info
Quantum, the new Firefox engine, aims to progressively update all browser components to improve performance and reduce memory usage.
Making Your Settings Portable
All the interesting Firefox tweaks live on the internal about:config page. It’s easy and convenient to pop in there and flip a couple of settings. But when it comes to fine‑grained tuning, changing values one by one quickly gets tedious.
How do you automate this without relying on third-party tools? Easy: create a user.js file and put all your preferences there. Then place this file in your Firefox profile directory, which on Windows is located at C:\Users[username]\AppData\Roaming\Mozilla\Firefox\Profiles[random].default. The entries are straightforward: for example, to enable WebP support, set the image.webp.enabled preference to true. In the config file it will look like this:
user_pref("image.webp.enabled", true);
In other words, the user_pref(“…”, …); template takes a preference key and its value. With the preferences file out of the way, let’s move on to dissecting the browser. All settings were applied to the latest version of the browser available at the time of writing.
warning
Keep in mind that security and privacy are always a trade-off with convenience. Some settings can significantly limit site functionality but greatly improve your security and privacy while browsing. It’s up to you to decide what matters more.
Disable the bloat
Disable WebRTC and Pocket
Mozilla integrated WebRTC and Pocket into Firefox and enabled them by default. Many users weren’t happy about that—and for good reason: vulnerabilities were found in Pocket, and WebRTC can leak your IP address under certain conditions. Let’s turn both off. Below and in the following sections, you’ll find ready-to-use preference lines you can copy into your user.js file.
// Disable Pocket
user_pref("extensions.pocket.api", "");
user_pref("extensions.pocket.enabled", false);
user_pref("extensions.pocket.site", "");
user_pref("extensions.pocket.oAuthConsumerKey", "");
// Disable WebRTC
user_pref("media.peerconnection.enabled", false);
user_pref("media.peerconnection.ice.default_address_only", true);
user_pref("media.peerconnection.ice.no_host", true);
user_pref("media.peerconnection.ice.relay_only", true);
user_pref("media.peerconnection.ice.tcp", false);
user_pref("media.peerconnection.identity.enabled", false);
user_pref("media.peerconnection.turn.disable", true);
user_pref("media.peerconnection.use_document_iceservers", false);
user_pref("media.peerconnection.video.enabled", false);
user_pref("media.peerconnection.default_iceservers", "[]");
Geolocation
Disable location access.
user_pref("geo.enabled", false);
user_pref("geo.provider.ms-windows-location", false);
user_pref("geo.wifi.uri", "");
Browser usage statistics and telemetry
Blocking the collection of various types of data.
// Disable asynchronous requests used for analytics
user_pref("beacon.enabled", false);
user_pref("browser.send_pings", false);
user_pref("browser.send_pings.require_same_host", false);
// Disable performance metrics
user_pref("dom.enable_performance", false);
user_pref("dom.enable_performance_observer", false);
user_pref("dom.enable_performance_navigation_timing", false);
user_pref("browser.slowStartup.notificationDisabled", false);
user_pref("network.predictor.enabled", false);
user_pref("network.predictor.enable-hover-on-ssl", false);
user_pref("network.prefetch-next", false);
user_pref("network.http.speculative-parallel-limit", 0);
// Information about installed add-ons
user_pref("extensions.getAddons.cache.enabled", false);
Disable sensor access
If you’re on a regular PC rather than a tablet, disable sensor access.
user_pref("device.sensors.enabled", false);
user_pref("device.sensors.orientation.enabled", false);
user_pref("device.sensors.motion.enabled", false);
user_pref("device.sensors.proximity.enabled", false);
user_pref("device.sensors.ambientLight.enabled", false);
Stop Browser Fingerprinting
These settings instruct the browser to resist fingerprinting.
user_pref("dom.webaudio.enabled", false);
user_pref("privacy.resistFingerprinting", true);
Stop leaking network connection info
user_pref("dom.netinfo.enabled", false);
user_pref("dom.network.enabled", false);
Disable device access and media sharing
Disable browser access to cameras, microphones, gamepads, and VR headsets, and block the transfer of media content from these devices (e.g., screenshots and similar). Also turn off speech recognition.
user_pref("dom.gamepad.enabled", false);
user_pref("dom.gamepad.non_standard_events.enabled", false);
user_pref("dom.imagecapture.enabled", false);
user_pref("dom.presentation.discoverable", false);
user_pref("dom.presentation.discovery.enabled", false);
user_pref("dom.presentation.enabled", false);
user_pref("dom.presentation.tcp_server.debug", false);
user_pref("media.getusermedia.aec_enabled", false);
user_pref("media.getusermedia.audiocapture.enabled", false);
user_pref("media.getusermedia.browser.enabled", false);
user_pref("media.getusermedia.noise_enabled", false);
user_pref("media.getusermedia.screensharing.enabled", false);
user_pref("media.navigator.enabled", false);
user_pref("media.navigator.video.enabled", false);
user_pref("media.navigator.permission.disabled", true);
user_pref("media.video_stats.enabled", false);
user_pref("dom.battery.enabled", false);
user_pref("dom.vibrator.enabled", false);
user_pref("dom.vr.require-gesture", false);
user_pref("dom.vr.poseprediction.enabled", false);
user_pref("dom.vr.openvr.enabled", false);
user_pref("dom.vr.oculus.enabled", false);
user_pref("dom.vr.oculus.invisible.enabled", false);
user_pref("dom.vr.enabled", false);
user_pref("dom.vr.test.enabled", false);
user_pref("dom.vr.puppet.enabled", false);
user_pref("dom.vr.osvr.enabled", false);
user_pref("dom.vr.external.enabled", false);
user_pref("dom.vr.autoactivate.enabled", false);
user_pref("media.webspeech.synth.enabled", false);
user_pref("media.webspeech.test.enable", false);
user_pref("media.webspeech.synth.force_global_queue", false);
user_pref("media.webspeech.recognition.force_enable", false);
user_pref("media.webspeech.recognition.enable", false);
Disable Telemetry and Crash Reporting
The browser collects telemetry and sends crash reports to the developers. You can disable this to improve anonymity.
user_pref("toolkit.telemetry.archive.enabled", false);
user_pref("toolkit.telemetry.bhrPing.enabled", false);
user_pref("toolkit.telemetry.cachedClientID", "");
user_pref("toolkit.telemetry.firstShutdownPing.enabled", false);
user_pref("toolkit.telemetry.hybridContent.enabled", false);
user_pref("toolkit.telemetry.newProfilePing.enabled", false);
user_pref("toolkit.telemetry.previousBuildID", "");
user_pref("toolkit.telemetry.reportingpolicy.firstRun", false);
user_pref("toolkit.telemetry.server", "");
user_pref("toolkit.telemetry.server_owner", "");
user_pref("toolkit.telemetry.shutdownPingSender.enabled", false);
user_pref("toolkit.telemetry.unified", false);
user_pref("toolkit.telemetry.updatePing.enabled", false);
user_pref("datareporting.healthreport.infoURL", "");
user_pref("datareporting.healthreport.uploadEnabled", false);
user_pref("datareporting.policy.dataSubmissionEnabled", false);
user_pref("datareporting.policy.firstRunURL", "");
user_pref("browser.tabs.crashReporting.sendReport", false);
user_pref("browser.tabs.crashReporting.email", false);
user_pref("browser.tabs.crashReporting.emailMe", false);
user_pref("breakpad.reportURL", "");
user_pref("security.ssl.errorReporting.automatic", false);
user_pref("toolkit.crashreporter.infoURL", "");
user_pref("network.allow-experiments", false);
user_pref("dom.ipc.plugins.reportCrashUR", false);
user_pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false);
Configuring search metadata
Set the browser’s search to a “standard” state—without any location-based adjustments.
user_pref("browser.search.geoSpecificDefaults", false);
user_pref("browser.search.geoSpecificDefaults.url", "");
user_pref("browser.search.geoip.url", "");
user_pref("browser.search.region", "US");
user_pref("browser.search.suggest.enabled", false);
user_pref("browser.search.update", false);
Push notifications, explained
Push notifications can keep working even after you’ve closed the page.
user_pref("dom.push.enabled", false);
user_pref("dom.push.connection.enabled", false);
user_pref("dom.push.serverURL", "");
But now they can’t.
Preventing DNS Leaks
Here we eliminate potential IPv6 DNS leaks, disable DNS prefetching, and configure DoH (DNS over HTTPS).
user_pref("network.dns.disablePrefetch", true);
user_pref("network.dns.disableIPv6", true);
user_pref("network.security.esni.enabled", true);
user_pref("network.trr.mode", 2);
user_pref("network.trr.uri", "https://cloudflare-dns.com/dns-query");
Disable Redirects
user_pref("network.captive-portal-service.enabled", false);
user_pref("network.captive-portal-service.maxInterval", 0);
user_pref("captivedetect.canonicalURL", "");
Stop sending data to Google’s servers
By default, Google is supposed to protect you from malware and phishing. That’s often useful, but if you know what you’re doing and don’t want Google looking over your shoulder, you can disable that oversight.
user_pref("browser.safebrowsing.allowOverride", false);
user_pref("browser.safebrowsing.blockedURIs.enabled", false);
user_pref("browser.safebrowsing.downloads.enabled", false);
user_pref("browser.safebrowsing.downloads.remote.block_dangerous", false);
user_pref("browser.safebrowsing.downloads.remote.block_dangerous_host", false);
user_pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false);
user_pref("browser.safebrowsing.downloads.remote.block_uncommon", false);
user_pref("browser.safebrowsing.downloads.remote.enabled", false);
user_pref("browser.safebrowsing.malware.enabled", false);
user_pref("browser.safebrowsing.phishing.enabled", false);
user_pref("browser.safebrowsing.downloads.remote.url", "");
user_pref("browser.safebrowsing.provider.google.advisoryName", "");
user_pref("browser.safebrowsing.provider.google.advisoryURL", "");
user_pref("browser.safebrowsing.provider.google.gethashURL", "");
user_pref("browser.safebrowsing.provider.google.reportMalwareMistakeURL", "");
user_pref("browser.safebrowsing.provider.google.reportPhishMistakeURL", "");
user_pref("browser.safebrowsing.provider.google.reportURL", "");
user_pref("browser.safebrowsing.provider.google.updateURL", "");
user_pref("browser.safebrowsing.provider.google4.advisoryName", "");
user_pref("browser.safebrowsing.provider.google4.advisoryURL", "");
user_pref("browser.safebrowsing.provider.google4.dataSharingURL", "");
user_pref("browser.safebrowsing.provider.google4.gethashURL", "");
user_pref("browser.safebrowsing.provider.google4.reportMalwareMistakeURL", "");
Disable DRM
…just because we can!
user_pref("browser.eme.ui.enabled", false);
user_pref("media.eme.enabled", false);
So, we’ve walked through some basic Firefox settings that help you keep your data to yourself. As you can see, without these tweaks the browser effectively tracks your every move, collects tons of telemetry, and ships it around. Since all of this can be turned off, why not do it?
Of course, this guide isn’t truly exhaustive—among the hundreds of browser settings there’s always something else to tune or improve—but we’ve largely shut down the bulk of data collection. Also keep in mind that setting names can change from version to version: some get removed, others added, so the file will need periodic updates.
10 Useful Firefox Extensions
No matter how much you tune your browser, some things are only achievable with extensions. They can also do a lot to harden your security while browsing the web. Here are a few I use and consider essential.
Privacy Possum
Blocks various tracking techniques: referrers, ETag headers, third-party cookies, and poisons fingerprinting data.
uBlock Origin
It’s an excellent ad blocker and more. It ships with extensive filter lists; the only caveat is that most of them are disabled by default, so you’ll need to enable the bulk of them manually in the settings.
uMatrix
A browser extension from the creator of uBlock Origin. It’s a powerful request blocker, and when paired with uBlock it becomes an effective tool against ads and other clutter. The downside is that it needs per-site configuration.
Nano Defender
A solid companion to your ad blocker that counters anti‑adblock measures.
Decentraleyes
A useful extension that thwarts tracking via CDNs (Content Delivery Networks).
Facebook Container
A Mozilla-developed Firefox add-on that helps stop Facebook from tracking you.
Google search link fix
A Firefox extension that cleans up Google and Yandex search results by stripping tracking and preventing the search engine from logging your clicks on results.
NoScript
A popular extension that blocks scripts on websites. Very useful, since scripts are often what compromise anonymity.
HTTPS Everywhere
Automatically forces connections over HTTPS, even when it’s not explicitly specified in the URL.
Privacy Badger
Another extension from the Electronic Frontier Foundation that prevents websites from tracking you.
