be consistent

update RFP info
tidy
2025-11-22 16:35:16 +01:00 · 2025-11-22 00:40:49 +00:00 · 2025-11-22 00:39:35 +00:00 · 2025-11-16 19:41:12 +00:00 · 2025-11-16 03:34:58 +00:00 · 2025-11-15 08:15:49 +00:00
2 changed files with 124 additions and 84 deletions
--- a/scratchpad-scripts/arkenfox-cleanup.js
+++ b/scratchpad-scripts/arkenfox-cleanup.js
@@ -6,7 +6,7 @@
  There is an archived version at https://github.com/arkenfox/user.js/issues/123
  if you want the full list since jesus
-  Last updated: 5-March-2025
+  Last updated: 12-November-2025
  Instructions:
  - [optional] close Firefox and backup your profile
@@ -36,6 +36,9 @@
  const aPREFS = [
    /* DEPRECATED */
    /* 129-140 */
    'browser.shopping.experience2023.enabled', // 140
    'browser.urlbar.pocket.featureGate', // 140
    'media.ondevicechange.enabled', // 137
    'webchannel.allowObject.urlWhitelist', // 132
    /* 116-128 */
    'browser.contentanalysis.default_allow', // 127
@@ -73,6 +76,11 @@
    'security.ssl3.rsa_des_ede3_sha', // 93
    /* REMOVED */
    /* 141-153 */
    'browser.display.use_system_colors',
    'browser.urlbar.fakespot.featureGate',
    'security.OCSP.enabled',
    'security.OCSP.require',
    /* 129-140 */
    'dom.securecontext.allowlist_onions',
    'network.http.referer.hideOnionSource',
--- a/user.js
+++ b/user.js
@@ -1,7 +1,7 @@
 /******
 *    name: arkenfox user.js
-*    date: 6 March 2025
+*    date: 15 November 2025
-* version: 135
+* version: 144
 *    urls: https://github.com/arkenfox/user.js [repo]
 *        : https://arkenfox.github.io/gui/ [interactive]
 * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt
@@ -23,6 +23,7 @@
       [SETUP-SECURITY] it's one item, read it
            [SETUP-WEB] can cause some websites to break
         [SETUP-CHROME] changes how Firefox itself behaves (i.e. not directly website related)
         [SETUP-HARDEN] prefs you may like to add to overrides
  6. Override Recipes: https://github.com/arkenfox/user.js/issues/1080
 * RELEASES: https://github.com/arkenfox/user.js/releases
@@ -31,7 +32,7 @@
    - DON'T wait for arkenfox to update Firefox, nothing major changes these days
  * Each release
    - run prefsCleaner to reset prefs made inactive, including deprecated (9999)
-  * ESR
+  * ESR (Extended Support Release)
    - It is recommended to not use the updater, or you will get a later version which may cause issues.
      So you should manually append your overrides (and keep a copy), and manually update when you
      change ESR releases (arkenfox is already past that release)
@@ -46,7 +47,7 @@
  0600: BLOCK IMPLICIT OUTBOUND
  0700: DNS / DoH / PROXY / SOCKS
  0800: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS
-  0900: PASSWORDS
+  0900: PASSWORDS / PASSKEYS
  1000: DISK AVOIDANCE
  1200: HTTPS (SSL/TLS / OCSP / CERTS / HPKP)
  1600: REFERERS
@@ -83,21 +84,22 @@ user_pref("browser.aboutConfig.showWarning", false);
 user_pref("_user.js.parrot", "0100 syntax error: the parrot's dead!");
 /* 0102: set startup page [SETUP-CHROME]
 * 0=blank, 1=home, 2=last visited page, 3=resume previous session
- * [NOTE] Session Restore is cleared with history (2811+), and not used in Private Browsing mode
+ * [NOTE] Session Restore is cleared if history is also cleared (2811+), and not used in Private Browsing mode
 * [SETTING] General>Startup>Restore previous session ***/
 user_pref("browser.startup.page", 0);
 /* 0103: set HOME+NEWWINDOW page
- * about:home=Firefox Home (default, see 0105), custom URL, about:blank
+ * about:home=Firefox Home (default, see 0105), custom URLs..., Blank Page
 * [SETTING] Home>New Windows and Tabs>Homepage and new windows ***/
-user_pref("browser.startup.homepage", "about:blank");
+user_pref("browser.startup.homepage", "chrome://browser/content/blanktab.html");
 /* 0104: set NEWTAB page
 * true=Firefox Home (default, see 0105), false=blank page
 * [SETTING] Home>New Windows and Tabs>New tabs ***/
 user_pref("browser.newtabpage.enabled", false);
 /* 0105: disable sponsored content on Firefox Home (Activity Stream)
 * [SETTING] Home>Firefox Home Content ***/
-user_pref("browser.newtabpage.activity-stream.showSponsored", false); // [FF58+]
+user_pref("browser.newtabpage.activity-stream.showSponsored", false); // [FF58+] Sponsored stories
-user_pref("browser.newtabpage.activity-stream.showSponsoredTopSites", false); // [FF83+] Shortcuts>Sponsored shortcuts
+user_pref("browser.newtabpage.activity-stream.showSponsoredTopSites", false); // [FF83+] Sponsored shortcuts
 user_pref("browser.newtabpage.activity-stream.showSponsoredCheckboxes", false); // [FF140+] Support Firefox
 /* 0106: clear default topsites
 * [NOTE] This does not block you from adding your own ***/
 user_pref("browser.newtabpage.activity-stream.default.sites", "");
@@ -121,11 +123,8 @@ user_pref("extensions.htmlaboutaddons.recommendations.enabled", false);
 * [SETTING] Privacy & Security>Firefox Data Collection and Use>Allow personalized extension recommendations
 * [1] https://support.mozilla.org/kb/personalized-extension-recommendations ***/
 user_pref("browser.discovery.enabled", false);
 /* 0323: disable shopping experience [FF116+]
 * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1840156#c0 ***/
 user_pref("browser.shopping.experience2023.enabled", false); // [DEFAULT: false]
-/** TELEMETRY ***/
+/** ACTIVITY STREAM ***/
 /* 0335: disable Firefox Home (Activity Stream) telemetry ***/
 user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false);
 user_pref("browser.newtabpage.activity-stream.telemetry", false);
@@ -206,7 +205,7 @@ user_pref("network.prefetch-next", false);
 user_pref("network.dns.disablePrefetch", true);
 user_pref("network.dns.disablePrefetchFromHTTPS", true);
 /* 0603: disable predictor / prefetching ***/
-user_pref("network.predictor.enabled", false);
+user_pref("network.predictor.enabled", false); // [DEFAULT: false FF144+]
 user_pref("network.predictor.enable-prefetch", false); // [FF48+] [DEFAULT: false]
 /* 0604: disable link-mouseover opening connection to linked server
 * [1] https://news.slashdot.org/story/15/08/14/2321202/how-to-quash-firefoxs-silent-requests ***/
@@ -285,15 +284,18 @@ user_pref("browser.urlbar.suggest.searches", false);
 user_pref("browser.urlbar.trending.featureGate", false);
 /* 0806: disable urlbar suggestions ***/
 user_pref("browser.urlbar.addons.featureGate", false); // [FF115+]
-user_pref("browser.urlbar.fakespot.featureGate", false); // [FF130+] [DEFAULT: false]
+user_pref("browser.urlbar.amp.featureGate", false); // [FF141+] adMarketplace
-user_pref("browser.urlbar.mdn.featureGate", false); // [FF117+] [HIDDEN PREF]
+user_pref("browser.urlbar.importantDates.featureGate", false); // [FF143+]
-user_pref("browser.urlbar.pocket.featureGate", false); // [FF116+] [DEFAULT: false]
+user_pref("browser.urlbar.market.featureGate", false); // [FF143+] stock market
-user_pref("browser.urlbar.weather.featureGate", false); // [FF108+] [DEFAULT: false]
+user_pref("browser.urlbar.mdn.featureGate", false); // [FF117+]
 user_pref("browser.urlbar.weather.featureGate", false); // [FF108+]
 user_pref("browser.urlbar.wikipedia.featureGate", false); // [FF141+]
 user_pref("browser.urlbar.yelp.featureGate", false); // [FF124+]
 user_pref("browser.urlbar.yelpRealtime.featureGate", false); // [FF144+]
 /* 0807: disable urlbar clipboard suggestions [FF118+] ***/
   // user_pref("browser.urlbar.clipboard.featureGate", false);
 /* 0808: disable recent searches [FF120+]
- * [NOTE] Recent searches are cleared with history (2811+)
+ * [NOTE] Recent searches are cleared if history is cleared (2811+)
 * [1] https://support.mozilla.org/kb/search-suggestions-firefox ***/
   // user_pref("browser.urlbar.recentsearches.featureGate", false);
 /* 0810: disable search and form history
@@ -310,7 +312,7 @@ user_pref("browser.formfill.enable", false);
 /* 0820: disable coloring of visited links
 * [SETUP-HARDEN] Bulk rapid history sniffing was mitigated in 2010 [1][2]. Slower and more expensive
 * redraw timing attacks were largely mitigated in FF77+ [3]. Using RFP (4501) further hampers timing
- * attacks. Don't forget clearing history on exit (2811+). However, social engineering [2#limits][4][5]
+ * attacks. History can also be cleared on exit (2811+). However, social engineering [2#limits][4][5]
 * and advanced targeted timing attacks could still produce usable results
 * [1] https://developer.mozilla.org/docs/Web/CSS/Privacy_and_the_:visited_selector
 * [2] https://dbaron.org/mozilla/visited-privacy
@@ -323,14 +325,14 @@ user_pref("browser.formfill.enable", false);
 user_pref("browser.search.separatePrivateDefault", true); // [FF70+]
 user_pref("browser.search.separatePrivateDefault.ui.enabled", true); // [FF71+]
-/*** [SECTION 0900]: PASSWORDS
+/*** [SECTION 0900]: PASSWORDS / PASSKEYS
   [1] https://support.mozilla.org/kb/use-primary-password-protect-stored-logins-and-pas
 ***/
 user_pref("_user.js.parrot", "0900 syntax error: the parrot's expired!");
 /* 0903: disable auto-filling username & password form fields
 * can leak in cross-site forms *and* be spoofed
 * [NOTE] Username & password is still available when you enter the field
- * [SETTING] Privacy & Security>Logins and Passwords>Autofill logins and passwords
+ * [SETTING] Privacy & Security>Passwords>Autofill logins and passwords
 * [1] https://freedom-to-tinker.com/2017/12/27/no-boundaries-for-user-identities-web-trackers-exploit-browser-login-managers/
 * [2] https://homes.esat.kuleuven.be/~asenol/leaky-forms/ ***/
 user_pref("signon.autofillForms", false);
@@ -349,6 +351,9 @@ user_pref("network.auth.subresource-http-auth-allow", 1);
 /* 0907: enforce no automatic authentication on Microsoft sites [FF131+] [MAC]
 * On macOS, SSO only works on corporate devices ***/
   // user_pref("network.http.microsoft-entra-sso.enabled", false); // [DEFAULT: false]
 /* 0910: enforce no direct attestation in passkeys [FF144+]
   // [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1981587 ***/
 user_pref("security.webauthn.always_allow_direct_attestation", false); // [DEFAULT: false]
 /*** [SECTION 1000]: DISK AVOIDANCE ***/
 user_pref("_user.js.parrot", "1000 syntax error: the parrot's gone to meet 'is maker!");
@@ -402,29 +407,6 @@ user_pref("security.ssl.require_safe_negotiation", true);
 * [3] https://blog.cloudflare.com/tls-1-3-overview-and-q-and-a/ ***/
 user_pref("security.tls.enable_0rtt_data", false);
 /** OCSP (Online Certificate Status Protocol)
   [1] https://scotthelme.co.uk/revocation-is-broken/
   [2] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/
 ***/
 /* 1211: enforce OCSP fetching to confirm current validity of certificates
 * 0=disabled, 1=enabled (default), 2=enabled for EV certificates only
 * OCSP (non-stapled) leaks information about the sites you visit to the CA (cert authority)
 * It's a trade-off between security (checking) and privacy (leaking info to the CA)
 * [NOTE] This pref only controls OCSP fetching and does not affect OCSP stapling
 * [SETTING] Privacy & Security>Security>Certificates>Query OCSP responder servers...
 * [1] https://en.wikipedia.org/wiki/Ocsp ***/
 user_pref("security.OCSP.enabled", 1); // [DEFAULT: 1]
 /* 1212: set OCSP fetch failures (non-stapled, see 1211) to hard-fail
 * [SETUP-WEB] SEC_ERROR_OCSP_SERVER_ERROR | SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST
 * When a CA cannot be reached to validate a cert, Firefox just continues the connection (=soft-fail)
 * Setting this pref to true tells Firefox to instead terminate the connection (=hard-fail)
 * It is pointless to soft-fail when an OCSP fetch fails: you cannot confirm a cert is still valid (it
 * could have been revoked) and/or you could be under attack (e.g. malicious blocking of OCSP servers)
 * [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/
 * [2] https://www.imperialviolet.org/2014/04/19/revchecking.html
 * [3] https://letsencrypt.org/2024/12/05/ending-ocsp/ ***/
 user_pref("security.OCSP.require", true);
 /** CERTS / HPKP (HTTP Public Key Pinning) ***/
 /* 1223: enable strict PKP (Public Key Pinning)
 * 0=disabled, 1=allow user MiTM (default; such as your antivirus), 2=strict
@@ -433,12 +415,13 @@ user_pref("security.cert_pinning.enforcement_level", 2);
 /* 1224: enable CRLite [FF73+]
 * 0 = disabled
 * 1 = consult CRLite but only collect telemetry
- * 2 = consult CRLite and enforce both "Revoked" and "Not Revoked" results
+ * 2 = consult CRLite and enforce both "Revoked" and "Not Revoked" results (default)
- * 3 = consult CRLite and enforce "Not Revoked" results, but defer to OCSP for "Revoked" (default)
+ * 3 = consult CRLite and enforce "Not Revoked" results, but defer to OCSP for "Revoked" (removed FF145)
 * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1429800,1670985,1753071
- * [2] https://blog.mozilla.org/security/tag/crlite/ ***/
+ * [2] https://blog.mozilla.org/security/tag/crlite/
 * [3] https://hacks.mozilla.org/2025/08/crlite-fast-private-and-comprehensive-certificate-revocation-checking-in-firefox/ ***/
 user_pref("security.remote_settings.crlite_filters.enabled", true); // [DEFAULT: true FF137+]
-user_pref("security.pki.crlite_mode", 2);
+user_pref("security.pki.crlite_mode", 2); // [DEFAULT: 2 FF142+]
 /** MIXED CONTENT ***/
 /* 1241: disable insecure passive content (such as images) on https pages ***/
@@ -562,15 +545,19 @@ user_pref("network.IDN_show_punycode", true);
 * [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=pdf.js+firefox ***/
 user_pref("pdfjs.disabled", false); // [DEFAULT: false]
 user_pref("pdfjs.enableScripting", false); // [FF86+]
-/* 2624: disable middle click on new tab button opening URLs or searches using clipboard [FF115+] */
+/* 2624: disable middle click on new tab button opening URLs or searches using clipboard [FF115+] ***/
 user_pref("browser.tabs.searchclipboardfor.middleclick", false); // [DEFAULT: false NON-LINUX]
 /* 2630: disable content analysis by DLP (Data Loss Prevention) agents
 * DLP agents are background processes on managed computers that allow enterprises to monitor locally running
 * applications for data exfiltration events, which they can allow/block based on customer defined DLP policies.
 * 0=Block all requests, 1=Warn on all requests (which lets the user decide), 2=Allow all requests
- * [1] https://github.com/chromium/content_analysis_sdk */
+ * [1] https://github.com/chromium/content_analysis_sdk ***/
 user_pref("browser.contentanalysis.enabled", false); // [FF121+] [DEFAULT: false]
 user_pref("browser.contentanalysis.default_result", 0); // [FF127+] [DEFAULT: 0]
 /* 2635: disable referrer and storage access for resources injected by content scripts [FF139+] ***/
 user_pref("privacy.antitracking.isolateContentScriptResources", true);
 /* 2640: disable CSP Level 2 Reporting [FF140+] ***/
 user_pref("security.csp.reporting.enabled", false);
 /** DOWNLOADS ***/
 /* 2651: enable user interaction for security by always asking where to download
@@ -610,15 +597,26 @@ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin
 * [SETTING] to add site exceptions: Urlbar>ETP Shield
 * [SETTING] to manage site exceptions: Options>Privacy & Security>Enhanced Tracking Protection>Manage Exceptions ***/
 user_pref("browser.contentblocking.category", "strict"); // [HIDDEN PREF]
-/* 2702: disable ETP web compat features [FF93+]
+/* 2702: disable ETP web compat features (about:compat) [FF93+]
 * [SETUP-HARDEN] Includes skip lists, heuristics (SmartBlock) and automatic grants
 * Opener and redirect heuristics are granted for 30 days, see [3]
 * [1] https://blog.mozilla.org/security/2021/07/13/smartblock-v2/
 * [2] https://hg.mozilla.org/mozilla-central/rev/e5483fd469ab#l4.12
 * [3] https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning#storage_access_heuristics ***/
   // user_pref("privacy.antitracking.enableWebcompat", false);
 /* 2705: set ETP Strict/Custom exception lists (FF141+)
 [SETTING] Options>Privacy & Security>Enhanced Tracking Protection>Strict/Custom>Fix major [baseline] | minor [convenience]
 [1] https://support.mozilla.org/en-US/kb/manage-enhanced-tracking-protection-exceptions
 [2] https://etp-exceptions.mozilla.org/ ***/
 user_pref("privacy.trackingprotection.allow_list.baseline.enabled", true); // [DEFAULT: true]
 user_pref("privacy.trackingprotection.allow_list.convenience.enabled", true); // [DEFAULT: true]
-/*** [SECTION 2800]: SHUTDOWN & SANITIZING ***/
+/*** [SECTION 2800]: SHUTDOWN & SANITIZING
   We enable sanitizeOnShutdown to help prevent 1st party website tracking across sessions.
   We consider history/downloads, which are not accessible to websites, as orthogonal and exempt these
   [SETUP-HARDEN] to clear all history/downloads on close, add the appropriate overrides from 2800's
 ***/
 user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!");
 /* 2810: enable Firefox to clear items on shutdown
 * [NOTE] In FF129+ clearing "siteSettings" on shutdown (2811+), or manually via site data (2820+) and
@@ -629,11 +627,11 @@ user_pref("privacy.sanitize.sanitizeOnShutdown", true);
 /** SANITIZE ON SHUTDOWN: IGNORES "ALLOW" SITE EXCEPTIONS ***/
 /* 2811: set/enforce clearOnShutdown items (if 2810 is true) [SETUP-CHROME] [FF128+] ***/
 user_pref("privacy.clearOnShutdown_v2.cache", true); // [DEFAULT: true]
-user_pref("privacy.clearOnShutdown_v2.historyFormDataAndDownloads", true); // [DEFAULT: true]
+user_pref("privacy.clearOnShutdown_v2.historyFormDataAndDownloads", false); // [DEFAULT: true]
   // user_pref("privacy.clearOnShutdown_v2.siteSettings", false); // [DEFAULT: false]
 /* 2812: set/enforce clearOnShutdown items [FF136+] ***/
-user_pref("privacy.clearOnShutdown_v2.browsingHistoryAndDownloads", true); // [DEFAULT: true]
+user_pref("privacy.clearOnShutdown_v2.browsingHistoryAndDownloads", false); // [DEFAULT: true]
-user_pref("privacy.clearOnShutdown_v2.downloads", true);
+user_pref("privacy.clearOnShutdown_v2.downloads", false); // [HIDDEN]
 user_pref("privacy.clearOnShutdown_v2.formdata", true);
 /* 2813: set Session Restore to clear on shutdown (if 2810 is true) [FF34+]
 * [NOTE] Not needed if Session Restore is not used (0102) or it is already cleared with history (2811+)
@@ -653,12 +651,12 @@ user_pref("privacy.clearOnShutdown_v2.cookiesAndStorage", true);
 /* 2820: set manual "Clear Data" items [SETUP-CHROME] [FF128+]
 * Firefox remembers your last choices. This will reset them when you start Firefox
 * [SETTING] Privacy & Security>Browser Privacy>Cookies and Site Data>Clear Data ***/
-user_pref("privacy.clearSiteData.cache", true);
+user_pref("privacy.clearSiteData.cache", true); // [DEFAULT: true]
 user_pref("privacy.clearSiteData.cookiesAndStorage", false); // keep false until it respects "allow" site exceptions
-user_pref("privacy.clearSiteData.historyFormDataAndDownloads", true);
+user_pref("privacy.clearSiteData.historyFormDataAndDownloads", false);
   // user_pref("privacy.clearSiteData.siteSettings", false);
 /* 2821: set manual "Clear Data" items [FF136+] ***/
-user_pref("privacy.clearSiteData.browsingHistoryAndDownloads", true);
+user_pref("privacy.clearSiteData.browsingHistoryAndDownloads", false);
 user_pref("privacy.clearSiteData.formdata", true);
 /** SANITIZE HISTORY: IGNORES "ALLOW" SITE EXCEPTIONS ***/
@@ -667,10 +665,10 @@ user_pref("privacy.clearSiteData.formdata", true);
 * [SETTING] Privacy & Security>History>Custom Settings>Clear History ***/
 user_pref("privacy.clearHistory.cache", true); // [DEFAULT: true]
 user_pref("privacy.clearHistory.cookiesAndStorage", false);
-user_pref("privacy.clearHistory.historyFormDataAndDownloads", true); // [DEFAULT: true]
+user_pref("privacy.clearHistory.historyFormDataAndDownloads", false); // [DEFAULT: true]
   // user_pref("privacy.clearHistory.siteSettings", false); // [DEFAULT: false]
 /* 2831: set manual "Clear History" items [FF136+] ***/
-user_pref("privacy.clearHistory.browsingHistoryAndDownloads", true); // [DEFAULT: true]
+user_pref("privacy.clearHistory.browsingHistoryAndDownloads", false); // [DEFAULT: true]
 user_pref("privacy.clearHistory.formdata", true);
 /** SANITIZE MANUAL: TIMERANGE ***/
@@ -689,13 +687,20 @@ user_pref("privacy.sanitize.timeSpan", 0);
   on a per site basis for compatibility (4004).
   https://searchfox.org/mozilla-central/source/toolkit/components/resistfingerprinting/RFPTargetsDefault.inc
   https://support.mozilla.org/en-US/kb/firefox-protection-against-fingerprinting#w_how-does-each-protection-work
   [NOTE] RFPTargets + granular overrides are somewhat experimental and may produce unexpected results
   - e.g. FrameRate can only be controlled per process, not per origin
-   1826408 - restrict fonts to system (kBaseFonts + kLangPackFonts) (Windows, Mac, some Linux)
+   1826408 - restrict to system fonts (kBaseFonts + kLangPackFonts) (Windows, Mac, some Linux) (FF119+)
      1928705: android (FF134+)
      https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc
   1858181 - subtly randomize canvas per eTLD+1, per session and per window-mode (FF120+)
   1887682 - use fdlibm's sin, cos and tan in jsmath (FF134+)
   1954194 - available screen resolution: return a fixed offset height from screen per platform when not full screen (FF143+)
   1984333 - hardwareConcurrency: less than 8 return 4 else return 8 (FF143+)
   1977836 - maxTouchPoints: return multi-touch as 5 (FF143+)
   1917607 - subtly randomize WebGL's readPixels (FF145+)
 ***/
 user_pref("_user.js.parrot", "4000 syntax error: the parrot's bereft of life!");
 /* 4001: enable FPP in PB mode [FF114+]
@@ -720,18 +725,17 @@ user_pref("_user.js.parrot", "4000 syntax error: the parrot's bereft of life!");
   FF128+ Arkenfox by default uses FPP (automatically enabled with ETP Strict). For most people
   this is all you need. To use RFP instead, add RFP (4501) to your overrides, and optionally
-   add letterboxing (4504), spoof_english (4506), and webgl (4520).
+   add letterboxing (4504), spoof_english (4506), and WebGL (4520).
   RFP is an all-or-nothing buy in: you cannot pick and choose what parts you want
   [WARNING] DO NOT USE extensions to alter RFP protected metrics
    418986 - limit window.screen & CSS media queries (FF41)
   1360039 - spoof navigator.hardwareConcurrency as 2 (FF55)
 FF56
   1333651 - spoof User Agent & Navigator API
-      JS: spoofed as Windows 10, OS 10.15, Android 10, or Linux
+      JS: spoofed as Windows 10, OS X 10.15, Android 10, or Linux
-      HTTP Header: spoofed as Windows 10 or Android 10.15 until FF136 then matches JS spoof
+      HTTP Header: spoofed as Windows 10 or Android 10 until FF136 then matches JS spoof
   1369319 - disable device sensor API
   1369357 - disable site specific zoom
   1337161 - hide gamepads from content
@@ -750,10 +754,12 @@ user_pref("_user.js.parrot", "4000 syntax error: the parrot's bereft of life!");
   1222285 & 1433592 - spoof keyboard events and suppress keyboard modifier events (FF59)
      Spoofing mimics the content language of the document. Currently it only supports en-US.
      Modifier events suppressed are SHIFT and both ALT keys. Chrome is not affected.
   1337157 - disable WebGL debug renderer info (FF60)
   1459089 - disable OS locale in HTTP Accept-Language headers (ANDROID) (FF62)
   1479239 - return "no-preference" with prefers-reduced-motion (FF63)
-   1363508 & 1826051 - spoof/suppress Pointer Events (FF64, FF132)
+   1363508 & 1826051 & 1957658 - spoof/suppress Pointer Events, spoof maxTouchPoints (FF64, FF132, FF143, ESR140.2)
       FF64: maxTouchPoints: 0 = desktop
      FF132: maxTouchPoints: 0 = mac | 10 = windows, linux, mobile
      FF143/140.2: maxTouchPoints: 0 = mac, linux | 10 = windows | 5 = mobile
   1492766 - spoof pointerEvent.pointerid (FF65)
   1485266 - disable exposure of system colors to CSS or canvas (FF67)
   1494034 - return "light" with prefers-color-scheme (FF67)
@@ -765,19 +771,29 @@ user_pref("_user.js.parrot", "4000 syntax error: the parrot's bereft of life!");
   1653987 - limit font visibility to bundled and "Base Fonts" (Windows, Mac, some Linux) (FF80)
   1461454 - spoof smooth=true and powerEfficient=false for supported media in MediaCapabilities (FF82)
    531915 - use fdlibm's sin, cos and tan in jsmath (FF93, ESR91.1)
   1756280 - enforce navigator.pdfViewerEnabled as true and plugins/mimeTypes as hard-coded values (FF100-115)
   1692609 - reduce JS timing precision to 16.67ms (previously FF55+ was 100ms) (FF102)
   1422237 - return "srgb" with color-gamut (FF110)
   1794628 - return "none" with inverted-colors (FF114)
   1787790 - normalize system fonts (FF128)
   1835987 - spoof timezone as Atlantic/Reykjavik (previously FF55+ was UTC) (FF128)
   1656377 - spoof pointerEvents azimuthAngle and altitudeAngle (FF131)
   1834307 - always use smooth scrolling (FF132)
   1918202 - spoof screen orientation based on spoofed screen size and platform (FF132)
-      previously it always returned landscape-primary and an angle of 0 (FF50+)
+      previously FF50+ it always returned landscape-primary and an angle of 0
   1390465 - load all subtitles in WebVTT (Video Text Tracks) (FF133)
   1873382 - make spoofed devicePixelRatio and CSS media queries match (FF133)
      previously FF41+ devicePixelRatio was hardcoded as 1 and FF127+ as 2
      previously FF41+ CSS media queries were spoofed as zoom level at a devicePixelRatio of 1
   1955425 - return 128 for WebGPU subgroupMaxSize (FF138)
   1966860 - spoof WebGL debug renderer info (FF140)
      previously FF60+ it was disabled
   1781277 - return 10GiB for storage estimate until persistent-storage granted (FF142, ESR140.1)
   1972600 - spoof network connection for HTMLMediaElement preload (FF142, ESR140.1)
   1975851 - return true for navigator.onLine (FF142, ESR140.1)
   1973265 - disable WebCodecs API (FF142)
   1984333 - spoof navigator.hardwareConcurrency as 4 except mac return 8 (FF143)
       previously FF55+ it returned 2
   1999126 - enforce navigator.pdfViewerEnabled as true and plugins/mimeTypes as hard-coded values (FF147)
 ***/
 user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs");
 /* 4501: enable RFP
@@ -799,16 +815,17 @@ user_pref("privacy.resistFingerprinting.block_mozAddonManager", true);
 * Dynamically resizes the inner window by applying margins in stepped ranges [2]
 * If you use the dimension pref, then it will only apply those resolutions.
 * The format is "width1xheight1, width2xheight2, ..." (e.g. "800x600, 1000x1000")
- * [SETUP-WEB] This is independent of RFP (4501). If you're not using RFP, or you are but
+ * [SETUP-WEB] This is independent of RFP (4501). If you're using RFP, but dislike the
- * dislike the margins, then flip this pref, keeping in mind that it is effectively fingerprintable
+ * margins, then don't enable this pref, keeping in mind that it is effectively fingerprintable
 * [WARNING] DO NOT USE: the dimension pref is only meant for testing
 * [1] https://bugzilla.mozilla.org/1407366
 * [2] https://hg.mozilla.org/mozilla-central/rev/7211cb4f58ff#l5.13 ***/
   // user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF]
   // user_pref("privacy.resistFingerprinting.letterboxing.dimensions", ""); // [HIDDEN PREF]
 /* 4505: disable RFP by domain [FF91+]
- * [NOTE] Working examples: "arkenfox.github.io", "*github.io"
+ * [NOTE]: The pref takes comma separated values: e.g. "*domain1.tld, *domain2.tld"
- * Non-working examples: "https://arkenfox.github.io", "github.io", "*arkenfox.github.io" ***/
+ * Working domain examples: "arkenfox.github.io", "*github.io"
 * Non-working domain examples: "https://arkenfox.github.io", "github.io", "*arkenfox.github.io" ***/
   // user_pref("privacy.resistFingerprinting.exemptedDomains", "*.example.invalid");
 /* 4506: disable RFP spoof english prompt [FF59+]
 * 0=prompt, 1=disabled, 2=enabled
@@ -816,9 +833,12 @@ user_pref("privacy.resistFingerprinting.block_mozAddonManager", true);
 * [SETUP-WEB] when enabled, sets 'en-US, en' for displaying pages and 'en-US' as locale.
 * [SETTING] General>Language>Choose your preferred language for displaying pages>Choose>Request English... ***/
 user_pref("privacy.spoof_english", 1);
-/* 4510: disable using system colors
+/* 4507: skip browser.startup.blankWindow if RFP is used [FF136+] ***/
- * [SETTING] General>Language and Appearance>Fonts and Colors>Colors>Use system colors ***/
+   // user_pref("privacy.resistFingerprinting.skipEarlyBlankFirstPaint", true); // [DEFAULT: true]
-user_pref("browser.display.use_system_colors", false); // [DEFAULT: false NON-WINDOWS]
+/* 4510: enforce Contrast Control off [FF138+]
 * 0=automatic, 1=off, 2=custom
 * [SETTING] General>Language and Appearance>Contrast Control ***/
   // user_pref("browser.display.document_color_use", 1); // [DEFAULT: 1 NON-WINDOWS]
 /* 4511: disable using system accent colors ***/
 user_pref("widget.non-native-theme.use-theme-accent", false); // [DEFAULT: false WINDOWS]
 /* 4512: enforce links targeting new windows to open in a new tab instead
@@ -964,7 +984,7 @@ user_pref("_user.js.parrot", "5500 syntax error: this is an ex-parrot!");
   // user_pref("javascript.options.wasm", false);
 /* 5507: disable rendering of SVG OpenType fonts ***/
   // user_pref("gfx.font_rendering.opentype_svg.enabled", false);
-/* 5508: disable all DRM content (EME: Encryption Media Extension)
+/* 5508: disable all DRM (Digital Rights Management) content (EME: Encryption Media Extension)
 * Optionally hide the UI setting which also disables the DRM prompt
 * [SETTING] General>DRM Content>Play DRM-controlled content
 * [TEST] https://bitmovin.com/demos/drm
@@ -1016,7 +1036,7 @@ user_pref("security.tls.version.enable-deprecated", false); // [DEFAULT: false]
 * [WHY] To prevent wasting Mozilla's time with a custom setup ***/
 user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false]
 /* 6012: enforce Quarantined Domains [FF115+]
- * [WHY] https://support.mozilla.org/kb/quarantined-domains */
+ * [WHY] https://support.mozilla.org/kb/quarantined-domains ***/
 user_pref("extensions.quarantinedDomains.enabled", true); // [DEFAULT: true]
 /* 6050: prefsCleaner: reset previously active items removed from arkenfox FF128+ ***/
   // user_pref("privacy.clearOnShutdown.cache", "");
@@ -1032,6 +1052,11 @@ user_pref("extensions.quarantinedDomains.enabled", true); // [DEFAULT: true]
   // user_pref("privacy.cpd.history", "");
   // user_pref("privacy.cpd.offlineApps", "");
   // user_pref("privacy.cpd.sessions", "");
 /* 6051: prefsCleaner: reset previously active items removed from arkenfox FF140+ ***/
   // user_pref("browser.display.use_system_colors", "");
   // user_pref("browser.urlbar.fakespot.featureGate", "");
   // user_pref("security.OCSP.enabled", "");
   // user_pref("security.OCSP.require", "");
 /*** [SECTION 7000]: DON'T BOTHER ***/
 user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies!");
@@ -1120,7 +1145,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies
   // user_pref("privacy.trackingprotection.cryptomining.enabled", true); // [DEFAULT: true]
   // user_pref("privacy.trackingprotection.fingerprinting.enabled", true); // [DEFAULT: true]
 /* 7017: disable service workers
- * [WHY] Already isolated with TCP (2701) behind a pref (2710) ***/
+ * [WHY] Already isolated with TCP (2701) behind a pref ***/
   // user_pref("dom.serviceWorkers.enabled", false);
 /* 7018: disable Web Notifications [FF22+]
 * [WHY] Web Notifications are behind a prompt (7002)
@@ -1166,7 +1191,6 @@ user_pref("_user.js.parrot", "8000 syntax error: the parrot's crossed the Jordan
   // user_pref("general.platform.override", "");
   // user_pref("general.useragent.override", "");
   // user_pref("media.navigator.enabled", "");
   // user_pref("media.ondevicechange.enabled", "");
   // user_pref("media.video_stats.enabled", "");
   // user_pref("media.webspeech.synth.enabled", "");
   // user_pref("ui.use_standins_for_native_colors", "");
@@ -1240,9 +1264,17 @@ user_pref("_user.js.parrot", "9999 syntax error: the parrot's shuffled off 'is m
 /* ESR128.x still uses all the following prefs
 // [NOTE] replace the * with a slash in the line above to re-enable active ones
 // FF132
-/* 2617: remove webchannel whitelist
+// 2617: remove webchannel whitelist
   // [-] https://bugzilla.mozilla.org/1275612
   // user_pref("webchannel.allowObject.urlWhitelist", "");
 // FF140
 // 0323: disable shopping experience [FF116+]
   // [-] https://bugzilla.mozilla.org/1964845
   // [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1840156#c0
 user_pref("browser.shopping.experience2023.enabled", false); // [DEFAULT: false]
 // 0806: disable urlbar suggestions
   // [-] https://bugzilla.mozilla.org/1959497
 user_pref("browser.urlbar.pocket.featureGate", false); // [FF116+] [DEFAULT: false]
 // ***/
 /* END: internal custom pref to test for syntax errors ***/
Author	SHA1	Message	Date
Thorin-Oakenpants	c90135cf86	be consistent	2025-11-22 00:40:49 +00:00
Thorin-Oakenpants	54956e548a	update RFP info	2025-11-22 00:39:35 +00:00
Thorin-Oakenpants	5ca8f0c10c	tidy	2025-11-16 19:41:12 +00:00
Thorin-Oakenpants	e1dd797b38	yelpRealtime.featureGate	2025-11-16 03:34:58 +00:00
Thorin-Oakenpants	669930fd21	passkeys attestation	2025-11-15 08:15:49 +00:00
Thorin-Oakenpants	dd081db007	ETP exception lists	2025-11-15 05:59:31 +00:00
Thorin-Oakenpants	59c17aad4c	MOAR featuregates JFC	2025-11-12 14:03:00 +00:00
Thorin-Oakenpants	845872ca65	fakespot.featureGate	2025-11-12 03:03:37 +00:00
Thorin-Oakenpants	7c4444167f	remove fakespot default false and discontinued	2025-11-12 03:02:29 +00:00
Thorin-Oakenpants	bfcb3659c1	Merge branch 'master' into Thorin-Oakenpants-patch-1	2025-11-03 01:32:40 +00:00
Thorin-Oakenpants	0f14e030b3	v140.1 (#2013 )	2025-11-03 00:52:16 +00:00
Thorin-Oakenpants	e69b54487c	correct RFP info	2025-11-01 02:54:54 +00:00
Thorin-Oakenpants	c569822cd1	grrrrr .. must. be. consistent.	2025-10-31 22:15:04 +00:00
Thorin-Oakenpants	1f58af5cf6	add document_color_use, #1965	2025-10-31 22:12:57 +00:00
Thorin-Oakenpants	8cd31371f2	browser.display.use_system_colors, #1965	2025-10-31 20:23:52 +00:00
Thorin-Oakenpants	1c76110c4c	remove 4510, #1965	2025-10-31 20:22:46 +00:00
Thorin-Oakenpants	d01f1e971e	update clearing history mentions	2025-10-31 19:04:26 +00:00
Thorin-Oakenpants	ba7f0cee9a	don't sanitize history/downloads	2025-10-31 18:37:36 +00:00
Thorin-Oakenpants	7007e28e4e	tidy	2025-10-09 07:10:19 +00:00
Thorin-Oakenpants	a05d90d612	make 2635 active it added as inactive in 140 due to bugs not fixed in time - seems stable now	2025-10-01 08:38:49 +00:00
Thorin-Oakenpants	0ef5f72c5f	tidy	2025-09-24 13:23:18 +00:00
Thorin-Oakenpants	c5087d6522	tidy	2025-08-25 11:25:44 +00:00
Thorin-Oakenpants	ff92cee8f0	update FPP info	2025-08-24 05:03:28 +00:00
Thorin-Oakenpants	934a339e41	add removed OCSP prefs to cleanup script	2025-08-20 16:10:56 +00:00
Thorin-Oakenpants	ae6242bded	remove OCSP, #1576	2025-08-20 16:01:10 +00:00
Thorin-Oakenpants	9ad1ce561f	v142	2025-08-19 10:49:32 +00:00
Thorin-Oakenpants	9103afafff	deprecated FF140	2025-08-13 18:29:19 +00:00
Thorin-Oakenpants	9e8ead84c8	v140 (#1945 )	2025-08-13 18:27:04 +00:00
Thorin-Oakenpants	7f852e94fc	media.ondevicechange.enabled	2025-04-21 15:04:04 +00:00