Firefox Profilemaker

Welcome to the Firefox Profilemaker!

This tool will help you to create a Firefox profile with the defaults you like.

You select which features you want to enable and disable and in the end you get a download link for a zip-file with your profile template. You can for example disable some functions, which send data to Mozilla and Google, or disable several annoying Firefox functions like Mozilla Hello or the Pocket integration.

Each Setting has a short explanation and for the non obvious settings links to resources describing the feature and the possible problems with it.

Annoyances

Browser Features

Privacy

Disable Privacy-Preserving Attribution The misleadingly named Privacy-Preserving Attribution is a tracking technique introduced in Firefox 128 in which the browser sends attribution data about ad views to advertisers.

Fake another Useragent Using a popular useragent string avoids attracting attention i.e. with an Iceweasel UA. (keep blank to use the default)

Block Cookies Block 3rd-Party cookies or even all cookies.

Block Referer Firefox tells a website, from which site you're coming (the so called referer). You can find more detailed settings in this ghacks article.

Disable DOM storage Disables DOM storage, which enables so called "supercookies". Some modern sites will not work (i.e. missing "save" functions).

Disable IndexedDB (breaks things) IndexedDB is a way, websites can store structured data. This can be abused for tracking, too. Disabling causes problems when sites depend on it like Tweetdeck or Reddit and extensions that use it to store their data. Some users reported crashing tabs when IndexedDB is disabled. Only disable it, when you know what you're doing.

Disable the Offline Cache. Websites can store up to 500 MB of data in an offline cache, to be able to run even when there is no working internet connection. This could possibly be used to store an user id.

Sessionstore Privacy This preference controls when to store extra information about a session: contents of forms, scrollbar positions, cookies, and POST data.

Disable Link Prefetching Firefox prefetches the next site on some links, so the site is loaded even when you never click.

Disable speculative website loading. In some situations Firefox already starts loading web pages when the mouse pointer is over a link, i. e. before you actually click. This is to speed up the loading of web pages by a few milliseconds.

Use a private container for new tab page thumbnails Load the pages displayed on the new tab page in a private container when creating thumbnails.

Disable WebGL Disables the WebGL function, to prevent fingerprinting with WebGL. Another issue is, that websites can (ab)use the full power of the graphics card. WebGL is part of some fingerprinting scripts used in the wild. Some interactive websites will not work, which are mostly games.

Override graphics card vendor and model strings in the WebGL API Websites can read the graphics card vendor and model using a WebGL API. This setting overrides both with " " without disabling WebGL.

Disable WebRTC Disables the WebRTC function, which gives away your local ips. Some addons like uBlock origin provide settings to prevent WebRTC from exposing local ips without disabling WebRTC. This can break google meet camera or microphone access.

Disable the clipboardevents. Disable that websites can get notifications if you copy, paste, or cut something from a web page, and it lets them know which part of the page had been selected. This can break pasting copied images.

Disable Search Suggestions Firefox suggests search terms in the search field. This will send everything typed or pasted in the search field to the chosen search engine, even when you did not press enter.

Disable Search Keyword When you mistype some url, Firefox starts a search even from urlbar. This feature is useful for quick searching, but may harm your privacy, when it's unintended.

Disable Fixup URLs When you type "something" in the urlbar and press enter, Firefox tries "something.com", if Fixup URLs is enabled.

Website Tracking

Enable Do-not-Track (DNT) With the do not track feature, you tell websites, that you do not want to be tracked. Most websites ignore this, so you need other privacy options as well, but some privacy-friendly webanalytics tools honor it and store less data. Firefox sends the DNT header by default only in private mode, so enabling it adds a bit to the browser fingerprint and sites may assume the you're using private mode.

Enable resistFingerprinting The privacy.resistFingerprinting setting coming from the tor-browser hides some system properties. See Bug #1308340 for more information. This option may interfere with other privacy related settings, see the discussion in our bug tracker.

Enable Mozilla Trackingprotection Firefox has a builtin tracking protection, which blocks a list of known tracking sites.

Enable firstparty isolation. FPI works by separating cookies on a per-domain basis. In this way tracking networks won't be able to locate the same cookie on different sites. Note that this might break third-party logins.

Disable Browser Pings Firefox sends "ping" requests, when a website requests to be informed when a user clicks on a link.

Disable TLS session identifiers TLS allows for session identifiers, which speed up the session resumption when a connection was lost. These identifiers can be used for tracking.

Disable Beacons The Beacon feature allows websites to send tracking data after you left the website.

Disable the Battery API Firefox allows websites to read the charge level of the battery. This may be used for fingerprinting.

Disable media device queries Prevent websites from accessing information about webcam and microphone (possible fingerprinting).

Disable form autofill Automatically filled form fields are used for fingerprinting. This setting disables automatic form filling until you click on the field.

Disable webaudio API Disable webaudio API to prevent browser fingerprinting. See Mozilla Bug #1288359. This can break web apps, like Discord, which rely on the API.

Disable video statistics Prevent websites from measuring video performance (possible fingerprinting). See Mozilla Bug 654550.

Enable query parameter stripping Firefox 102 introduced query parameter stripping like utm_source. Enabled by default with Strict Enhanced Tracking Protection.

Security

Addons

Enterprise Policies

Download

There are four types of downloads:

profile.zip:

Unzip the file into a fresh profile folder to create a profile with the chosen defaults.

enterprise_policy.zip:

Unzip this in the Firefox installation folder, to reset the defaults every time Firefox starts.

prefs.js:

Preferences file, that can be placed in the Firefox profile folder or appended to existing preferences.

addons.zip:

An archive that only contains the chosen addons.

Download profile.zip Download enterprise_policy.zip
Download only prefs.js Open prefs.js in the browser
Download only addons.zip

When you download only the addons.zip, you need to copy the user_pref("extensions.autoDisableScopes", 14); line into your prefs.js, otherwise firefox won't install the addons.

Installing

• Optional: add a new profile to keep the old one
• Run firefox -no-remote -ProfileManager
• Create a new profile
• Type about:support into the url bar.
• Press the open profile folder button.
• Quit Firefox.
• Delete everything from the new profile (you will lose all existing data from the profile).
• Unzip the profile.zip archive into the folder.
• If Existent: Unzip the enterprise_policy.zip archive to Firefox installation directory.
• Start Firefox again. If you made a new profile, you can use it with firefox -no-remote -P profilename.
• Open the addon manager and update the extensions.

Preview

policies.json:

{
  "policies": {}
}