search

arkenfox / user.js

Firefox privacy, security and anti-tracking: a comprehensive user.js template for configuration and hardening
MIT License
10.03k stars 515 forks source link

sticky: deprecated-removed-legacy prefs #123

Open Thorin-Oakenpants opened 7 years ago

Thorin-Oakenpants commented 7 years ago

Locked sticky issue for tracking deprecated, removed, legacy and renamed preferences that were previously used in this user.js. A few others have been added FYI. This version is simplified to a single line, and the only links are those to the relevant bugzilla tickets that saw the pref removed.

Use our scratchpad script, currently for items since FF91, to help make sure these are reset - there is an archived arkenfox-cleanup.js (up to and including FF117 with everything since we started) at the bottom of this post

:small_red_triangle_down: FF127

:small_red_triangle_down: FF126

:small_red_triangle_down: FF123

:small_red_triangle_down: FF119

:small_red_triangle_down: FF118

:small_red_triangle_down: FF117

:small_red_triangle_down: FF116

:small_red_triangle_down: FF115

:small_red_triangle_down: FF114

:small_red_triangle_down: FF103

:small_red_triangle_down: FF102

:small_red_triangle_down: FF100

:small_red_triangle_down: FF99

:small_red_triangle_down: FF97

:small_red_triangle_down: FF96

:small_red_triangle_down: FF95

:small_red_triangle_down: FF94

:small_red_triangle_down: FF93

:small_red_triangle_down: FF90

:small_red_triangle_down: FF89

:small_red_triangle_down: FF87

:small_red_triangle_down: FF86

:small_red_triangle_down: FF82

:small_red_triangle_down: FF79

:small_red_triangle_down: FF78

:small_red_triangle_down: FF77

:small_red_triangle_down: FF76

:small_red_triangle_down: FF74

:small_red_triangle_down: FF72

:small_red_triangle_down: FF71

:small_red_triangle_down: FF69

:small_red_triangle_down: FF68

:small_red_triangle_down: FF67

:small_red_triangle_down: FF66

:small_red_triangle_down: FF65

:small_red_triangle_down: FF64

:small_red_triangle_down: FF63

:small_red_triangle_down: FF62

:small_red_triangle_down: FF61

:small_red_triangle_down: FF60

:small_red_triangle_down: FF59

:small_red_triangle_down: FF58

:small_red_triangle_down: FF57

:small_red_triangle_down: FF56

:small_red_triangle_down: FF55

:small_red_triangle_down: FF54

:small_red_triangle_down: FF53

:small_red_triangle_down: FF52

:small_red_triangle_down: FF51

:small_red_triangle_down: FF50

:small_red_triangle_down: FF49

:small_red_triangle_down: FF48

:small_red_triangle_down: FF47

:small_red_triangle_down: FF46

:small_red_triangle_down: FF45

:small_red_triangle_down: FF44

:small_red_triangle_down: FF43

:small_red_triangle_down: FF42 and older

:small_red_triangle_down: FYI: items never used in this user.js

...

archived section 9999

FF93-102: click me for details

```js /* ESR91.x still uses all the following prefs // [NOTE] replace the * with a slash in the line above to re-enable them // FF93 // 7003: disable non-modern cipher suites // [-] https://bugzilla.mozilla.org/1724072 // user_pref("security.ssl3.rsa_des_ede3_sha", false); // 3DES // FF94 // 1402: limit font visibility (Windows, Mac, some Linux) [FF79+] - replaced by new 1402 // [-] https://bugzilla.mozilla.org/1715507 // user_pref("layout.css.font-visibility.level", 1); // FF95 // 0807: disable location bar contextual suggestions [FF92+] - replaced by new 0807 // [-] https://bugzilla.mozilla.org/1735976 user_pref("browser.urlbar.suggest.quicksuggest", false); // FF96 // 0302: disable auto-INSTALLING Firefox updates via a background service + hide the setting [FF90+] [WINDOWS] // [SETTING] General>Firefox Updates>Automatically install updates>When Firefox is not running // [1] https://support.mozilla.org/kb/enable-background-updates-firefox-windows // [-] https://bugzilla.mozilla.org/1738983 user_pref("app.update.background.scheduling.enabled", false); // FF97 // 7006: onions - replaced by new 7006 "allowlist" // [-] https://bugzilla.mozilla.org/1744006 // user_pref("dom.securecontext.whitelist_onions", true); // 1382359 // FF99 // 6003: enforce CSP (Content Security Policy) // [1] https://developer.mozilla.org/docs/Web/HTTP/CSP // [-] https://bugzilla.mozilla.org/1754301 user_pref("security.csp.enable", true); // [DEFAULT: true] // FF100 // 7009: disable HTTP2 - replaced by network.http.http2* prefs // [WHY] Passive fingerprinting. ~50% of sites use HTTP2 [1] // [1] https://w3techs.com/technologies/details/ce-http2/all/all // [-] https://bugzilla.mozilla.org/1752621 // user_pref("network.http.spdy.enabled", false); // user_pref("network.http.spdy.enabled.deps", false); // user_pref("network.http.spdy.enabled.http2", false); // user_pref("network.http.spdy.websockets", false); // [FF65+] // FF102 // 0901: set when Firefox should prompt for the primary password // 0=once per session (default), 1=every time it's needed, 2=after n minutes (0902) // [-] https://bugzilla.mozilla.org/1767099 user_pref("security.ask_for_password", 2); // 0902: set how long in minutes Firefox should remember the primary password (0901) // [-] https://bugzilla.mozilla.org/1767099 user_pref("security.password_lifetime", 5); // [DEFAULT: 30] // 6007: enforce Local Storage Next Generation (LSNG) [FF65+] // [-] https://bugzilla.mozilla.org/1764696 user_pref("dom.storage.next_gen", true); // [DEFAULT: true FF92+] // ***/ ```

FF79-92: click me for details

```js /* ESR78.x still uses all the following prefs // [NOTE] replace the * with a slash in the line above to re-enable them // FF79 // 0212: enforce fallback text encoding to match en-US // When the content or server doesn't declare a charset the browser will // fallback to the "Current locale" based on your application language // [TEST] https://hsivonen.com/test/moz/check-charset.htm // [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/20025 // [-] https://bugzilla.mozilla.org/1603712 user_pref("intl.charset.fallback.override", "windows-1252"); // FF82 // 0206: disable geographically specific results/search engines e.g. "browser.search.*.US" // i.e. ignore all of Mozilla's various search engines in multiple locales // [-] https://bugzilla.mozilla.org/1619926 user_pref("browser.search.geoSpecificDefaults", false); user_pref("browser.search.geoSpecificDefaults.url", ""); // FF86 // 1205: disable SSL Error Reporting // [1] https://firefox-source-docs.mozilla.org/main/65.0/browser/base/sslerrorreport/preferences.html // [-] https://bugzilla.mozilla.org/1681839 user_pref("security.ssl.errorReporting.automatic", false); user_pref("security.ssl.errorReporting.enabled", false); user_pref("security.ssl.errorReporting.url", ""); // 2653: disable hiding mime types (Options>General>Applications) not associated with a plugin // [-] https://bugzilla.mozilla.org/1581678 user_pref("browser.download.hide_plugins_without_extensions", false); // FF87 // 0105d: disable Activity Stream recent Highlights in the Library [FF57+] // [-] https://bugzilla.mozilla.org/1689405 // user_pref("browser.library.activity-stream.enabled", false); // 8016: disable PointerEvents // [1] https://developer.mozilla.org/docs/Web/API/PointerEvent // [-] https://bugzilla.mozilla.org/1688105 // user_pref("dom.w3c_pointer_events.enabled", false); // FF89 // 0309: disable sending Flash crash reports // [-] https://bugzilla.mozilla.org/1682030 [underlying NPAPI code removed] user_pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false); // 0310: disable sending the URL of the website where a plugin crashed // [-] https://bugzilla.mozilla.org/1682030 [underlying NPAPI code removed] user_pref("dom.ipc.plugins.reportCrashURL", false); // 1243: block unencrypted requests from Flash on encrypted pages to mitigate MitM attacks [FF59+] // [1] https://bugzilla.mozilla.org/1190623 // [-] https://bugzilla.mozilla.org/1682030 [underlying NPAPI code removed] user_pref("security.mixed_content.block_object_subrequest", true); // 1803: disable Flash plugin // 0=deactivated, 1=ask, 2=enabled // ESR52.x is the last branch to fully support NPAPI, FF52+ stable only supports Flash // [NOTE] You can still override individual sites via site permissions // [-] https://bugzilla.mozilla.org/1682030 [underlying NPAPI code removed] user_pref("plugin.state.flash", 0); // [DEFAULT: 1] // FF90 // 0708: disable FTP [FF60+] // [-] https://bugzilla.mozilla.org/1574475 // user_pref("network.ftp.enabled", false); // [DEFAULT: false FF88+] // 7001: enforce no offline cache storage (appCache) [FF71+] // [-] https://bugzilla.mozilla.org/1694662 user_pref("browser.cache.offline.storage.enable", false); // [DEFAULT: false FF84+] // ***/ ```

FF69-78: click me for details

```js /* ESR68.x still uses all the following prefs // [NOTE] replace the * with a slash in the line above to re-enable them // FF69 // 1405: disable WOFF2 (Web Open Font Format) [FF35+] // [-] https://bugzilla.mozilla.org/1556991 // user_pref("gfx.downloadable_fonts.woff2.enabled", false); // 1802: enforce click-to-play for plugins // [-] https://bugzilla.mozilla.org/1519434 user_pref("plugins.click_to_play", true); // [DEFAULT: true FF25+] // 2033: disable autoplay for muted videos [FF63+] - replaced by 'media.autoplay.default' options (2030) // [-] https://bugzilla.mozilla.org/1562331 // user_pref("media.autoplay.allow-muted", false); // * * * / // FF71 // 2608: disable WebIDE and ADB extension download // [1] https://trac.torproject.org/projects/tor/ticket/16222 // [-] https://bugzilla.mozilla.org/1539462 user_pref("devtools.webide.enabled", false); // [DEFAULT: false FF70+] user_pref("devtools.webide.autoinstallADBExtension", false); // [FF64+] // 2731: enforce websites to ask to store data for offline use // [1] https://support.mozilla.org/questions/1098540 // [2] https://bugzilla.mozilla.org/959985 // [-] https://bugzilla.mozilla.org/1574480 user_pref("offline-apps.allow_by_default", false); // * * * / // FF72 // 0105a: disable Activity Stream telemetry // [-] https://bugzilla.mozilla.org/1597697 user_pref("browser.newtabpage.activity-stream.telemetry.ping.endpoint", ""); // 0330: disable Hybdrid Content telemetry // [-] https://bugzilla.mozilla.org/1520491 user_pref("toolkit.telemetry.hybridContent.enabled", false); // [FF59+] // 2720: enforce IndexedDB (IDB) as enabled // IDB is required for extensions and Firefox internals (even before FF63 in [1]) // To control *website* IDB data, control allowing cookies and service workers, or use // Temporary Containers. To mitigate *website* IDB, FPI helps (4001), and/or sanitize // on close (Offline Website Data, see 2800) or on-demand (Ctrl-Shift-Del), or automatically // via an extension. Note that IDB currently cannot be sanitized by host. // [1] https://blog.mozilla.org/addons/2018/08/03/new-backend-for-storage-local-api/ // [-] https://bugzilla.mozilla.org/1488583 user_pref("dom.indexedDB.enabled", true); // [DEFAULT: true] // * * * / // FF74 // 0203: use Mozilla geolocation service instead of Google when geolocation is enabled // Optionally enable logging to the console (defaults to false) // [-] https://bugzilla.mozilla.org/1613627 user_pref("geo.wifi.uri", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%"); // user_pref("geo.wifi.logging.enabled", true); // [HIDDEN PREF] // 1704: set behaviour on "+ Tab" button to display container menu [FF53+] [SETUP-CHROME] // 0=no menu (default), 1=show when clicked, 2=show on long press // [1] https://bugzilla.mozilla.org/1328756 // [-] https://bugzilla.mozilla.org/1606265 user_pref("privacy.userContext.longPressBehavior", 2); // 2012: limit WebGL // [-] https://bugzilla.mozilla.org/1477756 user_pref("webgl.disable-extensions", true); // * * * / // FF76 // 0401: sanitize blocklist url // [2] https://trac.torproject.org/projects/tor/ticket/16931 // [-] https://bugzilla.mozilla.org/1618188 user_pref("extensions.blocklist.url", "https://blocklists.settings.services.mozilla.com/v1/blocklist/3/%APP_ID%/%APP_VERSION%/"); // 2201: prevent websites from disabling new window features // [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1507375,1660524 user_pref("dom.disable_window_open_feature.close", true); user_pref("dom.disable_window_open_feature.location", true); // [DEFAULT: true] user_pref("dom.disable_window_open_feature.menubar", true); user_pref("dom.disable_window_open_feature.minimizable", true); user_pref("dom.disable_window_open_feature.personalbar", true); // bookmarks toolbar user_pref("dom.disable_window_open_feature.resizable", true); // [DEFAULT: true] user_pref("dom.disable_window_open_feature.status", true); // [DEFAULT: true] user_pref("dom.disable_window_open_feature.titlebar", true); user_pref("dom.disable_window_open_feature.toolbar", true); // * * * / // FF77 // 0850e: disable location bar one-off searches [FF51+] // [-] https://bugzilla.mozilla.org/1628926 // user_pref("browser.urlbar.oneOffSearches", false); // 2605: block web content in file processes [FF55+] // [SETUP-WEB] You may want to disable this for corporate or developer environments // [1] https://bugzilla.mozilla.org/1343184 // [-] https://bugzilla.mozilla.org/1603007 user_pref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false); // * * * / // FF78 // 2031: disable autoplay of HTML5 media if you interacted with the site [FF66+] - replaced by 'media.autoplay.blocking_policy' // [-] https://bugzilla.mozilla.org/1509933 user_pref("media.autoplay.enabled.user-gestures-needed", false); // 5000's: disable chrome animations - replaced FF77+ by 'ui.prefersReducedMotion' (4520) // [-] https://bugzilla.mozilla.org/1640501 // user_pref("toolkit.cosmeticAnimations.enabled", false); // [FF55+] // * * * / // ***/ ```

FF61-68: click me for details

```js /* ESR60.x still uses all the following prefs // [NOTE] replace the * with a slash in the line above to re-enable them // FF61 // 0501: disable experiments // [1] https://wiki.mozilla.org/Telemetry/Experiments // [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1420908,1450801 user_pref("experiments.enabled", false); user_pref("experiments.manifest.uri", ""); user_pref("experiments.supported", false); user_pref("experiments.activeExperiment", false); // 2612: disable remote JAR files being opened, regardless of content type [FF42+] // [1] https://bugzilla.mozilla.org/1173171 // [2] https://www.fxsitecompat.com/en-CA/docs/2015/jar-protocol-support-has-been-disabled-by-default/ // [-] https://bugzilla.mozilla.org/1427726 user_pref("network.jar.block-remote-files", true); // 2613: disable JAR from opening Unsafe File Types // [-] https://bugzilla.mozilla.org/1427726 user_pref("network.jar.open-unsafe-types", false); // * * * / // FF62 // 1803: disable Java plugin // [-] (part5) https://bugzilla.mozilla.org/1461243 user_pref("plugin.state.java", 0); // * * * / // FF63 // 0205: disable GeoIP-based search results // [NOTE] May not be hidden if Firefox has changed your settings due to your locale // [-] https://bugzilla.mozilla.org/1462015 user_pref("browser.search.countryCode", "US"); // [HIDDEN PREF] // 0301a: disable auto-update checks for Firefox // [SETTING] General>Firefox Updates>Never check for updates // [-] https://bugzilla.mozilla.org/1420514 // user_pref("app.update.enabled", false); // 0503: disable "Savant" Shield study [FF61+] // [-] https://bugzilla.mozilla.org/1457226 user_pref("shield.savant.enabled", false); // 1031: disable favicons in tabs and new bookmarks - merged into browser.chrome.site_icons // [-] https://bugzilla.mozilla.org/1453751 // user_pref("browser.chrome.favicons", false); // 2030: disable autoplay of HTML5 media - replaced by media.autoplay.default // This may break video playback on various sites // [-] https://bugzilla.mozilla.org/1470082 user_pref("media.autoplay.enabled", false); // 2704: set cookie lifetime in days (see 2703) // [-] https://bugzilla.mozilla.org/1457170 // user_pref("network.cookie.lifetime.days", 90); // [DEFAULT: 90] // 5000's: enable "Ctrl+Tab cycles through tabs in recently used order" - replaced by browser.ctrlTab.recentlyUsedOrder // [-] https://bugzilla.mozilla.org/1473595 // user_pref("browser.ctrlTab.previews", true); // * * * / // FF64 // 0516: disable Onboarding [FF55+] // Onboarding is an interactive tour/setup for new installs/profiles and features. Every time // about:home or about:newtab is opened, the onboarding overlay is injected into that page // [NOTE] Onboarding uses Google Analytics [2], and leaks resource://URIs [3] // [1] https://wiki.mozilla.org/Firefox/Onboarding // [2] https://github.com/mozilla/onboard/commit/db4d6c8726c89a5d6a241c1b1065827b525c5baf // [3] https://bugzilla.mozilla.org/863246#c154 // [-] https://bugzilla.mozilla.org/1462415 user_pref("browser.onboarding.enabled", false); // 2608: disable WebIDE ADB extension downloads - both renamed // [1] https://trac.torproject.org/projects/tor/ticket/16222 // [-] https://bugzilla.mozilla.org/1491315 user_pref("devtools.webide.autoinstallADBHelper", false); user_pref("devtools.webide.adbAddonURL", ""); // 2681: disable CSP violation events [FF59+] // [1] https://developer.mozilla.org/docs/Web/API/SecurityPolicyViolationEvent // [-] https://bugzilla.mozilla.org/1488165 user_pref("security.csp.enable_violation_events", false); // * * * / // FF65 // 0850a: disable location bar autocomplete and suggestion types // If you enforce any of the suggestion types (see the other 0850a), you MUST enforce 'autocomplete' // - If *ALL* of the suggestion types are false, 'autocomplete' must also be false // - If *ANY* of the suggestion types are true, 'autocomplete' must also be true // [-] https://bugzilla.mozilla.org/1502392 user_pref("browser.urlbar.autocomplete.enabled", false); // 0908: remove user & password info when attempting to fix an entered URL (i.e. 0802 is true) // e.g. //user:password@foo -> //user@(prefix)foo(suffix) NOT //user:password@(prefix)foo(suffix) // [-] https://bugzilla.mozilla.org/1510580 user_pref("browser.fixup.hide_user_pass", true); // [DEFAULT: true] // * * * / // FF66 // 0380: disable Browser Error Reporter [FF60+] // [1] https://support.mozilla.org/en-US/kb/firefox-nightly-error-collection // [2] https://firefox-source-docs.mozilla.org/browser/browser/BrowserErrorReporter.html // [-] https://bugzilla.mozilla.org/1509888 user_pref("browser.chrome.errorReporter.enabled", false); user_pref("browser.chrome.errorReporter.submitUrl", ""); // 0502: disable Mozilla permission to silently opt you into tests // [-] https://bugzilla.mozilla.org/1415625 user_pref("network.allow-experiments", false); // * * * / // FF67 // 2428: enforce DOMHighResTimeStamp API // [WARNING] Required for normalization of timestamps and any timer resolution mitigations // [-] https://bugzilla.mozilla.org/1485264 user_pref("dom.event.highrestimestamp.enabled", true); // [DEFAULT: true] // 5000's: disable CFR [FF64+] - split into two new prefs: *cfr.addons, *cfr.features // [SETTING] General>Browsing>Recommend extensions as you browse // [1] https://support.mozilla.org/en-US/kb/extension-recommendations // [-] https://bugzilla.mozilla.org/1528953 // user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr", false); // * * * / // FF68 // 0105b: disable Activity Stream Legacy Snippets // [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1546190,1540939 user_pref("browser.newtabpage.activity-stream.disableSnippets", true); user_pref("browser.aboutHomeSnippets.updateUrl", ""); // 0307: disable auto updating of lightweight themes (LWT) // Not to be confused with themes in 0301* + 0302*, which use the FF55+ Theme API // Mozilla plan to convert existing LWTs and remove LWT support in the future, see [1] // [1] https://blog.mozilla.org/addons/2018/09/20/future-themes-here/ // [-] (part3b) https://bugzilla.mozilla.org/1525762 user_pref("lightweightThemes.update.enabled", false); // 2682: enable CSP 1.1 experimental hash-source directive [FF29+] // [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=855326,883975 // [-] https://bugzilla.mozilla.org/1386214 user_pref("security.csp.experimentalEnabled", true); // * * * / // ***/ ```

FF60 and lower: click me for details

```js /* FF42 and older // 2604: (25+) disable page thumbnails - replaced by browser.pagethumbnails.capturing_disabled // [-] https://bugzilla.mozilla.org/897811 user_pref("pageThumbs.enabled", false); // 2503: (31+) disable network API - replaced by dom.netinfo.enabled // [-] https://bugzilla.mozilla.org/960426 user_pref("dom.network.enabled", false); // 2600's: (35+) disable WebSockets // [-] https://bugzilla.mozilla.org/1091016 user_pref("network.websocket.enabled", false); // 1610: (36+) set DNT "value" to "not be tracked" [FF21+] // [1] http://kb.mozillazine.org/Privacy.donottrackheader.value // [-] https://bugzilla.mozilla.org/1042135#c101 // user_pref("privacy.donottrackheader.value", 1); // 2023: (37+) disable camera autofocus callback // The API will be superseded by the WebRTC Capture and Stream API // [1] https://developer.mozilla.org/docs/Archive/B2G_OS/API/CameraControl // [-] https://bugzilla.mozilla.org/1107683 user_pref("camera.control.autofocus_moving_callback.enabled", false); // 0415: (41+) disable reporting URLs (safe browsing) - removed or replaced by various // [-] https://bugzilla.mozilla.org/1109475 user_pref("browser.safebrowsing.reportErrorURL", ""); // browser.safebrowsing.reportPhishMistakeURL user_pref("browser.safebrowsing.reportGenericURL", ""); // removed user_pref("browser.safebrowsing.reportMalwareErrorURL", ""); // browser.safebrowsing.reportMalwareMistakeURL user_pref("browser.safebrowsing.reportMalwareURL", ""); // removed user_pref("browser.safebrowsing.reportURL", ""); // removed // 0702: (41+) disable HTTP2 (draft) // [-] https://bugzilla.mozilla.org/1132357 user_pref("network.http.spdy.enabled.http2draft", false); // 1804: (41+) disable plugin enumeration // [-] https://bugzilla.mozilla.org/1169945 user_pref("plugins.enumerable_names", ""); // 2803: (42+) clear passwords on shutdown // [-] https://bugzilla.mozilla.org/1102184 // user_pref("privacy.clearOnShutdown.passwords", false); // 5002: (42+) disable warning when a domain requests full screen // replaced by setting full-screen-api.warning.timeout to zero // [-] https://bugzilla.mozilla.org/1160017 // user_pref("full-screen-api.approval-required", false); // ***/ /* FF43 // 0410's: disable safebrowsing urls & updates - replaced by various // [-] https://bugzilla.mozilla.org/1107372 // user_pref("browser.safebrowsing.gethashURL", ""); // browser.safebrowsing.provider.google.gethashURL // user_pref("browser.safebrowsing.updateURL", ""); // browser.safebrowsing.provider.google.updateURL user_pref("browser.safebrowsing.malware.reportURL", ""); // browser.safebrowsing.provider.google.reportURL // 0420's: disable tracking protection - replaced by various // [-] https://bugzilla.mozilla.org/1107372 // user_pref("browser.trackingprotection.gethashURL", ""); // browser.safebrowsing.provider.mozilla.gethashURL // user_pref("browser.trackingprotection.updateURL", ""); // browser.safebrowsing.provider.mozilla.updateURL // 1803: remove plugin finder service // [1] http://kb.mozillazine.org/Pfs.datasource.url // [-] https://bugzilla.mozilla.org/1202193 user_pref("pfs.datasource.url", ""); // 5003: disable new search panel UI // [-] https://bugzilla.mozilla.org/1119250 // user_pref("browser.search.showOneOffButtons", false); // ***/ /* FF44 // 0414: disable safebrowsing's real-time binary checking (google) [FF43+] // [-] https://bugzilla.mozilla.org/1237103 user_pref("browser.safebrowsing.provider.google.appRepURL", ""); // browser.safebrowsing.appRepURL // 1200's: block rc4 whitelist // [-] https://bugzilla.mozilla.org/1215796 user_pref("security.tls.insecure_fallback_hosts.use_static_list", false); // 2300's: disable SharedWorkers // [1] https://trac.torproject.org/projects/tor/ticket/15562 // [-] https://bugzilla.mozilla.org/1207635 user_pref("dom.workers.sharedWorkers.enabled", false); // 2403: disable scripts changing images // [TEST] https://www.w3schools.com/jsref/tryit.asp?filename=tryjsref_img_src2 // [-] https://bugzilla.mozilla.org/773429 // user_pref("dom.disable_image_src_set", true); // ***/ /* FF45 // 1021b: disable deferred level of storing extra session data 0=all 1=http-only 2=none // extra session data contains contents of forms, scrollbar positions, cookies and POST data // [-] https://bugzilla.mozilla.org/1235379 user_pref("browser.sessionstore.privacy_level_deferred", 2); // ***/ /* FF46 // 0340: disable health report // [-] https://bugzilla.mozilla.org/1234526 user_pref("datareporting.healthreport.service.enabled", false); // [HIDDEN PREF] user_pref("datareporting.healthreport.documentServerURI", ""); // [HIDDEN PREF] // 0341: disable FHR (Firefox Health Report) v2 data being sent to Mozilla servers // [-] https://bugzilla.mozilla.org/1234522 user_pref("datareporting.policy.dataSubmissionEnabled.v2", false); // 0414: disable safebrowsing pref - replaced by browser.safebrowsing.downloads.remote.url // [-] https://bugzilla.mozilla.org/1239587 user_pref("browser.safebrowsing.appRepURL", ""); // Google application reputation check // 0420: disable polaris (part of Tracking Protection, never used in stable) // [-] https://bugzilla.mozilla.org/1235565 // user_pref("browser.polaris.enabled", false); // 0510: disable "Pocket" [FF39+] - replaced by extensions.pocket.* // [-] https://bugzilla.mozilla.org/1215694 user_pref("browser.pocket.enabled", false); user_pref("browser.pocket.api", ""); user_pref("browser.pocket.site", ""); user_pref("browser.pocket.oAuthConsumerKey", ""); // ***/ /* FF47 // 0330b: set unifiedIsOptIn to make sure telemetry respects OptIn choice and that telemetry // is enabled ONLY for people that opted into it, even if unified Telemetry is enabled // [-] https://bugzilla.mozilla.org/1236580 user_pref("toolkit.telemetry.unifiedIsOptIn", true); // [HIDDEN PREF] // 0340b: disable about:healthreport page UNIFIED // [-] https://bugzilla.mozilla.org/1236580 user_pref("datareporting.healthreport.about.reportUrlUnified", "data:text/plain,"); // 0807: disable history manipulation // [1] https://developer.mozilla.org/docs/Web/API/History_API // [-] https://bugzilla.mozilla.org/1249542 user_pref("browser.history.allowPopState", false); user_pref("browser.history.allowPushState", false); user_pref("browser.history.allowReplaceState", false); // ***/ /* FF48 // 0806: disable 'unified complete': 'Search with [default search engine]' // [-] http://techdows.com/2016/05/firefox-unified-complete-aboutconfig-preference-removed.html // [-] https://bugzilla.mozilla.org/1181078 user_pref("browser.urlbar.unifiedcomplete", false); // ***/ /* FF49 // 0372: disable "Hello" // [1] https://www.mozilla.org/privacy/archive/hello/2016-03/ // [2] https://security.stackexchange.com/questions/94284/how-secure-is-firefox-hello // [-] https://bugzilla.mozilla.org/1287827 user_pref("loop.enabled", false); user_pref("loop.server", ""); user_pref("loop.feedback.formURL", ""); user_pref("loop.feedback.manualFormURL", ""); user_pref("loop.facebook.appId", ""); user_pref("loop.facebook.enabled", false); user_pref("loop.facebook.fallbackUrl", ""); user_pref("loop.facebook.shareUrl", ""); user_pref("loop.logDomains", false); // 2201: disable new window scrollbars being hidden // [-] https://bugzilla.mozilla.org/1257887 user_pref("dom.disable_window_open_feature.scrollbars", true); // 2303: disable push notification (UDP wake-up) // [-] https://bugzilla.mozilla.org/1265914 user_pref("dom.push.udp.wakeupEnabled", false); // ***/ /* FF50 // 0101: disable Windows10 intro on startup [WINDOWS] // [-] https://bugzilla.mozilla.org/1274633 user_pref("browser.usedOnWindows10.introURL", ""); // 0308: disable plugin update notifications // [-] https://bugzilla.mozilla.org/1277905 user_pref("plugins.update.notifyUser", false); // 0410: disable "Block dangerous and deceptive content" - replaced by browser.safebrowsing.phishing.enabled // [-] https://bugzilla.mozilla.org/1025965 // user_pref("browser.safebrowsing.enabled", false); // 1266: disable rc4 ciphers // [1] https://trac.torproject.org/projects/tor/ticket/17369 // [-] https://bugzilla.mozilla.org/1268728 // [-] https://www.fxsitecompat.com/en-CA/docs/2016/rc4-support-has-been-completely-removed/ user_pref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false); user_pref("security.ssl3.ecdhe_rsa_rc4_128_sha", false); user_pref("security.ssl3.rsa_rc4_128_md5", false); user_pref("security.ssl3.rsa_rc4_128_sha", false); // 1809: remove Mozilla's plugin update URL // [-] https://bugzilla.mozilla.org/1277905 user_pref("plugins.update.url", ""); // ***/ /* FF51 // 0702: disable SPDY // [-] https://bugzilla.mozilla.org/1248197 user_pref("network.http.spdy.enabled.v3-1", false); // 1851: delay play of videos until they're visible // [1] https://bugzilla.mozilla.org/1180563 // [-] https://bugzilla.mozilla.org/1262053 user_pref("media.block-play-until-visible", true); // 2504: disable virtual reality devices // [-] https://bugzilla.mozilla.org/1250244 user_pref("dom.vr.oculus050.enabled", false); // ***/ /* FF52 // 1601: disable referer from an SSL Website // [-] https://bugzilla.mozilla.org/1308725 user_pref("network.http.sendSecureXSiteReferrer", false); // 1850: disable Adobe EME "Primetime CDM" (Content Decryption Module) // [1] https://trac.torproject.org/projects/tor/ticket/16285 // [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1329538,1337121 // FF52 // [-] https://bugzilla.mozilla.org/1329543 // FF53 user_pref("media.gmp-eme-adobe.enabled", false); user_pref("media.gmp-eme-adobe.visible", false); user_pref("media.gmp-eme-adobe.autoupdate", false); // 2405: disable WebTelephony API // [1] https://wiki.mozilla.org/WebAPI/Security/WebTelephony // [-] https://bugzilla.mozilla.org/1309719 user_pref("dom.telephony.enabled", false); // ***/ /* FF53 // 1265: block rc4 fallback // [-] https://bugzilla.mozilla.org/1130670 user_pref("security.tls.unrestricted_rc4_fallback", false); // 1806: disable Acrobat, Quicktime, WMP (the string = min version number allowed) // [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1317108,1317109,1317110 user_pref("plugin.scan.Acrobat", "99999"); user_pref("plugin.scan.Quicktime", "99999"); user_pref("plugin.scan.WindowsMediaPlayer", "99999"); // 2022: disable screensharing // [-] https://bugzilla.mozilla.org/1329562 user_pref("media.getusermedia.screensharing.allow_on_old_platforms", false); // 2507: disable keyboard fingerprinting // [-] https://bugzilla.mozilla.org/1322736 user_pref("dom.beforeAfterKeyboardEvent.enabled", false); // ***/ /* FF54 // 0415: disable reporting URLs (safe browsing) // [-] https://bugzilla.mozilla.org/1288633 user_pref("browser.safebrowsing.reportMalwareMistakeURL", ""); user_pref("browser.safebrowsing.reportPhishMistakeURL", ""); // 1830: block websites detecting DRM is disabled // [-] https://bugzilla.mozilla.org/1242321 user_pref("media.eme.apiVisible", false); // 2425: disable Archive Reader API // i.e. reading archive contents directly in the browser, through DOM file objects // [-] https://bugzilla.mozilla.org/1342361 user_pref("dom.archivereader.enabled", false); // ***/ /* FF55 // 0209: disable geolocation on non-secure origins [FF54+] // [1] https://bugzilla.mozilla.org/1269531 // [-] https://bugzilla.mozilla.org/1072859 user_pref("geo.security.allowinsecure", false); // 0336: disable "Heartbeat" (Mozilla user rating telemetry) [FF37+] // [1] https://trac.torproject.org/projects/tor/ticket/18738 // [-] https://bugzilla.mozilla.org/1361578 user_pref("browser.selfsupport.enabled", false); // [HIDDEN PREF] user_pref("browser.selfsupport.url", ""); // 0360: disable new tab "pings" // [-] https://bugzilla.mozilla.org/1241390 user_pref("browser.newtabpage.directory.ping", "data:text/plain,"); // 0861: disable saving form history on secure websites // [-] https://bugzilla.mozilla.org/1361220 user_pref("browser.formfill.saveHttpsForms", false); // 0863: disable Form Autofill [FF54+] - replaced by extensions.formautofill.* // [-] https://bugzilla.mozilla.org/1364334 user_pref("browser.formautofill.enabled", false); // 2410: disable User Timing API // [1] https://trac.torproject.org/projects/tor/ticket/16336 // [-] https://bugzilla.mozilla.org/1344669 user_pref("dom.enable_user_timing", false); // 2507: disable keyboard fingerprinting (physical keyboards) [FF38+] // The Keyboard API allows tracking the "read parameter" of pressed keys in forms on // web pages. These parameters vary between types of keyboard layouts such as QWERTY, // AZERTY, Dvorak, and between various languages, e.g. German vs English. // [WARNING] Don't use if Android + physical keyboard // [1] https://developer.mozilla.org/docs/Web/API/KeyboardEvent/code // [2] https://www.privacy-handbuch.de/handbuch_21v.htm // [-] https://bugzilla.mozilla.org/1352949 user_pref("dom.keyboardevent.code.enabled", false); // 5015: disable tab animation - replaced by toolkit.cosmeticAnimations.enabled // [-] https://bugzilla.mozilla.org/1352069 user_pref("browser.tabs.animate", false); // 5016: disable fullscreeen animation - replaced by toolkit.cosmeticAnimations.enabled // [-] https://bugzilla.mozilla.org/1352069 user_pref("browser.fullscreen.animate", false); // ***/ /* FF56 // 0515: disable Screenshots (rollout pref only) [FF54+] // [-] https://bugzilla.mozilla.org/1386333 // user_pref("extensions.screenshots.system-disabled", true); // 0517: disable Form Autofill [FF55+] - replaced by extensions.formautofill.available // [-] https://bugzilla.mozilla.org/1385201 user_pref("extensions.formautofill.experimental", false); // ***/ /* FF57 // 0374: disable "social" integration // [1] https://developer.mozilla.org/docs/Mozilla/Projects/Social_API // [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1388902,1406193 (some leftovers were removed in FF58) user_pref("social.whitelist", ""); user_pref("social.toast-notifications.enabled", false); user_pref("social.shareDirectory", ""); user_pref("social.remote-install.enabled", false); user_pref("social.directories", ""); user_pref("social.share.activationPanelEnabled", false); user_pref("social.enabled", false); // [HIDDEN PREF] // 1830: disable DRM's EME WideVineAdapter [FF55+] // [-] https://bugzilla.mozilla.org/1395468 user_pref("media.eme.chromium-api.enabled", false); // 2608: disable WebIDE extension downloads (Valence) // [1] https://trac.torproject.org/projects/tor/ticket/16222 // [-] https://bugzilla.mozilla.org/1393497 user_pref("devtools.webide.autoinstallFxdtAdapters", false); user_pref("devtools.webide.adaptersAddonURL", ""); // 2600's: disable SimpleServiceDiscovery - which can bypass proxy settings - e.g. Roku // [1] https://trac.torproject.org/projects/tor/ticket/16222 // [-] https://bugzilla.mozilla.org/1393582 user_pref("browser.casting.enabled", false); // 5022: hide recently bookmarked items (you still have the original bookmarks) [FF49+] // [-] https://bugzilla.mozilla.org/1401238 user_pref("browser.bookmarks.showRecentlyBookmarked", false); // ***/ /* FF58 // 0351: disable sending of crash reports [FF51+] - replaced by *.autoSubmit2 // [-] https://bugzilla.mozilla.org/1424373 user_pref("browser.crashReports.unsubmittedCheck.autoSubmit", false); // ***/ /* FF59 // 0203: disable using OS locale, force APP locale - replaced by intl.locale.requested // [-] https://bugzilla.mozilla.org/1414390 user_pref("intl.locale.matchOS", false); // 0204: set APP locale - replaced by intl.locale.requested // [-] https://bugzilla.mozilla.org/1414390 user_pref("general.useragent.locale", "en-US"); // 0340b: disable about:healthreport page (which connects to Mozilla for locale/css+js+json) // If you have disabled health reports, then this about page is useless - disable it // If you want to see what health data is present, then this must be set at default // [-] https://bugzilla.mozilla.org/1352497 user_pref("datareporting.healthreport.about.reportUrl", "data:,"); // 0511: disable FlyWeb [FF49+] // Flyweb is a set of APIs for advertising and discovering local-area web servers // [1] https://flyweb.github.io/ // [2] https://wiki.mozilla.org/FlyWeb/Security_scenarios // [-] https://bugzilla.mozilla.org/1374574 user_pref("dom.flyweb.enabled", false); // 1007: disable randomized FF HTTP cache decay experiments // [1] https://trac.torproject.org/projects/tor/ticket/13575 // [-] https://bugzilla.mozilla.org/1430197 user_pref("browser.cache.frecency_experiment", -1); // 1242: enable Mixed-Content-Blocker to use the HSTS cache but disable the HSTS Priming requests [FF51+] // Allow resources from domains with an existing HSTS cache record or in the HSTS preload list // to be upgraded to HTTPS internally but disable sending out HSTS Priming requests, because // those may cause noticeable delays e.g. requests time out or are not handled well by servers // [NOTE] If you want to use the priming requests make sure 'use_hsts' is also true // [1] https://bugzilla.mozilla.org/1246540#c145 // [-] https://bugzilla.mozilla.org/1424917 user_pref("security.mixed_content.use_hsts", true); user_pref("security.mixed_content.send_hsts_priming", false); // 1606: set the default Referrer Policy [FF53+] - replaced by network.http.referer.defaultPolicy // [-] https://bugzilla.mozilla.org/587523 user_pref("network.http.referer.userControlPolicy", 3); // 1804: disable plugins using external/untrusted scripts with XPCOM or XPConnect // [-] (part8) https://bugzilla.mozilla.org/1416703#c21 user_pref("security.xpconnect.plugin.unrestricted", false); // 2022: disable screensharing domain whitelist // [-] https://bugzilla.mozilla.org/1411742 user_pref("media.getusermedia.screensharing.allowed_domains", ""); // 2023: disable camera stuff // [-] (part7) https://bugzilla.mozilla.org/1416703#c21 user_pref("camera.control.face_detection.enabled", false); // 2202: prevent scripts from changing the status text // [-] https://bugzilla.mozilla.org/1425999 user_pref("dom.disable_window_status_change", true); // 2416: disable idle observation // [-] (part7) https://bugzilla.mozilla.org/1416703#c21 user_pref("dom.idle-observers-api.enabled", false); // ***/ /* FF60 // 0360: disable new tab tile ads & preload & marketing junk // [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1370930,1433133 user_pref("browser.newtabpage.directory.source", "data:text/plain,"); user_pref("browser.newtabpage.enhanced", false); user_pref("browser.newtabpage.introShown", true); // 0512: disable Shield [FF53+] - renamed to app.normandy.* (see 0503) // Shield is an telemetry system (including Heartbeat) that can also push and test "recipes" // [1] https://wiki.mozilla.org/Firefox/Shield // [2] https://github.com/mozilla/normandy // [-] https://bugzilla.mozilla.org/1436113 user_pref("extensions.shield-recipe-client.enabled", false); user_pref("extensions.shield-recipe-client.api_url", ""); // 0514: disable Activity Stream [FF54+] // [-] https://bugzilla.mozilla.org/1433324 user_pref("browser.newtabpage.activity-stream.enabled", false); // 2301: disable workers // Disabling workers *will* break sites (e.g. Google Street View, Twitter) // [NOTE] CVE-2016-5259, CVE-2016-2812, CVE-2016-1949, CVE-2016-5287 (fixed) // [-] https://bugzilla.mozilla.org/1434934 user_pref("dom.workers.enabled", false); // 5000's: open "page/selection source" in a new window // [-] https://bugzilla.mozilla.org/1418403 // user_pref("view_source.tab", false); // ***/ ```

archived arkenfox-cleanup.js

this is everything up to FF117 - the live version has been tidied up to prefs deprecated/removed since FF91

click for details

```js /*** This will reset the preferences that have been - removed from the arkenfox user.js - deprecated by Mozilla but listed in the arkenfox user.js in the past Last updated: 18-September-2023 Instructions: - [optional] close Firefox and backup your profile - [optional] disable your network connection [1] - start Firefox - load about:config and press Ctrl+Shift+K to open the Web Console for about:config - using about:config is important, so the script has the right permissions - paste this script - if you edited the list of prefs in the script, make sure the last pref does not have a trailing comma - hit enter - check the Info output to see which prefs were reset - restart - some prefs require a restart - a restart will reapply your user.js - [optional] re-enable your network connection [1] Blocking Firefox from the internet ensures it cannot act on your reset preferences in the period before you restart it, such as app and extension auto-updating, or downloading unwanted components (GMP etc). It depends on what you're resetting and how long before you restart. ***/ (() => { if ('undefined' === typeof(Services)) return alert('about:config needs to be the active tab!'); const aPREFS = [ /* DEPRECATED */ /* 116+ */ 'dom.webnotifications.serviceworker.enabled', // 117 'layout.css.font-visibility.resistFingerprinting', // 116 'permissions.delegation.enabled', // 118 'security.family_safety.mode', // 117 /* 103-115 */ 'browser.cache.offline.enable', // 115 'extensions.formautofill.heuristics.enabled', // 114 'network.cookie.lifetimePolicy', // 103 [technically removed in 104] 'privacy.clearsitedata.cache.enabled', // 114 'privacy.resistFingerprinting.testGranularityMask', // 114 'security.pki.sha1_enforcement_level', // 103 /* 92-102 */ 'browser.urlbar.suggest.quicksuggest', // 95 'dom.securecontext.whitelist_onions', // 97 'dom.storage.next_gen', // 102 'network.http.spdy.enabled', // 100 'network.http.spdy.enabled.deps', 'network.http.spdy.enabled.http2', 'network.http.spdy.websockets', 'layout.css.font-visibility.level', // 94 'security.ask_for_password', // 102 'security.csp.enable', // 99 'security.password_lifetime', // 102 'security.ssl3.rsa_des_ede3_sha', // 93 /* 79-91 */ 'browser.cache.offline.storage.enable', 'browser.download.hide_plugins_without_extensions', 'browser.library.activity-stream.enabled', 'browser.search.geoSpecificDefaults', 'browser.search.geoSpecificDefaults.url', 'dom.ipc.plugins.flash.subprocess.crashreporter.enabled', 'dom.ipc.plugins.reportCrashURL', 'dom.w3c_pointer_events.enabled', 'intl.charset.fallback.override', 'network.ftp.enabled', 'plugin.state.flash', 'security.mixed_content.block_object_subrequest', 'security.ssl.errorReporting.automatic', 'security.ssl.errorReporting.enabled', 'security.ssl.errorReporting.url', /* 69-78 */ 'browser.newtabpage.activity-stream.telemetry.ping.endpoint', 'browser.tabs.remote.allowLinkedWebInFileUriProcess', 'browser.urlbar.oneOffSearches', 'devtools.webide.autoinstallADBExtension', 'devtools.webide.enabled', 'dom.indexedDB.enabled', 'extensions.blocklist.url', 'geo.wifi.logging.enabled', 'geo.wifi.uri', 'gfx.downloadable_fonts.woff2.enabled', 'media.autoplay.allow-muted', 'media.autoplay.enabled.user-gestures-needed', 'offline-apps.allow_by_default', 'plugins.click_to_play', 'privacy.userContext.longPressBehavior', 'toolkit.cosmeticAnimations.enabled', 'toolkit.telemetry.hybridContent.enabled', 'webgl.disable-extensions', /* 61-68 */ 'app.update.enabled', 'browser.aboutHomeSnippets.updateUrl', 'browser.chrome.errorReporter.enabled', 'browser.chrome.errorReporter.submitUrl', 'browser.chrome.favicons', 'browser.ctrlTab.previews', 'browser.fixup.hide_user_pass', 'browser.newtabpage.activity-stream.asrouter.userprefs.cfr', 'browser.newtabpage.activity-stream.disableSnippets', 'browser.onboarding.enabled', 'browser.search.countryCode', 'browser.urlbar.autocomplete.enabled', 'devtools.webide.adbAddonURL', 'devtools.webide.autoinstallADBHelper', 'dom.event.highrestimestamp.enabled', 'experiments.activeExperiment', 'experiments.enabled', 'experiments.manifest.uri', 'experiments.supported', 'lightweightThemes.update.enabled', 'media.autoplay.enabled', 'network.allow-experiments', 'network.cookie.lifetime.days', 'network.jar.block-remote-files', 'network.jar.open-unsafe-types', 'plugin.state.java', 'security.csp.enable_violation_events', 'security.csp.experimentalEnabled', 'shield.savant.enabled', /* 60 or earlier */ 'browser.bookmarks.showRecentlyBookmarked', 'browser.casting.enabled', 'browser.crashReports.unsubmittedCheck.autoSubmit', 'browser.formautofill.enabled', 'browser.formfill.saveHttpsForms', 'browser.fullscreen.animate', 'browser.history.allowPopState', 'browser.history.allowPushState', 'browser.history.allowReplaceState', 'browser.newtabpage.activity-stream.enabled', 'browser.newtabpage.directory.ping', 'browser.newtabpage.directory.source', 'browser.newtabpage.enhanced', 'browser.newtabpage.introShown', 'browser.pocket.api', 'browser.pocket.enabled', 'browser.pocket.oAuthConsumerKey', 'browser.pocket.site', 'browser.polaris.enabled', 'browser.safebrowsing.appRepURL', 'browser.safebrowsing.enabled', 'browser.safebrowsing.gethashURL', 'browser.safebrowsing.malware.reportURL', 'browser.safebrowsing.provider.google.appRepURL', 'browser.safebrowsing.reportErrorURL', 'browser.safebrowsing.reportGenericURL', 'browser.safebrowsing.reportMalwareErrorURL', 'browser.safebrowsing.reportMalwareMistakeURL', 'browser.safebrowsing.reportMalwareURL', 'browser.safebrowsing.reportPhishMistakeURL', 'browser.safebrowsing.reportURL', 'browser.safebrowsing.updateURL', 'browser.search.showOneOffButtons', 'browser.selfsupport.enabled', 'browser.selfsupport.url', 'browser.sessionstore.privacy_level_deferred', 'browser.tabs.animate', 'browser.trackingprotection.gethashURL', 'browser.trackingprotection.updateURL', 'browser.urlbar.unifiedcomplete', 'browser.usedOnWindows10.introURL', 'camera.control.autofocus_moving_callback.enabled', 'camera.control.face_detection.enabled', 'datareporting.healthreport.about.reportUrl', 'datareporting.healthreport.about.reportUrlUnified', 'datareporting.healthreport.documentServerURI', 'datareporting.healthreport.service.enabled', 'datareporting.policy.dataSubmissionEnabled.v2', 'devtools.webide.autoinstallFxdtAdapters', 'dom.archivereader.enabled', 'dom.beforeAfterKeyboardEvent.enabled', 'dom.disable_image_src_set', 'dom.disable_window_open_feature.scrollbars', 'dom.disable_window_status_change', 'dom.enable_user_timing', 'dom.flyweb.enabled', 'dom.idle-observers-api.enabled', 'dom.keyboardevent.code.enabled', 'dom.network.enabled', 'dom.push.udp.wakeupEnabled', 'dom.telephony.enabled', 'dom.vr.oculus050.enabled', 'dom.workers.enabled', 'dom.workers.sharedWorkers.enabled', 'extensions.formautofill.experimental', 'extensions.screenshots.system-disabled', 'extensions.shield-recipe-client.api_url', 'extensions.shield-recipe-client.enabled', 'full-screen-api.approval-required', 'general.useragent.locale', 'geo.security.allowinsecure', 'intl.locale.matchOS', 'loop.enabled', 'loop.facebook.appId', 'loop.facebook.enabled', 'loop.facebook.fallbackUrl', 'loop.facebook.shareUrl', 'loop.feedback.formURL', 'loop.feedback.manualFormURL', 'loop.logDomains', 'loop.server', 'media.block-play-until-visible', 'media.eme.apiVisible', 'media.eme.chromium-api.enabled', 'media.getusermedia.screensharing.allow_on_old_platforms', 'media.getusermedia.screensharing.allowed_domains', 'media.gmp-eme-adobe.autoupdate', 'media.gmp-eme-adobe.enabled', 'media.gmp-eme-adobe.visible', 'network.http.referer.userControlPolicy', 'network.http.sendSecureXSiteReferrer', 'network.http.spdy.enabled.http2draft', 'network.http.spdy.enabled.v3-1', 'network.websocket.enabled', 'pageThumbs.enabled', 'pfs.datasource.url', 'plugin.scan.Acrobat', 'plugin.scan.Quicktime', 'plugin.scan.WindowsMediaPlayer', 'plugins.enumerable_names', 'plugins.update.notifyUser', 'plugins.update.url', 'privacy.clearOnShutdown.passwords', 'privacy.donottrackheader.value', 'security.mixed_content.send_hsts_priming', 'security.mixed_content.use_hsts', 'security.ssl3.ecdhe_ecdsa_rc4_128_sha', 'security.ssl3.ecdhe_rsa_rc4_128_sha', 'security.ssl3.rsa_rc4_128_md5', 'security.ssl3.rsa_rc4_128_sha', 'security.tls.insecure_fallback_hosts.use_static_list', 'security.tls.unrestricted_rc4_fallback', 'security.xpconnect.plugin.unrestricted', 'social.directories', 'social.enabled', 'social.remote-install.enabled', 'social.share.activationPanelEnabled', 'social.shareDirectory', 'social.toast-notifications.enabled', 'social.whitelist', 'toolkit.telemetry.unifiedIsOptIn', /* REMOVED */ /* 116+ */ 'media.gmp-widevinecdm.enabled', 'network.protocol-handler.external.ms-windows-store', /* 103-115 */ 'beacon.enabled', 'browser.startup.blankWindow', 'browser.newtab.preload', 'browser.newtabpage.activity-stream.feeds.discoverystreamfeed', 'browser.newtabpage.activity-stream.feeds.snippets', 'browser.region.network.url', 'browser.region.update.enabled', 'browser.search.region', 'browser.ssl_override_behavior', 'browser.tabs.warnOnClose', 'devtools.chrome.enabled', 'dom.disable_beforeunload', 'dom.disable_open_during_load', 'dom.netinfo.enabled', 'dom.vr.enabled', 'extensions.formautofill.addresses.supported', 'extensions.formautofill.available', 'extensions.formautofill.creditCards.available', 'extensions.formautofill.creditCards.supported', 'middlemouse.contentLoadURL', 'network.http.altsvc.oe', /* 92-102 */ 'browser.urlbar.trimURLs', 'dom.caches.enabled', 'dom.storageManager.enabled', 'dom.storage_access.enabled', 'dom.targetBlankNoOpener.enabled', 'network.cookie.thirdparty.sessionOnly', 'network.cookie.thirdparty.nonsecureSessionOnly', 'privacy.firstparty.isolate.block_post_message', 'privacy.firstparty.isolate.restrict_opener_access', 'privacy.firstparty.isolate.use_site', 'privacy.window.name.update.enabled', 'security.insecure_connection_text.enabled', /* 79-91 */ 'alerts.showFavicons', 'browser.newtabpage.activity-stream.asrouter.providers.snippets', 'browser.send_pings.require_same_host', 'browser.urlbar.usepreloadedtopurls.enabled', 'dom.allow_cut_copy', 'dom.battery.enabled', 'dom.IntersectionObserver.enabled', 'dom.storage.enabled', 'dom.vibrator.enabled', 'extensions.screenshots.upload-disabled', 'general.warnOnAboutConfig', 'gfx.direct2d.disabled', 'layers.acceleration.disabled', 'media.getusermedia.audiocapture.enabled', 'media.getusermedia.browser.enabled', 'media.getusermedia.screensharing.enabled', 'media.gmp-widevinecdm.visible', 'media.media-capabilities.enabled', 'network.http.redirection-limit', 'privacy.partition.network_state', 'security.insecure_connection_icon.enabled', 'security.mixed_content.block_active_content', 'security.ssl.enable_ocsp_stapling', 'security.ssl3.dhe_rsa_aes_128_sha', 'security.ssl3.dhe_rsa_aes_256_sha', 'webgl.min_capability_mode', /* 69-78 */ 'browser.cache.disk_cache_ssl', 'browser.search.geoip.url', 'browser.search.region', 'browser.sessionhistory.max_entries', 'dom.push.connection.enabled', 'dom.push.serverURL', 'extensions.getAddons.discovery.api_url', 'extensions.htmlaboutaddons.discover.enabled', 'extensions.webservice.discoverURL', 'intl.locale.requested', 'intl.regional_prefs.use_os_locales', 'media.block-autoplay-until-in-foreground', 'middlemouse.paste', 'plugin.sessionPermissionNow.intervalInMinutes', 'privacy.usercontext.about_newtab_segregation.enabled', 'security.insecure_connection_icon.pbmode.enabled', 'security.insecure_connection_text.pbmode.enabled', 'webgl.dxgl.enabled', /* 61-68 */ 'app.update.service.enabled', 'app.update.silent', 'app.update.staging.enabled', 'browser.cache.disk.capacity', 'browser.cache.disk.smart_size.enabled', 'browser.cache.disk.smart_size.first_run', 'browser.cache.offline.insecure.enable', 'browser.contentblocking.enabled', 'browser.laterrun.enabled', 'browser.offline-apps.notify', 'browser.rights.3.shown', 'browser.safebrowsing.blockedURIs.enabled', 'browser.safebrowsing.downloads.remote.block_dangerous', 'browser.safebrowsing.downloads.remote.block_dangerous_host', 'browser.safebrowsing.provider.google.gethashURL', 'browser.safebrowsing.provider.google.reportMalwareMistakeURL', 'browser.safebrowsing.provider.google.reportPhishMistakeURL', 'browser.safebrowsing.provider.google.reportURL', 'browser.safebrowsing.provider.google.updateURL', 'browser.safebrowsing.provider.google4.dataSharing.enabled', 'browser.safebrowsing.provider.google4.dataSharingURL', 'browser.safebrowsing.provider.google4.gethashURL', 'browser.safebrowsing.provider.google4.reportMalwareMistakeURL', 'browser.safebrowsing.provider.google4.reportPhishMistakeURL', 'browser.safebrowsing.provider.google4.reportURL', 'browser.safebrowsing.provider.google4.updateURL', 'browser.safebrowsing.provider.mozilla.gethashURL', 'browser.safebrowsing.provider.mozilla.updateURL', 'browser.safebrowsing.reportPhishURL', 'browser.sessionhistory.max_total_viewers', 'browser.sessionstore.max_windows_undo', 'browser.slowStartup.maxSamples', 'browser.slowStartup.notificationDisabled', 'browser.slowStartup.samples', 'browser.storageManager.enabled', 'browser.urlbar.autoFill.typed', 'browser.urlbar.filter.javascript', 'browser.urlbar.maxHistoricalSearchSuggestions', 'browser.urlbar.userMadeSearchSuggestionsChoice', 'canvas.capturestream.enabled', 'dom.allow_scripts_to_close_windows', 'dom.disable_window_flip', 'dom.forms.datetime', 'dom.imagecapture.enabled', 'dom.popup_maximum', 'extensions.webextensions.keepStorageOnUninstall', 'extensions.webextensions.keepUuidOnUninstall', 'font.blacklist.underline_offset', 'font.name.monospace.x-unicode', 'font.name.monospace.x-western', 'font.name.sans-serif.x-unicode', 'font.name.sans-serif.x-western', 'font.name.serif.x-unicode', 'font.name.serif.x-western', 'gfx.offscreencanvas.enabled', 'javascript.options.shared_memory', 'layout.css.font-loading-api.enabled', 'media.gmp-gmpopenh264.autoupdate', 'media.gmp-gmpopenh264.enabled', 'media.gmp-manager.updateEnabled', 'media.gmp-manager.url', 'media.gmp-manager.url.override', 'media.gmp-widevinecdm.autoupdate', 'media.gmp.trial-create.enabled', 'media.navigator.video.enabled', 'media.peerconnection.ice.tcp', 'media.peerconnection.identity.enabled', 'media.peerconnection.identity.timeout', 'media.peerconnection.turn.disable', 'media.peerconnection.use_document_iceservers', 'media.peerconnection.video.enabled', 'network.auth.subresource-img-cross-origin-http-auth-allow', 'network.cookie.leave-secure-alone', 'network.cookie.same-site.enabled', 'network.dnsCacheEntries', 'network.dnsCacheExpiration', 'network.http.fast-fallback-to-IPv4', 'network.proxy.autoconfig_url.include_path', 'offline-apps.quota.warn', 'pdfjs.enableWebGL', 'plugin.default.state', 'plugin.defaultXpi.state', 'plugin.scan.plid.all', 'privacy.trackingprotection.annotate_channels', 'privacy.trackingprotection.lower_network_priority', 'privacy.trackingprotection.pbmode.enabled', 'privacy.trackingprotection.ui.enabled', 'security.data_uri.block_toplevel_data_uri_navigations', 'security.insecure_field_warning.contextual.enabled', 'security.insecure_password.ui.enabled', 'security.tls.version.fallback-limit', 'services.blocklist.addons.collection', 'services.blocklist.gfx.collection', 'services.blocklist.onecrl.collection', 'services.blocklist.plugins.collection', 'services.blocklist.signing.enforced', 'services.blocklist.update_enabled', 'signon.autofillForms.http', 'signon.storeWhenAutocompleteOff', 'toolkit.telemetry.cachedClientID', 'urlclassifier.trackingTable', 'xpinstall.whitelist.required', /* 60 or lower */ 'browser.migrate.automigrate.enabled', 'browser.search.geoip.timeout', 'browser.search.reset.enabled', 'browser.search.reset.whitelist', 'browser.stopReloadAnimation.enabled', 'browser.tabs.insertRelatedAfterCurrent', 'browser.tabs.loadDivertedInBackground', 'browser.tabs.loadInBackground', 'browser.tabs.selectOwnerOnClose', 'browser.urlbar.clickSelectsAll', 'browser.urlbar.doubleClickSelectsAll', 'device.storage.enabled', 'dom.keyboardevent.dispatch_during_composition', 'dom.presentation.controller.enabled', 'dom.presentation.discoverable', 'dom.presentation.discovery.enabled', 'dom.presentation.enabled', 'dom.presentation.receiver.enabled', 'dom.presentation.session_transport.data_channel.enable', 'dom.vr.oculus.enabled', 'dom.vr.openvr.enabled', 'dom.vr.osvr.enabled', 'extensions.pocket.api', 'extensions.pocket.oAuthConsumerKey', 'extensions.pocket.site', 'general.useragent.compatMode.firefox', 'geo.wifi.xhr.timeout', 'gfx.layerscope.enabled', 'media.flac.enabled', 'media.mediasource.enabled', 'media.mediasource.mp4.enabled', 'media.mediasource.webm.audio.enabled', 'media.mediasource.webm.enabled', 'media.mp4.enabled', 'media.ogg.enabled', 'media.ogg.flac.enabled', 'media.opus.enabled', 'media.raw.enabled', 'media.wave.enabled', 'media.webm.enabled', 'media.webspeech.recognition.enable', 'media.wmf.amd.vp9.enabled', 'media.wmf.enabled', 'media.wmf.vp9.enabled', 'network.dns.blockDotOnion', 'network.stricttransportsecurity.preloadlist', 'security.block_script_with_wrong_mime', 'security.fileuri.strict_origin_policy', 'security.sri.enable', 'services.sync.enabled', 'ui.submenuDelay', 'webextensions.storage.sync.enabled', 'webextensions.storage.sync.serverURL', // excluding these e10 settings // 'browser.tabs.remote.autostart', // 'browser.tabs.remote.autostart.2', // 'browser.tabs.remote.force-enable', // 'browser.tabs.remote.separateFileUriProcess', // 'extensions.e10sBlocksEnabling', // 'extensions.webextensions.remote', // 'dom.ipc.processCount', // 'dom.ipc.shims.enabledWarnings', // 'dom.ipc.processCount.extension', // 'dom.ipc.processCount.file', // 'security.sandbox.content.level', // 'dom.ipc.plugins.sandbox-level.default', // 'dom.ipc.plugins.sandbox-level.flash', // 'security.sandbox.logging.enabled', /* IMPORTANT: last active pref must not have a trailing comma */ /* reset parrot: check your open about:config after running the script */ '_user.js.parrot' ]; console.clear(); let c = 0; for (const sPname of aPREFS) { if (Services.prefs.prefHasUserValue(sPname)) { Services.prefs.clearUserPref(sPname); if (!Services.prefs.prefHasUserValue(sPname)) { console.info('reset', sPname); c++; } else console.warn('failed to reset', sPname); } } focus(); const d = (c==1) ? ' pref' : ' prefs'; alert(c ? 'successfully reset ' + c + d + "\n\nfor details check the console" : 'nothing to reset'); return 'all done'; })(); ```

Atavic commented 6 years ago

Addons.mozilla.org to be pruned soon!

See: https://github.com/MrAlex94/Waterfox/issues/303#issuecomment-415963172