* Secure November 2021
* note SameSite schemeful as default
* comment out global mute toggle
* block_download_insecure now default
* correction
* Local Storage Next Generation now default
* third-party session only
* comment out Samesite
* grammar
* nonSecure cookie sesion only
* date change
* fission now default
* Update SecureFox.js
* Remove unused code + Flash plugin
Remove user_pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false);
Remove user_pref("plugin.state.flash", 0);
Remove user_pref("security.mixed_content.block_object_subrequest", true);
The prefs still exist but all the underlying NPAPI code has been removed: https://bugzilla.mozilla.org/show_bug.cgi?id=1682030
* unused code
* HTTPS First Mode
Firefox attempts to make all connections to websites secure, and falls back to insecure connections only when a website does not support it.
HTTPS-Only Mode needs to be disabled for HTTPS First to work.
* Cache
DEPRECATED / REMOVED
user_pref("browser.cache.offline.storage.enable", false);
* Background updates
* disable automatic authentication on Microsoft sites
user_pref("network.http.windows-sso.enabled", false);
* Added prefs to allow Twitter's embedded tweets and Instagram's embedded posts on websites. Now we can keep Tracking Protection enabled in regular windows without breaking a lot of articles. Yay!!!
user_pref("urlclassifier.trackingSkipURLs", "*.twitter.com, *.twimg.com"); /* hidden */
user_pref("urlclassifier.features.socialtracking.skipURLs", "*.instagram.com, *.twitter.com, *.twimg.com"); /* hidden */
* Moved Address/Credit Card manager from Peskyfox to SecureFox.
Added
user_pref("breakpad.reportURL", "");
user_pref("browser.tabs.crashReporting.sendReport", false);
user_pref("browser.crashReports.unsubmittedCheck.enabled", false);
user_pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false);
user_pref("default-browser-agent.enabled", false);
user_pref("extensions.postDownloadThirdPartyPrompt", false);
user_pref("security.insecure_connection_text.pbmode.enabled", true);
ECH
// user_pref("network.dns.echconfig.enabled", true);
// user_pref("network.dns.use_https_rr_as_altsvc", true);
ESNI will be removed in later versions. See note. I generally don't keep Firefox ESR-only prefs.
MIXED CONTENT
user_pref("security.mixed_content.upgrade_display_content", true);
- [SecureFox] The browser.urlbar.oneOffSearches preference has been removed. To hide one-off search buttons uncheck search engines on the about:preferences#search page.
+ [PeskyFox] Firefox will now recognize and open more PDF files in the browser.
+ [PeskyFox] Firefox will now prevent the page from truncating passwords that are too long.
yokoffing