4500 RFP keyboard stuff

see 3d5276484a (commitcomment-27760142)

.gitattributes

@@ -1,8 +1,14 @@
-* text=auto
+## * text=auto
 
-*.js text
-*.md text
-*.yml text
-*.txt text
+*.js text=auto
+*.md text=auto
+*.yml text=auto
+*.txt text=auto
+*.sh text=auto
+*.bat eol=crlf
 
 *.png binary
+
+.gitattributes export-ignore
+*.yml export-ignore
+wikipiki export-ignore

README.md

@@ -2,36 +2,20 @@
 A `user.js` is a configuration file that can control hundreds of Firefox settings. For a more technical breakdown and explanation, you can read more on the [overview](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.1-Overview) wiki page.
 
 ### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) ghacks user.js
-The [ghacks user.js](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/user.js) is a template, which, as provided, aims (![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/exclamation.png) with [extensions](https://github.com/ghacksuserjs/ghacks-user.js/wiki/Appendix-B:-Extensions) <sup>1</sup> ) to provide as much privacy and enhanced security as possible, and to reduce tracking and fingerprinting as much as possible - while minimizing any loss of functionality and breakage (but it will happen).
+The `ghacks user.js` is a **template**, which, as provided, aims to provide as much privacy and enhanced security as possible, and to reduce tracking and fingerprinting as much as possible - while minimizing any loss of functionality and breakage (but it will happen).
 
-We aim to INFORM and give you CHOICES. No one size fits all, so customize it! And not all sites have the same requirements, so use [profiles](https://github.com/ghacksuserjs/ghacks-user.js/wiki/2.3-Concurrent-Profiles) with custom versions. We won't set you wrong.
+Everyone, experts included, should at least read the [implementation](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation) wiki page, as it contains important information regarding a few `ghacks user.js` settings.
 
-INFORMATION IS POWER. So you can make informed decisions to better protect yourself online, we aim to be:
-
-* Accessible (provide information and simpler, less-technical descriptions if possible)
-* Accountable (provide reputable references/sources, [test sites](https://github.com/ghacksuserjs/ghacks-user.js/wiki/Appendix-C:-Test-Sites), dispel bad advice)
-* Change trackable (yay! we're on github now, with commits)
-* Compatible (including a [deprecated section](https://github.com/ghacksuserjs/ghacks-user.js/issues/123), [releases](https://github.com/ghacksuserjs/ghacks-user.js/releases))
-* Comprehensive (including enforcing defaults and future-proofing)
-* Current and up-to-date with stable (including [changelogs](https://github.com/ghacksuserjs/ghacks-user.js/search?q=label%3Achangelog&type=Issues&utf8=%E2%9C%93))
-* Detailed (preference versioning, hidden preference information, explanations, and more)
-* Easy to use and discuss (sections, sub-sections, numbering)
-* Helpful (including a [wiki](https://github.com/ghacksuserjs/ghacks-user.js/wiki) with features such as [extensions](https://github.com/ghacksuserjs/ghacks-user.js/wiki/Appendix-B:-Extensions), [user scripts](https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-User-Scripts), [references](https://github.com/ghacksuserjs/ghacks-user.js/wiki/Appendix-D:-References) and more)
-* Innovative (formatting, special tags, and future plans such as branches)
-
-### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) usage
-Everyone, experts included, should at least read the [implementation](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation) wiki page, as it contains important information regarding a few default settings we use. The rest of the [wiki](https://github.com/ghacksuserjs/ghacks-user.js/wiki) is helpful as well.
+Sitemap: [Releases](https://github.com/ghacksuserjs/ghacks-user.js/releases), [changelogs](https://github.com/ghacksuserjs/ghacks-user.js/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3Achangelog), [Wiki](https://github.com/ghacksuserjs/ghacks-user.js/wiki), [stickies](https://github.com/ghacksuserjs/ghacks-user.js/issues?q=is%3Aissue+is%3Aopen+label%3A%22sticky+topic%22). [diffs](https://github.com/ghacksuserjs/ghacks-user.js/issues?q=is%3Aissue+label%3Adiffs)
 
 ### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) acknowledgments
 Literally thousands of sources, references and suggestions. That said...
 
-* Martin Brinkmann at [ghacks](https://www.ghacks.net/) <sup>2</sup>
-   * 100% genuine super-nice all-around good guy
+* Martin Brinkmann at [ghacks](https://www.ghacks.net/) <sup>1</sup>
 * The ghacks community and commentators
-   * Special mentions to [earthlng](https://github.com/earthlng), Tom Hawack, Just me, Conker, Rockin’ Jerry, Ainatar, Parker Lewis
-* [12bytes](http://12bytes.org/articles/tech/firefoxgecko-configuration-guide-for-privacy-and-performance-buffs)
+* [12bytes](http://12bytes.org/tech/firefox/firefoxgecko-configuration-guide-for-privacy-and-performance-buffs)
    * The 12bytes article now uses this user.js and supplements it with an additonal JS hosted right [here](https://github.com/atomGit/Firefox-user.js) at github
 
-<sup>1</sup> ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/exclamation.png) Important: We HIGHLY recommend using uBlock Origin, uMatrix and a cookie extension. Section 0400, if modified, allows Tracking Protection and Safe Browsing to be disabled. Do this at your own risk. See the [implementation](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation) wiki page for more.
+<sup>1</sup> The ghacks user.js was an independent project by [Thorin-Oakenpants](https://github.com/Thorin-Oakenpants) started in early 2015 and was [first published](https://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/) at ghacks in August 2015. With Martin Brinkmann's blessing, it will keep the ghacks name.
 
-<sup>2</sup> The ghacks user.js was an independent project by [Thorin-Oakenpants](https://github.com/Thorin-Oakenpants) started in early 2015 and was [first published](https://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/) at ghacks in August 2015. It was kept up-to-date and expanded by the original author with three major updates and articles. With Martin Brinkmann's blessing, it will keep the ghacks name.
+### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)

prefsCleaner.bat

@@ -0,0 +1,113 @@
+@ECHO OFF
+TITLE prefs.js cleaner
+
+REM ### prefs.js cleaner for Windows
+REM ## author: @claustromaniac
+REM ## version: 1.2
+
+SETLOCAL EnableDelayedExpansion
+:begin
+ECHO:
+ECHO:
+ECHO                 ########################################
+ECHO                 ####  prefs.js cleaner for Windows  ####
+ECHO                 ####        by claustromaniac       ####
+ECHO                 ####              v1.2              ####
+ECHO                 ########################################
+ECHO:
+CALL :message "This script should be run from your Firefox profile directory."
+ECHO   It will remove any entries from prefs.js that also exist in user.js.
+CALL :message "This will allow inactive preferences to be reset to their default values."
+ECHO   This Firefox profile shouldn't be in use during the process.
+CALL :message ""
+TIMEOUT 1 /nobreak >nul
+CHOICE /C SHE /N /M "Start [S] Help [H] Exit [E]"
+CLS
+IF ERRORLEVEL 3 (EXIT /B)
+IF ERRORLEVEL 2 (GOTO :showhelp)
+IF NOT EXIST "user.js" (CALL :abort "user.js not found in the current directory." 30)
+IF NOT EXIST "prefs.js" (CALL :abort "prefs.js not found in the current directory." 30)
+CALL :FFcheck
+CALL :message "Backing up prefs.js..."
+COPY /B /V /Y prefs.js "prefs-backup-!date:/=-!_!time::=.!.js"
+CALL :message "Cleaning prefs.js..."
+CALL :cleanup
+CLS
+CALL :message "All done^!"
+TIMEOUT 5 >nul
+EXIT /B
+
+REM ########## Abort Function ###########
+:abort
+CALL :message %1
+TIMEOUT %~2 >nul
+EXIT
+REM ########## Message Function #########
+:message
+SETLOCAL DisableDelayedExpansion
+ECHO:
+ECHO:  %~1
+ECHO:
+ENDLOCAL
+GOTO :EOF
+REM ####### Firefox Check Function ######
+:FFcheck
+TASKLIST /FI "IMAGENAME eq firefox.exe" 2>NUL | FIND /I /N "firefox.exe">NUL
+IF NOT ERRORLEVEL 1 (
+	CLS
+	CALL :message "Firefox is still running."
+	ECHO   If you're not currently using this profile you can continue, otherwise
+	CALL :message "close Firefox first^!"
+	ECHO:
+	PAUSE
+	CLS
+	CALL :message "Resuming..."
+	TIMEOUT 5 /nobreak >nul
+)
+GOTO :EOF
+REM ######### Cleanup Function ##########
+:cleanup
+SETLOCAL DisableDelayedExpansion
+(
+	FOR /F "tokens=1,* delims=:" %%G IN ('FINDSTR /N "^" prefs.js') DO (
+		SET "_line=%%H"
+		SETLOCAL EnableDelayedExpansion
+		IF /I "user_pref"=="!_line:~0,9!" (
+			FOR /F tokens^=2^ delims^=^" %%I IN ("!_line:.=\.!") DO (
+				FINDSTR /R /C:"user_pref[ 	]*\([ 	]*[\"']%%I[\"'][ 	]*," user.js >nul
+				IF ERRORLEVEL 1 (ECHO:!_line!)
+			)
+		) ELSE (
+			ECHO:!_line!
+		)
+		ENDLOCAL
+	)
+)>tempcleanedprefs
+ENDLOCAL
+MOVE /Y tempcleanedprefs prefs.js
+GOTO :EOF
+REM ############### Help ##################
+:showhelp
+MODE 80,34
+CLS
+CALL :message "This script creates a backup of your prefs.js file before doing anything."
+ECHO   It should be safe, but you can follow these steps if something goes wrong:
+ECHO:
+CALL :message "  1. Make sure Firefox is closed."
+ECHO     2. Delete prefs.js in your profile folder.
+CALL :message "  3. Delete Invalidprefs.js if you have one in the same folder."
+ECHO     4. Rename or copy your latest backup to prefs.js.
+CALL :message "  5. Run Firefox and see if you notice anything wrong with it."
+ECHO     6. If you do notice something wrong, especially with your extensions,
+CALL :message "     and/or with the UI, go to about:support, and restart Firefox with"
+ECHO        add-ons disabled. Then, restart it again normally, and see if the
+CALL :message "     problems were solved."
+ECHO:
+CALL :message "If you are able to identify the cause of your issues, please bring it up"
+ECHO   on ghacks-user.js GitHub repository.
+ECHO:
+ECHO:
+PAUSE
+CLS
+GOTO :begin
+REM #####################################

scratchpad-scripts/ghacks-clear-57-[changes-only].js

@@ -0,0 +1,61 @@
+/***
+
+ For instructions see:
+ https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts]
+
+***/
+
+(function() {
+  let ops = [
+    /* --- 57-alpha --- */
+    /* commented out */
+    'browser.storageManager.enabled',
+    'dom.storageManager.enabled',
+    /* removed from the user.js */
+    'browser.search.geoip.timeout',
+    'geo.wifi.xhr.timeout',
+    'gfx.layerscope.enabled',
+    'media.webspeech.recognition.enable',
+    /* moved to RFP ALTERNATIVES */
+    'dom.w3c_touch_events.enabled',
+    'media.video_stats.enabled',
+    /* moved to DEPRECATED/REMOVED */
+    'browser.bookmarks.showRecentlyBookmarked',
+    'browser.casting.enabled',
+    'devtools.webide.autoinstallFxdtAdapters',
+    'media.eme.chromium-api.enabled',
+    'social.directories',
+    'social.enabled',
+    'social.remote-install.enabled',
+    'social.share.activationPanelEnabled',
+    'social.shareDirectory',
+    'social.toast-notifications.enabled',
+    'social.whitelist',
+    /* reset parrot: check your open about:config after running the script */
+    '_user.js.parrot'
+  ]
+
+  if("undefined" === typeof(Services)) {
+    alert("about:config needs to be the active tab!");
+    return;
+  }
+  
+  let c = 0;
+  for (let i = 0, len = ops.length; i < len; i++) {
+    if (Services.prefs.prefHasUserValue(ops[i])) {   
+      Services.prefs.clearUserPref(ops[i]);
+      if (!Services.prefs.prefHasUserValue(ops[i])) {
+        console.log("reset", ops[i]);
+        c++;
+      } else { console.log("failed to reset", ops[i]); }
+    }
+  }
+  
+  focus();
+  
+  let d = (c==1) ? " pref" : " prefs";
+  if (c > 0) {
+    alert("successfully reset " + c + d + "\n\nfor details check the Browser Console (Ctrl+Shift+J)");
+  } else { alert("nothing to reset"); }
+  
+})();

scratchpad-scripts/ghacks-clear-all-up-to-57-[RFP-alternatives].js

@@ -0,0 +1,60 @@
+/***
+
+ This will reset the preferences that are under sections 4600 & 4700 in the ghacks user.js
+ up to and including release 57-alpha. These are the prefs that are no longer necessary,
+ or they conlfict with, privacy.resistFingerprinting if you have that enabled.
+
+ For instructions see:
+ https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts]
+
+***/
+ 
+(function() {
+  let ops = [
+    /* section 4600 */
+    'dom.maxHardwareConcurrency',
+    'dom.enable_resource_timing',
+    'dom.enable_performance',
+    'device.sensors.enabled',
+    'browser.zoom.siteSpecific',
+    'dom.gamepad.enabled',
+    'dom.netinfo.enabled',
+    'media.webspeech.synth.enabled',
+    'geo.enabled',
+    'media.video_stats.enabled',
+    'dom.w3c_touch_events.enabled',
+    /* section 4700 */
+    'general.useragent.override',
+    'general.buildID.override',
+    'general.appname.override',
+    'general.appversion.override',
+    'general.platform.override',
+    'general.oscpu.override',
+    /* reset parrot: check your open about:config after running the script */
+    '_user.js.parrot'
+  ]
+
+  if("undefined" === typeof(Services)) {
+    alert("about:config needs to be the active tab!");
+    return;
+  }
+  
+  let c = 0;
+  for (let i = 0, len = ops.length; i < len; i++) {
+    if (Services.prefs.prefHasUserValue(ops[i])) {   
+      Services.prefs.clearUserPref(ops[i]);
+      if (!Services.prefs.prefHasUserValue(ops[i])) {
+        console.log("reset", ops[i]);
+        c++;
+      } else { console.log("failed to reset", ops[i]); }
+    }
+  }
+  
+  focus();
+  
+  let d = (c==1) ? " pref" : " prefs";
+  if (c > 0) {
+    alert("successfully reset " + c + d + "\n\nfor details check the Browser Console (Ctrl+Shift+J)");
+  } else { alert("nothing to reset"); }
+  
+})();

scratchpad-scripts/ghacks-clear-all-up-to-57-[deprecated].js

@@ -0,0 +1,167 @@
+/***
+
+ This will reset the preferences that have been deprecated by Mozilla
+ and used in the ghacks user.js up to and including release 57-alpha
+
+ It is in reverse order, so feel free to remove sections that do not apply
+
+ For instructions see:
+ https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts]
+
+***/
+
+(function() {
+  let ops = [
+    /* deprecated */
+
+    /* ESR52.x users can remove sections 53-57 but it is not
+       crucial as your user.js will reinstate them */
+    /* 57 */
+    'social.whitelist',
+    'social.toast-notifications.enabled',
+    'social.shareDirectory',
+    'social.remote-install.enabled',
+    'social.directories',
+    'social.share.activationPanelEnabled',
+    'social.enabled',
+    'media.eme.chromium-api.enabled',
+    'devtools.webide.autoinstallFxdtAdapters',
+    'browser.casting.enabled',
+    'browser.bookmarks.showRecentlyBookmarked',
+    /* 56 */
+    'extensions.screenshots.system-disabled',
+    'extensions.formautofill.experimental',
+    /* 55 */
+    'geo.security.allowinsecure',
+    'browser.selfsupport.enabled',
+    'browser.selfsupport.url',
+    'browser.newtabpage.directory.ping',
+    'browser.formfill.saveHttpsForms',
+    'browser.formautofill.enabled',
+    'dom.enable_user_timing',
+    'dom.keyboardevent.code.enabled',
+    'browser.tabs.animate',
+    'browser.fullscreen.animate',
+    /* 54 */
+    'browser.safebrowsing.reportMalwareMistakeURL',
+    'browser.safebrowsing.reportPhishMistakeURL',
+    'media.eme.apiVisible',
+    'dom.archivereader.enabled',
+    /* 53 */
+    'security.tls.unrestricted_rc4_fallback',
+    'plugin.scan.Acrobat',
+    'plugin.scan.Quicktime',
+    'plugin.scan.WindowsMediaPlayer',
+    'media.getusermedia.screensharing.allow_on_old_platforms',
+    'dom.beforeAfterKeyboardEvent.enabled',
+    /* End of ESR52.x section */
+
+    /* 52 */
+    'network.http.sendSecureXSiteReferrer',
+    'media.gmp-eme-adobe.enabled',
+    'media.gmp-eme-adobe.visible',
+    'media.gmp-eme-adobe.autoupdate',
+    'dom.telephony.enabled',
+    'dom.battery.enabled',
+    /* 51 */
+    'media.block-play-until-visible',
+    'dom.vr.oculus050.enabled',
+    'network.http.spdy.enabled.v3-1',
+    /* 50 */
+    'browser.usedOnWindows10.introURL',
+    'plugins.update.notifyUser',
+    'browser.safebrowsing.enabled',
+    'security.ssl3.ecdhe_ecdsa_rc4_128_sha',
+    'security.ssl3.ecdhe_rsa_rc4_128_sha',
+    'security.ssl3.rsa_rc4_128_md5',
+    'security.ssl3.rsa_rc4_128_sha',
+    'plugins.update.url',
+    /* 49 */
+    'loop.enabled',
+    'loop.server',
+    'loop.feedback.formURL',
+    'loop.feedback.manualFormURL',
+    'loop.facebook.appId',
+    'loop.facebook.enabled',
+    'loop.facebook.fallbackUrl',
+    'loop.facebook.shareUrl',
+    'loop.logDomains',
+    'dom.disable_window_open_feature.scrollbars',
+    'dom.push.udp.wakeupEnabled',
+    /* 48 */
+    'browser.urlbar.unifiedcomplete',
+    /* 47 */
+    'toolkit.telemetry.unifiedIsOptIn',
+    'datareporting.healthreport.about.reportUrlUnified',
+    'browser.history.allowPopState',
+    'browser.history.allowPushState',
+    'browser.history.allowReplaceState',
+    /* 46 */
+    'datareporting.healthreport.service.enabled',
+    'datareporting.healthreport.documentServerURI',
+    'datareporting.policy.dataSubmissionEnabled.v2',
+    'browser.safebrowsing.appRepURL',
+    'browser.polaris.enabled',
+    'browser.pocket.enabled',
+    'browser.pocket.api',
+    'browser.pocket.site',
+    'browser.pocket.oAuthConsumerKey',
+    /* 45 */
+    'browser.sessionstore.privacy_level_deferred',
+    /* 44 */
+    'browser.safebrowsing.provider.google.appRepURL',
+    'security.tls.insecure_fallback_hosts.use_static_list',
+    'dom.workers.sharedWorkers.enabled',
+    'dom.disable_image_src_set',
+    /* 43 */
+    'browser.safebrowsing.gethashURL',
+    'browser.safebrowsing.updateURL',
+    'browser.safebrowsing.malware.reportURL',
+    'browser.trackingprotection.gethashURL',
+    'browser.trackingprotection.updateURL',
+    'pfs.datasource.url',
+    'browser.search.showOneOffButtons',
+    /* 42 and earlier */
+    'privacy.clearOnShutdown.passwords', // 42
+    'full-screen-api.approval-required', // 42
+    'browser.safebrowsing.reportErrorURL', // 41
+    'browser.safebrowsing.reportGenericURL', // 41
+    'browser.safebrowsing.reportMalwareErrorURL', // 41
+    'browser.safebrowsing.reportMalwareURL', // 41
+    'browser.safebrowsing.reportURL', // 41
+    'plugins.enumerable_names', // 41
+    'network.http.spdy.enabled.http2draft', // 41
+    'camera.control.autofocus_moving_callback.enabled', // 37
+    'privacy.donottrackheader.value', // 36
+    'network.websocket.enabled', // 35
+    'dom.network.enabled', // 31
+    'pageThumbs.enabled', // 25
+
+    /* reset parrot: check your open about:config after running the script */
+    '_user.js.parrot'
+  ]
+
+  if("undefined" === typeof(Services)) {
+    alert("about:config needs to be the active tab!");
+    return;
+  }
+  
+  let c = 0;
+  for (let i = 0, len = ops.length; i < len; i++) {
+    if (Services.prefs.prefHasUserValue(ops[i])) {   
+      Services.prefs.clearUserPref(ops[i]);
+      if (!Services.prefs.prefHasUserValue(ops[i])) {
+        console.log("reset", ops[i]);
+        c++;
+      } else { console.log("failed to reset", ops[i]); }
+    }
+  }
+  
+  focus();
+  
+  let d = (c==1) ? " pref" : " prefs";
+  if (c > 0) {
+    alert("successfully reset " + c + d + "\n\nfor details check the Browser Console (Ctrl+Shift+J)");
+  } else { alert("nothing to reset"); }
+  
+})();

scratchpad-scripts/ghacks-clear-all-up-to-57-[removed].js

@@ -0,0 +1,63 @@
+/***
+
+ This will reset the preferences that have been removed completely
+ from the ghacks user.js up to and including release 57-alpha
+
+ For instructions see:
+ https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts]
+
+***/
+ 
+(function() {
+  let ops = [
+    /* removed in ghacks user.js v52-57 */
+    /* 52-alpha */
+    'browser.search.reset.enabled',
+    'browser.search.reset.whitelist',
+    /* 54-alpha */
+    'browser.migrate.automigrate.enabled',
+    'services.sync.enabled',
+    'webextensions.storage.sync.enabled',
+    'webextensions.storage.sync.serverURL',
+    /* 55-alpha */
+    'dom.keyboardevent.dispatch_during_composition', // default is false anyway
+    'dom.vr.oculus.enabled', // covered by dom.vr.enabled
+    'dom.vr.openvr.enabled', // ditto
+    'dom.vr.osvr.enabled', // ditto
+    'extensions.pocket.api', // covered by extensions.pocket.enabled
+    'extensions.pocket.oAuthConsumerKey', // ditto
+    'extensions.pocket.site', // ditto
+    /* 56-alpha: none */
+    /* 57-alpha */
+    'geo.wifi.xhr.timeout', // covered by geo.enabled
+    'browser.search.geoip.timeout', // ditto
+    'media.webspeech.recognition.enable', // default is false anyway
+    'gfx.layerscope.enabled', // default is false anyway
+    /* reset parrot: check your open about:config after running the script */
+    '_user.js.parrot'
+  ]
+
+  if("undefined" === typeof(Services)) {
+    alert("about:config needs to be the active tab!");
+    return;
+  }
+  
+  let c = 0;
+  for (let i = 0, len = ops.length; i < len; i++) {
+    if (Services.prefs.prefHasUserValue(ops[i])) {   
+      Services.prefs.clearUserPref(ops[i]);
+      if (!Services.prefs.prefHasUserValue(ops[i])) {
+        console.log("reset", ops[i]);
+        c++;
+      } else { console.log("failed to reset", ops[i]); }
+    }
+  }
+  
+  focus();
+  
+  let d = (c==1) ? " pref" : " prefs";
+  if (c > 0) {
+    alert("successfully reset " + c + d + "\n\nfor details check the Browser Console (Ctrl+Shift+J)");
+  } else { alert("nothing to reset"); }
+  
+})();

scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-active].js

@@ -0,0 +1,409 @@
+/***
+
+ This will reset EVERYTHING that is ACTIVE in the ghacks user.js
+ release 57-alpha master, but excludes the following:
+ - prefs removed since publishing on github
+ - e10s section 1100
+ - privacy.resistFingerprinting alternatives sections 4600 & 4700
+ - deprecated section 9999
+
+ It does not matter if you clear everything, as a restart will reapply your user.js
+ Total 477 prefs from 57-alpha master: 118 inactive, 359 active
+ These have been broken into two scripts for convenience
+ 
+ For instructions see:
+ https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts]
+ 
+***/
+ 
+(function() {
+  let ops = [
+    /* 359 ACTIVE prefs in 57-alpha master */
+    'accessibility.force_disabled',
+    'alerts.showFavicons',
+    'app.update.auto',
+    'app.update.service.enabled',
+    'app.update.silent',
+    'app.update.staging.enabled',
+    'beacon.enabled',
+    'breakpad.reportURL',
+    'browser.aboutHomeSnippets.updateUrl',
+    'browser.backspace_action',
+    'browser.bookmarks.max_backups',
+    'browser.cache.disk.capacity',
+    'browser.cache.disk.enable',
+    'browser.cache.disk.smart_size.enabled',
+    'browser.cache.disk.smart_size.first_run',
+    'browser.cache.disk_cache_ssl',
+    'browser.cache.frecency_experiment',
+    'browser.cache.offline.enable',
+    'browser.crashReports.unsubmittedCheck.autoSubmit',
+    'browser.crashReports.unsubmittedCheck.enabled',
+    'browser.ctrlTab.previews',
+    'browser.display.use_document_fonts',
+    'browser.download.folderList',
+    'browser.download.forbid_open_with',
+    'browser.download.hide_plugins_without_extensions',
+    'browser.download.manager.addToRecentDocs',
+    'browser.download.useDownloadDir',
+    'browser.eme.ui.enabled',
+    'browser.fixup.alternate.enabled',
+    'browser.fixup.hide_user_pass',
+    'browser.formfill.enable',
+    'browser.helperApps.deleteTempFileOnExit',
+    'browser.laterrun.enabled',
+    'browser.library.activity-stream.enabled',
+    'browser.link.open_newwindow',
+    'browser.link.open_newwindow.restriction',
+    'browser.newtab.preload',
+    'browser.newtabpage.activity-stream.enabled',
+    'browser.newtabpage.directory.source',
+    'browser.newtabpage.enabled',
+    'browser.newtabpage.enhanced',
+    'browser.newtabpage.introShown',
+    'browser.offline-apps.notify',
+    'browser.onboarding.enabled',
+    'browser.pagethumbnails.capturing_disabled',
+    'browser.ping-centre.telemetry',
+    'browser.rights.3.shown',
+    'browser.safebrowsing.downloads.remote.enabled',
+    'browser.safebrowsing.downloads.remote.url',
+    'browser.safebrowsing.provider.google.reportMalwareMistakeURL',
+    'browser.safebrowsing.provider.google.reportPhishMistakeURL',
+    'browser.safebrowsing.provider.google.reportURL',
+    'browser.safebrowsing.provider.google4.reportMalwareMistakeURL',
+    'browser.safebrowsing.provider.google4.reportPhishMistakeURL',
+    'browser.safebrowsing.provider.google4.reportURL',
+    'browser.safebrowsing.reportPhishURL',
+    'browser.search.countryCode',
+    'browser.search.geoip.url',
+    'browser.search.geoSpecificDefaults',
+    'browser.search.geoSpecificDefaults.url',
+    'browser.search.region',
+    'browser.search.suggest.enabled',
+    'browser.search.update',
+    'browser.send_pings',
+    'browser.send_pings.require_same_host',
+    'browser.sessionhistory.max_entries',
+    'browser.sessionstore.interval',
+    'browser.sessionstore.max_tabs_undo',
+    'browser.sessionstore.max_windows_undo',
+    'browser.sessionstore.privacy_level',
+    'browser.sessionstore.resume_from_crash',
+    'browser.shell.checkDefaultBrowser',
+    'browser.shell.shortcutFavicons',
+    'browser.slowStartup.maxSamples',
+    'browser.slowStartup.notificationDisabled',
+    'browser.slowStartup.samples',
+    'browser.ssl_override_behavior',
+    'browser.startup.homepage_override.mstone',
+    'browser.tabs.closeWindowWithLastTab',
+    'browser.tabs.crashReporting.sendReport',
+    'browser.tabs.insertRelatedAfterCurrent',
+    'browser.tabs.loadDivertedInBackground',
+    'browser.tabs.loadInBackground',
+    'browser.tabs.selectOwnerOnClose',
+    'browser.tabs.warnOnClose',
+    'browser.tabs.warnOnCloseOtherTabs',
+    'browser.tabs.warnOnOpen',
+    'browser.taskbar.lists.enabled',
+    'browser.taskbar.lists.frequent.enabled',
+    'browser.taskbar.lists.recent.enabled',
+    'browser.taskbar.lists.tasks.enabled',
+    'browser.taskbar.previews.enable',
+    'browser.uitour.enabled',
+    'browser.uitour.url',
+    'browser.urlbar.autoFill',
+    'browser.urlbar.autoFill.typed',
+    'browser.urlbar.clickSelectsAll',
+    'browser.urlbar.decodeURLsOnCopy',
+    'browser.urlbar.doubleClickSelectsAll',
+    'browser.urlbar.filter.javascript',
+    'browser.urlbar.maxHistoricalSearchSuggestions',
+    'browser.urlbar.oneOffSearches',
+    'browser.urlbar.speculativeConnect.enabled',
+    // 'browser.urlbar.suggest.bookmark', // this may not get reset by your user.js - see issue #308
+    // 'browser.urlbar.suggest.history', // ditto
+    // 'browser.urlbar.suggest.openpage', // ditto
+    'browser.urlbar.suggest.searches',
+    'browser.urlbar.trimURLs',
+    'browser.urlbar.usepreloadedtopurls.enabled',
+    'browser.urlbar.userMadeSearchSuggestionsChoice',
+    'browser.xul.error_pages.expert_bad_cert',
+    'camera.control.face_detection.enabled',
+    'canvas.capturestream.enabled',
+    'captivedetect.canonicalURL',
+    'datareporting.healthreport.about.reportUrl',
+    'datareporting.healthreport.uploadEnabled',
+    'datareporting.policy.dataSubmissionEnabled',
+    'device.storage.enabled',
+    'devtools.chrome.enabled',
+    'devtools.debugger.remote-enabled',
+    'devtools.webide.autoinstallADBHelper',
+    'devtools.webide.enabled',
+    'dom.allow_cut_copy',
+    'dom.allow_scripts_to_close_windows',
+    'dom.caches.enabled',
+    'dom.disable_beforeunload',
+    'dom.disable_window_flip',
+    'dom.disable_window_move_resize',
+    'dom.disable_window_open_feature.close',
+    'dom.disable_window_open_feature.location',
+    'dom.disable_window_open_feature.menubar',
+    'dom.disable_window_open_feature.minimizable',
+    'dom.disable_window_open_feature.personalbar',
+    'dom.disable_window_open_feature.resizable',
+    'dom.disable_window_open_feature.status',
+    'dom.disable_window_open_feature.titlebar',
+    'dom.disable_window_open_feature.toolbar',
+    'dom.disable_window_status_change',
+    'dom.event.clipboardevents.enabled',
+    'dom.flyweb.enabled',
+    'dom.idle-observers-api.enabled',
+    'dom.imagecapture.enabled',
+    'dom.IntersectionObserver.enabled',
+    'dom.ipc.plugins.flash.subprocess.crashreporter.enabled',
+    'dom.ipc.plugins.reportCrashURL',
+    'dom.popup_allowed_events',
+    'dom.popup_maximum',
+    'dom.push.connection.enabled',
+    'dom.push.enabled',
+    'dom.push.serverURL',
+    'dom.push.userAgentID',
+    'dom.serviceWorkers.enabled',
+    'dom.vibrator.enabled',
+    'dom.webaudio.enabled',
+    'dom.webnotifications.enabled',
+    'dom.webnotifications.serviceworker.enabled',
+    'dom.workers.enabled',
+    'experiments.activeExperiment',
+    'experiments.enabled',
+    'experiments.manifest.uri',
+    'experiments.supported',
+    'extensions.autoDisableScopes',
+    'extensions.blocklist.enabled',
+    'extensions.blocklist.url',
+    'extensions.enabledScopes',
+    'extensions.formautofill.addresses.enabled',
+    'extensions.formautofill.available',
+    'extensions.formautofill.creditCards.enabled',
+    'extensions.formautofill.heuristics.enabled',
+    'extensions.getAddons.cache.enabled',
+    'extensions.getAddons.showPane',
+    'extensions.pocket.enabled',
+    'extensions.shield-recipe-client.api_url',
+    'extensions.shield-recipe-client.enabled',
+    'extensions.update.autoUpdateDefault',
+    'extensions.webcompat-reporter.enabled',
+    'extensions.webextensions.keepStorageOnUninstall',
+    'extensions.webextensions.keepUuidOnUninstall',
+    'extensions.webservice.discoverURL',
+    'font.blacklist.underline_offset',
+    'full-screen-api.enabled',
+    'general.useragent.compatMode.firefox',
+    'general.useragent.locale',
+    'general.warnOnAboutConfig',
+    'geo.wifi.uri',
+    'gfx.downloadable_fonts.enabled',
+    'gfx.downloadable_fonts.woff2.enabled',
+    'gfx.font_rendering.graphite.enabled',
+    'gfx.font_rendering.opentype_svg.enabled',
+    'gfx.offscreencanvas.enabled',
+    'intl.accept_languages',
+    'intl.locale.matchOS',
+    'intl.regional_prefs.use_os_locales',
+    'javascript.options.asmjs',
+    'javascript.options.wasm',
+    'javascript.use_us_english_locale',
+    'keyword.enabled',
+    'layers.acceleration.disabled',
+    'layout.css.font-loading-api.enabled',
+    'layout.css.visited_links_enabled',
+    'layout.spellcheckDefault',
+    'lightweightThemes.update.enabled',
+    'mathml.disabled',
+    'media.autoplay.enabled',
+    'media.block-autoplay-until-in-foreground',
+    'media.eme.enabled',
+    'media.getusermedia.audiocapture.enabled',
+    'media.getusermedia.browser.enabled',
+    'media.getusermedia.screensharing.allowed_domains',
+    'media.getusermedia.screensharing.enabled',
+    'media.gmp-gmpopenh264.autoupdate',
+    'media.gmp-gmpopenh264.enabled',
+    'media.gmp-manager.updateEnabled',
+    'media.gmp-manager.url',
+    'media.gmp-manager.url.override',
+    'media.gmp-provider.enabled',
+    'media.gmp-widevinecdm.autoupdate',
+    'media.gmp-widevinecdm.enabled',
+    'media.gmp-widevinecdm.visible',
+    'media.gmp.trial-create.enabled',
+    'media.navigator.enabled',
+    'media.navigator.video.enabled',
+    'media.ondevicechange.enabled',
+    'media.peerconnection.enabled',
+    'media.peerconnection.ice.default_address_only',
+    'media.peerconnection.ice.no_host',
+    'media.peerconnection.ice.tcp',
+    'media.peerconnection.identity.enabled',
+    'media.peerconnection.identity.timeout',
+    'media.peerconnection.turn.disable',
+    'media.peerconnection.use_document_iceservers',
+    'media.peerconnection.video.enabled',
+    'middlemouse.contentLoadURL',
+    'network.allow-experiments',
+    'network.auth.subresource-img-cross-origin-http-auth-allow',
+    'network.captive-portal-service.enabled',
+    'network.cookie.cookieBehavior',
+    'network.cookie.leave-secure-alone',
+    'network.cookie.thirdparty.sessionOnly',
+    'network.dns.blockDotOnion',
+    'network.dns.disablePrefetch',
+    'network.dns.disablePrefetchFromHTTPS',
+    'network.http.altsvc.enabled',
+    'network.http.altsvc.oe',
+    'network.http.redirection-limit',
+    'network.http.referer.hideOnionSource',
+    'network.http.referer.spoofSource',
+    'network.http.referer.trimmingPolicy',
+    'network.http.referer.userControlPolicy',
+    'network.http.referer.XOriginPolicy',
+    'network.http.referer.XOriginTrimmingPolicy',
+    'network.http.sendRefererHeader',
+    'network.http.spdy.enabled',
+    'network.http.spdy.enabled.deps',
+    'network.http.spdy.enabled.http2',
+    'network.http.speculative-parallel-limit',
+    'network.IDN_show_punycode',
+    'network.jar.block-remote-files',
+    'network.jar.open-unsafe-types',
+    'network.manage-offline-status',
+    'network.predictor.enable-prefetch',
+    'network.predictor.enabled',
+    'network.prefetch-next',
+    'network.protocol-handler.external.ms-windows-store',
+    'network.proxy.autoconfig_url.include_path',
+    'network.proxy.socks_remote_dns',
+    'network.stricttransportsecurity.preloadlist',
+    'offline-apps.allow_by_default',
+    'pdfjs.disabled',
+    'pdfjs.enableWebGL',
+    'permissions.manager.defaultsUrl',
+    'plugin.default.state',
+    'plugin.defaultXpi.state',
+    'plugin.scan.plid.all',
+    'plugin.sessionPermissionNow.intervalInMinutes',
+    'plugins.click_to_play',
+    'privacy.clearOnShutdown.cache',
+    'privacy.clearOnShutdown.cookies',
+    'privacy.clearOnShutdown.downloads',
+    'privacy.clearOnShutdown.formdata',
+    'privacy.clearOnShutdown.history',
+    'privacy.clearOnShutdown.offlineApps',
+    'privacy.clearOnShutdown.sessions',
+    'privacy.clearOnShutdown.siteSettings',
+    'privacy.cpd.cache',
+    'privacy.cpd.cookies',
+    'privacy.cpd.formdata',
+    'privacy.cpd.history',
+    'privacy.cpd.offlineApps',
+    'privacy.cpd.passwords',
+    'privacy.cpd.sessions',
+    'privacy.cpd.siteSettings',
+    'privacy.donottrackheader.enabled',
+    'privacy.firstparty.isolate',
+    'privacy.firstparty.isolate.restrict_opener_access',
+    'privacy.resistFingerprinting',
+    'privacy.sanitize.sanitizeOnShutdown',
+    'privacy.sanitize.timeSpan',
+    'privacy.trackingprotection.ui.enabled',
+    'security.ask_for_password',
+    'security.block_script_with_wrong_mime',
+    'security.cert_pinning.enforcement_level',
+    'security.csp.enable',
+    'security.csp.experimentalEnabled',
+    'security.data_uri.block_toplevel_data_uri_navigations',
+    'security.dialog_enable_delay',
+    'security.family_safety.mode',
+    'security.fileuri.strict_origin_policy',
+    'security.insecure_field_warning.contextual.enabled',
+    'security.insecure_password.ui.enabled',
+    'security.mixed_content.block_active_content',
+    'security.mixed_content.send_hsts_priming',
+    'security.mixed_content.use_hsts',
+    'security.OCSP.enabled',
+    'security.OCSP.require',
+    'security.password_lifetime',
+    'security.pki.sha1_enforcement_level',
+    'security.sri.enable',
+    'security.ssl.disable_session_identifiers',
+    'security.ssl.enable_ocsp_stapling',
+    'security.ssl.errorReporting.automatic',
+    'security.ssl.errorReporting.enabled',
+    'security.ssl.errorReporting.url',
+    'security.ssl.treat_unsafe_negotiation_as_broken',
+    'security.tls.enable_0rtt_data',
+    'security.tls.version.fallback-limit',
+    'security.tls.version.max',
+    'security.tls.version.min',
+    'security.xpconnect.plugin.unrestricted',
+    'services.blocklist.signing.enforced',
+    'services.blocklist.update_enabled',
+    'signon.autofillForms',
+    'signon.autofillForms.http',
+    'signon.formlessCapture.enabled',
+    'signon.storeWhenAutocompleteOff',
+    'startup.homepage_override_url',
+    'startup.homepage_welcome_url',
+    'startup.homepage_welcome_url.additional',
+    'toolkit.telemetry.archive.enabled',
+    'toolkit.telemetry.bhrPing.enabled',
+    'toolkit.telemetry.cachedClientID',
+    'toolkit.telemetry.enabled',
+    'toolkit.telemetry.firstShutdownPing.enabled',
+    'toolkit.telemetry.newProfilePing.enabled',
+    'toolkit.telemetry.server',
+    'toolkit.telemetry.shutdownPingSender.enabled',
+    'toolkit.telemetry.unified',
+    'toolkit.telemetry.updatePing.enabled',
+    'ui.submenuDelay',
+    'ui.use_standins_for_native_colors',
+    'view_source.tab',
+    'webchannel.allowObject.urlWhitelist',
+    'webgl.disable-extensions',
+    'webgl.disable-fail-if-major-performance-caveat',
+    'webgl.disabled',
+    'webgl.dxgl.enabled',
+    'webgl.enable-debug-renderer-info',
+    'webgl.enable-webgl2',
+    'webgl.min_capability_mode',
+
+    /* reset parrot: check your open about:config after running the script */
+    '_user.js.parrot'
+  ]
+
+  if("undefined" === typeof(Services)) {
+    alert("about:config needs to be the active tab!");
+    return;
+  }
+  
+  let c = 0;
+  for (let i = 0, len = ops.length; i < len; i++) {
+    if (Services.prefs.prefHasUserValue(ops[i])) {   
+      Services.prefs.clearUserPref(ops[i]);
+      if (!Services.prefs.prefHasUserValue(ops[i])) {
+        console.log("reset", ops[i]);
+        c++;
+      } else { console.log("failed to reset", ops[i]); }
+    }
+  }
+  
+  focus();
+  
+  let d = (c==1) ? " pref" : " prefs";
+  if (c > 0) {
+    alert("successfully reset " + c + d + "\n\nfor details check the Browser Console (Ctrl+Shift+J)");
+  } else { alert("nothing to reset"); }
+  
+})();

scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-inactive].js

@@ -0,0 +1,167 @@
+/***
+
+ This will reset EVERYTHING that is INACTIVE in the ghacks user.js
+ release 57-alpha master, but excludes the following:
+ - prefs removed since publishing on github
+ - e10s section 1100
+ - privacy.resistFingerprinting alternatives sections 4600 & 4700
+ - deprecated section 9999
+
+ It does not matter if you clear everything, as a restart will reapply your user.js
+ Total 477 prefs from 57-alpha master: 118 inactive, 359 active
+ These have been broken into two scripts for convenience
+ 
+ For instructions see:
+ https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts]
+
+***/
+ 
+(function() {
+  let ops = [
+    /* 118 INACTIVE prefs in 57-alpha master */
+    'accessibility.typeaheadfind',
+    'app.update.enabled',
+    'browser.cache.memory.capacity',
+    'browser.cache.memory.enable',
+    'browser.chrome.favicons',
+    'browser.chrome.site_icons',
+    'browser.download.autohideButton',
+    'browser.privatebrowsing.autostart',
+    'browser.safebrowsing.allowOverride',
+    'browser.safebrowsing.blockedURIs.enabled',
+    'browser.safebrowsing.downloads.enabled',
+    'browser.safebrowsing.downloads.remote.block_dangerous',
+    'browser.safebrowsing.downloads.remote.block_dangerous_host',
+    'browser.safebrowsing.downloads.remote.block_potentially_unwanted',
+    'browser.safebrowsing.downloads.remote.block_uncommon',
+    'browser.safebrowsing.malware.enabled',
+    'browser.safebrowsing.phishing.enabled',
+    'browser.safebrowsing.provider.google.gethashURL',
+    'browser.safebrowsing.provider.google.updateURL',
+    'browser.safebrowsing.provider.google4.gethashURL',
+    'browser.safebrowsing.provider.google4.updateURL',
+    'browser.safebrowsing.provider.mozilla.gethashURL',
+    'browser.safebrowsing.provider.mozilla.updateURL',
+    'browser.sessionhistory.max_total_viewers',
+    'browser.startup.page',
+    'browser.stopReloadAnimation.enabled',
+    'browser.storageManager.enabled',
+    'browser.tabs.loadBookmarksInTabs',
+    'browser.urlbar.autocomplete.enabled',
+    'browser.urlbar.maxRichResults',
+    'clipboard.autocopy',
+    'dom.event.contextmenu.enabled',
+    'dom.indexedDB.enabled',
+    'dom.presentation.controller.enabled',
+    'dom.presentation.discoverable',
+    'dom.presentation.discovery.enabled',
+    'dom.presentation.enabled',
+    'dom.presentation.receiver.enabled',
+    'dom.presentation.session_transport.data_channel.enable',
+    'dom.storage.enabled',
+    'dom.storageManager.enabled',
+    'dom.vr.enabled',
+    'extensions.screenshots.disabled',
+    'extensions.systemAddon.update.url',
+    'extensions.update.enabled',
+    'font.name.monospace.x-unicode',
+    'font.name.monospace.x-western',
+    'font.name.sans-serif.x-unicode',
+    'font.name.sans-serif.x-western',
+    'font.name.serif.x-unicode',
+    'font.name.serif.x-western',
+    'font.system.whitelist',
+    'full-screen-api.warning.delay',
+    'full-screen-api.warning.timeout',
+    'general.autoScroll',
+    'geo.wifi.logging.enabled',
+    'gfx.direct2d.disabled',
+    'javascript.options.baselinejit',
+    'javascript.options.ion',
+    'media.flac.enabled',
+    'media.mediasource.enabled',
+    'media.mediasource.mp4.enabled',
+    'media.mediasource.webm.audio.enabled',
+    'media.mediasource.webm.enabled',
+    'media.mp4.enabled',
+    'media.ogg.enabled',
+    'media.ogg.flac.enabled',
+    'media.opus.enabled',
+    'media.raw.enabled',
+    'media.wave.enabled',
+    'media.webm.enabled',
+    'media.wmf.amd.vp9.enabled',
+    'media.wmf.enabled',
+    'media.wmf.vp9.enabled',
+    'network.cookie.lifetime.days',
+    'network.cookie.lifetimePolicy',
+    'network.dns.disableIPv6',
+    'network.dnsCacheEntries',
+    'network.dnsCacheExpiration',
+    'network.http.fast-fallback-to-IPv4',
+    'offline-apps.quota.warn',
+    'permissions.memory_only',
+    'places.history.enabled',
+    'plugin.state.flash',
+    'privacy.clearOnShutdown.openWindows',
+    'privacy.cpd.downloads',
+    'privacy.cpd.openWindows',
+    'privacy.resistFingerprinting.block_mozAddonManager',
+    'privacy.trackingprotection.annotate_channels',
+    'privacy.trackingprotection.enabled',
+    'privacy.trackingprotection.lower_network_priority',
+    'privacy.trackingprotection.pbmode.enabled',
+    'privacy.usercontext.about_newtab_segregation.enabled',
+    'privacy.userContext.enabled',
+    'privacy.userContext.longPressBehavior',
+    'privacy.userContext.ui.enabled',
+    'privacy.window.maxInnerHeight',
+    'privacy.window.maxInnerWidth',
+    'reader.parse-on-load.enabled',
+    'security.mixed_content.block_display_content',
+    'security.nocertdb',
+    'security.ssl.require_safe_negotiation',
+    'security.ssl3.dhe_rsa_aes_128_sha',
+    'security.ssl3.dhe_rsa_aes_256_sha',
+    'security.ssl3.ecdhe_ecdsa_aes_128_sha',
+    'security.ssl3.ecdhe_rsa_aes_128_sha',
+    'security.ssl3.rsa_aes_128_sha',
+    'security.ssl3.rsa_aes_256_sha',
+    'security.ssl3.rsa_des_ede3_sha',
+    'services.blocklist.addons.collection',
+    'services.blocklist.gfx.collection',
+    'services.blocklist.onecrl.collection',
+    'services.blocklist.plugins.collection',
+    'signon.rememberSignons',
+    'svg.disabled',
+    'toolkit.cosmeticAnimations.enabled',
+    'urlclassifier.trackingTable',
+    'xpinstall.signatures.required',
+    /* reset parrot: check your open about:config after running the script */
+    '_user.js.parrot'
+  ]
+
+  if("undefined" === typeof(Services)) {
+    alert("about:config needs to be the active tab!");
+    return;
+  }
+  
+  let c = 0;
+  for (let i = 0, len = ops.length; i < len; i++) {
+    if (Services.prefs.prefHasUserValue(ops[i])) {   
+      Services.prefs.clearUserPref(ops[i]);
+      if (!Services.prefs.prefHasUserValue(ops[i])) {
+        console.log("reset", ops[i]);
+        c++;
+      } else { console.log("failed to reset", ops[i]); }
+    }
+  }
+  
+  focus();
+  
+  let d = (c==1) ? " pref" : " prefs";
+  if (c > 0) {
+    alert("successfully reset " + c + d + "\n\nfor details check the Browser Console (Ctrl+Shift+J)");
+  } else { alert("nothing to reset"); }
+  
+})();

scratchpad-scripts/troubleshooter.js

@@ -0,0 +1,232 @@
+
+/*** ghacks-user.js troubleshooter.js v1.4 ***/
+
+(function() {
+
+  if("undefined" === typeof(Services)) {
+    alert("about:config needs to be the active tab!");
+    return;
+  }
+
+  function getMyList(arr) {
+    let aRet = [];
+    let dummy = 0;
+    for (let i = 0, len = arr.length; i < len; i++) {
+      if (Services.prefs.prefHasUserValue(arr[i])) {
+        dummy = Services.prefs.getPrefType(arr[i]);
+        switch (dummy) {
+          case 32: // string (see https://dxr.mozilla.org/mozilla-central/source/modules/libpref/nsIPrefBranch.idl#31)
+            dummy = Services.prefs.getCharPref(arr[i]);
+            aRet.push({'name':arr[i],'value': dummy,'type':32});
+            break;
+          case 64: // int
+            dummy = Services.prefs.getIntPref(arr[i]);
+            aRet.push({'name':arr[i],'value': dummy,'type':64});
+            break;
+          case 128: // boolean
+            dummy = Services.prefs.getBoolPref(arr[i]);
+            aRet.push({'name':arr[i],'value': dummy,'type':128});
+            break;
+          default:
+            console.log("error detecting pref-type for '"+arr[i]+"' !");
+        }
+      }
+    }
+    return aRet;
+  }
+
+  function reapply(arr) {
+    for (let i = 0, len = arr.length; i < len; i++) {
+      switch (arr[i].type) {
+        case 32: // string
+          Services.prefs.setCharPref(arr[i].name, arr[i].value);
+          break;
+        case 64: // int
+          Services.prefs.setIntPref(arr[i].name, arr[i].value);
+          break;
+        case 128: // boolean
+          Services.prefs.setBoolPref(arr[i].name, arr[i].value);
+          break;
+        default:
+          console.log("error re-appyling value for '"+arr[i].name+"' !"); // should never happen
+      }
+    }
+  }
+
+  function myreset(arr) {
+    for (let i = 0, len = arr.length; i < len; i++) {
+      Services.prefs.clearUserPref(arr[i].name);
+    }
+  }
+
+  let ops = [
+
+    /* known culprits */
+    'network.cookie.cookieBehavior',
+    'network.http.referer.XOriginPolicy',
+    'privacy.firstparty.isolate',
+    'privacy.resistFingerprinting',
+    'security.mixed_content.block_display_content',
+    'svg.disabled',
+
+    /* Storage + Cache */
+    'browser.cache.offline.enable',
+    'dom.indexedDB.enabled',
+    'dom.storage.enabled',
+    'browser.storageManager.enabled',
+    'dom.storageManager.enabled',
+
+    /* Workers, Web + Push Notifications */
+    'dom.caches.enabled',
+    'dom.push.connection.enabled',
+    'dom.push.enabled',
+    'dom.push.serverURL',
+    'dom.serviceWorkers.enabled',
+    'dom.workers.enabled',
+    'dom.webnotifications.enabled',
+    'dom.webnotifications.serviceworker.enabled',
+
+    /* Fonts */
+    'browser.display.use_document_fonts',
+    'font.blacklist.underline_offset',
+    'gfx.downloadable_fonts.woff2.enabled',
+    'gfx.font_rendering.graphite.enabled',
+    'gfx.font_rendering.opentype_svg.enabled',
+    'layout.css.font-loading-api.enabled',
+
+    /* Misc */
+    'browser.link.open_newwindow.restriction',
+    'canvas.capturestream.enabled',
+    'dom.event.clipboardevents.enabled',
+    'dom.event.contextmenu.enabled',
+    'dom.IntersectionObserver.enabled',
+    'dom.popup_allowed_events',
+    'full-screen-api.enabled',
+    'geo.wifi.uri',
+    'intl.accept_languages',
+    'javascript.options.asmjs',
+    'javascript.options.wasm',
+    'permissions.default.shortcuts',
+    'security.csp.experimentalEnabled',
+
+    /* Hardware */
+    'dom.vr.enabled',
+    'media.ondevicechange.enabled',
+
+    /* Audio + Video */
+    'dom.webaudio.enabled',
+    'media.autoplay.enabled',
+    'media.flac.enabled',
+    'media.mp4.enabled',
+    'media.ogg.enabled',
+    'media.opus.enabled',
+    'media.raw.enabled',
+    'media.wave.enabled',
+    'media.webm.enabled',
+    'media.wmf.enabled',
+
+    /* Forms */
+    'browser.formfill.enable',
+    'signon.autofillForms',
+    'signon.formlessCapture.enabled',
+
+    /* HTTPS */
+    'security.cert_pinning.enforcement_level',
+    'security.family_safety.mode',
+    'security.mixed_content.use_hsts',
+    'security.OCSP.require',
+    'security.pki.sha1_enforcement_level',
+    'security.ssl.require_safe_negotiation',
+    'security.ssl.treat_unsafe_negotiation_as_broken',
+    'security.ssl3.dhe_rsa_aes_128_sha',
+    'security.ssl3.dhe_rsa_aes_256_sha',
+    'security.ssl3.ecdhe_ecdsa_aes_128_sha',
+    'security.ssl3.ecdhe_rsa_aes_128_sha',
+    'security.ssl3.rsa_aes_128_sha',
+    'security.ssl3.rsa_aes_256_sha',
+    'security.ssl3.rsa_des_ede3_sha',
+    'security.tls.enable_0rtt_data',
+    'security.tls.version.max',
+    'security.tls.version.min',
+
+    /* Plugins + Flash */
+    'plugin.default.state',
+    'plugin.defaultXpi.state',
+    'plugin.sessionPermissionNow.intervalInMinutes',
+    'plugin.state.flash',
+
+    /* unlikely to cause problems */
+    'browser.tabs.remote.allowLinkedWebInFileUriProcess',
+    'dom.popup_maximum',
+    'layout.css.visited_links_enabled',
+    'mathml.disabled',
+    'network.auth.subresource-img-cross-origin-http-auth-allow',
+    'network.http.redirection-limit',
+    'network.protocol-handler.external.ms-windows-store',
+    'privacy.trackingprotection.enabled',
+    'security.data_uri.block_toplevel_data_uri_navigations',
+
+    /* FF User-Interface */
+    'browser.search.suggest.enabled',
+    'browser.urlbar.autoFill',
+    'browser.urlbar.autoFill.typed',
+    'browser.urlbar.oneOffSearches',
+    'browser.urlbar.suggest.searches',
+    'keyword.enabled',
+
+    'last.one.without.comma'
+  ]
+
+
+  // reset prefs that set the same value as FFs default value
+  let aTEMP = getMyList(ops);
+  myreset(aTEMP);
+  reapply(aTEMP);
+
+  const aBACKUP = getMyList(ops);
+  //console.log(aBACKUP.length, "user-set prefs from our list detected and their values stored.");
+
+  let myArr = aBACKUP;
+  let found = false;
+  let aDbg = [];
+  focus();
+  myreset(aBACKUP); // reset all detected prefs
+  if (confirm("all detected prefs reset.\n\n!! KEEP THIS PROMPT OPEN AND TEST THE SITE IN ANOTHER TAB !!\n\nIF the problem still exists, this script can't help you - click cancel to re-apply your values and exit.\n\nClick OK if your problem is fixed.")) {
+    aDbg = myArr;
+    reapply(aBACKUP);
+    myreset(myArr.slice(0, parseInt(myArr.length/2)));
+    while (myArr.length >= 2) {
+      alert("NOW TEST AGAIN !");
+      if (confirm("if the problem still exists click OK, otherwise click cancel.")) {
+        myArr = myArr.slice(parseInt(myArr.length/2));
+        if (myArr.length == 1) {
+          alert("The problem is caused by more than 1 pref !\n\nNarrowed it down to "+ aDbg.length.toString() +" prefs, check the console ...");
+          break;
+        }
+      } else {
+        myArr = myArr.slice(0, parseInt(myArr.length/2));
+        aDbg = myArr;
+        if (myArr.length == 1) { found = true; break; }
+      }
+      reapply(aBACKUP);
+      myreset(myArr.slice(0, parseInt(myArr.length/2))); // reset half of the remaining prefs
+    }
+    reapply(aBACKUP);
+  }
+  else {
+    reapply(aBACKUP);
+    return;
+  }
+
+  if (found) {
+    alert("narrowed it down to:\n\n"+myArr[0].name+"\n");
+    myreset(myArr); // reset the culprit
+  }
+  else {
+    console.log("the problem is caused by a combination of the following prefs:");
+    for (let i = 0, len = aDbg.length; i < len; i++) {
+      console.log(aDbg[i].name);
+    }
+  }
+
+})();

updater.bat

@@ -0,0 +1,260 @@
+@ECHO OFF & SETLOCAL EnableDelayedExpansion
+TITLE ghacks user.js updater
+
+REM ## ghacks-user.js updater for Windows
+REM ## author: @claustromaniac
+REM ## version: 4.4
+REM ## instructions: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.3-Updater-Scripts
+
+SET _myname=%~n0
+SET _myparams=%*
+:parse
+IF "%~1"=="" (GOTO endparse)
+IF /I "%~1"=="-unattended" (SET _ua=1)
+IF /I "%~1"=="-log" (SET _log=1)
+IF /I "%~1"=="-logp" (SET _log=1 & SET _logp=1)
+IF /I "%~1"=="-multioverrides" (SET _multi=1)
+IF /I "%~1"=="-merge" (SET _merge=1)
+IF /I "%~1"=="-updatebatch" (SET _updateb=1)
+IF /I "%~1"=="-singlebackup" (SET _singlebackup=1)
+SHIFT
+GOTO parse
+:endparse
+IF DEFINED _updateb (
+	REM The normal flow here goes from phase 1 to phase 2 and then phase 3.
+	IF NOT "!_myname:~0,9!"=="[updated]" (
+		IF EXIST "[updated]!_myname!.bat" (
+			REM ## Phase 3 ##: The new script, with the original name, will:
+			REM 	* Delete the [updated]*.bat script
+			REM 	* Begin the normal routine
+			REN "[updated]!_myname!.bat" "[updated]!_myname!.bat.old"
+			DEL /F "[updated]!_myname!.bat.old"
+			CALL :message "Script updated^!"
+			TIMEOUT 3 >nul
+			CLS
+			GOTO begin
+		)
+		REM ## Phase 1 ##
+		REM 	* Download new batch and name it [updated]*.bat
+		REM 	* Start that script in a new CMD window
+		REM 	* Exit
+		CALL :message "Updating script..."
+		REM Uncomment the next line and comment the powershell call for testing.
+		REM COPY /B /V /Y "!_myname!.bat" "[updated]!_myname!.bat"
+		(
+			powershell -Command "(New-Object Net.WebClient).DownloadFile('https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/updater.bat', '[updated]!_myname!.bat')"
+		) >nul 2>&1
+		IF EXIST "[updated]!_myname!.bat" (
+			START /min CMD /C "[updated]!_myname!.bat" !_myparams!
+			EXIT /B
+		) ELSE (
+			CALL :message "Failed. Make sure PowerShell is allowed internet access."
+			TIMEOUT 120 >nul
+			EXIT /B
+		)
+	) ELSE (
+		IF "!_myname!"=="[updated]" (
+			CALL :message "The [updated] label is reserved. Rename this script and try again."
+			TIMEOUT 300 >nul
+		) ELSE (
+			REM ## Phase 2 ##: The [updated]*.bat script will:
+			REM 	* Copy itself overwriting the original batch
+			REM 	* Start that script in a new CMD instance
+			REM 	* Exit
+			IF EXIST "!_myname:~9!.bat" (
+				REN "!_myname:~9!.bat" "!_myname:~9!.bat.old"
+				DEL /F "!_myname:~9!.bat.old"
+			)
+			COPY /B /V /Y "!_myname!.bat" "!_myname:~9!.bat"
+			START CMD /C "!_myname:~9!.bat" !_myparams!
+		)
+		EXIT /B
+	)
+)
+:begin
+ECHO:
+ECHO:
+ECHO:                ########################################
+ECHO:                ####  user.js Updater for Windows   ####
+ECHO:                ####       by claustromaniac        ####
+ECHO:                ####             v4.4               ####
+ECHO:                ########################################
+ECHO:
+SET /A "_line=0"
+IF NOT EXIST user.js (
+	CALL :message "user.js not detected in the current directory."
+) ELSE (
+	FOR /F "skip=1 tokens=1,* delims=:" %%G IN (user.js) DO (
+		SET /A "_line+=1"
+		IF !_line! GEQ 4 (GOTO exitloop)
+		IF !_line! EQU 1 (SET _name=%%H)
+		IF !_line! EQU 2 (SET _date=%%H)
+		IF !_line! EQU 3 (SET _version=%%G)
+	)
+	:exitloop
+	IF NOT "!_name!"=="" (
+		IF /I NOT "!_name!"=="!_name:ghacks=!" (
+			CALL :message "!_name! !_version:~2!,!_date!"
+		) ELSE (CALL :message "Current user.js version not recognised.")
+	) ELSE (CALL :message "Current user.js version not recognised.")
+)
+ECHO:
+IF NOT DEFINED _ua (
+	CALL :message "This batch should be run from your Firefox profile directory."
+	ECHO:  It will download the latest version of ghacks user.js from github and then
+	CALL :message "append any of your own changes from user-overrides.js to it."
+	CALL :message "Visit the wiki for more detailed information."
+	ECHO:
+	TIMEOUT 1 /nobreak >nul
+	CHOICE /C SHE /N /M "Start [S] Help [H] Exit [E]"
+	CLS
+	IF ERRORLEVEL 3 (EXIT /B)
+	IF ERRORLEVEL 2 (GOTO :showhelp)
+)
+IF DEFINED _log (
+	CALL :log >>user.js-update-log.txt 2>&1
+	IF DEFINED _logp (START user.js-update-log.txt)
+	EXIT /B
+	:log
+	SET _log=2
+	ECHO:##################################################################
+	CALL :message "%date%, %time%"
+)
+IF EXIST user.js.new (DEL /F "user.js.new")
+CALL :message "Retrieving latest user.js file from github repository..."
+(
+	powershell -Command "(New-Object Net.WebClient).DownloadFile('https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/user.js', 'user.js.new')"
+) >nul 2>&1
+IF EXIST user.js.new (
+	IF DEFINED _multi (
+		FORFILES /P user.js-overrides /M *.js >nul 2>&1
+		IF NOT ERRORLEVEL 1 (
+			IF DEFINED _merge (
+				CALL :message "Merging..."
+				COPY /B /V /Y user.js-overrides\*.js user-overrides-merged.js
+				CALL :merge user-overrides-merged.js
+				COPY /B /V /Y user.js.new+user-overrides-merged.js user.js.new
+				CALL :merge user.js.new
+			) ELSE (
+				CALL :message "Appending..."
+				COPY /B /V /Y user.js.new+"user.js-overrides\*.js" user.js.new
+			)
+		) ELSE (CALL :message "No override files found.")
+	) ELSE (
+		IF EXIST "user-overrides.js" (
+			COPY /B /V /Y user.js.new+"user-overrides.js" "user.js.new"
+			IF DEFINED _merge (
+				CALL :message "Merging user-overrides.js..."
+				CALL :merge user.js.new
+			) ELSE (
+				CALL :message "user-overrides.js appended."
+			)
+		) ELSE (CALL :message "user-overrides.js not found.")
+	)
+	IF EXIST user.js (
+		FC user.js.new user.js >nul && SET "_changed=false" || SET "_changed=true"
+	)
+	IF "!_changed!"=="true" (
+		CALL :message "Backing up..."
+		IF DEFINED _singlebackup (
+			MOVE /Y user.js user.js.bak >nul
+		) ELSE (
+			MOVE /Y user.js "user-backup-!date:/=-!_!time::=.!.js" >nul
+		)
+		REN user.js.new user.js
+		CALL :message "Update complete."
+	) ELSE (
+		IF "!_changed!"=="false" (
+			DEL /F user.js.new >nul
+			CALL :message "Update completed without changes."
+		) ELSE (
+			REN user.js.new user.js
+			CALL :message "Update complete."
+		)
+	)
+) ELSE (
+	CALL :message "Update failed. Make sure PowerShell is allowed internet access."
+	ECHO:  No changes were made.
+)
+IF NOT DEFINED _log (
+	IF NOT DEFINED _ua (PAUSE)
+)
+EXIT /B
+
+REM ########### Message Function ###########
+:message
+SETLOCAL DisableDelayedExpansion
+IF NOT "2"=="%_log%" (ECHO:)
+ECHO:  %~1
+IF NOT "2"=="%_log%" (ECHO:)
+ENDLOCAL
+GOTO :EOF
+REM ############ Merge function ############
+:merge
+SETLOCAL DisableDelayedExpansion
+(
+	FOR /F tokens^=2^,^*^ delims^=^'^" %%G IN ('FINDSTR /B /R /C:"user_pref.*\)[ 	]*;" "%~1"') DO (IF NOT "%%H"=="" (SET "%%G=%%H"))
+	FOR /F "tokens=1,* delims=:" %%I IN ('FINDSTR /N "^" "%~1"') DO (
+		SET "_temp=%%J"
+		SETLOCAL EnableDelayedExpansion
+		IF NOT "!_temp:~0,9!"=="user_pref" (
+			ENDLOCAL & ECHO:%%J
+		) ELSE (
+			IF "!_temp:;=!"=="!_temp!" (
+				ENDLOCAL & ECHO:%%J
+			) ELSE (
+				ENDLOCAL
+				FOR /F tokens^=2^ delims^=^'^" %%K IN ("%%J") DO (
+					IF NOT "_user.js.parrot"=="%%K" (
+						IF DEFINED %%K (
+							SETLOCAL EnableDelayedExpansion
+							FOR /F "delims=" %%L IN ("!%%K!") DO (
+								ENDLOCAL & ECHO:user_pref("%%K"%%L
+								SET "%%K="
+							)
+						)
+					) ELSE (ECHO:%%J)
+				)
+			)
+		)
+	)
+)>updatertempfile
+MOVE /Y updatertempfile "%~1" >nul
+ENDLOCAL
+GOTO :EOF
+REM ############### Help ##################
+:showhelp
+MODE 80,46
+CLS
+CALL :message "Available arguments (case-insensitive):"
+CALL :message "  -log"
+ECHO:     Write the console output to a logfile (user.js-update-log.txt)
+CALL :message "  -logP"
+ECHO:     Like -log, but also open the logfile after updating.
+CALL :message "  -merge"
+ECHO:     Merge overrides instead of appending them. Single-line comments and
+ECHO:     _user.js.parrot lines are appended normally. Overrides for inactive
+ECHO:     user.js prefs will be appended. When -Merge and -MultiOverrides are used
+ECHO:     together, a user-overrides-merged.js file is also generated in the root
+ECHO:     directory for quick reference. It contains only the merged data from
+ECHO:     override files and can be safely discarded after updating, or used as the
+ECHO:     new user-overrides.js. When there are conflicting records for the same
+ECHO:     pref, the value of the last one declared will be used. Visit the wiki
+ECHO:     for usage examples and more detailed information.
+CALL :message "  -multiOverrides"
+ECHO:     Use any and all .js files in a user.js-overrides sub-folder as overrides
+ECHO:     instead of the default user-overrides.js file. Files are appended in
+ECHO:     alphabetical order.
+CALL :message "  -unattended"
+ECHO:     Run without user input.
+CALL :message "  -singleBackup"
+ECHO:     Use a single backup file and overwrite it on new updates, instead of
+ECHO:     cumulative backups. This was the default behaviour before v4.3.
+CALL :message "  -updatebatch"
+ECHO:     Update the script itself on execution, before the normal routine.
+CALL :message ""
+PAUSE
+CLS
+MODE 80,25
+GOTO :begin
+REM #####################################

updater.sh

@@ -0,0 +1,58 @@
+#!/bin/bash
+
+### ghacks-user.js updater for Mac/Linux
+## author: @overdodactyl
+## version: 1.2
+
+ghacksjs="https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/user.js"
+
+echo -e "\nThis script should be run from your Firefox profile directory.\n"
+
+currdir=$(pwd)
+
+## get the full path of this script (readlink for Linux, greadlink for Mac with coreutils installed)
+sfp=$(readlink -f "${BASH_SOURCE[0]}" 2>/dev/null || greadlink -f "${BASH_SOURCE[0]}" 2>/dev/null)
+
+## fallback for Macs without coreutils
+if [ -z "$sfp" ]; then sfp=${BASH_SOURCE[0]}; fi
+
+## change directory to the Firefox profile directory
+cd "$(dirname "${sfp}")"
+
+echo -e "Updating the user.js for Firefox profile:\n$(pwd)\n"
+
+if [ -e user.js ]; then
+  echo "Your current user.js file for this profile will be backed up and the latest ghacks version from github will take its place."
+  echo -e "\nIf currently using the ghacks user.js, please compare versions:"
+  echo "  Available online: $(curl -s ${ghacksjs} | sed -n '4p')"
+  echo "  Currently using:  $(sed -n '4p' user.js)"
+else
+  echo "A user.js file does not exist in this profile. If you continue, the latest ghacks version from github will be downloaded."
+fi
+
+echo -e "\nIf a user-overrides.js file exists in this profile, it will be appended to the user.js.\n"
+
+read -p "Continue Y/N? " -n 1 -r
+echo -e "\n\n"
+
+if [[ $REPLY =~ ^[Yy]$ ]]; then
+  if [ -e user.js ]; then
+    # backup current user.js
+    bakfile="user.js.backup.$(date +"%Y-%m-%d_%H%M")"
+    mv user.js "${bakfile}" && echo "Your previous user.js file was backed up: ${bakfile}"
+  fi
+
+  # download latest ghacks user.js
+  echo "downloading latest ghacks user.js file"
+  curl -O ${ghacksjs} && echo "ghacks user.js has been downloaded"
+
+  if [ -e user-overrides.js ]; then
+    echo "user-overrides.js file found"
+    cat user-overrides.js >> user.js && echo "user-overrides.js has been appended to user.js"
+  fi
+else
+  echo "Process aborted"
+fi
+
+## change directory back to the original working directory
+cd "${currdir}"

user.js

@@ -1,10 +1,11 @@
 /******
 * name: ghacks user.js
-* date: 2 October 2017
-* version 56: You're So Pants
-*   "You're so pants, you probably think this song is about you. Don't you? Don't You?"
+* date: 3 February 2018
+* version 58: Pantslide
+*   "I took my pants, took em down, I climbed a mountain and I turned around"
 * authors: v52+ github | v51- www.ghacks.net
 * url: https://github.com/ghacksuserjs/ghacks-user.js
+* license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt
 
 * releases: These are end-of-stable-life-cycle legacy archives.
             *Always* use the master branch user.js for a current up-to-date version.
@@ -19,9 +20,9 @@
   3. If you skipped steps 1 and 2 above (shame on you), then here is the absolute minimum
      * Auto-installing updates for Firefox and extensions are disabled (section 0302's)
      * Some user data is erased on close (section 2800), namely history (browsing, form, download)
-     * Cookies are denied by default (2701), we use site exceptions. This breaks extensions
-       that use IndexedDB, so you need to allow exceptions for those as well: see [1] below
-       [1] https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.7-Setting-Extension-Permission-Exceptions
+     * Cookies are denied by default (2701), we use site exceptions. In Firefox 58 and lower, this breaks
+       extensions that use IndexedDB, so you need to allow exceptions for those as well: see [1] below
+       [1] https://github.com/ghacksuserjs/ghacks-user.js/wiki/4.1.1-Setting-Extension-Permission-Exceptions
      * EACH RELEASE check:
          - 4600s: reset prefs made redundant due to privacy.resistFingerprinting (RPF)
                   or enable them as an alternative to RFP or for ESR users
@@ -34,7 +35,7 @@
            before using to avoid unexpected surprises
          - Search this file for the "[WARNING]" tag to troubleshoot or prevent SOME common issues
   4. BACKUP your profile folder before implementing (and/or test in a new/cloned profile)
-  5. KEEP UP TO DATE: https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.5-Keeping-Up-To-Date
+  5. KEEP UP TO DATE: https://github.com/ghacksuserjs/ghacks-user.js/wiki#small_orange_diamond-maintenance
 
  ******/
 
@@ -44,6 +45,9 @@
  * [2] https://en.wikipedia.org/wiki/Warrant_canary ***/
 user_pref("_user.js.parrot", "START: Oh yes, the Norwegian Blue... what's wrong with it?");
 
+/* 0000: disable about:config warning ***/
+user_pref("general.warnOnAboutConfig", false);
+
 /* 0001: start Firefox in PB (Private Browsing) mode
  * [SETTING-56+] Options>Privacy & Security>History>Custom Settings>Always use private browsing mode
  * [SETTING-ESR] Options>Privacy>History>Custom Settings>Always use private browsing mode
@@ -73,9 +77,10 @@ user_pref("startup.homepage_override_url", ""); // what's new page after updates
 user_pref("browser.laterrun.enabled", false);
 user_pref("browser.shell.checkDefaultBrowser", false);
 /* 0102: set start page (0=blank, 1=home, 2=last visited page, 3=resume previous session)
- * home = browser.startup.homepage preference.
  * [SETTING] Options>General>Startup>When Firefox starts ***/
    // user_pref("browser.startup.page", 0);
+/* 0103: set your "home" page (see 0102) ***/
+   // user_pref("browser.startup.homepage", "https://www.example.com/");
 
 /*** 0200: GEOLOCATION ***/
 user_pref("_user.js.parrot", "0200 syntax error: the parrot's definitely deceased!");
@@ -90,6 +95,9 @@ user_pref("browser.search.geoip.url", "");
 user_pref("intl.locale.matchOS", false);
 /* 0204: set APP locale ***/
 user_pref("general.useragent.locale", "en-US");
+/* 0205: set OS & APP locale (replaces 0203 + 0204) (FF59+)
+ * If set to empty, the OS locales are used. If not set at all, default locale is used ***/
+user_pref("intl.locale.requested", "en-US"); // (hidden pref)
 /* 0206: disable geographically specific results/search engines e.g. "browser.search.*.US"
  * i.e. ignore all of Mozilla's various search engines in multiple locales ***/
 user_pref("browser.search.geoSpecificDefaults", false);
@@ -159,15 +167,20 @@ user_pref("extensions.webservice.discoverURL", "");
  * IF unified=false then .enabled controls the telemetry module
  * IF unified=true then .enabled ONLY controls whether to record extended data
  * so make sure to have both set as false
- * [1] https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/telemetry/internals/preferences.html ***/
+ * [NOTE] FF58+ `toolkit.telemetry.enabled` is now LOCKED to reflect prerelease
+ * or release builds (true and false respectively), see [2]
+ * [1] https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/telemetry/internals/preferences.html
+ * [2] https://medium.com/georg-fritzsche/data-preference-changes-in-firefox-58-2d5df9c428b5 ***/
 user_pref("toolkit.telemetry.unified", false);
-user_pref("toolkit.telemetry.enabled", false);
-user_pref("toolkit.telemetry.server", "");
+user_pref("toolkit.telemetry.enabled", false); // see [NOTE] above FF58+
+user_pref("toolkit.telemetry.server", "data:,");
 user_pref("toolkit.telemetry.archive.enabled", false);
 user_pref("toolkit.telemetry.cachedClientID", "");
 user_pref("toolkit.telemetry.newProfilePing.enabled", false); // (FF55+)
 user_pref("toolkit.telemetry.shutdownPingSender.enabled", false); // (FF55+)
 user_pref("toolkit.telemetry.updatePing.enabled", false); // (FF56+)
+user_pref("toolkit.telemetry.bhrPing.enabled", false); // (FF57+) Background Hang Reporter
+user_pref("toolkit.telemetry.firstShutdownPing.enabled", false); // (FF57+)
 /* 0333a: disable health report ***/
 user_pref("datareporting.healthreport.uploadEnabled", false);
 /* 0333b: disable about:healthreport page (which connects to Mozilla for locale/css+js+json)
@@ -183,7 +196,8 @@ user_pref("breakpad.reportURL", "");
 /* 0351: disable sending of crash reports (FF44+) ***/
 user_pref("browser.tabs.crashReporting.sendReport", false);
 user_pref("browser.crashReports.unsubmittedCheck.enabled", false); // (FF51+)
-user_pref("browser.crashReports.unsubmittedCheck.autoSubmit", false); // (FF51+)
+user_pref("browser.crashReports.unsubmittedCheck.autoSubmit", false); // (FF51-57)
+user_pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); // (FF58+)
 /* 0360: disable new tab tile ads & preload & marketing junk ***/
 user_pref("browser.newtab.preload", false);
 user_pref("browser.newtabpage.directory.source", "data:text/plain,");
@@ -191,18 +205,8 @@ user_pref("browser.newtabpage.enabled", false);
 user_pref("browser.newtabpage.enhanced", false);
 user_pref("browser.newtabpage.introShown", true);
 /* 0370: disable "Snippets" (Mozilla content shown on about:home screen)
- * MUST use HTTPS - arbitrary content injected into this page via http opens up MiTM attacks
  * [1] https://wiki.mozilla.org/Firefox/Projects/Firefox_Start/Snippet_Service ***/
-user_pref("browser.aboutHomeSnippets.updateUrl", "https://127.0.0.1");
-/* 0374: disable "social" integration
- * [1] https://developer.mozilla.org/docs/Mozilla/Projects/Social_API ***/
-user_pref("social.whitelist", "");
-user_pref("social.toast-notifications.enabled", false);
-user_pref("social.shareDirectory", "");
-user_pref("social.remote-install.enabled", false);
-user_pref("social.directories", "");
-user_pref("social.share.activationPanelEnabled", false);
-user_pref("social.enabled", false); // (hidden pref)
+user_pref("browser.aboutHomeSnippets.updateUrl", "data:,");
 
 /*** 0400: BLOCKLISTS / SAFE BROWSING / TRACKING PROTECTION
      This section has security & tracking protection implications vs privacy concerns vs effectiveness
@@ -276,6 +280,9 @@ user_pref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", ""); //
  * [TEST] see github wiki APPENDIX C: Test Sites: Section 5
  * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1226490 ***/
    // user_pref("browser.safebrowsing.allowOverride", false);
+/* 0417: disable data sharing (FF58+) ***/
+user_pref("browser.safebrowsing.provider.google4.dataSharing.enabled", false);
+user_pref("browser.safebrowsing.provider.google4.dataSharingURL", "");
 /** TRACKING PROTECTION (TP)
     There are NO privacy concerns here, but we strongly recommend to use uBlock Origin as well,
     as it offers more comprehensive and specialized lists. It also allows per domain control. ***/
@@ -337,6 +344,9 @@ user_pref("network.allow-experiments", false);
 /* 0505: block URL used for system extension updates (FF44+)
  * [NOTE] You will not get any system extension updates except when you update Firefox ***/
    // user_pref("extensions.systemAddon.update.url", "");
+/* 0506: disable PingCentre telemetry (used in several system extensions) (FF57+)
+ * Currently blocked by 'datareporting.healthreport.uploadEnabled' (see 0333) ***/
+user_pref("browser.ping-centre.telemetry", false);
 /* 0510: disable Pocket (FF39+)
  * Pocket is a third party (now owned by Mozilla) "save for later" cloud service
  * [1] https://en.wikipedia.org/wiki/Pocket_(application)
@@ -363,6 +373,7 @@ user_pref("extensions.shield-recipe-client.api_url", "");
  * [1] https://wiki.mozilla.org/Firefox/Activity_Stream
  * [2] https://www.ghacks.net/2016/02/15/firefox-mockups-show-activity-stream-new-tab-page-and-share-updates/ ***/
 user_pref("browser.newtabpage.activity-stream.enabled", false);
+user_pref("browser.library.activity-stream.enabled", false); // (FF57+)
 /* 0515: disable Screenshots (FF55+)
  * [1] https://github.com/mozilla-services/screenshots
  * [2] https://www.ghacks.net/2017/05/28/firefox-screenshots-integrated-in-firefox-nightly/ ***/
@@ -475,14 +486,14 @@ user_pref("browser.urlbar.usepreloadedtopurls.enabled", false);
 /* 0810: disable location bar making speculative connections (FF56+)
  * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1348275 ***/
 user_pref("browser.urlbar.speculativeConnect.enabled", false);
-/* 0850a: disable location bar autocomplete [controlled by 0850b] ***/
-   // user_pref("browser.urlbar.autocomplete.enabled", false);
-/* 0850b: disable location bar suggestion types [controls 0850a]
+/* 0850a: disable location bar autocomplete and suggestion types
+ * If you enforce any of the suggestion types, you MUST enforce 'autocomplete'
+ *   - If *ALL* of the suggestion types are false, 'autocomplete' must also be false
+ *   - If *ANY* of the suggestion types are true, 'autocomplete' must also be true
  * [SETTING-56+] Options>Privacy & Security>Address Bar>When using the address bar, suggest
  * [SETTING-ESR] Options>Privacy>Location Bar>When using the location bar, suggest
- * [NOTE] If any of these are true, 0850a will be FORCED to true
- * and if all three are false, 0850a will be FORCED to false
- * [WARNING] If all three are false, search engine keywords are disabled ***/
+ * [WARNING] If all three suggestion types are false, search engine keywords are disabled ***/
+user_pref("browser.urlbar.autocomplete.enabled", false);
 user_pref("browser.urlbar.suggest.history", false);
 user_pref("browser.urlbar.suggest.bookmark", false);
 user_pref("browser.urlbar.suggest.openpage", false);
@@ -492,7 +503,7 @@ user_pref("browser.urlbar.suggest.openpage", false);
  * be displayed (no we do not know how these are calculated or what the threshold is),
  * and this does not affect the search by search engine suggestion (see 0808)
  * [USAGE] This setting is only useful if you want to enable search engine keywords
- * (i.e. at least one of 0850b must be true) but you want to *limit* suggestions shown ***/
+ * (i.e. at least one of 0850a suggestion types must be true) but you want to *limit* suggestions shown ***/
    // user_pref("browser.urlbar.maxRichResults", 0);
 /* 0850d: disable location bar autofill
  * [1] http://kb.mozillazine.org/Inline_autocomplete ***/
@@ -501,6 +512,9 @@ user_pref("browser.urlbar.autoFill.typed", false);
 /* 0850e: disable location bar one-off searches (FF51+)
  * [1] https://www.ghacks.net/2016/08/09/firefox-one-off-searches-address-bar/ ***/
 user_pref("browser.urlbar.oneOffSearches", false);
+/* 0850f: disable location bar suggesting local search history (FF57+)
+ * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1181644 ***/
+user_pref("browser.urlbar.maxHistoricalSearchSuggestions", 0); // max. number of search suggestions
 /* 0860: disable search and form history
  * [SETTING-56+] Options>Privacy & Security>History>Custom Settings>Remember search and form history
  * [SETTING-ESR] Options>Privacy>History>Custom Settings>Remember search and form history
@@ -580,8 +594,6 @@ user_pref("browser.cache.disk_cache_ssl", false);
  * [NOTE] Not recommended due to performance issues ***/
    // user_pref("browser.cache.memory.enable", false);
    // user_pref("browser.cache.memory.capacity", 0); // (hidden pref)
-/* 1004: disable offline cache ***/
-user_pref("browser.cache.offline.enable", false);
 /* 1005: disable fastback cache
  * To improve performance when pressing back/forward Firefox stores visited pages
  * so they don't have to be re-parsed. This is not the same as memory cache.
@@ -589,7 +601,7 @@ user_pref("browser.cache.offline.enable", false);
  * [NOTE] Not recommended unless you know what you're doing
  * [1] http://kb.mozillazine.org/Browser.sessionhistory.max_total_viewers ***/
    // user_pref("browser.sessionhistory.max_total_viewers", 0);
-/* 1006: disable permissions manager from writing to disk (requires restart)
+/* 1006: disable permissions manager from writing to disk [RESTART]
  * [NOTE] This means any permission changes are session only
  * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=967812 ***/
    // user_pref("permissions.memory_only", true); // (hidden pref)
@@ -631,53 +643,7 @@ user_pref("browser.shell.shortcutFavicons", false);
    // user_pref("browser.chrome.site_icons", false);
    // user_pref("browser.chrome.favicons", false);
 /* 1032: disable favicons in web notifications ***/
-user_pref("alerts.showFavicons", false);
-
-/*** 1100: MULTI-PROCESS (e10s)
-     We recommend you let Firefox handle this. Until e10s is enforced, if
-     - all your legacy extensions have the 'multiprocessCompatible' flag as true, then FF = e10s
-     - any legacy extensions have 'multiprocessCompatible' flag as false, then FF != e10s
-     - any legacy extensions are missing the 'multiprocessCompatible' flag, then they *might* be disabled
-     [1] https://blog.mozilla.org/addons/2017/02/16/the-road-to-firefox-57-compatibility-milestones/
-***/
-user_pref("_user.js.parrot", "1100 syntax error: the parrot's bought the farm!");
-/* 1101: start the browser in e10s mode (FF48+)
- * about:support>Application Basics>Multiprocess Windows ***/
-   // user_pref("browser.tabs.remote.autostart", true);
-   // user_pref("browser.tabs.remote.autostart.2", true); // (FF49+) (hidden pref)
-   // user_pref("browser.tabs.remote.force-enable", true); // (hidden pref)
-   // user_pref("extensions.e10sBlocksEnabling", false);
-/* 1102: control number of content rendering processes
- * [SETTING] Options>General>Performance>Custom>Content process limit
- * [1] https://www.ghacks.net/2016/02/15/change-how-many-processes-multi-process-firefox-uses/
- * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1207306 ***/
-   // user_pref("dom.ipc.processCount", 4);
-/* 1103: enable extension code to run in a separate process (webext-oop) (FF53+)
- * [1] https://wiki.mozilla.org/WebExtensions/Implementing_APIs_out-of-process ***/
-   // user_pref("extensions.webextensions.remote", true);
-/* 1104: enforce separate content process for file://URLs (FF53+)
- * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1147911
- * [2] https://www.ghacks.net/2016/11/27/firefox-53-exclusive-content-process-for-local-files/ ***/
-user_pref("browser.tabs.remote.separateFileUriProcess", true);
-/* 1105: enable console shim warnings for legacy extensions with the 'multiprocessCompatible' flag as false ***/
-user_pref("dom.ipc.shims.enabledWarnings", true);
-/* 1106: control number of extension processes ***/
-   // user_pref("dom.ipc.processCount.extension", 1);
-/* 1107: control number of file processes ***/
-   // user_pref("dom.ipc.processCount.file", 1);
-/* 1108: block web content in file processes (FF55+)
- * [WARNING] [SETUP] You may want to disable this for corporate or developer environments
- * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1343184 ***/
-user_pref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false);
-/* 1110: set sandbox level. DO NOT MEDDLE WITH THESE. They are included to inform you NOT to play
- * with them. The values are integers, but the code below deliberately contains a data mismatch
- * [1] https://wiki.mozilla.org/Sandbox
- * [2] https://www.ghacks.net/2017/01/23/how-to-change-firefoxs-sandbox-security-level/#comment-4105173 ***/
-   // user_pref("security.sandbox.content.level", "donotuse");
-   // user_pref("dom.ipc.plugins.sandbox-level.default", "donotuse");
-   // user_pref("dom.ipc.plugins.sandbox-level.flash", "donotuse");
-/* 1111: enable sandbox logging ***/
-   // user_pref("security.sandbox.logging.enabled", true);
+user_pref("alerts.showFavicons", false); // default: false
 
 /*** 1200: HTTPS ( SSL/TLS / OCSP / CERTS / HSTS / HPKP / CIPHERS )
    Note that your cipher and other settings can be used server side as a fingerprint attack
@@ -730,17 +696,20 @@ user_pref("security.tls.enable_0rtt_data", false); // (FF55+ default true)
 /* 1210: enable OCSP Stapling
  * [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ ***/
 user_pref("security.ssl.enable_ocsp_stapling", true);
-/* 1211: control use of OCSP responder servers to confirm current validity of certificates
- * 0=disable, 1=validate only certificates that specify an OCSP service URL (default)
- * 2=enable and use values in security.OCSP.URL and security.OCSP.signing.
+/* 1211: control when to use OCSP fetching (to confirm current validity of certificates)
+ * 0=disabled, 1=enabled (default), 2=enabled for EV certificates only
  * OCSP (non-stapled) leaks information about the sites you visit to the CA (cert authority)
  * It's a trade-off between security (checking) and privacy (leaking info to the CA)
+ * [NOTE] This pref only controls OCSP fetching and does not affect OCSP stapling
  * [1] https://en.wikipedia.org/wiki/Ocsp ***/
 user_pref("security.OCSP.enabled", 1);
-/* 1212: enable OCSP revocation. When a CA cannot be reached to validate a cert, Firefox currently
- * continues the connection. With OCSP revocation, Firefox terminates the connection instead.
- * [WARNING] Since FF44 the default is false. If set to true, this will cause some site breakage
- * [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ ***/
+/* 1212: set OCSP fetch failures (non-stapled, see 1211) to hard-fail
+ * When a CA cannot be reached to validate a cert, Firefox just continues the connection (=soft-fail)
+ * Setting this pref to true tells Firefox to instead terminate the connection (=hard-fail)
+ * It is pointless to soft-fail when an OCSP fetch fails: you cannot confirm a cert is still valid (it
+ * could have been revoked) and/or you could be under attack (e.g. malicious blocking of OCSP servers)
+ * [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/
+ * [2] https://www.imperialviolet.org/2014/04/19/revchecking.html ***/
 user_pref("security.OCSP.require", true);
 /** CERTS / HSTS (HTTP Strict Transport Security) / HPKP (HTTP Public Key Pinning) ***/
 /* 1220: disable Windows 8.1's Microsoft Family Safety cert [WINDOWS] (FF50+)
@@ -749,7 +718,7 @@ user_pref("security.OCSP.require", true);
  * 2=detect Family Safety mode and import the root
  * [1] https://trac.torproject.org/projects/tor/ticket/21686 ***/
 user_pref("security.family_safety.mode", 0);
-/* 1221: disable intermediate certificate caching (fingerprinting attack vector)
+/* 1221: disable intermediate certificate caching (fingerprinting attack vector) [RESTART]
  * [NOTE] This may be better handled under FPI (ticket 1323644, part of Tor Uplift)
  * [WARNING] This affects login/cert/key dbs. The effect is all credentials are session-only.
  * Saved logins and passwords are not available. Reset the pref and restart to return them.
@@ -772,9 +741,8 @@ user_pref("network.stricttransportsecurity.preloadlist", true);
 /* 1240: disable insecure active content on https pages - mixed content
  * [1] https://trac.torproject.org/projects/tor/ticket/21323 ***/
 user_pref("security.mixed_content.block_active_content", true);
-/* 1241: disable insecure passive content (such as images) on https pages - mixed context
- * [WARNING] When set to true, this will visually break many sites (March 2017) ***/
-   // user_pref("security.mixed_content.block_display_content", true);
+/* 1241: disable insecure passive content (such as images) on https pages - mixed context ***/
+user_pref("security.mixed_content.block_display_content", true);
 /* 1242: enable Mixed-Content-Blocker to use the HSTS cache but disable the HSTS Priming requests (FF51+)
  * Allow resources from domains with an existing HSTS cache record or in the HSTS preload list
  * to be upgraded to HTTPS internally but disable sending out HSTS Priming requests, because
@@ -816,7 +784,7 @@ user_pref("security.pki.sha1_enforcement_level", 1);
  * [1] https://wiki.mozilla.org/Security:Renegotiation ***/
 user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true);
 /* 1271: control "Add Security Exception" dialog on SSL warnings
- * 0=do neither 1=pre-populate url 2+pre-populate url + pre-fetch cert (default)
+ * 0=do neither 1=pre-populate url 2=pre-populate url + pre-fetch cert (default)
  * [1] https://github.com/pyllyukko/user.js/issues/210 ***/
 user_pref("browser.ssl_override_behavior", 1);
 /* 1272: display advanced information on Insecure Connection warning pages
@@ -824,6 +792,9 @@ user_pref("browser.ssl_override_behavior", 1);
  * i.e. it doesn't work for HSTS discrepancies (https://subdomain.preloaded-hsts.badssl.com/)
  * [TEST] https://expired.badssl.com/ ***/
 user_pref("browser.xul.error_pages.expert_bad_cert", true);
+/* 1273: display HTTP sites as insecure (FF59+) ***/
+user_pref("security.insecure_connection_icon.enabled", true); // all windows
+   // user_pref("security.insecure_connection_icon.pbmode.enabled", true); // private windows only
 
 /*** 1400: FONTS ***/
 user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!");
@@ -846,24 +817,24 @@ user_pref("browser.display.use_document_fonts", 0);
    // user_pref("font.name.monospace.x-western", "Lucida Console"); // default Courier New
 /* 1403: enable icon fonts (glyphs) (FF41+)
  * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=789788 ***/
-user_pref("gfx.downloadable_fonts.enabled", true);
+user_pref("gfx.downloadable_fonts.enabled", true); // default: true
 /* 1404: disable rendering of SVG OpenType fonts
  * [1] https://wiki.mozilla.org/SVGOpenTypeFonts - iSECPartnersReport recommends to disable this ***/
 user_pref("gfx.font_rendering.opentype_svg.enabled", false);
-/* 1405: disable WOFF2 (Web Open Font Format) ***/
+/* 1405: disable WOFF2 (Web Open Font Format) (FF35+) ***/
 user_pref("gfx.downloadable_fonts.woff2.enabled", false);
 /* 1406: disable CSS Font Loading API
  * [SETUP] Disabling fonts can uglify the web a fair bit. ***/
 user_pref("layout.css.font-loading-api.enabled", false);
-/* 1407: disable special underline handling for a few fonts which you will probably never use.
- * Any of these fonts on your system can be enumerated for fingerprinting. Requires restart.
+/* 1407: disable special underline handling for a few fonts which you will probably never use [RESTART]
+ * Any of these fonts on your system can be enumerated for fingerprinting.
  * [1] http://kb.mozillazine.org/Font.blacklist.underline_offset ***/
 user_pref("font.blacklist.underline_offset", "");
 /* 1408: disable graphite which FF49 turned back on by default
  * In the past it had security issues. Update: This continues to be the case, see [1]
  * [1] https://www.mozilla.org/security/advisories/mfsa2017-15/#CVE-2017-7778 ***/
 user_pref("gfx.font_rendering.graphite.enabled", false);
-/* 1409: limit system font exposure to a whitelist (FF52+) [SETUP]
+/* 1409: limit system font exposure to a whitelist (FF52+) [SETUP] [RESTART]
  * If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed.
  * [NOTE] Creating your own probably highly-unique whitelist will raise your entropy. If
  * you block sites choosing fonts in 1401, this preference is irrelevant. In future,
@@ -871,16 +842,14 @@ user_pref("gfx.font_rendering.graphite.enabled", false);
  * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1121643 ***/
    // user_pref("font.system.whitelist", ""); // (hidden pref)
 
-/*** 1600: HEADERS / REFERERS [SETUP]
-     Except for DNT (Do Not Track), referers are best controlled by an extension.
-     It is important to realize that it is *cross domain* referers that need
-     controlling, and this is best handled by EITHER 1603 or 1604, not both.
+/*** 1600: HEADERS / REFERERS
+     Only *cross domain* referers need controlling and XOriginPolicy (1603) is perfect for that. Thus we enforce
+     the default values for 1601, 1602, 1605 and 1606 to minimize breakage, and only tweak 1603 and 1604.
 
-     Option 1: Recommended: Use an extension to block all referers, and then whitelist
-               sites on a granular, per domain level.
-     Option 2: As per the original settings below: Set XOriginPolicy (1603) to 1 (less breakage)
-               or 2 (more breakage) and leave XOriginTrimmingPolicy (1604) at default 0
-     Option 3: Set XOriginPolicy (1603) to default 0 and set XOriginTrimmingPolicy (1604) to 2
+     Our default settings provide the best balance between protection and amount of breakage.
+     To harden it a bit more you can set XOriginPolicy (1603) to 2 (+ optionally 1604 to 1 or 2).
+     To fix broken sites, temporarily set XOriginPolicy=0 and XOriginTrimmingPolicy=2 in about:config,
+     use the site and then change the values back. If you visit those sites regularly, use an extension.
 
                     full URI: https://example.com:8888/foo/bar.html?id=1234
        scheme+host+path+port: https://example.com:8888/foo/bar.html
@@ -890,31 +859,29 @@ user_pref("gfx.font_rendering.graphite.enabled", false);
  ***/
 user_pref("_user.js.parrot", "1600 syntax error: the parrot rests in peace!");
 /* 1601: ALL: control when images/links send a referer
- * 0=never, 1=send only when links are clicked, 2=for links and images (default)
- * [NOTE] Recommended left at default. Focus on XSS and granular cross origin referer control ***/
+ * 0=never, 1=send only when links are clicked, 2=for links and images (default) ***/
 user_pref("network.http.sendRefererHeader", 2);
 /* 1602: ALL: control the amount of information to send
- * 0=send full URI (default), 1=scheme+host+path+port, 2=scheme+host+port
- * [NOTE] Cross origin requests can be fine tuned in 1603 + 1604. Limiting same origin requests
- * is rather pointless. Recommended left at default for zero same origin breakage ***/
+ * 0=send full URI (default), 1=scheme+host+path+port, 2=scheme+host+port ***/
 user_pref("network.http.referer.trimmingPolicy", 0);
 /* 1603: CROSS ORIGIN: control when to send a referer [SETUP]
- * 0=always (default), 1=only if base domains match, 2=only if hosts match
- * [NOTE] 1=less breakage, possible leakage 2=less leakage, more breakage ***/
+ * 0=always (default), 1=only if base domains match, 2=only if hosts match ***/
 user_pref("network.http.referer.XOriginPolicy", 1);
 /* 1604: CROSS ORIGIN: control the amount of information to send (FF52+)
- * 0=send full URI (default) 1=scheme+host+path+port 2=scheme+host+port ***/
+ * 0=send full URI (default), 1=scheme+host+path+port, 2=scheme+host+port ***/
 user_pref("network.http.referer.XOriginTrimmingPolicy", 0);
 /* 1605: ALL: disable spoofing a referer
- * Spoofing increases your exposure to cross-site request forgeries ***/
+ * [WARNING] Spoofing effectively disables the anti-CSRF (Cross-Site Request Forgery) protections that some sites may rely on ***/
 user_pref("network.http.referer.spoofSource", false);
-/* 1606: ALL: set the default Referrer Policy (FF53+)
- * 0=no-referer 1=same-origin 2=strict-origin-when-cross-origin
- * 3=no-referrer-when-downgrade (default)
+/* 1606: ALL: set the default Referrer Policy
+ * 0=no-referer, 1=same-origin, 2=strict-origin-when-cross-origin, 3=no-referrer-when-downgrade
  * [NOTE] This is only a default, it can be overridden by a site-controlled Referrer Policy
  * [1] https://www.w3.org/TR/referrer-policy/
- * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1304623 ***/
-user_pref("network.http.referer.userControlPolicy", 3);
+ * [2] https://developer.mozilla.org/docs/Web/HTTP/Headers/Referrer-Policy
+ * [3] https://blog.mozilla.org/security/2018/01/31/preventing-data-leaks-by-stripping-path-information-in-http-referrers/ ***/
+user_pref("network.http.referer.userControlPolicy", 3); // (FF53-FF58) default: 3
+user_pref("network.http.referer.defaultPolicy", 3); // (FF59+) default: 3
+user_pref("network.http.referer.defaultPolicy.pbmode", 2); // (FF59+) default: 2
 /* 1607: TOR: hide (not spoof) referrer when leaving a .onion domain (FF54+)
  * [NOTE] Firefox cannot access .onion sites by default. We recommend you use
  * TBB (Tor Browser Bundle) which is specifically designed for the dark web
@@ -984,10 +951,10 @@ user_pref("media.gmp-manager.updateEnabled", false); // disable local fallback (
 user_pref("media.gmp-widevinecdm.visible", false);
 user_pref("media.gmp-widevinecdm.enabled", false);
 user_pref("media.gmp-widevinecdm.autoupdate", false);
-/* 1830: disable all DRM content (EME: Encryption Media Extension) [SETUP] ***/
+/* 1830: disable all DRM content (EME: Encryption Media Extension) [SETUP]
+ * [1] https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next ***/
 user_pref("media.eme.enabled", false); // Options>Content>Play DRM Content
-user_pref("browser.eme.ui.enabled", false); // hides "Play DRM Content" checkbox, restart required
-user_pref("media.eme.chromium-api.enabled", false); // (FF55+)
+user_pref("browser.eme.ui.enabled", false); // hides "Play DRM Content" checkbox [RESTART]
 /* 1840: disable the OpenH264 Video Codec by Cisco to "Never Activate"
  * This is the bundled codec used for video chat in WebRTC ***/
 user_pref("media.gmp-gmpopenh264.enabled", false); // (hidden pref)
@@ -1033,6 +1000,12 @@ user_pref("media.getusermedia.browser.enabled", false);
 user_pref("media.getusermedia.audiocapture.enabled", false);
 /* 2023: disable camera stuff ***/
 user_pref("camera.control.face_detection.enabled", false);
+/* 2024: set a default permission for Camera/Microphone (FF58+)
+ * 0=always ask (default), 1=allow, 2=block
+ * [SETTING] to add site exceptions: Page Info>Permissions>Use the Camera/Microphone
+ * [SETTING] to manage site exceptions: Options>Privacy>Permissions>Camera/Microphone>Settings ***/
+   // user_pref("permissions.default.camera", 2);
+   // user_pref("permissions.default.microphone", 2);
 /* 2026: disable canvas capture stream
  * [1] https://developer.mozilla.org/docs/Web/API/HTMLCanvasElement/captureStream ***/
 user_pref("canvas.capturestream.enabled", false);
@@ -1086,12 +1059,12 @@ user_pref("dom.disable_beforeunload", true);
 /*** 2300: WEB WORKERS [SETUP]
      A worker is a JS "background task" running in a global context, i.e. it is different from
      the current window. Workers can spawn new workers (must be the same origin & scheme),
-     including service and shared workers. Shared workers can be utilized by multiple scripts
-     and communicate between browsing contexts (windows/tabs/iframes) and can even control your
-     cache. Push and web notifications require service workers, which in turn require workers.
+     including service and shared workers. Shared workers can be utilized by multiple scripts and
+     communicate between browsing contexts (windows/tabs/iframes) and can even control your cache.
 
      [WARNING] Disabling workers *will* break sites (e.g. Google Street View, Twitter).
-     It is recommended that you use a separate profile for these sorts of sites.
+     [UPDATE] uMatrix 1.2.0+ allows a per-scope control for workers (2301) and service workers (2302)
+              #Required reading [#] https://github.com/gorhill/uMatrix/releases/tag/1.2.0
 
      [1]    Web Workers: https://developer.mozilla.org/docs/Web/API/Web_Workers_API
      [2]         Worker: https://developer.mozilla.org/docs/Web/API/Worker
@@ -1111,14 +1084,15 @@ user_pref("dom.workers.enabled", false);
  * [NOTE] Service worker APIs are hidden (in Firefox) and cannot be used when in PB mode.
  * [NOTE] Service workers only run over HTTPS. Service Workers have no DOM access. ***/
 user_pref("dom.serviceWorkers.enabled", false);
-/* 2303: disable service workers' cache and cache storage ***/
-user_pref("dom.caches.enabled", false);
 /* 2304: disable web notifications
- * [NOTE] You can still override individual domains under site permissions (FF44+)
  * [1] https://developer.mozilla.org/docs/Web/API/Notifications_API ***/
-user_pref("dom.webnotifications.enabled", false);
-user_pref("dom.webnotifications.serviceworker.enabled", false);
-/* 2305: disable push notifications (FF44+)
+user_pref("dom.webnotifications.enabled", false); // (FF22+)
+user_pref("dom.webnotifications.serviceworker.enabled", false); // (FF44+)
+/* 2305: set a default permission for Notifications (see 2304) (FF58+)
+ * [SETTING] to add site exceptions: Page Info>Permissions>Receive Notifications
+ * [SETTING] to manage site exceptions: Options>Privacy>Permissions>Notifications>Settings ***/
+   // user_pref("permissions.default.desktop-notification", 2); // 0=always ask (default), 1=allow, 2=block
+/* 2306: disable push notifications (FF44+)
  * web apps can receive messages pushed to them from a server, whether or
  * not the web app is in the foreground, or even currently loaded
  * [1] https://developer.mozilla.org/docs/Web/API/Push_API ***/
@@ -1139,11 +1113,6 @@ user_pref("dom.event.clipboardevents.enabled", false);
  * this disables document.execCommand("cut"/"copy") to protect your clipboard
  * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1170911 ***/
 user_pref("dom.allow_cut_copy", false); // (hidden pref)
-/* 2404: disable JS storing data permanently [SETUP]
- * [WARNING] This BREAKS uBlock Origin [1.14.0+] and uMatrix extensions
- * [1] https://github.com/gorhill/uBlock/releases/tag/1.14.0 
- * [WARNING] This *will* break other extensions including legacy, and *will* break some sites ***/
-   // user_pref("dom.indexedDB.enabled", false);
 /* 2414: disable shaking the screen ***/
 user_pref("dom.vibrator.enabled", false);
 /* 2415: set max popups from a single non-click event - default is 20! ***/
@@ -1157,12 +1126,15 @@ user_pref("dom.idle-observers-api.enabled", false);
 /* 2418: disable full-screen API
  * false=block, true=ask ***/
 user_pref("full-screen-api.enabled", false);
-/* 2420: disable support for asm.js ( http://asmjs.org/ )
- * [1] https://www.mozilla.org/security/advisories/mfsa2015-29/
- * [2] https://www.mozilla.org/security/advisories/mfsa2015-50/
- * [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2712 ***/
+/* 2420: disable asm.js (FF22+)
+ * [1] http://asmjs.org/
+ * [2] https://www.mozilla.org/security/advisories/mfsa2015-29/
+ * [3] https://www.mozilla.org/security/advisories/mfsa2015-50/
+ * [4] https://www.mozilla.org/security/advisories/mfsa2017-01/#CVE-2017-5375
+ * [5] https://www.mozilla.org/security/advisories/mfsa2017-05/#CVE-2017-5400
+ * [6] https://rh0dev.github.io/blog/2017/the-return-of-the-jit/ ***/
 user_pref("javascript.options.asmjs", false);
-/* 2421: disable Ion and baseline JIT to help harden JS against exploits such as CVE-2015-0817
+/* 2421: disable Ion and baseline JIT to help harden JS against exploits
  * [WARNING] Causes the odd site issue and there is also a performance loss
  * [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817 ***/
    // user_pref("javascript.options.ion", false);
@@ -1178,18 +1150,10 @@ user_pref("javascript.options.wasm", false);
  * [2] https://w3c.github.io/IntersectionObserver/
  * [3] https://bugzilla.mozilla.org/show_bug.cgi?id=1243846 ***/
 user_pref("dom.IntersectionObserver.enabled", false);
-/* 2450a: enforce websites to ask to store data for offline use
- * [1] https://support.mozilla.org/questions/1098540
- * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=959985 ***/
-user_pref("offline-apps.allow_by_default", false);
-/* 2450b: display a notification when websites ask to store data for offline use
- * [SETTING-56+] Options>Privacy & Security>Offline Web Content and User Data>Tell you when a website asks...
- * [SETTING-ESR] Options>Advanced>Network>Tell me when a website asks to store data for offline use ***/
-user_pref("browser.offline-apps.notify", true);
-/* 2450c: set size of warning quota for offline cache (default 51200)
- * Offline cache is only used in rare cases to store data locally. FF will store small amounts
- * (default <50MB) of data in the offline (application) cache without asking for permission. ***/
-   // user_pref("offline-apps.quota.warn", 51200);
+/* 2427: disable Shared Memory (Spectre mitigation)
+ * [1] https://github.com/tc39/ecmascript_sharedmem/blob/master/TUTORIAL.md
+ * [2] https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/ ***/
+user_pref("javascript.options.shared_memory", false);
 
 /*** 2500: HARDWARE FINGERPRINTING ***/
 user_pref("_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is mortal coil!");
@@ -1202,23 +1166,13 @@ user_pref("_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is m
  * [1] https://wiki.mozilla.org/Media/getUserMedia
  * [2] https://developer.mozilla.org/docs/Web/API/MediaDevices/enumerateDevices ***/
 user_pref("media.navigator.enabled", false);
-/* 2506: disable video statistics - JS performance fingerprinting (FF25+)
- * [1] https://trac.torproject.org/projects/tor/ticket/15757
- * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=654550 ***/
-user_pref("media.video_stats.enabled", false);
 /* 2508: disable hardware acceleration to reduce graphics fingerprinting
  * [SETTING] Options>General>Performance>Custom>Use hardware acceleration when available
- * [WARNING] [SETUP] Affects text rendering (fonts will look different) and impacts video performance
+ * [WARNING] [SETUP] Affects text rendering (fonts will look different), impacts video performance,
+ * and parts of Quantum that utilize the GPU will also be affected as they are rolled out
  * [1] https://wiki.mozilla.org/Platform/GFX/HardwareAcceleration ***/
    // user_pref("gfx.direct2d.disabled", true); // [WINDOWS]
 user_pref("layers.acceleration.disabled", true);
-/* 2509: disable touch events
- * fingerprinting attack vector - leaks screen res & actual screen coordinates
- * 0=disabled, 1=enabled, 2=autodetect
- * [WARNING] [SETUP] Optional protection depending on your device
- * [1] https://developer.mozilla.org/docs/Web/API/Touch_events
- * [2] https://trac.torproject.org/projects/tor/ticket/10286 ***/
-   // user_pref("dom.w3c_touch_events.enabled", 0);
 /* 2510: disable Web Audio API (FF51+)
  * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1288359 ***/
 user_pref("dom.webaudio.enabled", false);
@@ -1226,16 +1180,6 @@ user_pref("dom.webaudio.enabled", false);
  * [1] https://developer.mozilla.org/docs/Web/Events/devicechange
  * [2] https://developer.mozilla.org/docs/Web/API/MediaDevices/ondevicechange ***/
 user_pref("media.ondevicechange.enabled", false);
-/* 2513: disable Presentation API
- * [WARNING] [SETUP] Optional protection depending on your connected devices
- * [1] https://wiki.mozilla.org/WebAPI/PresentationAPI
- * [2] https://www.w3.org/TR/presentation-api/ ***/
-   // user_pref("dom.presentation.enabled", false);
-   // user_pref("dom.presentation.controller.enabled", false);
-   // user_pref("dom.presentation.discoverable", false);
-   // user_pref("dom.presentation.discovery.enabled", false);
-   // user_pref("dom.presentation.receiver.enabled", false);
-   // user_pref("dom.presentation.session_transport.data_channel.enable", false);
 
 /*** 2600: MISC - LEAKS / FINGERPRINTING / PRIVACY / SECURITY ***/
 user_pref("_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!");
@@ -1264,16 +1208,14 @@ user_pref("network.jar.open-unsafe-types", false);
  * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=232227
  * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1330876 ***/
 user_pref("ui.use_standins_for_native_colors", true); // (hidden pref)
+/* 2610: remove special permissions for certain mozilla domains (FF35+)
+ * [1] resource://app/defaults/permissions ***/
+user_pref("permissions.manager.defaultsUrl", "");
 /* 2611: disable WebIDE to prevent remote debugging and extension downloads
  * [1] https://trac.torproject.org/projects/tor/ticket/16222 ***/
 user_pref("devtools.webide.autoinstallADBHelper", false);
-user_pref("devtools.webide.autoinstallFxdtAdapters", false);
 user_pref("devtools.debugger.remote-enabled", false);
 user_pref("devtools.webide.enabled", false);
-/* 2612: disable SimpleServiceDiscovery - which can bypass proxy settings - e.g. Roku
- * [1] https://trac.torproject.org/projects/tor/ticket/16222 ***/
-user_pref("browser.casting.enabled", false);
-user_pref("gfx.layerscope.enabled", false);
 /* 2614: disable HTTP2 (which was based on SPDY which is now deprecated)
  * HTTP2 raises concerns with "multiplexing" and "server push", does nothing to enhance
  * privacy, and in fact opens up a number of server-side fingerprinting opportunities
@@ -1335,19 +1277,31 @@ user_pref("security.fileuri.strict_origin_policy", true);
 /* 2624: enable Subresource Integrity (SRI) (FF43+)
  * [1] https://developer.mozilla.org/docs/Web/Security/Subresource_Integrity
  * [2] https://wiki.mozilla.org/Security/Subresource_Integrity ***/
-user_pref("security.sri.enable", true);
+user_pref("security.sri.enable", true); // default: true
 /* 2625: disable DNS requests for hostnames with a .onion TLD (FF45+)
  * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1228457 ***/
 user_pref("network.dns.blockDotOnion", true);
-/* 2626: disable optional user agent token, default is false, included for completeness
+/* 2626: disable optional user agent token
  * [1] https://developer.mozilla.org/docs/Web/HTTP/Headers/User-Agent/Firefox ***/
-user_pref("general.useragent.compatMode.firefox", false);
+user_pref("general.useragent.compatMode.firefox", false); // default: false
 /* 2628: disable UITour backend so there is no chance that a remote page can use it ***/
 user_pref("browser.uitour.enabled", false);
 user_pref("browser.uitour.url", "");
 /* 2629: disable remote JAR files being opened, regardless of content type (FF42+)
  * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1173171 ***/
 user_pref("network.jar.block-remote-files", true);
+/* 2630: prevent accessibility services from accessing your browser [RESTART]
+ * [SETTING] Options>Privacy & Security>Permissions>Prevent accessibility services from accessing your browser
+ * [1] https://support.mozilla.org/kb/accessibility-services ***/
+user_pref("accessibility.force_disabled", 1);
+/* 2631: block web content in file processes (FF55+)
+ * [WARNING] [SETUP] You may want to disable this for corporate or developer environments
+ * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1343184 ***/
+user_pref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false);
+/* 2632: disable websites overriding Firefox's keyboard shortcuts (FF58+)
+ * [SETTING] to add site exceptions: Page Info>Permissions>Override Keyboard Shortcuts
+ * [NOTE] At the time of writing, causes issues with delete and backspace keys ***/
+   // user_pref("permissions.default.shortcuts", 2); //  0 (default) or 1=allow, 2=block
 /* 2662: disable "open with" in download dialog (FF50+)
  * This is very useful to enable when the browser is sandboxed (e.g. via AppArmor)
  * in such a way that it is forbidden to run external applications.
@@ -1400,9 +1354,9 @@ user_pref("security.block_script_with_wrong_mime", true);
  * [4] CVE-2017-5383: https://www.mozilla.org/security/advisories/mfsa2017-02/
  * [5] https://www.xudongz.com/blog/2017/idn-phishing/ ***/
 user_pref("network.IDN_show_punycode", true);
-/* 2673: enable CSP (Content Security Policy) (default is true)
+/* 2673: enable CSP (Content Security Policy)
  * [1] https://developer.mozilla.org/docs/Web/HTTP/CSP ***/
-user_pref("security.csp.enable", true);
+user_pref("security.csp.enable", true); // default: true
 /* 2674: enable CSP 1.1 experimental hash-source directive (FF29+)
  * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=855326
  * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=883975 ***/
@@ -1413,7 +1367,14 @@ user_pref("security.csp.experimentalEnabled", true);
  * [3] https://www.fxsitecompat.com/en-CA/docs/2017/data-url-navigations-on-top-level-window-will-be-blocked/ ***/
 user_pref("security.data_uri.block_toplevel_data_uri_navigations", true);
 
-/*** 2700: COOKIES & DOM STORAGE ***/
+/*** 2700: PERSISTENT STORAGE
+     Data SET by websites including
+            cookies : profile\cookies.sqlite
+       localStorage : profile\webappsstore.sqlite
+          indexedDB : profile\storage\default
+           appCache : profile\OfflineCache
+     serviceWorkers :
+***/
 user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!");
 /* 2701: disable cookies on all sites [SETUP]
  * You can set exceptions under site permissions or use an extension
@@ -1423,10 +1384,14 @@ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin
  * [NOTE] This also controls access to 3rd party Web Storage, IndexedDB, Cache API and Service Worker Cache
  * [1] https://www.fxsitecompat.com/en-CA/docs/2015/web-storage-indexeddb-cache-api-now-obey-third-party-cookies-preference/ ***/
 user_pref("network.cookie.cookieBehavior", 2);
-/* 2702: set third-party cookies (if enabled, see above pref) to session-only
+/* 2702: set third-party cookies (i.e ALL) (if enabled, see above pref) to session-only
+   and (FF58+) set third-party non-secure (i.e HTTP) cookies to session-only
+   [NOTE] .sessionOnly overrides .nonsecureSessionOnly except when .sessionOnly=false and
+   .nonsecureSessionOnly=true. This allows you to keep HTTPS cookies, but session-only HTTP ones
  * [1] https://feeding.cloud.geek.nz/posts/tweaking-cookies-for-privacy-in-firefox/
  * [2] http://kb.mozillazine.org/Network.cookie.thirdparty.sessionOnly ***/
 user_pref("network.cookie.thirdparty.sessionOnly", true);
+user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true); // (FF58+)
 /* 2703: set cookie lifetime policy
  * 0=until they expire (default), 2=until you close Firefox, 3=for n days (see next pref)
  * [SETTING-56+] Options>Privacy & Security>History>Custom Settings>Accept cookies from sites>Keep until
@@ -1434,28 +1399,52 @@ user_pref("network.cookie.thirdparty.sessionOnly", true);
    // user_pref("network.cookie.lifetimePolicy", 0);
 /* 2704: set cookie lifetime in days (see above pref) - default is 90 days ***/
    // user_pref("network.cookie.lifetime.days", 90);
-/* 2705: disable DOM (Document Object Model) Storage
+/* 2705: disable HTTP sites setting cookies with the "secure" directive (FF52+)
+ * [1] https://developer.mozilla.org/Firefox/Releases/52#HTTP ***/
+user_pref("network.cookie.leave-secure-alone", true); // default: true
+/* 2710: disable DOM (Document Object Model) Storage
  * [WARNING] This will break a LOT of sites' functionality.
  * You are better off using an extension for more granular control ***/
    // user_pref("dom.storage.enabled", false);
-/* 2706: disable Storage API
- * The API gives sites the ability to find out how much space they can use, how much
- * they are already using, and even control whether or not they need to be alerted
- * before the user agent disposes of site data in order to make room for other things.
- * [1] https://developer.mozilla.org/docs/Web/API/StorageManager
- * [2] https://developer.mozilla.org/docs/Web/API/Storage_API
- * [3] https://blog.mozilla.org/l10n/2017/03/07/firefox-l10n-report-aurora-54/ ***/
-user_pref("dom.storageManager.enabled", false); // (FF51+)
-user_pref("browser.storageManager.enabled", false); // (FF53+)
-/* 2707: clear localStorage and UUID when an extension is uninstalled
+/* 2711: clear localStorage and UUID when an extension is uninstalled
  * [NOTE] Both preferences must be the same
  * [1] https://developer.mozilla.org/Add-ons/WebExtensions/API/storage/local
  * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1213990 ***/
 user_pref("extensions.webextensions.keepStorageOnUninstall", false);
 user_pref("extensions.webextensions.keepUuidOnUninstall", false);
-/* 2708: disable HTTP sites setting cookies with the "secure" directive (default: true) (FF52+)
- * [1] https://developer.mozilla.org/Firefox/Releases/52#HTTP ***/
-user_pref("network.cookie.leave-secure-alone", true);
+/* 2720: disable JS storing data permanently [SETUP]
+ * [WARNING] This BREAKS uBlock Origin [1.14.0+] and other extensions that require IndexedDB
+ * [1] https://github.com/gorhill/uBlock/releases/tag/1.14.0
+ * [WARNING] This *will* break other extensions including legacy, and *will* break some sites ***/
+   // user_pref("dom.indexedDB.enabled", false);
+/* 2730: disable offline cache ***/
+user_pref("browser.cache.offline.enable", false);
+/* 2731: enforce websites to ask to store data for offline use
+ * [1] https://support.mozilla.org/questions/1098540
+ * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=959985 ***/
+user_pref("offline-apps.allow_by_default", false);
+/* 2732: display a notification when websites ask to store data for offline use
+ * [SETTING-56+] Options>Privacy & Security>Offline Web Content and User Data>Tell you when a website asks...
+ * [SETTING-ESR] Options>Advanced>Network>Tell me when a website asks to store data for offline use ***/
+user_pref("browser.offline-apps.notify", true);
+/* 2733: set size of warning quota for offline cache (default 51200)
+ * Offline cache is only used in rare cases to store data locally. FF will store small amounts
+ * (default <50MB) of data in the offline (application) cache without asking for permission. ***/
+   // user_pref("offline-apps.quota.warn", 51200);
+/* 2740: disable service workers cache and cache storage
+ * [1] https://w3c.github.io/ServiceWorker/#privacy ***/
+user_pref("dom.caches.enabled", false);
+/* 2750: disable Storage API
+ * The API gives sites the ability to find out how much space they can use, how much
+ * they are already using, and even control whether or not they need to be alerted
+ * before the user agent disposes of site data in order to make room for other things.
+ * [NOTE] This also controls the visibility of the "Options>Privacy & Security>Site Data"
+ * section, which also requires Offline Cache (2730) enabled to function
+ * [1] https://developer.mozilla.org/docs/Web/API/StorageManager
+ * [2] https://developer.mozilla.org/docs/Web/API/Storage_API
+ * [3] https://blog.mozilla.org/l10n/2017/03/07/firefox-l10n-report-aurora-54/ ***/
+user_pref("dom.storageManager.enabled", false); // (FF51+)
+user_pref("browser.storageManager.enabled", false); // (FF53+)
 
 /*** 2800: SHUTDOWN [SETUP]
      You should set the values to what suits you best. Be aware that the settings below clear
@@ -1522,6 +1511,11 @@ user_pref("privacy.sanitize.timeSpan", 0);
  ** 1337893 - isolate DNS cache (FF55+)
  ** 1344170 - isolate blob: URI (FF55+)
  ** 1300671 - isolate data:, about: URLs (FF55+)
+
+ NOTE: FPI has some issues depending on your Firefox release
+ ** 1418931 - [fixed in FF58+] IndexedDB (Offline Website Data) with FPI Origin Attributes
+      are not removed with "Clear All/Recent History" or "On Close"
+ ** 1381197 - [fixed in FF59+] extensions cannot control cookies with FPI Origin Attributes
 ***/
 user_pref("_user.js.parrot", "4000 syntax error: the parrot's pegged out");
 /* 4001: enable First Party Isolation (FF51+)
@@ -1552,27 +1546,38 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true);
  ** 1281949 - spoof screen orientation (FF50+)
  ** 1281963 - hide the contents of navigator.plugins and navigator.mimeTypes (FF50+)
  ** 1330890 - spoof timezone as UTC 0 (FF55+)
+      FF58: Date.toLocaleFormat deprecated (818634)
+      FF60: Date.toLocaleDateString and Intl.DateTimeFormat fixed (1409973)
  ** 1360039 - spoof navigator.hardwareConcurrency as 2 (see 4601) (FF55+)
       This spoof *shouldn't* affect core chrome/Firefox performance
  ** 1217238 - reduce precision of time exposed by javascript (FF55+)
  ** 1369303 - spoof/disable performance API (see 2410-deprecated, 4602, 4603) (FF56+)
- ** 1333651 & 1383495 & 1396468 & 1393283 - spoof Navigator API (see section 4700) (FF56+)
+ ** 1333651 & 1383495 & 1396468 & 1393283 & 1404608 - spoof Navigator API (see section 4700) (FF56+)
       FF56: The version number will be rounded down to the nearest multiple of 10
-      FF57+: The version number will match current ESR
+      FF57: The version number will match current ESR
+      FF59: The OS will be reported as Windows, OSX, Android, or Linux (to reduce breakage)
  ** 1369319 - disable device sensor API (see 4604) (FF56+)
  ** 1369357 - disable site specific zoom (see 4605) (FF56+)
  ** 1337161 - hide gamepads from content (see 4606) (FF56+)
  ** 1372072 - spoof network information API as "unknown" (see 4607) (FF56+)
  ** 1333641 - reduce fingerprinting in WebSpeech API (see 4608) (FF56+)
- ** 1372069 & 1403813 - block geolocation requests (same as if you deny a site permission) (see 4609) (FF56+)
- ** 1369309 - spoof media statistics (see 2506) (FF57+)
- ** 1382499 - reduce screen co-ordinate fingerprinting in Touch API (see 2509) (FF57+)
+ ** 1372069 & 1403813 - block geolocation requests (same as if you deny a site permission) (see 4609, 4612) (FF56+)
+ ** 1369309 - spoof media statistics (see 4610) (FF57+)
+ ** 1382499 - reduce screen co-ordinate fingerprinting in Touch API (see 4611) (FF57+)
  ** 1217290 - enable fingerprinting resistance for WebGL (see 2010-12) (FF57+)
  ** 1382545 - reduce fingerprinting in Animation API (FF57+)
  ** 1354633 - limit MediaError.message to a whitelist (FF57+)
- ** 1382533 - enable fingerprinting resistance for Presentation API (see 2513) (FF57+)
+ ** 1382533 - enable fingerprinting resistance for Presentation API (FF57+)
       This blocks exposure of local IP Addresses via mDNS (Multicast DNS)
  **  967895 - enable site permission prompt before allowing canvas data extraction (FF58+)
+      FF59: Added to the site permissions panel (1413780)
+      FF60: Only prompt for canvas data extraction when triggered by user input (1376865)
+ ** 1372073 - spoof/block fingerprinting in MediaDevices API (FF59+)
+ ** 1039069 - warn when language prefs are set to non en-US (see 0207, 0208) (FF59+)
+ ** 1222285 - spoof keyboard events and suppress keyboard modifier events (FF59+)
+      Spoofing mimics the content language of the document. Currently it only supports en-US.
+      Modifier events suppressed are SHIFT, CTRL and both ALT keys. Chrome is not affected.
+      FF60: Fixes keydown/keyup events (1438795)
 ***/
 user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs");
 /* 4501: enable privacy.resistFingerprinting (FF41+)
@@ -1634,7 +1639,7 @@ user_pref("browser.zoom.siteSpecific", false);
    // [2] https://wicg.github.io/netinfo/
    // [3] https://bugzilla.mozilla.org/show_bug.cgi?id=960426
 user_pref("dom.netinfo.enabled", false);
-// 4608: [2012] disable the SpeechSynthesis (Text-to-Speech) part of the Web Speech API
+// 4608: [2021] disable the SpeechSynthesis (Text-to-Speech) part of the Web Speech API
    // [1] https://developer.mozilla.org/docs/Web/API/Web_Speech_API
    // [2] https://developer.mozilla.org/docs/Web/API/SpeechSynthesis
    // [3] https://wiki.mozilla.org/HTML5_Speech_API
@@ -1643,6 +1648,25 @@ user_pref("media.webspeech.synth.enabled", false);
    // [1] https://www.mozilla.org/firefox/geolocation/
 user_pref("geo.enabled", false);
 // * * * /
+// FF57+
+// 4610: [2506] disable video statistics - JS performance fingerprinting (FF25+)
+   // [1] https://trac.torproject.org/projects/tor/ticket/15757
+   // [2] https://bugzilla.mozilla.org/show_bug.cgi?id=654550
+user_pref("media.video_stats.enabled", false);
+// 4611: [2509] disable touch events
+   // fingerprinting attack vector - leaks screen res & actual screen coordinates
+   // 0=disabled, 1=enabled, 2=autodetect
+   // [WARNING] [SETUP] Optional protection depending on your device
+   // [1] https://developer.mozilla.org/docs/Web/API/Touch_events
+   // [2] https://trac.torproject.org/projects/tor/ticket/10286
+   // user_pref("dom.w3c_touch_events.enabled", 0);
+// * * * /
+// FF58+
+// 4612: [new] set a default permission for Location (FF58+)
+   // [SETTING] to add site exceptions: Page Info>Permissions>Access Your Location
+   // [SETTING] to manage site exceptions: Options>Privacy>Permissions>Location>Settings
+   // user_pref("permissions.default.geo", 2); // 0=always ask (default), 1=allow, 2=block
+// * * * /
 // ***/
 
 /*** 4700: RFP (4500) ALTERNATIVES - NAVIGATOR / USER AGENT (UA) SPOOFING
@@ -1656,7 +1680,7 @@ user_pref("geo.enabled", false);
        2. You are not in a controlled set of significant numbers, where the values are enforced
           by default. It works for TBB because for TBB, the spoofed values ARE their default.
      * We do not recommend UA spoofing yourself, leave it to privacy.resistFingerprinting (see 4500)
-       which is already plugging leaks (see 2 above) the prefs below do not address
+       which is already plugging leaks (see 1 above) the prefs below do not address
      * Values below are for example only based on the current TBB at the time of writing
 ***/
 user_pref("_user.js.parrot", "4700 syntax error: the parrot's taken 'is last bow");
@@ -1675,14 +1699,13 @@ user_pref("_user.js.parrot", "4700 syntax error: the parrot's taken 'is last bow
    // user_pref("general.platform.override", "Win32"); // (hidden pref)
 /* 4706: navigator.oscpu leaks in JS ***/
    // user_pref("general.oscpu.override", "Windows NT 6.1"); // (hidden pref)
-/* 4707: general.useragent.locale (related, see 0204) ***/
+/* 4707: general.useragent.locale (related, see 0204 deprecated FF59+) ***/
 
 /*** 5000: PERSONAL SETTINGS [SETUP]
      Settings that are handy to migrate and/or are not in the Options interface. Users
      can put their own non-security/privacy/fingerprinting/tracking stuff here ***/
 user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!");
 /* 5001: disable annoying warnings ***/
-user_pref("general.warnOnAboutConfig", false);
 user_pref("browser.tabs.warnOnClose", false);
 user_pref("browser.tabs.warnOnCloseOtherTabs", false);
 user_pref("browser.tabs.warnOnOpen", false);
@@ -1704,6 +1727,9 @@ user_pref("browser.backspace_action", 2);
  * 1=current window, 2=new window, 3=most recent window
  * [SETTING] Options>General>Tabs>Open new windows in a new tab instead ***/
 user_pref("browser.link.open_newwindow", 3);
+/* 5008: open bookmarks in a new tab (FF57+)
+ * [NOTE] You can also use middle-click, cmd/ctl-click, and use the context menu ***/
+   // user_pref("browser.tabs.loadBookmarksInTabs", true);
 /* 5010: enable ctrl-tab previews ***/
 user_pref("browser.ctrlTab.previews", true);
 /* 5011: don't open "page/selection source" in a tab. The window used instead is cleaner
@@ -1715,14 +1741,15 @@ user_pref("layout.spellcheckDefault", 1);
  * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=620472
  * [2] https://developer.mozilla.org/docs/Online_and_offline_events ***/
 user_pref("network.manage-offline-status", false);
+/* 5014: control download button visibility (FF57+)
+ * true = the button is automatically shown/hidden based on whether the session has downloads or not
+ * false = the button is always visible ***/
+   // user_pref("browser.download.autohideButton", false);
 /* 5015: disable animations (FF55+)
  * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1352069 ***/
    // user_pref("toolkit.cosmeticAnimations.enabled", false);
 /* 5016: disable reload/stop animation (FF56+) ***/
    // user_pref("browser.stopReloadAnimation.enabled", true);
-/* 5017: set submenu delay in milliseconds. 0=instant while a small number allows
- * a mouse pass over menu items without any submenus alarmingly shooting out ***/
-user_pref("ui.submenuDelay", 150); // (hidden pref)
 /* 5018: set maximum number of daily bookmark backups to keep (default is 15) ***/
 user_pref("browser.bookmarks.max_backups", 2);
 /* 5020: control urlbar click behaviour (with defaults) ***/
@@ -1743,28 +1770,9 @@ user_pref("browser.tabs.loadInBackground", true);
  * true: load the new tab in the background, leaving focus on the current tab
  * false: load the new tab in the foreground, taking the focus from the current tab. ***/
 user_pref("browser.tabs.loadDivertedInBackground", false);
-/* 5022: hide recently bookmarked items (you still have the original bookmarks) (FF49+) ***/
-user_pref("browser.bookmarks.showRecentlyBookmarked", false);
 /* 5023: enable "Find As You Type"
  * [1] http://kb.mozillazine.org/Accessibility.typeaheadfind ***/
    // user_pref("accessibility.typeaheadfind", true);
-/* 5024: enable/disable MSE (Media Source Extensions)
- * [1] https://www.ghacks.net/2014/05/10/enable-media-source-extensions-firefox/ ***/
-   // user_pref("media.mediasource.enabled", false);
-   // user_pref("media.mediasource.mp4.enabled", false);
-   // user_pref("media.mediasource.webm.audio.enabled", false);
-   // user_pref("media.mediasource.webm.enabled", false);
-/* 5025: enable/disable various media types ***/
-   // user_pref("media.mp4.enabled", false);
-   // user_pref("media.flac.enabled", false); // (FF51+)
-   // user_pref("media.ogg.enabled", false);
-   // user_pref("media.ogg.flac.enabled", false); // (FF51+)
-   // user_pref("media.opus.enabled", false);
-   // user_pref("media.raw.enabled", false);
-   // user_pref("media.wave.enabled", false);
-   // user_pref("media.webm.enabled", false);
-   // user_pref("media.wmf.enabled", false); // https://www.youtube.com/html5 - for the two H.264 entries
-   // user_pref("media.wmf.vp9.enabled", false);
 /* 5026: disable "Reader View" ***/
    // user_pref("reader.parse-on-load.enabled", false);
 /* 5027: decode URLs on copy from the urlbar (FF53+)
@@ -1797,7 +1805,7 @@ user_pref("network.websocket.enabled", false);
    // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1042135#c101
    // user_pref("privacy.donottrackheader.value", 1);
 // 2023: (37+) disable camera autofocus callback
-   // The API will be superceded by the WebRTC Capture and Stream API
+   // The API will be superseded by the WebRTC Capture and Stream API
    // [1] https://developer.mozilla.org/docs/Archive/B2G_OS/API/CameraControl
    // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1107683
 user_pref("camera.control.autofocus_moving_callback.enabled", false);
@@ -1989,7 +1997,7 @@ user_pref("dom.telephony.enabled", false);
 user_pref("dom.battery.enabled", false);
 // ***/
 
-/* ESR52 still needs all the following prefs
+/* ESR52.x still uses all the following prefs
 // [NOTE] replace the * with a slash in the line above to re-enable them if you're using ESR52.x.x
 // FF53
 // 1265: block rc4 fallback
@@ -2069,6 +2077,33 @@ user_pref("browser.fullscreen.animate", false);
    // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1385201
 user_pref("extensions.formautofill.experimental", false);
 // * * * /
+// FF57
+// 0374: disable "social" integration
+   // [1] https://developer.mozilla.org/docs/Mozilla/Projects/Social_API
+   // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1388902
+   // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1406193 (leftover prefs removed in FF58)
+user_pref("social.whitelist", "");
+user_pref("social.toast-notifications.enabled", false);
+user_pref("social.shareDirectory", "");
+user_pref("social.remote-install.enabled", false);
+user_pref("social.directories", "");
+user_pref("social.share.activationPanelEnabled", false);
+user_pref("social.enabled", false); // (hidden pref)
+// 1830: disable DRM's EME WideVineAdapter
+   // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1395468
+user_pref("media.eme.chromium-api.enabled", false); // (FF55+)
+// 2611: disable WebIDE extension downloads (Valence)
+   // [1] https://trac.torproject.org/projects/tor/ticket/16222
+   // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1393497
+user_pref("devtools.webide.autoinstallFxdtAdapters", false);
+// 2612: disable SimpleServiceDiscovery - which can bypass proxy settings - e.g. Roku
+   // [1] https://trac.torproject.org/projects/tor/ticket/16222
+   // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1393582
+user_pref("browser.casting.enabled", false);
+// 5022: hide recently bookmarked items (you still have the original bookmarks) (FF49+)
+   // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1401238
+user_pref("browser.bookmarks.showRecentlyBookmarked", false);
+// * * * /
 // ***/
 
 /* END: internal custom pref to test for syntax errors ***/