozAddonManager = true*
privacy.socialtracking.block_cookies.enabled = true
privacy.spoof_english = 2
privacy.trackingprotection.cryptomining.enabled = true
privacy.trackingprotection.enabled = true
privacy.trackingprotection.fingerprinting.enabled = true
privacy.trackingprotection.socialtracking.enabled = true
privacy.userContext.enabled = true
privacy.userContext.ui.enabled = true
privacy.window.maxInnerHeight = 900
privacy.window.maxInnerWidth = 1600

security.OCSP.enabled = 0
security.OCSP.require = true
security.cert_pinning.enforcement_level = 2
security.pki.crlite_mode = 2
security.pki.sha1_enforcement_level = 1
security.remote_settings.crlite_filters.enabled = true

security.sandbox.content.shadow-stack.enabled = true
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
often breaks sites

security.sandbox.content.win32k-disable = true
security.sandbox.gmp.shadow-stack.enabled = true
security.sandbox.gmp.win32k-disable = true
security.sandbox.gpu.level = 1
security.sandbox.gpu.shadow-stack.enabled = true
security.ssl3.dhe_rsa_aes_128_sha = false
security.ssl3.dhe_rsa_aes_256_sha = false
security.ssl3.ecdhe_ecdsa_aes_128_sha = false
security.ssl3.ecdhe_ecdsa_aes_256_sha = false
security.ssl3.ecdhe_rsa_aes_128_sha = false
security.ssl3.ecdhe_rsa_aes_256_sha = false
security.ssl3.rsa_aes_128_gcm_sha256 = false
security.ssl3.rsa_aes_128_sha = false
security.ssl3.rsa_aes_256_gcm_sha384 = false
security.ssl3.rsa_aes_256_sha = false
security.tls.ech.grease_http3 = true
security.tls.enable_0rtt_data = false
security.tls.enable_delegated_credentials = true
security.tls.version.min = 3

signon.autofillForms = false
signon.formlessCapture.enabled = false
signon.rememberSignons = false

toolkit.coverage.endpoint.base = ""
toolkit.coverage.opt-out = true*
toolkit.telemetry.archive.enabled = false
toolkit.telemetry.bhrPing.enabled = false
toolkit.telemetry.coverage.opt-out = true*
toolkit.telemetry.enabled = false
toolkit.telemetry.firstShutdownPing.enabled = false
toolkit.telemetry.newProfilePing.enabled = false
toolkit.telemetry.server = "data:,"
toolkit.telemetry.shutdownPingSender.enabled = false
toolkit.telemetry.unified = false
toolkit.telemetry.updatePing.enabled = false

webgl.disabled = true

The value with * means you need to create the config as it is hidden from about:config.

Author

airglow923 commented Aug 9, 2025 •

edited

Loading

In user.js format (excluding network.http.sendRefererHeader and security.sandbox.content.shadow-stack.enabled:

user_pref("app.normandy.api_url", "");
user_pref("app.normandy.enabled", false);
user_pref("app.shield.optoutstudies.enabled", false);
user_pref("app.update.auto", false);
user_pref("app.update.background.scheduling.enabled", false);
user_pref("beacon.enabled", false);
user_pref("breakpad.reportURL", "");
user_pref("browser.cache.disk.enable", false);
user_pref("browser.contentblocking.category", "strict");
user_pref("browser.discovery.enabled", false);
user_pref("browser.display.use_system_colors", false);
user_pref("browser.download.manager.addToRecentDocs", false);
user_pref("browser.download.useDownloadDir", false);
user_pref("browser.fixup.alternate.enabled", false);
user_pref("browser.formfill.enable", false);
user_pref("browser.helperApps.deleteTempFileOnExit", true);
user_pref("browser.newtab.preload", false);
user_pref("browser.newtabpage.activity-stream.default.sites", "");
user_pref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", false);
user_pref("browser.newtabpage.activity-stream.feeds.section.topstories", false);
user_pref("browser.newtabpage.activity-stream.feeds.snippets", false);
user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false);
user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false);
user_pref("browser.newtabpage.activity-stream.showSponsored", false);
user_pref("browser.newtabpage.activity-stream.showSponsoredTopSites", false);
user_pref("browser.newtabpage.activity-stream.telemetry", false);
user_pref("browser.newtabpage.enabled", false);
user_pref("browser.pagethumbnails.capturing_disabled", true);
user_pref("browser.ping-centre.telemetry", false);
user_pref("browser.privatebrowsing.forceMediaMemoryCache", true);
user_pref("browser.region.network.url", "");
user_pref("browser.region.update.enabled", false);
user_pref("browser.safebrowsing.allowOverride", false);
user_pref("browser.safebrowsing.blockedURIs.enabled", false);
user_pref("browser.safebrowsing.downloads.enabled", false);
user_pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false);
user_pref("browser.safebrowsing.downloads.remote.block_uncommon", false);
user_pref("browser.safebrowsing.downloads.remote.enabled", false);
user_pref("browser.safebrowsing.downloads.remote.url", "");
user_pref("browser.safebrowsing.malware.enabled", false);
user_pref("browser.safebrowsing.phishing.enabled", false);
user_pref("browser.safebrowsing.provider.google.gethashURL", "");
user_pref("browser.safebrowsing.provider.google.updateURL", "");
user_pref("browser.safebrowsing.provider.google4.dataSharingURL", "");
user_pref("browser.safebrowsing.provider.google4.gethashURL", "");
user_pref("browser.safebrowsing.provider.google4.updateURL", "");
user_pref("browser.search.suggest.enabled", false);
user_pref("browser.sessionstore.privacy_level", 2);
user_pref("browser.sessionstore.resume_from_crash", false);
user_pref("browser.shell.shortcutFavicons", false);
user_pref("browser.startup.blankWindow", false);
user_pref("browser.tabs.crashReporting.sendReport", false);
user_pref("browser.urlbar.quicksuggest.enabled", false);
user_pref("browser.urlbar.quicksuggest.scenario", "history");
user_pref("browser.urlbar.speculativeConnect.enabled", false);
user_pref("browser.urlbar.suggest.quicksuggest.nonsponsored", false);
user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false);
user_pref("browser.urlbar.suggest.searches", false);
user_pref("browser.urlbar.trimURLs", false);
user_pref("browser.xul.error_pages.expert_bad_cert", true);
user_pref("captivedetect.canonicalURL", "");
user_pref("datareporting.healthreport.uploadEnabled", false);
user_pref("datareporting.policy.dataSubmissionEnabled", false);
user_pref("dom.battery.enabled", false);
user_pref("dom.disable_open_during_load", true);
user_pref("dom.popup_allowed_events", "click dblclick mousedown pointerdown");
user_pref("dom.security.https_only_mode", true);
user_pref("dom.security.https_only_mode_ever_enabled", true);
user_pref("dom.security.https_only_mode_send_http_background_request", false);
user_pref("extensions.Screenshots.disabled", true);
user_pref("extensions.enabledScopes", 5);
user_pref("extensions.formautofill.addresses.enabled", false);
user_pref("extensions.formautofill.available", "off");
user_pref("extensions.formautofill.creditCards.available", false);
user_pref("extensions.formautofill.creditCards.enabled", false);
user_pref("extensions.formautofill.heuristics.enabled", false);
user_pref("extensions.getAddons.showPane", false);
user_pref("extensions.htmlaboutaddons.recommendations.enabled", false);
user_pref("extensions.pocket.enabled", false);
user_pref("extensions.postDownloadThirdPartyPrompt", false);
user_pref("extensions.webextensions.restrictedDomains", "");
user_pref("fission.autostart", true);
user_pref("geo.enabled", false);
user_pref("geo.provider.ms-windows-location", false);
user_pref("geo.provider.network.url", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%");
user_pref("geo.provider.use_corelocation", false);
user_pref("geo.provider.use_geoclue", false);
user_pref("geo.provider.use_gpsd", false);
user_pref("gfx.webrender.all", true);
user_pref("intl.accept_languages", "en-US, en");
user_pref("javascript.options.baselinejit", false);
user_pref("javascript.options.blinterp", false);
user_pref("javascript.options.ion", false);
user_pref("javascript.options.wasm_baselinejit", false);
user_pref("javascript.use_us_english_locale", true);
user_pref("media.autoplay.default", 5);
user_pref("media.eme.enabled", false);
user_pref("media.peerconnection.enabled", false);
user_pref("media.peerconnection.ice.default_address_only", true);
user_pref("media.peerconnection.ice.no_host", true);
user_pref("media.peerconnection.ice.proxy_only_if_behind_proxy", true);
user_pref("network.IDN_show_punycode", true);
user_pref("network.auth.subresource-http-auth-allow", 1);
user_pref("network.captive-portal-service.enabled", false);
user_pref("network.connectivity-service.enabled", false);
user_pref("network.cookie.cookieBehavior", 1);
user_pref("network.dns.disableIPv6", true);
user_pref("network.dns.disablePrefetch", true);
user_pref("network.dns.disablePrefetchFromHTTPS", true);
user_pref("network.dns.echconfig.enabled", true);
user_pref("network.dns.http3_echconfig.enabled", true);
user_pref("network.dns.use_https_rr_as_altsvc", true);
user_pref("network.file.disable_unc_paths", true);
user_pref("network.gio.supported-protocols", "");
user_pref("network.http.http3.enable", true);
user_pref("network.http.referer.XOriginPolicy", 2);
user_pref("network.http.referer.XOriginTrimmingPolicy", 2);
user_pref("network.http.referer.spoofSource", true);
user_pref("network.http.referer.trimmingPolicy", 2);
user_pref("network.http.speculative-parallel-limit", 0);
user_pref("network.predictor.enable-prefetch", false);
user_pref("network.predictor.enabled", false);
user_pref("network.prefetch-next", false);
user_pref("network.trr.mode", 3);
user_pref("network.trr.uri", "https://mozilla.cloudflare-dns.com/dns-query");
user_pref("network.trr.useGET", true);
user_pref("pdfjs.enableScripting", false);
user_pref("permissions.manager.defaultsUrl", "");
user_pref("privacy.donottrackheader.enabled", true);
user_pref("privacy.firstparty.isolate", true);
user_pref("privacy.partition.always_partition_third_party_non_cookie_storage", true);
user_pref("privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage", true);
user_pref("privacy.partition.serviceWorkers", true);
user_pref("privacy.query_stripping.enabled", true);
user_pref("privacy.resistFingerprinting", true);
user_pref("privacy.resistFingerprinting.block_mozAddonManager", true);
user_pref("privacy.socialtracking.block_cookies.enabled", true);
user_pref("privacy.spoof_english", 2);
user_pref("privacy.trackingprotection.cryptomining.enabled", true);
user_pref("privacy.trackingprotection.enabled", true);
user_pref("privacy.trackingprotection.fingerprinting.enabled", true);
user_pref("privacy.trackingprotection.socialtracking.enabled", true);
user_pref("privacy.userContext.enabled", true);
user_pref("privacy.userContext.ui.enabled", true);
user_pref("privacy.window.maxInnerHeight", 900);
user_pref("privacy.window.maxInnerWidth", 1600);
user_pref("security.OCSP.enabled", 0);
user_pref("security.OCSP.require", true);
user_pref("security.cert_pinning.enforcement_level", 2);
user_pref("security.pki.crlite_mode", 2);
user_pref("security.pki.sha1_enforcement_level", 1);
user_pref("security.remote_settings.crlite_filters.enabled", true);
user_pref("security.sandbox.content.win32k-disable", true);
user_pref("security.sandbox.gmp.shadow-stack.enabled", true);
user_pref("security.sandbox.gmp.win32k-disable", true);
user_pref("security.sandbox.gpu.level", 1);
user_pref("security.sandbox.gpu.shadow-stack.enabled", true);
user_pref("security.ssl3.dhe_rsa_aes_128_sha", false);
user_pref("security.ssl3.dhe_rsa_aes_256_sha", false);
user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false);
user_pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false);
user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", false);
user_pref("security.ssl3.ecdhe_rsa_aes_256_sha", false);
user_pref("security.ssl3.rsa_aes_128_gcm_sha256", false);
user_pref("security.ssl3.rsa_aes_128_sha", false);
user_pref("security.ssl3.rsa_aes_256_gcm_sha384", false);
user_pref("security.ssl3.rsa_aes_256_sha", false);
user_pref("security.tls.ech.grease_http3", true);
user_pref("security.tls.enable_0rtt_data", false);
user_pref("security.tls.enable_delegated_credentials", true);
user_pref("security.tls.version.min", 3);
user_pref("signon.autofillForms", false);
user_pref("signon.formlessCapture.enabled", false);
user_pref("signon.rememberSignons", false);
user_pref("toolkit.coverage.endpoint.base", "");
user_pref("toolkit.coverage.opt-out", true);
user_pref("toolkit.telemetry.archive.enabled", false);
user_pref("toolkit.telemetry.bhrPing.enabled", false);
user_pref("toolkit.telemetry.coverage.opt-out", true);
user_pref("toolkit.telemetry.enabled", false);
user_pref("toolkit.telemetry.firstShutdownPing.enabled", false);
user_pref("toolkit.telemetry.newProfilePing.enabled", false);
user_pref("toolkit.telemetry.server", "data:,");
user_pref("toolkit.telemetry.shutdownPingSender.enabled", false);
user_pref("toolkit.telemetry.unified", false);
user_pref("toolkit.telemetry.updatePing.enabled", false);
user_pref("webgl.disabled", true);

airglow923/firefox-about-config.md

airglow923 commented Aug 9, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

airglow923 commented Aug 9, 2025 •

edited

Loading