Firefox Profilemaker

Welcome to the Firefox Profilemaker!

This tool will help you to create a Firefox profile with the defaults you like.

You select which features you want to enable and disable and in the end you get a download link for a zip-file with your profile template. You can for example disable some functions, which send data to Mozilla and Google, or disable several annoying Firefox functions like Mozilla Hello or the Pocket integration.

Each Setting has a short explanation and for the non obvious settings links to resources describing the feature and the possible problems with it.

Annoyances

Disable the first run tabs with advertisements for the latest firefox features.

Disable the intro to the newtab page on the first run

Firefox 83 introduced sponsored top sites, which are sponsored ads displayed as suggestions in the URL bar.

By default Firefox trims many URLs (hiding the http:// prefix and trailing slash /).

When Firefox is not used for a while, it displays a prompt asking if the user wants to reset the profile. (see Bug #955950).

With Firefox 37, Mozilla integrated the Heartbeat system to ask users from time to time about their experience with Firefox.

Per default, <video> tags are allowed to start automatically. Note: When disabling autoplay, you will have to click pause and play again on some video sites.

Browser Features

The telemetry feature sends data about the performance and responsiveness of Firefox to Mozilla.

Disable sending Firefox health reports to Mozilla

Mozilla shield studies is a feature which allows mozilla to remotely install experimental addons.

Telemetry Experiments is a feature that allows Firefox to automatically download and run specially-designed restartless addons based on certain conditions.

The crash report may contain data that identifies you or is otherwise sensitive to you.

Firefox sends data about installed addons as metadata updates, so Mozilla is able to recommend you other addons.

Google safebrowsing can detect phishing and malware but it also sends informations to google together with an unique id called wrkey.

The malware scan sends an unique identifier for each downloaded file to Google.

DNS over HTTP (DoH), aka. Trusted Recursive Resolver (TRR), uses a server run by Cloudflare to resolve hostnames, even when the system uses another (normal) DNS server. This setting disables it and sets the mode to explicit opt-out (5).

By default Firefox preloads the new tab page (with website thumbnails) in the background before it is even opened.

The start page with recommended addons uses google analytics.

By default, Firefox checks for the presence of a captive portal on every startup. This involves traffic to Akamai.

if enabled, automatically downloads the Widevine Content Decryption Module provided by Google Inc. Details

Used for the playback of DRM-controlled HTML5 content Details

Disallow websites to access sensor data (ambient light, motion, device orientation and proximity data).

The Firefox Suggest feature allows Mozilla to provide search suggestions in the US, which uses your city location and search keywords to send suggestions. This is also used to serve advertisements.

Disables executing of JavaScript in the PDF form viewer. It is possible that some PDFs are not rendered correctly due to missing functions.

Privacy

Using a popular useragent string avoids attracting attention i.e. with an Iceweasel UA. (keep blank to use the default)

Block 3rd-Party cookies or even all cookies.

Firefox tells a website, from which site you're coming (the so called referer). You can find more detailed settings in this ghacks article.

Disables DOM storage, which enables so called "supercookies". Some modern sites will not work (i.e. missing "save" functions).

IndexedDB is a way, websites can store structured data. This can be abused for tracking, too. Disabling causes problems when sites depend on it like Tweetdeck or Reddit and extensions that use it to store their data. Some users reported crashing tabs when IndexedDB is disabled. Only disable it, when you know what you're doing.

Websites can store up to 500 MB of data in an offline cache, to be able to run even when there is no working internet connection. This could possibly be used to store an user id.

This preference controls when to store extra information about a session: contents of forms, scrollbar positions, cookies, and POST data.

Firefox prefetches the next site on some links, so the site is loaded even when you never click.

In some situations Firefox already starts loading web pages when the mouse pointer is over a link, i. e. before you actually click. This is to speed up the loading of web pages by a few milliseconds.

Load the pages displayed on the new tab page in a private container when creating thumbnails.

Disables the WebGL function, to prevent fingerprinting with WebGL. Another issue is, that websites can (ab)use the full power of the graphics card. WebGL is part of some fingerprinting scripts used in the wild. Some interactive websites will not work, which are mostly games.

Websites can read the graphics card vendor and model using a WebGL API. This setting overrides both with " " without disabling WebGL.

Disables the WebRTC function, which gives away your local ips. Some addons like uBlock origin provide settings to prevent WebRTC from exposing local ips without disabling WebRTC. This can break google meet camera or microphone access.

Disable that websites can get notifications if you copy, paste, or cut something from a web page, and it lets them know which part of the page had been selected. This can break pasting copied images.

Firefox suggests search terms in the search field. This will send everything typed or pasted in the search field to the chosen search engine, even when you did not press enter.

When you mistype some url, Firefox starts a search even from urlbar. This feature is useful for quick searching, but may harm your privacy, when it's unintended.

When you type "something" in the urlbar and press enter, Firefox tries "something.com", if Fixup URLs is enabled.

Website Tracking

With the do not track feature, you tell websites, that you do not want to be tracked. Most websites ignore this, so you need other privacy options as well, but some privacy-friendly webanalytics tools honor it and store less data. Firefox sends the DNT header by default only in private mode, so enabling it adds a bit to the browser fingerprint and sites may assume the you're using private mode.

The privacy.resistFingerprinting setting coming from the tor-browser hides some system properties. See Bug #1308340 for more information. This option may interfere with other privacy related settings, see the discussion in our bug tracker.

Firefox has a builtin tracking protection, which blocks a list of known tracking sites.

FPI works by separating cookies on a per-domain basis. In this way tracking networks won't be able to locate the same cookie on different sites. Note that this might break third-party logins.

Firefox sends "ping" requests, when a website requests to be informed when a user clicks on a link.

TLS allows for session identifiers, which speed up the session resumption when a connection was lost. These identifiers can be used for tracking.

The Beacon feature allows websites to send tracking data after you left the website.

Firefox allows websites to read the charge level of the battery. This may be used for fingerprinting.

Prevent websites from accessing information about webcam and microphone (possible fingerprinting).

Automatically filled form fields are used for fingerprinting. This setting disables automatic form filling until you click on the field.

Disable webaudio API to prevent browser fingerprinting. See Mozilla Bug #1288359. This can break web apps, like Discord, which rely on the API.

Prevent websites from measuring video performance (possible fingerprinting). See Mozilla Bug 654550.

Firefox 102 introduced query parameter stripping like utm_source. Enabled by default with Strict Enhanced Tracking Protection.

Security

Updates are no longer installed automatically. You will still be notified when an update is available and can install it. Avoids getting a new (maybe addon incompatible) version.

Disable searching for updates. This only works with the enterprise policy download..

The extension blocklist is used by mozilla to deactivate individual addons in the browser, but as a side effect it gives mozilla the ultimate control to disable any extension. Caution: When you disable the blocklist, you may keep using known malware addons.

If enabled, allows connections only to sites that use the HTTPS protocol.

This helps to protect against possible character spoofing.

Addons

Blocks the JS-API for the <canvas> element to prevent Canvas-Fingerprinting.

HTTPS Everywhere is a Firefox extension that enables HTTPS encryption automatically on sites that support it.

The Privacy Badger addon automatically detects trackers and blocks them. You can manually block and unblock urls as well.

Efficient blocker, which does not only block ads, but also supports Anti-Tracking and Anti-Malware Blocklists

The extension allows you to automatically delete the cookies of a site when you close the tab.

A content blocker for advanced users, which blocks requests to thirdparty domains. Big privacy gain, but you will need to configure exception rules for many sites.

Emulates Content Delivery Networks locally by intercepting requests, finding the required resource, and injecting it into the environment.

This addon will automatically remove tracking elements from URLs to help protect your privacy when browsing through the Internet.

Allows you to open tabs, websites, and links in automatically managed disposable containers.

Allow you to create containers for specific websites.

Greasemonkey has a (currently opt-in) function to submit user stats. This explicitely disables it, in case that it will become opt-out in the future.

Enterprise Policies

(enterprise policy download only)

Disable features related to Firefox accounts.
(enterprise policy download only)

(enterprise policy download only)

Display the menu bar by default instead of only when the alt key is pressed.
(enterprise policy download only)

(enterprise policy download only)

(enterprise policy download only)

Disables installation and updating of system addons by Firefox.
(enterprise policy download only)

Download

There are four types of downloads:

profile.zip:
Unzip the file into a fresh profile folder to create a profile with the chosen defaults.
enterprise_policy.zip:
Unzip this in the Firefox installation folder, to reset the defaults every time Firefox starts.
prefs.js:
Preferences file, that can be placed in the Firefox profile folder or appended to existing preferences.
addons.zip:
An archive that only contains the chosen addons.

When you download only the addons.zip, you need to copy the user_pref("extensions.autoDisableScopes", 14); line into your prefs.js, otherwise firefox won't install the addons.

Installing

  • Optional: add a new profile to keep the old one
    • Run firefox -no-remote -ProfileManager
    • Create a new profile
  • Type about:support into the url bar.
  • Press the open profile folder button.
  • Quit Firefox.
  • Delete everything from the new profile (you will lose all existing data from the profile).
  • Unzip the profile.zip archive into the folder.
  • If Existent: Unzip the enterprise_policy.zip archive to Firefox installation directory.
  • Start Firefox again. If you made a new profile, you can use it with firefox -no-remote -P profilename.
  • Open the addon manager and update the extensions.

Preview

policies.json:
{
  "policies": {}
}

Contribute

Fork me on GitHub

Help us

We do not need money, but we can use your help to improve the site.

Community

Do you need support or want to discuss if a setting is useful for you or suggest changes which do not fit into the bugtracker?