tSc's Firefox Tweak Guide

Updated January 26, 2016.

This site is no longer being maintained so anything below could still be accurate, or very outdated.

This page was originally made to show the differences in several benchmark scores between a totally default Firefox 7.0.1 and FF with the often recommended about:config tweaks for better network performance. A lot has changed since version 7. I re-ran the benchmarks in Firefox 38 and the config changes which once showed a measurable improvement (according to benchmarks) are now unconvincing, if not irrelevant.

However, the security and privacy benefits of many about:config tweaks are still very relevant so the purpose of this page has moved on to maintain a list of references for them. What's added further below is mostly to supplement the sources linked to. One important thing to keep in mind is that you will likely never find an exhaustive Firefox configuration guide, anywhere.

about:config entries come and go with each new browser version. Sometimes Mozilla's changelogs hint to what's different but unless someone is committed to comparing multiple source code versions across multiple platforms, new or removed configuration strings are mostly found by people searching through the about:config page on ther own. The best you can do is to combine several sources in an attempt to cover the most ground possible.

Network Performance

5 runs with default settings were made through Kraken, Peacekeeper and SunSpider; then 5 more with the config changes applied. The cache and everything was cleared (Ctrl+Shift+Delete) between each test round.

Notes (as of Firefox 38).

Firefox 38.0 in Ubuntu 14.04 64-bit

network.http.max-connections-per-server has been removed but network.http.max-connections still governs the total number of HTTP connections Firefox can make. This was traditionally set much lower by default but for FF 38, it's set to 256 and I left it alone. The network.http.pipelining.maxrequests string is now set to 32 by Mozilla, so the limit of 8 requests at a time is gone. The only changes made were:

network.http.pipelining; true
content.notify.backoffcount; 5

The JavaScript tests actually suffered from the changes; SunSpider's average rendering time increased by 11.84 milliseconds and Kraken's by 46.26ms. Peacekeeper's average score increased by 21.4 points which isn't bad, but three benchmarks are hardly enough to imply that this is representative of all websites rendered in Firefox.

Nonetheless, I'm inclined to conclude that these tweaks are no longer worthwhile, if they ever even really were. Much more noticeable and beneficial for decreasing page load times would be to use a content blocker to filter out the incredible bloat from modern websites.

SunSpider before SunSpider after Peacekeeper before Peacekeepr after Kraken before Kraken after
Round 1 291.0ms 320.5ms 2913 pts 2953 pts 1989.2ms 1935.1ms
Round 2 298.4ms 308.1ms 2942 pts 2892 pts 1956.9ms 2047.6ms
Round 3 289.7ms 291.9ms 2890 pts 2955 pts 1980.5ms 1977.9ms
Round 4 296.9ms 310.3ms 2905 pts 2950 pts 1948.7ms 1999.5ms
Round 5 299.7ms 304.1ms 2908 pts 2915 pts 1931.4ms 2077.9ms
Average 295.14ms 306.98ms 2911.6 pts 2933 pts 1961.34ms 2007.6ms
Net change +11.84ms +21.4 points +46.26ms

Firefox 7.0.1 in Windows 7 SP1 64-bit

The config changes decreased SunSpider's average rendering times by 90.3 milliseconds. Peacekeeper's average score increased by 37.8 points. Back when I did these benchmarks, I didn't use Kraken. The exact changes made were:

network.http.pipelining; true
network.http.max-connections-per-server; 48
content.notify.backoffcount; 5
nglayout.initialpaint.delay; 0 (yeah, I know, I know...)

SunSpider before SunSpider after Peacekeeper before Peacekeepr after
Round 1 470.1ms 395.3ms 1321 pts 1397 pts
Round 2 494.2ms 379.7ms 1280 pts 1325 pts
Round 3 477.8ms 398.5ms 1307 pts 1239 pts
Round 4 463.1ms 376.0ms 1293 pts 1353 pts
Round 5 475.0ms 379.2ms 1295 pts 1371 pts
Average 476.04ms 385.74ms 1299.2pts 1337 pts
Net change -90.3ms +37.8 points

Security & Privacy

Sources to know:

Specify no geolocation service provider (default is Google).

geo.wifi.uri; leave blank

Set browser locale in the user agent string.

general.useragent.locale; What you change this to is up to you, but it's better to not modify parts of a user agent string so you blend in with other Firefox users.

Set browser locale to match the user agent string and not the operating system.

intl.locale.matchOS; false

Store only HTTP (non-SSL) data for session restore.

browser.sessionstore.privacy_level; 1

Don't cache HTTP or HTTPS files.

network.http.use-cache; false

Prevent 3rd party images from loading.

permissions.default.image; 3

Store cookies for only x amount of days.

network.cookie.lifetimePolicy; 3
network.cookie.lifetime.days; x

Disable letting websites know if you have info from them in your clipboard.

dom.event.clipboardevents.enabled; false

Swap out memory to HDD when FF is minimized (Windows only).

config.trim_on_minimize; true

Do not automatically copy selected text to clipboard (*nix OS’s only, others this is already false).

clipboard.autocopy; false

Disable Google Safe Browsing.

browser.safebrowsing.enabled; false
browser.safebrowsing.malware.enabled; false
Then do a search in about:config for "safebrowsing" and clear the relevant URLs. Even with the above two strings set to false, there are still SB-related connections to Google.

Remove crash reporting URL.

breakpad.reportURL; make blank

Disable metadata updates for Add-ons.

extensions.getAddons.cache.enabled; false

Disable RC4 encryption cipher.

Do a search in about:config for rc4 and disable the SSL suites that show up. They’ll begin with “security.ssl3...” (will cause problems with sites still using RC4).

Never send the HTTP Referer header or set document.referrer (will cause problems with some websites).

network.http.sendRefererHeader; 0

Don't trim "http://" prefix in location bar.

browser.urlbar.trimURL; false

Disable sending pings to 3rd party content hosts.

browser.send_pings.require_same_host; true

Disable navigator.sendBeacon().

beacon.enable; false

Enforce public key pinning for all certificate authorities.

security.cert_pinning.enforcement_level; 2

Disable domain guessing

browser.fixup.alternate.enabled; false

Disable ad tiles on new tab page.; make blank; make blank
Now open a new tab and hover the mouse cursor over a tile. There will be an x at the top right corner. Close each tile so that it's just a gray box; then they'll start filling with websites you visit.

Disable WebRTC.

media.peerconnection.enabled; false
media.peerconnection.use_document_iceservers; false
This is important if you're using a VPN! WebRTC leaks both your public and private IP addresses. (Disabling JavaScript solves this too.)

Turn on tracking protection.

privacy.trackingprotection.enabled; true

Disable Firefox Hello.

loop.enabled; false


Browser diagnostics

These sites will show you some of the information your browser gives out to websites you visit and the tracking elements on them.

Mozilla pages

Info on about:config settings and Firefox's network connections. Pay attention to when the pages were last modified. Some are hugely outdated but may still be useful.

Share this page.