Betterfox

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

Instructions

Open the user.js in a text editor such as Notepad.
Add prefs from the options below to MY OVERRIDES.
Save and close the file.
Return to Required Reading.

Options

Firefox Sync & View

Firefox Sync and Firefox View may be disabled to minimize connections and remove unused UI.

As of Firefox 127 (June 2024), users are no longer able to disable Firefox View. To remove the icon from the tab bar, see How do I remove Firefox View from the tabs bar?.

// PREF: disable Firefox Sync
user_pref("identity.fxaccounts.enabled", false);

// PREF: disable the Firefox View tour from popping up
user_pref("browser.firefox-view.feature-tour", "{\"screen\":\"\",\"complete\":true}");

Password, credit card, and address management

The built-in password manager can be disabled for greater security.

☰ → Settings → Privacy & Security → Logins and Passwords → Ask to save logins and passwords for websites

We recommend using Bitwarden or 1Password to manage your credentials on multiple devices.

// PREF: disable login manager
user_pref("signon.rememberSignons", false);

// PREF: disable address and credit card manager
user_pref("extensions.formautofill.addresses.enabled", false);
user_pref("extensions.formautofill.creditCards.enabled", false);

// PREF: disable passkeys
user_pref("security.webauth.webauthn", false);

Secure DNS

Setup and enforce DNS-over-HTTPS (DoH).

DoH Provider

Use the DoH address below to protect against security threats, ads, and trackers. DNSwarden allows you to combine Hagezi's Normal and Threat Intelligence Feed lists (TIF) for free.

// PREF: set DoH provider
user_pref("network.trr.uri", "https://dns.dnswarden.com/00000000000000000000028"); // Hagezi Normal + TIF

Alternatively, you can follow our Control D configuration guide for more advanced features.

Option 1: Increased Protection

Increased Protection will switch back to your local provider if there are any issues.

Tip

Use this setting if your workplace or university causes issues with alternative DNS.

☰ → Settings → Privacy & Security → DNS over HTTPS → Enable DNS over HTTPS using: → Increased Protection

// PREF: enforce DNS-over-HTTPS (DoH)
user_pref("network.trr.mode", 2);
user_pref("network.trr.max-fails", 5);

Option 2: Max Protection

Max Protection displays user-friendly error pages with custom exceptions.

☰ → Settings → Privacy & Security → DNS over HTTPS → Enable DNS over HTTPS using: → Max Protection

// PREF: enforce DNS-over-HTTPS (DoH)
user_pref("network.trr.mode", 3);

New tab shortcuts

Hide top sites

Remove top sites (pinned site shortcuts) for a clean new tab page.

☰ → Settings → Home → Firefox Home Content

// PREF: hide site shortcut thumbnails on New Tab page
user_pref("browser.newtabpage.activity-stream.feeds.topsites", false);

// PREF: hide weather on New Tab page
user_pref("browser.newtabpage.activity-stream.showWeather", false);

// PREF: hide dropdown suggestions when clicking on the address bar
user_pref("browser.urlbar.suggest.topsites", false);

Alternatives

Bookmark keywords may improve your experience (YouTube example).
Learn how to narrow down suggestions in the URL bar by a specific type of result:
- * for bookmarks
- ^ for browser history
- ? for search suggestions
- and more

Downloads

Always ask where to save files

Make Firefox ask you where to save every download.

☰ → Settings → General → Files and Applications → Downloads → Always ask you where to save files

// PREF: ask where to save every file
user_pref("browser.download.useDownloadDir", false);

Ask to open or save new file types

Firefox will ask you what to do with a download only if it is your first time encountering a file type.

☰ → Settings → General → Files and Applications → Applications → What should Firefox do with other files?

// PREF: ask whether to open or save new file types
user_pref("browser.download.always_ask_before_handling_new_types", true);

Display installation prompt for recommended extensions

When installing a recommended extension, Firefox bypasses the 3rd-party site install panel. This pref forces Firefox to show the prompt.

Note

Firefox still forces user interaction with a permissions prompt, regardless of this setting.

// PREF: display the installation prompt for all extensions
user_pref("extensions.postDownloadThirdPartyPrompt", false);

Public Key Pinning

Public Key Pinning (PKP) is a tool that boosts the safety of SSL certificates by linking a website to its unique security key. This process ensures that the website you're visiting is real and not fake. PKP stops any attempts to trick your computer into connecting with a fraudulent website.

Warning

Sometimes antivirus software — or some other source — won't let you open websites (example). Set it to 1 if you run into issues.

// PREF: enforce certificate pinning
// [ERROR] MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE
// 1 = allow user MiTM (such as your antivirus) (default)
// 2 = strict
user_pref("security.cert_pinning.enforcement_level", 2);

Sanitize on close

These settings automatically clear your browsing data, such as browser history, cookies, and cache, every time you close the browser. Clearing browsing data helps maintain privacy by ensuring that no information is stored on your device after you end your session.

Note

If you have session restore enable, then you will need to use Option 2 to restore previously opened tabs.

Option 1: Clear all browsing data on shutdown

☰ → Settings → Privacy & Security → History → Clear history when Firefox closes

// PREF: delete all browsing data on shutdown
user_pref("privacy.sanitize.sanitizeOnShutdown", true);
user_pref("privacy.clearOnShutdown_v2.cache", true);
user_pref("privacy.clearOnShutdown_v2.cookiesAndStorage", true);
user_pref("privacy.clearOnShutdown_v2.browsingHistoryAndDownloads", true);
user_pref("privacy.clearOnShutdown_v2.downloads", true); // [HIDDEN]
user_pref("privacy.clearOnShutdown_v2.formdata", true);

// PREF: after crashes or restarts, do not save extra session data
// such as form content, scrollbar positions, and POST data
user_pref("browser.sessionstore.privacy_level", 2);

Option 2: Clear only cookies and cache on shutdown

This option allows you to retain site history and restore previously opened tabs (optional).

☰ → Settings → Privacy & Security → Cookies and Site Data → Delete cookies and site data when Firefox is closed

// PREF: delete cookies, cache, and site data on shutdown
user_pref("privacy.sanitize.sanitizeOnShutdown", true);
user_pref("privacy.clearOnShutdown_v2.browsingHistoryAndDownloads", false); // Browsing & download history
user_pref("privacy.clearOnShutdown_v2.cookiesAndStorage", true); // Cookies and site data
user_pref("privacy.clearOnShutdown_v2.cache", true); // Temporary cached files and pages
user_pref("privacy.clearOnShutdown_v2.formdata", true); // Saved form info

Allow exceptions

For Option 2, you can create exceptions to stay logged in to some sites between sessions.

☰ → Settings → Privacy & Security → Cookies and Site Data → Manage Exceptions

Service Workers

Service workers are JavaScript files that act as proxies between your browser and a website's server. Service workers cache a page's content so return visits load a few milliseconds faster. They also allow you to browse a site offline.

Service workers let sites send you push notifications after you close the tab, which Betterfox blocks by default. They also keep running after you close the tab and stay in contact with the server. Reddit, for example, uses them to cache notifications and track how you interact with them. You can review your own at about:serviceworkers.

So why disable them? Service workers phone home to sites you've already closed, and once you close a tab you probably don't want that site pinging you anyway.

Service workers enhance a site rather than replace its core features, so if your browser doesn't support them, the site still works normally. On the very first visit to a web page that installs a new service worker, the initial visit to a page provides its baseline functionality while the service worker downloads. After a service worker is installed and activated, it controls the page to offer improved reliability and speed. (See here and here).

Option 1: Private Browsing only

There are cases where developers want the service workers API in private browsing windows.

// PREF: disable service workers in Private Browsing windows
user_pref("dom.serviceWorkers.privateBrowsing.enabled", false);

Option 2: Normal and Private Browsing

// PREF: disable service workers
// This will break push notifications (blocked in Betterfox by default).
user_pref("dom.serviceWorkers.enabled", false);
user_pref("dom.serviceWorkers.privateBrowsing.enabled", false);

Option 3: Adblock

You can use adblock rules to customize an allowlist and denylist with uBlock Origin.

! Block service workers
*$csp=worker-src 'none'
! Exceptions (allowlist):
@@||chat.google.com^$csp=worker-src 'none'
@@||mail.google.com^$csp=worker-src 'none'
@@||meet.google.com^$csp=worker-src 'none'
@@||messages.google.com^$csp=worker-src 'none'
@@||outlook.office.com^$csp=worker-src 'none'

Storage Access Heuristics

For web compatibility reasons, Firefox will dynamically grant unpartitioned access to third-party cookies for 30 days in certain scenarios which require user interaction. For example, if you click a Login with SSO button on a website, Firefox will grant the SSO provider storage access to the website you clicked that button on for 30 days.

Option 1

You can disable this functionality and partition all third-party cookies, but we do not recommend doing so as this can cause websites to break, especially if you use SSO functionality.

// PREF: restrict dynamic storage access
user_pref("privacy.restrict3rdpartystorage.heuristic.navigation", false);
user_pref("privacy.restrict3rdpartystorage.heuristic.opened_window_after_interaction", false);

Option 2

You can go even further by disabling web compatibility functionality entirely, which will disable the two dynamic heuristics above, SmartBlock, and manual anti-tracking exceptions made by Mozilla for some websites, but we do not recommend doing so because this will cause significant website breakage with little privacy gain compared to Mozilla’s dynamic approach.

// PREF: disable all web compat
user_pref("privacy.antitracking.enableWebcompat", false);

JavaScript Optimization

Warning

You may experience site issues with the options below.

How compiler optimization works

Browsers use a tiered system to process JavaScript:

Interpreter: reads the code line-by-line. This method works safely but runs slowly.
Baseline JIT (Just-In-Time): Compiles code that runs frequently into simple code.
Optimizing Compiler: Aggressively improves code performance, but creates a large area for attackers to exploit. Nearly half of all patched bugs in the V8 engine stem from this optimization tier.

Option 1: Disable compiler optimization

Choosing this option is like disabling JavaScript optimization in Chrome. Chrome turns off the optimizing compilers (Maglev and Turbofan) but keeps the interpreter (Ignition) and baseline compiler (Sparkplug). By doing this, you trade a small amount of speed to eliminate nearly 50% of V8 security bugs, and you will rarely notice a drop in real-world performance. Browser security improves without breaking most websites.

One downside to this approach is that browser benchmarks like Speedometer will show a performance hit with the optimizing compiler disabled. But remember: "Peak optimized code performance is not always correlated to real-world performance, and in many situations embedders can maintain reasonable performance even in JIT-less mode" (v8.dev).

The optimizing compiler is like driving a 500-horsepower (HP) sports car to work: the additional HP rarely shortens your daily commute. You're trading peak theoretical speed for a much smaller attack surface.

// PREF: disable JIT optimization
// This removes most of the attack surface while keeping JIT compilation.
user_pref("javascript.options.ion", false);
user_pref("javascript.options.wasm_optimizingjit", false);

Option 2: Disable JIT

The prefs below are the equivalent to running Chrome with the --jitless flag and using Enhanced Security in Edge.

However, unlike Edge and Chrome, there are no per-site exceptions. It's all or nothing.

This option is the most secure of the two, but expect site issues.

// PREF: disable JIT compliation
// WARNING: Some sites may malfunction.
user_pref("javascript.options.ion", false);
user_pref("javascript.options.baselinejit", false);
user_pref("javascript.options.wasm_optimizingjit", false);

Disable DRM

Digital Rights Management (DRM) prevents users from copying, sharing, or changing content they bought, even for their own use. It also allows browsers to communicate to outside servers to check licenses and rights, which can share data about what users do and watch.

Privacy advocates often dislike DRM because it restricts what users can do with their devices and limits fair use rights.

Warning

Disabling DRM will prevent most popular streaming platforms from functioning properly. Spotify, Apple Music, Netflix, Amazon Prime, Hulu, HBO, Disney+, Showtime, Starz, DirectTV, and other streaming services will not work with DRM disabled.

You can confirm if Encrypted Media Extension (EME) is disabled by going here.

// PREF: disable all DRM content
user_pref("media.eme.enabled", false);

// PREF: hide the UI setting
// This also disables the DRM prompt while browsing.
user_pref("browser.eme.ui.enabled", false);

Captive portal detection

Captive portals allow you to connect to public Wi-Fi by redirecting to login pages (think hotels, airports, etc.). You can safely disable Mozilla's captive portal detection on most desktop computers.

If you disable captive portals on a mobile device, then you'll need a separate browser to connect to the internet on public Wi-Fi and some company networks.

// PREF: disable captive portal detection
// [WARNING] Do NOT use for mobile devices!
user_pref("captivedetect.canonicalURL", ""); 
user_pref("network.captive-portal-service.enabled", false); 
user_pref("network.connectivity-service.enabled", false);

Fingerprinting

Fingerprinting is a high threat model issue that is only addressed reasonably by Tor.¹ Please use the Tor Browser if your context calls for anonymity and not just reasonable privacy.^{^what's the difference?}

Betterfox aims to mitigate real-world tracking rather than advanced fingerprinting, which only Tor Browser and Mullvad Browser can effectively counter. While Firefox's Fingerprinting Protection (FPP) feature helps randomize some fingerprinting vectors, users may still have unique fingerprints. (It doesn't matter if you change a few preferences because you are already unique.) And while Betterfox strives to provide a seamless browsing experience, occasional site glitches may occur due to Betterfox settings, Firefox itself, or adblock filters. In such cases, using a secondary browser is recommended.

Most of our security and privacy tweaks come from AF. Just like that project, Betterfox usually focuses on state and other cross-origin linkability mechanisms like navigational tracking. State means client-side data stored on disk or memory, such as the items listed here. We also encourage you to read AF's explainer on RFP and fingerprinting.

By default, Firefox blocks known fingerprinters; and as of v.119, ETP Strict also blocks suspected fingerprinters. Betterfox does not enable additional protection known as privacy.resistFingerprinting (RFP). You can read why here.