v101 (#1443 )

browser.urlbar.trimURLs
see #1473
2025-09-01 17:38:30 +02:00 · 2022-06-12 13:38:27 +00:00 · 2022-06-12 12:45:13 +00:00 · 2022-06-01 13:51:19 +00:00 · 2022-05-09 19:25:18 +00:00 · 2022-05-09 18:49:38 +00:00
16 changed files with 460 additions and 537 deletions
--- a/.github/ISSUE_TEMPLATE/troubleshooting-help.md
+++ b/.github/ISSUE_TEMPLATE/troubleshooting-help.md
@ -1,29 +1,31 @@
 ---
 name: Troubleshooting help
 about: Ask for help to solve problems with user.js
-title: ''
+title: 'follow instructions or this will be closed as invalid'
 labels: ''
 assignees: ''
 ---
-Before you proceed...
+<!--
  - Issues will be closed as invalid if you do not [troubleshoot](https://github.com/arkenfox/user.js/wiki/1.4-Troubleshooting), including
     - confirming the problem is caused by the `user.js`
     - searching the `[Setup` tags in the `user.js`
  - Search the GitHub repository. The information you need is most likely here already.
  - Note: We do not support forks
-See also:
+Issues will be closed as invalid if you do not troubleshoot first, or if you ignore the required info in the template.
  - Override Recipes [issue 1080](https://github.com/arkenfox/user.js/issues/1080)
  - Extension breakage due to prefs [issue 391](https://github.com/arkenfox/user.js/issues/391)
  - Prefs vs Recommended Extensions: Co-Existance+Enhancement | Conflicts [issue 350](https://github.com/arkenfox/user.js/issues/350)
-If you still need help, help us help you by providing relevant information:
+We do not support forks or no-longer supported releases.
  - browser version
  - Steps to Reproduce (STR)
  - actual result
  - expected result
  - anything else you deem worth mentioning
-Clear all of this when you're ready to type.
+-->
 🟥 https://github.com/arkenfox/user.js/wiki/5.2-Troubleshooting
 - [ ] I have read the troubleshooting guide, done the checks and confirmed this is caused by arkenfox
   - _unchecked issues ~~may~~ will be closed as invalid_
 🟪 REQUIRED INFO
  - Browser version & OS:
  - Steps to Reproduce (STR):
  - Expected result:
  - Actual result:
  - Console errors and warnings:
  - Anything else you deem worth mentioning:
 ---
--- a/README.md
+++ b/README.md
@ -1,5 +1,5 @@
 ### 🟪  user.js
-A `user.js` is a configuration file that can control hundreds of Firefox settings. For a more technical breakdown and explanation, you can read more on the [overview](https://github.com/arkenfox/user.js/wiki/1.1-Overview) wiki page.
+A `user.js` is a configuration file that can control Firefox settings - for a more technical breakdown and explanation, you can read more in the [wiki](https://github.com/arkenfox/user.js/wiki/2.1-User.js)
 ### 🟩  the arkenfox user.js
@ -7,9 +7,9 @@ A `user.js` is a configuration file that can control hundreds of Firefox setting
 The `arkenfox user.js` is a **template** which aims to provide as much privacy and enhanced security as possible, and to reduce tracking and fingerprinting as much as possible - while minimizing any loss of functionality and breakage (but it will happen).
-Everyone, experts included, should at least read the [implementation](https://github.com/arkenfox/user.js/wiki/1.3-Implementation) wiki page, as it contains important information regarding a few `user.js` settings.
+Everyone, experts included, should at least read the [wiki](https://github.com/arkenfox/user.js/wiki), as it contains important information regarding a few `user.js` settings.
-Note that we do *not* recommend connecting over Tor on Firefox. Use the [Tor Browser](https://www.torproject.org/projects/torbrowser.html.en) if your [threat model](https://www.torproject.org/about/torusers.html.en) calls for it, or for accessing hidden services.
+Note that we do *not* recommend connecting over Tor on Firefox. Use the [Tor Browser](https://www.torproject.org/projects/torbrowser.html.en) if your [threat model](https://2019.www.torproject.org/about/torusers.html) calls for it, or for accessing hidden services.
 Also be aware that the `arkenfox user.js` is made specifically for desktop Firefox. Using it as-is in other Gecko-based browsers can be counterproductive, especially in the Tor Browser.
@ -20,6 +20,7 @@ Also be aware that the `arkenfox user.js` is made specifically for desktop Firef
 - [wiki](https://github.com/arkenfox/user.js/wiki)
 - [stickies](https://github.com/arkenfox/user.js/issues?q=is%3Aissue+is%3Aopen+label%3A%22sticky+topic%22)
 - [diffs](https://github.com/arkenfox/user.js/issues?q=is%3Aissue+label%3Adiffs)
 - [common questions and answers](https://github.com/arkenfox/user.js/issues?q=is%3Aissue+label%3Aanswered)
 ### 🟥  acknowledgments
 Literally thousands of sources, references and suggestions. Many thanks, and much appreciated.
--- a/prefsCleaner.sh
+++ b/prefsCleaner.sh
--- a/scratchpad-scripts/arkenfox-clear-removed.js
+++ b/scratchpad-scripts/arkenfox-clear-removed.js
@ -1,10 +1,29 @@
 /***
-  This will reset the preferences that have been removed completely from the arkenfox user.js.
+  This will reset the preferences that have been
  - removed from the arkenfox user.js
  - deprecated by Mozilla but listed in the arkenfox user.js in the past
-  Last updated: 29-August-2021
+  Last updated: 12-June-2022
  Instructions:
  - [optional] close Firefox and backup your profile
  - [optional] disable your network connection [1]
  - start Firefox
  - load about:config and press Ctrl+Shift+K to open the Web Console for about:config
    - using about:config is important, so the script has the right permissions
  - paste this script
  - if you edited the list of prefs in the script, make sure the last pref does not have a trailing comma
  - hit enter
  - check the Info output to see which prefs were reset
  - restart
     - some prefs require a restart
     - a restart will reapply your user.js
  - [optional] re-enable your network connection
  [1] Blocking Firefox from the internet ensures it cannot act on your reset preferences in the
  period before you restart it, such as app and extension auto-updating, or downloading unwanted
  components (GMP etc). It depends on what you're resetting and how long before you restart.
  For instructions see:
  https://github.com/arkenfox/user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts]
 ***/
 (() => {
@ -12,7 +31,219 @@
  if ('undefined' === typeof(Services)) return alert('about:config needs to be the active tab!');
  const aPREFS = [
-    /* removed in arkenfox user.js */
+    /* DEPRECATED */
    /* 92-102 */
    'browser.urlbar.suggest.quicksuggest', // 95
    'dom.securecontext.whitelist_onions', // 97
    'network.http.spdy.enabled', // 100
    'network.http.spdy.enabled.deps',
    'network.http.spdy.enabled.http2',
    'network.http.spdy.websockets',
    'layout.css.font-visibility.level', // 94
    'security.csp.enable', // 99
    'security.ssl3.rsa_des_ede3_sha', // 93
    /* 79-91 */
    'browser.cache.offline.storage.enable',
    'browser.download.hide_plugins_without_extensions',
    'browser.library.activity-stream.enabled',
    'browser.search.geoSpecificDefaults',
    'browser.search.geoSpecificDefaults.url',
    'dom.ipc.plugins.flash.subprocess.crashreporter.enabled',
    'dom.ipc.plugins.reportCrashURL',
    'dom.w3c_pointer_events.enabled',
    'intl.charset.fallback.override',
    'network.ftp.enabled',
    'plugin.state.flash',
    'security.mixed_content.block_object_subrequest',
    'security.ssl.errorReporting.automatic',
    'security.ssl.errorReporting.enabled',
    'security.ssl.errorReporting.url',
    /* 69-78 */
    'browser.newtabpage.activity-stream.telemetry.ping.endpoint',
    'browser.tabs.remote.allowLinkedWebInFileUriProcess',
    'browser.urlbar.oneOffSearches',
    'devtools.webide.autoinstallADBExtension',
    'devtools.webide.enabled',
    'dom.indexedDB.enabled',
    'extensions.blocklist.url',
    'geo.wifi.logging.enabled',
    'geo.wifi.uri',
    'gfx.downloadable_fonts.woff2.enabled',
    'media.autoplay.allow-muted',
    'media.autoplay.enabled.user-gestures-needed',
    'offline-apps.allow_by_default',
    'plugins.click_to_play',
    'privacy.userContext.longPressBehavior',
    'toolkit.cosmeticAnimations.enabled',
    'toolkit.telemetry.hybridContent.enabled',
    'webgl.disable-extensions',
    /* 61-68 */
    'app.update.enabled',
    'browser.aboutHomeSnippets.updateUrl',
    'browser.chrome.errorReporter.enabled',
    'browser.chrome.errorReporter.submitUrl',
    'browser.chrome.favicons',
    'browser.ctrlTab.previews',
    'browser.fixup.hide_user_pass',
    'browser.newtabpage.activity-stream.asrouter.userprefs.cfr',
    'browser.newtabpage.activity-stream.disableSnippets',
    'browser.onboarding.enabled',
    'browser.search.countryCode',
    'browser.urlbar.autocomplete.enabled',
    'devtools.webide.adbAddonURL',
    'devtools.webide.autoinstallADBHelper',
    'dom.event.highrestimestamp.enabled',
    'experiments.activeExperiment',
    'experiments.enabled',
    'experiments.manifest.uri',
    'experiments.supported',
    'lightweightThemes.update.enabled',
    'media.autoplay.enabled',
    'network.allow-experiments',
    'network.cookie.lifetime.days',
    'network.jar.block-remote-files',
    'network.jar.open-unsafe-types',
    'plugin.state.java',
    'security.csp.enable_violation_events',
    'security.csp.experimentalEnabled',
    'shield.savant.enabled',
    /* 60 or earlier */
    'browser.bookmarks.showRecentlyBookmarked',
    'browser.casting.enabled',
    'browser.crashReports.unsubmittedCheck.autoSubmit',
    'browser.formautofill.enabled',
    'browser.formfill.saveHttpsForms',
    'browser.fullscreen.animate',
    'browser.history.allowPopState',
    'browser.history.allowPushState',
    'browser.history.allowReplaceState',
    'browser.newtabpage.activity-stream.enabled',
    'browser.newtabpage.directory.ping',
    'browser.newtabpage.directory.source',
    'browser.newtabpage.enhanced',
    'browser.newtabpage.introShown',
    'browser.pocket.api',
    'browser.pocket.enabled',
    'browser.pocket.oAuthConsumerKey',
    'browser.pocket.site',
    'browser.polaris.enabled',
    'browser.safebrowsing.appRepURL',
    'browser.safebrowsing.enabled',
    'browser.safebrowsing.gethashURL',
    'browser.safebrowsing.malware.reportURL',
    'browser.safebrowsing.provider.google.appRepURL',
    'browser.safebrowsing.reportErrorURL',
    'browser.safebrowsing.reportGenericURL',
    'browser.safebrowsing.reportMalwareErrorURL',
    'browser.safebrowsing.reportMalwareMistakeURL',
    'browser.safebrowsing.reportMalwareURL',
    'browser.safebrowsing.reportPhishMistakeURL',
    'browser.safebrowsing.reportURL',
    'browser.safebrowsing.updateURL',
    'browser.search.showOneOffButtons',
    'browser.selfsupport.enabled',
    'browser.selfsupport.url',
    'browser.sessionstore.privacy_level_deferred',
    'browser.tabs.animate',
    'browser.trackingprotection.gethashURL',
    'browser.trackingprotection.updateURL',
    'browser.urlbar.unifiedcomplete',
    'browser.usedOnWindows10.introURL',
    'camera.control.autofocus_moving_callback.enabled',
    'camera.control.face_detection.enabled',
    'datareporting.healthreport.about.reportUrl',
    'datareporting.healthreport.about.reportUrlUnified',
    'datareporting.healthreport.documentServerURI',
    'datareporting.healthreport.service.enabled',
    'datareporting.policy.dataSubmissionEnabled.v2',
    'devtools.webide.autoinstallFxdtAdapters',
    'dom.archivereader.enabled',
    'dom.beforeAfterKeyboardEvent.enabled',
    'dom.disable_image_src_set',
    'dom.disable_window_open_feature.scrollbars',
    'dom.disable_window_status_change',
    'dom.enable_user_timing',
    'dom.flyweb.enabled',
    'dom.idle-observers-api.enabled',
    'dom.keyboardevent.code.enabled',
    'dom.network.enabled',
    'dom.push.udp.wakeupEnabled',
    'dom.telephony.enabled',
    'dom.vr.oculus050.enabled',
    'dom.workers.enabled',
    'dom.workers.sharedWorkers.enabled',
    'extensions.formautofill.experimental',
    'extensions.screenshots.system-disabled',
    'extensions.shield-recipe-client.api_url',
    'extensions.shield-recipe-client.enabled',
    'full-screen-api.approval-required',
    'general.useragent.locale',
    'geo.security.allowinsecure',
    'intl.locale.matchOS',
    'loop.enabled',
    'loop.facebook.appId',
    'loop.facebook.enabled',
    'loop.facebook.fallbackUrl',
    'loop.facebook.shareUrl',
    'loop.feedback.formURL',
    'loop.feedback.manualFormURL',
    'loop.logDomains',
    'loop.server',
    'media.block-play-until-visible',
    'media.eme.apiVisible',
    'media.eme.chromium-api.enabled',
    'media.getusermedia.screensharing.allow_on_old_platforms',
    'media.getusermedia.screensharing.allowed_domains',
    'media.gmp-eme-adobe.autoupdate',
    'media.gmp-eme-adobe.enabled',
    'media.gmp-eme-adobe.visible',
    'network.http.referer.userControlPolicy',
    'network.http.sendSecureXSiteReferrer',
    'network.http.spdy.enabled.http2draft',
    'network.http.spdy.enabled.v3-1',
    'network.websocket.enabled',
    'pageThumbs.enabled',
    'pfs.datasource.url',
    'plugin.scan.Acrobat',
    'plugin.scan.Quicktime',
    'plugin.scan.WindowsMediaPlayer',
    'plugins.enumerable_names',
    'plugins.update.notifyUser',
    'plugins.update.url',
    'privacy.clearOnShutdown.passwords',
    'privacy.donottrackheader.value',
    'security.mixed_content.send_hsts_priming',
    'security.mixed_content.use_hsts',
    'security.ssl3.ecdhe_ecdsa_rc4_128_sha',
    'security.ssl3.ecdhe_rsa_rc4_128_sha',
    'security.ssl3.rsa_rc4_128_md5',
    'security.ssl3.rsa_rc4_128_sha',
    'security.tls.insecure_fallback_hosts.use_static_list',
    'security.tls.unrestricted_rc4_fallback',
    'security.xpconnect.plugin.unrestricted',
    'social.directories',
    'social.enabled',
    'social.remote-install.enabled',
    'social.share.activationPanelEnabled',
    'social.shareDirectory',
    'social.toast-notifications.enabled',
    'social.whitelist',
    'toolkit.telemetry.unifiedIsOptIn',
    /* REMOVED */
    /* 92-102 */
    'browser.urlbar.trimURLs',
    'dom.caches.enabled',
    'dom.storageManager.enabled',
    'dom.storage_access.enabled',
    'dom.targetBlankNoOpener.enabled',
    'network.cookie.thirdparty.sessionOnly',
    'network.cookie.thirdparty.nonsecureSessionOnly',
    'privacy.firstparty.isolate.block_post_message',
    'privacy.firstparty.isolate.restrict_opener_access',
    'privacy.firstparty.isolate.use_site',
    'privacy.window.name.update.enabled',
    'security.insecure_connection_text.enabled',
    /* 79-91 */
    'alerts.showFavicons',
    'browser.newtabpage.activity-stream.asrouter.providers.snippets',
@ -68,7 +299,6 @@
    'browser.cache.disk.smart_size.first_run',
    'browser.cache.offline.insecure.enable',
    'browser.contentblocking.enabled',
    'browser.eme.ui.enabled',
    'browser.laterrun.enabled',
    'browser.offline-apps.notify',
    'browser.rights.3.shown',
@ -232,6 +462,8 @@
       // 'dom.ipc.plugins.sandbox-level.default',
       // 'dom.ipc.plugins.sandbox-level.flash',
       // 'security.sandbox.logging.enabled',
    /* IMPORTANT: last active pref must not have a trailing comma */ 
    /* reset parrot: check your open about:config after running the script */
    '_user.js.parrot'
  ];
--- a/scratchpad-scripts/arkenfox-clear-deprecated.js
+++ b/scratchpad-scripts/arkenfox-clear-deprecated.js
@ -1,232 +0,0 @@
 /***
  Version: up to and including FF/ESR91
  This will reset the preferences that have been deprecated by Mozilla
  and used in the arkenfox user.js
  It is in reverse order, so feel free to remove sections that do not apply
  For instructions see:
  https://github.com/arkenfox/user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts]
 ***/
 (() => {
  if ('undefined' === typeof(Services)) return alert('about:config needs to be the active tab!');
  const aPREFS = [
    /* deprecated */
    /* FF79-91 */
    'browser.cache.offline.storage.enable',
    'browser.download.hide_plugins_without_extensions',
    'browser.library.activity-stream.enabled',
    'browser.search.geoSpecificDefaults',
    'browser.search.geoSpecificDefaults.url',
    'dom.ipc.plugins.flash.subprocess.crashreporter.enabled',
    'dom.ipc.plugins.reportCrashURL',
    'dom.w3c_pointer_events.enabled',
    'intl.charset.fallback.override',
    'network.ftp.enabled',
    'plugin.state.flash',
    'security.mixed_content.block_object_subrequest',
    'security.ssl.errorReporting.automatic',
    'security.ssl.errorReporting.enabled',
    'security.ssl.errorReporting.url',
    /* 69-78 */
    'browser.newtabpage.activity-stream.telemetry.ping.endpoint',
    'browser.tabs.remote.allowLinkedWebInFileUriProcess',
    'browser.urlbar.oneOffSearches',
    'devtools.webide.autoinstallADBExtension',
    'devtools.webide.enabled',
    'dom.indexedDB.enabled',
    'extensions.blocklist.url',
    'geo.wifi.logging.enabled',
    'geo.wifi.uri',
    'gfx.downloadable_fonts.woff2.enabled',
    'media.autoplay.allow-muted',
    'media.autoplay.enabled.user-gestures-needed',
    'offline-apps.allow_by_default',
    'plugins.click_to_play',
    'privacy.userContext.longPressBehavior',
    'toolkit.cosmeticAnimations.enabled',
    'toolkit.telemetry.hybridContent.enabled',
    'webgl.disable-extensions',
    /* 61-68 */
    'app.update.enabled',
    'browser.aboutHomeSnippets.updateUrl',
    'browser.chrome.errorReporter.enabled',
    'browser.chrome.errorReporter.submitUrl',
    'browser.chrome.favicons',
    'browser.ctrlTab.previews',
    'browser.fixup.hide_user_pass',
    'browser.newtabpage.activity-stream.asrouter.userprefs.cfr',
    'browser.newtabpage.activity-stream.disableSnippets',
    'browser.onboarding.enabled',
    'browser.search.countryCode',
    'browser.urlbar.autocomplete.enabled',
    'devtools.webide.adbAddonURL',
    'devtools.webide.autoinstallADBHelper',
    'dom.event.highrestimestamp.enabled',
    'experiments.activeExperiment',
    'experiments.enabled',
    'experiments.manifest.uri',
    'experiments.supported',
    'lightweightThemes.update.enabled',
    'media.autoplay.enabled',
    'network.allow-experiments',
    'network.cookie.lifetime.days',
    'network.jar.block-remote-files',
    'network.jar.open-unsafe-types',
    'plugin.state.java',
    'security.csp.enable_violation_events',
    'security.csp.experimentalEnabled',
    'shield.savant.enabled',
    /* 60 or earlier */
    'browser.bookmarks.showRecentlyBookmarked',
    'browser.casting.enabled',
    'browser.crashReports.unsubmittedCheck.autoSubmit',
    'browser.formautofill.enabled',
    'browser.formfill.saveHttpsForms',
    'browser.fullscreen.animate',
    'browser.history.allowPopState',
    'browser.history.allowPushState',
    'browser.history.allowReplaceState',
    'browser.newtabpage.activity-stream.enabled',
    'browser.newtabpage.directory.ping',
    'browser.newtabpage.directory.source',
    'browser.newtabpage.enhanced',
    'browser.newtabpage.introShown',
    'browser.pocket.api',
    'browser.pocket.enabled',
    'browser.pocket.oAuthConsumerKey',
    'browser.pocket.site',
    'browser.polaris.enabled',
    'browser.safebrowsing.appRepURL',
    'browser.safebrowsing.enabled',
    'browser.safebrowsing.gethashURL',
    'browser.safebrowsing.malware.reportURL',
    'browser.safebrowsing.provider.google.appRepURL',
    'browser.safebrowsing.reportErrorURL',
    'browser.safebrowsing.reportGenericURL',
    'browser.safebrowsing.reportMalwareErrorURL',
    'browser.safebrowsing.reportMalwareMistakeURL',
    'browser.safebrowsing.reportMalwareURL',
    'browser.safebrowsing.reportPhishMistakeURL',
    'browser.safebrowsing.reportURL',
    'browser.safebrowsing.updateURL',
    'browser.search.showOneOffButtons',
    'browser.selfsupport.enabled',
    'browser.selfsupport.url',
    'browser.sessionstore.privacy_level_deferred',
    'browser.tabs.animate',
    'browser.trackingprotection.gethashURL',
    'browser.trackingprotection.updateURL',
    'browser.urlbar.unifiedcomplete',
    'browser.usedOnWindows10.introURL',
    'camera.control.autofocus_moving_callback.enabled',
    'camera.control.face_detection.enabled',
    'datareporting.healthreport.about.reportUrl',
    'datareporting.healthreport.about.reportUrlUnified',
    'datareporting.healthreport.documentServerURI',
    'datareporting.healthreport.service.enabled',
    'datareporting.policy.dataSubmissionEnabled.v2',
    'devtools.webide.autoinstallFxdtAdapters',
    'dom.archivereader.enabled',
    'dom.battery.enabled',
    'dom.beforeAfterKeyboardEvent.enabled',
    'dom.disable_image_src_set',
    'dom.disable_window_open_feature.scrollbars',
    'dom.disable_window_status_change',
    'dom.enable_user_timing',
    'dom.flyweb.enabled',
    'dom.idle-observers-api.enabled',
    'dom.keyboardevent.code.enabled',
    'dom.network.enabled',
    'dom.push.udp.wakeupEnabled',
    'dom.telephony.enabled',
    'dom.vr.oculus050.enabled',
    'dom.workers.enabled',
    'dom.workers.sharedWorkers.enabled',
    'extensions.formautofill.experimental',
    'extensions.screenshots.system-disabled',
    'extensions.shield-recipe-client.api_url',
    'extensions.shield-recipe-client.enabled',
    'full-screen-api.approval-required',
    'general.useragent.locale',
    'geo.security.allowinsecure',
    'intl.locale.matchOS',
    'loop.enabled',
    'loop.facebook.appId',
    'loop.facebook.enabled',
    'loop.facebook.fallbackUrl',
    'loop.facebook.shareUrl',
    'loop.feedback.formURL',
    'loop.feedback.manualFormURL',
    'loop.logDomains',
    'loop.server',
    'media.block-play-until-visible',
    'media.eme.apiVisible',
    'media.eme.chromium-api.enabled',
    'media.getusermedia.screensharing.allow_on_old_platforms',
    'media.getusermedia.screensharing.allowed_domains',
    'media.gmp-eme-adobe.autoupdate',
    'media.gmp-eme-adobe.enabled',
    'media.gmp-eme-adobe.visible',
    'network.http.referer.userControlPolicy',
    'network.http.sendSecureXSiteReferrer',
    'network.http.spdy.enabled.http2draft',
    'network.http.spdy.enabled.v3-1',
    'network.websocket.enabled',
    'pageThumbs.enabled',
    'pfs.datasource.url',
    'plugin.scan.Acrobat',
    'plugin.scan.Quicktime',
    'plugin.scan.WindowsMediaPlayer',
    'plugins.enumerable_names',
    'plugins.update.notifyUser',
    'plugins.update.url',
    'privacy.clearOnShutdown.passwords',
    'privacy.donottrackheader.value',
    'security.mixed_content.send_hsts_priming',
    'security.mixed_content.use_hsts',
    'security.ssl3.ecdhe_ecdsa_rc4_128_sha',
    'security.ssl3.ecdhe_rsa_rc4_128_sha',
    'security.ssl3.rsa_rc4_128_md5',
    'security.ssl3.rsa_rc4_128_sha',
    'security.tls.insecure_fallback_hosts.use_static_list',
    'security.tls.unrestricted_rc4_fallback',
    'security.xpconnect.plugin.unrestricted',
    'social.directories',
    'social.enabled',
    'social.remote-install.enabled',
    'social.share.activationPanelEnabled',
    'social.shareDirectory',
    'social.toast-notifications.enabled',
    'social.whitelist',
    'toolkit.telemetry.unifiedIsOptIn',
    /* reset parrot: check your open about:config after running the script */
    '_user.js.parrot'
  ];
  console.clear();
  let c = 0;
  for (const sPname of aPREFS) {
    if (Services.prefs.prefHasUserValue(sPname)) {
      Services.prefs.clearUserPref(sPname);
      if (!Services.prefs.prefHasUserValue(sPname)) {
        console.info('reset', sPname);
        c++;
      } else console.warn('failed to reset', sPname);
    }
  }
  focus();
  const d = (c==1) ? ' pref' : ' prefs';
  alert(c ? 'successfully reset ' + c + d + "\n\nfor details check the console" : 'nothing to reset');
  return 'all done';
 })();
--- a/updater.bat
+++ b/updater.bat
@ -3,10 +3,10 @@ TITLE arkenfox user.js updater
 REM ## arkenfox user.js updater for Windows
 REM ## author: @claustromaniac
-REM ## version: 4.14
+REM ## version: 4.16
-REM ## instructions: https://github.com/arkenfox/user.js/wiki/3.3-Updater-Scripts
+REM ## instructions: https://github.com/arkenfox/user.js/wiki/5.1-Updater-[Options]#-windows
-SET v=4.14
+SET v=4.15
 VERIFY ON
 CD /D "%~dp0"
@ -23,7 +23,6 @@ IF /I "%~1"=="-merge" (SET _merge=1)
 IF /I "%~1"=="-updatebatch" (SET _updateb=1)
 IF /I "%~1"=="-singlebackup" (SET _singlebackup=1)
 IF /I "%~1"=="-esr" (SET _esr=1)
 IF /I "%~1"=="-rfpalts" (SET _rfpalts=1)
 SHIFT
 GOTO parse
 :endparse
@ -141,10 +140,6 @@ IF EXIST user.js.new (DEL /F "user.js.new")
 CALL :message "Retrieving latest user.js file from github repository..."
 CALL :psdownload https://raw.githubusercontent.com/arkenfox/user.js/master/user.js "user.js.new"
 IF EXIST user.js.new (
 	IF DEFINED _rfpalts (
 		CALL :message "Activating RFP Alternatives section..."
 		CALL :activate user.js.new "[SETUP-non-RFP]"
 	)
 	IF DEFINED _esr (
 		CALL :message "Activating ESR section..."
 		CALL :activate user.js.new ".x still uses all the following prefs"
@ -320,8 +315,6 @@ ECHO:     Run without user input.
 CALL :message "  -singleBackup"
 ECHO:     Use a single backup file and overwrite it on new updates, instead of
 ECHO:     cumulative backups. This was the default behaviour before v4.3.
 CALL :message "  -rfpAlts"
 ECHO:     Activate RFP Alternatives section
 CALL :message "  -updateBatch"
 ECHO:     Update the script itself on execution, before the normal routine.
 CALL :message ""
--- a/updater.sh
+++ b/updater.sh
@ -2,7 +2,7 @@
 ## arkenfox user.js updater for macOS and Linux
-## version: 3.2
+## version: 3.4
 ## Author: Pat Johnson (@overdodactyl)
 ## Additional contributors: @earthlng, @ema-pe, @claustromaniac
@ -62,7 +62,7 @@ show_banner() {
                ####                                                                    ####
                ############################################################################"
  echo -e "${NC}\n"
-  echo -e "Documentation for this script is available here: ${CYAN}https://github.com/arkenfox/user.js/wiki/3.3-Updater-Scripts${NC}\n"
+  echo -e "Documentation for this script is available here: ${CYAN}https://github.com/arkenfox/user.js/wiki/5.1-Updater-[Options]#-maclinux${NC}\n"
 }
 #########################
@ -106,7 +106,7 @@ Optional Arguments:
 download_file() { # expects URL as argument ($1)
  declare -r tf=$(mktemp)
-  $DOWNLOAD_METHOD "${tf}" "$1" && echo "$tf" || echo '' # return the temp-filename or empty string on error
+  $DOWNLOAD_METHOD "${tf}" "$1" &>/dev/null && echo "$tf" || echo '' # return the temp-filename or empty string on error
 }
 open_file() { # expects one argument: file_path
--- a/user.js
+++ b/user.js
@ -1,25 +1,24 @@
 /******
-* name: arkenfox user.js
+*    name: arkenfox user.js
-* date: 8 December 2021
+*    date: 12 June 2022
-* version 95
+* version: 101
-* url: https://github.com/arkenfox/user.js
+*     url: https://github.com/arkenfox/user.js
 * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt
 * README:
  1. Consider using Tor Browser if it meets your needs or fits your threat model
       * https://2019.www.torproject.org/about/torusers.html
-  2. Required reading: Overview, Backing Up, Implementing, and Maintenance entries
+  2. Read the entire wiki
       * https://github.com/arkenfox/user.js/wiki
  3. If you skipped step 2, return to step 2
-  4. Make changes
+  4. Make changes in a user-overrides.js
       * There are often trade-offs and conflicts between security vs privacy vs anti-tracking
         and these need to be balanced against functionality & convenience & breakage
       * Some site breakage and unintended consequences will happen. Everyone's experience will differ
         e.g. some user data is erased on exit (section 2800), change this to suit your needs
       * While not 100% definitive, search for "[SETUP" tags
         e.g. third party images/videos not loading on some sites? check 1601
       * Take the wiki link in step 2 and read the Troubleshooting entry
  5. Some tag info
       [SETUP-SECURITY] it's one item, read it
            [SETUP-WEB] can cause some websites to break
@ -51,18 +50,16 @@
  1600: HEADERS / REFERERS
  1700: CONTAINERS
  2000: PLUGINS / MEDIA / WEBRTC
  2300: WEB WORKERS
  2400: DOM (DOCUMENT OBJECT MODEL)
  2600: MISCELLANEOUS
-  2700: PERSISTENT STORAGE
+  2700: ETP (ENHANCED TRACKING PROTECTION)
  2800: SHUTDOWN & SANITIZING
  4000: FPI (FIRST PARTY ISOLATION)
  4500: RFP (RESIST FINGERPRINTING)
  5000: OPTIONAL OPSEC
  5500: OPTIONAL HARDENING
  6000: DON'T TOUCH
  7000: DON'T BOTHER
-  8000: DON'T BOTHER: NON-RFP
+  8000: DON'T BOTHER: FINGERPRINTING
  9000: PERSONAL
  9999: DEPRECATED / REMOVED / LEGACY / RENAMED
@ -133,35 +130,14 @@ user_pref("browser.region.update.enabled", false); // [FF79+]
 * [SETTING] General>Language and Appearance>Language>Choose your preferred language...
 * [TEST] https://addons.mozilla.org/about ***/
 user_pref("intl.accept_languages", "en-US, en");
-/* 0211: use US English locale regardless of the system locale
+/* 0211: use en-US locale regardless of the system or region locale
 * [SETUP-WEB] May break some input methods e.g xim/ibus for CJK languages [1]
 * [TEST] https://arkenfox.github.io/TZP/tests/formatting.html
 * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=867501,1629630 ***/
 user_pref("javascript.use_us_english_locale", true); // [HIDDEN PREF]
 /*** [SECTION 0300]: QUIETER FOX ***/
 user_pref("_user.js.parrot", "0300 syntax error: the parrot's not pinin' for the fjords!");
 /** UPDATES ***/
 /* 0301: disable auto-INSTALLING Firefox updates [NON-WINDOWS]
 * [NOTE] You will still get prompts to update, and should do so in a timely manner
 * [SETTING] General>Firefox Updates>Check for updates but let you choose to install them ***/
 user_pref("app.update.auto", false);
 /* 0302: disable auto-INSTALLING Firefox updates via a background service [FF90+] [WINDOWS]
 * [SETTING] General>Firefox Updates>Automatically install updates>When Firefox is not running
 * [1] https://support.mozilla.org/kb/enable-background-updates-firefox-windows ***/
 user_pref("app.update.background.scheduling.enabled", false);
 /* 0303: disable auto-CHECKING for extension and theme updates ***/
   // user_pref("extensions.update.enabled", false);
 /* 0304: disable auto-INSTALLING extension and theme updates (after the check in 0303)
 * [SETTING] about:addons>Extensions>[cog-wheel-icon]>Update Add-ons Automatically (toggle) ***/
   // user_pref("extensions.update.autoUpdateDefault", false);
 /* 0305: disable extension metadata
 * used when installing/updating an extension, and in daily background update checks:
 * when false, extension detail tabs will have no description ***/
   // user_pref("extensions.getAddons.cache.enabled", false);
 /* 0306: disable search engine updates (e.g. OpenSearch)
 * [NOTE] This does not affect Mozilla's built-in or Web Extension search engines ***/
 user_pref("browser.search.update", false);
 /** RECOMMENDATIONS ***/
 /* 0320: disable recommendation pane in about:addons (uses Google Analytics) ***/
 user_pref("extensions.getAddons.showPane", false); // [HIDDEN PREF]
@ -182,7 +158,7 @@ user_pref("datareporting.policy.dataSubmissionEnabled", false);
 * [SETTING] Privacy & Security>Firefox Data Collection & Use>Allow Firefox to send technical... data ***/
 user_pref("datareporting.healthreport.uploadEnabled", false);
 /* 0332: disable telemetry
- * The "unified" pref affects the behaviour of the "enabled" pref
+ * The "unified" pref affects the behavior of the "enabled" pref
 * - If "unified" is false then "enabled" controls the telemetry module
 * - If "unified" is true then "enabled" only controls whether to record extended data
 * [NOTE] "toolkit.telemetry.enabled" is now LOCKED to reflect prerelease (true) or release builds (false) [2]
@ -233,9 +209,6 @@ user_pref("network.captive-portal-service.enabled", false); // [FF52+]
 /* 0361: disable Network Connectivity checks [FF65+]
 * [1] https://bugzilla.mozilla.org/1460537 ***/
 user_pref("network.connectivity-service.enabled", false);
 /* 0362: enforce disabling of Web Compatibility Reporter [FF56+]
 * Web Compatibility Reporter adds a "Report Site Issue" button to send data to Mozilla ***/
 user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false]
 /*** [SECTION 0400]: SAFE BROWSING (SB)
   SB has taken many steps to preserve privacy. If required, a full url is never sent
@ -261,16 +234,16 @@ user_pref("_user.js.parrot", "0400 syntax error: the parrot's passed on!");
 * To verify the safety of certain executable files, Firefox may submit some information about the
 * file, including the name, origin, size and a cryptographic hash of the contents, to the Google
 * Safe Browsing service which helps Firefox determine whether or not the file should be blocked
- * [SETUP-SECURITY] If you do not understand this, or you want this protection, then override it ***/
+ * [SETUP-SECURITY] If you do not understand this, or you want this protection, then override this ***/
 user_pref("browser.safebrowsing.downloads.remote.enabled", false);
-user_pref("browser.safebrowsing.downloads.remote.url", "");
+   // user_pref("browser.safebrowsing.downloads.remote.url", ""); // Defense-in-depth
 /* 0404: disable SB checks for unwanted software
 * [SETTING] Privacy & Security>Security>... "Warn you about unwanted and uncommon software" ***/
   // user_pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false);
   // user_pref("browser.safebrowsing.downloads.remote.block_uncommon", false);
 /* 0405: disable "ignore this warning" on SB warnings [FF45+]
 * If clicked, it bypasses the block for that session. This is a means for admins to enforce SB
- * [TEST] see github wiki APPENDIX A: Test Sites: Section 5
+ * [TEST] see https://github.com/arkenfox/user.js/wiki/Appendix-A-Test-Sites#-mozilla
 * [1] https://bugzilla.mozilla.org/1226490 ***/
   // user_pref("browser.safebrowsing.allowOverride", false);
@ -289,7 +262,9 @@ user_pref("network.predictor.enable-prefetch", false); // [FF48+] [DEFAULT: fals
 /* 0604: disable link-mouseover opening connection to linked server
 * [1] https://news.slashdot.org/story/15/08/14/2321202/how-to-quash-firefoxs-silent-requests ***/
 user_pref("network.http.speculative-parallel-limit", 0);
-/* 0605: enforce no "Hyperlink Auditing" (click tracking)
+/* 0605: disable mousedown speculative connections on bookmarks and history [FF98+] ***/
 user_pref("browser.places.speculativeConnect.enabled", false);
 /* 0610: enforce no "Hyperlink Auditing" (click tracking)
 * [1] https://www.bleepingcomputer.com/news/software/major-browsers-to-prevent-disabling-of-click-tracking-privacy-risk/ ***/
   // user_pref("browser.send_pings", false); // [DEFAULT: false]
@ -315,9 +290,9 @@ user_pref("network.proxy.socks_remote_dns", true);
 * [SETUP-CHROME] Can break extensions for profiles on network shares
 * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/26424 ***/
 user_pref("network.file.disable_unc_paths", true); // [HIDDEN PREF]
-/* 0704: disable GIO as a potential proxy bypass vector [FF60+]
+/* 0704: disable GIO as a potential proxy bypass vector
- * Gvfs/GIO has a set of supported protocols like obex, network, archive, computer, dav, cdda,
+ * Gvfs/GIO has a set of supported protocols like obex, network, archive, computer,
- * gphoto2, trash, etc. By default only smb and sftp protocols are accepted so far (as of FF64)
+ * dav, cdda, gphoto2, trash, etc. By default only sftp is accepted (FF87+)
 * [1] https://bugzilla.mozilla.org/1433507
 * [2] https://en.wikipedia.org/wiki/GVfs
 * [3] https://en.wikipedia.org/wiki/GIO_(software) ***/
@ -327,12 +302,18 @@ user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF]
 * [SETUP-CHROME] If you use a proxy and you trust your extensions
 * [1] https://blog.mozilla.org/security/2021/10/25/securing-the-proxy-api-for-firefox-add-ons/ ***/
   // user_pref("network.proxy.failover_direct", false);
 /* 0706: disable proxy bypass for system request failures [FF95+]
 * RemoteSettings, UpdateService, Telemetry [1]
 * [WARNING] If false, this will break the fallback for some security features
 * [SETUP-CHROME] If you use a proxy and you understand the security impact
 * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1732792,1733994,1733481 ***/
   // user_pref("network.proxy.allow_bypass", false); // [HIDDEN PREF FF95-96]
 /* 0710: disable DNS-over-HTTPS (DoH) rollout [FF60+]
 * 0=off by default, 2=TRR (Trusted Recursive Resolver) first, 3=TRR only, 5=explicitly off
- * see "doh-rollout.home-region": USA Feb 2020, Canada July 2021 [3]
+ * see "doh-rollout.home-region": USA 2019, Canada 2021, Russia/Ukraine 2022 [3]
 * [1] https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/
 * [2] https://wiki.mozilla.org/Security/DOH-resolver-policy
- * [3] https://blog.mozilla.org/mozilla/news/firefox-by-default-dns-over-https-rollout-in-canada/
+ * [3] https://support.mozilla.org/en-US/kb/firefox-dns-over-https
 * [4] https://www.eff.org/deeplinks/2020/12/dns-doh-and-odoh-oh-my-year-review-2020 ***/
   // user_pref("network.trr.mode", 5);
@ -343,8 +324,7 @@ user_pref("_user.js.parrot", "0800 syntax error: the parrot's ceased to be!");
 * Examples: "secretplace,com", "secretplace/com", "secretplace com", "secret place.com"
 * [NOTE] This does not affect explicit user action such as using search buttons in the
 * dropdown, or using keyword search shortcuts you configure in options (e.g. "d" for DuckDuckGo)
- * [SETUP-CHROME] If you don't, or rarely, type URLs, or you use a default search
+ * [SETUP-CHROME] Override this if you trust and use a privacy respecting search engine ***/
 * engine that respects privacy, then you probably don't need this ***/
 user_pref("keyword.enabled", false);
 /* 0802: disable location bar domain guessing
 * domain guessing intercepts DNS "hostname not found errors" and resends a
@ -354,11 +334,9 @@ user_pref("keyword.enabled", false);
 * intend to), can leak sensitive data (e.g. query strings: e.g. Princeton attack),
 * and is a security risk (e.g. common typos & malicious sites set up to exploit this) ***/
 user_pref("browser.fixup.alternate.enabled", false);
 /* 0803: display all parts of the url in the location bar ***/
 user_pref("browser.urlbar.trimURLs", false);
 /* 0804: disable live search suggestions
 * [NOTE] Both must be true for the location bar to work
- * [SETUP-CHROME] Change these if you trust and use a privacy respecting search engine
+ * [SETUP-CHROME] Override these if you trust and use a privacy respecting search engine
 * [SETTING] Search>Provide search suggestions | Show search suggestions in address bar results ***/
 user_pref("browser.search.suggest.enabled", false);
 user_pref("browser.urlbar.suggest.searches", false);
@ -420,7 +398,8 @@ user_pref("security.password_lifetime", 5); // [DEFAULT: 30]
 * can leak in cross-site forms *and* be spoofed
 * [NOTE] Username & password is still available when you enter the field
 * [SETTING] Privacy & Security>Logins and Passwords>Autofill logins and passwords
- * [1] https://freedom-to-tinker.com/2017/12/27/no-boundaries-for-user-identities-web-trackers-exploit-browser-login-managers/ ***/
+ * [1] https://freedom-to-tinker.com/2017/12/27/no-boundaries-for-user-identities-web-trackers-exploit-browser-login-managers/
 * [2] https://homes.esat.kuleuven.be/~asenol/leaky-forms/ ***/
 user_pref("signon.autofillForms", false);
 /* 0904: disable formless login capture for Password Manager [FF51+] ***/
 user_pref("signon.formlessCapture.enabled", false);
@ -472,22 +451,23 @@ user_pref("browser.shell.shortcutFavicons", false);
 user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!");
 /** SSL (Secure Sockets Layer) / TLS (Transport Layer Security) ***/
 /* 1201: require safe negotiation
- * Blocks connections (SSL_ERROR_UNSAFE_NEGOTIATION) to servers that don't support RFC 5746 [2]
+ * Blocks connections to servers that don't support RFC 5746 [2] as they're potentially vulnerable to a
- * as they're potentially vulnerable to a MiTM attack [3]. A server without RFC 5746 can be
+ * MiTM attack [3]. A server without RFC 5746 can be safe from the attack if it disables renegotiations
- * safe from the attack if it disables renegotiations but the problem is that the browser can't
+ * but the problem is that the browser can't know that. Setting this pref to true is the only way for the
- * know that. Setting this pref to true is the only way for the browser to ensure there will be
+ * browser to ensure there will be no unsafe renegotiations on the channel between the browser and the server
- * no unsafe renegotiations on the channel between the browser and the server.
+ * [SETUP-WEB] SSL_ERROR_UNSAFE_NEGOTIATION: is it worth overriding this for that one site?
- * [STATS] SSL Labs (July 2021) reports over 99% of sites have secure renegotiation [4]
+ * [STATS] SSL Labs (July 2021) reports over 99% of top sites have secure renegotiation [4]
 * [1] https://wiki.mozilla.org/Security:Renegotiation
 * [2] https://datatracker.ietf.org/doc/html/rfc5746
 * [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
 * [4] https://www.ssllabs.com/ssl-pulse/ ***/
 user_pref("security.ssl.require_safe_negotiation", true);
 /* 1203: reset TLS 1.0 and 1.1 downgrades i.e. session only ***/
 user_pref("security.tls.version.enable-deprecated", false); // [DEFAULT: false]
 /* 1206: disable TLS1.3 0-RTT (round-trip time) [FF51+]
 * This data is not forward secret, as it is encrypted solely under keys derived using
 * the offered PSK. There are no guarantees of non-replay between connections
 * [1] https://github.com/tlswg/tls13-spec/issues/1001
- * [2] https://blog.cloudflare.com/tls-1-3-overview-and-q-and-a/ ***/
+ * [2] https://www.rfc-editor.org/rfc/rfc9001.html#name-replay-attacks-with-0-rtt
 * [3] https://blog.cloudflare.com/tls-1-3-overview-and-q-and-a/ ***/
 user_pref("security.tls.enable_0rtt_data", false);
 /** OCSP (Online Certificate Status Protocol)
@ -512,14 +492,6 @@ user_pref("security.OCSP.enabled", 1); // [DEFAULT: 1]
 user_pref("security.OCSP.require", true);
 /** CERTS / HPKP (HTTP Public Key Pinning) ***/
 /* 1220: disable or limit SHA-1 certificates
 * 0 = allow all
 * 1 = block all
 * 3 = only allow locally-added roots (e.g. anti-virus) (default)
 * 4 = only allow locally-added roots or for certs in 2015 and earlier
 * [SETUP-CHROME] If you have problems, update your software: SHA-1 is obsolete
 * [1] https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/ ***/
 user_pref("security.pki.sha1_enforcement_level", 1);
 /* 1221: disable Windows 8.1's Microsoft Family Safety cert [FF50+] [WINDOWS]
 * 0=disable detecting Family Safety mode and importing the root
 * 1=only attempt to detect Family Safety mode (don't import the root)
@ -533,8 +505,11 @@ user_pref("security.family_safety.mode", 0);
 * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16206 ***/
 user_pref("security.cert_pinning.enforcement_level", 2);
 /* 1224: enable CRLite [FF73+]
- * In FF84+ it covers valid certs and in mode 2 doesn't fall back to OCSP
+ * 0 = disabled
- * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1429800,1670985
+ * 1 = consult CRLite but only collect telemetry
 * 2 = consult CRLite and enforce both "Revoked" and "Not Revoked" results
 * 3 = consult CRLite and enforce "Not Revoked" results, but defer to OCSP for "Revoked" (FF99+, default FF100+)
 * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1429800,1670985,1753071
 * [2] https://blog.mozilla.org/security/tag/crlite/ ***/
 user_pref("security.remote_settings.crlite_filters.enabled", true);
 user_pref("security.pki.crlite_mode", 2);
@ -553,8 +528,8 @@ user_pref("dom.security.https_only_mode", true); // [FF76+]
 /* 1245: enable HTTPS-Only mode for local resources [FF77+] ***/
   // user_pref("dom.security.https_only_mode.upgrade_local", true);
 /* 1246: disable HTTP background requests [FF82+]
- * When attempting to upgrade, if the server doesn't respond within 3 seconds,
+ * When attempting to upgrade, if the server doesn't respond within 3 seconds, Firefox sends
- * Firefox sends HTTP requests in order to check if the server supports HTTPS or not
+ * a top-level HTTP request without path in order to check if the server supports HTTPS or not
 * This is done to avoid waiting for a timeout which takes 90 seconds
 * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1642387,1660945 ***/
 user_pref("dom.security.https_only_mode_send_http_background_request", false);
@ -574,8 +549,6 @@ user_pref("browser.ssl_override_behavior", 1);
 * i.e. it doesn't work for HSTS discrepancies (https://subdomain.preloaded-hsts.badssl.com/)
 * [TEST] https://expired.badssl.com/ ***/
 user_pref("browser.xul.error_pages.expert_bad_cert", true);
 /* 1273: display "Not Secure" text on HTTP sites ***/
 user_pref("security.insecure_connection_text.enabled", true); // [FF60+]
 /*** [SECTION 1400]: FONTS ***/
 user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!");
@ -592,7 +565,6 @@ user_pref("gfx.font_rendering.opentype_svg.enabled", false);
   // user_pref("layout.css.font-visibility.trackingprotection", 1);
 /*** [SECTION 1600]: HEADERS / REFERERS
   Expect some breakage e.g. banks: use an extension if you need precise control
                  full URI: https://example.com:8888/foo/bar.html?id=1234
     scheme+host+port+path: https://example.com:8888/foo/bar.html
          scheme+host+port: https://example.com:8888
@ -601,29 +573,21 @@ user_pref("gfx.font_rendering.opentype_svg.enabled", false);
 user_pref("_user.js.parrot", "1600 syntax error: the parrot rests in peace!");
 /* 1601: control when to send a cross-origin referer
 * 0=always (default), 1=only if base domains match, 2=only if hosts match
- * [SETUP-WEB] Known to cause issues with older modems/routers and some sites e.g vimeo, icloud, instagram ***/
+ * [SETUP-WEB] Breakage: older modems/routers and some sites e.g banks, vimeo, icloud, instagram
 * If "2" is too strict, then override to "0" and use Smart Referer extension (Strict mode + add exceptions) ***/
 user_pref("network.http.referer.XOriginPolicy", 2);
 /* 1602: control the amount of cross-origin information to send [FF52+]
 * 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/
 user_pref("network.http.referer.XOriginTrimmingPolicy", 2);
 /* 1603: enable the DNT (Do Not Track) HTTP header
 * [NOTE] DNT is enforced with Enhanced Tracking Protection (2710)
 * [SETTING] Privacy & Security>Enhanced Tracking Protection>Send websites a "Do Not Track" signal... ***/
   // user_pref("privacy.donottrackheader.enabled", true);
-/*** [SECTION 1700]: CONTAINERS
+/*** [SECTION 1700]: CONTAINERS ***/
   Check out Temporary Containers [2], read the article [3], and visit the wiki/repo [4]
   [1] https://wiki.mozilla.org/Security/Contextual_Identity_Project/Containers
   [2] https://addons.mozilla.org/firefox/addon/temporary-containers/
   [3] https://medium.com/@stoically/enhance-your-privacy-in-firefox-with-temporary-containers-33925cd6cd21
   [4] https://github.com/stoically/temporary-containers/wiki
 ***/
 user_pref("_user.js.parrot", "1700 syntax error: the parrot's bit the dust!");
 /* 1701: enable Container Tabs and its UI setting [FF50+]
- * [SETTING] General>Tabs>Enable Container Tabs ***/
+ * [SETTING] General>Tabs>Enable Container Tabs
 * https://wiki.mozilla.org/Security/Contextual_Identity_Project/Containers ***/
 user_pref("privacy.userContext.enabled", true);
 user_pref("privacy.userContext.ui.enabled", true);
-/* 1702: set behaviour on "+ Tab" button to display container menu on left click [FF74+]
+/* 1702: set behavior on "+ Tab" button to display container menu on left click [FF74+]
 * [NOTE] The menu is always shown on long press and right click
 * [SETTING] General>Tabs>Enable Container Tabs>Settings>Select a container for each new tab ***/
   // user_pref("privacy.userContext.newTabContainerOnLeftClick.enabled", true);
@ -657,11 +621,13 @@ user_pref("media.peerconnection.ice.default_address_only", true);
 * [NOTE] This is covered by the EME master switch (2022) ***/
   // user_pref("media.gmp-widevinecdm.enabled", false);
 /* 2022: disable all DRM content (EME: Encryption Media Extension)
 * Optionally hide the setting which also disables the DRM prompt
 * [SETUP-WEB] e.g. Netflix, Amazon Prime, Hulu, HBO, Disney+, Showtime, Starz, DirectTV
 * [SETTING] General>DRM Content>Play DRM-controlled content
 * [TEST] https://bitmovin.com/demos/drm
 * [1] https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next ***/
 user_pref("media.eme.enabled", false);
   // user_pref("browser.eme.ui.enabled", false);
 /* 2030: disable autoplay of HTML5 media [FF63+]
 * 0=Allow all, 1=Block non-muted media (default), 5=Block all
 * [NOTE] You can set exceptions under site permissions
@ -669,51 +635,11 @@ user_pref("media.eme.enabled", false);
   // user_pref("media.autoplay.default", 5);
 /* 2031: disable autoplay of HTML5 media if you interacted with the site [FF78+]
 * 0=sticky (default), 1=transient, 2=user
- * Firefox's Autoplay Policy Documentation [PDF] is linked below via SUMO
+ * Firefox's Autoplay Policy Documentation (PDF) is linked below via SUMO
 * [NOTE] If you have trouble with some video sites, then add an exception (2030)
 * [1] https://support.mozilla.org/questions/1293231 ***/
 user_pref("media.autoplay.blocking_policy", 2);
 /*** [SECTION 2300]: WEB WORKERS
   A worker is a JS "background task" running in a global context, i.e. it is different from
   the current window. Workers can spawn new workers (must be the same origin & scheme),
   including service and shared workers. Shared workers can be utilized by multiple scripts and
   communicate between browsing contexts (windows/tabs/iframes) and can even control your cache.
   [1]    Web Workers: https://developer.mozilla.org/docs/Web/API/Web_Workers_API
   [2]         Worker: https://developer.mozilla.org/docs/Web/API/Worker
   [3] Service Worker: https://developer.mozilla.org/docs/Web/API/Service_Worker_API
   [4]   SharedWorker: https://developer.mozilla.org/docs/Web/API/SharedWorker
   [5]   ChromeWorker: https://developer.mozilla.org/docs/Web/API/ChromeWorker
   [6]  Notifications: https://support.mozilla.org/questions/1165867#answer-981820
 ***/
 user_pref("_user.js.parrot", "2300 syntax error: the parrot's off the twig!");
 /* 2302: disable service workers [FF32, FF44-compat]
 * Service workers essentially act as proxy servers that sit between web apps, and the
 * browser and network, are event driven, and can control the web page/site they are associated
 * with, intercepting and modifying navigation and resource requests, and caching resources.
 * [NOTE] Service workers require HTTPS, have no DOM access, and are not supported in PB mode [1]
 * [SETUP-WEB] Disabling service workers will break some sites. This pref is required true for
 * service worker notifications (2304), push notifications (disabled, 2305) and service worker
 * cache (2740). If you enable this pref, then check those settings as well
 * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1320796#c7 ***/
 user_pref("dom.serviceWorkers.enabled", false);
 /* 2304: disable Web Notifications
 * [NOTE] Web Notifications can also use service workers (2302) and are behind a prompt (7002)
 * [1] https://developer.mozilla.org/docs/Web/API/Notifications_API ***/
   // user_pref("dom.webnotifications.enabled", false); // [FF22+]
   // user_pref("dom.webnotifications.serviceworker.enabled", false); // [FF44+]
 /* 2305: disable Push Notifications [FF44+]
 * Push is an API that allows websites to send you (subscribed) messages even when the site
 * isn't loaded, by pushing messages to your userAgentID through Mozilla's Push Server
 * [NOTE] Push requires service workers (2302) to subscribe to and display, and is behind
 * a prompt (7002). Disabling service workers alone doesn't stop Firefox polling the
 * Mozilla Push Server. To remove all subscriptions, reset your userAgentID.
 * [1] https://support.mozilla.org/kb/push-notifications-firefox
 * [2] https://developer.mozilla.org/docs/Web/API/Push_API ***/
 user_pref("dom.push.enabled", false);
   // user_pref("dom.push.userAgentID", "");
 /*** [SECTION 2400]: DOM (DOCUMENT OBJECT MODEL) ***/
 user_pref("_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket!");
 /* 2401: disable "Confirm you want to leave" dialog on page close
@ -801,6 +727,9 @@ user_pref("browser.download.useDownloadDir", false);
 user_pref("browser.download.alwaysOpenPanel", false);
 /* 2653: disable adding downloads to the system's "recent documents" list ***/
 user_pref("browser.download.manager.addToRecentDocs", false);
 /* 2654: enable user interaction for security by always asking how to handle new mimetypes [FF101+]
 * [SETTING] General>Files and Applications>What should Firefox do with other files ***/
 user_pref("browser.download.always_ask_before_handling_new_types", true);
 /** EXTENSIONS ***/
 /* 2660: lock down allowed extension directories
@ -817,81 +746,41 @@ user_pref("extensions.postDownloadThirdPartyPrompt", false);
 * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/
   // user_pref("extensions.webextensions.restrictedDomains", "");
-/*** [SECTION 2700]: PERSISTENT STORAGE
+/*** [SECTION 2700]: ETP (ENHANCED TRACKING PROTECTION) ***/
   Data SET by websites including
          cookies : profile\cookies.sqlite
     localStorage : profile\webappsstore.sqlite
        indexedDB : profile\storage\default
   serviceWorkers :
   [NOTE] indexedDB and serviceWorkers are not available in Private Browsing Mode
   [NOTE] Blocking cookies also blocks websites access to: localStorage (incl. sessionStorage),
   indexedDB, sharedWorker, and serviceWorker (and therefore service worker cache and notifications)
   If you set a site exception for cookies (either "Allow" or "Allow for Session") then they become
   accessible to websites except shared/service workers where the cookie setting must be "Allow"
 ***/
 user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!");
-/* 2701: disable or isolate 3rd-party cookies and site-data [SETUP-WEB]
+/* 2701: enable ETP Strict Mode [FF86+]
- * 0 = Accept cookies and site data
+ * ETP Strict Mode enables Total Cookie Protection (TCP)
- * 1 = (Block) All third-party cookies
+ * [NOTE] Adding site exceptions disables all ETP protections for that site and increases the risk of
- * 2 = (Block) All cookies
+ * cross-site state tracking e.g. exceptions for SiteA and SiteB means PartyC on both sites is shared
- * 3 = (Block) Cookies from unvisited websites
+ * [1] https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/
 * 4 = (Block) Cross-site tracking cookies (default)
 * 5 = (Isolate All) Cross-site cookies (TCP: Total Cookie Protection / dFPI: dynamic FPI) [1] (FF86+)
 * Option 5 with FPI enabled (4001) is ignored and not shown, and option 4 used instead
 * [NOTE] You can set cookie exceptions under site permissions or use an extension
 * [NOTE] Enforcing category to custom ensures ETP related prefs are always honored
 * [SETTING] Privacy & Security>Enhanced Tracking Protection>Custom>Cookies
 * [1] https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/ ***/
 user_pref("network.cookie.cookieBehavior", 1);
 user_pref("browser.contentblocking.category", "custom");
 /* 2710: enable Enhanced Tracking Protection (ETP) in all windows
 * [SETTING] Privacy & Security>Enhanced Tracking Protection>Custom>Tracking content
 * [SETTING] to add site exceptions: Urlbar>ETP Shield
 * [SETTING] to manage site exceptions: Options>Privacy & Security>Enhanced Tracking Protection>Manage Exceptions ***/
-user_pref("privacy.trackingprotection.enabled", true);
+user_pref("browser.contentblocking.category", "strict");
-/* 2711: enable various ETP lists ***/
+/* 2702: disable ETP web compat features [FF93+]
-user_pref("privacy.trackingprotection.socialtracking.enabled", true);
+ * [SETUP-HARDEN] Includes skip lists, heuristics (SmartBlock) and automatic grants
-   // user_pref("privacy.trackingprotection.cryptomining.enabled", true); // [DEFAULT: true]
+ * Opener Heuristics are granted for 30 days and Redirect Heuristics for 15 minutes, see [3]
-   // user_pref("privacy.trackingprotection.fingerprinting.enabled", true); // [DEFAULT: true]
+ * [1] https://blog.mozilla.org/security/2021/07/13/smartblock-v2/
-/* 2740: disable service worker cache and cache storage
+ * [2] https://hg.mozilla.org/mozilla-central/rev/e5483fd469ab#l4.12
- * [NOTE] We clear service worker cache on exit (2811)
+ * [3] https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning#storage_access_heuristics ***/
- * [1] https://w3c.github.io/ServiceWorker/#privacy ***/
+   // user_pref("privacy.antitracking.enableWebcompat", false);
-   // user_pref("dom.caches.enabled", false);
+/* 2710: enable state partitioning of service workers [FF96+] ***/
-/* 2750: disable Storage API [FF51+]
+user_pref("privacy.partition.serviceWorkers", true);
 * The API gives sites the ability to find out how much space they can use, how much
 * they are already using, and even control whether or not they need to be alerted
 * before the user agent disposes of site data in order to make room for other things.
 * [1] https://developer.mozilla.org/docs/Web/API/StorageManager
 * [2] https://developer.mozilla.org/docs/Web/API/Storage_API
 * [3] https://blog.mozilla.org/l10n/2017/03/07/firefox-l10n-report-aurora-54/ ***/
   // user_pref("dom.storageManager.enabled", false);
 /* 2755: disable Storage Access API [FF65+]
 * [1] https://developer.mozilla.org/docs/Web/API/Storage_Access_API ***/
   // user_pref("dom.storage_access.enabled", false);
 /* 2760: enable Local Storage Next Generation (LSNG) [FF65+] ***/
 user_pref("dom.storage.next_gen", true); // [DEFAULT: true FF92+]
 /*** [SECTION 2800]: SHUTDOWN & SANITIZING ***/
 user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!");
 /** COOKIES + SITE DATA : ALLOWS EXCEPTIONS ***/
 /* 2801: delete cookies and site data on exit
 * 0=keep until they expire (default), 2=keep until you close Firefox
 * [NOTE] A "cookie" block permission also controls localStorage/sessionStorage, indexedDB,
 * sharedWorkers and serviceWorkers. serviceWorkers require an "Allow" permission
 * [SETTING] Privacy & Security>Cookies and Site Data>Delete cookies and site data when Firefox is closed
 * [SETTING] to add site exceptions: Ctrl+I>Permissions>Cookies>Allow
 *   If using FPI the syntax must be https://example.com/^firstPartyDomain=example.com
 * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Settings ***/
 user_pref("network.cookie.lifetimePolicy", 2);
 /* 2802: delete cache on exit [FF96+]
 * [NOTE] We already disable disk cache (1001) and clear on exit (2811) which is more robust
 * [1] https://bugzilla.mozilla.org/1671182 ***/
   // user_pref("privacy.clearsitedata.cache.enabled", true);
 /* 2803: set third-party cookies to session-only
 * [NOTE] .sessionOnly overrides .nonsecureSessionOnly except when .sessionOnly=false and
 * .nonsecureSessionOnly=true. This allows you to keep HTTPS cookies, but session-only HTTP ones
 * [1] https://feeding.cloud.geek.nz/posts/tweaking-cookies-for-privacy-in-firefox/ ***/
 user_pref("network.cookie.thirdparty.sessionOnly", true);
 user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true); // [FF58+]
 /** SANITIZE ON SHUTDOWN : ALL OR NOTHING ***/
 /* 2810: enable Firefox to clear items on shutdown (2811)
@ -939,46 +828,6 @@ user_pref("privacy.cpd.cookies", false);
 * which will display a blank value, and are not guaranteed to work ***/
 user_pref("privacy.sanitize.timeSpan", 0);
 /*** [SECTION 4000]: FPI (FIRST PARTY ISOLATION)
   1278037 - indexedDB (FF51+)
   1277803 - favicons (FF52+)
   1264562 - OCSP cache (FF52+)
   1268726 - Shared Workers (FF52+)
   1316283 - SSL session cache (FF52+)
   1317927 - media cache (FF53+)
   1323644 - HSTS and HPKP (FF54+)
   1334690 - HTTP Alternative Services (FF54+)
   1334693 - SPDY/HTTP2 (FF55+)
   1337893 - DNS cache (FF55+)
   1344170 - blob: URI (FF55+)
   1300671 - data:, about: URLs (FF55+)
   1473247 - IP addresses (FF63+)
   1542309 - top-level domain URLs when host is in the public suffix list (FF68+)
   1506693 - pdfjs range-based requests (FF68+)
   1330467 - site permissions (FF69+)
   1534339 - IPv6 (FF73+)
   1721858 - WebSocket (FF92+)
 ***/
 user_pref("_user.js.parrot", "4000 syntax error: the parrot's pegged out");
 /* 4001: enable First Party Isolation [FF51+]
 * [SETUP-WEB] Breaks some cross-origin logins
 * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1260931,1299996 ***/
 user_pref("privacy.firstparty.isolate", true);
 /* 4002: enforce FPI restriction for window.opener [FF54+]
 * [NOTE] Setting this to false may reduce the breakage in 4001
 * FF65+ blocks postMessage with targetOrigin "*" if originAttributes don't match. But
 * to reduce breakage it ignores the 1st-party domain (FPD) originAttribute [2][3]
 * The 2nd pref removes that limitation and will only allow communication if FPDs also match
 * [1] https://bugzilla.mozilla.org/1319773#c22
 * [2] https://bugzilla.mozilla.org/1492607
 * [3] https://developer.mozilla.org/docs/Web/API/Window/postMessage ***/
   // user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // [DEFAULT: true]
   // user_pref("privacy.firstparty.isolate.block_post_message", true);
 /* 4003: enable scheme with FPI [FF78+]
 * [NOTE] Experimental: existing data and site permissions are incompatible
 * and some site exceptions may not work e.g. HTTPS-only mode (1244) ***/
   // user_pref("privacy.firstparty.isolate.use_site", true);
 /*** [SECTION 4500]: RFP (RESIST FINGERPRINTING)
   RFP covers a wide range of ongoing fingerprinting solutions.
   It is an all-or-nothing buy in: you cannot pick and choose what parts you want
@ -988,14 +837,16 @@ user_pref("privacy.firstparty.isolate", true);
    418986 - limit window.screen & CSS media queries (FF41)
      [TEST] https://arkenfox.github.io/TZP/tzp.html#screen
   1281949 - spoof screen orientation (FF50)
   1281963 - hide the contents of navigator.plugins and navigator.mimeTypes (FF50-99)
      FF53: fixes GetSupportedNames in nsMimeTypeArray and nsPluginArray (1324044)
   1330890 - spoof timezone as UTC0 (FF55)
   1360039 - spoof navigator.hardwareConcurrency as 2 (FF55)
   1217238 - reduce precision of time exposed by javascript (FF55)
 FF56
   1369303 - spoof/disable performance API
   1333651 - spoof User Agent & Navigator API
-      JS: the version is spoofed as ESR, and the OS as Windows 10, OS 10.15, Android 10, or Linux
+      version: spoofed as ESR (FF102+ this is limited to Android)
-      HTTP Headers: spoofed as Windows or Android
+      OS: JS spoofed as Windows 10, OS 10.15, Android 10, or Linux | HTTP Headers spoofed as Windows or Android
   1369319 - disable device sensor API
   1369357 - disable site specific zoom
   1337161 - hide gamepads from content
@ -1031,6 +882,7 @@ user_pref("privacy.firstparty.isolate", true);
   1461454 - spoof smooth=true and powerEfficient=false for supported media in MediaCapabilities (FF82)
 FF91+
    531915 - use fdlibm's sin, cos and tan in jsmath (FF93, ESR91.1)
   1756280 - enforce navigator.pdfViewerEnabled as true and plugins/mimeTypes as hard-coded values (FF100)
 ***/
 user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs");
 /* 4501: enable privacy.resistFingerprinting [FF41+]
@ -1064,7 +916,7 @@ user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF]
   // user_pref("privacy.resistFingerprinting.exemptedDomains", "*.example.invalid");
   // user_pref("privacy.resistFingerprinting.testGranularityMask", 0);
 /* 4506: set RFP's font visibility level (1402) [FF94+] ***/
-   // user_pref("layout.css.font-visibility.resistFingerprinting", 1);
+   // user_pref("layout.css.font-visibility.resistFingerprinting", 1); // [DEFAULT: 1]
 /* 4507: disable showing about:blank as soon as possible during startup [FF60+]
 * When default true this no longer masks the RFP chrome resizing activity
 * [1] https://bugzilla.mozilla.org/1448423 ***/
@ -1090,7 +942,7 @@ user_pref("browser.link.open_newwindow", 3); // [DEFAULT: 3]
 * [1] https://searchfox.org/mozilla-central/source/dom/tests/browser/browser_test_new_window_from_content.js ***/
 user_pref("browser.link.open_newwindow.restriction", 0);
 /* 4520: disable WebGL (Web Graphics Library)
- * [SETUP-WEB] If you need it then enable it. RFP still randomizes canvas for naive scripts ***/
+ * [SETUP-WEB] If you need it then override it. RFP still randomizes canvas for naive scripts ***/
 user_pref("webgl.disabled", true);
 /*** [SECTION 5000]: OPTIONAL OPSEC
@ -1167,8 +1019,8 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow
   // user_pref("browser.download.folderList", 2);
 /*** [SECTION 5500]: OPTIONAL HARDENING
-   Not recommended. Keep in mind that these can cause breakage and performance
+   Not recommended. Overriding these can cause breakage and performance issues,
-   issues, are mostly fingerpintable, and the threat model is practically zero
+   they are mostly fingerprintable, and the threat model is practically nonexistent
 ***/
 user_pref("_user.js.parrot", "5500 syntax error: this is an ex-parrot!");
 /* 5501: disable MathML (Mathematical Markup Language) [FF51+]
@ -1213,22 +1065,42 @@ user_pref("extensions.blocklist.enabled", true); // [DEFAULT: true]
 /* 6002: enforce no referer spoofing
 * [WHY] Spoofing can affect CSRF (Cross-Site Request Forgery) protections ***/
 user_pref("network.http.referer.spoofSource", false); // [DEFAULT: false]
 /* 6003: enforce CSP (Content Security Policy)
 * [1] https://developer.mozilla.org/docs/Web/HTTP/CSP ***/
 user_pref("security.csp.enable", true); // [DEFAULT: true]
 /* 6004: enforce a security delay on some confirmation dialogs such as install, open/save
 * [1] https://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ ***/
 user_pref("security.dialog_enable_delay", 1000); // [DEFAULT: 1000]
-/* 6005: enforce window.opener protection [FF65+]
+/* 6007: enforce Local Storage Next Generation (LSNG) [FF65+] ***/
- * Makes rel=noopener implicit for target=_blank in anchor and area elements when no rel attribute is set ***/
+user_pref("dom.storage.next_gen", true); // [DEFAULT: true FF92+]
-user_pref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: true]
+/* 6008: enforce no First Party Isolation [FF51+]
-/* 6006: enforce "window.name" protection [FF82+]
+ * [WARNING] Replaced with network partitioning (FF85+) and TCP (2701),
- * If a new page from another domain is loaded into a tab, then window.name is set to an empty string. The original
+ * and enabling FPI disables those. FPI is no longer maintained ***/
- * string is restored if the tab reverts back to the original page. This change prevents some cross-site attacks
+user_pref("privacy.firstparty.isolate", false); // [DEFAULT: false]
- * [TEST] https://arkenfox.github.io/TZP/tests/windownamea.html ***/
+/* 6009: enforce SmartBlock shims [FF81+]
-user_pref("privacy.window.name.update.enabled", true); // [DEFAULT: true]
+ * In FF96+ these are listed in about:compat
-/* 6050: prefsCleaner: reset previously active items removed from arkenfox FF92+ ***/
+ * [1] https://blog.mozilla.org/security/2021/03/23/introducing-smartblock/ ***/
-   // placeholder
+user_pref("extensions.webcompat.enable_shims", true); // [DEFAULT: true]
 /* 6010: enforce/reset TLS 1.0/1.1 downgrades to session only
 * [NOTE] In FF97+ the TLS 1.0/1.1 downgrade UX was removed
 * [TEST] https://tls-v1-1.badssl.com:1010/ ***/
 user_pref("security.tls.version.enable-deprecated", false); // [DEFAULT: false]
 /* 6011: enforce disabling of Web Compatibility Reporter [FF56+]
 * Web Compatibility Reporter adds a "Report Site Issue" button to send data to Mozilla
 * [WHY] To prevent wasting Mozilla's time with a custom setup ***/
 user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false]
 /* 6012: disable SHA-1 certificates ***/
 user_pref("security.pki.sha1_enforcement_level", 1); // [DEFAULT: 1 FF102+]
 /* 6050: prefsCleaner: reset items removed from arkenfox FF92+ ***/
   // user_pref("browser.urlbar.trimURLs", "");
   // user_pref("dom.caches.enabled", "");
   // user_pref("dom.storageManager.enabled", "");
   // user_pref("dom.storage_access.enabled", "");
   // user_pref("dom.targetBlankNoOpener.enabled", "");
   // user_pref("network.cookie.thirdparty.sessionOnly", "");
   // user_pref("network.cookie.thirdparty.nonsecureSessionOnly", "");
   // user_pref("privacy.firstparty.isolate.block_post_message", "");
   // user_pref("privacy.firstparty.isolate.restrict_opener_access", "");
   // user_pref("privacy.firstparty.isolate.use_site", "");
   // user_pref("privacy.window.name.update.enabled", "");
   // user_pref("security.insecure_connection_text.enabled", "");
 /*** [SECTION 7000]: DON'T BOTHER ***/
 user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies!");
@ -1239,7 +1111,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies
   // user_pref("geo.enabled", false);
   // user_pref("full-screen-api.enabled", false);
   // user_pref("browser.cache.offline.enable", false);
-   // user_pref("dom.vr.enabled", false);
+   // user_pref("dom.vr.enabled", false); // [DEFAULT: false FF97+]
 /* 7002: set default permissions
 * Location, Camera, Microphone, Notifications [FF58+] Virtual Reality [FF73+]
 * 0=always ask (default), 1=allow, 2=block
@ -1264,16 +1136,16 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies
   // user_pref("security.ssl3.rsa_aes_128_sha", false); // no PFS
   // user_pref("security.ssl3.rsa_aes_256_sha", false); // no PFS
 /* 7004: control TLS versions
- * [WHY] Passive fingerprinting. Downgrades are still possible: behind user interaction ***/
+ * [WHY] Passive fingerprinting and security ***/
   // user_pref("security.tls.version.min", 3); // [DEFAULT: 3]
   // user_pref("security.tls.version.max", 4);
 /* 7005: disable SSL session IDs [FF36+]
- * [WHY] Passive fingerprinting and perf costs. These are session-only and isolated
+ * [WHY] Passive fingerprinting and perf costs. These are session-only
- * with network partitioning (FF85+) or when using FPI and/or containers ***/
+ * and isolated with network partitioning (FF85+) and/or containers ***/
   // user_pref("security.ssl.disable_session_identifiers", true); // [HIDDEN PREF]
 /* 7006: onions
 * [WHY] Firefox doesn't support hidden services. Use Tor Browser ***/
-   // user_pref("dom.securecontext.whitelist_onions", true); // 1382359
+   // user_pref("dom.securecontext.allowlist_onions", true); // [FF97+] 1382359/1744006
   // user_pref("network.http.referer.hideOnionSource", true); // 1305144
 /* 7007: referers
 * [WHY] Only cross-origin referers (1600s) need control ***/
@ -1284,15 +1156,8 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies
 * [WHY] Defaults are fine. They can be overridden by a site-controlled Referrer Policy ***/
   // user_pref("network.http.referer.defaultPolicy", 2); // [DEFAULT: 2]
   // user_pref("network.http.referer.defaultPolicy.pbmode", 2); // [DEFAULT: 2]
 /* 7009: disable HTTP2
 * [WHY] Passive fingerprinting. ~50% of sites use HTTP2 [1]
 * [1] https://w3techs.com/technologies/details/ce-http2/all/all ***/
   // user_pref("network.http.spdy.enabled", false);
   // user_pref("network.http.spdy.enabled.deps", false);
   // user_pref("network.http.spdy.enabled.http2", false);
   // user_pref("network.http.spdy.websockets", false); // [FF65+]
 /* 7010: disable HTTP Alternative Services [FF37+]
- * [WHY] Already isolated by network partitioning (FF85+) or FPI ***/
+ * [WHY] Already isolated with network partitioning (FF85+) ***/
   // user_pref("network.http.altsvc.enabled", false);
   // user_pref("network.http.altsvc.oe", false); // [DEFAULT: false FF94+]
 /* 7011: disable website control over browser right-click context menu
@ -1312,8 +1177,36 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies
 * [WHY] It can compromise security. System addons ship with prefs, use those ***/
   // user_pref("extensions.systemAddon.update.enabled", false); // [FF62+]
   // user_pref("extensions.systemAddon.update.url", ""); // [FF44+]
 /* 7015: enable the DNT (Do Not Track) HTTP header
 * [WHY] DNT is enforced with Tracking Protection which is used in ETP Strict (2701) ***/
   // user_pref("privacy.donottrackheader.enabled", true);
 /* 7016: customize ETP settings
 * [WHY] Arkenfox only supports strict (2701) which sets these at runtime ***/
   // user_pref("network.cookie.cookieBehavior", 5);
   // user_pref("network.http.referer.disallowCrossSiteRelaxingDefault", true);
   // user_pref("network.http.referer.disallowCrossSiteRelaxingDefault.top_navigation", true); // [FF100+]
   // user_pref("privacy.partition.network_state.ocsp_cache", true);
   // user_pref("privacy.query_stripping.enabled", true); // [FF101+] [ETP FF102+]
   // user_pref("privacy.trackingprotection.enabled", true);
   // user_pref("privacy.trackingprotection.socialtracking.enabled", true);
   // user_pref("privacy.trackingprotection.cryptomining.enabled", true); // [DEFAULT: true]
   // user_pref("privacy.trackingprotection.fingerprinting.enabled", true); // [DEFAULT: true]
 /* 7017: disable service workers
 * [WHY] Already isolated (FF96+) with TCP (2701) behind a pref (2710)
 * or blocked with TCP in 3rd parties (FF95 or lower) ***/
   // user_pref("dom.serviceWorkers.enabled", false);
 /* 7018: disable Web Notifications
 * [WHY] Web Notifications are behind a prompt (7002)
 * [1] https://blog.mozilla.org/en/products/firefox/block-notification-requests/ ***/
   // user_pref("dom.webnotifications.enabled", false); // [FF22+]
   // user_pref("dom.webnotifications.serviceworker.enabled", false); // [FF44+]
 /* 7019: disable Push Notifications [FF44+]
 * [WHY] Push requires subscription
 * [NOTE] To remove all subscriptions, reset "dom.push.userAgentID"
 * [1] https://support.mozilla.org/kb/push-notifications-firefox ***/
   // user_pref("dom.push.enabled", false);
-/*** [SECTION 8000]: DON'T BOTHER: NON-RFP
+/*** [SECTION 8000]: DON'T BOTHER: FINGERPRINTING
   [WHY] They are insufficient to help anti-fingerprinting and do more harm than good
   [WARNING] DO NOT USE with RFP. RFP already covers these and they can interfere
 ***/
@ -1323,7 +1216,7 @@ user_pref("_user.js.parrot", "8000 syntax error: the parrot's crossed the Jordan
   // user_pref("dom.enable_performance", false);
   // user_pref("dom.enable_resource_timing", false);
   // user_pref("dom.gamepad.enabled", false);
-   // user_pref("dom.netinfo.enabled", false);
+   // user_pref("dom.netinfo.enabled", false); // [DEFAULT: false NON-ANDROID: false ANDROID FF99+]
   // user_pref("dom.webaudio.enabled", false);
 /* 8002: disable other ***/
   // user_pref("browser.display.use_document_fonts", 0);
@ -1361,6 +1254,16 @@ user_pref("browser.startup.homepage_override.mstone", "ignore"); // master switc
   // user_pref("browser.warnOnQuitShortcut", false); // [FF94+]
   // user_pref("full-screen-api.warning.delay", 0);
   // user_pref("full-screen-api.warning.timeout", 0);
 /* UPDATES ***/
   // user_pref("app.update.auto", false); // [NON-WINDOWS] disable auto app updates
      // [NOTE] You will still get prompts to update, and should do so in a timely manner
      // [SETTING] General>Firefox Updates>Check for updates but let you choose to install them
   // user_pref("browser.search.update", false); // disable search engine updates (e.g. OpenSearch)
      // [NOTE] This does not affect Mozilla's built-in or Web Extension search engines
   // user_pref("extensions.update.enabled", false); // disable extension and theme update checks
   // user_pref("extensions.update.autoUpdateDefault", false); // disable installing extension and theme updates
      // [SETTING] about:addons>Extensions>[cog-wheel-icon]>Update Add-ons Automatically (toggle)
   // user_pref("extensions.getAddons.cache.enabled", false); // disable extension metadata (extension detail tab)
 /* APPEARANCE ***/
   // user_pref("browser.download.autohideButton", false); // [FF57+]
   // user_pref("toolkit.legacyUserProfileCustomizations.stylesheets", true); // [FF68+] allow userChrome/userContent
@ -1380,7 +1283,7 @@ user_pref("browser.startup.homepage_override.mstone", "ignore"); // master switc
   // user_pref("browser.urlbar.decodeURLsOnCopy", true); // see bugzilla 1320061 [FF53+]
   // user_pref("general.autoScroll", false); // middle-click enabling auto-scrolling [DEFAULT: false on Linux]
   // user_pref("ui.key.menuAccessKey", 0); // disable alt key toggling the menu bar [RESTART]
-   // user_pref("view_source.tab", false); // view "page/selection source" in a new window [FF68+, FF59 and under]
+   // user_pref("view_source.tab", false); // view "page/selection source" in a new window [FF68+]
 /* UX FEATURES ***/
 user_pref("browser.messaging-system.whatsNewPanel.enabled", false); // What's New toolbar icon [FF69+]
   // user_pref("extensions.pocket.enabled", false); // Pocket Account [FF46+]
@ -1415,6 +1318,30 @@ user_pref("_user.js.parrot", "9999 syntax error: the parrot's shuffled off 'is m
 // 0807: disable location bar contextual suggestions [FF92+] - replaced by new 0807
   // [-] https://bugzilla.mozilla.org/1735976
 user_pref("browser.urlbar.suggest.quicksuggest", false);
 // FF96
 // 0302: disable auto-INSTALLING Firefox updates via a background service + hide the setting [FF90+] [WINDOWS]
   // [SETTING] General>Firefox Updates>Automatically install updates>When Firefox is not running
   // [1] https://support.mozilla.org/kb/enable-background-updates-firefox-windows
   // [-] https://bugzilla.mozilla.org/1738983
 user_pref("app.update.background.scheduling.enabled", false);
 // FF97
 // 7006: onions - replaced by new 7006 "allowlist"
   // [-] https://bugzilla.mozilla.org/1744006
   // user_pref("dom.securecontext.whitelist_onions", true); // 1382359
 // FF99
 // 6003: enforce CSP (Content Security Policy)
   // [1] https://developer.mozilla.org/docs/Web/HTTP/CSP
   // [-] https://bugzilla.mozilla.org/1754301
 user_pref("security.csp.enable", true); // [DEFAULT: true]
 // FF100
 // 7009: disable HTTP2 - replaced by network.http.http2* prefs
   // [WHY] Passive fingerprinting. ~50% of sites use HTTP2 [1]
   // [1] https://w3techs.com/technologies/details/ce-http2/all/all
   // [-] https://bugzilla.mozilla.org/1752621
   // user_pref("network.http.spdy.enabled", false);
   // user_pref("network.http.spdy.enabled.deps", false);
   // user_pref("network.http.spdy.enabled.http2", false);
   // user_pref("network.http.spdy.websockets", false); // [FF65+]
 // ***/
 /* END: internal custom pref to test for syntax errors ***/
--- a/wikipiki/backup01.png
+++ b/wikipiki/backup01.png
--- a/wikipiki/overview01.png
+++ b/wikipiki/overview01.png
--- a/wikipiki/overview02.png
+++ b/wikipiki/overview02.png
--- a/wikipiki/overview03.png
+++ b/wikipiki/overview03.png
--- a/wikipiki/rfpCanvas.png
+++ b/wikipiki/rfpCanvas.png
--- a/wikipiki/rfpCanvasException.png
+++ b/wikipiki/rfpCanvasException.png
--- a/wikipiki/smartReferer.png
+++ b/wikipiki/smartReferer.png
--- a/wikipiki/uboCustom.png
+++ b/wikipiki/uboCustom.png
Author	SHA1	Message	Date
Thorin-Oakenpants	1a899966a9	v101 (#1443 )	2022-06-12 13:38:27 +00:00
Thorin-Oakenpants	36c942e887	browser.urlbar.trimURLs see #1473	2022-06-12 12:45:13 +00:00
Thorin-Oakenpants	662eddbc21	network.cookie.thirdparty	2022-06-01 13:51:19 +00:00
Thorin-Oakenpants	ea139e3ef8	long standing defaults - FF79+ dom.targetBlankNoOpener.enabled - https://bugzilla.mozilla.org/show_bug.cgi?id=1522083 - FF86+ privacy.window.name.update.enabled - https://bugzilla.mozilla.org/show_bug.cgi?id=1685089	2022-05-09 19:25:18 +00:00
Thorin-Oakenpants	d6b26e7558	v100 (#1423 )	2022-05-09 18:49:38 +00:00
Thorin-Oakenpants	7ff46e02dd	v100 deprecated https://bugzilla.mozilla.org/1752621 - replaced with network.http.http2* prefs	2022-05-05 23:33:44 +00:00
fabrizio	4ff931781a	Merge pull request #1419 from arkenfox/v99 v99	2022-04-09 09:45:45 +00:00
Thorin-Oakenpants	9aae0a62b0	tidy deprecated, misc RFP changes	2022-04-08 21:30:22 +00:00
Thorin-Oakenpants	eb98f06d69	security.csp.enable https://bugzilla.mozilla.org/1754301	2022-04-08 21:28:16 +00:00
fxbrit	81561840a1	deprecate security.csp.enable	2022-04-08 11:43:39 +02:00
i-c-u-p	64bc683c3f	Made prefsCleaner.sh executable (#1416 ) Changed permissions of prefsCleaner.sh from 644 to 755 to be able to run it via "./prefsCleaner.sh" with out first executing "chmod +x prefsCleaner.sh".	2022-04-08 07:03:43 +00:00
earthlng	b4225baaf2	Update updater.sh	2022-03-19 07:47:46 +00:00
matthias-z	e00497fd51	Fix newline issue when downloading files in updater.sh (#1397 )	2022-03-19 07:46:08 +00:00
Thorin-Oakenpants	d9af90d05f	v98 (#1372 )	2022-03-10 00:44:10 +00:00
Thorin-Oakenpants	0d83307b14	Update troubleshooting-help.md	2022-02-27 10:44:04 +00:00
Thorin-Oakenpants	4f3f789f28	Add files via upload	2022-02-25 23:15:01 +13:00
Thorin-Oakenpants	6b6ed86b6c	Update troubleshooting-help.md	2022-02-24 00:26:15 +00:00
Thorin-Oakenpants	382b9181df	Add files via upload	2022-02-20 19:00:32 +13:00
Thorin-Oakenpants	ba052105de	Add files via upload	2022-02-14 05:38:13 +13:00
Thorin-Oakenpants	4bd17611df	Update troubleshooting-help.md	2022-02-13 13:11:55 +00:00
Thorin-Oakenpants	41468d0d0b	Update troubleshooting-help.md	2022-02-13 13:11:26 +00:00
Thorin-Oakenpants	a98b73c64e	v97 (#1346 )	2022-02-13 11:15:00 +00:00
Thorin-Oakenpants	58e2618b9d	dom.securecontext.whitelist_onions replaced by dom.securecontext.allowlist_onions - https://bugzilla.mozilla.org/1744006	2022-02-09 20:00:43 +00:00
Thorin-Oakenpants	d61da93aad	Update troubleshooting-help.md	2022-02-06 15:30:25 +00:00
Thorin-Oakenpants	562127be87	Update troubleshooting-help.md	2022-02-06 15:27:50 +00:00
xfzv	917e3fe1aa	Update wiki link for updater options (#1364 )	2022-02-06 12:23:20 +00:00
Thorin-Oakenpants	89bee0e361	Add files via upload	2022-01-31 03:08:22 +13:00
Thorin-Oakenpants	4c74f1bffb	Update README.md	2022-01-30 08:53:08 +00:00
Thorin-Oakenpants	0d9de9174a	Update README.md	2022-01-30 03:23:06 +00:00
Thorin-Oakenpants	45043537d8	Update README.md	2022-01-30 03:20:59 +00:00
Thorin-Oakenpants	cc7ca9d0fa	cleanup dead images (#1353 )	2022-01-29 05:24:41 +00:00
fabrizio	10044fcaf7	typos #1342 (#1343 )	2022-01-22 01:49:48 +00:00
Thorin-Oakenpants	ac0820a5dc	add last bits about ETP Strict/dFPI, closes #1337	2022-01-21 03:48:06 +00:00
Thorin-Oakenpants	83b6d64e67	security.insecure_connection_text.enabled AF has been using HTTPS-Only mode since v84, the interstitial is more than ample, padlock is still marked as insecure	2022-01-16 02:36:08 +00:00
Thorin-Oakenpants	b5bf2ee017	oophs, add removed item from last commit to 6050	2022-01-16 02:34:21 +00:00
Thorin-Oakenpants	09d62d2302	remove 1273: "not Secure" text on insecure sites AF has been using HTTPS-Only mode since v84, the interstitial is more than ample, padlock is still marked as insecure	2022-01-16 02:31:57 +00:00
Thorin-Oakenpants	7a4676fe2d	make 1601 setup tag more explicit, closes #1326	2022-01-15 05:25:11 +00:00
Thorin-Oakenpants	bc2aba3829	move last update pref to personal	2022-01-12 05:25:31 +00:00
Thorin-Oakenpants	926a2d4ac8	v96 deprecated, #1325 also tidy the description to reflect that the setting is hidden	2022-01-12 05:09:17 +00:00
Thorin-Oakenpants	ab7380c93b	HoM: tweak background request info	2022-01-11 09:21:37 +00:00
Thorin-Oakenpants	06b8d8bfa3	move 0362 to don't touch	2022-01-07 17:29:26 +00:00
Thorin-Oakenpants	7016c2050d	move TLS 1.0/1.1 downgrades to don't bother https://bugzilla.mozilla.org/show_bug.cgi?id=1745678	2021-12-30 03:15:56 +00:00
Thorin-Oakenpants	2787da7f90	Update README.md	2021-12-24 06:04:38 +00:00
Thorin-Oakenpants	7e18f8b473	tweak 2011 - FF85+ switched to using application regional locale - go to about:support > Internationalization & Localization (almost at the very end) - look at Application > Regional Preferences - add test	2021-12-24 06:01:41 +00:00
Thorin-Oakenpants	d2510b014d	move updates to personal updating (app, extensions, ext cache) is not a privacy issue - if you're willing to use Firefox but not trust updating, then I have two bricks to sell you: users who wish to disable it (to check changes first etc) and update in a timely manner, then that is on them - including any prompt fatigue - same goes for extensions: the end-user installed them (and arkenfox only recommends a very select few) - the onus is on the end-user The remaining ones I will deal with later	2021-12-23 23:42:28 +00:00
Thorin-Oakenpants	87bd8683fa	2022: add browser.eme.ui.enabled for those who want to remove DRM prompts and have no intention of enabling it	2021-12-23 21:22:41 +00:00
Thorin-Oakenpants	d48d3ad29a	remove browser.eme.ui.enabled	2021-12-23 21:20:28 +00:00
Thorin-Oakenpants	6675225ec4	make 0301 inactive auto-updating is not a security nor a privacy risk, by default it should be enabled and it's on end-users if they want to disable it - does not affect windows users	2021-12-23 06:36:39 +00:00
Thorin-Oakenpants	bb56056a68	explain 0-RTT	2021-12-15 19:23:03 +00:00
Thorin-Oakenpants	93f0ff89c8	move web notifcations to don't bother	2021-12-15 00:05:03 +00:00
Thorin-Oakenpants	7811e912f4	make push notifications inactive - they require SWers which are already blocked by virtue of permissions being session only - also remove "dom.push.userAgentID" as this means prefsCleaner resets it and would wipe user's subscriptions - not adding "dom.push.userAgentID" to the cleanup script for the same reason	2021-12-14 13:25:46 +00:00
Thorin-Oakenpants	238f1545f4	fixup thanks #fxbrit have a 🍥 fish cake	2021-12-13 14:15:25 +00:00
Thorin-Oakenpants	c269ac9f7d	remove duplicate	2021-12-13 03:49:42 +00:00
Thorin-Oakenpants	78297132b4	fix syntax	2021-12-12 15:44:39 +00:00
Thorin-Oakenpants	8de87de050	update 0704: GIO, closes #1050 (#1300 ) https://bugzilla.mozilla.org/show_bug.cgi?id=1666725	2021-12-12 15:41:55 +00:00
Thorin-Oakenpants	8bc25b552d	expand 0650 to include any removed item this should reduce any dependency on the scratchpad script	2021-12-12 15:30:53 +00:00
Thorin-Oakenpants	c8c86262d7	enforce SmartBlock shims	2021-12-12 13:51:25 +00:00
Thorin-Oakenpants	f836e55363	tidy ETP stuff	2021-12-12 13:31:01 +00:00
Thorin-Oakenpants	8cdb30cc08	make cookie pref active @SkewedZeppelin ... https://github.com/arkenfox/user.js/issues/1051#issuecomment-991806497	2021-12-12 00:26:12 +00:00
Thorin-Oakenpants	54810e333f	typo	2021-12-11 19:17:43 +00:00
Thorin-Oakenpants	7ec13c0323	sharedWorkers tweak tested in FF91+. Seems as if sharedWorkers no longer requires an explicit `Allow`	2021-12-11 12:22:00 +00:00
Thorin-Oakenpants	af109d4696	tweak 7016	2021-12-11 11:15:34 +00:00
Thorin-Oakenpants	460951df9e	tidy, add instructions	2021-12-11 09:37:45 +00:00
Thorin-Oakenpants	93874bda43	rename	2021-12-11 09:14:59 +00:00
Thorin-Oakenpants	4ebabbb569	Delete arkenfox-clear-deprecated.js	2021-12-11 09:13:51 +00:00
Thorin-Oakenpants	1f0dc1853d	merge scratchpads into one	2021-12-11 09:13:09 +00:00
Thorin-Oakenpants	13e5fe17b1	remove rfpalts (#1288 )	2021-12-11 06:56:43 +00:00
Thorin-Oakenpants	ec7cb6a491	2702: partition service workers	2021-12-09 17:17:52 +00:00
Thorin-Oakenpants	d9f49bdf1f	make 7017 clearer	2021-12-09 16:17:53 +00:00
Thorin-Oakenpants	d5bc6715cd	remove web workers section farewell parrot	2021-12-09 16:14:36 +00:00
Thorin-Oakenpants	8860c90abf	make service workers inactive currently 3rd party service workers are blocked in FF95 when dFPI is enabled (which this version has should anyone update to 96-alpha) - but I get an error even on first party - https://arkenfox.github.io/TZP/tzp.html#storage - I get : service worker \| test : enabled \| failed: SecurityError in FF96+ service workers they are covered by dFPI - see https://bugzilla.mozilla.org/show_bug.cgi?id=1731999	2021-12-09 14:31:41 +00:00
Thorin-Oakenpants	4d5abd6cc3	tweak 8000 title lets not encourage non-RFP users to see this as a sign to use them	2021-12-09 14:18:25 +00:00
Thorin-Oakenpants	de28689e76	flip from FPI to dFPI I will tidy and expand 2700 entries later	2021-12-09 14:13:39 +00:00
Thorin-Oakenpants	5d508e4242	move LSNG to don't touch	2021-12-09 14:05:47 +00:00
Thorin-Oakenpants	1fc43574d6	move "cookie" permission info into 2801	2021-12-09 14:00:21 +00:00
Thorin-Oakenpants	83602baa38	misc site storage/data prefs been inactive since jesus was a baby	2021-12-09 13:47:57 +00:00
Thorin-Oakenpants	0634a568ef	remove redundant site data prefs we've never used these - service workers are disabled (or soon to be covered by dFPI when enabled) and sanitizing is already done (or will be done via enhanced cookie cleaning) - storage API, storage access API: we sanitize on close, and sites are isolated by eTLD+1	2021-12-09 13:45:46 +00:00
Thorin-Oakenpants	97322d6e8b	various inactive FPI prefs	2021-12-09 12:31:38 +00:00
Thorin-Oakenpants	f7bba92c71	cleanout FPI section farewell parrot	2021-12-09 12:28:45 +00:00
Thorin-Oakenpants	fe75baa79f	move DNT to DON'T BOTHER	2021-12-09 11:44:51 +00:00
Thorin-Oakenpants	72cc4d176e	0706: network.proxy.allow_bypass, closes #1292	2021-12-09 11:41:18 +00:00