API tools faq
paste
Advertisement
Guest User

privacy config for firefox and librewolf

a guest
Mar 27th, 2022
182
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 20.28 KB | None | 0 0
raw download clone embed print report
  1. //start
  2. lockPref("librewolf.cfg.version", "6.0");
  3. lockPref("browser.contentblocking.category", "strict");
  4. lockPref("network.cookie.cookieBehavior", 5); // enforce dFPI
  5. lockPref("privacy.partition.serviceWorkers", true); // isolate service workers
  6. lockPref("network.cookie.lifetimePolicy", 2); // keep cookies until end of the session, then clear
  7. lockPref("network.cookie.thirdparty.sessionOnly", true);
  8. lockPref("network.cookie.thirdparty.nonsecureSessionOnly", true);
  9. lockPref("privacy.clearOnShutdown.cookies", false);
  10. lockPref("privacy.sanitize.sanitizeOnShutdown", true);
  11. lockPref("privacy.sanitize.timeSpan", 0);
  12. lockPref("browser.cache.disk.enable", false); // disable disk cache
  13. lockPref("browser.privatebrowsing.forceMediaMemoryCache", true);
  14. lockPref("media.memory_cache_max_size", 65536);
  15. lockPref("browser.shell.shortcutFavicons", false);
  16. lockPref("browser.pagethumbnails.capturing_disabled", true);
  17. lockPref("browser.helperApps.deleteTempFileOnExit", true); // delete temporary files opened with external apps
  18. lockPref("privacy.history.custom", true);
  19. lockPref("browser.privatebrowsing.autostart", false);
  20. lockPref("browser.formfill.enable", false); // disable form history
  21. lockPref("browser.sessionstore.privacy_level", 2); // prevent websites from storing session data like cookies and forms
  22. lockPref("browser.sessionstore.interval", 60000); // increase time between session saves
  23. lockPref("privacy.query_stripping.enabled", true);
  24. lockPref("privacy.query_stripping.strip_list", "__hsfp __hssc __hstc __s _hsenc _openstat dclid fbclid gbraid gclid hsCtaTracking igshid mc_eid ml_subscriber ml_subscriber_hash msclkid oly_anon_id oly_enc_id rb_clickid s_cid twclid vero_conv vero_id wbraid wickedid yclid");
  25. lockPref("librewolf.uBO.assetsBootstrapLocation", "https://gitlab.com/librewolf-community/browser/source/-/raw/main/assets/uBOAssets.json");
  26. lockPref("dom.security.https_only_mode", true); // only allow https in all windows, including private browsing
  27. lockPref("network.auth.subresource-http-auth-allow", 1); // block HTTP authentication credential dialogs
  28. lockPref("security.mixed_content.block_display_content", true); // block insecure passive content
  29. lockPref("network.dns.disableIPv6", true);
  30. lockPref("network.http.referer.XOriginPolicy", 0); // default, might be worth changing to 2 to stop sending them completely
  31. lockPref("network.http.referer.XOriginTrimmingPolicy", 2); // trim referer to only send scheme, host and port
  32. lockPref("media.peerconnection.ice.no_host", true); // don't use any private IPs for ICE candidate
  33. lockPref("media.peerconnection.ice.default_address_only", true); // use a single interface for ICE candidates, the vpn one when a vpn is used
  34. lockPref("network.gio.supported-protocols", ""); // disable gio as it could bypass proxy
  35. lockPref("network.file.disable_unc_paths", true); // hidden, disable using uniform naming convention to prevent proxy bypass
  36. lockPref("network.proxy.socks_remote_dns", true); // forces dns query through the proxy when using one
  37. lockPref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); // force webrtc inside proxy when one is used
  38. lockPref("network.trr.confirmationNS", "skip"); // skip undesired doh test connection
  39. lockPref("network.dns.disablePrefetch", true); // disable dns prefetching
  40. lockPref("network.trr.mode", 2);
  41. lockPref("network.trr.uri", "https://dns.quad9.net/dns-query");
  42. lockPref("network.predictor.enabled", false);
  43. lockPref("network.prefetch-next", false);
  44. lockPref("network.http.speculative-parallel-limit", 0);
  45. lockPref("browser.places.speculativeConnect.enabled", false);
  46. lockPref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0);
  47. lockPref("browser.urlbar.speculativeConnect.enabled", false);
  48. lockPref("browser.fixup.alternate.enabled", false);
  49. lockPref("network.manage-offline-status", false);
  50. lockPref("privacy.resistFingerprinting", true);
  51. lockPref("privacy.resistFingerprinting.block_mozAddonManager", true); // prevents rfp from breaking AMO
  52. lockPref("browser.startup.blankWindow", false); // if set to true it breaks RFP windows resizing
  53. lockPref("browser.display.use_system_colors", false); // default but enforced due to RFP
  54. lockPref("privacy.window.maxInnerWidth", 1600);
  55. lockPref("privacy.window.maxInnerHeight", 1000);
  56. lockPref("privacy.resistFingerprinting.letterboxing", false);
  57. lockPref("webgl.disabled", true);
  58. lockPref("fission.autostart", true);
  59. lockPref("security.cert_pinning.enforcement_level", 2); // enable strict public key pinning, might cause issues with AVs
  60. lockPref("security.pki.sha1_enforcement_level", 1); // disable sha-1 certificates
  61. lockPref("security.ssl.require_safe_negotiation", true);
  62. lockPref("security.ssl.treat_unsafe_negotiation_as_broken", true);
  63. lockPref("security.remote_settings.crlite_filters.enabled", true);
  64. lockPref("security.pki.crlite_mode", 2); // mode 2 means enforce CRL checks
  65. lockPref("security.OCSP.enabled", 1); // default
  66. lockPref("security.OCSP.require", true); // set to hard-fail
  67. lockPref("security.tls.enable_0rtt_data", false); // disable 0 RTT to improve tls 1.3 security
  68. lockPref("security.tls.version.enable-deprecated", false); // make TLS downgrades session only by enforcing it with pref()
  69. lockPref("browser.ssl_override_behavior", 1);
  70. lockPref("browser.xul.error_pages.expert_bad_cert", true);
  71. lockPref("permissions.delegation.enabled", false); // force permission request to show real origin
  72. lockPref("permissions.manager.defaultsUrl", ""); // revoke special permissions for some mozilla domains
  73. lockPref("gfx.font_rendering.opentype_svg.enabled", false); // disale svg opentype fonts
  74. lockPref("browser.safebrowsing.malware.enabled", false);
  75. lockPref("browser.safebrowsing.phishing.enabled", false);
  76. lockPref("browser.safebrowsing.blockedURIs.enabled", false);
  77. lockPref("browser.safebrowsing.provider.google4.gethashURL", "");
  78. lockPref("browser.safebrowsing.provider.google4.updateURL", "");
  79. lockPref("browser.safebrowsing.provider.google.gethashURL", "");
  80. lockPref("browser.safebrowsing.provider.google.updateURL", "");
  81. lockPref("browser.safebrowsing.downloads.enabled", false);
  82. lockPref("browser.safebrowsing.downloads.remote.enabled", false);
  83. lockPref("browser.safebrowsing.downloads.remote.url", "");
  84. lockPref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false);
  85. lockPref("browser.safebrowsing.downloads.remote.block_uncommon", false);
  86. lockPref("browser.safebrowsing.passwords.enabled", false);
  87. lockPref("browser.safebrowsing.provider.google4.dataSharing.enabled", false);
  88. lockPref("browser.safebrowsing.provider.google4.dataSharingURL", "");
  89. lockPref("security.csp.enable", true); // enforce csp, default
  90. lockPref("network.IDN_show_punycode", true); // use punycode in idn to prevent spoofing
  91. lockPref("pdfjs.enableScripting", false); // disable js scripting in the built-in pdf reader
  92. lockPref("geo.provider.network.url", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%");
  93. lockPref("geo.provider.ms-windows-location", false); // [WINDOWS]
  94. lockPref("geo.provider.use_corelocation", false); // [MAC]
  95. lockPref("geo.provider.use_gpsd", false); // [LINUX]
  96. lockPref("javascript.use_us_english_locale", true);
  97. lockPref("intl.accept_languages", "en-US, en");
  98. lockPref("browser.region.network.url", "");
  99. lockPref("browser.region.update.enabled", false);
  100. lockPref("media.eme.enabled", false); // master switch for drm content
  101. lockPref("media.gmp-manager.url", "data:text/plain,"); // prevent checks for plugin updates when drm is disabled
  102. lockPref("media.gmp-provider.enabled", false);
  103. lockPref("media.gmp-gmpopenh264.enabled", false);
  104. lockPref("browser.urlbar.suggest.searches", false);
  105. lockPref("browser.search.suggest.enabled", false);
  106. lockPref("browser.search.update", false);
  107. lockPref("browser.urlbar.trimURLs", false);
  108. lockPref("browser.urlbar.quicksuggest.scenario", "history");
  109. lockPref("browser.urlbar.quicksuggest.enabled", false);
  110. lockPref("browser.urlbar.suggest.quicksuggest.nonsponsored", false);
  111. lockPref("browser.urlbar.suggest.quicksuggest.sponsored", false);
  112. lockPref("browser.urlbar.quicksuggest.dataCollection.enabled", false); // default
  113. lockPref("browser.download.useDownloadDir", false);
  114. lockPref("browser.download.autohideButton", false); // do not hide download button automatically
  115. lockPref("browser.download.manager.addToRecentDocs", false); // do not add downloads to recents
  116. lockPref("browser.download.alwaysOpenPanel", false); // do not expand toolbar menu for every download, we already have enough interaction
  117. lockPref("media.autoplay.blocking_policy", 2);
  118. lockPref("media.autoplay.default", 5);
  119. lockPref("dom.disable_beforeunload", true); // disable "confirm you want to leave" pop-ups
  120. lockPref("dom.disable_open_during_load", true); // block pop-ups windows
  121. lockPref("dom.popup_allowed_events", "click dblclick mousedown pointerdown");
  122. lockPref("dom.disable_window_move_resize", true);
  123. lockPref("browser.link.open_newwindow", 3);
  124. lockPref("browser.link.open_newwindow.restriction", 0);
  125. lockPref("middlemouse.contentLoadURL", false); // prevent mouse middle click from opening links
  126. lockPref("extensions.webextensions.restrictedDomains", "");
  127. lockPref("extensions.enabledScopes", 5); // hidden
  128. lockPref("extensions.postDownloadThirdPartyPrompt", false);
  129. lockPref("extensions.systemAddon.update.enabled", false);
  130. lockPref("extensions.systemAddon.update.url", "");
  131. lockPref("extensions.webcompat-reporter.enabled", false);
  132. lockPref("extensions.webcompat-reporter.newIssueEndpoint", "");
  133. lockPref("extensions.webextensions.base-content-security-policy", "default-src 'none'; script-src 'none'; object-src 'none';");
  134. lockPref("extensions.webextensions.base-content-security-policy.v3", "default-src 'none'; script-src 'none'; object-src 'none';");
  135. lockPref("app.update.auto", false);
  136. lockPref("identity.fxaccounts.enabled", false);
  137. lockPref("signon.rememberSignons", false);
  138. lockPref("signon.autofillForms", false);
  139. lockPref("extensions.formautofill.available", "off");
  140. lockPref("extensions.formautofill.addresses.enabled", false);
  141. lockPref("extensions.formautofill.creditCards.enabled", false);
  142. lockPref("extensions.formautofill.creditCards.available", false);
  143. lockPref("extensions.formautofill.heuristics.enabled", false);
  144. lockPref("signon.formlessCapture.enabled", false);
  145. lockPref("privacy.userContext.enabled", true);
  146. lockPref("privacy.userContext.ui.enabled", true);
  147. lockPref("devtools.chrome.enabled", false);
  148. lockPref("devtools.debugger.remote-enabled", false);
  149. lockPref("devtools.remote.adb.extensionURL", "");
  150. lockPref("devtools.selfxss.count", 0); // required for devtools console to work
  151. lockPref("browser.translation.engine", ""); // remove translation engine
  152. lockPref("accessibility.force_disabled", 1); // block accessibility services
  153. lockPref("webchannel.allowObject.urlWhitelist", ""); // do not receive objects through webchannels
  154. lockPref("app.support.baseURL", "https://librewolf.net/docs/faq/#");
  155. lockPref("browser.search.searchEnginesURL", "https://librewolf.net/docs/faq/#how-do-i-add-a-search-engine");
  156. lockPref("browser.geolocation.warning.infoURL", "https://librewolf.net/docs/faq/#how-do-i-enable-location-aware-browsing");
  157. lockPref("app.feedback.baseURL", "https://librewolf.net/#questions");
  158. lockPref("app.releaseNotesURL", "https://gitlab.com/librewolf-community/browser");
  159. lockPref("app.releaseNotesURL.aboutDialog", "https://gitlab.com/librewolf-community/browser");
  160. lockPref("app.update.url.details", "https://gitlab.com/librewolf-community/browser");
  161. lockPref("app.update.url.manual", "https://gitlab.com/librewolf-community/browser");
  162. lockPref("browser.startup.homepage_override.mstone", "ignore");
  163. lockPref("startup.homepage_override_url", "about:blank");
  164. lockPref("startup.homepage_welcome_url", "about:blank");
  165. lockPref("startup.homepage_welcome_url.additional", "");
  166. lockPref("browser.messaging-system.whatsNewPanel.enabled", false);
  167. lockPref("browser.uitour.enabled", false);
  168. lockPref("browser.uitour.url", "");
  169. lockPref("browser.shell.checkDefaultBrowser", false);
  170. lockPref("browser.newtab.preload", false);
  171. lockPref("browser.newtabpage.activity-stream.section.highlights.includeDownloads", false);
  172. lockPref("browser.newtabpage.activity-stream.section.highlights.includeVisited", false);
  173. lockPref("browser.newtabpage.activity-stream.feeds.topsites", false);
  174. lockPref("browser.newtabpage.activity-stream.feeds.section.topstories", false);
  175. lockPref("browser.newtabpage.activity-stream.feeds.system.topstories", false);
  176. lockPref("browser.newtabpage.activity-stream.feeds.telemetry", false);
  177. lockPref("browser.newtabpage.activity-stream.feeds.section.topstories.options", "{\"hidden\":true}"); // hide buggy pocket section from about:preferences#home
  178. lockPref("browser.newtabpage.activity-stream.showSponsored", false);
  179. lockPref("browser.newtabpage.activity-stream.showSponsoredTopSites", false);
  180. lockPref("browser.newtabpage.activity-stream.telemetry", false);
  181. lockPref("browser.newtabpage.activity-stream.default.sites", "");
  182. lockPref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", false);
  183. lockPref("browser.newtabpage.activity-stream.discoverystream.enabled", false);
  184. lockPref("browser.newtabpage.activity-stream.feeds.snippets", false); // default
  185. lockPref("browser.contentblocking.report.lockwise.enabled", false);
  186. lockPref("browser.contentblocking.report.monitor.enabled", false);
  187. lockPref("browser.contentblocking.report.hide_vpn_banner", true);
  188. lockPref("browser.contentblocking.report.vpn.enabled", false);
  189. lockPref("browser.contentblocking.report.show_mobile_app", false);
  190. lockPref("extensions.htmlaboutaddons.recommendations.enabled", false);
  191. lockPref("extensions.getAddons.showPane", false);
  192. lockPref("extensions.getAddons.cache.enabled", false); // disable fetching of extension metadata
  193. lockPref("lightweightThemes.getMoreURL", ""); // disable button to get more themes
  194. lockPref("browser.topsites.useRemoteSetting", false); // hide sponsored shortcuts button
  195. lockPref("browser.aboutConfig.showWarning", false);
  196. lockPref("browser.preferences.moreFromMozilla", false);
  197. lockPref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false);
  198. lockPref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false);
  199. lockPref("toolkit.telemetry.unified", false); // master switch
  200. lockPref("toolkit.telemetry.enabled", false); // master switch
  201. lockPref("toolkit.telemetry.server", "data:,");
  202. lockPref("toolkit.telemetry.archive.enabled", false);
  203. lockPref("toolkit.telemetry.newProfilePing.enabled", false);
  204. lockPref("toolkit.telemetry.updatePing.enabled", false);
  205. lockPref("toolkit.telemetry.firstShutdownPing.enabled", false);
  206. lockPref("toolkit.telemetry.shutdownPingSender.enabled", false);
  207. lockPref("toolkit.telemetry.shutdownPingSender.enabledFirstSession", false); // default
  208. lockPref("toolkit.telemetry.bhrPing.enabled", false);
  209. lockPref("toolkit.telemetry.reportingpolicy.firstRun", false); // default
  210. lockPref("toolkit.telemetry.cachedClientID", "");
  211. lockPref("toolkit.telemetry.previousBuildID", "");
  212. lockPref("toolkit.telemetry.server_owner", "");
  213. lockPref("toolkit.coverage.opt-out", true); // hidden
  214. lockPref("toolkit.telemetry.coverage.opt-out", true); // hidden
  215. lockPref("toolkit.coverage.enabled", false);
  216. lockPref("toolkit.coverage.endpoint.base", "");
  217. lockPref("toolkit.crashreporter.infoURL", "");
  218. lockPref("datareporting.healthreport.uploadEnabled", false);
  219. lockPref("datareporting.policy.dataSubmissionEnabled", false);
  220. lockPref("security.protectionspopup.recordEventTelemetry", false);
  221. lockPref("browser.ping-centre.telemetry", false);
  222. lockPref("app.normandy.enabled", false);
  223. lockPref("app.normandy.api_url", "");
  224. lockPref("app.shield.optoutstudies.enabled", false);
  225. lockPref("browser.discovery.enabled", false);
  226. lockPref("browser.discovery.containers.enabled", false);
  227. lockPref("browser.discovery.sites", "");
  228. lockPref("browser.tabs.crashReporting.sendReport", false);
  229. lockPref("breakpad.reportURL", "");
  230. lockPref("network.connectivity-service.enabled", false);
  231. lockPref("network.captive-portal-service.enabled", false);
  232. lockPref("captivedetect.canonicalURL", "");
  233. lockPref("beacon.enabled", false);
  234. lockPref("app.update.service.enabled", false);
  235. lockPref("app.update.background.scheduling.enabled", false);
  236. lockPref("default-browser-agent.enabled", false); // disable windows specific telemetry
  237. lockPref("network.protocol-handler.external.ms-windows-store", false); // prevent links from launching windows store
  238. lockPref("toolkit.winRegisterApplicationRestart", false); // disable automatic start and session restore after reboot
  239. lockPref("security.family_safety.mode", 0); // disable win8.1 family safety cert
  240. lockPref("network.http.windows-sso.enabled", false); // disable MS auto authentication via sso
  241. // Custom Config
  242. lockPref("browser.newtabpage.activity-stream.telemetry.structuredIngestion.endpoint", "");
  243. lockPref("browser.urlbar.suggest.remotetab", false);
  244. lockPref("privacy.resistFingerprinting.autoDeclineNoUserInputCanvasPrompts", true);
  245. lockPref("dom.security.unexpected_system_load_telemetry_enabled", false);
  246. lockPref("network.trr.confirmation_telemetry_enabled", false);
  247. lockPref("security.app_menu.recordEventTelemetry", false);
  248. lockPref("security.certerrors.recordEventTelemetry", false);
  249. lockPref("security.identitypopup.recordEventTelemetry", false);
  250. lockPref("toolkit.telemetry.pioneer-new-studies-available", false);
  251. lockPref("toolkit.telemetry.testing.overrideProductsCheck", false);
  252. lockPref("toolkit.telemetry.pioneer-new-studies-available", false);
  253. lockPref("privacy.clearOnShutdown.cache", true);
  254. lockPref("privacy.clearOnShutdown.cookies", true);
  255. lockPref("privacy.clearOnShutdown.downloads", true);
  256. lockPref("privacy.clearOnShutdown.formdata", true);
  257. lockPref("privacy.clearOnShutdown.history", true);
  258. lockPref("privacy.clearOnShutdown.offlineApps", true);
  259. lockPref("privacy.clearOnShutdown.openWindows", true);
  260. lockPref("privacy.clearOnShutdown.sessions", true);
  261. lockPref("privacy.clearOnShutdown.siteSettings", true);
  262. lockPref("privacy.trackingprotection.annotate_channels", true);
  263. lockPref("privacy.trackingprotection.cryptomining.enabled", true);
  264. lockPref("privacy.trackingprotection.enabled", true);
  265. lockPref("privacy.trackingprotection.socialtracking.enabled", true);
  266. lockPref("privacy.donottrackheader.enabled", true);
  267. lockPref("privacy.trackingprotection.fingerprinting.enabled", true);
  268. lockPref("privacy.trackingprotection.pbmode.enabled", true);
  269. lockPref("browser.safebrowsing.downloads.remote.url", "")
  270. lockPref("browser.safebrowsing.provider.google4.reportURL", "")
  271. lockPref("browser.safebrowsing.provider.google.reportURL", "")
  272. lockPref("browser.safebrowsing.provider.google4.dataSharingURL", "")
  273. lockPref("media.gmp-widevinecdm.autoupdate", false);
  274. lockPref("media.gmp-widevinecdm.enabled", false);
  275. lockPref("media.gmp-widevinecdm.visible", false);
  276. lockPref("media.peerconnection.enabled", false);
  277. lockPref("network.allow-experiments", false);
  278. lockPref("experiments.enabled", false);
  279. lockPref("experiments.supported", false);
  280. lockPref("geo.experiments.activeExperiment", false);
  281. lockPref("extensions.pocket.enabled", false);
  282. lockPref("extensions.pocket.api", "");
  283. lockPref("extensions.pocket.site", "");
  284. lockPref("geo.enable", false);
  285. lockPref("geo.enabled", false);
  286. lockPref("accessibility.typeaheadfind", false);
  287. lockPref("accessibility.typeaheadfind.autostart", false);
  288. lockPref("accessibility.typeaheadfind.prefillwithselection", false);
  289. lockPref("accessibility.browsewithcaret", false);
  290. lockPref("browser.newtabpage.activity-stream.section.highlights.includePocket", false);
  291. lockPref("browser.urlbar.showSearchSuggestionsFirst", false);
  292. lockPref("signon.generation.enabled", false);
  293. lockPref("places.history.enabled", false);
  294. lockPref("layout.spellcheckDefault", 0);
  295. defaultPref("browser.urlbar.suggest.bookmark", false);
  296. defaultPref("browser.urlbar.suggest.engines", false);
  297. defaultPref("browser.urlbar.suggest.openpage", false);
  298. defaultPref("browser.urlbar.suggest.topsites", false);
  299. defaultPref("media.videocontrols.picture-in-picture.video-toggle.enabled", false);
  300. defaultPref("ui.osk.enabled", false);
  301. defaultPref("browser.newtabpage.activity-stream.showSearch", true);
  302. defaultPref("media.hardwaremediakeys.enabled", false);
  303. defaultPref("browser.newtabpage.activity-stream.section.highlights.includeBookmarks", false);
  304. let profile_directory;
  305. if (profile_directory = getenv('USERPROFILE') || getenv('HOME')) {
  306. lockPref('autoadmin.global_config_url', `file://${profile_directory}/.librewolf/librewolf.overrides.cfg`);
  307. }
  308.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!