58-alpha release

- removed `network.cookie.thirdparty.sessionOnly` because it can't break sites
- added `permissions.default.shortcuts`

.gitattributes

@@ -1,8 +1,14 @@
-* text=auto
+## * text=auto
 
-*.js text
-*.md text
-*.yml text
-*.txt text
+*.js text=auto
+*.md text=auto
+*.yml text=auto
+*.txt text=auto
+*.sh text=auto
+*.bat eol=crlf
 
 *.png binary
+
+.gitattributes export-ignore
+*.yml export-ignore
+wikipiki export-ignore

README.md

@@ -2,36 +2,20 @@
 A `user.js` is a configuration file that can control hundreds of Firefox settings. For a more technical breakdown and explanation, you can read more on the [overview](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.1-Overview) wiki page.
 
 ### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) ghacks user.js
-The [ghacks user.js](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/user.js) is a template, which, as provided, aims (![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/exclamation.png) with [extensions](https://github.com/ghacksuserjs/ghacks-user.js/wiki/Appendix-B:-Extensions) <sup>1</sup> ) to provide as much privacy and enhanced security as possible, and to reduce tracking and fingerprinting as much as possible - while minimizing any loss of functionality and breakage (but it will happen).
+The `ghacks user.js` is a **template**, which, as provided, aims to provide as much privacy and enhanced security as possible, and to reduce tracking and fingerprinting as much as possible - while minimizing any loss of functionality and breakage (but it will happen).
 
-We aim to INFORM and give you CHOICES. No one size fits all, so customize it! And not all sites have the same requirements, so use [profiles](https://github.com/ghacksuserjs/ghacks-user.js/wiki/2.3-Concurrent-Profiles) with custom versions. We won't set you wrong.
+Everyone, experts included, should at least read the [implementation](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation) wiki page, as it contains important information regarding a few `ghacks user.js` settings.
 
-INFORMATION IS POWER. So you can make informed decisions to better protect yourself online, we aim to be:
-
-* Accessible (provide information and simpler, less-technical descriptions if possible)
-* Accountable (provide reputable references/sources, [test sites](https://github.com/ghacksuserjs/ghacks-user.js/wiki/Appendix-C:-Test-Sites), dispel bad advice)
-* Change trackable (yay! we're on github now, with commits)
-* Compatible (including a [deprecated section](https://github.com/ghacksuserjs/ghacks-user.js/issues/123), [releases](https://github.com/ghacksuserjs/ghacks-user.js/releases))
-* Comprehensive (including enforcing defaults and future-proofing)
-* Current and up-to-date with stable (including [changelogs](https://github.com/ghacksuserjs/ghacks-user.js/search?q=label%3Achangelog&type=Issues&utf8=%E2%9C%93))
-* Detailed (preference versioning, hidden preference information, explanations, and more)
-* Easy to use and discuss (sections, sub-sections, numbering)
-* Helpful (including a [wiki](https://github.com/ghacksuserjs/ghacks-user.js/wiki) with features such as [extensions](https://github.com/ghacksuserjs/ghacks-user.js/wiki/Appendix-B:-Extensions), [user scripts](https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-User-Scripts), [references](https://github.com/ghacksuserjs/ghacks-user.js/wiki/Appendix-D:-References) and more)
-* Innovative (formatting, special tags, and future plans such as branches)
-
-### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) usage
-Everyone, experts included, should at least read the [implementation](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation) wiki page, as it contains important information regarding a few default settings we use. The rest of the [wiki](https://github.com/ghacksuserjs/ghacks-user.js/wiki) is helpful as well.
+Sitemap: [Releases](https://github.com/ghacksuserjs/ghacks-user.js/releases), [changelogs](https://github.com/ghacksuserjs/ghacks-user.js/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3Achangelog), [Wiki](https://github.com/ghacksuserjs/ghacks-user.js/wiki), [stickies](https://github.com/ghacksuserjs/ghacks-user.js/issues?q=is%3Aissue+is%3Aopen+label%3A%22sticky+topic%22). [diffs](https://github.com/ghacksuserjs/ghacks-user.js/issues?q=is%3Aissue+label%3Adiffs)
 
 ### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) acknowledgments
 Literally thousands of sources, references and suggestions. That said...
 
-* Martin Brinkmann at [ghacks](https://www.ghacks.net/) <sup>2</sup>
-   * 100% genuine super-nice all-around good guy
+* Martin Brinkmann at [ghacks](https://www.ghacks.net/) <sup>1</sup>
 * The ghacks community and commentators
-   * Special mentions to [earthlng](https://github.com/earthlng), Tom Hawack, Just me, Conker, Rockin’ Jerry, Ainatar, Parker Lewis
-* [12bytes](http://12bytes.org/articles/tech/firefoxgecko-configuration-guide-for-privacy-and-performance-buffs)
+* [12bytes](http://12bytes.org/tech/firefox/firefoxgecko-configuration-guide-for-privacy-and-performance-buffs)
    * The 12bytes article now uses this user.js and supplements it with an additonal JS hosted right [here](https://github.com/atomGit/Firefox-user.js) at github
 
-<sup>1</sup> ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/exclamation.png) Important: We HIGHLY recommend using uBlock Origin, uMatrix and a cookie extension. Section 0400, if modified, allows Tracking Protection and Safe Browsing to be disabled. Do this at your own risk. See the [implementation](https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation) wiki page for more.
+<sup>1</sup> The ghacks user.js was an independent project by [Thorin-Oakenpants](https://github.com/Thorin-Oakenpants) started in early 2015 and was [first published](https://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/) at ghacks in August 2015. With Martin Brinkmann's blessing, it will keep the ghacks name.
 
-<sup>2</sup> The ghacks user.js was an independent project by [Thorin-Oakenpants](https://github.com/Thorin-Oakenpants) started in early 2015 and was [first published](https://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/) at ghacks in August 2015. It was kept up-to-date and expanded by the original author with three major updates and articles. With Martin Brinkmann's blessing, it will keep the ghacks name.
+### ![](https://github.com/ghacksuserjs/ghacks-user.js/blob/master/wikipiki/bullet01.png) [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)

prefsCleaner.bat

@@ -0,0 +1,113 @@
+@ECHO OFF
+TITLE prefs.js cleaner
+
+REM ### prefs.js cleaner for Windows
+REM ## author: @claustromaniac
+REM ## version: 1.2
+
+SETLOCAL EnableDelayedExpansion
+:begin
+ECHO:
+ECHO:
+ECHO                 ########################################
+ECHO                 ####  prefs.js cleaner for Windows  ####
+ECHO                 ####        by claustromaniac       ####
+ECHO                 ####              v1.2              ####
+ECHO                 ########################################
+ECHO:
+CALL :message "This script should be run from your Firefox profile directory."
+ECHO   It will remove any entries from prefs.js that also exist in user.js.
+CALL :message "This will allow inactive preferences to be reset to their default values."
+ECHO   This Firefox profile shouldn't be in use during the process.
+CALL :message ""
+TIMEOUT 1 /nobreak >nul
+CHOICE /C SHE /N /M "Start [S] Help [H] Exit [E]"
+CLS
+IF ERRORLEVEL 3 (EXIT /B)
+IF ERRORLEVEL 2 (GOTO :showhelp)
+IF NOT EXIST "user.js" (CALL :abort "user.js not found in the current directory." 30)
+IF NOT EXIST "prefs.js" (CALL :abort "prefs.js not found in the current directory." 30)
+CALL :FFcheck
+CALL :message "Backing up prefs.js..."
+COPY /B /V /Y prefs.js "prefs-backup-!date:/=-!_!time::=.!.js"
+CALL :message "Cleaning prefs.js..."
+CALL :cleanup
+CLS
+CALL :message "All done^!"
+TIMEOUT 5 >nul
+EXIT /B
+
+REM ########## Abort Function ###########
+:abort
+CALL :message %1
+TIMEOUT %~2 >nul
+EXIT
+REM ########## Message Function #########
+:message
+SETLOCAL DisableDelayedExpansion
+ECHO:
+ECHO:  %~1
+ECHO:
+ENDLOCAL
+GOTO :EOF
+REM ####### Firefox Check Function ######
+:FFcheck
+TASKLIST /FI "IMAGENAME eq firefox.exe" 2>NUL | FIND /I /N "firefox.exe">NUL
+IF NOT ERRORLEVEL 1 (
+	CLS
+	CALL :message "Firefox is still running."
+	ECHO   If you're not currently using this profile you can continue, otherwise
+	CALL :message "close Firefox first^!"
+	ECHO:
+	PAUSE
+	CLS
+	CALL :message "Resuming..."
+	TIMEOUT 5 /nobreak >nul
+)
+GOTO :EOF
+REM ######### Cleanup Function ##########
+:cleanup
+SETLOCAL DisableDelayedExpansion
+(
+	FOR /F "tokens=1,* delims=:" %%G IN ('FINDSTR /N "^" prefs.js') DO (
+		SET "_line=%%H"
+		SETLOCAL EnableDelayedExpansion
+		IF /I "user_pref"=="!_line:~0,9!" (
+			FOR /F tokens^=2^ delims^=^" %%I IN ("!_line:.=\.!") DO (
+				FINDSTR /R /C:"user_pref[ 	]*\([ 	]*[\"']%%I[\"'][ 	]*," user.js >nul
+				IF ERRORLEVEL 1 (ECHO:!_line!)
+			)
+		) ELSE (
+			ECHO:!_line!
+		)
+		ENDLOCAL
+	)
+)>tempcleanedprefs
+ENDLOCAL
+MOVE /Y tempcleanedprefs prefs.js
+GOTO :EOF
+REM ############### Help ##################
+:showhelp
+MODE 80,34
+CLS
+CALL :message "This script creates a backup of your prefs.js file before doing anything."
+ECHO   It should be safe, but you can follow these steps if something goes wrong:
+ECHO:
+CALL :message "  1. Make sure Firefox is closed."
+ECHO     2. Delete prefs.js in your profile folder.
+CALL :message "  3. Delete Invalidprefs.js if you have one in the same folder."
+ECHO     4. Rename or copy your latest backup to prefs.js.
+CALL :message "  5. Run Firefox and see if you notice anything wrong with it."
+ECHO     6. If you do notice something wrong, especially with your extensions,
+CALL :message "     and/or with the UI, go to about:support, and restart Firefox with"
+ECHO        add-ons disabled. Then, restart it again normally, and see if the
+CALL :message "     problems were solved."
+ECHO:
+CALL :message "If you are able to identify the cause of your issues, please bring it up"
+ECHO   on ghacks-user.js GitHub repository.
+ECHO:
+ECHO:
+PAUSE
+CLS
+GOTO :begin
+REM #####################################

scratchpad-scripts/ghacks-clear-57-[changes-only].js

@@ -0,0 +1,61 @@
+/***
+
+ For instructions see:
+ https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts]
+
+***/
+
+(function() {
+  let ops = [
+    /* --- 57-alpha --- */
+    /* commented out */
+    'browser.storageManager.enabled',
+    'dom.storageManager.enabled',
+    /* removed from the user.js */
+    'browser.search.geoip.timeout',
+    'geo.wifi.xhr.timeout',
+    'gfx.layerscope.enabled',
+    'media.webspeech.recognition.enable',
+    /* moved to RFP ALTERNATIVES */
+    'dom.w3c_touch_events.enabled',
+    'media.video_stats.enabled',
+    /* moved to DEPRECATED/REMOVED */
+    'browser.bookmarks.showRecentlyBookmarked',
+    'browser.casting.enabled',
+    'devtools.webide.autoinstallFxdtAdapters',
+    'media.eme.chromium-api.enabled',
+    'social.directories',
+    'social.enabled',
+    'social.remote-install.enabled',
+    'social.share.activationPanelEnabled',
+    'social.shareDirectory',
+    'social.toast-notifications.enabled',
+    'social.whitelist',
+    /* reset parrot: check your open about:config after running the script */
+    '_user.js.parrot'
+  ]
+
+  if("undefined" === typeof(Services)) {
+    alert("about:config needs to be the active tab!");
+    return;
+  }
+  
+  let c = 0;
+  for (let i = 0, len = ops.length; i < len; i++) {
+    if (Services.prefs.prefHasUserValue(ops[i])) {   
+      Services.prefs.clearUserPref(ops[i]);
+      if (!Services.prefs.prefHasUserValue(ops[i])) {
+        console.log("reset", ops[i]);
+        c++;
+      } else { console.log("failed to reset", ops[i]); }
+    }
+  }
+  
+  focus();
+  
+  let d = (c==1) ? " pref" : " prefs";
+  if (c > 0) {
+    alert("successfully reset " + c + d + "\n\nfor details check the Browser Console (Ctrl+Shift+J)");
+  } else { alert("nothing to reset"); }
+  
+})();

scratchpad-scripts/ghacks-clear-all-up-to-57-[RFP-alternatives].js

@@ -0,0 +1,60 @@
+/***
+
+ This will reset the preferences that are under sections 4600 & 4700 in the ghacks user.js
+ up to and including release 57-alpha. These are the prefs that are no longer necessary,
+ or they conlfict with, privacy.resistFingerprinting if you have that enabled.
+
+ For instructions see:
+ https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts]
+
+***/
+ 
+(function() {
+  let ops = [
+    /* section 4600 */
+    'dom.maxHardwareConcurrency',
+    'dom.enable_resource_timing',
+    'dom.enable_performance',
+    'device.sensors.enabled',
+    'browser.zoom.siteSpecific',
+    'dom.gamepad.enabled',
+    'dom.netinfo.enabled',
+    'media.webspeech.synth.enabled',
+    'geo.enabled',
+    'media.video_stats.enabled',
+    'dom.w3c_touch_events.enabled',
+    /* section 4700 */
+    'general.useragent.override',
+    'general.buildID.override',
+    'general.appname.override',
+    'general.appversion.override',
+    'general.platform.override',
+    'general.oscpu.override',
+    /* reset parrot: check your open about:config after running the script */
+    '_user.js.parrot'
+  ]
+
+  if("undefined" === typeof(Services)) {
+    alert("about:config needs to be the active tab!");
+    return;
+  }
+  
+  let c = 0;
+  for (let i = 0, len = ops.length; i < len; i++) {
+    if (Services.prefs.prefHasUserValue(ops[i])) {   
+      Services.prefs.clearUserPref(ops[i]);
+      if (!Services.prefs.prefHasUserValue(ops[i])) {
+        console.log("reset", ops[i]);
+        c++;
+      } else { console.log("failed to reset", ops[i]); }
+    }
+  }
+  
+  focus();
+  
+  let d = (c==1) ? " pref" : " prefs";
+  if (c > 0) {
+    alert("successfully reset " + c + d + "\n\nfor details check the Browser Console (Ctrl+Shift+J)");
+  } else { alert("nothing to reset"); }
+  
+})();

scratchpad-scripts/ghacks-clear-all-up-to-57-[deprecated].js

@@ -0,0 +1,167 @@
+/***
+
+ This will reset the preferences that have been deprecated by Mozilla
+ and used in the ghacks user.js up to and including release 57-alpha
+
+ It is in reverse order, so feel free to remove sections that do not apply
+
+ For instructions see:
+ https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts]
+
+***/
+
+(function() {
+  let ops = [
+    /* deprecated */
+
+    /* ESR52.x users can remove sections 53-57 but it is not
+       crucial as your user.js will reinstate them */
+    /* 57 */
+    'social.whitelist',
+    'social.toast-notifications.enabled',
+    'social.shareDirectory',
+    'social.remote-install.enabled',
+    'social.directories',
+    'social.share.activationPanelEnabled',
+    'social.enabled',
+    'media.eme.chromium-api.enabled',
+    'devtools.webide.autoinstallFxdtAdapters',
+    'browser.casting.enabled',
+    'browser.bookmarks.showRecentlyBookmarked',
+    /* 56 */
+    'extensions.screenshots.system-disabled',
+    'extensions.formautofill.experimental',
+    /* 55 */
+    'geo.security.allowinsecure',
+    'browser.selfsupport.enabled',
+    'browser.selfsupport.url',
+    'browser.newtabpage.directory.ping',
+    'browser.formfill.saveHttpsForms',
+    'browser.formautofill.enabled',
+    'dom.enable_user_timing',
+    'dom.keyboardevent.code.enabled',
+    'browser.tabs.animate',
+    'browser.fullscreen.animate',
+    /* 54 */
+    'browser.safebrowsing.reportMalwareMistakeURL',
+    'browser.safebrowsing.reportPhishMistakeURL',
+    'media.eme.apiVisible',
+    'dom.archivereader.enabled',
+    /* 53 */
+    'security.tls.unrestricted_rc4_fallback',
+    'plugin.scan.Acrobat',
+    'plugin.scan.Quicktime',
+    'plugin.scan.WindowsMediaPlayer',
+    'media.getusermedia.screensharing.allow_on_old_platforms',
+    'dom.beforeAfterKeyboardEvent.enabled',
+    /* End of ESR52.x section */
+
+    /* 52 */
+    'network.http.sendSecureXSiteReferrer',
+    'media.gmp-eme-adobe.enabled',
+    'media.gmp-eme-adobe.visible',
+    'media.gmp-eme-adobe.autoupdate',
+    'dom.telephony.enabled',
+    'dom.battery.enabled',
+    /* 51 */
+    'media.block-play-until-visible',
+    'dom.vr.oculus050.enabled',
+    'network.http.spdy.enabled.v3-1',
+    /* 50 */
+    'browser.usedOnWindows10.introURL',
+    'plugins.update.notifyUser',
+    'browser.safebrowsing.enabled',
+    'security.ssl3.ecdhe_ecdsa_rc4_128_sha',
+    'security.ssl3.ecdhe_rsa_rc4_128_sha',
+    'security.ssl3.rsa_rc4_128_md5',
+    'security.ssl3.rsa_rc4_128_sha',
+    'plugins.update.url',
+    /* 49 */
+    'loop.enabled',
+    'loop.server',
+    'loop.feedback.formURL',
+    'loop.feedback.manualFormURL',
+    'loop.facebook.appId',
+    'loop.facebook.enabled',
+    'loop.facebook.fallbackUrl',
+    'loop.facebook.shareUrl',
+    'loop.logDomains',
+    'dom.disable_window_open_feature.scrollbars',
+    'dom.push.udp.wakeupEnabled',
+    /* 48 */
+    'browser.urlbar.unifiedcomplete',
+    /* 47 */
+    'toolkit.telemetry.unifiedIsOptIn',
+    'datareporting.healthreport.about.reportUrlUnified',
+    'browser.history.allowPopState',
+    'browser.history.allowPushState',
+    'browser.history.allowReplaceState',
+    /* 46 */
+    'datareporting.healthreport.service.enabled',
+    'datareporting.healthreport.documentServerURI',
+    'datareporting.policy.dataSubmissionEnabled.v2',
+    'browser.safebrowsing.appRepURL',
+    'browser.polaris.enabled',
+    'browser.pocket.enabled',
+    'browser.pocket.api',
+    'browser.pocket.site',
+    'browser.pocket.oAuthConsumerKey',
+    /* 45 */
+    'browser.sessionstore.privacy_level_deferred',
+    /* 44 */
+    'browser.safebrowsing.provider.google.appRepURL',
+    'security.tls.insecure_fallback_hosts.use_static_list',
+    'dom.workers.sharedWorkers.enabled',
+    'dom.disable_image_src_set',
+    /* 43 */
+    'browser.safebrowsing.gethashURL',
+    'browser.safebrowsing.updateURL',
+    'browser.safebrowsing.malware.reportURL',
+    'browser.trackingprotection.gethashURL',
+    'browser.trackingprotection.updateURL',
+    'pfs.datasource.url',
+    'browser.search.showOneOffButtons',
+    /* 42 and earlier */
+    'privacy.clearOnShutdown.passwords', // 42
+    'full-screen-api.approval-required', // 42
+    'browser.safebrowsing.reportErrorURL', // 41
+    'browser.safebrowsing.reportGenericURL', // 41
+    'browser.safebrowsing.reportMalwareErrorURL', // 41
+    'browser.safebrowsing.reportMalwareURL', // 41
+    'browser.safebrowsing.reportURL', // 41
+    'plugins.enumerable_names', // 41
+    'network.http.spdy.enabled.http2draft', // 41
+    'camera.control.autofocus_moving_callback.enabled', // 37
+    'privacy.donottrackheader.value', // 36
+    'network.websocket.enabled', // 35
+    'dom.network.enabled', // 31
+    'pageThumbs.enabled', // 25
+
+    /* reset parrot: check your open about:config after running the script */
+    '_user.js.parrot'
+  ]
+
+  if("undefined" === typeof(Services)) {
+    alert("about:config needs to be the active tab!");
+    return;
+  }
+  
+  let c = 0;
+  for (let i = 0, len = ops.length; i < len; i++) {
+    if (Services.prefs.prefHasUserValue(ops[i])) {   
+      Services.prefs.clearUserPref(ops[i]);
+      if (!Services.prefs.prefHasUserValue(ops[i])) {
+        console.log("reset", ops[i]);
+        c++;
+      } else { console.log("failed to reset", ops[i]); }
+    }
+  }
+  
+  focus();
+  
+  let d = (c==1) ? " pref" : " prefs";
+  if (c > 0) {
+    alert("successfully reset " + c + d + "\n\nfor details check the Browser Console (Ctrl+Shift+J)");
+  } else { alert("nothing to reset"); }
+  
+})();

scratchpad-scripts/ghacks-clear-all-up-to-57-[removed].js

@@ -0,0 +1,63 @@
+/***
+
+ This will reset the preferences that have been removed completely
+ from the ghacks user.js up to and including release 57-alpha
+
+ For instructions see:
+ https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts]
+
+***/
+ 
+(function() {
+  let ops = [
+    /* removed in ghacks user.js v52-57 */
+    /* 52-alpha */
+    'browser.search.reset.enabled',
+    'browser.search.reset.whitelist',
+    /* 54-alpha */
+    'browser.migrate.automigrate.enabled',
+    'services.sync.enabled',
+    'webextensions.storage.sync.enabled',
+    'webextensions.storage.sync.serverURL',
+    /* 55-alpha */
+    'dom.keyboardevent.dispatch_during_composition', // default is false anyway
+    'dom.vr.oculus.enabled', // covered by dom.vr.enabled
+    'dom.vr.openvr.enabled', // ditto
+    'dom.vr.osvr.enabled', // ditto
+    'extensions.pocket.api', // covered by extensions.pocket.enabled
+    'extensions.pocket.oAuthConsumerKey', // ditto
+    'extensions.pocket.site', // ditto
+    /* 56-alpha: none */
+    /* 57-alpha */
+    'geo.wifi.xhr.timeout', // covered by geo.enabled
+    'browser.search.geoip.timeout', // ditto
+    'media.webspeech.recognition.enable', // default is false anyway
+    'gfx.layerscope.enabled', // default is false anyway
+    /* reset parrot: check your open about:config after running the script */
+    '_user.js.parrot'
+  ]
+
+  if("undefined" === typeof(Services)) {
+    alert("about:config needs to be the active tab!");
+    return;
+  }
+  
+  let c = 0;
+  for (let i = 0, len = ops.length; i < len; i++) {
+    if (Services.prefs.prefHasUserValue(ops[i])) {   
+      Services.prefs.clearUserPref(ops[i]);
+      if (!Services.prefs.prefHasUserValue(ops[i])) {
+        console.log("reset", ops[i]);
+        c++;
+      } else { console.log("failed to reset", ops[i]); }
+    }
+  }
+  
+  focus();
+  
+  let d = (c==1) ? " pref" : " prefs";
+  if (c > 0) {
+    alert("successfully reset " + c + d + "\n\nfor details check the Browser Console (Ctrl+Shift+J)");
+  } else { alert("nothing to reset"); }
+  
+})();

scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-active].js

@@ -0,0 +1,409 @@
+/***
+
+ This will reset EVERYTHING that is ACTIVE in the ghacks user.js
+ release 57-alpha master, but excludes the following:
+ - prefs removed since publishing on github
+ - e10s section 1100
+ - privacy.resistFingerprinting alternatives sections 4600 & 4700
+ - deprecated section 9999
+
+ It does not matter if you clear everything, as a restart will reapply your user.js
+ Total 477 prefs from 57-alpha master: 118 inactive, 359 active
+ These have been broken into two scripts for convenience
+ 
+ For instructions see:
+ https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts]
+ 
+***/
+ 
+(function() {
+  let ops = [
+    /* 359 ACTIVE prefs in 57-alpha master */
+    'accessibility.force_disabled',
+    'alerts.showFavicons',
+    'app.update.auto',
+    'app.update.service.enabled',
+    'app.update.silent',
+    'app.update.staging.enabled',
+    'beacon.enabled',
+    'breakpad.reportURL',
+    'browser.aboutHomeSnippets.updateUrl',
+    'browser.backspace_action',
+    'browser.bookmarks.max_backups',
+    'browser.cache.disk.capacity',
+    'browser.cache.disk.enable',
+    'browser.cache.disk.smart_size.enabled',
+    'browser.cache.disk.smart_size.first_run',
+    'browser.cache.disk_cache_ssl',
+    'browser.cache.frecency_experiment',
+    'browser.cache.offline.enable',
+    'browser.crashReports.unsubmittedCheck.autoSubmit',
+    'browser.crashReports.unsubmittedCheck.enabled',
+    'browser.ctrlTab.previews',
+    'browser.display.use_document_fonts',
+    'browser.download.folderList',
+    'browser.download.forbid_open_with',
+    'browser.download.hide_plugins_without_extensions',
+    'browser.download.manager.addToRecentDocs',
+    'browser.download.useDownloadDir',
+    'browser.eme.ui.enabled',
+    'browser.fixup.alternate.enabled',
+    'browser.fixup.hide_user_pass',
+    'browser.formfill.enable',
+    'browser.helperApps.deleteTempFileOnExit',
+    'browser.laterrun.enabled',
+    'browser.library.activity-stream.enabled',
+    'browser.link.open_newwindow',
+    'browser.link.open_newwindow.restriction',
+    'browser.newtab.preload',
+    'browser.newtabpage.activity-stream.enabled',
+    'browser.newtabpage.directory.source',
+    'browser.newtabpage.enabled',
+    'browser.newtabpage.enhanced',
+    'browser.newtabpage.introShown',
+    'browser.offline-apps.notify',
+    'browser.onboarding.enabled',
+    'browser.pagethumbnails.capturing_disabled',
+    'browser.ping-centre.telemetry',
+    'browser.rights.3.shown',
+    'browser.safebrowsing.downloads.remote.enabled',
+    'browser.safebrowsing.downloads.remote.url',
+    'browser.safebrowsing.provider.google.reportMalwareMistakeURL',
+    'browser.safebrowsing.provider.google.reportPhishMistakeURL',
+    'browser.safebrowsing.provider.google.reportURL',
+    'browser.safebrowsing.provider.google4.reportMalwareMistakeURL',
+    'browser.safebrowsing.provider.google4.reportPhishMistakeURL',
+    'browser.safebrowsing.provider.google4.reportURL',
+    'browser.safebrowsing.reportPhishURL',
+    'browser.search.countryCode',
+    'browser.search.geoip.url',
+    'browser.search.geoSpecificDefaults',
+    'browser.search.geoSpecificDefaults.url',
+    'browser.search.region',
+    'browser.search.suggest.enabled',
+    'browser.search.update',
+    'browser.send_pings',
+    'browser.send_pings.require_same_host',
+    'browser.sessionhistory.max_entries',
+    'browser.sessionstore.interval',
+    'browser.sessionstore.max_tabs_undo',
+    'browser.sessionstore.max_windows_undo',
+    'browser.sessionstore.privacy_level',
+    'browser.sessionstore.resume_from_crash',
+    'browser.shell.checkDefaultBrowser',
+    'browser.shell.shortcutFavicons',
+    'browser.slowStartup.maxSamples',
+    'browser.slowStartup.notificationDisabled',
+    'browser.slowStartup.samples',
+    'browser.ssl_override_behavior',
+    'browser.startup.homepage_override.mstone',
+    'browser.tabs.closeWindowWithLastTab',
+    'browser.tabs.crashReporting.sendReport',
+    'browser.tabs.insertRelatedAfterCurrent',
+    'browser.tabs.loadDivertedInBackground',
+    'browser.tabs.loadInBackground',
+    'browser.tabs.selectOwnerOnClose',
+    'browser.tabs.warnOnClose',
+    'browser.tabs.warnOnCloseOtherTabs',
+    'browser.tabs.warnOnOpen',
+    'browser.taskbar.lists.enabled',
+    'browser.taskbar.lists.frequent.enabled',
+    'browser.taskbar.lists.recent.enabled',
+    'browser.taskbar.lists.tasks.enabled',
+    'browser.taskbar.previews.enable',
+    'browser.uitour.enabled',
+    'browser.uitour.url',
+    'browser.urlbar.autoFill',
+    'browser.urlbar.autoFill.typed',
+    'browser.urlbar.clickSelectsAll',
+    'browser.urlbar.decodeURLsOnCopy',
+    'browser.urlbar.doubleClickSelectsAll',
+    'browser.urlbar.filter.javascript',
+    'browser.urlbar.maxHistoricalSearchSuggestions',
+    'browser.urlbar.oneOffSearches',
+    'browser.urlbar.speculativeConnect.enabled',
+    // 'browser.urlbar.suggest.bookmark', // this may not get reset by your user.js - see issue #308
+    // 'browser.urlbar.suggest.history', // ditto
+    // 'browser.urlbar.suggest.openpage', // ditto
+    'browser.urlbar.suggest.searches',
+    'browser.urlbar.trimURLs',
+    'browser.urlbar.usepreloadedtopurls.enabled',
+    'browser.urlbar.userMadeSearchSuggestionsChoice',
+    'browser.xul.error_pages.expert_bad_cert',
+    'camera.control.face_detection.enabled',
+    'canvas.capturestream.enabled',
+    'captivedetect.canonicalURL',
+    'datareporting.healthreport.about.reportUrl',
+    'datareporting.healthreport.uploadEnabled',
+    'datareporting.policy.dataSubmissionEnabled',
+    'device.storage.enabled',
+    'devtools.chrome.enabled',
+    'devtools.debugger.remote-enabled',
+    'devtools.webide.autoinstallADBHelper',
+    'devtools.webide.enabled',
+    'dom.allow_cut_copy',
+    'dom.allow_scripts_to_close_windows',
+    'dom.caches.enabled',
+    'dom.disable_beforeunload',
+    'dom.disable_window_flip',
+    'dom.disable_window_move_resize',
+    'dom.disable_window_open_feature.close',
+    'dom.disable_window_open_feature.location',
+    'dom.disable_window_open_feature.menubar',
+    'dom.disable_window_open_feature.minimizable',
+    'dom.disable_window_open_feature.personalbar',
+    'dom.disable_window_open_feature.resizable',
+    'dom.disable_window_open_feature.status',
+    'dom.disable_window_open_feature.titlebar',
+    'dom.disable_window_open_feature.toolbar',
+    'dom.disable_window_status_change',
+    'dom.event.clipboardevents.enabled',
+    'dom.flyweb.enabled',
+    'dom.idle-observers-api.enabled',
+    'dom.imagecapture.enabled',
+    'dom.IntersectionObserver.enabled',
+    'dom.ipc.plugins.flash.subprocess.crashreporter.enabled',
+    'dom.ipc.plugins.reportCrashURL',
+    'dom.popup_allowed_events',
+    'dom.popup_maximum',
+    'dom.push.connection.enabled',
+    'dom.push.enabled',
+    'dom.push.serverURL',
+    'dom.push.userAgentID',
+    'dom.serviceWorkers.enabled',
+    'dom.vibrator.enabled',
+    'dom.webaudio.enabled',
+    'dom.webnotifications.enabled',
+    'dom.webnotifications.serviceworker.enabled',
+    'dom.workers.enabled',
+    'experiments.activeExperiment',
+    'experiments.enabled',
+    'experiments.manifest.uri',
+    'experiments.supported',
+    'extensions.autoDisableScopes',
+    'extensions.blocklist.enabled',
+    'extensions.blocklist.url',
+    'extensions.enabledScopes',
+    'extensions.formautofill.addresses.enabled',
+    'extensions.formautofill.available',
+    'extensions.formautofill.creditCards.enabled',
+    'extensions.formautofill.heuristics.enabled',
+    'extensions.getAddons.cache.enabled',
+    'extensions.getAddons.showPane',
+    'extensions.pocket.enabled',
+    'extensions.shield-recipe-client.api_url',
+    'extensions.shield-recipe-client.enabled',
+    'extensions.update.autoUpdateDefault',
+    'extensions.webcompat-reporter.enabled',
+    'extensions.webextensions.keepStorageOnUninstall',
+    'extensions.webextensions.keepUuidOnUninstall',
+    'extensions.webservice.discoverURL',
+    'font.blacklist.underline_offset',
+    'full-screen-api.enabled',
+    'general.useragent.compatMode.firefox',
+    'general.useragent.locale',
+    'general.warnOnAboutConfig',
+    'geo.wifi.uri',
+    'gfx.downloadable_fonts.enabled',
+    'gfx.downloadable_fonts.woff2.enabled',
+    'gfx.font_rendering.graphite.enabled',
+    'gfx.font_rendering.opentype_svg.enabled',
+    'gfx.offscreencanvas.enabled',
+    'intl.accept_languages',
+    'intl.locale.matchOS',
+    'intl.regional_prefs.use_os_locales',
+    'javascript.options.asmjs',
+    'javascript.options.wasm',
+    'javascript.use_us_english_locale',
+    'keyword.enabled',
+    'layers.acceleration.disabled',
+    'layout.css.font-loading-api.enabled',
+    'layout.css.visited_links_enabled',
+    'layout.spellcheckDefault',
+    'lightweightThemes.update.enabled',
+    'mathml.disabled',
+    'media.autoplay.enabled',
+    'media.block-autoplay-until-in-foreground',
+    'media.eme.enabled',
+    'media.getusermedia.audiocapture.enabled',
+    'media.getusermedia.browser.enabled',
+    'media.getusermedia.screensharing.allowed_domains',
+    'media.getusermedia.screensharing.enabled',
+    'media.gmp-gmpopenh264.autoupdate',
+    'media.gmp-gmpopenh264.enabled',
+    'media.gmp-manager.updateEnabled',
+    'media.gmp-manager.url',
+    'media.gmp-manager.url.override',
+    'media.gmp-provider.enabled',
+    'media.gmp-widevinecdm.autoupdate',
+    'media.gmp-widevinecdm.enabled',
+    'media.gmp-widevinecdm.visible',
+    'media.gmp.trial-create.enabled',
+    'media.navigator.enabled',
+    'media.navigator.video.enabled',
+    'media.ondevicechange.enabled',
+    'media.peerconnection.enabled',
+    'media.peerconnection.ice.default_address_only',
+    'media.peerconnection.ice.no_host',
+    'media.peerconnection.ice.tcp',
+    'media.peerconnection.identity.enabled',
+    'media.peerconnection.identity.timeout',
+    'media.peerconnection.turn.disable',
+    'media.peerconnection.use_document_iceservers',
+    'media.peerconnection.video.enabled',
+    'middlemouse.contentLoadURL',
+    'network.allow-experiments',
+    'network.auth.subresource-img-cross-origin-http-auth-allow',
+    'network.captive-portal-service.enabled',
+    'network.cookie.cookieBehavior',
+    'network.cookie.leave-secure-alone',
+    'network.cookie.thirdparty.sessionOnly',
+    'network.dns.blockDotOnion',
+    'network.dns.disablePrefetch',
+    'network.dns.disablePrefetchFromHTTPS',
+    'network.http.altsvc.enabled',
+    'network.http.altsvc.oe',
+    'network.http.redirection-limit',
+    'network.http.referer.hideOnionSource',
+    'network.http.referer.spoofSource',
+    'network.http.referer.trimmingPolicy',
+    'network.http.referer.userControlPolicy',
+    'network.http.referer.XOriginPolicy',
+    'network.http.referer.XOriginTrimmingPolicy',
+    'network.http.sendRefererHeader',
+    'network.http.spdy.enabled',
+    'network.http.spdy.enabled.deps',
+    'network.http.spdy.enabled.http2',
+    'network.http.speculative-parallel-limit',
+    'network.IDN_show_punycode',
+    'network.jar.block-remote-files',
+    'network.jar.open-unsafe-types',
+    'network.manage-offline-status',
+    'network.predictor.enable-prefetch',
+    'network.predictor.enabled',
+    'network.prefetch-next',
+    'network.protocol-handler.external.ms-windows-store',
+    'network.proxy.autoconfig_url.include_path',
+    'network.proxy.socks_remote_dns',
+    'network.stricttransportsecurity.preloadlist',
+    'offline-apps.allow_by_default',
+    'pdfjs.disabled',
+    'pdfjs.enableWebGL',
+    'permissions.manager.defaultsUrl',
+    'plugin.default.state',
+    'plugin.defaultXpi.state',
+    'plugin.scan.plid.all',
+    'plugin.sessionPermissionNow.intervalInMinutes',
+    'plugins.click_to_play',
+    'privacy.clearOnShutdown.cache',
+    'privacy.clearOnShutdown.cookies',
+    'privacy.clearOnShutdown.downloads',
+    'privacy.clearOnShutdown.formdata',
+    'privacy.clearOnShutdown.history',
+    'privacy.clearOnShutdown.offlineApps',
+    'privacy.clearOnShutdown.sessions',
+    'privacy.clearOnShutdown.siteSettings',
+    'privacy.cpd.cache',
+    'privacy.cpd.cookies',
+    'privacy.cpd.formdata',
+    'privacy.cpd.history',
+    'privacy.cpd.offlineApps',
+    'privacy.cpd.passwords',
+    'privacy.cpd.sessions',
+    'privacy.cpd.siteSettings',
+    'privacy.donottrackheader.enabled',
+    'privacy.firstparty.isolate',
+    'privacy.firstparty.isolate.restrict_opener_access',
+    'privacy.resistFingerprinting',
+    'privacy.sanitize.sanitizeOnShutdown',
+    'privacy.sanitize.timeSpan',
+    'privacy.trackingprotection.ui.enabled',
+    'security.ask_for_password',
+    'security.block_script_with_wrong_mime',
+    'security.cert_pinning.enforcement_level',
+    'security.csp.enable',
+    'security.csp.experimentalEnabled',
+    'security.data_uri.block_toplevel_data_uri_navigations',
+    'security.dialog_enable_delay',
+    'security.family_safety.mode',
+    'security.fileuri.strict_origin_policy',
+    'security.insecure_field_warning.contextual.enabled',
+    'security.insecure_password.ui.enabled',
+    'security.mixed_content.block_active_content',
+    'security.mixed_content.send_hsts_priming',
+    'security.mixed_content.use_hsts',
+    'security.OCSP.enabled',
+    'security.OCSP.require',
+    'security.password_lifetime',
+    'security.pki.sha1_enforcement_level',
+    'security.sri.enable',
+    'security.ssl.disable_session_identifiers',
+    'security.ssl.enable_ocsp_stapling',
+    'security.ssl.errorReporting.automatic',
+    'security.ssl.errorReporting.enabled',
+    'security.ssl.errorReporting.url',
+    'security.ssl.treat_unsafe_negotiation_as_broken',
+    'security.tls.enable_0rtt_data',
+    'security.tls.version.fallback-limit',
+    'security.tls.version.max',
+    'security.tls.version.min',
+    'security.xpconnect.plugin.unrestricted',
+    'services.blocklist.signing.enforced',
+    'services.blocklist.update_enabled',
+    'signon.autofillForms',
+    'signon.autofillForms.http',
+    'signon.formlessCapture.enabled',
+    'signon.storeWhenAutocompleteOff',
+    'startup.homepage_override_url',
+    'startup.homepage_welcome_url',
+    'startup.homepage_welcome_url.additional',
+    'toolkit.telemetry.archive.enabled',
+    'toolkit.telemetry.bhrPing.enabled',
+    'toolkit.telemetry.cachedClientID',
+    'toolkit.telemetry.enabled',
+    'toolkit.telemetry.firstShutdownPing.enabled',
+    'toolkit.telemetry.newProfilePing.enabled',
+    'toolkit.telemetry.server',
+    'toolkit.telemetry.shutdownPingSender.enabled',
+    'toolkit.telemetry.unified',
+    'toolkit.telemetry.updatePing.enabled',
+    'ui.submenuDelay',
+    'ui.use_standins_for_native_colors',
+    'view_source.tab',
+    'webchannel.allowObject.urlWhitelist',
+    'webgl.disable-extensions',
+    'webgl.disable-fail-if-major-performance-caveat',
+    'webgl.disabled',
+    'webgl.dxgl.enabled',
+    'webgl.enable-debug-renderer-info',
+    'webgl.enable-webgl2',
+    'webgl.min_capability_mode',
+
+    /* reset parrot: check your open about:config after running the script */
+    '_user.js.parrot'
+  ]
+
+  if("undefined" === typeof(Services)) {
+    alert("about:config needs to be the active tab!");
+    return;
+  }
+  
+  let c = 0;
+  for (let i = 0, len = ops.length; i < len; i++) {
+    if (Services.prefs.prefHasUserValue(ops[i])) {   
+      Services.prefs.clearUserPref(ops[i]);
+      if (!Services.prefs.prefHasUserValue(ops[i])) {
+        console.log("reset", ops[i]);
+        c++;
+      } else { console.log("failed to reset", ops[i]); }
+    }
+  }
+  
+  focus();
+  
+  let d = (c==1) ? " pref" : " prefs";
+  if (c > 0) {
+    alert("successfully reset " + c + d + "\n\nfor details check the Browser Console (Ctrl+Shift+J)");
+  } else { alert("nothing to reset"); }
+  
+})();

scratchpad-scripts/ghacks-clear-all-up-to-57-[the-rest-inactive].js

@@ -0,0 +1,167 @@
+/***
+
+ This will reset EVERYTHING that is INACTIVE in the ghacks user.js
+ release 57-alpha master, but excludes the following:
+ - prefs removed since publishing on github
+ - e10s section 1100
+ - privacy.resistFingerprinting alternatives sections 4600 & 4700
+ - deprecated section 9999
+
+ It does not matter if you clear everything, as a restart will reapply your user.js
+ Total 477 prefs from 57-alpha master: 118 inactive, 359 active
+ These have been broken into two scripts for convenience
+ 
+ For instructions see:
+ https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts]
+
+***/
+ 
+(function() {
+  let ops = [
+    /* 118 INACTIVE prefs in 57-alpha master */
+    'accessibility.typeaheadfind',
+    'app.update.enabled',
+    'browser.cache.memory.capacity',
+    'browser.cache.memory.enable',
+    'browser.chrome.favicons',
+    'browser.chrome.site_icons',
+    'browser.download.autohideButton',
+    'browser.privatebrowsing.autostart',
+    'browser.safebrowsing.allowOverride',
+    'browser.safebrowsing.blockedURIs.enabled',
+    'browser.safebrowsing.downloads.enabled',
+    'browser.safebrowsing.downloads.remote.block_dangerous',
+    'browser.safebrowsing.downloads.remote.block_dangerous_host',
+    'browser.safebrowsing.downloads.remote.block_potentially_unwanted',
+    'browser.safebrowsing.downloads.remote.block_uncommon',
+    'browser.safebrowsing.malware.enabled',
+    'browser.safebrowsing.phishing.enabled',
+    'browser.safebrowsing.provider.google.gethashURL',
+    'browser.safebrowsing.provider.google.updateURL',
+    'browser.safebrowsing.provider.google4.gethashURL',
+    'browser.safebrowsing.provider.google4.updateURL',
+    'browser.safebrowsing.provider.mozilla.gethashURL',
+    'browser.safebrowsing.provider.mozilla.updateURL',
+    'browser.sessionhistory.max_total_viewers',
+    'browser.startup.page',
+    'browser.stopReloadAnimation.enabled',
+    'browser.storageManager.enabled',
+    'browser.tabs.loadBookmarksInTabs',
+    'browser.urlbar.autocomplete.enabled',
+    'browser.urlbar.maxRichResults',
+    'clipboard.autocopy',
+    'dom.event.contextmenu.enabled',
+    'dom.indexedDB.enabled',
+    'dom.presentation.controller.enabled',
+    'dom.presentation.discoverable',
+    'dom.presentation.discovery.enabled',
+    'dom.presentation.enabled',
+    'dom.presentation.receiver.enabled',
+    'dom.presentation.session_transport.data_channel.enable',
+    'dom.storage.enabled',
+    'dom.storageManager.enabled',
+    'dom.vr.enabled',
+    'extensions.screenshots.disabled',
+    'extensions.systemAddon.update.url',
+    'extensions.update.enabled',
+    'font.name.monospace.x-unicode',
+    'font.name.monospace.x-western',
+    'font.name.sans-serif.x-unicode',
+    'font.name.sans-serif.x-western',
+    'font.name.serif.x-unicode',
+    'font.name.serif.x-western',
+    'font.system.whitelist',
+    'full-screen-api.warning.delay',
+    'full-screen-api.warning.timeout',
+    'general.autoScroll',
+    'geo.wifi.logging.enabled',
+    'gfx.direct2d.disabled',
+    'javascript.options.baselinejit',
+    'javascript.options.ion',
+    'media.flac.enabled',
+    'media.mediasource.enabled',
+    'media.mediasource.mp4.enabled',
+    'media.mediasource.webm.audio.enabled',
+    'media.mediasource.webm.enabled',
+    'media.mp4.enabled',
+    'media.ogg.enabled',
+    'media.ogg.flac.enabled',
+    'media.opus.enabled',
+    'media.raw.enabled',
+    'media.wave.enabled',
+    'media.webm.enabled',
+    'media.wmf.amd.vp9.enabled',
+    'media.wmf.enabled',
+    'media.wmf.vp9.enabled',
+    'network.cookie.lifetime.days',
+    'network.cookie.lifetimePolicy',
+    'network.dns.disableIPv6',
+    'network.dnsCacheEntries',
+    'network.dnsCacheExpiration',
+    'network.http.fast-fallback-to-IPv4',
+    'offline-apps.quota.warn',
+    'permissions.memory_only',
+    'places.history.enabled',
+    'plugin.state.flash',
+    'privacy.clearOnShutdown.openWindows',
+    'privacy.cpd.downloads',
+    'privacy.cpd.openWindows',
+    'privacy.resistFingerprinting.block_mozAddonManager',
+    'privacy.trackingprotection.annotate_channels',
+    'privacy.trackingprotection.enabled',
+    'privacy.trackingprotection.lower_network_priority',
+    'privacy.trackingprotection.pbmode.enabled',
+    'privacy.usercontext.about_newtab_segregation.enabled',
+    'privacy.userContext.enabled',
+    'privacy.userContext.longPressBehavior',
+    'privacy.userContext.ui.enabled',
+    'privacy.window.maxInnerHeight',
+    'privacy.window.maxInnerWidth',
+    'reader.parse-on-load.enabled',
+    'security.mixed_content.block_display_content',
+    'security.nocertdb',
+    'security.ssl.require_safe_negotiation',
+    'security.ssl3.dhe_rsa_aes_128_sha',
+    'security.ssl3.dhe_rsa_aes_256_sha',
+    'security.ssl3.ecdhe_ecdsa_aes_128_sha',
+    'security.ssl3.ecdhe_rsa_aes_128_sha',
+    'security.ssl3.rsa_aes_128_sha',
+    'security.ssl3.rsa_aes_256_sha',
+    'security.ssl3.rsa_des_ede3_sha',
+    'services.blocklist.addons.collection',
+    'services.blocklist.gfx.collection',
+    'services.blocklist.onecrl.collection',
+    'services.blocklist.plugins.collection',
+    'signon.rememberSignons',
+    'svg.disabled',
+    'toolkit.cosmeticAnimations.enabled',
+    'urlclassifier.trackingTable',
+    'xpinstall.signatures.required',
+    /* reset parrot: check your open about:config after running the script */
+    '_user.js.parrot'
+  ]
+
+  if("undefined" === typeof(Services)) {
+    alert("about:config needs to be the active tab!");
+    return;
+  }
+  
+  let c = 0;
+  for (let i = 0, len = ops.length; i < len; i++) {
+    if (Services.prefs.prefHasUserValue(ops[i])) {   
+      Services.prefs.clearUserPref(ops[i]);
+      if (!Services.prefs.prefHasUserValue(ops[i])) {
+        console.log("reset", ops[i]);
+        c++;
+      } else { console.log("failed to reset", ops[i]); }
+    }
+  }
+  
+  focus();
+  
+  let d = (c==1) ? " pref" : " prefs";
+  if (c > 0) {
+    alert("successfully reset " + c + d + "\n\nfor details check the Browser Console (Ctrl+Shift+J)");
+  } else { alert("nothing to reset"); }
+  
+})();

scratchpad-scripts/test.js

@@ -1 +0,0 @@
-// boo!

scratchpad-scripts/troubleshooter.js

@@ -0,0 +1,232 @@
+
+/*** ghacks-user.js troubleshooter.js v1.4 ***/
+
+(function() {
+
+  if("undefined" === typeof(Services)) {
+    alert("about:config needs to be the active tab!");
+    return;
+  }
+
+  function getMyList(arr) {
+    let aRet = [];
+    let dummy = 0;
+    for (let i = 0, len = arr.length; i < len; i++) {
+      if (Services.prefs.prefHasUserValue(arr[i])) {
+        dummy = Services.prefs.getPrefType(arr[i]);
+        switch (dummy) {
+          case 32: // string (see https://dxr.mozilla.org/mozilla-central/source/modules/libpref/nsIPrefBranch.idl#31)
+            dummy = Services.prefs.getCharPref(arr[i]);
+            aRet.push({'name':arr[i],'value': dummy,'type':32});
+            break;
+          case 64: // int
+            dummy = Services.prefs.getIntPref(arr[i]);
+            aRet.push({'name':arr[i],'value': dummy,'type':64});
+            break;
+          case 128: // boolean
+            dummy = Services.prefs.getBoolPref(arr[i]);
+            aRet.push({'name':arr[i],'value': dummy,'type':128});
+            break;
+          default:
+            console.log("error detecting pref-type for '"+arr[i]+"' !");
+        }
+      }
+    }
+    return aRet;
+  }
+
+  function reapply(arr) {
+    for (let i = 0, len = arr.length; i < len; i++) {
+      switch (arr[i].type) {
+        case 32: // string
+          Services.prefs.setCharPref(arr[i].name, arr[i].value);
+          break;
+        case 64: // int
+          Services.prefs.setIntPref(arr[i].name, arr[i].value);
+          break;
+        case 128: // boolean
+          Services.prefs.setBoolPref(arr[i].name, arr[i].value);
+          break;
+        default:
+          console.log("error re-appyling value for '"+arr[i].name+"' !"); // should never happen
+      }
+    }
+  }
+
+  function myreset(arr) {
+    for (let i = 0, len = arr.length; i < len; i++) {
+      Services.prefs.clearUserPref(arr[i].name);
+    }
+  }
+
+  let ops = [
+
+    /* known culprits */
+    'network.cookie.cookieBehavior',
+    'network.http.referer.XOriginPolicy',
+    'privacy.firstparty.isolate',
+    'privacy.resistFingerprinting',
+    'security.mixed_content.block_display_content',
+    'svg.disabled',
+
+    /* Storage + Cache */
+    'browser.cache.offline.enable',
+    'dom.indexedDB.enabled',
+    'dom.storage.enabled',
+    'browser.storageManager.enabled',
+    'dom.storageManager.enabled',
+
+    /* Workers, Web + Push Notifications */
+    'dom.caches.enabled',
+    'dom.push.connection.enabled',
+    'dom.push.enabled',
+    'dom.push.serverURL',
+    'dom.serviceWorkers.enabled',
+    'dom.workers.enabled',
+    'dom.webnotifications.enabled',
+    'dom.webnotifications.serviceworker.enabled',
+
+    /* Fonts */
+    'browser.display.use_document_fonts',
+    'font.blacklist.underline_offset',
+    'gfx.downloadable_fonts.woff2.enabled',
+    'gfx.font_rendering.graphite.enabled',
+    'gfx.font_rendering.opentype_svg.enabled',
+    'layout.css.font-loading-api.enabled',
+
+    /* Misc */
+    'browser.link.open_newwindow.restriction',
+    'canvas.capturestream.enabled',
+    'dom.event.clipboardevents.enabled',
+    'dom.event.contextmenu.enabled',
+    'dom.IntersectionObserver.enabled',
+    'dom.popup_allowed_events',
+    'full-screen-api.enabled',
+    'geo.wifi.uri',
+    'intl.accept_languages',
+    'javascript.options.asmjs',
+    'javascript.options.wasm',
+    'permissions.default.shortcuts',
+    'security.csp.experimentalEnabled',
+
+    /* Hardware */
+    'dom.vr.enabled',
+    'media.ondevicechange.enabled',
+
+    /* Audio + Video */
+    'dom.webaudio.enabled',
+    'media.autoplay.enabled',
+    'media.flac.enabled',
+    'media.mp4.enabled',
+    'media.ogg.enabled',
+    'media.opus.enabled',
+    'media.raw.enabled',
+    'media.wave.enabled',
+    'media.webm.enabled',
+    'media.wmf.enabled',
+
+    /* Forms */
+    'browser.formfill.enable',
+    'signon.autofillForms',
+    'signon.formlessCapture.enabled',
+
+    /* HTTPS */
+    'security.cert_pinning.enforcement_level',
+    'security.family_safety.mode',
+    'security.mixed_content.use_hsts',
+    'security.OCSP.require',
+    'security.pki.sha1_enforcement_level',
+    'security.ssl.require_safe_negotiation',
+    'security.ssl.treat_unsafe_negotiation_as_broken',
+    'security.ssl3.dhe_rsa_aes_128_sha',
+    'security.ssl3.dhe_rsa_aes_256_sha',
+    'security.ssl3.ecdhe_ecdsa_aes_128_sha',
+    'security.ssl3.ecdhe_rsa_aes_128_sha',
+    'security.ssl3.rsa_aes_128_sha',
+    'security.ssl3.rsa_aes_256_sha',
+    'security.ssl3.rsa_des_ede3_sha',
+    'security.tls.enable_0rtt_data',
+    'security.tls.version.max',
+    'security.tls.version.min',
+
+    /* Plugins + Flash */
+    'plugin.default.state',
+    'plugin.defaultXpi.state',
+    'plugin.sessionPermissionNow.intervalInMinutes',
+    'plugin.state.flash',
+
+    /* unlikely to cause problems */
+    'browser.tabs.remote.allowLinkedWebInFileUriProcess',
+    'dom.popup_maximum',
+    'layout.css.visited_links_enabled',
+    'mathml.disabled',
+    'network.auth.subresource-img-cross-origin-http-auth-allow',
+    'network.http.redirection-limit',
+    'network.protocol-handler.external.ms-windows-store',
+    'privacy.trackingprotection.enabled',
+    'security.data_uri.block_toplevel_data_uri_navigations',
+
+    /* FF User-Interface */
+    'browser.search.suggest.enabled',
+    'browser.urlbar.autoFill',
+    'browser.urlbar.autoFill.typed',
+    'browser.urlbar.oneOffSearches',
+    'browser.urlbar.suggest.searches',
+    'keyword.enabled',
+
+    'last.one.without.comma'
+  ]
+
+
+  // reset prefs that set the same value as FFs default value
+  let aTEMP = getMyList(ops);
+  myreset(aTEMP);
+  reapply(aTEMP);
+
+  const aBACKUP = getMyList(ops);
+  //console.log(aBACKUP.length, "user-set prefs from our list detected and their values stored.");
+
+  let myArr = aBACKUP;
+  let found = false;
+  let aDbg = [];
+  focus();
+  myreset(aBACKUP); // reset all detected prefs
+  if (confirm("all detected prefs reset.\n\n!! KEEP THIS PROMPT OPEN AND TEST THE SITE IN ANOTHER TAB !!\n\nIF the problem still exists, this script can't help you - click cancel to re-apply your values and exit.\n\nClick OK if your problem is fixed.")) {
+    aDbg = myArr;
+    reapply(aBACKUP);
+    myreset(myArr.slice(0, parseInt(myArr.length/2)));
+    while (myArr.length >= 2) {
+      alert("NOW TEST AGAIN !");
+      if (confirm("if the problem still exists click OK, otherwise click cancel.")) {
+        myArr = myArr.slice(parseInt(myArr.length/2));
+        if (myArr.length == 1) {
+          alert("The problem is caused by more than 1 pref !\n\nNarrowed it down to "+ aDbg.length.toString() +" prefs, check the console ...");
+          break;
+        }
+      } else {
+        myArr = myArr.slice(0, parseInt(myArr.length/2));
+        aDbg = myArr;
+        if (myArr.length == 1) { found = true; break; }
+      }
+      reapply(aBACKUP);
+      myreset(myArr.slice(0, parseInt(myArr.length/2))); // reset half of the remaining prefs
+    }
+    reapply(aBACKUP);
+  }
+  else {
+    reapply(aBACKUP);
+    return;
+  }
+
+  if (found) {
+    alert("narrowed it down to:\n\n"+myArr[0].name+"\n");
+    myreset(myArr); // reset the culprit
+  }
+  else {
+    console.log("the problem is caused by a combination of the following prefs:");
+    for (let i = 0, len = aDbg.length; i < len; i++) {
+      console.log(aDbg[i].name);
+    }
+  }
+
+})();

updater.bat

@@ -1,107 +1,263 @@
-@ECHO OFF
-TITLE ghacks user.js updater
-
-REM ### ghacks-user.js updater for Windows
-REM ## author: @claustromaniac
-REM ## version: 2.1
-
-SETLOCAL EnableDelayedExpansion
-SET "_ua="
-SET "_log="
-:parse
-IF "%~1"=="" GOTO endparse
-IF "%~1"=="-unattended" SET "_ua=true"
-IF "%~1"=="-log" SET "_log=true"
-SHIFT
-GOTO parse
-:endparse
-SET "_name="
-SET "_date="
-SET "_version="
-SET /A "_line=0"
-ECHO.
-IF EXIST user.js (
-	FOR /F "delims=" %%i IN (user.js) DO (
-		IF !_line! EQU 1 SET "_name=%%i"
-		IF !_line! EQU 2 SET "_date=%%i"
-		IF !_line! EQU 3 SET "_version=%%i"
-		SET /A "_line+=1"
-		IF !_line! GEQ 4 GOTO break
-	)
-	:break
-	IF !_line! GEQ 4 (
-		IF "ghacks"=="!_name:~8,6!" (
-			FOR /F "delims=:" %%G IN ("!_version!") DO SET "_version=%%G"
-			SET "_version=!_version:~2!"
-			SET "_date=!_date:~8!"
-			ECHO ghacks user.js !_version!, !_date!
-		) ELSE ( ECHO Current user.js version not recognised. )
-	) ELSE ( ECHO Current user.js version not recognised. )
-) ELSE ( ECHO user.js not detected in the current directory. )
-ECHO.
-IF NOT "%_ua%"=="true" (
-	ECHO This batch should be run from your Firefox profile directory. It will download the latest version of ghacks user.js from github and then append any of your own changes from user-overrides.js to it.
-	ECHO.
-	REM ECHO Visit the wiki for more detailed information.
-	REM ECHO.
-	CHOICE /M "Continue"
-	IF ERRORLEVEL 2 GOTO end
-)
-CLS
-ECHO.
-IF "%_log%"=="true" (
-	CALL :log >>user.js-update-log.txt 2>&1 
-	EXIT /B
-	:log
-	ECHO ##################################################################
-	ECHO.
-	ECHO %date%, %time%
-	ECHO.
-)
-IF EXIST user.js (
-	IF EXIST user.js.bak REN user.js.bak user.js.old.bak
-	REN user.js user.js.bak
-	ECHO Current user.js file backed up.
-	ECHO.
-)
-ECHO Retrieving latest user.js file from ghacks github repository...
-powershell -Command "(New-Object Net.WebClient).DownloadFile('https://github.com/ghacksuserjs/ghacks-user.js/raw/master/user.js', 'user.js')" >nul
-ECHO.
-IF EXIST user.js (
-	IF EXIST "user-overrides.js" (
-		ECHO Appending user-overrides.js...
-		ECHO.
-		COPY /B /V /Y user.js+"user-overrides.js" "tempuserjs"
-		DEL /F user.js
-		REN tempuserjs user.js
-		ECHO.
-	)
-	ECHO Handling backups...
-	SET "changed="
-	IF EXIST user.js.bak ( FC user.js.bak user.js >nul && SET "changed=false" || SET "changed=true" )
-	ECHO.
-	ECHO.
-	IF "!changed!"=="true" (
-		IF EXIST user.js.old.bak DEL /F user.js.old.bak
-		ECHO Update complete.
-	) ELSE (
-		IF "!changed!"=="false" (
-			DEL /F user.js.bak
-			IF EXIST user.js.old.bak REN user.js.old.bak user.js.bak
-			ECHO Update completed without changes.
-		) ELSE ECHO Update complete.
-	)
-	ECHO.
-) ELSE (
-	IF EXIST user.js.bak REN user.js.bak user.js
-	IF EXIST user.js.old.bak REN user.js.old.bak user.js.bak
-	ECHO.
-	ECHO Update failed. Make sure PowerShell is allowed internet access.
-	ECHO.
-	ECHO No changes were made.
-	ECHO.
-)
-IF NOT "%_log%"=="true" (
-        IF NOT "%_ua%"=="true" PAUSE
-)
-:end
+@ECHO OFF & SETLOCAL EnableDelayedExpansion
+TITLE ghacks user.js updater
+
+REM ## ghacks-user.js updater for Windows
+REM ## author: @claustromaniac
+REM ## version: 4.3
+REM ## instructions: https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.3-Updater-Scripts
+
+SET _myname=%~n0
+SET _myparams=%*
+:parse
+IF "%~1"=="" (GOTO endparse)
+IF /I "%~1"=="-unattended" (SET _ua=1)
+IF /I "%~1"=="-log" (SET _log=1)
+IF /I "%~1"=="-logp" (SET _log=1 & SET _logp=1)
+IF /I "%~1"=="-multioverrides" (SET _multi=1)
+IF /I "%~1"=="-merge" (SET _merge=1)
+IF /I "%~1"=="-updatebatch" (SET _updateb=1)
+IF /I "%~1"=="-singlebackup" (SET _singlebackup=1)
+SHIFT
+GOTO parse
+:endparse
+IF DEFINED _updateb (
+	REM The normal flow here goes from phase 1 to phase 2 and then phase 3.
+	IF NOT "!_myname:~0,9!"=="[updated]" (
+		IF EXIST "[updated]!_myname!.bat" (
+			REM ## Phase 3 ##: The new script, with the original name, will:
+			REM 	* Delete the [updated]*.bat script
+			REM 	* Begin the normal routine
+			REN "[updated]!_myname!.bat" "[updated]!_myname!.bat.old"
+			DEL /F "[updated]!_myname!.bat.old"
+			CALL :message "Script updated^!"
+			TIMEOUT 3 >nul
+			CLS
+			GOTO begin
+		)
+		REM ## Phase 1 ##
+		REM 	* Download new batch and name it [updated]*.bat
+		REM 	* Start that script in a new CMD window
+		REM 	* Exit
+		CALL :message "Updating script..."
+		REM Uncomment the next line and comment the powershell call for testing.
+		REM COPY /B /V /Y "!_myname!.bat" "[updated]!_myname!.bat"
+		(
+			powershell -Command "(New-Object Net.WebClient).DownloadFile('https://github.com/ghacksuserjs/ghacks-user.js/raw/master/updater.bat', '[updated]!_myname!.bat')"
+		) >nul 2>&1
+		IF EXIST "[updated]!_myname!.bat" (
+			START /min CMD /C "[updated]!_myname!.bat" !_myparams!
+			EXIT /B
+		) ELSE (
+			CALL :message "Failed. Make sure PowerShell is allowed internet access."
+			TIMEOUT 120 >nul
+			EXIT /B
+		)
+	) ELSE (
+		IF "!_myname!"=="[updated]" (
+			CALL :message "The [updated] label is reserved. Rename this script and try again."
+			TIMEOUT 300 >nul
+		) ELSE (
+			REM ## Phase 2 ##: The [updated]*.bat script will:
+			REM 	* Copy itself overwriting the original batch
+			REM 	* Start that script in a new CMD instance
+			REM 	* Exit
+			IF EXIST "!_myname:~9!.bat" (
+				REN "!_myname:~9!.bat" "!_myname:~9!.bat.old"
+				DEL /F "!_myname:~9!.bat.old"
+			)
+			COPY /B /V /Y "!_myname!.bat" "!_myname:~9!.bat"
+			START CMD /C "!_myname:~9!.bat" !_myparams!
+		)
+		EXIT /B
+	)
+)
+:begin
+ECHO:
+ECHO:
+ECHO:                ########################################
+ECHO:                ####  user.js Updater for Windows   ####
+ECHO:                ####       by claustromaniac        ####
+ECHO:                ####             v4.3               ####
+ECHO:                ########################################
+ECHO:
+SET /A "_line=0"
+IF NOT EXIST user.js (
+	CALL :message "user.js not detected in the current directory."
+) ELSE (
+	FOR /F "skip=1 tokens=1,* delims=:" %%G IN (user.js) DO (
+		SET /A "_line+=1"
+		IF !_line! GEQ 4 (GOTO exitloop)
+		IF !_line! EQU 1 (SET _name=%%H)
+		IF !_line! EQU 2 (SET _date=%%H)
+		IF !_line! EQU 3 (SET _version=%%G)
+	)
+	:exitloop
+	IF NOT "!_name!"=="" (
+		IF /I NOT "!_name!"=="!_name:ghacks=!" (
+			CALL :message "!_name! !_version:~2!,!_date!"
+		) ELSE (CALL :message "Current user.js version not recognised.")
+	) ELSE (CALL :message "Current user.js version not recognised.")
+)
+ECHO:
+IF NOT DEFINED _ua (
+	CALL :message "This batch should be run from your Firefox profile directory."
+	ECHO:  It will download the latest version of ghacks user.js from github and then
+	CALL :message "append any of your own changes from user-overrides.js to it."
+	CALL :message "Visit the wiki for more detailed information."
+	ECHO:
+	TIMEOUT 1 /nobreak >nul
+	CHOICE /C SHE /N /M "Start [S] Help [H] Exit [E]"
+	CLS
+	IF ERRORLEVEL 3 (EXIT /B)
+	IF ERRORLEVEL 2 (GOTO :showhelp)
+)
+IF DEFINED _log (
+	CALL :log >>user.js-update-log.txt 2>&1
+	IF DEFINED _logp (START user.js-update-log.txt)
+	EXIT /B
+	:log
+	SET _log=2
+	ECHO:##################################################################
+	CALL :message "%date%, %time%"
+)
+IF EXIST user.js.new (DEL /F "user.js.new")
+CALL :message "Retrieving latest user.js file from github repository..."
+(
+	powershell -Command "(New-Object Net.WebClient).DownloadFile('https://github.com/ghacksuserjs/ghacks-user.js/raw/master/user.js', 'user.js.new')"
+) >nul 2>&1
+IF EXIST user.js.new (
+	IF DEFINED _multi (
+		FORFILES /P user.js-overrides /M *.js >nul 2>&1
+		IF NOT ERRORLEVEL 1 (
+			IF DEFINED _merge (
+				CALL :message "Merging..."
+				COPY /B /V /Y user.js-overrides\*.js user-overrides-merged.js
+				CALL :merge user-overrides-merged.js
+				COPY /B /V /Y user.js.new+user-overrides-merged.js user.js.new
+				CALL :merge user.js.new
+			) ELSE (
+				CALL :message "Appending..."
+				COPY /B /V /Y user.js.new+"user.js-overrides\*.js" user.js.new
+			)
+		) ELSE (CALL :message "No override files found.")
+		ECHO:
+	) ELSE (
+		IF EXIST "user-overrides.js" (
+			COPY /B /V /Y user.js.new+"user-overrides.js" "user.js.new"
+			IF DEFINED _merge (
+				CALL :message "Merging user-overrides.js..."
+				CALL :merge user.js.new
+			) ELSE (
+				CALL :message "user-overrides.js appended."
+			)
+		) ELSE (CALL :message "user-overrides.js not found.")
+		ECHO:
+	)
+	IF EXIST user.js (
+		FC user.js.new user.js >nul && SET "_changed=false" || SET "_changed=true"
+	)
+	IF "!_changed!"=="true" (
+		CALL :message "Backing up..."
+		IF DEFINED _singlebackup (
+			MOVE /Y user.js user.js.bak >nul
+		) ELSE (
+			MOVE /Y user.js "user-backup-!date:/=-!_!time::=.!.js" >nul
+		)
+		REN user.js.new user.js
+		CALL :message "Update complete."
+	) ELSE (
+		IF "!_changed!"=="false" (
+			DEL /F user.js.new >nul
+			CALL :message "Update completed without changes."
+		) ELSE (
+			REN user.js.new user.js
+			CALL :message "Update complete."
+		)
+	)
+	ECHO:
+) ELSE (
+	CALL :message "Update failed. Make sure PowerShell is allowed internet access."
+	ECHO:   No changes were made.
+)
+IF NOT DEFINED _log (
+	IF NOT DEFINED _ua (PAUSE)
+)
+EXIT /B
+
+REM ########### Message Function ###########
+:message
+SETLOCAL DisableDelayedExpansion
+IF NOT "2"=="%_log%" (ECHO:)
+ECHO:  %~1
+IF NOT "2"=="%_log%" (ECHO:)
+ENDLOCAL
+GOTO :EOF
+REM ############ Merge function ############
+:merge
+SETLOCAL DisableDelayedExpansion
+(
+	FOR /F tokens^=2^,^*^ delims^=^'^" %%G IN ('FINDSTR /B /R /C:"user_pref.*\)[ 	]*;" "%~1"') DO (IF NOT "%%H"=="" (SET "%%G=%%H"))
+	FOR /F "tokens=1,* delims=:" %%I IN ('FINDSTR /N "^" "%~1"') DO (
+		SET "_temp=%%J"
+		SETLOCAL EnableDelayedExpansion
+		IF NOT "!_temp:~0,9!"=="user_pref" (
+			ENDLOCAL & ECHO:%%J
+		) ELSE (
+			IF "!_temp:;=!"=="!_temp!" (
+				ENDLOCAL & ECHO:%%J
+			) ELSE (
+				ENDLOCAL
+				FOR /F tokens^=2^ delims^=^'^" %%K IN ("%%J") DO (
+					IF NOT "_user.js.parrot"=="%%K" (
+						IF DEFINED %%K (
+							SETLOCAL EnableDelayedExpansion
+							FOR /F "delims=" %%L IN ("!%%K!") DO (
+								ENDLOCAL & ECHO:user_pref("%%K"%%L
+								SET "%%K="
+							)
+						)
+					) ELSE (ECHO:%%J)
+				)
+			)
+		)
+	)
+)>updatertempfile
+MOVE /Y updatertempfile "%~1" >nul
+ENDLOCAL
+GOTO :EOF
+REM ############### Help ##################
+:showhelp
+MODE 80,46
+CLS
+CALL :message "Available arguments (case-insensitive):"
+CALL :message "  -log"
+ECHO:     Write the console output to a logfile (user.js-update-log.txt)
+CALL :message "  -logP"
+ECHO:     Like -log, but also open the logfile after updating.
+CALL :message "  -merge"
+ECHO:     Merge overrides instead of appending them. Single-line comments and
+ECHO:     _user.js.parrot lines are appended normally. Overrides for inactive
+ECHO:     user.js prefs will be appended. When -Merge and -MultiOverrides are used
+ECHO:     together, a user-overrides-merged.js file is also generated in the root
+ECHO:     directory for quick reference. It contains only the merged data from
+ECHO:     override files and can be safely discarded after updating, or used as the
+ECHO:     new user-overrides.js. When there are conflicting records for the same
+ECHO:     pref, the value of the last one declared will be used. Visit the wiki
+ECHO:     for usage examples and more detailed information.
+CALL :message "  -multiOverrides"
+ECHO:     Use any and all .js files in a user.js-overrides sub-folder as overrides
+ECHO:     instead of the default user-overrides.js file. Files are appended in
+ECHO:     alphabetical order.
+CALL :message "  -unattended"
+ECHO:     Run without user input.
+CALL :message "  -singleBackup"
+ECHO:     Use a single backup file and overwrite it on new updates, instead of
+ECHO:     cumulative backups. This was the default behaviour before v4.3.
+CALL :message "  -updatebatch"
+ECHO:     Update the script itself on execution, before the normal routine.
+CALL :message ""
+PAUSE
+CLS
+MODE 80,25
+GOTO :begin
+REM #####################################

updater.sh

@@ -2,7 +2,7 @@
 
 ### ghacks-user.js updater for Mac/Linux
 ## author: @overdodactyl
-## version: 1.1
+## version: 1.2
 
 ghacksjs="https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/user.js"
 
@@ -10,11 +10,14 @@ echo -e "\nThis script should be run from your Firefox profile directory.\n"
 
 currdir=$(pwd)
 
-## get the full path of this script (greadlink for Mac, readlink for Linux)
-scriptfullpath=$(greadlink -f "${BASH_SOURCE[0]}" 2>/dev/null || readlink -f "${BASH_SOURCE[0]}")
+## get the full path of this script (readlink for Linux, greadlink for Mac with coreutils installed)
+sfp=$(readlink -f "${BASH_SOURCE[0]}" 2>/dev/null || greadlink -f "${BASH_SOURCE[0]}" 2>/dev/null)
+
+## fallback for Macs without coreutils
+if [ -z "$sfp" ]; then sfp=${BASH_SOURCE[0]}; fi
 
 ## change directory to the Firefox profile directory
-cd "$(dirname "${scriptfullpath}")"
+cd "$(dirname "${sfp}")"
 
 echo -e "Updating the user.js for Firefox profile:\n$(pwd)\n"
 

user.js

@@ -1,10 +1,11 @@
 /******
 * name: ghacks user.js
-* date: 20 November 2017
-* version 57: I Love Rock 'n' Pants
-*   "Singing, I love rock and pants. So put another dime in the jukebox, baby"
+* date: 3 February 2018
+* version 58: Pantslide
+*   "I took my pants, took em down, I climbed a mountain and I turned around"
 * authors: v52+ github | v51- www.ghacks.net
 * url: https://github.com/ghacksuserjs/ghacks-user.js
+* license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt
 
 * releases: These are end-of-stable-life-cycle legacy archives.
             *Always* use the master branch user.js for a current up-to-date version.
@@ -19,9 +20,9 @@
   3. If you skipped steps 1 and 2 above (shame on you), then here is the absolute minimum
      * Auto-installing updates for Firefox and extensions are disabled (section 0302's)
      * Some user data is erased on close (section 2800), namely history (browsing, form, download)
-     * Cookies are denied by default (2701), we use site exceptions. This breaks extensions
-       that use IndexedDB, so you need to allow exceptions for those as well: see [1] below
-       [1] https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.7-Setting-Extension-Permission-Exceptions
+     * Cookies are denied by default (2701), we use site exceptions. In Firefox 58 and lower, this breaks
+       extensions that use IndexedDB, so you need to allow exceptions for those as well: see [1] below
+       [1] https://github.com/ghacksuserjs/ghacks-user.js/wiki/4.1.1-Setting-Extension-Permission-Exceptions
      * EACH RELEASE check:
          - 4600s: reset prefs made redundant due to privacy.resistFingerprinting (RPF)
                   or enable them as an alternative to RFP or for ESR users
@@ -34,7 +35,7 @@
            before using to avoid unexpected surprises
          - Search this file for the "[WARNING]" tag to troubleshoot or prevent SOME common issues
   4. BACKUP your profile folder before implementing (and/or test in a new/cloned profile)
-  5. KEEP UP TO DATE: https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.5-Keeping-Up-To-Date
+  5. KEEP UP TO DATE: https://github.com/ghacksuserjs/ghacks-user.js/wiki#small_orange_diamond-maintenance
 
  ******/
 
@@ -44,6 +45,9 @@
  * [2] https://en.wikipedia.org/wiki/Warrant_canary ***/
 user_pref("_user.js.parrot", "START: Oh yes, the Norwegian Blue... what's wrong with it?");
 
+/* 0000: disable about:config warning ***/
+user_pref("general.warnOnAboutConfig", false);
+
 /* 0001: start Firefox in PB (Private Browsing) mode
  * [SETTING-56+] Options>Privacy & Security>History>Custom Settings>Always use private browsing mode
  * [SETTING-ESR] Options>Privacy>History>Custom Settings>Always use private browsing mode
@@ -73,9 +77,10 @@ user_pref("startup.homepage_override_url", ""); // what's new page after updates
 user_pref("browser.laterrun.enabled", false);
 user_pref("browser.shell.checkDefaultBrowser", false);
 /* 0102: set start page (0=blank, 1=home, 2=last visited page, 3=resume previous session)
- * home = browser.startup.homepage preference.
  * [SETTING] Options>General>Startup>When Firefox starts ***/
    // user_pref("browser.startup.page", 0);
+/* 0103: set your "home" page (see 0102) ***/
+   // user_pref("browser.startup.homepage", "https://www.example.com/");
 
 /*** 0200: GEOLOCATION ***/
 user_pref("_user.js.parrot", "0200 syntax error: the parrot's definitely deceased!");
@@ -90,6 +95,9 @@ user_pref("browser.search.geoip.url", "");
 user_pref("intl.locale.matchOS", false);
 /* 0204: set APP locale ***/
 user_pref("general.useragent.locale", "en-US");
+/* 0205: set OS & APP locale (replaces 0203 + 0204) (FF59+)
+ * If set to empty, the OS locales are used. If not set at all, default locale is used ***/
+user_pref("intl.locale.requested", "en-US"); // (hidden pref)
 /* 0206: disable geographically specific results/search engines e.g. "browser.search.*.US"
  * i.e. ignore all of Mozilla's various search engines in multiple locales ***/
 user_pref("browser.search.geoSpecificDefaults", false);
@@ -188,7 +196,8 @@ user_pref("breakpad.reportURL", "");
 /* 0351: disable sending of crash reports (FF44+) ***/
 user_pref("browser.tabs.crashReporting.sendReport", false);
 user_pref("browser.crashReports.unsubmittedCheck.enabled", false); // (FF51+)
-user_pref("browser.crashReports.unsubmittedCheck.autoSubmit", false); // (FF51+)
+user_pref("browser.crashReports.unsubmittedCheck.autoSubmit", false); // (FF51-57)
+user_pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); // (FF58+)
 /* 0360: disable new tab tile ads & preload & marketing junk ***/
 user_pref("browser.newtab.preload", false);
 user_pref("browser.newtabpage.directory.source", "data:text/plain,");
@@ -272,6 +281,9 @@ user_pref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", ""); //
  * [TEST] see github wiki APPENDIX C: Test Sites: Section 5
  * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1226490 ***/
    // user_pref("browser.safebrowsing.allowOverride", false);
+/* 0417: disable data sharing (FF58+) ***/
+user_pref("browser.safebrowsing.provider.google4.dataSharing.enabled", false);
+user_pref("browser.safebrowsing.provider.google4.dataSharingURL", "");
 /** TRACKING PROTECTION (TP)
     There are NO privacy concerns here, but we strongly recommend to use uBlock Origin as well,
     as it offers more comprehensive and specialized lists. It also allows per domain control. ***/
@@ -475,14 +487,14 @@ user_pref("browser.urlbar.usepreloadedtopurls.enabled", false);
 /* 0810: disable location bar making speculative connections (FF56+)
  * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1348275 ***/
 user_pref("browser.urlbar.speculativeConnect.enabled", false);
-/* 0850a: disable location bar autocomplete [controlled by 0850b] ***/
-   // user_pref("browser.urlbar.autocomplete.enabled", false);
-/* 0850b: disable location bar suggestion types [controls 0850a]
+/* 0850a: disable location bar autocomplete and suggestion types
+ * If you enforce any of the suggestion types, you MUST enforce 'autocomplete'
+ *   - If *ALL* of the suggestion types are false, 'autocomplete' must also be false
+ *   - If *ANY* of the suggestion types are true, 'autocomplete' must also be true
  * [SETTING-56+] Options>Privacy & Security>Address Bar>When using the address bar, suggest
  * [SETTING-ESR] Options>Privacy>Location Bar>When using the location bar, suggest
- * [NOTE] If any of these are true, 0850a will be FORCED to true
- * and if all three are false, 0850a will be FORCED to false
- * [WARNING] If all three are false, search engine keywords are disabled ***/
+ * [WARNING] If all three suggestion types are false, search engine keywords are disabled ***/
+user_pref("browser.urlbar.autocomplete.enabled", false);
 user_pref("browser.urlbar.suggest.history", false);
 user_pref("browser.urlbar.suggest.bookmark", false);
 user_pref("browser.urlbar.suggest.openpage", false);
@@ -492,7 +504,7 @@ user_pref("browser.urlbar.suggest.openpage", false);
  * be displayed (no we do not know how these are calculated or what the threshold is),
  * and this does not affect the search by search engine suggestion (see 0808)
  * [USAGE] This setting is only useful if you want to enable search engine keywords
- * (i.e. at least one of 0850b must be true) but you want to *limit* suggestions shown ***/
+ * (i.e. at least one of 0850a suggestion types must be true) but you want to *limit* suggestions shown ***/
    // user_pref("browser.urlbar.maxRichResults", 0);
 /* 0850d: disable location bar autofill
  * [1] http://kb.mozillazine.org/Inline_autocomplete ***/
@@ -583,8 +595,6 @@ user_pref("browser.cache.disk_cache_ssl", false);
  * [NOTE] Not recommended due to performance issues ***/
    // user_pref("browser.cache.memory.enable", false);
    // user_pref("browser.cache.memory.capacity", 0); // (hidden pref)
-/* 1004: disable offline cache ***/
-user_pref("browser.cache.offline.enable", false);
 /* 1005: disable fastback cache
  * To improve performance when pressing back/forward Firefox stores visited pages
  * so they don't have to be re-parsed. This is not the same as memory cache.
@@ -592,7 +602,7 @@ user_pref("browser.cache.offline.enable", false);
  * [NOTE] Not recommended unless you know what you're doing
  * [1] http://kb.mozillazine.org/Browser.sessionhistory.max_total_viewers ***/
    // user_pref("browser.sessionhistory.max_total_viewers", 0);
-/* 1006: disable permissions manager from writing to disk (requires restart)
+/* 1006: disable permissions manager from writing to disk [RESTART]
  * [NOTE] This means any permission changes are session only
  * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=967812 ***/
    // user_pref("permissions.memory_only", true); // (hidden pref)
@@ -636,52 +646,6 @@ user_pref("browser.shell.shortcutFavicons", false);
 /* 1032: disable favicons in web notifications ***/
 user_pref("alerts.showFavicons", false);
 
-/*** 1100: MULTI-PROCESS (e10s)
-     We recommend you let Firefox handle this. Until e10s is enforced, if
-     - all your legacy extensions have the 'multiprocessCompatible' flag as true, then FF = e10s
-     - any legacy extensions have 'multiprocessCompatible' flag as false, then FF != e10s
-     - any legacy extensions are missing the 'multiprocessCompatible' flag, then they *might* be disabled
-     [1] https://blog.mozilla.org/addons/2017/02/16/the-road-to-firefox-57-compatibility-milestones/
-***/
-user_pref("_user.js.parrot", "1100 syntax error: the parrot's bought the farm!");
-/* 1101: start the browser in e10s mode (FF48+)
- * about:support>Application Basics>Multiprocess Windows ***/
-   // user_pref("browser.tabs.remote.autostart", true);
-   // user_pref("browser.tabs.remote.autostart.2", true); // (FF49+) (hidden pref)
-   // user_pref("browser.tabs.remote.force-enable", true); // (hidden pref)
-   // user_pref("extensions.e10sBlocksEnabling", false);
-/* 1102: control number of content rendering processes
- * [SETTING] Options>General>Performance>Custom>Content process limit
- * [1] https://www.ghacks.net/2016/02/15/change-how-many-processes-multi-process-firefox-uses/
- * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1207306 ***/
-   // user_pref("dom.ipc.processCount", 4);
-/* 1103: enable extension code to run in a separate process (webext-oop) (FF53+)
- * [1] https://wiki.mozilla.org/WebExtensions/Implementing_APIs_out-of-process ***/
-   // user_pref("extensions.webextensions.remote", true);
-/* 1104: enforce separate content process for file://URLs (FF53+)
- * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1147911
- * [2] https://www.ghacks.net/2016/11/27/firefox-53-exclusive-content-process-for-local-files/ ***/
-user_pref("browser.tabs.remote.separateFileUriProcess", true);
-/* 1105: enable console shim warnings for legacy extensions with the 'multiprocessCompatible' flag as false ***/
-user_pref("dom.ipc.shims.enabledWarnings", true);
-/* 1106: control number of extension processes ***/
-   // user_pref("dom.ipc.processCount.extension", 1);
-/* 1107: control number of file processes ***/
-   // user_pref("dom.ipc.processCount.file", 1);
-/* 1108: block web content in file processes (FF55+)
- * [WARNING] [SETUP] You may want to disable this for corporate or developer environments
- * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1343184 ***/
-user_pref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false);
-/* 1110: set sandbox level. DO NOT MEDDLE WITH THESE. They are included to inform you NOT to play
- * with them. The values are integers, but the code below deliberately contains a data mismatch
- * [1] https://wiki.mozilla.org/Sandbox
- * [2] https://www.ghacks.net/2017/01/23/how-to-change-firefoxs-sandbox-security-level/#comment-4105173 ***/
-   // user_pref("security.sandbox.content.level", "donotuse");
-   // user_pref("dom.ipc.plugins.sandbox-level.default", "donotuse");
-   // user_pref("dom.ipc.plugins.sandbox-level.flash", "donotuse");
-/* 1111: enable sandbox logging ***/
-   // user_pref("security.sandbox.logging.enabled", true);
-
 /*** 1200: HTTPS ( SSL/TLS / OCSP / CERTS / HSTS / HPKP / CIPHERS )
    Note that your cipher and other settings can be used server side as a fingerprint attack
    vector, see [1] (It's quite technical but the first part is easy to understand
@@ -733,17 +697,20 @@ user_pref("security.tls.enable_0rtt_data", false); // (FF55+ default true)
 /* 1210: enable OCSP Stapling
  * [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ ***/
 user_pref("security.ssl.enable_ocsp_stapling", true);
-/* 1211: control use of OCSP responder servers to confirm current validity of certificates
- * 0=disable, 1=validate only certificates that specify an OCSP service URL (default)
- * 2=enable and use values in security.OCSP.URL and security.OCSP.signing.
+/* 1211: control when to use OCSP fetching (to confirm current validity of certificates)
+ * 0=disabled, 1=enabled (default), 2=enabled for EV certificates only
  * OCSP (non-stapled) leaks information about the sites you visit to the CA (cert authority)
  * It's a trade-off between security (checking) and privacy (leaking info to the CA)
+ * [NOTE] This pref only controls OCSP fetching and does not affect OCSP stapling
  * [1] https://en.wikipedia.org/wiki/Ocsp ***/
 user_pref("security.OCSP.enabled", 1);
-/* 1212: enable OCSP revocation. When a CA cannot be reached to validate a cert, Firefox currently
- * continues the connection. With OCSP revocation, Firefox terminates the connection instead.
- * [WARNING] Since FF44 the default is false. If set to true, this will cause some site breakage
- * [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ ***/
+/* 1212: set OCSP fetch failures (non-stapled, see 1211) to hard-fail
+ * When a CA cannot be reached to validate a cert, Firefox just continues the connection (=soft-fail)
+ * Setting this pref to true tells Firefox to instead terminate the connection (=hard-fail)
+ * It is pointless to soft-fail when an OCSP fetch fails: you cannot confirm a cert is still valid (it
+ * could have been revoked) and/or you could be under attack (e.g. malicious blocking of OCSP servers)
+ * [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/
+ * [2] https://www.imperialviolet.org/2014/04/19/revchecking.html ***/
 user_pref("security.OCSP.require", true);
 /** CERTS / HSTS (HTTP Strict Transport Security) / HPKP (HTTP Public Key Pinning) ***/
 /* 1220: disable Windows 8.1's Microsoft Family Safety cert [WINDOWS] (FF50+)
@@ -752,7 +719,7 @@ user_pref("security.OCSP.require", true);
  * 2=detect Family Safety mode and import the root
  * [1] https://trac.torproject.org/projects/tor/ticket/21686 ***/
 user_pref("security.family_safety.mode", 0);
-/* 1221: disable intermediate certificate caching (fingerprinting attack vector)
+/* 1221: disable intermediate certificate caching (fingerprinting attack vector) [RESTART]
  * [NOTE] This may be better handled under FPI (ticket 1323644, part of Tor Uplift)
  * [WARNING] This affects login/cert/key dbs. The effect is all credentials are session-only.
  * Saved logins and passwords are not available. Reset the pref and restart to return them.
@@ -775,9 +742,8 @@ user_pref("network.stricttransportsecurity.preloadlist", true);
 /* 1240: disable insecure active content on https pages - mixed content
  * [1] https://trac.torproject.org/projects/tor/ticket/21323 ***/
 user_pref("security.mixed_content.block_active_content", true);
-/* 1241: disable insecure passive content (such as images) on https pages - mixed context
- * [WARNING] When set to true, this will visually break many sites (March 2017) ***/
-   // user_pref("security.mixed_content.block_display_content", true);
+/* 1241: disable insecure passive content (such as images) on https pages - mixed context ***/
+user_pref("security.mixed_content.block_display_content", true);
 /* 1242: enable Mixed-Content-Blocker to use the HSTS cache but disable the HSTS Priming requests (FF51+)
  * Allow resources from domains with an existing HSTS cache record or in the HSTS preload list
  * to be upgraded to HTTPS internally but disable sending out HSTS Priming requests, because
@@ -819,7 +785,7 @@ user_pref("security.pki.sha1_enforcement_level", 1);
  * [1] https://wiki.mozilla.org/Security:Renegotiation ***/
 user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true);
 /* 1271: control "Add Security Exception" dialog on SSL warnings
- * 0=do neither 1=pre-populate url 2+pre-populate url + pre-fetch cert (default)
+ * 0=do neither 1=pre-populate url 2=pre-populate url + pre-fetch cert (default)
  * [1] https://github.com/pyllyukko/user.js/issues/210 ***/
 user_pref("browser.ssl_override_behavior", 1);
 /* 1272: display advanced information on Insecure Connection warning pages
@@ -827,6 +793,9 @@ user_pref("browser.ssl_override_behavior", 1);
  * i.e. it doesn't work for HSTS discrepancies (https://subdomain.preloaded-hsts.badssl.com/)
  * [TEST] https://expired.badssl.com/ ***/
 user_pref("browser.xul.error_pages.expert_bad_cert", true);
+/* 1273: display HTTP sites as insecure (FF59+) ***/
+user_pref("security.insecure_connection_icon.enabled", true); // all windows
+   // user_pref("security.insecure_connection_icon.pbmode.enabled", true); // private windows only
 
 /*** 1400: FONTS ***/
 user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!");
@@ -853,12 +822,12 @@ user_pref("gfx.downloadable_fonts.enabled", true);
 /* 1404: disable rendering of SVG OpenType fonts
  * [1] https://wiki.mozilla.org/SVGOpenTypeFonts - iSECPartnersReport recommends to disable this ***/
 user_pref("gfx.font_rendering.opentype_svg.enabled", false);
-/* 1405: disable WOFF2 (Web Open Font Format) ***/
+/* 1405: disable WOFF2 (Web Open Font Format) (FF35+) ***/
 user_pref("gfx.downloadable_fonts.woff2.enabled", false);
 /* 1406: disable CSS Font Loading API
  * [SETUP] Disabling fonts can uglify the web a fair bit. ***/
 user_pref("layout.css.font-loading-api.enabled", false);
-/* 1407: disable special underline handling for a few fonts which you will probably never use.
+/* 1407: disable special underline handling for a few fonts which you will probably never use [RESTART]
  * Any of these fonts on your system can be enumerated for fingerprinting. Requires restart.
  * [1] http://kb.mozillazine.org/Font.blacklist.underline_offset ***/
 user_pref("font.blacklist.underline_offset", "");
@@ -866,7 +835,7 @@ user_pref("font.blacklist.underline_offset", "");
  * In the past it had security issues. Update: This continues to be the case, see [1]
  * [1] https://www.mozilla.org/security/advisories/mfsa2017-15/#CVE-2017-7778 ***/
 user_pref("gfx.font_rendering.graphite.enabled", false);
-/* 1409: limit system font exposure to a whitelist (FF52+) [SETUP]
+/* 1409: limit system font exposure to a whitelist (FF52+) [SETUP] [RESTART]
  * If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed.
  * [NOTE] Creating your own probably highly-unique whitelist will raise your entropy. If
  * you block sites choosing fonts in 1401, this preference is irrelevant. In future,
@@ -903,7 +872,8 @@ user_pref("network.http.sendRefererHeader", 2);
 user_pref("network.http.referer.trimmingPolicy", 0);
 /* 1603: CROSS ORIGIN: control when to send a referer [SETUP]
  * 0=always (default), 1=only if base domains match, 2=only if hosts match
- * [NOTE] 1=less breakage, possible leakage 2=less leakage, more breakage ***/
+ * [NOTE] 1=less breakage, possible leakage 2=less leakage, more breakage
+ * [WARNING] Reset to default 0 if you have issues accessing your modem/router ***/
 user_pref("network.http.referer.XOriginPolicy", 1);
 /* 1604: CROSS ORIGIN: control the amount of information to send (FF52+)
  * 0=send full URI (default) 1=scheme+host+path+port 2=scheme+host+port ***/
@@ -987,9 +957,10 @@ user_pref("media.gmp-manager.updateEnabled", false); // disable local fallback (
 user_pref("media.gmp-widevinecdm.visible", false);
 user_pref("media.gmp-widevinecdm.enabled", false);
 user_pref("media.gmp-widevinecdm.autoupdate", false);
-/* 1830: disable all DRM content (EME: Encryption Media Extension) [SETUP] ***/
+/* 1830: disable all DRM content (EME: Encryption Media Extension) [SETUP]
+ * [1] https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next ***/
 user_pref("media.eme.enabled", false); // Options>Content>Play DRM Content
-user_pref("browser.eme.ui.enabled", false); // hides "Play DRM Content" checkbox, restart required
+user_pref("browser.eme.ui.enabled", false); // hides "Play DRM Content" checkbox [RESTART]
 /* 1840: disable the OpenH264 Video Codec by Cisco to "Never Activate"
  * This is the bundled codec used for video chat in WebRTC ***/
 user_pref("media.gmp-gmpopenh264.enabled", false); // (hidden pref)
@@ -1035,6 +1006,12 @@ user_pref("media.getusermedia.browser.enabled", false);
 user_pref("media.getusermedia.audiocapture.enabled", false);
 /* 2023: disable camera stuff ***/
 user_pref("camera.control.face_detection.enabled", false);
+/* 2024: set a default permission for Camera/Microphone (FF58+)
+ * 0=always ask (default), 1=allow, 2=block
+ * [SETTING] to add site exceptions: Page Info>Permissions>Use the Camera/Microphone
+ * [SETTING] to manage site exceptions: Options>Privacy>Permissions>Camera/Microphone>Settings ***/
+   // user_pref("permissions.default.camera", 2);
+   // user_pref("permissions.default.microphone", 2);
 /* 2026: disable canvas capture stream
  * [1] https://developer.mozilla.org/docs/Web/API/HTMLCanvasElement/captureStream ***/
 user_pref("canvas.capturestream.enabled", false);
@@ -1092,7 +1069,8 @@ user_pref("dom.disable_beforeunload", true);
      communicate between browsing contexts (windows/tabs/iframes) and can even control your cache.
 
      [WARNING] Disabling workers *will* break sites (e.g. Google Street View, Twitter).
-     It is recommended that you use a separate profile for these sorts of sites.
+     [UPDATE] uMatrix 1.2.0+ allows a per-scope control for workers (2301) and service workers (2302)
+              #Required reading [#] https://github.com/gorhill/uMatrix/releases/tag/1.2.0
 
      [1]    Web Workers: https://developer.mozilla.org/docs/Web/API/Web_Workers_API
      [2]         Worker: https://developer.mozilla.org/docs/Web/API/Worker
@@ -1112,14 +1090,15 @@ user_pref("dom.workers.enabled", false);
  * [NOTE] Service worker APIs are hidden (in Firefox) and cannot be used when in PB mode.
  * [NOTE] Service workers only run over HTTPS. Service Workers have no DOM access. ***/
 user_pref("dom.serviceWorkers.enabled", false);
-/* 2303: disable service workers' cache and cache storage ***/
-user_pref("dom.caches.enabled", false);
 /* 2304: disable web notifications
- * [NOTE] You can still override individual domains under site permissions (FF44+)
  * [1] https://developer.mozilla.org/docs/Web/API/Notifications_API ***/
-user_pref("dom.webnotifications.enabled", false);
-user_pref("dom.webnotifications.serviceworker.enabled", false);
-/* 2305: disable push notifications (FF44+)
+user_pref("dom.webnotifications.enabled", false); // (FF22+)
+user_pref("dom.webnotifications.serviceworker.enabled", false); // (FF44+)
+/* 2305: set a default permission for Notifications (see 2304) (FF58+)
+ * [SETTING] to add site exceptions: Page Info>Permissions>Receive Notifications
+ * [SETTING] to manage site exceptions: Options>Privacy>Permissions>Notifications>Settings ***/
+   // user_pref("permissions.default.desktop-notification", 2); // 0=always ask (default), 1=allow, 2=block
+/* 2306: disable push notifications (FF44+)
  * web apps can receive messages pushed to them from a server, whether or
  * not the web app is in the foreground, or even currently loaded
  * [1] https://developer.mozilla.org/docs/Web/API/Push_API ***/
@@ -1140,11 +1119,6 @@ user_pref("dom.event.clipboardevents.enabled", false);
  * this disables document.execCommand("cut"/"copy") to protect your clipboard
  * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1170911 ***/
 user_pref("dom.allow_cut_copy", false); // (hidden pref)
-/* 2404: disable JS storing data permanently [SETUP]
- * [WARNING] This BREAKS uBlock Origin [1.14.0+] and uMatrix extensions
- * [1] https://github.com/gorhill/uBlock/releases/tag/1.14.0 
- * [WARNING] This *will* break other extensions including legacy, and *will* break some sites ***/
-   // user_pref("dom.indexedDB.enabled", false);
 /* 2414: disable shaking the screen ***/
 user_pref("dom.vibrator.enabled", false);
 /* 2415: set max popups from a single non-click event - default is 20! ***/
@@ -1158,10 +1132,11 @@ user_pref("dom.idle-observers-api.enabled", false);
 /* 2418: disable full-screen API
  * false=block, true=ask ***/
 user_pref("full-screen-api.enabled", false);
-/* 2420: disable support for asm.js ( http://asmjs.org/ )
+/* 2420: disable asm.js (http://asmjs.org/) (FF22+)
  * [1] https://www.mozilla.org/security/advisories/mfsa2015-29/
  * [2] https://www.mozilla.org/security/advisories/mfsa2015-50/
- * [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2712 ***/
+ * [3] https://www.mozilla.org/security/advisories/mfsa2017-01/#CVE-2017-5375
+ * [4] https://www.mozilla.org/security/advisories/mfsa2017-05/#CVE-2017-5400 ***/
 user_pref("javascript.options.asmjs", false);
 /* 2421: disable Ion and baseline JIT to help harden JS against exploits such as CVE-2015-0817
  * [WARNING] Causes the odd site issue and there is also a performance loss
@@ -1179,18 +1154,10 @@ user_pref("javascript.options.wasm", false);
  * [2] https://w3c.github.io/IntersectionObserver/
  * [3] https://bugzilla.mozilla.org/show_bug.cgi?id=1243846 ***/
 user_pref("dom.IntersectionObserver.enabled", false);
-/* 2450a: enforce websites to ask to store data for offline use
- * [1] https://support.mozilla.org/questions/1098540
- * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=959985 ***/
-user_pref("offline-apps.allow_by_default", false);
-/* 2450b: display a notification when websites ask to store data for offline use
- * [SETTING-56+] Options>Privacy & Security>Offline Web Content and User Data>Tell you when a website asks...
- * [SETTING-ESR] Options>Advanced>Network>Tell me when a website asks to store data for offline use ***/
-user_pref("browser.offline-apps.notify", true);
-/* 2450c: set size of warning quota for offline cache (default 51200)
- * Offline cache is only used in rare cases to store data locally. FF will store small amounts
- * (default <50MB) of data in the offline (application) cache without asking for permission. ***/
-   // user_pref("offline-apps.quota.warn", 51200);
+/* 2427: disable Shared Memory (Spectre mitigation)
+ * [1] https://github.com/tc39/ecmascript_sharedmem/blob/master/TUTORIAL.md
+ * [2] https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/ ***/
+user_pref("javascript.options.shared_memory", false);
 
 /*** 2500: HARDWARE FINGERPRINTING ***/
 user_pref("_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is mortal coil!");
@@ -1205,7 +1172,8 @@ user_pref("_user.js.parrot", "2500 syntax error: the parrot's shuffled off 'is m
 user_pref("media.navigator.enabled", false);
 /* 2508: disable hardware acceleration to reduce graphics fingerprinting
  * [SETTING] Options>General>Performance>Custom>Use hardware acceleration when available
- * [WARNING] [SETUP] Affects text rendering (fonts will look different) and impacts video performance
+ * [WARNING] [SETUP] Affects text rendering (fonts will look different), impacts video performance,
+ * and parts of Quantum that utilize the GPU will also be affected as they are rolled out
  * [1] https://wiki.mozilla.org/Platform/GFX/HardwareAcceleration ***/
    // user_pref("gfx.direct2d.disabled", true); // [WINDOWS]
 user_pref("layers.acceleration.disabled", true);
@@ -1216,16 +1184,6 @@ user_pref("dom.webaudio.enabled", false);
  * [1] https://developer.mozilla.org/docs/Web/Events/devicechange
  * [2] https://developer.mozilla.org/docs/Web/API/MediaDevices/ondevicechange ***/
 user_pref("media.ondevicechange.enabled", false);
-/* 2513: disable Presentation API
- * [WARNING] [SETUP] Optional protection depending on your connected devices
- * [1] https://wiki.mozilla.org/WebAPI/PresentationAPI
- * [2] https://www.w3.org/TR/presentation-api/ ***/
-   // user_pref("dom.presentation.enabled", false);
-   // user_pref("dom.presentation.controller.enabled", false);
-   // user_pref("dom.presentation.discoverable", false);
-   // user_pref("dom.presentation.discovery.enabled", false);
-   // user_pref("dom.presentation.receiver.enabled", false);
-   // user_pref("dom.presentation.session_transport.data_channel.enable", false);
 
 /*** 2600: MISC - LEAKS / FINGERPRINTING / PRIVACY / SECURITY ***/
 user_pref("_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!");
@@ -1336,10 +1294,18 @@ user_pref("browser.uitour.url", "");
 /* 2629: disable remote JAR files being opened, regardless of content type (FF42+)
  * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1173171 ***/
 user_pref("network.jar.block-remote-files", true);
-/* 2630: prevent accessibility services from accessing your browser
+/* 2630: prevent accessibility services from accessing your browser [RESTART]
  * [SETTING] Options>Privacy & Security>Permissions>Prevent accessibility services from accessing your browser
  * [1] https://support.mozilla.org/kb/accessibility-services ***/
 user_pref("accessibility.force_disabled", 1);
+/* 2631: block web content in file processes (FF55+)
+ * [WARNING] [SETUP] You may want to disable this for corporate or developer environments
+ * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1343184 ***/
+user_pref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false);
+/* 2632: disable websites overriding Firefox's keyboard shortcuts (FF58+)
+ * [SETTING] to add site exceptions: Page Info>Permissions>Override Keyboard Shortcuts
+ * [NOTE] At the time of writing, causes issues with delete and backspace keys ***/
+   // user_pref("permissions.default.shortcuts", 2); //  0 (default) or 1=allow, 2=block
 /* 2662: disable "open with" in download dialog (FF50+)
  * This is very useful to enable when the browser is sandboxed (e.g. via AppArmor)
  * in such a way that it is forbidden to run external applications.
@@ -1405,7 +1371,14 @@ user_pref("security.csp.experimentalEnabled", true);
  * [3] https://www.fxsitecompat.com/en-CA/docs/2017/data-url-navigations-on-top-level-window-will-be-blocked/ ***/
 user_pref("security.data_uri.block_toplevel_data_uri_navigations", true);
 
-/*** 2700: COOKIES & DOM STORAGE ***/
+/*** 2700: PERSISTENT STORAGE
+     Data SET by websites including
+            cookies : profile\cookies.sqlite
+       localStorage : profile\webappsstore.sqlite
+          indexedDB : profile\storage\default
+           appCache : profile\OfflineCache
+     serviceWorkers :
+***/
 user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!");
 /* 2701: disable cookies on all sites [SETUP]
  * You can set exceptions under site permissions or use an extension
@@ -1415,10 +1388,14 @@ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin
  * [NOTE] This also controls access to 3rd party Web Storage, IndexedDB, Cache API and Service Worker Cache
  * [1] https://www.fxsitecompat.com/en-CA/docs/2015/web-storage-indexeddb-cache-api-now-obey-third-party-cookies-preference/ ***/
 user_pref("network.cookie.cookieBehavior", 2);
-/* 2702: set third-party cookies (if enabled, see above pref) to session-only
+/* 2702: set third-party cookies (i.e ALL) (if enabled, see above pref) to session-only
+   and (FF58+) set third-party non-secure (i.e HTTP) cookies to session-only
+   [NOTE] .sessionOnly overrides .nonsecureSessionOnly except when .sessionOnly=false and
+   .nonsecureSessionOnly=true. This allows you to keep HTTPS cookies, but session-only HTTP ones
  * [1] https://feeding.cloud.geek.nz/posts/tweaking-cookies-for-privacy-in-firefox/
  * [2] http://kb.mozillazine.org/Network.cookie.thirdparty.sessionOnly ***/
 user_pref("network.cookie.thirdparty.sessionOnly", true);
+user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true); // (FF58+)
 /* 2703: set cookie lifetime policy
  * 0=until they expire (default), 2=until you close Firefox, 3=for n days (see next pref)
  * [SETTING-56+] Options>Privacy & Security>History>Custom Settings>Accept cookies from sites>Keep until
@@ -1426,29 +1403,52 @@ user_pref("network.cookie.thirdparty.sessionOnly", true);
    // user_pref("network.cookie.lifetimePolicy", 0);
 /* 2704: set cookie lifetime in days (see above pref) - default is 90 days ***/
    // user_pref("network.cookie.lifetime.days", 90);
-/* 2705: disable DOM (Document Object Model) Storage
+/* 2705: disable HTTP sites setting cookies with the "secure" directive (default: true) (FF52+)
+ * [1] https://developer.mozilla.org/Firefox/Releases/52#HTTP ***/
+user_pref("network.cookie.leave-secure-alone", true);
+/* 2710: disable DOM (Document Object Model) Storage
  * [WARNING] This will break a LOT of sites' functionality.
  * You are better off using an extension for more granular control ***/
    // user_pref("dom.storage.enabled", false);
-/* 2706: disable Storage API
- * The API gives sites the ability to find out how much space they can use, how much
- * they are already using, and even control whether or not they need to be alerted
- * before the user agent disposes of site data in order to make room for other things.
- * [NOTE] This also controls the visibility of the "Options>Privacy & Security>Site Data" section
- * [1] https://developer.mozilla.org/docs/Web/API/StorageManager
- * [2] https://developer.mozilla.org/docs/Web/API/Storage_API
- * [3] https://blog.mozilla.org/l10n/2017/03/07/firefox-l10n-report-aurora-54/ ***/
-   // user_pref("dom.storageManager.enabled", false); // (FF51+)
-   // user_pref("browser.storageManager.enabled", false); // (FF53+)
-/* 2707: clear localStorage and UUID when an extension is uninstalled
+/* 2711: clear localStorage and UUID when an extension is uninstalled
  * [NOTE] Both preferences must be the same
  * [1] https://developer.mozilla.org/Add-ons/WebExtensions/API/storage/local
  * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1213990 ***/
 user_pref("extensions.webextensions.keepStorageOnUninstall", false);
 user_pref("extensions.webextensions.keepUuidOnUninstall", false);
-/* 2708: disable HTTP sites setting cookies with the "secure" directive (default: true) (FF52+)
- * [1] https://developer.mozilla.org/Firefox/Releases/52#HTTP ***/
-user_pref("network.cookie.leave-secure-alone", true);
+/* 2720: disable JS storing data permanently [SETUP]
+ * [WARNING] This BREAKS uBlock Origin [1.14.0+] and other extensions that require IndexedDB
+ * [1] https://github.com/gorhill/uBlock/releases/tag/1.14.0
+ * [WARNING] This *will* break other extensions including legacy, and *will* break some sites ***/
+   // user_pref("dom.indexedDB.enabled", false);
+/* 2730: disable offline cache ***/
+user_pref("browser.cache.offline.enable", false);
+/* 2731: enforce websites to ask to store data for offline use
+ * [1] https://support.mozilla.org/questions/1098540
+ * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=959985 ***/
+user_pref("offline-apps.allow_by_default", false);
+/* 2732: display a notification when websites ask to store data for offline use
+ * [SETTING-56+] Options>Privacy & Security>Offline Web Content and User Data>Tell you when a website asks...
+ * [SETTING-ESR] Options>Advanced>Network>Tell me when a website asks to store data for offline use ***/
+user_pref("browser.offline-apps.notify", true);
+/* 2733: set size of warning quota for offline cache (default 51200)
+ * Offline cache is only used in rare cases to store data locally. FF will store small amounts
+ * (default <50MB) of data in the offline (application) cache without asking for permission. ***/
+   // user_pref("offline-apps.quota.warn", 51200);
+/* 2740: disable service workers cache and cache storage
+ * [1] https://w3c.github.io/ServiceWorker/#privacy ***/
+user_pref("dom.caches.enabled", false);
+/* 2750: disable Storage API
+ * The API gives sites the ability to find out how much space they can use, how much
+ * they are already using, and even control whether or not they need to be alerted
+ * before the user agent disposes of site data in order to make room for other things.
+ * [NOTE] This also controls the visibility of the "Options>Privacy & Security>Site Data"
+ * section, which also requires Offline Cache (2730) enabled to function
+ * [1] https://developer.mozilla.org/docs/Web/API/StorageManager
+ * [2] https://developer.mozilla.org/docs/Web/API/Storage_API
+ * [3] https://blog.mozilla.org/l10n/2017/03/07/firefox-l10n-report-aurora-54/ ***/
+user_pref("dom.storageManager.enabled", false); // (FF51+)
+user_pref("browser.storageManager.enabled", false); // (FF53+)
 
 /*** 2800: SHUTDOWN [SETUP]
      You should set the values to what suits you best. Be aware that the settings below clear
@@ -1515,6 +1515,11 @@ user_pref("privacy.sanitize.timeSpan", 0);
  ** 1337893 - isolate DNS cache (FF55+)
  ** 1344170 - isolate blob: URI (FF55+)
  ** 1300671 - isolate data:, about: URLs (FF55+)
+
+ NOTE: FPI has some issues depending on your Firefox release
+ ** 1418931 - [fixed in FF58+] IndexedDB (Offline Website Data) with FPI Origin Attributes
+      are not removed with "Clear All/Recent History" or "On Close"
+ ** 1381197 - [fixed in FF59+] extensions cannot control cookies with FPI Origin Attributes
 ***/
 user_pref("_user.js.parrot", "4000 syntax error: the parrot's pegged out");
 /* 4001: enable First Party Isolation (FF51+)
@@ -1549,24 +1554,30 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true);
       This spoof *shouldn't* affect core chrome/Firefox performance
  ** 1217238 - reduce precision of time exposed by javascript (FF55+)
  ** 1369303 - spoof/disable performance API (see 2410-deprecated, 4602, 4603) (FF56+)
- ** 1333651 & 1383495 & 1396468 & 1393283 - spoof Navigator API (see section 4700) (FF56+)
+ ** 1333651 & 1383495 & 1396468 & 1393283 & 1404608 - spoof Navigator API (see section 4700) (FF56+)
       FF56: The version number will be rounded down to the nearest multiple of 10
       FF57+: The version number will match current ESR
+      FF59+: The OS will be reported as Windows, OSX, Android, or Linux (to reduce breakage)
  ** 1369319 - disable device sensor API (see 4604) (FF56+)
  ** 1369357 - disable site specific zoom (see 4605) (FF56+)
  ** 1337161 - hide gamepads from content (see 4606) (FF56+)
  ** 1372072 - spoof network information API as "unknown" (see 4607) (FF56+)
  ** 1333641 - reduce fingerprinting in WebSpeech API (see 4608) (FF56+)
- ** 1372069 & 1403813 - block geolocation requests (same as if you deny a site permission) (see 4609) (FF56+)
+ ** 1372069 & 1403813 - block geolocation requests (same as if you deny a site permission) (see 4609, 4612) (FF56+)
  ** 1369309 - spoof media statistics (see 4610) (FF57+)
  ** 1382499 - reduce screen co-ordinate fingerprinting in Touch API (see 4611) (FF57+)
  ** 1217290 - enable fingerprinting resistance for WebGL (see 2010-12) (FF57+)
  ** 1382545 - reduce fingerprinting in Animation API (FF57+)
  ** 1354633 - limit MediaError.message to a whitelist (FF57+)
- ** 1382533 - enable fingerprinting resistance for Presentation API (see 2513) (FF57+)
+ ** 1382533 - enable fingerprinting resistance for Presentation API (FF57+)
       This blocks exposure of local IP Addresses via mDNS (Multicast DNS)
  **  967895 - enable site permission prompt before allowing canvas data extraction (FF58+)
+      In FF59+ this is controllable via the site permissions panel, see 1413780 (FF59+)
  ** 1372073 - spoof/block fingerprinting in MediaDevices API (FF59+)
+ ** 1039069 - warn when language prefs are set to non en-US (see 0207, 0208) (FF59+)
+ ** 1222285 - spoof keyboard events and suppress keyboard modifier events (FF59+)
+      Spoofing mimics the content language of the document. Currently it only supports en-US.
+      Modifier events suppressed are SHIFT, CTRL and both ALT keys. Chrome is not affected.
 ***/
 user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs");
 /* 4501: enable privacy.resistFingerprinting (FF41+)
@@ -1650,6 +1661,12 @@ user_pref("media.video_stats.enabled", false);
    // [2] https://trac.torproject.org/projects/tor/ticket/10286
    // user_pref("dom.w3c_touch_events.enabled", 0);
 // * * * /
+// FF58+
+// 4612: [new] set a default permission for Location (FF58+)
+   // [SETTING] to add site exceptions: Page Info>Permissions>Access Your Location
+   // [SETTING] to manage site exceptions: Options>Privacy>Permissions>Location>Settings
+   // user_pref("permissions.default.geo", 2); // 0=always ask (default), 1=allow, 2=block
+// * * * /
 // ***/
 
 /*** 4700: RFP (4500) ALTERNATIVES - NAVIGATOR / USER AGENT (UA) SPOOFING
@@ -1663,7 +1680,7 @@ user_pref("media.video_stats.enabled", false);
        2. You are not in a controlled set of significant numbers, where the values are enforced
           by default. It works for TBB because for TBB, the spoofed values ARE their default.
      * We do not recommend UA spoofing yourself, leave it to privacy.resistFingerprinting (see 4500)
-       which is already plugging leaks (see 2 above) the prefs below do not address
+       which is already plugging leaks (see 1 above) the prefs below do not address
      * Values below are for example only based on the current TBB at the time of writing
 ***/
 user_pref("_user.js.parrot", "4700 syntax error: the parrot's taken 'is last bow");
@@ -1682,14 +1699,13 @@ user_pref("_user.js.parrot", "4700 syntax error: the parrot's taken 'is last bow
    // user_pref("general.platform.override", "Win32"); // (hidden pref)
 /* 4706: navigator.oscpu leaks in JS ***/
    // user_pref("general.oscpu.override", "Windows NT 6.1"); // (hidden pref)
-/* 4707: general.useragent.locale (related, see 0204) ***/
+/* 4707: general.useragent.locale (related, see 0204 deprecated FF59+) ***/
 
 /*** 5000: PERSONAL SETTINGS [SETUP]
      Settings that are handy to migrate and/or are not in the Options interface. Users
      can put their own non-security/privacy/fingerprinting/tracking stuff here ***/
 user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!");
 /* 5001: disable annoying warnings ***/
-user_pref("general.warnOnAboutConfig", false);
 user_pref("browser.tabs.warnOnClose", false);
 user_pref("browser.tabs.warnOnCloseOtherTabs", false);
 user_pref("browser.tabs.warnOnOpen", false);