minor wording changes (#583)
This commit is contained in:
parent
74ebacc0dd
commit
71a2d393f3
47
user.js
47
user.js
@ -50,7 +50,7 @@
|
||||
0700: HTTP* / TCP/IP / DNS / PROXY / SOCKS etc
|
||||
0800: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS
|
||||
0900: PASSWORDS
|
||||
1000: CACHE
|
||||
1000: CACHE / SESSION (RE)STORE / FAVICONS
|
||||
1200: HTTPS (SSL/TLS / OCSP / CERTS / HSTS / HPKP / CIPHERS)
|
||||
1400: FONTS
|
||||
1600: HEADERS / REFERERS
|
||||
@ -488,7 +488,7 @@ user_pref("network.proxy.socks_remote_dns", true);
|
||||
user_pref("network.proxy.autoconfig_url.include_path", false); // [DEFAULT: false]
|
||||
/* 0707: disable (or setup) DNS-over-HTTPS (DoH) [FF60+]
|
||||
* TRR = Trusted Recursive Resolver
|
||||
* .mode: 0=off, 1=race, 2=TRR first, 3=TRR only, 4=race for stats, but always use native result
|
||||
* .mode: 0=off, 1=race, 2=TRR first, 3=TRR only, 4=race for stats but always use native result
|
||||
* [WARNING] DoH bypasses hosts and gives info to yet another party (e.g. Cloudflare)
|
||||
* [1] https://www.ghacks.net/2018/04/02/configure-dns-over-https-in-firefox/
|
||||
* [2] https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/ ***/
|
||||
@ -546,7 +546,7 @@ user_pref("browser.sessionhistory.max_entries", 10);
|
||||
* [3] https://developer.mozilla.org/docs/Web/CSS/Privacy_and_the_:visited_selector ***/
|
||||
user_pref("layout.css.visited_links_enabled", false);
|
||||
/* 0806: disable displaying javascript in history URLs ***/
|
||||
user_pref("browser.urlbar.filter.javascript", true);
|
||||
user_pref("browser.urlbar.filter.javascript", true); // [DEFAULT: true]
|
||||
/* 0807: disable search bar LIVE search suggestions
|
||||
* [SETTING] Search>Provide search suggestions ***/
|
||||
user_pref("browser.search.suggest.enabled", false);
|
||||
@ -651,7 +651,7 @@ user_pref("security.insecure_field_warning.contextual.enabled", true);
|
||||
* [1] https://bugzilla.mozilla.org/1357835 ***/
|
||||
user_pref("network.auth.subresource-img-cross-origin-http-auth-allow", false);
|
||||
|
||||
/*** [SECTION 1000]: CACHE [SETUP-CHROME]
|
||||
/*** [SECTION 1000]: CACHE / SESSION (RE)STORE / FAVICONS [SETUP-CHROME]
|
||||
ETAG [1] and other [2][3] cache tracking/fingerprinting techniques can be averted by
|
||||
disabling *BOTH* disk (1001) and memory (1003) cache. ETAGs can also be neutralized
|
||||
by modifying response headers [4]. Another solution is to use a hardened configuration
|
||||
@ -691,6 +691,7 @@ user_pref("browser.cache.disk_cache_ssl", false);
|
||||
/* 1008: set DNS cache and expiration time (default 400 and 60, same as Tor Browser) ***/
|
||||
// user_pref("network.dnsCacheEntries", 400);
|
||||
// user_pref("network.dnsCacheExpiration", 60);
|
||||
|
||||
/** SESSIONS & SESSION RESTORE ***/
|
||||
/* 1020: limit Session Restore to last active tab and window
|
||||
* [SETUP-CHROME] This also disables the "Recently Closed Tabs" feature
|
||||
@ -702,7 +703,7 @@ user_pref("browser.sessionstore.max_windows_undo", 0);
|
||||
* define on which sites to save extra session data:
|
||||
* 0=everywhere, 1=unencrypted sites, 2=nowhere ***/
|
||||
user_pref("browser.sessionstore.privacy_level", 2);
|
||||
/* 1022: disable resuming session from crash [SETUP-CHROME] ***/
|
||||
/* 1022: disable resuming session from crash ***/
|
||||
user_pref("browser.sessionstore.resume_from_crash", false);
|
||||
/* 1023: set the minimum interval between session save operations
|
||||
* Increasing this can help on older machines and some websites, as well as reducing writes, see [1]
|
||||
@ -715,6 +716,7 @@ user_pref("browser.sessionstore.interval", 30000);
|
||||
/* 1024: disable automatic Firefox start and session restore after reboot [FF62+] [WINDOWS]
|
||||
* [1] https://bugzilla.mozilla.org/603903 ***/
|
||||
user_pref("toolkit.winRegisterApplicationRestart", false);
|
||||
|
||||
/** FAVICONS ***/
|
||||
/* 1030: disable favicons in shortcuts
|
||||
* URL shortcuts use a cached randomly named .ico file which is stored in your
|
||||
@ -748,7 +750,7 @@ user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!");
|
||||
* [2] https://www.ssllabs.com/ssl-pulse/ ***/
|
||||
user_pref("security.ssl.require_safe_negotiation", true);
|
||||
/* 1202: control TLS versions with min and max
|
||||
* 1=TLS 1.0, 2=TLS 1.1, 3=TLS 1.2, 4=TLS 1.3 etc
|
||||
* 1=TLS 1.0, 2=TLS 1.1, 3=TLS 1.2, 4=TLS 1.3
|
||||
* [NOTE] Jul-2017: Telemetry indicates approx 2% of TLS web traffic uses 1.0 or 1.1
|
||||
* [1] http://kb.mozillazine.org/Security.tls.version.*
|
||||
* [2] https://www.ssl.com/how-to/turn-off-ssl-3-0-and-tls-1-0-in-your-browser/
|
||||
@ -831,7 +833,7 @@ user_pref("security.mixed_content.block_object_subrequest", true);
|
||||
* 2=deprecated option that now maps to 1
|
||||
* 3=only allowed for locally-added roots (e.g. anti-virus)
|
||||
* 4=only allowed for locally-added roots or for certs in 2015 and earlier
|
||||
* [SETUP-WEB] When disabled, some man-in-the-middle devices (e.g. security scanners and
|
||||
* [SETUP-CHROME] When disabled, some man-in-the-middle devices (e.g. security scanners and
|
||||
* antivirus products, may fail to connect to HTTPS sites. SHA-1 is *almost* obsolete.
|
||||
* [1] https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/ ***/
|
||||
user_pref("security.pki.sha1_enforcement_level", 1);
|
||||
@ -910,9 +912,8 @@ user_pref("font.blacklist.underline_offset", "");
|
||||
user_pref("gfx.font_rendering.graphite.enabled", false);
|
||||
/* 1409: limit system font exposure to a whitelist [FF52+] [RESTART]
|
||||
* If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed.
|
||||
* [WARNING] Creating your own probably highly-unique whitelist will raise your entropy. If
|
||||
* you block sites choosing fonts in 1401, this preference is irrelevant. In future,
|
||||
* privacy.resistFingerprinting (see 4500) will cover this (and 1401 can be relaxed)
|
||||
* [WARNING] Creating your own probably highly-unique whitelist will raise your entropy.
|
||||
* Eventually privacy.resistFingerprinting (see 4500) will cover this (and 1401 can be relaxed)
|
||||
* [1] https://bugzilla.mozilla.org/1121643 ***/
|
||||
// user_pref("font.system.whitelist", ""); // [HIDDEN PREF]
|
||||
|
||||
@ -980,10 +981,9 @@ user_pref("privacy.userContext.ui.enabled", true);
|
||||
user_pref("privacy.userContext.enabled", true);
|
||||
/* 1703: enable a private container for thumbnail loads [FF51+] ***/
|
||||
user_pref("privacy.usercontext.about_newtab_segregation.enabled", true); // [DEFAULT: true in FF61+]
|
||||
/* 1704: set long press behaviour on "+ Tab" button to display container menu [FF53+]
|
||||
* 0=disables long press, 1=when clicked, the menu is shown
|
||||
* 2=the menu is shown after X milliseconds
|
||||
* [NOTE] The menu does not contain a non-container tab option
|
||||
/* 1704: set behaviour on "+ Tab" button to display container menu [FF53+] [SETUP-CHROME]
|
||||
* 0=no menu (default), 1=show when clicked, 2=show on long press
|
||||
* [NOTE] The menu does not contain a non-container tab option (use Ctrl+T to open non-container tab)
|
||||
* [1] https://bugzilla.mozilla.org/1328756 ***/
|
||||
user_pref("privacy.userContext.longPressBehavior", 2);
|
||||
|
||||
@ -1022,8 +1022,8 @@ user_pref("media.gmp-widevinecdm.autoupdate", false);
|
||||
* [SETTING] General>DRM Content>Play DRM-controlled content
|
||||
* [1] https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next ***/
|
||||
user_pref("media.eme.enabled", false);
|
||||
/* 1840: disable the OpenH264 Video Codec by Cisco to "Never Activate"
|
||||
* This is the bundled codec used for video chat in WebRTC [SETUP-WEB] ***/
|
||||
/* 1840: disable the OpenH264 Video Codec by Cisco to "Never Activate" [SETUP-WEB]
|
||||
* This is the bundled codec used for video chat in WebRTC ***/
|
||||
user_pref("media.gmp-gmpopenh264.enabled", false); // [HIDDEN PREF]
|
||||
user_pref("media.gmp-gmpopenh264.autoupdate", false);
|
||||
|
||||
@ -1095,7 +1095,7 @@ user_pref("dom.disable_window_open_feature.resizable", true); // [DEFAULT: true]
|
||||
user_pref("dom.disable_window_open_feature.status", true); // [DEFAULT: true]
|
||||
user_pref("dom.disable_window_open_feature.titlebar", true);
|
||||
user_pref("dom.disable_window_open_feature.toolbar", true);
|
||||
/* 2202: prevent scripts moving and resizing open windows ***/
|
||||
/* 2202: prevent scripts from moving and resizing open windows ***/
|
||||
user_pref("dom.disable_window_move_resize", true);
|
||||
/* 2203: open links targeting new windows in a new tab instead
|
||||
* This stops malicious window sizes and some screen resolution leaks.
|
||||
@ -1302,7 +1302,7 @@ user_pref("middlemouse.contentLoadURL", false);
|
||||
* To control HTML Meta tag and JS redirects, use an extension. Default is 20 ***/
|
||||
user_pref("network.http.redirection-limit", 10);
|
||||
/* 2615: disable websites overriding Firefox's keyboard shortcuts [FF58+]
|
||||
* 0= (default), 1=allow, 2=block
|
||||
* 0 (default) or 1=allow, 2=block
|
||||
* [NOTE] At the time of writing, causes issues with delete and backspace keys
|
||||
* [SETTING] to add site exceptions: Page Info>Permissions>Override Keyboard Shortcuts ***/
|
||||
// user_pref("permissions.default.shortcuts", 2);
|
||||
@ -1606,8 +1606,8 @@ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs")
|
||||
* [SETUP-WEB] RFP is not ready for the masses, so expect some website breakage
|
||||
* [1] https://bugzilla.mozilla.org/418986 ***/
|
||||
user_pref("privacy.resistFingerprinting", true);
|
||||
/* 4502: set new window sizes to round to hundreds [FF55+]
|
||||
* [SETUP-CHROME] Width will round down to multiples of 200s and height to 100s, to fit your screen.
|
||||
/* 4502: set new window sizes to round to hundreds [FF55+] [SETUP-CHROME]
|
||||
* Width will round down to multiples of 200s and height to 100s, to fit your screen.
|
||||
* The override values are a starting point to round from if you want some control
|
||||
* [1] https://bugzilla.mozilla.org/1330882
|
||||
* [2] https://hardware.metrics.mozilla.com/ ***/
|
||||
@ -2059,6 +2059,7 @@ user_pref("media.eme.chromium-api.enabled", false);
|
||||
// [1] https://trac.torproject.org/projects/tor/ticket/16222
|
||||
// [-] https://bugzilla.mozilla.org/1393497
|
||||
user_pref("devtools.webide.autoinstallFxdtAdapters", false);
|
||||
user_pref("devtools.webide.adaptersAddonURL", "");
|
||||
// 2600's: disable SimpleServiceDiscovery - which can bypass proxy settings - e.g. Roku
|
||||
// [1] https://trac.torproject.org/projects/tor/ticket/16222
|
||||
// [-] https://bugzilla.mozilla.org/1393582
|
||||
@ -2083,7 +2084,7 @@ user_pref("general.useragent.locale", "en-US");
|
||||
// If you have disabled health reports, then this about page is useless - disable it
|
||||
// If you want to see what health data is present, then this must be set at default
|
||||
// [-] https://bugzilla.mozilla.org/1352497
|
||||
user_pref("datareporting.healthreport.about.reportUrl", "data:text/plain,");
|
||||
user_pref("datareporting.healthreport.about.reportUrl", "data:,");
|
||||
// 0511: disable FlyWeb [FF49+]
|
||||
// Flyweb is a set of APIs for advertising and discovering local-area web servers
|
||||
// [1] https://flyweb.github.io/
|
||||
@ -2129,7 +2130,7 @@ user_pref("dom.idle-observers-api.enabled", false);
|
||||
user_pref("browser.newtabpage.directory.source", "data:text/plain,");
|
||||
user_pref("browser.newtabpage.enhanced", false);
|
||||
user_pref("browser.newtabpage.introShown", true);
|
||||
// 0512: disable Shield - replaced internally by Normandy (see 0503) [FF53+]
|
||||
// 0512: disable Shield [FF53+] - renamed to app.normandy.* (see 0503)
|
||||
// Shield is an telemetry system (including Heartbeat) that can also push and test "recipes"
|
||||
// [1] https://wiki.mozilla.org/Firefox/Shield
|
||||
// [2] https://github.com/mozilla/normandy
|
||||
@ -2187,7 +2188,7 @@ user_pref("browser.search.countryCode", "US"); // [HIDDEN PREF]
|
||||
// As Firefox transitions to Kinto, the blocklists have been broken down into entries for certs to be
|
||||
// revoked, extensions and plugins to be disabled, and gfx environments that cause problems or crashes
|
||||
// [-] https://bugzilla.mozilla.org/1458917
|
||||
user_pref("services.blocklist.update_enabled", true);
|
||||
user_pref("services.blocklist.update_enabled", true); // [DEFAULT: true]
|
||||
// 0503: disable "Savant" Shield study [FF61+]
|
||||
// [-] https://bugzilla.mozilla.org/1457226
|
||||
user_pref("shield.savant.enabled", false);
|
||||
|
Loading…
Reference in New Issue
Block a user