Current Version plugins Firefox privacy and security user.js 0.11 is out

The most comprehensive Firefox privacy and security settings collection has been updated to version 0.11 to take into account changes in newer versions of Firefox.

Ghacks champion Pants created the initial list in 2015, and has been on it ever since that day with help of others including earthling and Tom Hawack.

The new user.js file replaces the old one. The download includes the user.js file, the changelog, and two HTML documents that lists all preferences, information and comments.

ghacks user js 011

You are probably wondering what is new in version 0.11 of the file. First of all, the preferences have been updated to take into account changes in Firefox.

Mozilla has added, changed or removed preferences since the last release of the Ghacks user.js file.

Apart from that, there are new sections that you may find interesting.

There are new sections for Service Workers, First Party Isolation, Fingerprint resisting and Tor uplift. The add-ons section has been filled with links to recommended add-ons on top of that.

Some fun stats about the latest privacy and security user.js file:

  1. The list features a total of 464 preferences of which 48 are commented out.
  2. 33 items contain warnings.
  3. The file links to 71 http and 243 https resources for research

Click here to open the original article that has been updated with the new information, or download the new user.js file directly with a click on the following link:

Here is the change log:


2300: NEW SECTION for Service Workers (items renumbered from other sections)
2698: NEW SECTION for FPI (First Party Isolation) – commented out, it’s not ready yet to go prime time
2699: NEW SECTION for privacy.resistFingerprinting (was 2630)
9998: NEW SECTION for To Investigate – Tor Uplift
: APPENDIX B for Add-ons

Renumbered sections

9996: PALE MOON, section renumbered and no longer maintained


2302: was 1012 dom.caches.enabled .. ALL the stuff in the 2300s were moved there, some are new
2301+2303+2304: were 2432+2430+2431 respectively, also new prefs
1216: was 2609 insecure active content
1217: was 2610 insecure passive content
2024: was 3014 media.mediasource.webm.enabled
: some other numbers may have been reused, moved


Loads of them, just look in the deprecated section, its in order of version dropped, then number.


0101: browser.laterrun.enabled
0301: app.update.silent and app.update.staging.enabled
0336: browser.selfsupport.enabled (also merged 0371 with this)
0374: social.enabled
0376: FlyWeb
0380: Sync
0402: Kinto
0410: the entire section: many prefs deprecated, replaced with others, new section 0410g
0421: privacy.trackingprotection.ui.enabled
0440: mozilla flash blocklisting
0608: network.predictor.enable-prefetch
0818: taskbar preview
0819: browser.urlbar.oneOffSearches
0820: disable search reset
0907: force warnings for logins on non-secure sites
0908: browser.fixup.hide_user_pass
0909: signon.formlessCapture.enabled
1012: browser.sessionstore.resume_from_crash (note: old number was moved to 2300s)
1209: TLS extra prefs to control min and max and fallback versions
1213: cyphers disable 3DES
1214: cyphers disable 128 bit ecdhe
1215: disable MS Family Safety cert
1218: HSTS Priming
1219: HSTS preload
1220: disable intermediate CA caching
1408: gfx.font_rendering.graphite.enabled
1602: returned DNT (do not track) from deprecated
1808: disable audio auto-play in non-active tabs
1820+1825+1830+1840+1850: revamp, additions etc to GMP, DRM, OpenH264, Widevine, EME
2011: webgl.enable-debug-renderer-info
2012: webgl.dxgl.enabled + webgl.enable-webgl2
2022: extra prefs for screensharing
2024: MSE (Media Source Extensions)
2025: enable/disable media types
2026: disable canvas capture stream
2027: disable camera image capture
2028: disable offscreen canvas
2403: dom.allow_cut_copy
2415b: limit events that can cause a popup
2425: disable Archive API
2450: offline data storage
2504: new vr prefs
2510: Web Audio API
2511: media.ondevicechange.enabled
2627: revamped section from a single pref about build ID into all your UA/Navigator objects
2628: browser.uitour.url
2650: e10s stuff, never used by me, may be obsolete as e10s rollout changes with each release
2651: control e10s number of container processes
2652: enable console e10s shim warnings
2660: browser.tabs.remote.separateFileUriProcess
2663: MathML
2664: DeviceStorage API
2665: sanitize webchannel whitelist
2666: HTTP Alternative Services
2668: extension directory lockdown
2669: strip paths when sending URLs to PAC scripts
2670: security.block_script_with_wrong_mime
2671: svg.disabled (FF53+)
2706: Storage API
2707: clear localStorage when a WebExtension is uninstalled
2803a: privacy.clearOnShutdown.openWindows
2804a: privacy.cpd.openWindows
2805: privacy.sanitize.timeSpan
3022: hide recently bookmarked items
3023: browser.migrate.automigrate.enabled
Appendix A: new test sites: Browserprint, HTML Security, Symantec, AudioContext, HTML5, Keyboard Events, rel=noopener
Appendix A: new section:; 5 Safe Browsing, Tracking Protection tests


: custom pref renamed and configured as the Monty Python parrot
: custom pref expanded to each section with euphemisms for the parrot’s demise
1211: SHA-1 variables/definitions have been changed by mozilla, recommeneded value has changed
2201: dom.event.contextmenu.enabled is now active
2404: dom.indexedDB.enabled – i turned this on and use an extension to toggle it on and off for sites
2421: two javascript.options now commented out, the performance loss isn’t worth it
: some other prefs may have been turned on/off


3019: network.proxy.type – it is not my place to control end users connections/proxies/vpns etc




Ghacks needs you. You can find out how to support us here or support the site directly by becoming a Patreon. Thank you for being a Ghacks reader.

The post Firefox privacy and security user.js 0.11 is out appeared first on gHacks Technology News.

Leave a Comment

Your email address will not be published. Required fields are marked *

Menu Title