Firefox profile setup for Windows 10/11
and for linux

Install Sidebery for vertical tabs.

Create userChrome.css at %APPDATA%\Mozilla\Firefox\Profiles\...\chrome\ with content:

/* After Firefox 69 for userChrome.css to work, about:config toolkit.legacyUserProfileCustomizations.stylesheets --> True
https://github.com/mbnuqw/sidebery/wiki/Firefox-Styles-Snippets-(via-userChrome.css)*/

/* hide titlebar: https://www.reddit.com/r/FirefoxCSS/comments/f9hnt3/how_to_disable_or_hide_the_title_barminimizeclose/ */
#titlebar {
visibility: collapse !important;
}

/* Hide back/forward buttons: https://www.reddit.com/r/FirefoxCSS/comments/8nogqc/can_i_hide_backforward_buttons_next_to_the/ */
#forward-button, #back-button {
display: none !important;
}

/* remove 'Tree Style Tab' header from sidebar
https://www.reddit.com/r/firefox/comments/72kt5x/tree_style_tab_its_finally_here/*/
#sidebar-header {
  display: none;
}

Do rest of the Sidebery UI-changes in its options.

Rest of the UI-tweaks can be done in about:config.

When using the address bar, don’t suggest open tabs, or search history:

browser.urlbar.suggest.openpage = False

browser.urlbar.suggest.history = False

To disable “Allow Firefox to make personalized extension recommendations”: extensions.htmlaboutaddons.recommendations.enabled = false

To disable recommended extensions: browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features = false

For more info, see: Disable Recommended Extensions in Mozilla Firefox. Show max amount of entries in urlbar I can fit to screen: browser.urlbar.maxRichResults = 29

Show always https in url bar: browser.urlbar.trimURLs = False

Disable Firefox from showing “Frequent” sites when right clicking the task bar firefox icon :UI: browser.taskbar.lists.frequent.enabled = False

Startpage of browser: browser.startup.homepage = about:newtab

Remove url-bar “This time, search with”:

browser.urlbar.oneOffSearches = False Setting deprecated. Instead, go to about:preferences#search and Search Suggestions: untick/remove every search engine.

Toggle between two tabs: browser.ctrlTab.sortByRecentlyUsed = True

Prevent hyperlinks from hijacking previous tab: dom.targetBlankNoOpener.enabled = True

By default, LibreWolf deletes your browsing and download history on shutdown. Override this behavior: privacy.clearOnShutdown.history = false

Do not close window when closing last tab: browser.tabs.closeWindowWithLastTab = False

Awesome RSS:

Puts the RSS-icon back at the end of the address bar.

Gesturefy:

Enables mouse gestures.

URL in title:

So that KeepassXC is usable. Not sure if this is needed if I install the KeepassXC browser extension. Edit: it is, as extension gives me the necessary granulanity to match auto-type, and I’ve already defined the entries in its database using this.

Wayback Machine:

Archive web pages.

Enable letterboxing: :privacy:

privacy.resistFingerprinting.letterboxing = True

Disable OCSP enforcement :privacy:

Otherwise I get SEC_ERROR_OCSP_SERVER_ERROR. Reasoning in LibreWolf FAQ.

security.OCSP.require = False

Rest of the addons are installed after signing in to Firefox accounts, but they must be configured. Most of the addons are privacy and usability related.

Cookie AutoDelete :privacy: Don’t track me Google :privacy: I don’t care about cookies :usability: Disabled as experimenting if fanboy’s easylist cookie list can already block these cookie popups. And easylist cookie list is already included in its Fanboy’s Annoyance List, which in turn is included in oisd.nl list. Also, Firefox may start to reject these cookie banners automatically. Until then, consider using Consent-O-Matic. Link Cleaner+ :privacy: Neat URL :privacy: Never-Consent :usability: Save Page WE :usability: Searchonymous2 :privacy: Select After Closing Current :usability: Skip Redirect :privacy: Tab Mix - Links :usability: Terms of Service; Didn’t Read :privacy: uBlock Origin :privacy:

1. Enable and update all built-in filter lists except for Regions and

Languages.

1. Under Trusted Sites add your local IP range (e.g. 10.0.0.0/24) and

local hostnames if you run any local web servers (e.g. https://my-home-server.local). 3 Enable Cloud Storage (if you use Firefox Sync) and upload your config tabs.

Disable annoying Google “Before you continue…” cookie popup GDPR-popup by defining under “My Filters”:

 ||consent.google.com^
 google.*##+js(aeld, DOMContentLoaded, CONSENT)

! 5/10/2020 https://blogi.nordnet.fi
blogi.nordnet.fi##.c-1.a-5.g-dyn > .gofollow > div > [src="about:blank"]

! 2020-12-24 https://mtgstocks.com
||mtgstocks.com/assets/images/cardconduit-1.png$image

! 2021-03-04 https://deckstats.net
||deckstats.net/img/bl_square.png$image

Note: May cause site breakage.

Also take ublock origin medium level to use, as linked to in here: https://www.reddit.com/r/pihole/comments/kwd0hc/why_is_pihole_blocking_less_queries_using_firefox/ Undo Close Tab :usability: Violentmonkey :usability: Tridactyl :usability: …or Vim Vixen (both may break site compatibility, experiment more), Or Vimium-C, OR Surfing Keys. Check this reddit thread for more. To be able to use C-f again to search for things, use :unbind <C-f>

DONE CanvasBlocker (broke websites) :privacy: DONE Google search link fix :privacy: This was never working, now unmaintained.) Replaced by Don’t track me Google. DONE MySessions (Not needed, Firefox handles sessions now) :usability: DONE Don’t touch my tabs! (rel=noopener) :usability: Not needed, integrated as into Firefox now. DONE Zen Fox (Good theme for eye, but makes my browser look more weird than it already is, not needed) :usability: DONE HTTPS Everywhere :privacy: Not needed anymore as obsoleted by browser’s native HTTPS-only Mode. DONE Decentraleyes :privacy: No longer useful as Firefox’s Strict Tracking Protection has been enabled. Save To The Wayback Machine :usability: Addon support will be disabled on January 1st 2023. Recommended replacement is the official Wayback Machine addon.

Disable Shockwave Flash, Shockwave Director, Silverlight plugin and Java Deployment Toolkit, and Java Platform SE 8 (Never Activate). Also Microsoft Office 2013 (but you may experience issues with Firefox not triggering Microsoft SharePoint.

Restore previous session’s tabs after restarting browser :usability:

browser.sessionstore.resume_session_once = True Disable “Your browser is being managed by your organization” to keep up with latest critical updates :security:

DisableAppUpdate = False

Alternatively:

1. win-r: Regedit
2. HKEY_LOCAL_MACHINE\Software\Policies\Mozilla\Firefox
3. Change DisableAppUpdate (DWORD 32-bit value)
4. To Decimal value 0

For more info, see: ghacks.net: Mozilla makes it more difficult to block Firefox updates

Disable “Use a background service to install updates” :usability: app.update.service.enabled = False

Turn off Firefox address bar auto-selection on focus when doing alt-tab :usability: browser.urlbar.clickSelectsAll = False Setting deprecated.

To fasten browsing on top alexa200 sites and to disable suggested tiles :performance: privacy.trackingprotection.enabled = True

Enable GPU acceleration :performance: See: Firefox tuning for moreinformation. layers.acceleration.force-enabled = True

Disable browser’s inline pdf viewer, and download the document instead :usability: pdfjs.disabled = True

So that at mtgsuomi.fi links don’t open to new tab… :usability: browser.link.open_newwindow = 1

…but make sure links from external applications open to new tabs :usability: browser.link.open_newwindow.override.external = 3

Force a link to open in a non-active tab, instead of changing to that tab :usability: browser.tabs.loadDivertedInBackground = True Note: Leave this false for now, as this breaks opening links in Jira from issue’s linked tasks (opens two tabs in background). This is because JRACLOUD-78419.

Open bookmarks to new tabs :usability: As per the instructions here. browser.tabs.loadBookmarksInTabs = True

Disable so that firefox does not constantly remind on saving passwords on logins :usability: signon.rememberSignons = False

Disable pocket :security: extensions.pocket.enabled = False

To disable DNS Over HTTPS :security: https://www.zdnet.com/article/how-to-enable-dns-over-https-doh-in-firefox/ network.trr.mode = 5 Edit: Left to default 0 now

Enable ESNI to prevent attackers from learning browsing history :security:

network.security.esni.enabled = True Setting deprecated. To be replaced by ECH, Encrypted Client Hello:

network.dns.echconfig.enabled = True network.dns.use_https_rr_as_altsvc = True

GPU based rendering :performance: See: Mozilla Gfx Team Blog for more info. gfx.webrender.all = True

Prefetch links also under https :performance: See: How to stop Firefox from making automatic connections:

network.dns.disablePrefetchFromHTTPS = False Disable HTML5 video fullscreen transition fade animation (to speedup ff): :perfromance:

full-screen-api.transition-duration.leave = 0 Enable OffscreenCanvas, potential performance boost :performance: See: Improved Performance with OffscreenCanvas.

gfx.offscreencanvas.enabled = True Enable userChrome.css changes to take effect :usability:

toolkit.legacyUserProfileCustomizations.stylesheets = True Disable “You must log in to this network before you can access the Internet” :usability: network.captive-portal-service.enabled = False For Tridactyl to be able to capture key presses before pages has loaded :usability: browser.sessionstore.restore_tabs_lazily = False

Disable automatic address list drop down on address bar focus :usability: browser.urlbar.suggest.topsites = False This will also disable Top Sites at about:preferences

Enable AVIF picture support :performance: For more info, see AVIF browser test page. image.avif.enabled = True

Disable embedded JavaScript in built-in PDF viewer :security: For more info, see this article.

pdfjs.enableScripting = False

Disable proton UI introduced in FF 89 :usability: browser.proton.enabled = false

Disable media autoplay :usability: media.autoplay.blocking_policy = 2

Disable Accessibility Service :performance: As per Mozilla’s accessibility services accessibility.force_disabled = 1

Disable download button animations :performance: browser.download.animateNotifications = False

Disable security dialog delay :performance: security.dialog_enable_delay = 0

Disable WebRTC :security: media.peerconnection.enabled = False

Note: May break some web based audio and video services.

Stop webpages known which part of the page had been selected :privacy: dom.event.clipboardevents.enabled = False. Also see this for more info.

Enable experimental fingerprinting protection :privacy: privacy.resistFingerprinting = True. For more info see this.

Enable Query Parameter Stripping also in private tabs :privacy: Smooth scrolling general.smoothScroll.currentVelocityWeighting: 0 general.smoothScroll.mouseWheel.durationMaxMS: 250 general.smoothScroll.stopDecelerationWeighting; 0.82 mousewheel.min_{linescrollamount}: 25 general.smoothScroll.msdPhysics.enabled

For normal browsing: privacy.query_stripping.enabled = True

For private browsing: privacy.query_stripping.enabled.pbmode = True

Disable monitoring of add-ons :usability: extensions.quarantinedDomains.enabled = false. As per this article.

Requires in about:config setting browser.preferences.experimental = true

Experimental features are then accessible at about:preferences#experimental

• Under browser’s Proxy settings, select Manual Proxy configuration. For the SOCKS Host, use 10.64.0.1 port 1080, and select SOCKS v5 as your protocol. With Firefox, select Proxy DNS when using Socks v5 to use Mullvad’s DNS server. Also in Firefox, make absolutely sure you disable Enable DNS over HTTPS, or you’ll be scratching your head on why you don’t seem to be able to connect to the internet.

Edit: This breaks access to my local 10.0.0.0/24 network. Disabled for now.

• Enable Enhanced Tracking Protection in Strict mode (already on by default in LibreWolf).