Firefox user.js for speed, privacy, and security. Your favorite browser, but better.
network.buffer.cache.size
.browser.download.useDownloadDir
false
from the user.js, making "always ask where to download" optional.
Firefox Nightly users: Smoothfox settings do not account for general.smoothScroll.msdPhysics.enabled
being enabled by default in Nightly v.122+. You will need to disable that pref. If it gets push to the stable build, I'll have to adjust the first three configurations in Smoothfox.
Nothing too crazy for the past few releases.
120.0 +120.0.1 121.0 +121.0.1 122.0 +122.0.1
But we did get:
Let's see what happens!
Special thanks to our new sponsors! 🎊
If you benefit from the guides I've curated, please consider becoming a sponsor. I want to be able to focus on projects like this full-time.
In other news: I have a project to release soon :eyes:. I was hoping to have it out sooner, but there were delays. I hope to release it in a month or two. :sparkles:
As always, thank you for supporting Betterfox! :heart:
As Betterfox evolves, we are becoming more modular to respond to different needs. What is “best” depends on the use case.
Therefore, all users should, at minimum:
Add any prefs that are needed to your overrides at the bottom of the user.js
file.
We invested effort into eliminating subjective prefs and responding to community feedback.
For new profiles applying Betterfox, we will:
We will continue to:
In addition, we:
The SameSite cookie attribute is a way to control when and how cookies are sent to a website.
The SameSite attribute lets websites specify whether they want to receive cookies only from requests that originate from the same website (SameSite=Strict), or also from requests that originate from other websites but are top-level navigations, such as clicking a link or typing a URL in the address bar (SameSite=Lax). Alternatively, websites can explicitly allow cookies to be sent with any request, regardless of where it comes from (SameSite=None).
However, allowing cookies to be sent with any request can be risky, especially if the website uses an insecure connection (HTTP instead of HTTPS).
If a cookie does not have a SameSite attribute specified, it behaves as if SameSite=None
is set. This means the cookie will be sent in both cross-site and same-site requests.
The network.cookie.sameSite.noneRequiresSecure
pref changes this behavior. When enabled, it requires cookies with SameSite=None
to also be marked Secure
, meaning they require HTTPS.
This prevents CSRF (cross-site request forgery) attacks on plain HTTP sites. By requiring SameSite=None
cookies to be Secure
, it prevents malicious sites from abusing these cookies that get sent cross-site.
The latest Firefox brings:
https://github.com/arkenfox/user.js/issues/1661
https://github.com/arkenfox/user.js/issues/1729
:bulb: If you think an override is common enough to belong to Common Overrides or Optional Hardening, then please make a suggestion. We obviously don't want to re-create the docs, so prefs here should be reasonable.
Thank you for supporting Betterfox! ❤️
accessibility.force_disabled
. People who use assistive technology no longer need to override this pref to use Betterfox.
https://github.com/arkenfox/user.js/issues/1728
for more info.browser.tabs.loadBookmarksInTabs
— a common complaint by users — which forced bookmarks to open in a new tab and not the current tab.
Ctrl/Cmd + Right click
to open bookmarks in new tabs, or add this pref as an override.permissions.delegation.enabled
as it's depreciated in FF118+.https://github.com/yokoffing/Betterfox/commit/0334bea9721fa734506160f0770515817c094972
browser.privatebrowsing.enable-new-indicator
user.js Version: 116.1
/ esr115.1
EA.com
(and possibly other sites) due to user_pref("security.ssl.require_safe_negotiation", true);
.security.ssl.require_safe_negotiation
to false
.Fast
, Secure
, and Pesky
all received a facelift to their documentation, esp. the former twouser.js
for Windows users to manually enable gfx.canvas.accelerated
default-browser-agent.enabled
as it breaks the Make Default...
button in the Firefox UI
user.js
.network.dnsCacheExpiration
for longer browsing sessions: set to 86400
(1 day)
network.trr.mode
(DoH) being enabled by default.dnsCache
prefs only work for non-DoH users.
Fastfox
and increase values.Speculative Connections
category was moved from Securefox
to Fastfox
security.mixed_content.block_display_content
security.ssl.require_safe_negotiation
PROXY / SOCKS / IPv6
categorygeolocation
categorybrowser.sessionstore.privacy_level
prefprivacy.query_stripping.strip_list
as the params are default in Firefoxuser_pref("browser.translations.autoTranslate", true);
to your overrides.
browser.aboutConfig.showWarning
browser.privateWindowSeparation.enabled
(affects Windows
only AFAIK)Fast
, Secure
, and Pesky
all received a facelift to their documentation, esp. the former two.user.js
file (after watching others suggest a lot of convoluted ways for mainstream users to do this).gfx.canvas.accelerated
(default on macOS
Linux
but not Windows
)
user.js
for Windows
users to manually enable.network.dnsCacheExpiration
for longer browsing sessions: set to 86400
(1 day).
network.trr.mode
(DoH) being enabled by default.dnsCache
prefs only work for non-DoH users.
layout.css.animation-composition.enabled
(default FF115+).Speculative Connections
category was moved from Securefox
to Fastfox
.security.mixed_content.block_display_content
security.ssl.require_safe_negotiation
PROXY / SOCKS / IPv6
category from the user.js
(out of scope).user.js
(out of scope).default-browser-agent.enabled
as it breaks the Make Default...
button in the Firefox UI.
user.js
.browser.sessionstore.privacy_level
from the user.js
in the next release (out of scope).browser.translations.enable
user_pref("browser.translations.autoTranslate", true);
to your overrides.
browser.aboutConfig.showWarning
browser.privateWindowSeparation.enabled
(Windows
only pref)lvl1
.
lvl2
list when using ETP Strict, even if you change the pref. No luck there.user_pref("layout.forms.reveal-password-context-menu", true);
since it's now default in v.112.user_pref("full-screen-api.warning.delay", -1);
in your overrides.user_pref("browser.link.open_newwindow.restriction", 0);
user_pref("dom.disable_window_move_resize", true);