notkshitij/Betterfox
1
0
Fork 0
mirror of https://github.com/yokoffing/Betterfox.git synced 2026-06-12 15:40:48 +05:30
Code Issues Releases Wiki Activity

Updated Optional Hardening (markdown)

HJ
2023-08-22 15:06:14 -04:00
parent e85c14d5a5
commit 66405624f1
1 changed files with 17 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Optional-Hardening.md
+17 -7
@@ -8,6 +8,16 @@ See [Common Overrides](https://github.com/yokoffing/Betterfox/wiki/Common-Overri
***
### Block embedded social posts on webpages
This matches the default behavior of Strict [Enhanced Tracking Protection](https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop#w_strict-enhanced-tracking-protection).
```
// PREF: do not allow embedded tweets, Instagram, Reddit, and Tiktok posts
user_pref("urlclassifier.trackingSkipURLs", "");
user_pref("urlclassifier.features.socialtracking.skipURLs", "");
```
***
### HTTPS-Only Mode
We already:
* [attempt](https://github.com/yokoffing/Betterfox/blob/df5fc26a1bdccd30e01f3c1dfe69a09a2c050410/Securefox.js#L545-L550) to upgrade HTTP site navigation to HTTPS
@@ -21,17 +31,17 @@ user_pref("dom.security.https_only_mode_error_page_user_suggestions", true);
***
### Block embedded social posts on webpages
This matches the default behavior of Strict [Enhanced Tracking Protection](https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop#w_strict-enhanced-tracking-protection).
### SameSite Cookies
```
// PREF: do not allow embedded tweets, Instagram, Reddit, and Tiktok posts
user_pref("urlclassifier.trackingSkipURLs", "");
user_pref("urlclassifier.features.socialtracking.skipURLs", "");
// PREF: enable SameSite Cookies
user_pref("network.cookie.sameSite.laxByDefault", true);
user_pref("network.cookie.sameSite.noneRequiresSecure", true);
user_pref("network.cookie.sameSite.schemeful", true);
```
***
### Disable `default-browser-agent` (Windows only)
### `default-browser-agent` (Windows only)
On Windows, Mozilla [collects information](https://techdows.com/2020/04/what-is-firefox-default-browser-agent-and-how-to-disable-it.html) on what you've set as your default browser. However, disabling `default-browser-agent.enabled` also breaks the `Make Default...` button to set Firefox as the default browser.
Add it to your overrides if you do not use this part of the UI (or already have Firefox set as the default browser).
@@ -77,7 +87,7 @@ user_pref("network.dns.skipTRR-when-parental-control-enabled", false);
***
### Hide cross-site referrer
### Cross-origin referrer
Do not send a [referer](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referer) when navigating to a different site (e.g., `google.com``facebook.com`).
For subresources, the referrer will only be sent to subdomains (e.g., `a.example.com``b.example.com`).