tSc’s Firefox Tweak Guide

This page was originally made to show the differences in several benchmark scores between a totally default Firefox 7.0.1 and FF with the often recommended about:config tweaks for better network performance. A lot has changed since version 7. I re-ran the benchmarks in Firefox 38 and the config changes which once showed a measurable improvement (according to benchmarks) are now unconvincing, if not irrelevant.

However, the security and privacy benefits of many about:config tweaks are still very relevant so the purpose of this page has moved on to maintain a list of references for them. What’s added further below is mostly to supplement the sources linked to. One important thing to keep in mind is that you will likely never find an exhaustive Firefox configuration guide, anywhere.

about:config entries come and go with each new browser version. Sometimes Mozilla’s changelogs hint to what’s different but unless someone is committed to comparing multiple source code versions across multiple platforms, new or removed configuration strings are mostly found by people searching through the about:config page on ther own. The best you can do is to combine several sources in an attempt to cover the most ground possible.

Network Performance

5 runs with default settings were made through Kraken, Peacekeeper and SunSpider; then 5 more with the config changes applied. The cache and everything was cleared (Ctrl+Shift+Delete) between each test round.

Notes (as of Firefox 38).

  • network.http.pipelining also controls network.http.pipelining.ssl but not network.http.proxy.pipelining.
  • Pipelinig for HTTP 1.1 doesn’t really offer any benefits anymore due to sites hosting content on multiple domains and generally increasing their bloat.
  • The browser benchmarks don’t use any keeplive sessions but if you’re constantly logged in to a lot of sites, raising network.http.max-persistent-connections-per-server may be beneficial. The value for network.http.max-persistent-connections-per-proxy has changed throughout FF’s release history, but is currently set to 32. I’d start there.
  • nglayout.initialpaint.delay has traditionally been recommended to be set to 0. According to the link, this will make pages take the longest time possible to render within the parameters of this setting because while Firefox will start showing you page content 250ms earlier, the page will take longer to completely render.
  • To simplify things and not waste time, the deviations were excluded from SunSpider and Kraken. Only the total time in milliseconds was factored into the tables below.
  • Many of these kb.mozillazine.org pages for individual about:config entries are very outdated and incomplete so they all can’t be trusted as accurate for modern versions of Firefox.

Firefox 38.0 in Ubuntu 14.04 64-bit

network.http.max-connections-per-server has been removed but network.http.max-connections still governs the total number of HTTP connections Firefox can make. This was traditionally set much lower by default but for FF 38, it’s set to 256 and I left it alone. The network.http.pipelining.maxrequests string is now set to 32 by Mozilla, so the limit of 8 requests at a time is gone. The only changes made were:network.http.pipelining; true
content.notify.backoffcount; 5

The JavaScript tests actually suffered from the changes; SunSpider’s average rendering time increased by 11.84 milliseconds and Kraken’s by 46.26ms. Peacekeeper’s average score increased by 21.4 points which isn’t bad, but three benchmarks are hardly enough to imply that this is representative of all websites rendered in Firefox.

Nonetheless, I’m inclined to conclude that these tweaks are no longer worthwhile, if they ever even really were. Much more noticeable and beneficial for decreasing page load times would be to use a content blocker to filter out the incredible bloat from modern websites.

SunSpider beforeSunSpider afterPeacekeeper beforePeacekeepr afterKraken beforeKraken after
Round 1291.0ms320.5ms2913 pts2953 pts1989.2ms1935.1ms
Round 2298.4ms308.1ms2942 pts2892 pts1956.9ms2047.6ms
Round 3289.7ms291.9ms2890 pts2955 pts1980.5ms1977.9ms
Round 4296.9ms310.3ms2905 pts2950 pts1948.7ms1999.5ms
Round 5299.7ms304.1ms2908 pts2915 pts1931.4ms2077.9ms
Average295.14ms306.98ms2911.6 pts2933 pts1961.34ms2007.6ms
Net change+11.84ms+21.4 points+46.26ms

Firefox 7.0.1 in Windows 7 SP1 64-bit

The config changes decreased SunSpider’s average rendering times by 90.3 milliseconds. Peacekeeper’s average score increased by 37.8 points. Back when I did these benchmarks, I didn’t use Kraken. The exact changes made were:network.http.pipelining; true
network.http.max-connections-per-server; 48
content.notify.backoffcount; 5
nglayout.initialpaint.delay; 0 (yeah, I know, I know…)

SunSpider beforeSunSpider afterPeacekeeper beforePeacekeepr after
Round 1470.1ms395.3ms1321 pts1397 pts
Round 2494.2ms379.7ms1280 pts1325 pts
Round 3477.8ms398.5ms1307 pts1239 pts
Round 4463.1ms376.0ms1293 pts1353 pts
Round 5475.0ms379.2ms1295 pts1371 pts
Average476.04ms385.74ms1299.2pts1337 pts
Net change-90.3ms+37.8 points

Security & Privacy

Sources to know:

  • Firefox Profile Maker
  • user.js by pyllyukko
  • The Paranoid Crunchbang Security Guide (no longer maintained).
  • How to stop Firefox from making automatic connections, Mozilla Support.
  • Wilders Security Forums have several lengthy Firefox config threads.
  • Privacy-Handbuch
  • Baselines: Web Browsers and Search Engines for (almost) Everyone, by your very own tSc.

Specify no geolocation service provider (default is Google).

geo.wifi.uri; leave blank

Set browser locale in the user agent string.

general.useragent.locale; What you change this to is up to you, but it’s better to not modify parts of a user agent string so you blend in with other Firefox users.

Set browser locale to match the user agent string and not the operating system.

intl.locale.matchOS; false

Store only HTTP (non-SSL) data for session restore.

browser.sessionstore.privacy_level; 1

Don’t cache HTTP or HTTPS files.

network.http.use-cache; false

Prevent 3rd party images from loading.

permissions.default.image; 3

Store cookies for only x amount of days.

network.cookie.lifetimePolicy; 3
network.cookie.lifetime.days; x

Disable letting websites know if you have info from them in your clipboard.

dom.event.clipboardevents.enabled; false

Swap out memory to HDD when FF is minimized (Windows only).

config.trim_on_minimize; true

Do not automatically copy selected text to clipboard (*nix OS’s only, others this is already false).

clipboard.autocopy; false

Disable Google Safe Browsing.

browser.safebrowsing.enabled; false
browser.safebrowsing.malware.enabled; false
Then do a search in about:config for “safebrowsing” and clear the relevant URLs. Even with the above two strings set to false, there are still SB-related connections to Google.

Remove crash reporting URL.

breakpad.reportURL; make blank

Disable metadata updates for Add-ons.

extensions.getAddons.cache.enabled; false

Disable RC4 encryption cipher.

Do a search in about:config for rc4 and disable the SSL suites that show up. They’ll begin with “security.ssl3…” (will cause problems with sites still using RC4).

Never send the HTTP Referer header or set document.referrer (will cause problems with some websites).

network.http.sendRefererHeader; 0

Don’t trim “http://” prefix in location bar.

browser.urlbar.trimURL; false

Disable sending pings to 3rd party content hosts.

browser.send_pings.require_same_host; true

Disable navigator.sendBeacon().

beacon.enable; false

Enforce public key pinning for all certificate authorities.

security.cert_pinning.enforcement_level; 2

Disable domain guessing

browser.fixup.alternate.enabled; false

Disable ad tiles on new tab page.

browser.newtabpage.directory.ping; make blank
browser.newtabpage.directory.source; make blank
Now open a new tab and hover the mouse cursor over a tile. There will be an x at the top right corner. Close each tile so that it’s just a gray box; then they’ll start filling with websites you visit.

Disable WebRTC.

media.peerconnection.enabled; false
media.peerconnection.use_document_iceservers; false
This is important if you’re using a VPN! WebRTC leaks both your public and private IP addresses. (Disabling JavaScript solves this too.)

Turn on tracking protection.

privacy.trackingprotection.enabled; true

Disable Firefox Hello.

loop.enabled; false

Resources

Browser diagnostics

These sites will show you some of the information your browser gives out to websites you visit and the tracking elements on them.

  • BrowserLeaks.com
  • Browserspy.dk
  • JonDonym
  • Panopticlick

Mozilla pages

Info on about:config settings and Firefox’s network connections. Pay attention to when the pages were last modified. Some are hugely outdated but may still be useful.

  • MozillaZine: About:config entries
  • MozillaZine: Connections established on startup – Firefox
  • MozillaZine: Security and privacy-related preferences
  • MozillaWiki: Anonymous Browsing
  • MozillaWiki: Fingerprinting
Scroll to Top