This page was originally made to show the differences in several benchmark scores between a totally default Firefox 7.0.1 and FF with the often recommended about:config tweaks for better network performance. A lot has changed since version 7. I re-ran the benchmarks in Firefox 38 and the config changes which once showed a measurable improvement (according to benchmarks) are now unconvincing, if not irrelevant.
However, the security and privacy benefits of many about:config tweaks are still very relevant so the purpose of this page has moved on to maintain a list of references for them. What’s added further below is mostly to supplement the sources linked to. One important thing to keep in mind is that you will likely never find an exhaustive Firefox configuration guide, anywhere.
about:config entries come and go with each new browser version. Sometimes Mozilla’s changelogs hint to what’s different but unless someone is committed to comparing multiple source code versions across multiple platforms, new or removed configuration strings are mostly found by people searching through the about:config page on ther own. The best you can do is to combine several sources in an attempt to cover the most ground possible.
Network Performance
5 runs with default settings were made through Kraken, Peacekeeper and SunSpider; then 5 more with the config changes applied. The cache and everything was cleared (Ctrl+Shift+Delete) between each test round.
Notes (as of Firefox 38).
- network.http.pipelining also controls network.http.pipelining.ssl but not network.http.proxy.pipelining.
- Pipelinig for HTTP 1.1 doesn’t really offer any benefits anymore due to sites hosting content on multiple domains and generally increasing their bloat.
- The browser benchmarks don’t use any keeplive sessions but if you’re constantly logged in to a lot of sites, raising network.http.max-persistent-connections-per-server may be beneficial. The value for network.http.max-persistent-connections-per-proxy has changed throughout FF’s release history, but is currently set to 32. I’d start there.
- nglayout.initialpaint.delay has traditionally been recommended to be set to 0. According to the link, this will make pages take the longest time possible to render within the parameters of this setting because while Firefox will start showing you page content 250ms earlier, the page will take longer to completely render.
- To simplify things and not waste time, the deviations were excluded from SunSpider and Kraken. Only the total time in milliseconds was factored into the tables below.
- Many of these kb.mozillazine.org pages for individual about:config entries are very outdated and incomplete so they all can’t be trusted as accurate for modern versions of Firefox.
Firefox 38.0 in Ubuntu 14.04 64-bit
network.http.max-connections-per-server has been removed but network.http.max-connections still governs the total number of HTTP connections Firefox can make. This was traditionally set much lower by default but for FF 38, it’s set to 256 and I left it alone. The network.http.pipelining.maxrequests string is now set to 32 by Mozilla, so the limit of 8 requests at a time is gone. The only changes made were:network.http.pipelining; true
content.notify.backoffcount; 5
The JavaScript tests actually suffered from the changes; SunSpider’s average rendering time increased by 11.84 milliseconds and Kraken’s by 46.26ms. Peacekeeper’s average score increased by 21.4 points which isn’t bad, but three benchmarks are hardly enough to imply that this is representative of all websites rendered in Firefox.
Nonetheless, I’m inclined to conclude that these tweaks are no longer worthwhile, if they ever even really were. Much more noticeable and beneficial for decreasing page load times would be to use a content blocker to filter out the incredible bloat from modern websites.
| SunSpider before | SunSpider after | Peacekeeper before | Peacekeepr after | Kraken before | Kraken after | |
|---|---|---|---|---|---|---|
| Round 1 | 291.0ms | 320.5ms | 2913 pts | 2953 pts | 1989.2ms | 1935.1ms |
| Round 2 | 298.4ms | 308.1ms | 2942 pts | 2892 pts | 1956.9ms | 2047.6ms |
| Round 3 | 289.7ms | 291.9ms | 2890 pts | 2955 pts | 1980.5ms | 1977.9ms |
| Round 4 | 296.9ms | 310.3ms | 2905 pts | 2950 pts | 1948.7ms | 1999.5ms |
| Round 5 | 299.7ms | 304.1ms | 2908 pts | 2915 pts | 1931.4ms | 2077.9ms |
| Average | 295.14ms | 306.98ms | 2911.6 pts | 2933 pts | 1961.34ms | 2007.6ms |
| Net change | +11.84ms | +21.4 points | +46.26ms |
Firefox 7.0.1 in Windows 7 SP1 64-bit
The config changes decreased SunSpider’s average rendering times by 90.3 milliseconds. Peacekeeper’s average score increased by 37.8 points. Back when I did these benchmarks, I didn’t use Kraken. The exact changes made were:network.http.pipelining; true
network.http.max-connections-per-server; 48
content.notify.backoffcount; 5
nglayout.initialpaint.delay; 0 (yeah, I know, I know…)
| SunSpider before | SunSpider after | Peacekeeper before | Peacekeepr after | |
|---|---|---|---|---|
| Round 1 | 470.1ms | 395.3ms | 1321 pts | 1397 pts |
| Round 2 | 494.2ms | 379.7ms | 1280 pts | 1325 pts |
| Round 3 | 477.8ms | 398.5ms | 1307 pts | 1239 pts |
| Round 4 | 463.1ms | 376.0ms | 1293 pts | 1353 pts |
| Round 5 | 475.0ms | 379.2ms | 1295 pts | 1371 pts |
| Average | 476.04ms | 385.74ms | 1299.2pts | 1337 pts |
| Net change | -90.3ms | +37.8 points |
Security & Privacy
Sources to know:
- Firefox Profile Maker
- user.js by pyllyukko
- The Paranoid Crunchbang Security Guide (no longer maintained).
- How to stop Firefox from making automatic connections, Mozilla Support.
- Wilders Security Forums have several lengthy Firefox config threads.
- Privacy-Handbuch
- Baselines: Web Browsers and Search Engines for (almost) Everyone, by your very own tSc.
Specify no geolocation service provider (default is Google).
geo.wifi.uri; leave blank
Set browser locale in the user agent string.
general.useragent.locale; What you change this to is up to you, but it’s better to not modify parts of a user agent string so you blend in with other Firefox users.
Set browser locale to match the user agent string and not the operating system.
intl.locale.matchOS; false
Store only HTTP (non-SSL) data for session restore.
browser.sessionstore.privacy_level; 1
Don’t cache HTTP or HTTPS files.
network.http.use-cache; false
Prevent 3rd party images from loading.
permissions.default.image; 3
Store cookies for only x amount of days.
network.cookie.lifetimePolicy; 3
network.cookie.lifetime.days; x
Disable letting websites know if you have info from them in your clipboard.
dom.event.clipboardevents.enabled; false
Swap out memory to HDD when FF is minimized (Windows only).
config.trim_on_minimize; true
Do not automatically copy selected text to clipboard (*nix OS’s only, others this is already false).
clipboard.autocopy; false
Disable Google Safe Browsing.
browser.safebrowsing.enabled; false
browser.safebrowsing.malware.enabled; false
Then do a search in about:config for “safebrowsing” and clear the relevant URLs. Even with the above two strings set to false, there are still SB-related connections to Google.
Remove crash reporting URL.
breakpad.reportURL; make blank
Disable metadata updates for Add-ons.
extensions.getAddons.cache.enabled; false
Disable RC4 encryption cipher.
Do a search in about:config for rc4 and disable the SSL suites that show up. They’ll begin with “security.ssl3…” (will cause problems with sites still using RC4).
Never send the HTTP Referer header or set document.referrer (will cause problems with some websites).
network.http.sendRefererHeader; 0
Don’t trim “http://” prefix in location bar.
browser.urlbar.trimURL; false
Disable sending pings to 3rd party content hosts.
browser.send_pings.require_same_host; true
Disable navigator.sendBeacon().
beacon.enable; false
Enforce public key pinning for all certificate authorities.
security.cert_pinning.enforcement_level; 2
Disable domain guessing
browser.fixup.alternate.enabled; false
Disable ad tiles on new tab page.
browser.newtabpage.directory.ping; make blank
browser.newtabpage.directory.source; make blank
Now open a new tab and hover the mouse cursor over a tile. There will be an x at the top right corner. Close each tile so that it’s just a gray box; then they’ll start filling with websites you visit.
Disable WebRTC.
media.peerconnection.enabled; false
media.peerconnection.use_document_iceservers; false
This is important if you’re using a VPN! WebRTC leaks both your public and private IP addresses. (Disabling JavaScript solves this too.)
Turn on tracking protection.
privacy.trackingprotection.enabled; true
Disable Firefox Hello.
loop.enabled; false
Resources
Browser diagnostics
These sites will show you some of the information your browser gives out to websites you visit and the tracking elements on them.
- BrowserLeaks.com
- Browserspy.dk
- JonDonym
- Panopticlick
Mozilla pages
Info on about:config settings and Firefox’s network connections. Pay attention to when the pages were last modified. Some are hugely outdated but may still be useful.
- MozillaZine: About:config entries
- MozillaZine: Connections established on startup – Firefox
- MozillaZine: Security and privacy-related preferences
- MozillaWiki: Anonymous Browsing
- MozillaWiki: Fingerprinting