remove some fastfox prefs

browser.startup.homepage_override.mstone

Fastfox.js

@@ -3,7 +3,7 @@
  * Fastfox                                                                              *
  * "Non ducor duco"                                                                     *
  * priority: speedy browsing                                                            *
- * version: 146                                                                         *
+ * version: 137                                                                         *
  * url: https://github.com/yokoffing/Betterfox                                          *
  ***************************************************************************************/
 
@@ -22,12 +22,6 @@
 //user_pref("nglayout.initialpaint.delay", 5); // DEFAULT; formerly 250
     //user_pref("nglayout.initialpaint.delay_in_oopif", 5); // DEFAULT
 
-// PREF: Font rendering cache in Skia (32MB)
-// Increases font cache size to improve performance on text-heavy websites.
-// Especially beneficial for sites with many font faces or complex typography.
-// [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1239151#c2
-user_pref("gfx.content.skia-font-cache-size", 32); // 32 MB; default=5; Chrome=20
-
 // PREF: page reflow timer
 // Rather than wait until a page has completely downloaded to display it to the user,
 // web browsers will periodically render what has been received to that point.
@@ -39,7 +33,7 @@ user_pref("gfx.content.skia-font-cache-size", 32); // 32 MB; default=5; Chrome=2
 // false = reflow pages whenever new data is received
 //user_pref("content.notify.ontimer", true); // DEFAULT
 
-// PREF: content notification delay - notification interval (in microseconds) to avoid layout thrashing
+// PREF: notification interval (in microseconds) to avoid layout thrashing
 // When Firefox is loading a page, it periodically reformats
 // or "reflows" the page as it loads. The page displays new elements
 // every 0.12 seconds by default. These redraws increase the total page load time.
@@ -53,16 +47,7 @@ user_pref("gfx.content.skia-font-cache-size", 32); // 32 MB; default=5; Chrome=2
 // [1] https://searchfox.org/mozilla-central/rev/c1180ea13e73eb985a49b15c0d90e977a1aa919c/modules/libpref/init/StaticPrefList.yaml#1824-1834
 // [2] https://web.archive.org/web/20240115073722/https://dev.opera.com/articles/efficient-javascript/?page=3#reflow
 // [3] https://web.archive.org/web/20240115073722/https://dev.opera.com/articles/efficient-javascript/?page=3#smoothspeed
-//user_pref("content.notify.interval", 100000); // (.10s); default=120000 (.12s)
-//user_pref("content.max.tokenizing.time", 1000000); // (1.00s); alt=2000000; HIDDEN
-//user_pref("content.interrupt.parsing", true); // HIDDEN
-
-// PREF: UI responsiveness threshold
-//user_pref("content.switch.threshold", 300000); // HIDDEN; default= 750000; alt=500000
-
-// PREF: split text nodes to a length
-// The number of bytes in a text node.
-//user_pref("content.maxtextrun", 8191); // DEFAULT; HIDDEN
+user_pref("content.notify.interval", 100000); // (.10s); default=120000 (.12s)
 
 // PREF: new tab preload
 // [WARNING] Disabling this may cause a delay when opening a new tab in Firefox.
@@ -117,15 +102,6 @@ user_pref("gfx.content.skia-font-cache-size", 32); // 32 MB; default=5; Chrome=2
 //user_pref("gfx.webrender.compositor", true); // DEFAULT WINDOWS macOS
     //user_pref("gfx.webrender.compositor.force-enabled", true); // enforce
 
-// PREF: Webrender layer compositor
-// [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1945683
-// [2] https://www.reddit.com/r/firefox/comments/1p58qre/firefox_is_getting_ready_to_make_youtube_fast/
-// [3] https://www.ghacks.net/2025/11/24/these-two-tweaks-should-improve-firefoxs-performance-on-youtube-significantly/
-user_pref("gfx.webrender.layer-compositor", true);
-    // If your PC uses an AMD GPU, you might want to make a second change.
-    // This one improves CPU usage on AMD systems.
-    //user_pref("media.wmf.zero-copy-nv12-textures-force-enabled", true);
-
 // PREF: if your hardware doesn't support Webrender, you can fallback to Webrender's software renderer
 // [1] https://www.ghacks.net/2020/12/14/how-to-find-out-if-webrender-is-enabled-in-firefox-and-how-to-enable-it-if-it-is-not/
 //user_pref("gfx.webrender.software", true); // Software Webrender uses CPU instead of GPU
@@ -142,13 +118,10 @@ user_pref("gfx.webrender.layer-compositor", true);
 // [2] https://github.com/yokoffing/Betterfox/issues/153
 // [3] https://github.com/yokoffing/Betterfox/issues/198
 //user_pref("gfx.canvas.accelerated", true); // [DEFAULT FF133+]
-user_pref("gfx.canvas.accelerated.cache-items", 32768); // [default=8192 FF135+]; Chrome=4096
-user_pref("gfx.canvas.accelerated.cache-size", 4096); // default=256; Chrome=512
-//user_pref("gfx.canvas.max-size", 32767); // DEFAULT=32767
-
-// PREF: WebGL
-user_pref("webgl.max-size", 16384); // default=1024
-//user_pref("webgl.force-enabled", true);
+    //user_pref("gfx.canvas.accelerated.cache-items", 8192); // DEFAULT FF135+; Chrome=4096
+    user_pref("gfx.canvas.accelerated.cache-size", 512); // default=256; Chrome=512
+    user_pref("gfx.content.skia-font-cache-size", 20); // default=5; Chrome=20
+    // [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1239151#c2
 
 // PREF: prefer GPU over CPU
 // At best, the prefs do nothing on Linux/macOS.
@@ -215,7 +188,7 @@ user_pref("browser.cache.disk.enable", false);
 // for recently read cache entries [1]. It is managed by a cache thread, and caches with
 // metadata in the pool appear to be reused immediately.
 // [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=986179
-//user_pref("browser.cache.disk.metadata_memory_limit", 16384); // default=250 (0.25 MB); limit of recent metadata we keep in memory for faster access
+//user_pref("browser.cache.disk.metadata_memory_limit", 500); // default=250 (0.25 MB); limit of recent metadata we keep in memory for faster access
 
 // PREF: number of chunks we preload ahead of read
 // Large content such as images will load faster.
@@ -296,8 +269,8 @@ user_pref("browser.cache.disk.enable", false);
 // [1] https://kb.mozillazine.org/Browser.cache.memory.capacity#-1
 // [2] https://searchfox.org/mozilla-central/source/netwerk/cache2/CacheObserver.cpp#94-125
 // [3] https://github.com/WaterfoxCo/Waterfox/commit/3fed16932c80a2f6b37d126fe10aed66c7f1c214
-user_pref("browser.cache.memory.capacity", 131072); // 128 MB RAM cache; alt=65536 (65 MB RAM cache); default=32768
-user_pref("browser.cache.memory.max_entry_size", 20480); // 20 MB max entry; default=5120 (5 MB)
+//user_pref("browser.cache.memory.capacity", 131072); // (128 MB)
+//user_pref("browser.cache.memory.max_entry_size", 20480); // (20 MB); default=5120 (5 MB)
 
 // PREF: amount of Back/Forward cached pages stored in memory for each tab
 // Pages that were recently visited are stored in memory in such a way
@@ -308,15 +281,7 @@ user_pref("browser.cache.memory.max_entry_size", 20480); // 20 MB max entry; def
 // is no reason for Firefox to keep memory for this.
 // -1=determine automatically (8 pages)
 // [1] https://kb.mozillazine.org/Browser.sessionhistory.max_total_viewers#Possible_values_and_their_effects
-user_pref("browser.sessionhistory.max_total_viewers", 4); // default=8
-user_pref("browser.sessionstore.max_tabs_undo", 10); // default=25
-//user_pref("browser.sessionstore.max_entries", 10); // [HIDDEN OR REMOVED]
-//user_pref("dom.storage.default_quota", 20480); // 20MB; default=5120
-//user_pref("dom.storage.shadow_writes", true);
-
-// PREF: tell garbage collector to start running when javascript is using xx MB of memory
-// Garbage collection releases memory back to the system.
-//user_pref("javascript.options.mem.high_water_mark", 128); // DEFAULT [HIDDEN OR REMOVED]
+user_pref("browser.sessionhistory.max_total_viewers", 4);
 
 /****************************************************************************
  * SECTION: MEDIA CACHE                                                     *
@@ -327,11 +292,11 @@ user_pref("browser.sessionstore.max_tabs_undo", 10); // default=25
 
 // PREF: media memory cache
 // [1] https://hg.mozilla.org/mozilla-central/file/tip/modules/libpref/init/StaticPrefList.yaml#l9652
-// [2] https://github.com/arkenfox/user.js/pull/941#issuecomment-668278121
-user_pref("media.memory_cache_max_size", 262144); // 256 MB; default=8192; AF=65536
+// [2] https://github.com/arkenfox/user.js/pull/941
+user_pref("media.memory_cache_max_size", 65536); // default=8192; AF=65536; alt=131072
 
 // PREF: media cache combine sizes
-user_pref("media.memory_caches_combined_limit_kb", 1048576); // 1GB; default=524288
+//user_pref("media.memory_caches_combined_limit_kb", 524288); // DEFAULT; alt=1048576
 //user_pref("media.memory_caches_combined_limit_pc_sysmem", 5); // DEFAULT; alt=10; the percentage of system memory that Firefox can use for media caches
 
 // PREF: Media Source Extensions (MSE) web standard
@@ -345,20 +310,19 @@ user_pref("media.memory_caches_combined_limit_kb", 1048576); // 1GB; default=524
 // PREF: adjust video buffering periods when not using MSE (in seconds)
 // [NOTE] Does not affect videos over 720p since they use DASH playback [1]
 // [1] https://lifehacker.com/preload-entire-youtube-videos-by-disabling-dash-playbac-1186454034
-user_pref("media.cache_readahead_limit", 600); // 10 min; default=60; stop reading ahead when our buffered data is this many seconds ahead of the current playback
-user_pref("media.cache_resume_threshold", 300); // 5 min; default=30; when a network connection is suspended, don't resume it until the amount of buffered data falls below this threshold
+user_pref("media.cache_readahead_limit", 7200); // 120 min; default=60; stop reading ahead when our buffered data is this many seconds ahead of the current playback
+user_pref("media.cache_resume_threshold", 3600); // 60 min; default=30; when a network connection is suspended, don't resume it until the amount of buffered data falls below this threshold
 
 /****************************************************************************
  * SECTION: IMAGE CACHE                                                     *
 ****************************************************************************/
 
 // PREF: image cache
-user_pref("image.cache.size", 10485760); // (cache images up to 10MiB in size) [DEFAULT 5242880]
-user_pref("image.mem.decode_bytes_at_a_time", 65536); // default=16384; alt=32768; chunk size for calls to the image decoders
-//user_pref("image.mem.max_decoded_image_kb", 512000); // 500MB [HIDDEN OR REMOVED?]
+//user_pref("image.cache.size", 5242880); // DEFAULT; in MiB; alt=10485760 (cache images up to 10MiB in size)
+user_pref("image.mem.decode_bytes_at_a_time", 32768); // default=16384; alt=65536; chunk size for calls to the image decoders
 
 // PREF: set minimum timeout to unmap shared surfaces since they have been last used
-// [NOTE] This is only used on 32-bit builds of Firefox where there is meaningful
+// This is only used on 32-bit builds of Firefox where there is meaningful
 // virtual address space pressure.
 // [1] https://phabricator.services.mozilla.com/D109440
 // [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1699224
@@ -386,7 +350,6 @@ user_pref("network.http.max-connections", 1800); // default=900
 user_pref("network.http.max-persistent-connections-per-server", 10); // default=6; download connections; anything above 10 is excessive
     user_pref("network.http.max-urgent-start-excessive-connections-per-host", 5); // default=3
     //user_pref("network.http.max-persistent-connections-per-proxy", 48); // default=32
-user_pref("network.http.request.max-start-delay", 5); // default=10
 //user_pref("network.websocket.max-connections", 200); // DEFAULT
 
 // PREF: pacing requests [FF23+]
@@ -396,21 +359,21 @@ user_pref("network.http.request.max-start-delay", 5); // default=10
 // Pacing requests adds a slight delay between requests to throttle them.
 // If you have a fast machine and internet connection, disabling pacing
 // may provide a small speed boost when loading pages with lots of requests.
-// false = Firefox will send as many requests as possible without pacing
-// true = Firefox will pace requests (default)
+// false=Firefox will send as many requests as possible without pacing
+// true=Firefox will pace requests (default)
 user_pref("network.http.pacing.requests.enabled", false);
     //user_pref("network.http.pacing.requests.min-parallelism", 10); // default=6
-    //user_pref("network.http.pacing.requests.burst", 32); // default=10
+    //user_pref("network.http.pacing.requests.burst", 14); // default=10
 
 // PREF: increase DNS cache
 // [1] https://developer.mozilla.org/en-US/docs/Web/Performance/Understanding_latency
-user_pref("network.dnsCacheEntries", 10000); // default=800
+//user_pref("network.dnsCacheEntries", 1000); // default=400
 
 // PREF: adjust DNS expiration time
 // [ABOUT] about:networking#dns
 // [NOTE] These prefs will be ignored by DNS resolver if using DoH/TRR.
-user_pref("network.dnsCacheExpiration", 3600); // keep entries for 1 hour; default=60
-    //user_pref("network.dnsCacheExpirationGracePeriod", 120); // default=60; cache DNS entries for 2 minutes after they expire
+user_pref("network.dnsCacheExpiration", 3600); // keep entries for 1 hour
+    //user_pref("network.dnsCacheExpirationGracePeriod", 240); // default=60; cache DNS entries for 4 minutes after they expire
 
 // PREF: the number of threads for DNS
 //user_pref("network.dns.max_high_priority_threads", 40); // DEFAULT [FF 123?]
@@ -552,11 +515,11 @@ user_pref("network.prefetch-next", false);
 // [2] https://www.ghacks.net/2014/05/11/seer-disable-firefox/
 // [3] https://github.com/dillbyrne/random-agent-spoofer/issues/238#issuecomment-110214518
 // [4] https://www.igvita.com/posa/high-performance-networking-in-google-chrome/#predictor
-//user_pref("network.predictor.enabled", false); // [DEFAULT: false FF144+]
+user_pref("network.predictor.enabled", false);
 
 // PREF: Network Predictor fetch for resources ahead of time
 // Prefetch page resources based on past user behavior.
-//user_pref("network.predictor.enable-prefetch", false); // [FF48+] [DEFAULT: false]
+//user_pref("network.predictor.enable-prefetch", false); // DEFAULT
 
 // PREF: make Network Predictor active when hovering over links
 // When hovering over links, Network Predictor uses past resource history to
@@ -587,7 +550,7 @@ user_pref("network.prefetch-next", false);
 // PREF: CSS Masonry Layout [NIGHTLY]
 // [1] https://developer.mozilla.org/en-US/docs/Web/CSS/CSS_Grid_Layout/Masonry_Layout
 // [2] https://www.smashingmagazine.com/native-css-masonry-layout-css-grid/
-//user_pref("layout.css.grid-template-masonry-value.enabled", true);
+user_pref("layout.css.grid-template-masonry-value.enabled", true);
 
 /****************************************************************************
  * SECTION: TAB UNLOAD                                                      *
@@ -635,7 +598,6 @@ user_pref("network.prefetch-next", false);
 // [2] https://firefox-source-docs.mozilla.org/dom/ipc/process_model.html#web-content-processes 
 //user_pref("dom.ipc.processCount", 8); // DEFAULT; Shared Web Content
 //user_pref("dom.ipc.processCount.webIsolated", 1); // default=4; Isolated Web Content
-//user_pref("dom.ipc.keepProcessesAlive.web", 4); // default=1 [HIDDEN OR REMOVED]
 
 // PREF: use one process for process preallocation cache
 //user_pref("dom.ipc.processPrelaunch.fission.number", 1); // default=3; Process Preallocation Cache

Peskyfox.js

@@ -3,7 +3,7 @@
  * Peskyfox                                                                 *
  * "Aquila non capit muscas"                                                *
  * priority: remove annoyances                                              *
- * version: 146                                                             *
+ * version: 142                                                             *
  * url: https://github.com/yokoffing/Betterfox                              *
  * credit: Some prefs are reproduced and adapted from the arkenfox project  *
  * credit urL: https://github.com/arkenfox/user.js                          *
@@ -13,6 +13,11 @@
  * SECTION: MOZILLA UI                                                      *
 ****************************************************************************/
 
+// PREF: Mozilla VPN
+// [1] https://github.com/yokoffing/Betterfox/issues/169
+user_pref("browser.privatebrowsing.vpnpromourl", "");
+    //user_pref("browser.vpn_promo.enabled", false);
+
 // PREF: disable about:addons' Recommendations pane (uses Google Analytics)
 user_pref("extensions.getAddons.showPane", false); // HIDDEN
 
@@ -43,7 +48,7 @@ user_pref("browser.preferences.moreFromMozilla", false);
 user_pref("browser.aboutConfig.showWarning", false);
 
 // PREF: disable welcome notices
-user_pref("browser.startup.homepage_override.mstone", "ignore");
+//user_pref("browser.startup.homepage_override.mstone", "ignore"); // What's New page after updates; master switch
 user_pref("browser.aboutwelcome.enabled", false); // disable Intro screens
     //user_pref("startup.homepage_welcome_url", "");
     //user_pref("startup.homepage_welcome_url.additional", "");
@@ -59,9 +64,6 @@ user_pref("browser.profiles.enabled", true);
 // [1] https://github.com/yokoffing/Betterfox/issues/320
 //user_pref("widget.gtk.non-native-titlebar-buttons.enabled", true);
 
-// PREF: disable search engine switcher in the URL bar [FF136+]
-//user_pref("browser.urlbar.scotchBonnet.enableOverride", false);
-
 /****************************************************************************
  * SECTION: THEME ADJUSTMENTS                                              *
 ****************************************************************************/
@@ -104,15 +106,12 @@ user_pref("browser.ml.enable", false);
 // PREF: AI chat
 user_pref("browser.ml.chat.enabled", false);
 
-// PREF: AI chatbot option in right click menu
-user_pref("browser.ml.chat.menu", false);
+// PREF: link previews
+//user_pref("browser.ml.linkPreview.enabled", false);
 
 // PREF: AI-enhanced tab groups
 // [1] https://support.mozilla.org/kb/how-use-ai-enhanced-tab-groups
-user_pref("browser.tabs.groups.smart.enabled", false);
-
-// PREF: link previews
-user_pref("browser.ml.linkPreview.enabled", false);
+//user_pref("browser.tabs.groups.smart.enabled", false);
 
 /****************************************************************************
  * SECTION: COOKIE BANNER HANDLING                                          *
@@ -162,9 +161,8 @@ user_pref("full-screen-api.transition-duration.enter", "0 0"); // default=200 20
 user_pref("full-screen-api.transition-duration.leave", "0 0"); // default=200 200
 
 // PREF: disable fullscreen notice
-// [NOTE] Adjust to a sensible value, like 1250, if you have security concerns.
-//user_pref("full-screen-api.warning.timeout", 0); // default=3000; alt=1250
-//user_pref("full-screen-api.warning.delay", -1); // default=500
+user_pref("full-screen-api.warning.delay", -1); // default=500
+user_pref("full-screen-api.warning.timeout", 0); // default=3000
 
 /****************************************************************************
  * SECTION: FONT APPEARANCE                                                 *
@@ -202,6 +200,7 @@ user_pref("full-screen-api.transition-duration.leave", "0 0"); // default=200 20
 user_pref("browser.urlbar.suggest.engines", false);
     //user_pref("browser.urlbar.suggest.searches", false);
 //user_pref("browser.urlbar.quickactions.enabled", false);
+//user_pref("browser.urlbar.shortcuts.quickactions", false);
 //user_pref("browser.urlbar.suggest.weather", true); // DEFAULT [FF108]
     //user_pref("browser.urlbar.weather.ignoreVPN", false); // DEFAULT
 //user_pref("browser.urlbar.suggest.calculator", true); // [DEFAULT FF137+]
@@ -312,6 +311,7 @@ user_pref("browser.newtabpage.activity-stream.showSponsoredCheckboxes", false);
 //user_pref("browser.newtabpage.activity-stream.feeds.section.highlights", false); // Recent Activity [DEFAULT]
       //user_pref("browser.newtabpage.activity-stream.section.highlights.includeBookmarks", false);
       //user_pref("browser.newtabpage.activity-stream.section.highlights.includeDownloads", false);
+      //user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false);
       //user_pref("browser.newtabpage.activity-stream.section.highlights.includeVisited", false);
 //user_pref("browser.newtabpage.activity-stream.feeds.snippets", false); // [DEFAULT]
 
@@ -337,9 +337,8 @@ user_pref("browser.newtabpage.activity-stream.default.sites", "");
  * SECTION: POCKET                                                            *
 ******************************************************************************/
 
-// PREF: disable built-in Pocket extension
-// [1] https://support.mozilla.org/kb/future-of-pocket
-//user_pref("extensions.pocket.enabled", false); // DEFAULT
+// PREF: Disable built-in Pocket extension
+user_pref("extensions.pocket.enabled", false);
       //user_pref("extensions.pocket.api"," ");
       //user_pref("extensions.pocket.oAuthConsumerKey", " ");
       //user_pref("extensions.pocket.site", " ");

README.md

@@ -1,16 +1,13 @@
 ![Badge](https://hitscounter.dev/api/hit?url=https%3A%2F%2Fgithub.com%2Fyokoffing%2FBetterfox&label=&icon=github&color=%23198754&message=&style=flat&tz=US%2FEastern)![GitHub Maintained](https://img.shields.io/badge/maintained-yes-green)![GitHub last commit](https://img.shields.io/github/last-commit/yokoffing/betterfox)![GitHub issues](https://img.shields.io/github/issues/yokoffing/betterfox)![GitHub closed issues](https://img.shields.io/github/issues-closed/yokoffing/betterfox)![GitHub repo size](https://img.shields.io/github/repo-size/yokoffing/betterfox)[![shields.io Stars](https://img.shields.io/github/stars/yokoffing/betterfox)](https://github.com/yokoffing/betterfox/stargazers)
 
-# Betterfox
-[about:config](https://support.mozilla.org/en-US/kb/about-config-editor-firefox) tweaks to enhance [Mozilla Firefox](https://www.mozilla.org/en-US/firefox/new/).
+# Betterfox 140 ESR
+These prefs are applicable for [Firefox ESR 140.0](https://support.mozilla.org/kb/switch-to-firefox-extended-support-release-esr). <sup>[^more info](https://support.mozilla.org/kb/firefox-esr-release-cycle)</sup>
 
-## Made for everyday browsing
-[Faster](https://medium.com/@mihirgrand/comparing-popular-firefox-forks-6fa83fdfdaad#:~:text=31%25%20more%20than%20vanilla%20Firefox), more private and secure — without using third-party code.
-
-Betterfox is an opinionated preference list inspired by the [law of diminishing returns](https://miro.medium.com/v2/resize:fit:1206/1*lcOcxriV_II_lZuXQYLoXg.jpeg) and the [minimum effective dose](https://medium.com/the-mission/less-is-more-the-minimum-effective-dose-e6d56625931e).
+Using regular Firefox? [Switch back to the main branch](https://github.com/yokoffing/Betterfox).
 
 ## Required reading
 0) Create a [backup profile](https://github.com/yokoffing/Betterfox/wiki/Backup).
-1) Download the user.js file [here](https://raw.githubusercontent.com/yokoffing/Betterfox/main/user.js) (Right click > `Save Link As…`).
+1) Download the user.js file [here](https://raw.githubusercontent.com/yokoffing/Betterfox/esr140/user.js) (Right click > `Save Link As…`).
 2) Review both [Common Overrides](https://github.com/yokoffing/Betterfox/wiki/Common-Overrides) and [Optional Hardening](https://github.com/yokoffing/Betterfox/wiki/Optional-Hardening) to make any necessary changes.
 3) Open Firefox. In the URL bar, type `about:profiles` and press **Enter**.
 4) For the profile you want to use, click **Open Folder** in the **Root Directory** section.
@@ -20,75 +17,6 @@ Betterfox is an opinionated preference list inspired by the [law of diminishing
 1) Get an **ad blocker** like [uBlock Origin](https://addons.mozilla.org/blog/ublock-origin-everything-you-need-to-know-about-the-ad-blocker/) with our [recommended filters](https://github.com/yokoffing/filterlists#guidelines).
 2) Enable **DNS-level protection** with your chosen [provider](https://github.com/yokoffing/Betterfox/wiki/Optional-Hardening#secure-dns) to further protect against security threats, ads, and trackers.
 
-## Simple goals
-1) **Minimalism:** get what isn't needed out of the way
-2) **Efficiency:** unleash Firefox's ability to be fast and performant
-3) **Privacy:** protect your data without causing site breakage
-
-## Simple configs
-
-`Fastfox`, `Securefox`, `Peskyfox`, and `Smoothfox` are guides to settings within Firefox.
-
-The `user.js` — a configuration file that controls Firefox settings — is curated from these guides.
-
-| List      | Description |
-|:---------:|-------------|
-| [Fastfox](https://github.com/yokoffing/Betterfox/blob/main/Fastfox.js)   | Increase Firefox's browsing speed. Give Chrome a run for its money!|
-| [Securefox](https://github.com/yokoffing/Betterfox/blob/main/Securefox.js) | Protect user data without causing site breakage. |
-| [Peskyfox](https://github.com/yokoffing/Betterfox/blob/main/Peskyfox.js)  | Provide a clean, distraction-free browsing experience. |
-| [Smoothfox](https://github.com/yokoffing/Betterfox/blob/main/Smoothfox.js) | Get Edge-like smooth scrolling on your favorite browser — or choose something more your style. |
-| [user.js](https://github.com/yokoffing/Betterfox/blob/main/user.js) | All the essentials. None of the breakage. This is your `user.js`. |
-
-## Recognition
-
-### Browser Integration
-> [!IMPORTANT]
-> While the browsers listed below incorporate Betterfox to some extent, they often modify it in ways that reduce its effectiveness. For optimal results, apply the `user.js` file even when using Firefox forks.
-
-* [Zen](https://github.com/zen-browser/desktop?tab=readme-ov-file) | [files](https://github.com/zen-browser/desktop/blob/stable/src/browser/app/profile/zen-browser.js) (July 2024)
-* [FireDragon](https://github.com/dr460nf1r3/firedragon-browser/blob/master/README.md) | [files](https://github.com/dr460nf1r3/firedragon-browser/blob/55fc6e5029542cd90fabe23cb44c89568d74d006/firedragon.cfg#L822-L824) (Jan 2024?)
-* [Midori](https://github.com/goastian/midori-desktop/blob/ESR115/README.md) | [files](https://github.com/goastian/midori-desktop/blob/f3d8d96eb8e08f35a64e3c957bea4e839d7c7730/floorp/browser/components/userjsUtils.sys.mjs#L28-L33) (Dec 2023?)
-* [Mercury](https://github.com/Alex313031/Mercury/releases/tag/v.115.3.0) | [files](https://github.com/Alex313031/Mercury/commit/eb9600f9fb8f48c8f5b5c6f3264fbcdb5caff7f5) (Sep 2023)
-* [Waterfox](https://www.waterfox.net/docs/releases/G6.0/) | [files](https://github.com/WaterfoxCo/Waterfox/tree/current/waterfox/browser/app/profile) (Sep 2023)
-* [Floorp](https://github.com/Floorp-Projects/Floorp#-betterfox) <sup>[1](https://github.com/Floorp-Projects/Floorp/issues/233#issuecomment-1543557167) [2](https://blog.ablaze.one/3135/2023-04-01/)</sup> | [files](https://github.com/Floorp-Projects/Floorp/blob/ESR115/floorp/browser/components/preferences/userjs.inc.xhtml) (Apr 2023)
-* [Pulse](https://github.com/pulse-browser/browser#%EF%B8%8F-credits) | [files](https://github.com/pulse-browser/browser/tree/alpha/src/browser/app/profile) (Dec 2021)
-* [Ghostery Private Browser](https://github.com/ghostery/user-agent-desktop#community) <sup>[1](https://web.archive.org/web/20210509171835/https://www.ghostery.com/ghostery-dawn-update-more/) [2](https://web.archive.org/web/20210921114333/https://www.ghostery.com/ghostery-dawn-product-update/)</sup> | [files](https://github.com/ghostery/user-agent-desktop/tree/main/brands/ghostery/branding/pref) (Feb 2021)
-
-### YouTube
-* [A Better Firefox](https://youtu.be/JuHIwCFx34Q?si=1dx39t3HX5kzNVj-&t=133) (Mar 2025)
-* [Ditch Chrome for One Of These BETTER BROWSERS!](https://youtu.be/ygkxFc8SZlc?si=m5NQe-b_oFXs5crb&t=230) (Aug 2024)
-* [The ULTIMATE Browser Tier List](https://youtu.be/j5r6jFE8gic?t=560) (Mar 2023)
-* [I Hate Firefox. But I'm Still Switching Back to It.](https://youtu.be/w0SJFED5xK0?t=220) (Nov 2022)
-* [Español] [Optimize and Accelerate Firefox](https://www.youtube.com/watch?v=3XtoONmq5_Q) (Nov 2022) 
-* [How To Improve Firefox Performance](https://www.youtube.com/watch?v=N8IOJiOFVEk) (Dec 2021)
-
-### Podcasts
-* [Italian] [Digitalia.fm](https://digitalia.fm/684/) | 1:41:35–1:42:41 (July 2023)
-* [GhoSTORIES with Franz & Pete](https://anchor.fm/ghostories/episodes/S2E6-We-Talking-Ghostery-Dawn----Again-er0q02/a-a4o5vmh) | 17:05–18:40 (Feb 2021)
-
-### Articles
-* [Español] [Firefox is an excellent browser, but this small modification makes it much faster and more private](https://www.genbeta.com/a-fondo/firefox-excelente-navegador-esta-pequena-modificacion-hace-mucho-rapido-privado-asi-funciona-betterfox) (Jan 2025)
-* [Browsers for Daily Use](https://anhkhoakz.neocities.org/blog/browsers-for-daily-using/#firefox-but-hardened) (Jan 2024)
-* [Avoiding Manifest V3 – Escaping the Ad-Pocalypse](https://www.xbitlabs.com/avoiding-manifest-v3/) (Dec 2023)
-* [German] [Pulse Browser Review: Firefox fork with Turbo tweaks and Opera sidebar](https://www.computerbild.de/artikel/cb-Tipps-Software-Pulse-Browser-Review-ein-Firefox-Fork-mit-Seitenleiste-wie-bei-Opera-35644139.html#:~:text=Noch%20mehr%20Speed%2DFeatures) (Apr 2023)
-* [2023 Browser Showdown: Comparing Chrome, Brave, Firefox, Vivaldi, and Opera](https://www.appdate.lk/technology/2023-browser-showdown/) (Jan 2023)
-
-### Guides
-* [FMHY Browser Tools: Privacy Tweaks](https://www.reddit.com/r/FREEMEDIAHECKYEAH/wiki/storage/#wiki_privacy_based_browsers)
-* [Firefox-UI-Fix](https://github.com/black7375/Firefox-UI-Fix/wiki/Tips#privacy)
-* [Narsil/desktop_user.js](https://git.nixnet.services/Narsil/desktop_user.js#thanks)
-* [pyllyukko/user.js](https://github.com/pyllyukko/user.js) [comparator](https://jm42.github.io/compare-user.js/)
-
-### Reviews
-* “I use this one ... The performance is absolutely amazing. There’s definitely a huge difference when it comes to loading sites.” - [DIRIKtv](https://youtu.be/N8IOJiOFVEk?t=16)
-* "BetterFox ... will provide good-enough privacy and help with performance." - [Qdoit12Super](https://old.reddit.com/r/browsers/comments/139h4my/suggestion_for_finding_3_good_privacy_focus/jj3n3qn/?context=2)
-* "...drastically changed the experience with Firefox for me. Improved speed, security, smoothness, and removed clutter." - [AppDate](https://www.appdate.lk/technology/2023-browser-showdown/#:~:text=Used%20the%20BetterFox%20user%20config%20settings%20with%20some%20overrides%20which%20drastically%20changed%20the%20experience)
-* "Firefox with uBlock Origin extension and tuned with Betterfox is faster than Safari."  - [cugeloid](https://elephas.app/blog/best-browsers-mac#what-is-the-best-browser-for-mac-according-to-redditandnbsp)
-* "I don't think I could use Firefox without Betterfox." - [Professional_Fun4616](https://old.reddit.com/r/nextdns/comments/15y815f/the_people_behind_betterfox_have_this_awesome/jxb7cir/?context=3)
-* "The best collection of tweaks available." - [AuRiMaS](https://old.reddit.com/r/MozillaFirefox/comments/15cc1vk/about_changes_in_aboutconfig/jtyx910/?context=3)
-* "FF is now much snappier!" - [whotheff](https://old.reddit.com/r/firefox/comments/z5auzi/firefox_not_properly_usingrecognizing_gpu_poor/iy36hyz/)
-* "...the experience is so good now I don’t think I’ll go back to any of the chromium based browsers." - [Mr_Compromise](https://old.reddit.com/r/pcmasterrace/comments/zwioe1/what_browser_will_you_be_using_in_2023_please/j1wmbxo/)
-
 ## Support
 
 If you like the project, leave a :star: (top right) and become a [stargazer](https://github.com/yokoffing/Betterfox/stargazers)!

Securefox.js

@@ -3,7 +3,7 @@
  * Securefox                                                                *
  * "Natura non contristatur"                                                *     
  * priority: provide sensible security and privacy                          *
- * version: 146                                                             *
+ * version: 142                                                             *
  * url: https://github.com/yokoffing/Betterfox                              *
  * credit: Most prefs are reproduced and adapted from the arkenfox project  *
  * credit urL: https://github.com/arkenfox/user.js                          *
@@ -12,16 +12,19 @@
 /****************************************************************************
  * SECTION: TRACKING PROTECTION                                             *
 ****************************************************************************/
-// PREF: enable ETP Strict Mode [FF86+]
-// ETP Strict Mode enables Total Cookie Protection (TCP)
-// [NOTE] Adding site exceptions disables all ETP protections for that site and increases the risk of
-// cross-site state tracking e.g. exceptions for SiteA and SiteB means PartyC on both sites is shared
-// [1] https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/
-// [2] https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop
-// [3] https://www.reddit.com/r/firefox/comments/l7xetb/network_priority_for_firefoxs_enhanced_tracking/gle2mqn/?web2x&context=3
-// [SETTING] to add site exceptions: Urlbar>ETP Shield
-// [SETTING] to manage site exceptions: Options>Privacy & Security>Enhanced Tracking Protection>Manage Exceptions
-user_pref("browser.contentblocking.category", "strict"); // [HIDDEN PREF]
+
+// PREF: Enhanced Tracking Protection (ETP)
+// Tracking Content blocking will strip cookies and block all resource requests to domains listed in Disconnect.me.
+// Firefox deletes all stored site data (incl. cookies, browser storage) if the site is a known tracker and hasn’t
+// been interacted with in the last 30 days.
+// [ALLOWLIST] https://disconnect.me/trackerprotection/unblocked
+// [NOTE] FF86: "Strict" tracking protection enables dFPI.
+// [1] https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop
+// [2] https://www.reddit.com/r/firefox/comments/l7xetb/network_priority_for_firefoxs_enhanced_tracking/gle2mqn/?web2x&context=3
+user_pref("browser.contentblocking.category", "strict"); // [HIDDEN]
+// [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1970647
+user_pref("privacy.trackingprotection.allow_list.baseline.enabled", true); // [FF142+]
+user_pref("privacy.trackingprotection.allow_list.convenience.enabled", true); // [FF142+]
 //user_pref("privacy.trackingprotection.enabled", true); // enabled with "Strict"
 //user_pref("privacy.trackingprotection.pbmode.enabled", true); // DEFAULT
 //user_pref("browser.contentblocking.customBlockList.preferences.ui.enabled", false); // DEFAULT
@@ -41,21 +44,6 @@ user_pref("browser.contentblocking.category", "strict"); // [HIDDEN PREF]
 //user_pref("privacy.bounceTrackingProtection.mode", 1); // [FF131+] [ETP FF133+]
 // [1] https://searchfox.org/mozilla-central/source/toolkit/components/antitracking/bouncetrackingprotection/nsIBounceTrackingProtection.idl#11-23
 
-// PREF: disable ETP web compat features (about:compat) [FF93+]
-// [SETUP-HARDEN] Includes skip lists, heuristics (SmartBlock) and automatic grants
-// Opener and redirect heuristics are granted for 30 days, see [3]
-// [1] https://blog.mozilla.org/security/2021/07/13/smartblock-v2/
-// [2] https://hg.mozilla.org/mozilla-central/rev/e5483fd469ab#l4.12
-// [3] https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning#storage_access_heuristics
-    // user_pref("privacy.antitracking.enableWebcompat", false);
-
-// PREF: set ETP Strict/Custom exception lists (FF141+)
-// [SETTING] Options>Privacy & Security>Enhanced Tracking Protection>Strict/Custom>Fix major [baseline] | minor [convenience]
-// [1] https://support.mozilla.org/en-US/kb/manage-enhanced-tracking-protection-exceptions
-// [2] https://etp-exceptions.mozilla.org/
-// user_pref("privacy.trackingprotection.allow_list.baseline.enabled", true); // [DEFAULT: true]
-// user_pref("privacy.trackingprotection.allow_list.convenience.enabled", true); // [DEFAULT: true]
-
 // PREF: query stripping
 // Currently uses a small list [1]
 // We set the same query stripping list that Brave and LibreWolf uses [2]
@@ -87,8 +75,8 @@ user_pref("browser.contentblocking.category", "strict"); // [HIDDEN PREF]
 // [1] https://www.reddit.com/r/firefox/comments/l79nxy/firefox_dev_is_ignoring_social_tracking_preference/gl84ukk
 // [2] https://www.reddit.com/r/firefox/comments/pvds9m/reddit_embeds_not_loading/
 // [3] https://github.com/yokoffing/Betterfox/issues/413
-//user_pref("urlclassifier.trackingSkipURLs", "*://embed.reddit.com/*,*://*.twitter.com/*,*://*.twimg.com/*"); // MANUAL
-//user_pref("urlclassifier.features.socialtracking.skipURLs", "*://*.twitter.com/*,*://*.twimg.com/*"); // MANUAL
+//user_pref("urlclassifier.trackingSkipURLs", "embed.reddit.com, *.twitter.com, *.twimg.com"); // MANUAL [FF136+]
+//user_pref("urlclassifier.features.socialtracking.skipURLs", "*.twitter.com, *.twimg.com"); // MANUAL [FF136+]
 
 // PREF: allow embedded tweets, Instagram and Reddit posts, and TikTok embeds [before FF136+]
 //user_pref("urlclassifier.trackingSkipURLs", "*.reddit.com, *.twitter.com, *.twimg.com, *.tiktok.com"); // MANUAL
@@ -213,9 +201,8 @@ user_pref("browser.contentblocking.category", "strict"); // [HIDDEN PREF]
 // PREF: remove temp files opened from non-PB windows with an external application
 // [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=302433,1738574
 // [2] https://github.com/arkenfox/user.js/issues/1732
-// [3] https://bugzilla.mozilla.org/302433
 user_pref("browser.download.start_downloads_in_tmp_dir", true); // [FF102+]
-//user_pref("browser.helperApps.deleteTempFileOnExit", true); // DEFAULT [FF108]
+user_pref("browser.helperApps.deleteTempFileOnExit", true);
 
 // PREF: disable UITour backend
 // This way, there is no chance that a remote page can use it.
@@ -289,12 +276,12 @@ user_pref("security.OCSP.enabled", 0);
 // CRLite is faster and more private than OCSP [2].
 // 0 = disabled
 // 1 = consult CRLite but only collect telemetry
-// 2 = consult CRLite and enforce both "Revoked" and "Not Revoked" results (default)
-// 3 = consult CRLite and enforce "Not Revoked" results, but defer to OCSP for "Revoked" (removed FF145)
+// 2 = consult CRLite and enforce both "Revoked" and "Not Revoked" results
+// 3 = consult CRLite and enforce "Not Revoked" results, but defer to OCSP for "Revoked" [FF99+, default FF100+]
 // [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1429800,1670985,1753071
 // [2] https://blog.mozilla.org/security/tag/crlite/
 //user_pref("security.remote_settings.crlite_filters.enabled", true); // [DEFAULT: true FF137+]
-//user_pref("security.pki.crlite_mode", 2); // [DEFAULT: 2 FF142+]
+user_pref("security.pki.crlite_mode", 2);
 
 // PREF: HTTP Public Key Pinning (HPKP)
 // HPKP enhances the security of SSL certificates by associating
@@ -334,7 +321,7 @@ user_pref("security.OCSP.enabled", 0);
 //user_pref("browser.contentanalysis.default_result", 0; // [FF127+] [DEFAULT]
 
 // PREF: disable referrer and storage access for resources injected by content scripts [FF139+]
-user_pref("privacy.antitracking.isolateContentScriptResources", true);
+//user_pref("privacy.antitracking.isolateContentScriptResources", true);
 
 // PREF: disable CSP Level 2 Reporting [FF140+]
 // [1] https://github.com/yokoffing/Betterfox/issues/415
@@ -459,6 +446,10 @@ user_pref("browser.sessionstore.interval", 60000); // 1 minute; default=15000 (1
 // Favicons are stored as .ico files in profile_dir\shortcutCache.
 //user_pref("browser.shell.shortcutFavicons", false);
 
+// PREF: remove temp files opened with an external application
+// [1] https://bugzilla.mozilla.org/302433
+//user_pref("browser.helperApps.deleteTempFileOnExit", true); // DEFAULT [FF108]
+
 // PREF: disable page thumbnails capturing
 // Page thumbnails are only used in chrome/privileged contexts.
 //user_pref("browser.pagethumbnails.capturing_disabled", true); // [HIDDEN PREF]
@@ -506,14 +497,6 @@ user_pref("browser.sessionstore.interval", 60000); // 1 minute; default=15000 (1
 // PREF: purge session icon in Private Browsing windows
 user_pref("browser.privatebrowsing.resetPBM.enabled", true);
 
-// PREF: delete files downloaded in Private Browsing when all private windows are closed
-// When downloading a file in private browsing mode, the user will be prompted
-// to chose whether they want to keep or delete files that are downloaded
-// while in private browsing. 
-//user_pref("browser.download.enableDeletePrivate", true);
-//user_pref("browser.download.deletePrivateChosen", true);
-//user_pref("browser.download.deletePrivate", true);
-
 /******************************************************************************
  * SECTION: SHUTDOWN & SANITIZING                                             *
 ******************************************************************************/
@@ -673,14 +656,16 @@ user_pref("network.IDN_show_punycode", true);
 /******************************************************************************
  * SECTION: HTTPS-FIRST POLICY                          *
 ******************************************************************************/
+
 // PREF: HTTPS-First Policy
 // Firefox attempts to make all connections to websites secure,
 // and falls back to insecure connections only when a website
 // does not support it. Unlike HTTPS-Only Mode, Firefox
 // will NOT ask for your permission before connecting to a website
 // that doesn’t support secure connections.
-// As of October 2025, Google estimates that 3-5% of traffic
-// is insecure, allowing attackers to eavesdrop on or change that data [8].
+// As of August 2023, Google estimates that 5-10% of traffic
+// has remained on HTTP, allowing attackers to eavesdrop
+// on or change that data [6].
 // [NOTE] HTTPS-Only Mode needs to be disabled for HTTPS First to work.
 // [TEST] http://example.com [upgrade]
 // [TEST] http://httpforever.com/ [no upgrade]
@@ -691,21 +676,10 @@ user_pref("network.IDN_show_punycode", true);
 // [5] https://www.cloudflare.com/learning/ssl/why-use-https/
 // [6] https://blog.chromium.org/2023/08/towards-https-by-default.html
 // [7] https://attackanddefense.dev/2025/03/31/https-first-in-firefox-136.html
-// [8] https://security.googleblog.com/2025/10/https-by-default.html
 //user_pref("dom.security.https_first", true); // [DEFAULT FF136+]
 //user_pref("dom.security.https_first_pbm", true); // [DEFAULT FF91+]
 //user_pref("dom.security.https_first_schemeless", true); // [FF120+] [DEFAULT FF129+]
 
-// PREF: block insecure passive content (images) on HTTPS pages
-// [WARNING] This preference blocks all mixed content, including upgradable.
-// Firefox still attempts an HTTP connection if it can't find a secure one,
-// even with HTTPS First Policy. Although rare, this leaves a small risk of
-// a malicious image being served through a MITM attack.
-// Disable this pref if using HTTPS-Only Mode.
-// [NOTE] Enterprise users may need to enable this setting [1].
-// [1] https://blog.mozilla.org/security/2024/06/05/firefox-will-upgrade-more-mixed-content-in-version-127/
-//user_pref("security.mixed_content.block_display_content", true); // Defense-in-depth (see HTTPS-Only mode)
-
 /******************************************************************************
  * SECTION: HTTPS-ONLY MODE                              *
 ******************************************************************************/
@@ -714,8 +688,9 @@ user_pref("network.IDN_show_punycode", true);
 // by a server. Options to use HTTP are then provided.
 // [NOTE] When "https_only_mode" (all windows) is true,
 // "https_only_mode_pbm" (private windows only) is ignored.
-// As of October 2025, Google estimates that 3-5% of traffic
-// is insecure, allowing attackers to eavesdrop on or change that data [6].
+// As of August 2023, Google estimates that 5-10% of traffic
+// has remained on HTTP, allowing attackers to eavesdrop
+// on or change that data [5].
 // [SETTING] to add site exceptions: Padlock>HTTPS-Only mode>On/Off/Off temporarily
 // [SETTING] Privacy & Security>HTTPS-Only Mode
 // [TEST] http://example.com [upgrade]
@@ -725,23 +700,17 @@ user_pref("network.IDN_show_punycode", true);
 // [3] https://web.dev/why-https-matters/
 // [4] https://www.cloudflare.com/learning/ssl/why-use-https/
 // [5] https://blog.chromium.org/2023/08/towards-https-by-default.html
-// [6] https://security.googleblog.com/2025/10/https-by-default.html
 
-// PREF: enable HTTPS-Only mode in all windows
-// When the top-level is HTTPS, insecure subresources are also upgraded (silent fail)
-// [SETTING] to add site exceptions: Padlock>HTTPS-Only mode>On (after "Continue to HTTP Site")
-// [SETTING] Privacy & Security>HTTPS-Only Mode (and manage exceptions)
-// [TEST] http://example.com [upgrade]
-// [TEST] http://httpforever.com/ | http://http.rip [no upgrade]
-user_pref("dom.security.https_only_mode", true); // [FF76+]
-    //user_pref("dom.security.https_only_mode_pbm", true); // [FF80+] Private Browsing windows only
+// PREF: enable HTTPS-only Mode
+//user_pref("dom.security.https_only_mode_pbm", true); // Private Browsing windows only
+//user_pref("dom.security.https_only_mode", true); // Normal + Private Browsing windows
 
 // PREF: offer suggestion for HTTPS site when available
 // [1] https://x.com/leli_gibts_scho/status/1371463866606059528
-user_pref("dom.security.https_only_mode_error_page_user_suggestions", true);
+//user_pref("dom.security.https_only_mode_error_page_user_suggestions", true);
 
 // PREF: HTTP background requests in HTTPS-only Mode
-// When attempting to upgrade, if the server doesn't respond within a few seconds,
+// When attempting to upgrade, if the server doesn't respond within 3 seconds[=default time],
 // Firefox sends HTTP requests in order to check if the server supports HTTPS or not.
 // This is done to avoid waiting for a timeout which takes 90 seconds.
 // Firefox only sends top level domain when falling back to http.
@@ -750,6 +719,10 @@ user_pref("dom.security.https_only_mode_error_page_user_suggestions", true);
 // [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1642387,1660945
 // [2] https://blog.mozilla.org/attack-and-defense/2021/03/10/insights-into-https-only-mode/
 //user_pref("dom.security.https_only_mode_send_http_background_request", true); // DEFAULT
+    //user_pref("dom.security.https_only_fire_http_request_background_timer_ms", 3000); // DEFAULT
+
+// PREF: disable HTTPS-Only mode for local resources
+//user_pref("dom.security.https_only_mode.upgrade_local", false); // DEFAULT
 
 /******************************************************************************
  * SECTION: DNS-over-HTTPS                                                    *
@@ -946,10 +919,6 @@ user_pref("editor.truncate_user_pastes", false);
 // [DO NOT TOUCH] Icons will double-up if the website implements it natively.
 //user_pref("layout.forms.reveal-password-button.enabled", true); // always show icon in password fields
 
-// PREF: disable automatic authentication on Microsoft sites [WINDOWS]
-// [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1695693,1719301
-//user_pref("network.http.windows-sso.enabled", false);
-
 /****************************************************************************
  * SECTION: ADDRESS + CREDIT CARD MANAGER                                   *
 ****************************************************************************/
@@ -961,6 +930,32 @@ user_pref("editor.truncate_user_pastes", false);
 //user_pref("extensions.formautofill.addresses.enabled", false);
 //user_pref("extensions.formautofill.creditCards.enabled", false);
 
+/******************************************************************************
+ * SECTION: MIXED CONTENT + CROSS-SITE                                       *
+******************************************************************************/
+
+// PREF: block insecure passive content (images) on HTTPS pages
+// [WARNING] This preference blocks all mixed content, including upgradable.
+// Firefox still attempts an HTTP connection if it can't find a secure one,
+// even with HTTPS First Policy. Although rare, this leaves a small risk of
+// a malicious image being served through a MITM attack.
+// Disable this pref if using HTTPS-Only Mode.
+// [NOTE] Enterprise users may need to enable this setting [1].
+// [1] https://blog.mozilla.org/security/2024/06/05/firefox-will-upgrade-more-mixed-content-in-version-127/
+user_pref("security.mixed_content.block_display_content", true);
+
+// PREF: allow PDFs to load javascript
+// https://www.reddit.com/r/uBlockOrigin/comments/mulc86/firefox_88_now_supports_javascript_in_pdf_files/
+user_pref("pdfjs.enableScripting", false);
+
+// PREF: disable middle click on new tab button opening URLs or searches using clipboard [FF115+]
+// Enable if you're using LINUX.
+//user_pref("browser.tabs.searchclipboardfor.middleclick", false); // DEFAULT WINDOWS macOS
+
+// PREF: disable automatic authentication on Microsoft sites [WINDOWS]
+// [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1695693,1719301
+//user_pref("network.http.windows-sso.enabled", false);
+
 /****************************************************************************
  * SECTION: EXTENSIONS                                                      *
 ****************************************************************************/
@@ -1135,53 +1130,6 @@ user_pref("privacy.userContext.ui.enabled", true);
     // Optionally, hide the setting which also disables the DRM prompt:
     //user_pref("browser.eme.ui.enabled", false);
 
-/******************************************************************************
- * SECTION: JIT                                                              *
-******************************************************************************/
-// PREF: Just-In-Time Compilation
-// Around half of zero-day exploits are directly related to "just in time"
-// (JIT) compilers, and disabling that can greatly improve your protection against
-// these potential exploits.
-// [1] https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/
-// [2] https://www.youtube.com/watch?v=i7qlZeDt9o4
-
-// PREF: JavaScript JIT
-// PREF: disable Ion and baseline JIT to harden against JS exploits
-// [NOTE] When both Ion and JIT are disabled, and trustedprincipals
-// is enabled, then Ion can still be used by extensions [4].
-// Tor Browser doesn't even ship with these disabled by default.
-// [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=firefox+jit
-// [2] https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/
-// [3] https://support.microsoft.com/en-us/microsoft-edge/enhance-your-security-on-the-web-with-microsoft-edge-b8199f13-b21b-4a08-a806-daed31a1929d
-// [4] https://bugzilla.mozilla.org/show_bug.cgi?id=1599226
-// [5] https://wiki.mozilla.org/IonMonkey
-// [6] https://github.com/arkenfox/user.js/issues/1791#issuecomment-1891273681
-//user_pref("javascript.options.baselinejit", false);
-//user_pref("javascript.options.ion", false);
-//user_pref("javascript.options.jit_trustedprincipals", false);
-
-// PREF: WebAssembly JIT [FF52+]
-// Vulnerabilities [1] have increasingly been found, including those known and fixed
-// in native programs years ago [2]. WASM has powerful low-level access, making
-// certain attacks (brute-force) and vulnerabilities more possible.
-// [STATS] ~0.2% of websites, about half of which are for cryptomining / malvertising [2][3]
-// [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=wasm
-// [2] https://spectrum.ieee.org/tech-talk/telecom/security/more-worries-over-the-security-of-web-assembly
-// [3] https://www.zdnet.com/article/half-of-the-websites-using-webassembly-use-it-for-malicious-purposes
-//user_pref("javascript.options.wasm", false);
-    //user_pref("javascript.options.wasm_trustedprincipals", false);
-    //user_pref("javascript.options.wasm_baselinejit", false);
-    //user_pref("javascript.options.wasm_optimizingjit", false);
-
-// PREF: Asm.js JIT [FF22+]
-// [1] http://asmjs.org/
-// [2] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=asm.js
-// [3] https://rh0dev.github.io/blog/2017/the-return-of-the-jit/
-//user_pref("javascript.options.asmjs", false);
-
-// PREF: Blinterp (JIT-like)
-//user_pref("javascript.options.blinterp", false);
-     
 /******************************************************************************
  * SECTION: VARIOUS                                                          *
 ******************************************************************************/
@@ -1195,28 +1143,40 @@ user_pref("privacy.userContext.ui.enabled", true);
 // If this is less than 5, then pasting code into the web console is disabled.
 //user_pref("devtools.selfxss.count", 5);
 
-// PREF: disable middle click on new tab button opening URLs or searches using clipboard [FF115+]
-// Enable if you're using LINUX.
-//user_pref("browser.tabs.searchclipboardfor.middleclick", false); // DEFAULT WINDOWS macOS
+// PREF: disable asm.js [FF22+]
+// [WARNING] Disabling this pref may disrupt your browsing experience.
+// [1] http://asmjs.org/
+// [2] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=asm.js
+// [3] https://rh0dev.github.io/blog/2017/the-return-of-the-jit/
+//user_pref("javascript.options.asmjs", false);
 
-// PREF: do not allow PDFs to load javascript
-// [1] https://www.reddit.com/r/uBlockOrigin/comments/mulc86/firefox_88_now_supports_javascript_in_pdf_files/
+// PREF: disable Ion and baseline JIT to harden against JS exploits
+// [NOTE] When both Ion and JIT are disabled, and trustedprincipals
+// is enabled, then Ion can still be used by extensions [4].
+// [WARNING] Disabling these prefs will disrupt your browsing experience [6].
+// Tor Browser doesn't even ship with these disabled by default.
+// [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=firefox+jit
+// [2] https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/
+// [3] https://support.microsoft.com/en-us/microsoft-edge/enhance-your-security-on-the-web-with-microsoft-edge-b8199f13-b21b-4a08-a806-daed31a1929d
+// [4] https://bugzilla.mozilla.org/show_bug.cgi?id=1599226
+// [5] https://wiki.mozilla.org/IonMonkey
+// [6] https://github.com/arkenfox/user.js/issues/1791#issuecomment-1891273681
+//user_pref("javascript.options.ion", false);
+//user_pref("javascript.options.baselinejit", false);
+//user_pref("javascript.options.jit_trustedprincipals", true); // [FF75+] [HIDDEN PREF]
 
-// PREF: enforce PDFJS, disable PDFJS scripting
-// This setting controls if the option "Display in Firefox" is available in the setting below
-// and by effect controls whether PDFs are handled in-browser or externally ("Ask" or "Open With").
-// [WHY] pdfjs is lightweight, open source, and secure: the last exploit was June 2015 [1].
-// It doesn't break "state separation" of browser content (by not sharing with OS, independent apps).
-// It maintains disk avoidance and application data isolation. It's convenient. You can still save to disk.
-// [NOTE] JS can still force a pdf to open in-browser by bundling its own code.
-// [SETUP-CHROME] You may prefer a different pdf reader for security/workflow reasons.
-// [SETTING] General>Applications>Portable Document Format (PDF)
-// [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=pdf.js+firefox
-// [2] https://www.reddit.com/r/uBlockOrigin/comments/mulc86/firefox_88_now_supports_javascript_in_pdf_files/
-//user_pref("pdfjs.disabled", false); // [DEFAULT: false]
-user_pref("pdfjs.enableScripting", false); // [FF86+]
+// PREF: disable WebAssembly [FF52+]
+// [WARNING] Disabling this pref may disrupt your browsing experience.
+// Vulnerabilities [1] have increasingly been found, including those known and fixed
+// in native programs years ago [2]. WASM has powerful low-level access, making
+// certain attacks (brute-force) and vulnerabilities more possible.
+// [STATS] ~0.2% of websites, about half of which are for cryptomining / malvertising [2][3]
+// [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=wasm
+// [2] https://spectrum.ieee.org/tech-talk/telecom/security/more-worries-over-the-security-of-web-assembly
+// [3] https://www.zdnet.com/article/half-of-the-websites-using-webassembly-use-it-for-malicious-purposes
+//user_pref("javascript.options.wasm", false);
 
- /******************************************************************************
+/******************************************************************************
  * SECTION: SAFE BROWSING (SB)                                               *
 ******************************************************************************/
 
@@ -1417,7 +1377,6 @@ user_pref("toolkit.telemetry.firstShutdownPing.enabled", false);
 
 // PREF: disable Telemetry Coverage
 // [1] https://blog.mozilla.org/data/2018/08/20/effectively-measuring-search-in-firefox/
-// [2] https://github.com/yokoffing/Betterfox/issues/443
 user_pref("toolkit.telemetry.coverage.opt-out", true); // [HIDDEN PREF]
 user_pref("toolkit.coverage.opt-out", true); // [FF64+] [HIDDEN PREF]
 user_pref("toolkit.coverage.endpoint.base", "");

install.py

@@ -65,11 +65,6 @@ INSTALLATIONS_TO_CHECK = [
         "command": ["flatpak", "run", "org.mozilla.firefox"],
         "root": Path.home().joinpath(".var/app/org.mozilla.firefox/.mozilla/firefox").absolute(),
     },
-    # macOS
-    {
-        "command": ["/Applications/Firefox.app/Contents/MacOS/firefox"],
-        "root": Path.home().joinpath("Library/Application Support/Firefox").absolute(),
-    },
 ]
 
 

personal/user-overrides.js

@@ -28,10 +28,10 @@ user_pref("network.http.speculative-parallel-limit", 20);
 user_pref("browser.urlbar.speculativeConnect.enabled", true);
 user_pref("browser.places.speculativeConnect.enabled", true);
 user_pref("network.prefetch-next", true);
+
 user_pref("network.http.max-persistent-connections-per-server", 20); // increase download connections
 
 /** SECUREFOX ***/
-user_pref("privacy.trackingprotection.allow_list.convenience.enabled", false); // disable Strict allowlist of convenience features
 user_pref("signon.rememberSignons", false); // disable password manager
 user_pref("extensions.formautofill.addresses.enabled", false); // disable address manager
 user_pref("extensions.formautofill.creditCards.enabled", false); // disable credit card manager
@@ -57,9 +57,6 @@ user_pref("security.cert_pinning.enforcement_level", 2); // strict public key pi
 user_pref("captivedetect.canonicalURL", ""); // disable captive portal detection
 user_pref("network.captive-portal-service.enabled", false); // disable captive portal detection
 user_pref("network.connectivity-service.enabled", false); // disable captive portal detection
-user_pref("browser.download.enableDeletePrivate", true); // Delete files downloaded in private browsing when all private windows are closed
-user_pref("browser.download.deletePrivateChosen", true); // Delete files downloaded in private browsing when all private windows are closed
-user_pref("browser.download.deletePrivate", true); // Delete files downloaded in private browsing when all private windows are closed
 
 /** PESKYFOX ***/
 user_pref("devtools.accessibility.enabled", false); // removes un-needed "Inspect Accessibility Properties" on right-click
@@ -153,5 +150,3 @@ user_pref("network.trr.mode", 2); // enable TRR (with System fallback)
 user_pref("network.trr.max-fails", 5); // lower max attempts to use DoH
 user_pref("geo.provider.use_geoclue", false); // [LINUX]
 user_pref("pdfjs.defaultZoomValue", "page-width"); // PDF zoom level
-
-

user.js

@@ -10,50 +10,20 @@
 /****************************************************************************
  * Betterfox                                                                *
  * "Ad meliora"                                                             *
- * version: 146                                                             *
+ * version: 140.8 ESR                                                       *
  * url: https://github.com/yokoffing/Betterfox                              *
 ****************************************************************************/
 
 /****************************************************************************
  * SECTION: FASTFOX                                                         *
 ****************************************************************************/
-/** GENERAL ***/
-user_pref("gfx.content.skia-font-cache-size", 32);
-
-/** GFX ***/
-user_pref("gfx.webrender.layer-compositor", true);
-user_pref("gfx.canvas.accelerated.cache-items", 32768);
-user_pref("gfx.canvas.accelerated.cache-size", 4096);
-user_pref("webgl.max-size", 16384);
-
 /** DISK CACHE ***/
 user_pref("browser.cache.disk.enable", false);
 
-/** MEMORY CACHE ***/
-user_pref("browser.cache.memory.capacity", 131072);
-user_pref("browser.cache.memory.max_entry_size", 20480);
-user_pref("browser.sessionhistory.max_total_viewers", 4);
-user_pref("browser.sessionstore.max_tabs_undo", 10);
-
 /** MEDIA CACHE ***/
-user_pref("media.memory_cache_max_size", 262144);
-user_pref("media.memory_caches_combined_limit_kb", 1048576);
-user_pref("media.cache_readahead_limit", 600);
-user_pref("media.cache_resume_threshold", 300);
-
-/** IMAGE CACHE ***/
-user_pref("image.cache.size", 10485760);
-user_pref("image.mem.decode_bytes_at_a_time", 65536);
-
-/** NETWORK ***/
-user_pref("network.http.max-connections", 1800);
-user_pref("network.http.max-persistent-connections-per-server", 10);
-user_pref("network.http.max-urgent-start-excessive-connections-per-host", 5);
-user_pref("network.http.request.max-start-delay", 5);
-user_pref("network.http.pacing.requests.enabled", false);
-user_pref("network.dnsCacheEntries", 10000);
-user_pref("network.dnsCacheExpiration", 3600);
-user_pref("network.ssl_tokens_cache_capacity", 10240);
+user_pref("media.memory_cache_max_size", 65536);
+user_pref("media.cache_readahead_limit", 7200);
+user_pref("media.cache_resume_threshold", 3600);
 
 /** SPECULATIVE LOADING ***/
 user_pref("network.http.speculative-parallel-limit", 0);
@@ -62,6 +32,7 @@ user_pref("network.dns.disablePrefetchFromHTTPS", true);
 user_pref("browser.urlbar.speculativeConnect.enabled", false);
 user_pref("browser.places.speculativeConnect.enabled", false);
 user_pref("network.prefetch-next", false);
+user_pref("network.predictor.enabled", false);
 
 /****************************************************************************
  * SECTION: SECUREFOX                                                       *
@@ -69,12 +40,13 @@ user_pref("network.prefetch-next", false);
 /** TRACKING PROTECTION ***/
 user_pref("browser.contentblocking.category", "strict");
 user_pref("browser.download.start_downloads_in_tmp_dir", true);
+user_pref("browser.helperApps.deleteTempFileOnExit", true);
 user_pref("browser.uitour.enabled", false);
 user_pref("privacy.globalprivacycontrol.enabled", true);
 
 /** OCSP & CERTS / HPKP ***/
 user_pref("security.OCSP.enabled", 0);
-user_pref("privacy.antitracking.isolateContentScriptResources", true);
+user_pref("security.pki.crlite_mode", 2);
 user_pref("security.csp.reporting.enabled", false);
 
 /** SSL / TLS ***/
@@ -87,8 +59,8 @@ user_pref("browser.privatebrowsing.forceMediaMemoryCache", true);
 user_pref("browser.sessionstore.interval", 60000);
 
 /** SHUTDOWN & SANITIZING ***/
-user_pref("privacy.history.custom", true);
 user_pref("browser.privatebrowsing.resetPBM.enabled", true);
+user_pref("privacy.history.custom", true);
 
 /** SEARCH / URL BAR ***/
 user_pref("browser.urlbar.trimHttps", true);
@@ -100,16 +72,16 @@ user_pref("browser.urlbar.groupLabels.enabled", false);
 user_pref("browser.formfill.enable", false);
 user_pref("network.IDN_show_punycode", true);
 
-/** HTTPS-ONLY MODE ***/
-user_pref("dom.security.https_only_mode", true);
-user_pref("dom.security.https_only_mode_error_page_user_suggestions", true);
-
 /** PASSWORDS ***/
 user_pref("signon.formlessCapture.enabled", false);
 user_pref("signon.privateBrowsingCapture.enabled", false);
 user_pref("network.auth.subresource-http-auth-allow", 1);
 user_pref("editor.truncate_user_pastes", false);
 
+/** MIXED CONTENT + CROSS-SITE ***/
+user_pref("security.mixed_content.block_display_content", true);
+user_pref("pdfjs.enableScripting", false);
+
 /** EXTENSIONS ***/
 user_pref("extensions.enabledScopes", 5);
 
@@ -119,9 +91,6 @@ user_pref("network.http.referer.XOriginTrimmingPolicy", 2);
 /** CONTAINERS ***/
 user_pref("privacy.userContext.ui.enabled", true);
 
-/** VARIOUS ***/
-user_pref("pdfjs.enableScripting", false);
-
 /** SAFE BROWSING ***/
 user_pref("browser.safebrowsing.downloads.remote.enabled", false);
 
@@ -165,6 +134,7 @@ user_pref("browser.tabs.crashReporting.sendReport", false);
  * SECTION: PESKYFOX                                                        *
 ****************************************************************************/
 /** MOZILLA UI ***/
+user_pref("browser.privatebrowsing.vpnpromourl", "");
 user_pref("extensions.getAddons.showPane", false);
 user_pref("extensions.htmlaboutaddons.recommendations.enabled", false);
 user_pref("browser.discovery.enabled", false);
@@ -185,9 +155,6 @@ user_pref("browser.privateWindowSeparation.enabled", false); // WINDOWS
 /** AI ***/
 user_pref("browser.ml.enable", false);
 user_pref("browser.ml.chat.enabled", false);
-user_pref("browser.ml.chat.menu", false);
-user_pref("browser.tabs.groups.smart.enabled", false);
-user_pref("browser.ml.linkPreview.enabled", false);
 
 /** FULLSCREEN NOTICE ***/
 user_pref("full-screen-api.transition-duration.enter", "0 0");
@@ -204,6 +171,9 @@ user_pref("browser.newtabpage.activity-stream.feeds.section.topstories", false);
 user_pref("browser.newtabpage.activity-stream.showSponsored", false);
 user_pref("browser.newtabpage.activity-stream.showSponsoredCheckboxes", false);
 
+/** POCKET ***/
+user_pref("extensions.pocket.enabled", false);
+
 /** DOWNLOADS ***/
 user_pref("browser.download.manager.addToRecentDocs", false);
 
@@ -236,3 +206,4 @@ user_pref("layout.word_select.eat_space_to_next_word", false);
 /****************************************************************************
  * END: BETTERFOX                                                           *
 ****************************************************************************/
+