* remove CR LIte since OCSP disabled
* blobs, disallowcrosssiterelaxing
* browser.places.speculativeConnect.enabled
* browser.safebrowsing.downloads.remote.enabled already default
* hide more from mozilla
* web task scheduling
* add Samesite as it is not in Stable
* Constructable now default in stable
* remove smoothscroll
* user_pref("browser.download.always_ask_before_handling_new_types", true);
* https-only mode
* Update user.js
* network.http.referer.disallowCrossSiteRelaxingDefault included with "strict"
* privacy.partition.network_state.ocsp_cache now default with Strict
* about:welcome pref removed
* remove startup page
* remove spellcheck
* remove samesite
* hide more from mozilla
* new tab options
* Constructable styleehsets now default
* user_pref("browser.download.always_ask_before_handling_new_types", true);
* about:welcome pref removed
* Update PeskyFox.js
* Secure November 2021
* note SameSite schemeful as default
* comment out global mute toggle
* block_download_insecure now default
* correction
* Local Storage Next Generation now default
* third-party session only
* comment out Samesite
* grammar
* nonSecure cookie sesion only
* date change
* fission now default
* Update SecureFox.js
* Remove user_pref("permissions.default.xr", 2);
* Remove FLASH PLUGIN section
Remove user_pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false);
Remove user_pref("plugin.state.flash", 0);
Remove user_pref("security.mixed_content.block_object_subrequest", true);
The prefs still exist but all the underlying NPAPI code has been removed: https://bugzilla.mozilla.org/show_bug.cgi?id=1682030
* Disable Firefox from sending HTTP request in background with HTTPS-Only Mode activated
Add user_pref("dom.security.https_only_mode_send_http_background_request", false);
* reorder pref that was out of order
* Disable automatic Windows authentication
user_pref("network.http.windows-sso.enabled", false);
* Remove unused code + Flash plugin
Remove user_pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false);
Remove user_pref("plugin.state.flash", 0);
Remove user_pref("security.mixed_content.block_object_subrequest", true);
The prefs still exist but all the underlying NPAPI code has been removed: https://bugzilla.mozilla.org/show_bug.cgi?id=1682030
* unused code
* HTTPS First Mode
Firefox attempts to make all connections to websites secure, and falls back to insecure connections only when a website does not support it.
HTTPS-Only Mode needs to be disabled for HTTPS First to work.
* Cache
DEPRECATED / REMOVED
user_pref("browser.cache.offline.storage.enable", false);
* Background updates
* disable automatic authentication on Microsoft sites
user_pref("network.http.windows-sso.enabled", false);
Removed due to being too subjective:
- user_pref("browser.link.open_newwindow", 3);
- user_pref("browser.link.open_newwindow.restriction", 0);
- user_pref("browser.tabs.closeWindowWithLastTab", false);
New:
- Disable javascript in PDF files
- Block virtual reality
- New "welcome" master switch disabled
- Compact mode and "view image info" restored
yokoffing