== Getting started ==
* <code>privacy.firstparty.isolate = true</code>
A result of the Tor Uplift effort, this preference isolates all browser identifier sources (e.g. cookies) to the first party domain, with the goal of preventing tracking across different domains.
* <code>privacy.resistFingerprinting = true</code>
A result of the Tor Uplift effort, this preference makes Firefox more resistant to browser fingerprinting.
* <code> browser.cache.offline.enable = false </code>
Disables offline cache.
* <code> browser.safebrowsing.malware.enabled = false </code>
Disable Google Safe Browsing malware checks. Security risk, but privacy improvement.
* <code> browser.safebrowsing.phishing.enabled = false </code>
Disable Google Safe Browsing and phishing protection. Security risk, but privacy improvement.
* <code> browser.send_pings = false </code>
The attribute would be useful for letting websites track visitors’ clicks.
* <code> browser.sessionstore.max_tabs_undo = 0 </code>
Even with Firefox set to not remember history, your closed tabs are stored temporarily at Menu -> History -> Recently Closed Tabs.
* <code> browser.urlbar.speculativeConnect.enabled = false </code>
Disable preloading of autocomplete URLs. Firefox preloads URLs that autocomplete when a user types into the address bar, which is a concern if URLs are suggested that the user does not want to connect to. Source
* <code> dom.battery.enabled = false </code>
Website owners can track the battery status of your device. Source
* <code> dom.event.clipboardevents.enabled = false </code>
Disable that websites can get notifications if you copy, paste, or cut something from a web page, and it lets them know which part of the page had been selected.
* <code> geo.enabled = false </code>
Disables geolocation.
* <code> media.navigator.enabled = false </code>
Websites can track the microphone and camera status of your device.
* <code> network.cookie.cookieBehavior = 1 </code>
Disable cookies
0 = Accept all cookies by default
1 = Only accept from the originating site (block third party cookies)
2 = Block all cookies by default
* <code> network.cookie.lifetimePolicy = 2 </code>
cookies are deleted at the end of the session
0 = Accept cookies normally
1 = Prompt for each cookie
2 = Accept for current session only
3 = Accept for N days
* <code> network.http.referer.trimmingPolicy = 2 </code>
Send only the scheme, host, and port in the Referer header
0 = Send the full URL in the Referer header
1 = Send the URL without its query string in the Referer header
2 = Send only the scheme, host, and port in the Referer header
* <code> network.http.referer.XOriginPolicy = 2 </code>
Only send Referer header when the full hostnames match. (Note: if you notice significant breakage, you might try 1 combined with an XOriginTrimmingPolicy tweak below.) Source
0 = Send Referer in all cases
1 = Send Referer to same eTLD sites
2 = Send Referer only when the full hostnames match
* <code> network.http.referer.XOriginTrimmingPolicy = 2 </code>
When sending Referer across origins, only send scheme, host, and port in the Referer header of cross-origin requests. Source
0 = Send full url in Referer
1 = Send url without query string in Referer
2 = Only send scheme, host, and port in Referer
* <code> webgl.disabled = true </code>
WebGL is a potential security risk.
== Related Information ==