- Enter “about:config” in the firefox address bar and press enter.
- Press the button “I’ll be careful, I promise!”
- Follow the instructions below…
- network.http.sendRefererHeader = 0
- Disable referrer headers.
- network.http.sendSecureXSiteReferrer = false
- Disable referrer headers between https websites.
- privacy.trackingprotection.enabled = true
- This is Mozilla’s new built in tracking protection.
- geo.enabled = false
- Disables geolocation.
- browser.safebrowsing.enabled = false
- Disable Google Safe Browsing and phishing protection. Security risk, but privacy improvement.
- browser.safebrowsing.malware.enabled = false
- Disable Google Safe Browsing malware checks. Security risk, but privacy improvement.
- dom.event.clipboardevents.enabled = false
- Disable that websites can get notifications if you copy, paste, or cut something from a web page, and it lets them know which part of the page had been selected.
- dom.event.contextmenu.enabled = false
- Disables website control over rightclick context menu.
- geo.wifi.logging.enabled = false
- Disables firefox logging geolocation requests.
- network.cookie.alwaysAcceptSessionCookies = false
- Disables acceptance of session cookies.
- network.cookie.cookieBehavior = 2
- Disable cookies
- 0 = accept all cookies by default
- 1 = only accept from the originating site (block third party cookies)
- 2 = block all cookies by default
- network.cookie.lifetimePolicy = 2
- cookies are deleted at the end of the session
- 0 = Accept cookies normally
- 1 = Prompt for each cookie
- 2 = Accept for current session only
- 3 = Accept for N days
- network.dnsCacheEntries = 100
- Number of cached DNS entries. Lower number = More requests but less data stored.
- network.dnsCacheExpiration = 60
- Time DNS entries are cached in seconds.
- places.history.enabled = false
- Disables recording of visited websites.
- browser.formfill.enable = false
- Disables saving of formdata.
- browser.cache.disk.enable = false
- Disables caching on hardrive.
- browser.cache.disk_cache_ssl = false
- Disables caching for ssl connections.
- browser.cache.memory.enable = false
- Disables caching in memory.
- browser.cache.offline.enable = false
- Disables offline cache.
- browser.send_pings = false
- The attribute would be useful for letting websites track visitors’ clicks.
- network.dns.disableIPv6 = true
- If your OS or ISP does not support IPv6, there is no reason to have this preference set to false.
- network.dns.disablePrefetch = true
- To disable DNS prefetching you will need to add network.dns.disablePrefetch as a new boolean preference and set the value to true.
- network.prefetch-next = false
- Link prefetching is when a webpage hints to the browser that certain pages are likely to be visited, so the browser downloads them immediately so they can be displayed immediately when the user requests it. This preference controls whether link prefetching is enabled.
- network.websocket.enabled = false
- WebSockets is a technology that makes it possible to open an interactive communication session between the user’s browser and a server.
- webgl.disabled = true
- WebGL is a potential security risk. Source
Important for VPN users!
While software like NoScript prevents this, it’s probably a good idea to block this protocol directly as well, just to be safe! Todo:
- Search for “media.peerconnection.enabled”
- Double click the entry, the column “Value” should now be “false”
- Done. Do the WebRTC leak test again.
If you want to make sure every single WebRTC related setting is really disabled change these settings:
- media.peerconnection.turn.disable = true
- media.peerconnection.use_document_iceservers = false
- media.peerconnection.video.enabled = false
- media.peerconnection.identity.timeout = 1
Now you can be 100% sure WebRTC is disabled. Voilà!!
Encryption with “HTTPS Everywhere”
HTTPS Everywhere is a Firefox, Chrome, and Opera extension that encrypts your communications with many major websites, making your browsing more secure. A collaboration between The Tor Project and the Electronic Frontier Foundation. https://www.eff.org/https-everywhere
Block Ads with uBlock
uBlock is an lightweight and efficient blocker: easy on memory and CPU footprint. The extension has no monetization strategy and development is volunteered. Available for: Firefox, Safari, Opera, Chromium. https://addons.mozilla.org/en-US/firefox/addon/ublock/
Automatically Delete Cookies with “Self-Destructing Cookies”
Self-Destructing Cookies automatically removes cookies when they are no longer used by open browser tabs. With the cookies, lingering sessions, as well as information used to spy on you, will be expunged. https://addons.mozilla.org/en-US/firefox/addon/self-destructing-cookies/
Be in total control with “NoScript Security Suite”