Firefox (about:config) privacy modifications.


Last updated: December 1, 2017.

This guide is a simple alphabetised list of privacy-enhancing modifications that can be made to Firefox 57+ via the about:config configuration editor, with minimal site breakage.

Optional modifications are in grey.

To access the editor, navigate to about:config via the address bar.



General modifications


app.shield.optoutstudies.enabled = false

Opt-out of studies.


beacon.enabled = false

Disable hyperlink auditing.


browser.safebrowsing.downloads.enabled = false

Disable Google Safe Browsing for downloads. Depending on user experience, this could pose a security risk.


browser.safebrowsing.downloads.remote.block_potentially_unwanted = false

Disable Google Safe Browsing for downloads. Depending on user experience, this could pose a security risk.


browser.safebrowsing.downloads.remote.block_uncommon = false

Disable Google Safe Browsing for downloads. Depending on user experience, this could pose a security risk.


browser.safebrowsing.downloads.remote.enabled = false

Disable Google Safe Browsing for downloads. Depending on user experience, this could pose a security risk.


browser.safebrowsing.malware = false

Disable Google Safe Browsing malware protection. Depending on user experience, this could pose a security risk.


browser.safebrowsing.phishing.enabled = false

Disable Google Safe Browsing phishing protection. Depending on user experience, this could pose a security risk.


browser.search.countryCode = US

Change the search country code to a common country.


browser.search.region = US

Change the search region to a common region.


browser.search.suggest.enabled = false

Disable search suggestions in the search bar.


browser.send_pings = false

Disable the link ping attribute - which is commonly used for tracking link clicks.


browser.sessionstore.max_tabs_undo = 0

Disable the ability to re-open closed tabs.


browser.tabs.crashReporting.sendReport = false

Disable crash reporting.


browser.urlbar.autoFill = false

Disable autofill in the address bar.


browser.urlbar.autoFill.typed = false

Disable autofill of previously typed queries in the address bar.


browser.urlbar.autocomplete.enabled = false

Disable autocomplete in the address bar.


browser.urlbar.searchSuggestionsChoice = false

Disable remote search suggestions prompt in the address bar.


browser.urlbar.suggest.bookmark = false

Disable bookmark suggestions in the address bar.


browser.urlbar.suggest.history = false

Disable history suggestions in the address bar.


browser.urlbar.suggest.openpage = false

Disable open page suggestions in the address bar.


browser.urlbar.suggest.searches = false

Disable remote search suggestions in the address bar.


camera.control.face_detection.enabled = false

Disable camera face detection. Realistically, this feature is not a privacy issue.


datareporting.healthreport.uploadEnabled = false

Disable telemetry data uploads.


datareporting.policy.dataSubmissionEnabled = false

Disable telemetry data submission.


device.sensors.enabled = false

Disable device sensors (motion, environmental, positon). Reduces uniqueness of browser fingerprint.


dom.battery.enabled = false

Disable access to the Battery Status API. Reduces uniqueness of browser fingerprint.


dom.event.clipboardevents.enabled = false

Disable the ability for websites to detect clipboard events. This can break some web applications.


dom.event.contextmenu.enabled = false

Disable the ability for websites to detect use of the right-click context menu.


dom.gamepad.enabled = false

Disable access to the Gamepad API. Reduces uniqueness of browser fingerprint.


dom.push.enabled = false

Disable push notifications.


dom.vibrator.enabled = false

Disable access to the Vibration API. Reduces annoyances.


dom.vr.enabled = false

Disable access to the WebVR API. Reduces uniqueness of browser fingerprint.


dom.vr.oculus.enabled = false

Disable access to the WebVR API for the Oculus. Reduces uniqueness of browser fingerprint.


dom.webnotifications.enabled = false

Disable access to the Notification API. Reduces annoyances.


extensions.pocket.enabled = false

Disable the Pocket addon.


geo.enabled = false

Disable Geolocation.


intl.accept_languages = en-US, en

Set the Accept-Language request header to a common value. Reduces uniqueness of browser fingerprint. International users may not want to do this.


media.navigator.enabled = false

Disable media enumeration.


media.peerconnection.enabled = false

Disable access to the WebRTC API. Reduces uniqueness of browser fingerprint. Prevents local IP address leaks.


network.cookie.cookieBehavior = 1

Reject third-party cookies.


network.dns.disableIPv6 = true

Disable IPv6 at the DNS level. Only enable this if you are concerned of IPv6 leaks behind VPNs and proxies.


network.dns.disablePrefetch = true

Disable DNS prefetching.


network.http.referer.XOriginPolicy = 1

Send the Referer request header only when the base domains for the two hosts match.


network.http.sendRefererHeader = 1

Send the Referer request header only when clicking on a link.


network.http.speculative-parallel-limit = 0

Disable speculative pre-connections.


network.predictor.enabled = false

Disable network predictions.


network.prefetch-next = false

Disable prefetching.


places.history.enabled = false

Disable browsing history.


privacy.clearOnShutdown.cache = true

Clear browisng cache on shutdown.


privacy.clearOnShutdown.cookies = true

Clear cookies on shutdown.


privacy.clearOnShutdown.downloads = true

Clear downloads on shutdown.


privacy.clearOnShutdown.formdata = true

Clear form data on shutdown.


privacy.clearOnShutdown.history = true

Clear browisng history on shutdown.


privacy.clearOnShutdown.sessions = true

Clear active sessions on shutdown.


privacy.clearOnShutdown.siteSettings = true

Clear site settings on shutdown.


privacy.donottrackheader.enabled = true

Send the Do Not Track (DNT) request header.


privacy.firstparty.isolate = true

Isolate cookies, and other site data, to the domain.


privacy.resistFingerprinting = true

Resist browser fingerpinting.


privacy.sanitize.sanitizeOnShutdown = true

Clear privacy.clearOnShutdown items on shutdown.


privacy.sanitize.timeSpan = 0

Clear privacy.clearOnShutdown items on shutdown for all time.


privacy.trackingprotection.enabled = true

Enable tracking protection.


privacy.trackingprotection.pbmode.enabled = true

Enable tracking protection in private browsing mode.


security.ssl.errorReporting.automatic = false

Disable automatic SSL/TLS error reporting.


security.ssl.errorReporting.enabled = false

Disable SSL/TLS error reporting.


toolkit.telemetry.archive.enabled = false

Disable telemetry archiving.


toolkit.telemetry.bhrPing.enabled = false

Disable telemetry pinging.


toolkit.telemetry.enabled = false

Disable telemetry.


toolkit.telemetry.firstShutdownPing = false

Disable telemetry shutdown ping.


toolkit.telemetry.shutdownPingSender.enabled = false

Disable telemetry shutdown ping.


toolkit.telemetry.updatePing.enabled = false

Disable telemetry update ping.



Firefox for Android (specific) modifications

All general modifications can be made to Firefox for Android. These modifications are specific to the platform.


browser.snippets.enabled = false

Disable promotional Mozilla banners.


device.camera.enabled = false

Disable access to the camera.




Comments are provided by Disqus. To respect user privacy, Disqus is only loaded on user prompt.

I recommend uBlock Origin to protect against Disqus tracking and advertising.