Firefox about:config settings for security

Submitted by aiwendil in security_culture (edited by a moderator )

I would like to get a list of firefox configuration settings for enhanced security. These can be used to help make Tor browser more secure, but should only be done in that case by more advanced users that understand the implications of their actions. For the most part these are just settings that will make your Firefox browsing experience more secure.

webgl.disabled=true #disables webgl, good to do if you don't need it.
privacy.resistFingerprinting=true #tells firefox to resist browser fingerprinting(see
privacy.firstparty.isolate=true #helps prevent cross domain tracking
privacy.trackingprotection.enabled=true #firefox built in tracker blocking (uses's tracker list)
browser.cache.offline.enable=false  #disable offline cache
browser.safebrowsing.phishing.enabled=false #increases privacy, could be a security risk, disable at your own risk
browser.safebrowsing.malware.enabled=false #increases privacy, could be a security risk, disable at your own risk
browser.send_pings=false #prevents websites from tracking your clicks
browser.sessionstore.max_tabs_undo=0 #prevents firefox from storing a list of closed tabs
browser.urlbar.speculativeConnect.enabled=false #disable autocomplete function from loading website content.
javascript.enabled=false #disable javascript #disable dom storage
dom.battery.enabled=false #prevents websites from tracking your battery status
dom.event.clipboardevents.enabled=false #prevent websites from accessing your clipboard
geo.enabled=false #disable geolocation
media.navigator.enabled=false #prevent websites from tracking microphone and camera status
network.cookie.cookieBehavior=1 #only accept cookies from the site issuing them
network.cookie.lifetimePolicy=2 #delete cookies at the end of this session
network.dns.disableIPv6=true #disable IPv6 as it may leak your mac address
browser.safebrowsing.enabled=false #turn off safebrowsing all together

##ssl settings
security.tls.version.min=3 #set minimum tls version to 3
security.ssl3.ecdhe_ecdsa_rc4_128_sha=false #disable insecure ssl
security.ssl3.ecdhe_rsa_rc4_128_sha=false #disable insecure ssl
security.ssl3.rsa_rc4_128_md5=false #disable insecure ssl
security.ssl3.rsa_rc4_128_sha=false #disable insecure ssl
security.ssl3.rsa_des_ede3_sha=false #disable insecure ssl
security.ssl.require_safe_negotiation=true #require safe negotiation
security.ssl.treat_unsafe_negotiation_as_broken=true #treat unsafe negotiation as broken


You must log in or register to comment.

bryl wrote

Good stuff. Thanks, mate.


f064fb5ddb9041bc8a4cb0024 wrote

I don't know if this is outdated or not, but still I would recommend using ghack.js for an updated about:config.