//
// The Phoenix shall rise from the ashes of what fell before it.

//
// Copyright (C) 2024-2026 celenity
//
// This file is part of Phoenix.
//
// Phoenix is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
//
// Phoenix is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License along with Phoenix. If not, see https://www.gnu.org/licenses/.
//

// Welcome to the heart of the Phoenix.
// This file contains preferences shared across all Phoenix configs, platforms (Desktop & Android), and Dove.

lockPref("browser.phoenix.version", "2026.04.27.1");

/* INDEX 

000: ABOUT:CONFIG
001: DATA COLLECTION
002: MOZILLA CRAP™
003: TRACKING PROTECTION
004: FINGERPRINTING PROTECTION
005: DISK AVOIDANCE
006: DOWNLOADS
007: HTTP(S)
008: IMPLICIT CONNECTIONS
009: SEARCH & URL BAR
010: DNS
011: PROXIES
012: WEBRTC
013: MEDIA
014: ATTACK SURFACE REDUCTION
015: PASSWORDS & AUTHENTICATION
016: EXTENSIONS
017: AI
018: GEOLOCATION
019: PDF.js
020: SAFE BROWSING
021: MISC. PRIVACY + SECURITY
022: MISC. PRIVACY
023: MISC. SECURITY
024: MISC.
025: DEBUGGING
026: PERFORMANCE
027: Personal Touch 💜
028: UPDATES
029: FIREFOX HOME
030: FIREFOX SUGGEST (DESKTOP ONLY)
031: SYNC (DESKTOP ONLY)
032: LIBREWOLF (DESKTOP ONLY)
033: SPECIALIZED/CUSTOM CONFIGS (DESKTOP ONLY)

*/

/* KEY

Unspecified = This preference should be set EVERYWHERE

[FLATPAK-LINUX-ONLY] = This preference should ONLY be set for GNU/Linux (Flatpak)
[LINUX-ONLY] = This preference should ONLY be set for GNU/Linux

[NO-ANDROID] = This preference should be set everywhere, EXCEPT for Android
[NO-NON-FLATPAK-LINUX] = This preference should be set everywhere, EXCEPT for GNU/Linux (non-Flatpak)
[NO-MAIL] = This preference should be set everywhere, EXCEPT for Thunderbird (Useful for ex. Dove)
[NO-OSX] = This preference should be set everywhere, EXCEPT for macOS
[NO-INTEL-OSX] = This preference should be set everywhere, EXCEPT for macOS on Intel
[NO-SILICON-OSX] = This preference should be set everywhere, EXCEPT for macOS on Apple Silicon
[NO-WINDOWS] = This preference should be set everywhere, EXCEPT for Windows

*/

/*** BRANDING ***/

defaultPref("app.support.vendor", "Phoenix: 2026.04.27.1"); // [NO-MAIL] [HIDDEN] `about:support` -> `Version`
lockPref("distribution.about", "Phoenix for Mozilla Firefox - 2026.04.27.1 💜"); // [NO-ANDROID] [NO-MAIL] [HIDDEN] `about:preferences#general` -> `Firefox Updates` - `distribution.id` and `distribution.version` must be set for this to display, see details below

/// Distribution ID and version must be set for `distribution.about` to display [LINUX-ONLY]
// `default` matches Mozilla's stock/default value - setting this to anything else could potentially compromise privacy (as this value is shared with Mozilla via the browser update endpoint) [LINUX-ONLY]
// For now, we only want to set these on Linux - since Mozilla offers EME-free builds on macOS and Windows that use different values here - so it's unclear how they'd interact [LINUX-ONLY]
lockPref("distribution.id", "default"); // [LINUX-ONLY] [HIDDEN]
lockPref("distribution.version", "default"); // [LINUX-ONLY] [HIDDEN]

/*** 000: ABOUT:CONFIG ***/

/// Disable warning when attempting to access `about:config`
defaultPref("browser.aboutConfig.showWarning", false); // [NO-ANDROID] [HIDDEN - Thunderbird] [DEFAULT - Thunderbird]

/// Ensure that the `about:config` is always enabled
lockPref("general.aboutConfig.enable", true); // [DEFAULT - non-Android]

/// Ensure our policies aren't overriden...
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/enterprisepolicies/EnterprisePoliciesParent.sys.mjs#22
lockPref("toolkit.policies.perUserDir", false); // [HIDDEN] [DEFAULT]

defaultPref("browser.phoenix.status", "000");

/*** 001 DATA COLLECTION ***/

// A lot of defense in depth...
// These also provide Attack Surface Reduction

/// Block domains
// Any domains listed here are redirected to `127.0.0.1`
// We'll use this primarily for Mozilla ad/telemetry domains, but we'll also use it for ads & trackers that appear on Mozilla properties and services, as well as ad/tracking/telemetry domains that appear on other default connections/services
// Ex. We use DuckDuckGo as our default search engine, so we'll include their analytics domains
// On IronFox, we link to our GitLab releases via the `What's New` alert, so we'll also cover their analytics domains, etc...
// But generally we'll want to keep this limited in favor of ex. uBlock Origin & other mechanisms.
defaultPref("network.dns.localDomains", "250analytics.com,a.omappapi.com,activity-stream-icons.services.mozilla.com,ads.allizom.org,ads.mozilla.org,ads.nonprod.webservices.mozgcp.net,ads.prod.webservices.mozgcp.net,ads-img.mozilla.org,analytics.getpocket.com,analytics.google.com,analytics.withgoogle.com,anf1.fuzzing.mozilla.org,anonymco.com,api.divviup.org,asan-nightly-frontend-elb-1348905149.us-east-2.elb.amazonaws.com,braze.com,contile.services.mozilla.com,contile-images.services.mozilla.com,classify-client.nonprod.webservices.mozgcp.net,classify-client.prod.webservices.mozgcp.net,classify-client.services.mozilla.com,crash-reports.allizom.org,crash-reports.mozilla.com,crash-reports-xpsp2.mozilla.com,crash-stacks.mozilla.com,crash-stats.allizom.org,crash-stats.mozilla.com,crash-stats.mozilla.org,dap.services.mozilla.com,dap.nonprod.webservices.mozgcp.net,dap.prod.webservices.mozgcp.net,dap-09-3.api.divviup.org,data.mozilla.com,data-ingestion.prod.dataops.mozgcp.net,dataops.mozgcp.net,dataservices.mozgcp.net,debug-ping-preview.firebaseapp.com,discovery.addons.allizom.org,discovery.addons.mozilla.org,discovery.addons-dev.allizom.org,divviup.org,download-stats.mozilla.org,download-stats.r53-2.services.mozilla.com,experimenter.services.mozilla.com,experimenter.nonprod.webservices.mozgcp.net,experimenter.prod.webservices.mozgcp.net,fhr.data.mozilla.com,fhr.r53-2.services.mozilla.com,firefox-android-home-recommendations.getpocket.com,firefox-dns-perf-test.net,fuzzing.mozilla.org,google-analytics.com,google-analytics-cn.com,googleanalytics.com,googlesyndication.com,googlesyndication-cn.com,googletagmanager.com,googletagmanager-cn.com,googletagservices.com,googletagservices-cn.com,improving.duckduckgo.com,incoming.glean.example.com,incoming.telemetry.mozilla.org,incoming.thunderbird.net,incoming-telemetry.thunderbird.net,ingestion-edge.prod.dataops.mozgcp.net,location.services.mozilla.com,locprod1-elb-eu-west-1.prod.mozaws.net,locprod2-elb-us-west-2.prod.mozaws.net,metrics-content.duckduckgo.com,new-sentry.gitlab.net,nonprod.classify-client.nonprod.webservices.mozgcp.net,normandy.cdn.mozilla.net,normandy.nonprod.cloudops.mozgcp.net,normandy.prod.cloudops.mozgcp.net,normandy-cdn.services.mozilla.com,omappapi.com,pipeline-incoming-prod-elb-149169523.us-west-2.elb.amazonaws.com,prod.ads.prod.webservices.mozgcp.net,prod.classify-client.prod.webservices.mozgcp.net,prod.dap.prod.webservices.mozgcp.net,prod.data-ingestion.prod.dataops.mozgcp.net,prod.dataops.mozgcp.net,prod.experimenter.prod.webservices.mozgcp.net,prod.ingestion-edge.prod.dataops.mozgcp.net,prod.sentry.prod.cloudops.mozgcp.net,prod-classifyclient.normandy.prod.cloudops.mozgcp.net,profile.accounts.firefox.com,sdk.iad-05.braze.com,search.r53-2.services.mozilla.com,search.services.mozilla.com,self-repair.mozilla.org,self-repair.r53-2.services.mozilla.com,sentry.gitlab.net,sentry.io,sentry.nonprod.cloudops.mozgcp.net,sentry.prod.cloudops.mozgcp.net,sentry.prod.mozaws.net,sitereview.zscaler.com,snippets.allizom.org,snippets.cdn.mozilla.net,snippets.mozilla.com,snippets-prod.frankfurt.moz.works,snippets-prod.moz.works,snippets-prod.oregon-b.moz.works,snippets-stage.moz.works,snippets-stage.oregon-b.moz.works,snowplow.trx.gitlab.net,snowplowalb-1011729428.us-east-1.elb.amazonaws.com,snowplowprd.trx.gitlab.net,snowplowprdnlb-1490493263.us-east-2.elb.amazonaws.com,socorro.nonprod.webservices.mozgcp.net,socorro.prod.webservices.mozgcp.net,socorro-collector.services.mozilla.com,socorro-webapp-allizom.stage.mozaws.net,socorro-webapp.services.mozilla.com,spocs.getpocket.com,spocs.getpocket.dev,spocs.mozilla.net,ssl.google-analytics.com,ssl-google-analytics.l.google.com,stage.sentry.nonprod.cloudops.mozgcp.net,start.fedoraproject.org,start.thunderbird.net,start.ubuntu.com,start-stage.thunderbird.net,survey.mozilla.com,tagmanager.google.com,talkback.mozilla.org,talkback-public.mozilla.org,talkback-reports.mozilla.org,telemetry-coverage.mozilla.org,telemetry-coverage.r53-2.services.mozilla.com,telemetry-experiment.cdn.mozilla.net,telemetry-incoming.r53-2.services.mozilla.com,telemetry-incoming-a.r53-2.services.mozilla.com,telemetry-incoming-b.r53-2.services.mozilla.com,telemetry-prod-1054754349.us-east-1.elb.amazonaws.com,tiles-cdn.prod.ads.prod.webservices.mozgcp.net,updates.thunderbird.net,updates-stage.thunderbird.net,use-application-dns.net,vf.startpage.com,widgets.getpocket.com,www.250analytics.com,www.anonymco.com,www.google-analytics.com,www.google-analytics-cn.com,www.googleanalytics.com,www.googlesyndication.com,www.googlesyndication-cn.com,www.googletagmanager.com,www.googletagmanager-cn.com,www.googletagservices.com,www.googletagservices-cn.com,www.sentry.io,www-google-analytics.l.google.com,www-googletagmanager.l.google.com");

/// Disable automatic upload of profiler data (from `about:logging`) to Mozilla
// https://searchfox.org/firefox-main/rev/16707ce1/modules/libpref/init/all.js#3743
// https://searchfox.org/firefox-main/rev/16707ce1/modules/libpref/init/all.js#3753
// https://searchfox.org/firefox-main/rev/16707ce1/toolkit/content/aboutLogging/aboutLogging.mjs#616
// https://searchfox.org/firefox-main/rev/16707ce1/toolkit/content/aboutLogging/aboutLogging.mjs#642
// https://searchfox.org/firefox-main/rev/16707ce1/toolkit/content/aboutLogging/profileSaveUploadLogic.mjs#13
defaultPref("toolkit.aboutLogging.uploadProfileToCloud", false); // [DEFAULT - non-Android]
defaultPref("toolkit.aboutlogging.uploadProfileUrl", ""); // [HIDDEN]

/// Disable Browser Search/Usage Telemetry metrics
// https://searchfox.org/firefox-main/source/browser/docs/BrowserUsageTelemetry.rst
// https://searchfox.org/firefox-main/source/browser/components/search/BrowserSearchTelemetry.sys.mjs
// https://searchfox.org/firefox-main/source/browser/modules/BrowserUsageTelemetry.sys.mjs
// https://searchfox.org/firefox-main/source/toolkit/content/widgets/tabbox.js
lockPref("browser.engagement.ctrlTab.has-used", true); // [HIDDEN - Android/Thunderbird]
lockPref("browser.engagement.downloads-button.has-used", true); // [NO-ANDROID] [NO-MAIL]
lockPref("browser.engagement.fxa-toolbar-menu-button.has-used", true); // [NO-ANDROID] [NO-MAIL]
lockPref("browser.engagement.home-button.has-used", true); // [NO-ANDROID] [NO-MAIL]
lockPref("browser.engagement.library-button.has-used", true); // [NO-ANDROID] [NO-MAIL]
lockPref("browser.engagement.sidebar-button.has-used", true); // [NO-ANDROID] [NO-MAIL]
lockPref("browser.engagement.total_uri_count.pbm", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN] [DEFAULT]
lockPref("browser.engagement.search_counts.pbm", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN] [DEFAULT]
lockPref("browser.search.totalSearches", 100); // [NO-ANDROID] [NO-MAIL] https://searchfox.org/firefox-main/rev/a7d872e9/browser/components/urlbar/UrlbarInput.sys.mjs#3193

/// Disable Coverage
// https://blog.mozilla.org/data/2018/08/20/effectively-measuring-search-in-firefox/
// https://searchfox.org/firefox-main/source/toolkit/components/telemetry/pings/CoveragePing.sys.mjs
// https://bugzilla.mozilla.org/show_bug.cgi?id=1487578
lockPref("toolkit.coverage.enabled", false); // [DEFAULT] [HIDDEN - Android/Thunderbird]
lockPref("toolkit.coverage.endpoint.base", ""); // [DEFAULT - Android/Thunderbird] [HIDDEN - Android/Thunderbird]
defaultPref("toolkit.coverage.log-level", 70); // [HIDDEN] Limits logging to fatal only
lockPref("toolkit.coverage.opt-out", true); // [HIDDEN]

/// Disable Crash Reporting
// https://github.com/mozilla-services/socorro
// https://wiki.mozilla.org/Socorro
// https://firefox-source-docs.mozilla.org/tools/sanitizer/asan_nightly.html
// https://github.com/choller/firefox-asan-reporter
// https://searchfox.org/firefox-main/source/toolkit/modules/AsanReporter.sys.mjs
lockPref("asanreporter.apiurl", ""); // [HIDDEN - non-MOZ_ASAN_REPORTER builds] [DEFAULT - non-MOZ_ASAN_REPORTER builds]
lockPref("asanreporter.clientid", "unknown"); // [HIDDEN - non-MOZ_ASAN_REPORTER builds] [DEFAULT]
defaultPref("asanreporter.loglevel", 70); // [HIDDEN]
lockPref("breakpad.reportURL", "");
lockPref("browser.crashReports.crashPull", false); // [DEFAULT] Do not request crash reports for background processes from users https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/crash-reports-ondemand/changeset?_expected=0
lockPref("browser.crashReports.onDemand", false); // Supercedes "browser.crashReports.crashPull" - see details above
lockPref("browser.crashReports.requestedNeverShowAgain", true); // Do not request crash reports for background processes from users https://searchfox.org/firefox-main/source/toolkit/components/crashes/RemoteSettingsCrashPull.sys.mjs
lockPref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); // [NO-ANDROID] [HIDDEN - Thunderbird] [DEFAULT]
lockPref("browser.crashReports.unsubmittedCheck.enabled", false); // [NO-ANDROID] [HIDDEN - Thunderbird] [DEFAULT - non-Nightly]
lockPref("browser.tabs.crashReporting.includeURL", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT] [DEFENSE IN DEPTH] (This is for `about:tabcrashed`)
lockPref("browser.tabs.crashReporting.sendReport", false); // [NO-ANDROID] [NO-MAIL] (This is for `about:tabcrashed`)
lockPref("toolkit.crashreporter.include_context_heap", false); // [DEFAULT - non-Nightly]

/// Disable Data Reporting & Telemetry
/// We also configure "DisableTelemetry" & "ImproveSuggest" in policies on Desktop
// https://mozilla.github.io/policy-templates/#disabletelemetry 
// https://mozilla.github.io/policy-templates/#firefoxsuggest
// https://wiki.mozilla.org/QA/Telemetry
// https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/internals/preferences.html
// https://searchfox.org/firefox-release/source/toolkit/components/glean/xpcom/FOG.cpp
// https://searchfox.org/firefox-release/source/toolkit/components/telemetry/app/TelemetryUtils.sys.mjs
lockPref("browser.aboutwelcome.entrypoint", ""); // [NO-ANDROID] [NO-MAIL] [HIDDEN] [DEFAULT] Ensure entrypoint to `about:welcome` is not recorded and ex. submitted for telemetry https://searchfox.org/firefox-main/rev/a7d872e9/browser/components/aboutwelcome/actors/AboutWelcomeChild.sys.mjs#266
lockPref("browser.safebrowsing.features.emailtracking.datacollection.update", false); // [HIDDEN] https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/url-classifier/SafeBrowsing.sys.mjs#264
lockPref("captchadetection.actor.enabled", false); // Disable CAPTCHA Detection Pings https://searchfox.org/firefox-main/source/toolkit/components/captchadetection/CaptchaDetectionPingUtils.sys.mjs
lockPref("captchadetection.hasUnsubmittedData", false); // [HIDDEN] Disable CAPTCHA Detection Pings https://searchfox.org/firefox-main/source/toolkit/components/captchadetection/CaptchaDetectionPingUtils.sys.mjs
defaultPref("captchadetection.loglevel", "Off");
lockPref("datareporting.dau.cachedUsageProfileID", "beefbeef-beef-beef-beef-beeefbeefbee"); // [HIDDEN] https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/telemetry/app/ClientID.sys.mjs#45
lockPref("datareporting.dau.cachedUsageProfileGroupID", "b0bacafe-b0ba-cafe-b0ba-cafeb0bacafe"); // [HIDDEN] https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/telemetry/app/ClientID.sys.mjs#46
lockPref("datareporting.healthreport.uploadEnabled", false); // [DEFAULT - Android] Required for Firefox Labs on Desktop
lockPref("datareporting.policy.dataSubmissionEnabled", false);
lockPref("datareporting.policy.dataSubmissionPolicyBypassNotification", true); // [DEFAULT - non-MOZILLA_OFFICIAL builds]
lockPref("datareporting.policy.firstRunURL", "");
lockPref("datareporting.usage.uploadEnabled", false); // [HIDDEN - ANDROID] [DEFAULT - Android] Disables "daily usage pings" https://support.mozilla.org/kb/usage-ping-settings
lockPref("dom.security.unexpected_system_load_telemetry_enabled", false); // [DEFAULT - non-Nightly]
lockPref("extensions.dataCollectionPermissions.enabled", false); // https://support.mozilla.org/kb/extension-data-collection https://extensionworkshop.com/documentation/develop/firefox-builtin-data-consent/
lockPref("extensions.gleanPingAddons.daily.interval", 2147483647); // [HIDDEN] Disable the Glean add-on ping scheduler https://searchfox.org/firefox-main/rev/e5219f2a/toolkit/mozapps/extensions/extensions.manifest#1
lockPref("extensions.gleanPingAddons.updated.delay", 2147483647); // [HIDDEN] https://searchfox.org/firefox-main/rev/e5219f2a/toolkit/mozapps/extensions/AddonManager.sys.mjs#116
lockPref("extensions.gleanPingAddons.updated.idleTimeout", 2147483647); // [HIDDEN] https://searchfox.org/firefox-main/source/toolkit/mozapps/extensions/AddonManager.sys.mjs#124
lockPref("extensions.gleanPingAddons.updated.testing", false); // [HIDDEN] [DEFAULT] https://searchfox.org/firefox-main/source/toolkit/mozapps/extensions/AddonManager.sys.mjs#132
lockPref("extensions.telemetry.EnvironmentAddonBuilder", false); // [HIDDEN - non-Android] [NIGHTLY] Do not use Glean for add-on telemetry https://bugzilla.mozilla.org/show_bug.cgi?id=1981496 https://searchfox.org/firefox-main/rev/d285a4fb/toolkit/mozapps/extensions/AddonManager.sys.mjs#4801
lockPref("network.jar.record_failure_reason", false); // [DEFAULT - non-Nightly] https://searchfox.org/firefox-release/rev/9d94f5e3/modules/libpref/init/StaticPrefList.yaml#15576
lockPref("network.traffic_analyzer.enabled", false); // https://searchfox.org/firefox-release/rev/9d94f5e3/modules/libpref/init/StaticPrefList.yaml#14262
lockPref("network.trr.confirmation_telemetry_enabled", false);
lockPref("nimbus.telemetry.targetingContextEnabled", false); // [HIDDEN - ANDROID/THUNDERBIRD] [DEFAULT - Artifact builds] Targeting context telemetry - https://searchfox.org/firefox-release/rev/9d94f5e3/browser/app/profile/firefox.js#2139
lockPref("privacy.trackingprotection.emailtracking.data_collection.enabled", false);
lockPref("telemetry.fog.aboutGlean.debugTag", ""); // [NO-ANDROID] [HIDDEN] Do not set a debug ping tag https://searchfox.org/firefox-main/rev/4258ca07/toolkit/content/aboutGlean.js#122
lockPref("telemetry.fog.artifact_build", false); // [DEFAULT - non-Artifact builds] Disable JOG to prevent runtime registration of metrics https://firefox-source-docs.mozilla.org/toolkit/components/glean/dev/jog.html https://firefox-source-docs.mozilla.org/toolkit/components/glean/dev/preferences.html#internal-preferences
lockPref("telemetry.fog.test.activity_limit", -1); // Disable activity-based ping submission - ex. https://mozilla.github.io/glean/book/user/pings/baseline.html#scheduling
lockPref("telemetry.fog.test.inactivity_limit", -1); // Disable inactivity-based ping submission - ex. https://mozilla.github.io/glean/book/user/pings/baseline.html#scheduling
lockPref("telemetry.fog.init_on_shutdown", false); // Prevent Glean from initializing on shutdown https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/glean/docs/dev/preferences.md#49
lockPref("telemetry.fog.test.localhost_port", 70000); // Force telemetry pings to be sent to localhost instead of Mozilla's servers, if they're somehow enabled... (port just has to be higher than 0, I chose 70000 as its invalid) - https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/glean/docs/dev/preferences.md#15
lockPref("telemetry.glean.internal.finalInactive", false); // [HIDDEN] [DEFAULT] Disable early shutdown pings https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/glean/xpcom/FOG.cpp#148
lockPref("telemetry.glean.internal.maxPingsPerMinute", 0); // [HIDDEN] Prevent Glean from sending pings https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/glean/xpcom/FOG.cpp#133
lockPref("telemetry.number_of_site_origin.min_interval", 2147483647);
lockPref("toolkit.content-background-hang-monitor.disabled", true); // BHR https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/backgroundhangmonitor/BackgroundHangMonitor.cpp#597
lockPref("toolkit.telemetry.archive.enabled", false); // [HIDDEN - Android]
lockPref("toolkit.telemetry.bhrPing.enabled", false); // [HIDDEN - Android]
lockPref("toolkit.telemetry.cachedClientID", "c0ffeec0-ffee-c0ff-eec0-ffeec0ffeec0"); // [HIDDEN]
lockPref("toolkit.telemetry.cachedProfileGroupID", "decafdec-afde-cafd-ecaf-decafdecafde"); // [HIDDEN]
lockPref("toolkit.telemetry.collectInterval", 2147483647); // [HIDDEN]
lockPref("toolkit.telemetry.dap.helper.hpke", "");
lockPref("toolkit.telemetry.dap.helper.url", "");
lockPref("toolkit.telemetry.dap.leader.hpke", "");
lockPref("toolkit.telemetry.dap.leader.url", "");
defaultPref("toolkit.telemetry.dap.logLevel", "Off");
lockPref("toolkit.telemetry.dap_enabled", false); // [DEFAULT]
lockPref("toolkit.telemetry.dap_task1_enabled", false); // [DEFAULT]
lockPref("toolkit.telemetry.dap_task1_taskid", ""); // [DEFAULT]
lockPref("toolkit.telemetry.dap_visit_counting_enabled", false); // [DEFAULT]
lockPref("toolkit.telemetry.dap_visit_counting_experiment_list", "[]"); // [DEFAULT]
defaultPref("toolkit.telemetry.debugSlowSql", false); // [DEFAULT]
lockPref("toolkit.telemetry.enabled", false);  // [DEFAULT - non-Nightly]
lockPref("toolkit.telemetry.eventping.maximumFrequency", 2147483647); // [HIDDEN] Disable `event` pings
lockPref("toolkit.telemetry.eventping.minimumFrequency", 2147483647); // [HIDDEN] Disable `event` pings
lockPref("toolkit.telemetry.firstShutdownPing.enabled", false); // [HIDDEN - Android]
lockPref("toolkit.telemetry.healthping.enabled", false); // [HIDDEN]
lockPref("toolkit.telemetry.initDelay", 2147483647); // [HIDDEN] Prevent the Telemetry component from initializing
defaultPref("toolkit.telemetry.log.dump", false); // [HIDDEN] [DEFAULT] - To expose via the `about:config`
defaultPref("toolkit.telemetry.log.level", "Fatal"); // [HIDDEN] [Default: Warn]
lockPref("toolkit.telemetry.minSubsessionLength", 2147483647); // [HIDDEN]
lockPref("toolkit.telemetry.newProfilePing.delay", 2147483647); // [HIDDEN]
lockPref("toolkit.telemetry.newProfilePing.enabled", false); // [HIDDEN - Android]
lockPref("toolkit.telemetry.overrideUpdateChannel", "release"); // [HIDDEN] [DEFENSE IN DEPTH] Always report channel as `release`, regardless of actual value https://docs.telemetry.mozilla.org/concepts/channels/channel_normalization
lockPref("toolkit.telemetry.previousBuildID", ""); // [HIDDEN]
lockPref("toolkit.telemetry.reportingpolicy.firstRun", false); // [HIDDEN]
lockPref("toolkit.telemetry.scheduler.idleTickInterval", 2147483647); // [HIDDEN]
lockPref("toolkit.telemetry.scheduler.tickInterval", 2147483647); // [HIDDEN]
lockPref("toolkit.telemetry.send.overrideOfficialCheck", false); // [HIDDEN] [DEFAULT] Never send pings on unofficial builds - https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/internals/preferences.html
lockPref("toolkit.telemetry.server", "data;");
lockPref("toolkit.telemetry.server_owner", "");
lockPref("toolkit.telemetry.shutdownPingSender.backgroundtask.enabled", false); // [HIDDEN - Android/Thunderbird] [DEFAULT - Desktop Firefox]
lockPref("toolkit.telemetry.shutdownPingSender.enabled", false); // [HIDDEN - Android]
lockPref("toolkit.telemetry.shutdownPingSender.enabledFirstSession", false); // [HIDDEN - Android] [DEFAULT]
lockPref("toolkit.telemetry.testing.disableFuzzingDelay", false); // [HIDDEN] [DEFAULT] [DEFENSE IN DEPTH] Always delay sending pings between 0-1 AM
lockPref("toolkit.telemetry.testing.overridePreRelease", false); // [HIDDEN] [DEFAULT] Never record extended/prelease data on release channels - https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/internals/preferences.html
lockPref("toolkit.telemetry.testing.overrideProductsCheck", false); // [DEFAULT] Limit probes to only what is supported on the current product - https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/internals/preferences.html
lockPref("toolkit.telemetry.testing.suppressPingsender", true); // [HIDDEN]
defaultPref("toolkit.telemetry.translations.logLevel", "Off");
lockPref("toolkit.telemetry.unified", false); // [DEFAULT - Android]
lockPref("toolkit.telemetry.untrustedModulesPing.frequency", 2147483647); // [HIDDEN]
lockPref("toolkit.telemetry.updatePing.enabled", false); // [HIDDEN - Android]
lockPref("toolkit.telemetry.user_characteristics_ping.current_version", 0); // [DEFAULT]
lockPref("toolkit.telemetry.user_characteristics_ping.last_version_sent", 0); // [DEFAULT]
defaultPref("toolkit.telemetry.user_characteristics_ping.logLevel", "Off");
lockPref("toolkit.telemetry.user_characteristics_ping.opt-out", true);
lockPref("toolkit.telemetry.user_characteristics_ping.send-once", false); // [DEFAULT]
lockPref("toolkit.telemetry.user_characteristics_ping.uuid", ""); // [DEFAULT]
lockPref("urlclassifier.features.emailtracking.datacollection.allowlistTables", ""); // https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/url-classifier/SafeBrowsing.sys.mjs#264
lockPref("urlclassifier.features.emailtracking.datacollection.blocklistTables", ""); // https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/url-classifier/SafeBrowsing.sys.mjs#264


/// Disable Experiments/Studies
// (Shield/Nimbus/Normandy)
// https://support.mozilla.org/kb/shield
// https://support.mozilla.org/kb/how-stop-firefox-making-automatic-connections#w_experiments-or-studies
// https://experimenter.info/
// https://wiki.mozilla.org/Firefox/Shield/Shield_Studies
// https://mozilla.github.io/normandy/
// https://wiki.mozilla.org/Advocacy/heartbeat
// resource://nimbus/ExperimentAPI.sys.mjs
// https://searchfox.org/firefox-main/source/toolkit/components/backgroundtasks/defaults/backgroundtasks_browser.js
lockPref("app.normandy.run_interval_seconds", 0); // [HIDDEN - Android/Thunderbird] Prevent fetching experiments - This pref is also used by Nimbus https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/nimbus/lib/RemoteSettingsExperimentLoader.sys.mjs#801
lockPref("app.normandy.api_url", ""); // [NO-ANDROID] [NO-MAIL]
lockPref("app.normandy.enabled", false); // [NO-ANDROID] [NO-MAIL]
lockPref("app.normandy.experiments.lazy_classify", true); // [NO-ANDROID] [NO-MAIL] [HIDDEN] [DEFENSE IN DEPTH] Prevent making client classification requests on every startup https://mozilla.github.io/normandy/dev/feature-experiments.html
lockPref("app.normandy.first_run", false); // [NO-ANDROID] [NO-MAIL]
lockPref("app.normandy.last_seen_buildid", ""); // [NO-ANDROID] [NO-MAIL]
defaultPref("app.normandy.logging.level", 70); // [NO-ANDROID] [NO-MAIL] Limit logging to fatal only
lockPref("app.normandy.user_id", ""); // [NO-ANDROID] [NO-MAIL] [HIDDEN]
lockPref("app.shield.optoutstudies.enabled", false); // [HIDDEN - Android/Thunderbird] Required for Firefox Labs on Desktop
lockPref("browser.aboutwelcome.experimentsGate.enabled", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN - non-OS X] [DEFAULT - non-OS X] https://searchfox.org/firefox-main/rev/cdf7090f/browser/app/profile/firefox.js#2091 https://searchfox.org/firefox-main/rev/cdf7090f/browser/components/aboutwelcome/actors/AboutWelcomeParent.sys.mjs#61 Do not have `about:welcome` depend on Nimbus
lockPref("browser.aboutwelcome.experimentsGate.skipSplashIfLoaded", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT] https://searchfox.org/firefox-main/rev/cdf7090f/browser/app/profile/firefox.js#2098 https://searchfox.org/firefox-main/rev/92e193f9/browser/components/asrouter/modules/OnboardingMessageProvider.sys.mjs#3173
defaultPref("messaging-system.rsexperimentloader.collection_id", ""); // [DEFAULT: `nimbus-desktop-experiments`] Required for Firefox Labs on Desktop
defaultPref("nimbus.appId", ""); // [HIDDEN] [DEFAULT: `firefox-desktop`] Required for Firefox Labs on Desktop
lockPref("nimbus.profileId", ""); // [HIDDEN] https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/nimbus/ExperimentAPI.sys.mjs#80 - We also set this as a user pref in `phoenix-user-pref.cfg`, to ensure that Firefox properly uses/recognizes it
lockPref("nimbus.profilesdatastoreservice.enabled", false); // Disable writing to the NimbusEnrollments table database https://searchfox.org/firefox-main/rev/16707ce1/toolkit/components/nimbus/lib/Enrollments.sys.mjs#617
lockPref("nimbus.profilesdatastoreservice.read.enabled", false); // Disable reading from the NimbusEnrollments table database https://searchfox.org/firefox-main/rev/16707ce1/toolkit/components/nimbus/lib/Enrollments.sys.mjs#628
lockPref("nimbus.profilesdatastoreservice.sync.enabled", false); // Disable syncing NimbusEnrollments data https://searchfox.org/firefox-main/rev/16707ce1/toolkit/components/nimbus/lib/RemoteSettingsExperimentLoader.sys.mjs#425 https://searchfox.org/firefox-main/rev/16707ce1/toolkit/components/nimbus/lib/Enrollments.sys.mjs#638
lockPref("nimbus.rollouts.enabled", false); // [HIDDEN - non-Firefox Desktop] Nimbus rollouts/"remote improvements" (A/B Testing) https://support.mozilla.org/kb/remote-improvements

/// Disable Firefox Labs (`about:preferences#experimental`) [NO-ANDROID] [NO-MAIL]
// Firefox Labs requires experiments and telemetry to be enabled (see specific prefs below) [NO-ANDROID] [NO-MAIL]
// When experiments and telemetry are not enabled, this seems to cause a broken/empty "Firefox Labs" section to appear at the bottom of pages at `about:preferences` [NO-ANDROID] [NO-MAIL]
// From my testing, the following prefs specifically are required for Firefox Labs to work (these are also indicated above): [NO-ANDROID] [NO-MAIL]
// `app.shield.optoutstudies.enabled` -> `true` [NO-ANDROID] [NO-MAIL]
// `datareporting.healthreport.uploadEnabled` -> `true` [NO-ANDROID] [NO-MAIL]
// `messaging-system.rsexperimentloader.collection_id` -> `nimbus-desktop-experiments` [NO-ANDROID] [NO-MAIL]
// `nimbus.appId` -> `firefox-desktop` [NO-ANDROID] [NO-MAIL]
// You'll also need to remove the `DisableFirefoxStudies` and `DisableTelemetry` policies [NO-ANDROID] [NO-MAIL]
defaultPref("browser.preferences.experimental", false); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.preferences.experimental.hidden", true); // [NO-ANDROID] [NO-MAIL] Avoids the "Firefox Labs" section from shortly appearing on first launch https://searchfox.org/firefox-main/rev/93aad2a6615f670b1279c229dd37f7397236131a/browser/components/preferences/experimental.js#185

/// Disable Glean redesign/navigation category at `about:glean`
// This isn't really a major issue for us, but we don't want or support Glean, so I see no reason not to set this
// https://searchfox.org/firefox-main/rev/cd6acbe9/toolkit/content/aboutGlean.js#215
lockPref("about.glean.redesign.enabled", false); // [NO-ANDROID] [HIDDEN - non-Desktop Firefox] [DEFAULT]


/// Disable notification permission telemetry [NO-ANDROID]
// https://searchfox.org/firefox-main/rev/28328852/browser/app/profile/firefox.js#938 [NO-ANDROID]
// https://searchfox.org/firefox-main/rev/28328852/browser/modules/PermissionUI.sys.mjs#79 [NO-ANDROID]
lockPref("permissions.desktop-notification.telemetry.siteCategories", "{}"); // [NO-ANDROID]

/// Disable Origin Trials
// https://wiki.mozilla.org/Origin_Trials
defaultPref("dom.origin-trials.enabled", false);

/// Remove partner attribution
// These are *only* used for telemetry, and could potentially be used for fingerprinting
lockPref("app.distributor", ""); // [HIDDEN] [DEFAULT]
lockPref("app.distributor.channel", ""); // [HIDDEN] [DEFAULT]
lockPref("mozilla.partner.id", ""); // [HIDDEN] [DEFAULT]

defaultPref("browser.phoenix.status", "001");

/*** 002 MOZILLA CRAP™ ***/

// Some of these also provide Attack Surface Reduction

/// Clear unnecessary/undesired Mozilla URLs
defaultPref("app.feedback.baseURL", ""); // [NO-ANDROID]
defaultPref("app.normandy.shieldLearnMoreUrl", ""); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.newtabpage.activity-stream.privacyInfo.url", ""); // [NO-ANDROID] [NO-MAIL]
defaultPref("datareporting.healthreport.infoURL", ""); // [NO-ANDROID]
defaultPref("extensions.recommendations.privacyPolicyUrl", ""); // [DEFAULT - Android]
defaultPref("toolkit.datacollection.infoURL", ""); // [NO-ANDROID]

/// Disable `about:welcome`/onboarding
// Privacy concerns - unsolicited connections
// Also just annoying and undesired for our use case :/
// https://searchfox.org/firefox-main/source/browser/components/BrowserContentHandler.sys.mjs
defaultPref("browser.aboutwelcome.enabled", false); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.aboutwelcome.log", "off"); // [NO-ANDROID] [NO-MAIL] [HIDDEN] Disable logging
defaultPref("browser.preonboarding.enabled", false); // [HIDDEN - Android/Thunderbird] [DEFAULT - Linux] Disable the preonboarding modal https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/nimbus/FeatureManifest.yaml#874 https://searchfox.org/firefox-main/rev/643d7328/toolkit/components/telemetry/app/TelemetryReportingPolicy.sys.mjs#638
defaultPref("browser.rights.3.shown", true); // [NO-ANDROID] [NO-MAIL] [HIDDEN]
defaultPref("browser.startup.firstrunSkipsHomepage", false); // [NO-ANDROID] [NO-MAIL] Ensure we never skip the homepage (ex. upon update/in favor of the onboarding) https://searchfox.org/firefox-release/rev/9d94f5e3/browser/app/profile/firefox.js#323
lockPref("browser.startup.homepage_override.buildID", "20100101"); // [NO-ANDROID] [NO-MAIL] [HIDDEN] Ex. matches what Tor Browser uses
lockPref("browser.startup.homepage_override.mstone", "ignore"); // [NO-ANDROID] [NO-MAIL] [HIDDEN]
defaultPref("browser.startup.upgradeDialog.enabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT] https://searchfox.org/firefox-main/rev/82e2435f/browser/components/asrouter/docs/first-run.md#69
defaultPref("browser.suppress_first_window_animation", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
defaultPref("startup.homepage_override_nimbus_disable_wnp", true); // [NO-ANDROID] [NO-MAIL] "What's New" Pages
defaultPref("startup.homepage_override_url", ""); // [NO-ANDROID] [NO-MAIL]
defaultPref("startup.homepage_override_url_nimbus", ""); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
defaultPref("startup.homepage_welcome_url", ""); // [NO-ANDROID] [NO-MAIL]
defaultPref("startup.homepage_welcome_url.additional", ""); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

/// Disable add-on/feature recommendations
// https://support.mozilla.org/kb/recommendations-firefox
// https://searchfox.org/firefox-main/source/toolkit/mozapps/extensions/content/aboutaddons.js
// https://searchfox.org/firefox-main/source/browser/components/enterprisepolicies/Policies.sys.mjs
lockPref("browser.dataFeatureRecommendations.enabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
lockPref("browser.discovery.enabled", false); // [HIDDEN - Android/Thunderbird] [DEFAULT - Android/Thunderbird]
defaultPref("browser.discovery.sites", ""); // [NO-ANDROID] [NO-MAIL]
lockPref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false); // [NO-ANDROID] [NO-MAIL]
lockPref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.translations.mostRecentTargetLanguages", "en-US"); // https://searchfox.org/firefox-main/rev/4258ca07/browser/components/enterprisepolicies/Policies.sys.mjs#2829
lockPref("browser.translations.panelShown", true); // [HIDDEN]
defaultPref("extensions.getAddons.browseAddons", ""); // [HIDDEN - non-Android]
defaultPref("extensions.getAddons.discovery.api_url", "data;");
defaultPref("extensions.getAddons.showPane", false); // [HIDDEN]
defaultPref("extensions.htmlaboutaddons.recommendations.enabled", false);
lockPref("extensions.recommendations.hideNotice", true); // [HIDDEN] "Some of these recommendations are personalized..." banner
defaultPref("extensions.recommendations.themeRecommendationUrl", "");
defaultPref("extensions.ui.lastCategory", "addons://list/extension"); // [HIDDEN] [DEFAULT = `addons://discover/`] Ensure default view of `about:addons` is always local/installed extensions
defaultPref("extensions.webservice.discoverURL", ""); // [HIDDEN - non-Thunderbird]

/// Disable DoH Rollout/heuristics/steering
// This helps ensure Firefox doesn't override our/the user's DoH settings...
// https://searchfox.org/firefox-main/source/toolkit/components/doh/DoHConfig.sys.mjs
// https://searchfox.org/firefox-main/source/toolkit/components/doh/DoHController.sys.mjs
// https://searchfox.org/firefox-main/source/toolkit/components/doh/DoHHeuristics.sys.mjs
// https://searchfox.org/firefox-main/source/netwerk/docs/dns/dns-over-https-trr.md
defaultPref("doh-rollout._testing", false); // [HIDDEN] [DEFAULT]
lockPref("doh-rollout.disable-heuristics", true); // [HIDDEN]
lockPref("doh-rollout.doneFirstRun", true); // [HIDDEN]
lockPref("doh-rollout.enabled", false); // [HIDDEN]
lockPref("doh-rollout.provider-steering.enabled", false); // [HIDDEN]
lockPref("doh-rollout.provider-steering.provider-list", ""); // [HIDDEN]
lockPref("doh-rollout.self-enabled", false); // [HIDDEN]
lockPref("doh-rollout.skipHeuristicsCheck", true); // [HIDDEN]
lockPref("doh-rollout.trr-selection.enabled", false); // [HIDDEN]
lockPref("doh-rollout.trr-selection.provider-list", ""); // [HIDDEN]

/// Disable DoH performance measurements
// https://searchfox.org/firefox-main/rev/82e2435f/browser/components/BrowserGlue.sys.mjs#1155
// https://searchfox.org/firefox-main/source/toolkit/components/doh/TRRPerformance.sys.mjs
defaultPref("doh-rollout.trrRace.canonicalDomain", ""); // [HIDDEN] [Default = firefox-dns-perf-test.net]
defaultPref("doh-rollout.trrRace.complete", true); // [HIDDEN]
defaultPref("doh-rollout.trrRace.enabled", false); // [HIDDEN]
defaultPref("doh-rollout.trrRace.popularDomains", ""); // [HIDDEN]
defaultPref("doh-rollout.trrRace.randomSubdomainCount", 0); // [HIDDEN]

/// Disable 'Essential Domains Fallback'
// My concern here is the fact that this is fetched from Remote Settings - this could potentially be used to bypass our internal domain blocklist above + the firewall of users if they themselves choose to block specific domains for whatever reason
// I don't have a problem with this being a local dump though, as I can understand the usefulness of this (and being local would mitigate my concerns here) - but I'm not comfortable with the remote part
// This is currently unused anyways...
// https://searchfox.org/firefox-main/source/netwerk/base/EssentialDomainsRemoteSettings.sys.mjs
// https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/moz-essential-domain-fallbacks/changeset?_expected=0
defaultPref("network.essential_domains_fallback", false); // [DEFAULT]

/// Disable Fakespot
defaultPref("toolkit.shopping.ohttpConfigURL", "");
defaultPref("toolkit.shopping.ohttpRelayURL", "");

/// Disable "Feature Tours" [NO-ANDROID] [NO-MAIL]
defaultPref("browser.firefox-view.feature-tour", '{"screen":"","complete":true}'); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.newtab.feature-tour", '{"screen":"","complete":true}'); // [NO-ANDROID] [NO-MAIL] [HIDDEN]
defaultPref("browser.pdfjs.feature-tour", '{"screen":"","complete":true}'); // [NO-ANDROID] [NO-MAIL]

/// Disable fetching Firefox Relay's "allowlist" and "denylist"
// Should reduce network activity, and also allows users of Relay to use it anywhere if desired (+ should reduce nags from the browser about it in general)
// https://bugzilla.mozilla.org/show_bug.cgi?id=1926974
// https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/fxrelay-allowlist/changeset?_expected=0
// https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/fxrelay-denylist/changeset?_expected=0
// https://searchfox.org/firefox-main/rev/c82adde5/toolkit/components/satchel/integrations/FirefoxRelay.sys.mjs#42
defaultPref("signon.firefoxRelay.allowListRemoteSettingsCollection", ""); // [HIDDEN] [DEFAULT: fxrelay-allowlist]
defaultPref("signon.firefoxRelay.denyListRemoteSettingsCollection", ""); // [HIDDEN] [DEFAULT: fxrelay-denylist]

/// Disable fetching Password Manager rules remotely by default
// (Used for identifying password forms on websites)
// Last update was January 2023... also included locally as a dump anyways (resource://app/defaults/settings/main/password-recipes.json), so I don't see a reason to fetch these remotely
// https://bugzilla.mozilla.org/show_bug.cgi?id=1134852
// https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/password-recipes/changeset?_expected=0
defaultPref("signon.recipes.remoteRecipes.enabled", false);

/// Disable Firefox Bridge [NO-ANDROID] [NO-MAIL]
// Uses native messaging to share browsing data with other browsers (Chromium) [NO-ANDROID] [NO-MAIL]
// Interesting concept, but due to the obvious potential privacy and security concerns, I feel that this is something that should be left to the user to enable [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/nimbus/FeatureManifest.yaml#948 [NO-ANDROID] [NO-MAIL]
defaultPref("browser.firefoxbridge.enabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

/// Disable the Firefox Messaging System [NO-ANDROID]
// https://firefox-source-docs.mozilla.org/browser/components/asrouter/docs/index.html [NO-ANDROID]
// https://searchfox.org/firefox-main/rev/ac83682a/browser/components/asrouter/modules/ASRouter.sys.mjs#1863 [NO-ANDROID]
// https://searchfox.org/firefox-main/rev/ac83682a/browser/components/asrouter/modules/ASRouterPreferences.sys.mjs#200 [NO-ANDROID]
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/backgroundtasks/defaults/backgroundtasks_browser.js#26 [NO-ANDROID]
defaultPref("app.update.background.messaging.targeting.snapshot.intervalSec", -1); // [NO-ANDROID] Disable targeting information background updates: https://searchfox.org/firefox-main/rev/82e2435f/toolkit/mozapps/update/BackgroundUpdate.sys.mjs#827
lockPref("browser.newtabpage.activity-stream.asrouter.providers.cfr", "null"); // [NO-ANDROID] [NO-MAIL]
lockPref("browser.newtabpage.activity-stream.asrouter.providers.cfr-fxa", "null"); // [NO-ANDROID] [NO-MAIL]
lockPref("browser.newtabpage.activity-stream.asrouter.providers.message-groups", "null"); // [NO-ANDROID] [NO-MAIL]
lockPref("browser.newtabpage.activity-stream.asrouter.providers.messaging-experiments", "null"); // [NO-ANDROID] [NO-MAIL]
lockPref("browser.newtabpage.activity-stream.asrouter.providers.onboarding", "null"); // [NO-ANDROID] [NO-MAIL]
lockPref("browser.newtabpage.activity-stream.asrouter.providers.snippets", "null"); // [NO-ANDROID] [NO-MAIL]
lockPref("browser.newtabpage.activity-stream.feeds.newtabmessaging", false); // [NO-ANDROID] [NO-MAIL] https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/ActivityStream.sys.mjs#1569 https://searchfox.org/firefox-main/source/browser/extensions/newtab/lib/NewTabMessaging.sys.mjs
lockPref("messaging-system.askForFeedback", false); // [NO-ANDROID] [NO-MAIL]
defaultPref("messaging-system.log", "off"); // [NO-ANDROID] [NO-MAIL] Disables logging
lockPref("messaging-system.profile.messagingProfileId", -1); // [NO-ANDROID] [NO-MAIL] [HIDDEN] Firefox thinks this is the only profile it can send targetting messages to. As this profile ID does not exist, it tricks Firefox into never sending targetting messages.
defaultPref("messaging-system.profile.singleProfileMessaging.disable", false); // [NO-ANDROID] [NO-MAIL] This makes Firefox only send targetting messages to the profile defined by `messaging-system.profile.messagingProfileId`

/// Disable Firefox Relay by default
defaultPref("signon.firefoxRelay.feature", "disabled"); // [HIDDEN - Thunderbird]

/// Disable import of Mozilla's default bookmarks [NO-ANDROID] [NO-MAIL]
// We also disable the default bookmarks via the `NoDefaultBookmarks` policy [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/268969d4/browser/components/places/PlacesBrowserStartup.sys.mjs#63 [NO-ANDROID] [NO-MAIL]
lockPref("browser.bookmarks.restore_default_bookmarks", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN] [DEFAULT] Ensure the browser never tries to restore/import the default bookmarks
lockPref("browser.bookmarks.testing.skipDefaultBookmarksImport", true); // [NO-ANDROID] [NO-MAIL] [HIDDEN] NOTE: This only appears to work in automation, but doesn't hurt to set anyways https://searchfox.org/firefox-main/rev/82e2435f/browser/components/places/PlacesBrowserStartup.sys.mjs#210
defaultPref("browser.places.importBookmarksHTML", true); // [NO-ANDROID] [NO-MAIL] [HIDDEN] This is a clever hack that effectively tricks Firefox into skipping the process of importing default bookmarks - instead it will try to import bookmarks from a HTML file that doesn't exist by default, hence, Firefox will import nothing - This is also nice to set here to expose this pref via `about:config`, as its hidden

/// Disable import of Mozilla's default protocol handlers
// (ex. Gmail, Outlook, and friends)
// https://searchfox.org/firefox-main/rev/881a9b31/uriloader/exthandler/ExtHandlerService.sys.mjs#94
// https://searchfox.org/firefox-main/rev/881a9b31/uriloader/exthandler/HandlerList.sys.mjs
lockPref("gecko.handlerService.defaultHandlersVersion", 2147483647); // [HIDDEN]

/// Disable "Interest-based Content Relevance Ranking and Personalization"
// https://bugzilla.mozilla.org/show_bug.cgi?id=1886207
lockPref("toolkit.contentRelevancy.enabled", false); // [HIDDEN - Android/Thunderbird] [DEFAULT]
lockPref("toolkit.contentRelevancy.ingestEnabled", false); // [HIDDEN - Android/Thunderbird] [DEFAULT]
defaultPref("toolkit.contentRelevancy.log", false); // [HIDDEN - Android/Thunderbird] [DEFAULT]

/// Disable IP Protection (Mozilla VPN) [NO-ANDROID] [NO-MAIL]
// This is a paid Mozilla service, so it doesn't make sense for us to leave this enabled by default [NO-ANDROID] [NO-MAIL]
// If people really do want to use it, they can though - they'll just need to enable it themselves manually [NO-ANDROID] [NO-MAIL]
// https://vpn.mozilla.org/ [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/source/browser/components/ipprotection/docs/Preferences.rst [NO-ANDROID] [NO-MAIL]
defaultPref("browser.ipProtection.added", true); // [NO-ANDROID] [NO-MAIL] Prevent pinning the IP Protection widget in the navigation bar https://searchfox.org/firefox-main/rev/82e2435f/browser/components/ipprotection/IPProtection.sys.mjs#145
defaultPref("browser.ipProtection.autoStartEnabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
defaultPref("browser.ipProtection.autoStartPrivateEnabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
defaultPref("browser.ipProtection.enabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
defaultPref("browser.ipProtection.features.autoStart", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
defaultPref("browser.ipProtection.features.siteExceptions", true); // [NO-ANDROID] [NO-MAIL] If IP Protection is enabled, enable support for site exceptions https://searchfox.org/firefox-main/rev/aee7c0f2/browser/app/profile/firefox.js#3547
defaultPref("browser.ipProtection.optedOut", true); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.ipProtection.userEnabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

/// Disable Mozilla nags/promotions
lockPref("browser.contentsharing.newBadge.enabled", false); // [NO-ANDROID] [NO-MAIL] https://searchfox.org/firefox-main/rev/cdf7090f/browser/app/profile/firefox.js#3603
lockPref("browser.contentblocking.report.hide_vpn_banner", true); // [NO-ANDROID] [NO-MAIL]
lockPref("browser.contentblocking.report.lockwise.enabled", false); // [NO-ANDROID] [NO-MAIL]
lockPref("browser.contentblocking.report.mobile-android.url", ""); // [NO-ANDROID] [NO-MAIL]
lockPref("browser.contentblocking.report.mobile-ios.url", ""); // [NO-ANDROID] [NO-MAIL]
lockPref("browser.contentblocking.report.monitor.enabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
lockPref("browser.contentblocking.report.proxy.enabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
lockPref("browser.contentblocking.report.proxy_extension.url", ""); // [NO-ANDROID] [NO-MAIL]
lockPref("browser.contentblocking.report.show_mobile_app", false); // [NO-ANDROID] [NO-MAIL]
lockPref("browser.contentblocking.report.vpn.url", ""); // [NO-ANDROID] [NO-MAIL]
lockPref("browser.contentblocking.report.vpn-android.url", ""); // [NO-ANDROID] [NO-MAIL]
lockPref("browser.contentblocking.report.vpn-ios.url", ""); // [NO-ANDROID] [NO-MAIL]
lockPref("browser.contentblocking.report.vpn-promo.url", ""); // [NO-ANDROID] [NO-MAIL]
lockPref("browser.ipProtection.locationButtonBadgeDismissed", true); // [NO-ANDROID] [NO-MAIL] https://searchfox.org/firefox-main/rev/cdf7090f/browser/components/ipprotection/IPProtectionPanel.sys.mjs#273
lockPref("browser.privatebrowsing.vpnpromourl", ""); // [NO-ANDROID] [NO-MAIL]
lockPref("browser.promo.cookiebanners.enabled", false); // [HIDDEN - Android/Thunderbird] [DEFAULT - Desktop] https://searchfox.org/firefox-main/rev/dc1c78e9/toolkit/modules/BrowserUtils.sys.mjs#756
defaultPref("browser.promo.focus.disallowed_regions", "xx");
lockPref("browser.promo.focus.enabled", false); // [HIDDEN - Android/Thunderbird] https://searchfox.org/firefox-main/rev/dc1c78e9/toolkit/modules/BrowserUtils.sys.mjs#722
lockPref("browser.promo.pin.enabled", false); // [HIDDEN - Android/Thunderbird] https://searchfox.org/firefox-main/rev/dc1c78e9/toolkit/modules/BrowserUtils.sys.mjs#734
lockPref("browser.protections_panel.infoMessage.seen", true); // [NO-ANDROID] [NO-MAIL] Disables ETP Banner
lockPref("browser.send_to_device_locales", ""); // [HIDDEN - Android/Thunderbird] Disables "Send to Device" email promotions https://searchfox.org/firefox-main/rev/dc1c78e9/browser/app/profile/firefox.js#2503 https://searchfox.org/firefox-main/rev/dc1c78e9/toolkit/modules/BrowserUtils.sys.mjs#789 https://searchfox.org/firefox-main/rev/dc1c78e9/browser/components/preferences/moreFromMozilla.js#273
lockPref("browser.tabs.notes.newBadge.enabled", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN] [DEFAULT] https://searchfox.org/firefox-main/rev/cdf7090f/browser/components/tabbrowser/content/tabbrowser.js#10457
lockPref("browser.tabs.splitview.hasUsed", true); // [NO-ANDROID] [NO-MAIL] https://searchfox.org/firefox-main/rev/cdf7090f/browser/components/tabbrowser/content/tabbrowser.js#10510
defaultPref("browser.vpn_promo.disallowed_regions", "xx");
lockPref("browser.vpn_promo.enabled", false); // [HIDDEN - Android/Thunderbird] https://searchfox.org/firefox-main/rev/dc1c78e9/toolkit/modules/BrowserUtils.sys.mjs#692
lockPref("cookiebanners.ui.desktop.showCallout", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
lockPref("identity.fxaccounts.toolbar.accessed", true); // [NO-ANDROID] [NO-MAIL] Used for Activity Stream/onboarding targeting https://searchfox.org/firefox-main/rev/a7d872e9/browser/components/asrouter/modules/ASRouterTargeting.sys.mjs#98 https://searchfox.org/firefox-main/rev/a7d872e9/browser/components/asrouter/modules/OnboardingMessageProvider.sys.mjs#2506
lockPref("pdfjs.enableNewBadge", false); // https://searchfox.org/firefox-main/rev/cdf7090f/toolkit/components/pdfjs/content/web/viewer.mjs#9012
lockPref("privacy.trackingprotection.allow_list.hasUserInteractedWithETPSettings", true); // Disables nag/onboarding to configure ETP exception lists https://searchfox.org/firefox-main/rev/dc1c78e9/modules/libpref/init/all.js#3342 https://searchfox.org/firefox-main/rev/dc1c78e9/netwerk/url-classifier/UrlClassifierExceptionListService.sys.mjs#200
lockPref("sidebar.verticalTabs.dragToPinPromo.dismissed", true); // [NO-ANDROID] [NO-MAIL] Promo card for dragging tabs when vertical tabs are enabled (sidebar.verticalTabs) https://searchfox.org/firefox-main/rev/839a8725/browser/components/sidebar/SidebarManager.sys.mjs#158
lockPref("trailhead.firstrun.didHandleCampaignAction", true); // [NO-ANDROID] [NO-MAIL] [HIDDEN] Disable marketing/attribution/"campaign" actions on first run https://searchfox.org/firefox-main/rev/a7d872e9/browser/components/asrouter/modules/ASRouterTargeting.sys.mjs#269 https://searchfox.org/firefox-main/rev/a7d872e9/browser/components/aboutwelcome/actors/AboutWelcomeParent.sys.mjs#271

/// Disable Mozilla.UITour [NO-ANDROID] [NO-MAIL]
// https://mozilla.github.io/bedrock/uitour/#ui-tour [NO-ANDROID] [NO-MAIL]
// https://firefox-source-docs.mozilla.org/browser/components/uitour/docs/index.html [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/source/browser/components/uitour/UITourUtils.sys.mjs [NO-ANDROID] [NO-MAIL]
lockPref("browser.uitour.enabled", false); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.uitour.loglevel", "Off"); // [NO-ANDROID] [NO-MAIL]
lockPref("browser.uitour.requireSecure", true); // [NO-ANDROID] [NO-MAIL] [HIDDEN] [DEFAULT]
lockPref("browser.uitour.surveyDuration", 0); // [NO-ANDROID] [NO-MAIL]
lockPref("browser.uitour.testingOrigins", ""); // [NO-ANDROID] [NO-MAIL] [HIDDEN] [DEFAULT]
lockPref("browser.uitour.url", ""); // [NO-ANDROID] [NO-MAIL]

/// Disable "Privacy-Preserving Attribution"
// https://support.mozilla.org/kb/privacy-preserving-attribution
lockPref("dom.origin-trials.private-attribution.state", 2); // [DEFAULT]
lockPref("dom.private-attribution.submission.enabled", false); // [DEFAULT]

/// Disable Remote Permissions
// This currently only allows overriding behavior for HTTPS-First + localhost
// In general, I don't think there should be remote/default overrides for a feature like this (or permissions in general...), best left up to the user
// https://searchfox.org/firefox-main/source/extensions/permissions/docs/remote.rst
// https://searchfox.org/firefox-main/source/extensions/permissions/RemotePermissionService.sys.mjs
// https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/remote-permissions/changeset?_expected=0
defaultPref("permissions.manager.remote.enabled", false);

/// Disable Remote Settings 'Preview' Buckets
// Nice to expose via about:config
defaultPref("services.settings.preview_enabled", false); // [HIDDEN] [DEFAULT]

/// Disable search attribution [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/comm-central/source/mozilla/toolkit/components/search/AppProvidedSearchEngine.sys.mjs [NO-ANDROID] [NO-MAIL]
lockPref("browser.search.param.search_rich_suggestions", ""); // [NO-ANDROID] [NO-MAIL]

/// Disable the Web Compatibility Reporter
// Harmless - We just don't want to waste Mozilla's time due to our custom set-up...
// Also acts as a potential performance improvement
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/nimbus/FeatureManifest.yaml#4511
defaultPref("extensions.webcompat-reporter.enabled", false); // [DEFAULT - Release/ESR]
defaultPref("extensions.webcompat-reporter.newIssueEndpoint", "https://phoenix.celenity.dev/issues"); // Temporarily override to our URL instead of Mozilla's to work-around upstream bug - https://bugzilla.mozilla.org/show_bug.cgi?id=1963764
defaultPref("media.decoder-doctor.new-issue-endpoint", "https://phoenix.celenity.dev/issues"); // For decoding errors https://searchfox.org/firefox-main/rev/82e2435f/browser/actors/DecoderDoctorParent.sys.mjs#83
defaultPref("ui.new-webcompat-reporter.enabled", false); // [NO-ANDROID] [NO-MAIL]
defaultPref("ui.new-webcompat-reporter.new-report-endpoint", "https://phoenix.celenity.dev/issues"); // [NO-ANDROID] [NO-MAIL] [HIDDEN] Temporarily override to our URL instead of Mozilla's to work-around upstream bug - https://bugzilla.mozilla.org/show_bug.cgi?id=1963764

/// Hide the "More from Mozilla" settings tab (`about:preferences#moreFromMozilla`) [NO-ANDROID] [NO-MAIL]
lockPref("browser.preferences.moreFromMozilla", false); // [NO-ANDROID] [NO-MAIL]

/// Opt out of add-on metadata updates
// Note: This prevents themes from displaying previews in `about:addons`
// https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/
defaultPref("extensions.getAddons.cache.enabled", false);

/// Prevent checking if Firefox is the default browser [NO-ANDROID] [NO-MAIL]
defaultPref("browser.shell.checkDefaultBrowser", false); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.shell.skipDefaultBrowserCheckOnFirstRun", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

/// Prevent checking if Firefox is the default `mailto:` handler [NO-ANDROID] [NO-MAIL]
// https://bugzilla.mozilla.org/show_bug.cgi?id=1864216 [NO-ANDROID] [NO-MAIL]
defaultPref("browser.mailto.dualPrompt", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

/// Prevent checking if Firefox is the default PDF viewer [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/82e2435f/browser/app/profile/firefox.js#284 [NO-ANDROID] [NO-MAIL]
defaultPref("browser.shell.checkDefaultPDF", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN - non-Windows]
defaultPref("browser.shell.checkDefaultPDF.silencedByUser", true); // [NO-ANDROID] [NO-MAIL] [HIDDEN - non-Windows]
defaultPref("browser.shell.setDefaultPDFHandler.onlyReplaceBrowsers", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN - non-Windows] If the browser is set as the default PDF viewer, always replace the existing default PDF viewer, regardless of whether it's a browser

/// Remove special privileges from Mozilla domains
// https://firefox-source-docs.mozilla.org/dom/ipc/process_model.html#privileged-mozilla-content
lockPref("browser.tabs.remote.separatePrivilegedMozillaWebContentProcess", false); // [DEFAULT - non-Firefox Desktop]
lockPref("browser.tabs.remote.separatedMozillaDomains", "");
lockPref("dom.ipc.processCount.privilegedmozilla", 0);
defaultPref("extensions.webextensions.restrictedDomains", "");
defaultPref("permissions.manager.defaultsUrl", ""); // [HIDDEN - Android] [DEFAULT - Android]
lockPref("svg.context-properties.content.allowed-domains", ""); // [DEFAULT - Android/Thunderbird]

/// Remove tracking parameters from Mozilla URLs + prevent exposing locale & unnecessary information
// For info on the extension update (`extensions.update.`) URL parameters, see https://devdoc.net/web/developer.mozilla.org/en-US/docs/Install_Manifests.html + https://mozilla-balrog.readthedocs.io/en/latest/database.html
lockPref("app.releaseNotesURL", "https://www.mozilla.org/firefox/%VERSION%/releasenotes"); // [NO-ANDROID] [NO-MAIL]
lockPref("app.releaseNotesURL.aboutDialog", "https://www.mozilla.org/firefox/%VERSION%/releasenotes"); // [NO-ANDROID] [NO-MAIL]
lockPref("app.releaseNotesURL.prompt", "https://www.mozilla.org/firefox/%VERSION%/releasenotes"); // [NO-ANDROID] [NO-MAIL]
lockPref("app.update.url.details", "https://www.mozilla.org/firefox/notes"); // [NO-ANDROID] [NO-MAIL]
lockPref("app.update.url.manual", "https://www.mozilla.org/firefox/new"); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.backup.template.fallback-download.aurora", "https://www.mozilla.org/firefox/channel/desktop/#developer");
defaultPref("browser.backup.template.fallback-download.beta", "https://www.mozilla.org/firefox/channel/desktop/#beta");
defaultPref("browser.backup.template.fallback-download.esr", "https://www.mozilla.org/firefox/enterprise/#download");
defaultPref("browser.backup.template.fallback-download.nightly", "https://www.mozilla.org/firefox/channel/desktop/#nightly");
defaultPref("browser.backup.template.fallback-download.release", "https://www.mozilla.org/firefox/download/thanks/?s=direct");
defaultPref("browser.contentblocking.report.cookie.url", "https://support.mozilla.org/kb/trackers-and-scripts-firefox-blocks-enhanced-track#w_cross-site-tracking-cookies"); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.contentblocking.report.cryptominer.url", "https://support.mozilla.org/kb/trackers-and-scripts-firefox-blocks-enhanced-track#w_cryptominers"); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.contentblocking.report.fingerprinter.url", "https://support.mozilla.org/kb/trackers-and-scripts-firefox-blocks-enhanced-track#w_fingerprinters"); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.contentblocking.report.lockwise.how_it_works.url", "https://support.mozilla.org/kb/password-manager-remember-delete-edit-logins"); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.contentblocking.report.monitor.sign_in_url", "https://monitor.firefox.com/oauth/init"); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.contentblocking.report.monitor.url", "https://monitor.firefox.com/"); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.contentblocking.report.social.url", "https://support.mozilla.org/kb/trackers-and-scripts-firefox-blocks-enhanced-track#w_social-media-trackers"); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.contentblocking.report.tracker.url", "https://support.mozilla.org/kb/trackers-and-scripts-firefox-blocks-enhanced-track#w_tracking-content"); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.dictionaries.download.url", "https://addons.mozilla.org/language-tools/"); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.lna.warning.infoURL", "https://support.mozilla.org/kb/control-personal-device-local-network-permissions-firefox"); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.newtabpage.activity-stream.support.url", "https://support.mozilla.org/kb/new-tab"); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.xr.warning.infoURL", "https://support.mozilla.org/kb/webxr-permission-info-page"); // [NO-ANDROID] [NO-MAIL]
defaultPref("extensions.abuseReport.amoFormURL", "https://addons.mozilla.org/feedback/addon/%addonID%/");
defaultPref("extensions.blocklist.addonItemURL", "https://addons.mozilla.org/blocked-addon/%addonID%/%addonVersion%/");
defaultPref("extensions.getAddons.link.url", "https://addons.mozilla.org/"); // [NO-ANDROID] [NO-MAIL]
defaultPref("extensions.getAddons.search.browseURL", "https://addons.mozilla.org/search?q=%TERMS%"); // [NO-ANDROID] [NO-MAIL]
defaultPref("extensions.update.background.url", "https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID%&version=%ITEM_VERSION%&status=%ITEM_STATUS%&appID=%APP_ID%&appVersion=%APP_VERSION%&currentAppVersion=%CURRENT_APP_VERSION%&updateType=%UPDATE_TYPE%"); // [NO-MAIL] Removes maximum app/browser version (maxAppVersion), operating system (appOS), ABI (appABI), locale (locale), and compatibility mode (compatMode)
defaultPref("extensions.update.url", "https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID%&version=%ITEM_VERSION%&status=%ITEM_STATUS%&appID=%APP_ID%&appVersion=%APP_VERSION%&currentAppVersion=%CURRENT_APP_VERSION%&updateType=%UPDATE_TYPE%"); // [NO-MAIL] Removes maximum app/browser version (maxAppVersion), operating system (appOS), ABI (appABI), locale (locale), and compatibility mode (compatMode)
defaultPref("pdfjs.altTextLearnMoreUrl", "https://support.mozilla.org/kb/pdf-alt-text");
defaultPref("pdfjs.commentLearnMoreUrl", "https://support.mozilla.org/kb/view-pdf-files-firefox-or-choose-another-viewer#w_add-a-comment-to-a-pdf");
defaultPref("signon.firefoxRelay.learn_more_url", "https://support.mozilla.org/kb/relay-integration#w_frequently-asked-questions");
defaultPref("signon.firefoxRelay.manage_url", "https://relay.firefox.com/accounts/profile/");
defaultPref("signon.firefoxRelay.privacy_policy_url", "https://www.mozilla.org/privacy/subscription-services/");
defaultPref("signon.firefoxRelay.terms_of_service_url", "https://www.mozilla.org/about/legal/terms/subscription-services/");

/// Skip Mozilla's `Privacy Notice` and `Terms of Use`
// https://github.com/mozilla/policy-templates/pull/1212
// https://searchfox.org/firefox-main/rev/82e2435f/browser/components/enterprisepolicies/Policies.sys.mjs#2806
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/telemetry/docs/internals/preferences.rst#208
lockPref("datareporting.policy.dataSubmissionPolicyAcceptedVersion", 999);
lockPref("datareporting.policy.dataSubmissionPolicyNotifiedTime", "32503679999000");
lockPref("termsofuse.acceptedDate", "32503679999000"); // [HIDDEN - Android/Thunderbird]
lockPref("termsofuse.acceptedVersion", 999); // [HIDDEN - Android/Thunderbird]
lockPref("termsofuse.bypassNotification", true); // [HIDDEN - Android/Thunderbird] [DEFAULT - builds without MOZILLA_OFFICIAL]

defaultPref("browser.phoenix.status", "002");

/*** 003 TRACKING PROTECTION ***/

/// Allow users to add URLs to ETP via the `about:config`
// Typically hidden, but can be useful useful, so we can expose this via the `about:config` to make it easier for users to find/add entries
// https://developer.mozilla.org/docs/Web/Privacy/Guides/Storage_Access_Policy#adding_custom_domains_to_the_tracking_protection_list
defaultPref("urlclassifier.trackingAnnotationTable.testEntries", ""); // [HIDDEN] [DEFAULT]

/// Allow users to exclude URLs from ETP via the `about:config`
// These are typically hidden, but very useful (especially for testing/working around breakage), so we can expose these via the `about:config` to make it easier for users to find/add exclusions
defaultPref("privacy.rejectForeign.allowList", ""); // [DEFAULT]
defaultPref("urlclassifier.features.consentmanager.annotate.skipURLs", ""); // [HIDDEN] [DEFAULT]
defaultPref("urlclassifier.features.cryptomining.skipURLs", ""); // [HIDDEN] [DEFAULT]
defaultPref("urlclassifier.features.emailtracking.skipURLs", ""); // [HIDDEN] [DEFAULT]
defaultPref("urlclassifier.features.fingerprinting.skipURLs", ""); // [HIDDEN] [DEFAULT]
defaultPref("urlclassifier.features.socialtracking.skipURLs", ""); // [HIDDEN] [DEFAULT]
defaultPref("urlclassifier.trackingSkipURLs", ""); // [HIDDEN] [DEFAULT]

/// Disable exceptions for minor issues by default
defaultPref("privacy.trackingprotection.allow_list.convenience.enabled", false);

/// Enable ETP Strict
// https://support.mozilla.org/kb/enhanced-tracking-protection-firefox-desktop#w_strict-enhanced-tracking-protection
lockPref("browser.contentblocking.category", "strict"); // [HIDDEN]

/// Manually enable ETP/Strict protections...
// These are typically configured by ETP Strict - but unfortunately Firefox doesn't set ETP Strict on the browser's first run :/
// So we need to also manually configure them. We still also use ETP Strict (not 'Custom') due to our enforcement of it, so we should be covered by Mozilla changes/updates for protections.
// Manually specifying these is also useful for cases like Android: where all protections aren't enabled with ETP Strict, and on Thunderbird: where ETP Strict doesn't exist at all...
// We're also configuring the 'CookieBehavior' and 'EnableTrackingProtection' policies on desktop.

//// Block harmful add-on URLs
defaultPref("privacy.trackingprotection.harmfuladdon.enabled", true); // [DEFAULT - Desktop Firefox] https://searchfox.org/firefox-main/rev/93aad2a6615f670b1279c229dd37f7397236131a/browser/app/profile/firefox.js#2434

//// Block known consent managers (CMPs)
defaultPref("privacy.trackingprotection.consentmanager.annotate_channels", true); // [DEFAULT]
defaultPref("privacy.trackingprotection.consentmanager.skip.enabled", false); // [DEFAULT]
defaultPref("privacy.trackingprotection.consentmanager.skip.pbmode.enabled", false);

//// Block known cryptominers
defaultPref("privacy.trackingprotection.cryptomining.enabled", true); // [DEFAULT - non-Thunderbird]

//// Block known email trackers
defaultPref("privacy.trackingprotection.emailtracking.enabled", true);
defaultPref("privacy.trackingprotection.emailtracking.pbmode.enabled", true); // [DEFAULT]

//// Block known fingerprinters
// Including ones classified as "anti-fraud": https://bugzilla.mozilla.org/show_bug.cgi?id=1962092
defaultPref("privacy.trackingprotection.antifraud.annotate_channels", true); // [DEFAULT] [NIGHTLY]
defaultPref("privacy.trackingprotection.antifraud.skip.enabled", false); // [DEFAULT] [NIGHTLY]
defaultPref("privacy.trackingprotection.antifraud.skip.pbmode.enabled", false); // [NIGHTLY]
defaultPref("privacy.trackingprotection.fingerprinting.enabled", true); // [DEFAULT - non-Thunderbird]

//// Block known social trackers
defaultPref("privacy.trackingprotection.socialtracking.enabled", true);

//// Block known trackers
defaultPref("privacy.trackingprotection.annotate_channels", true); // [DEFAULT]
defaultPref("privacy.trackingprotection.enabled", true);
defaultPref("privacy.trackingprotection.pbmode.enabled", true); // [DEFAULT - non-Android]

//// Block known trackers using the `strict` (Level 2) list
/// https://searchfox.org/firefox-main/rev/dc1c78e9/modules/libpref/init/StaticPrefList.yaml#16075
/// https://searchfox.org/firefox-main/rev/dc1c78e9/toolkit/components/nimbus/FeatureManifest.yaml#3609
defaultPref("privacy.annotate_channels.strict_list.enabled", true); // [DEFAULT - Android]
defaultPref("privacy.annotate_channels.strict_list.pbmode.enabled", true); // [DEFAULT]

//// Block known tracking cookies
defaultPref("network.cookie.cookieBehavior.trackerCookieBlocking", true); // [HIDDEN - Android/Thunderbird] [DEFAULT - Desktop]
defaultPref("privacy.socialtracking.block_cookies.enabled", true); // [DEFAULT]

//// Enable Bounce Tracking Protection
/// https://support.mozilla.org/kb/enhanced-tracking-protection-firefox-desktop#w_bounce-tracking-protection
/// https://searchfox.org/firefox-main/rev/dc1c78e9/toolkit/components/antitracking/bouncetrackingprotection/nsIBounceTrackingProtection.idl#10
defaultPref("privacy.bounceTrackingProtection.mode", 1); // [DEFAULT - Nightly]
defaultPref("privacy.bounceTrackingProtection.requireStatefulBounces", false); // [DEFAULT - Nightly] Protect against all bounce trackers, instead of just those who access cookies/storage https://searchfox.org/firefox-main/rev/dc1c78e9/toolkit/components/nimbus/FeatureManifest.yaml#4930

//// Enable Query Parameter Stripping
/// https://firefox-source-docs.mozilla.org/toolkit/components/antitracking/anti-tracking/query-stripping/index.html
defaultPref("privacy.query_stripping.enabled", true);
defaultPref("privacy.query_stripping.enabled.pbmode", true);
defaultPref("privacy.query_stripping.redirect", true); // [DEFAULT]

//// Enable SmartBlock and Web Compatibility interventions by default
defaultPref("extensions.pictureinpicture.enable_picture_in_picture_overrides", true); // [NO-ANDROID] [NO-MAIL] [HIDDEN] [DEFAULT] https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/pictureinpicture/lib/picture_in_picture_overrides.js#19 https://searchfox.org/firefox-main/source/browser/extensions/pictureinpicture/data/picture_in_picture_overrides.js Controls PiP overrides
defaultPref("extensions.webcompat.enable_interventions", true); // [HIDDEN] [DEFAULT - non-Thunderbird]
defaultPref("extensions.webcompat.enable_shims", true); // [HIDDEN] [DEFAULT - non-Thunderbird]
defaultPref("extensions.webcompat.perform_injections", true); // [HIDDEN] [DEFAULT - non-Thunderbird]
defaultPref("extensions.webcompat.perform_ua_overrides", true); // [HIDDEN] [DEFAULT - non-Thunderbird]
defaultPref("extensions.webcompat.smartblockEmbeds.enabled", true); // [HIDDEN - Android/Thunderbird] [DEFAULT - Desktop] - Enables Embeds/Placeholders to make certain resources click to load

//// Enable State Partitioning
defaultPref("network.fetch.cache_partition_cross_origin", true); // [DEFAULT] Cross origin fetch/XHR requests
defaultPref("privacy.partition.always_partition_third_party_non_cookie_storage", true); // [DEFAULT]
defaultPref("privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage", false); // [DEFAULT]
defaultPref("privacy.partition.bloburl_per_partition_key", true); // [DEFAULT]
defaultPref("privacy.partition.network_state", true); // [DEFAULT]
defaultPref("privacy.partition.network_state.ocsp_cache", true); // [DEFAULT]
defaultPref("privacy.partition.network_state.ocsp_cache.pbmode", true); // [DEFAULT]
defaultPref("privacy.partition.serviceWorkers", true); // [DEFAULT]

//// Enable Suspected Fingerprinters Protection (FPP)
/// https://support.mozilla.org/kb/firefox-protection-against-fingerprinting#w_suspected-fingerprinters
defaultPref("privacy.fingerprintingProtection", true);
defaultPref("privacy.fingerprintingProtection.pbmode", true); // [DEFAULT]
defaultPref("privacy.reduceTimerPrecision", true); // [DEFAULT]

//// Enable TCP/dFPI
/// https://support.mozilla.org/kb/introducing-total-cookie-protection-standard-mode
/// https://searchfox.org/firefox-main/rev/dc1c78e9/toolkit/components/nimbus/FeatureManifest.yaml#3633
defaultPref("network.cookie.cookieBehavior", 5); // [DEFAULT - non-Thunderbird]
defaultPref("network.cookie.cookieBehavior.optInPartitioning", true);
defaultPref("network.cookie.cookieBehavior.optInPartitioning.pbmode", true);
defaultPref("network.cookie.cookieBehavior.pbmode", 5); // [DEFAULT - non-Thunderbird]

//// Ignore less restricted referer policies (than the default)
/// https://searchfox.org/firefox-main/rev/dc1c78e9/modules/libpref/init/StaticPrefList.yaml#13615
defaultPref("network.http.referer.disallowCrossSiteRelaxingDefault", true); // [DEFAULT] - for cross-site requests
defaultPref("network.http.referer.disallowCrossSiteRelaxingDefault.pbmode", true); // [DEFAULT] - for cross-site requests in Private Browsing
defaultPref("network.http.referer.disallowCrossSiteRelaxingDefault.pbmode.top_navigation", true); // [DEFAULT] - for top navigations in Private Browsing
defaultPref("network.http.referer.disallowCrossSiteRelaxingDefault.top_navigation", true); // for top navigations

/// Enable exceptions required to avoid major breakage by default
defaultPref("privacy.trackingprotection.allow_list.baseline.enabled", true); // [DEFAULT]
lockPref("privacy.trackingprotection.allow_list.hasMigratedCategoryPrefs", true); // Skip migration, so that `privacy.trackingprotection.allow_list.baseline.enabled` isn't overriden to `false` https://searchfox.org/firefox-main/rev/dc1c78e9/netwerk/url-classifier/UrlClassifierExceptionListService.sys.mjs#254

/// Lower the network priority of known trackers (if not blocked for whatever reason...)
defaultPref("privacy.trackingprotection.lower_network_priority", true);

defaultPref("browser.phoenix.status", "003");

/*** 004 FINGERPRINTING PROTECTION ***/

/// Add notes to help prevent users from making themselves unnecessarily fingerprintable
// We need to keep Android notes under ~50 characters to prevent them from being cut off/un-readable; isn't an issue on Desktop
defaultPref("dom.webmidi.enabled.0.NOTE", "Changing this value is unnecessary...");
defaultPref("dom.webmidi.enabled.1.NOTE", "and WILL aid fingerprinting.");
defaultPref("dom.webmidi.enabled.2.NOTE", "Set 'dom.sitepermsaddon-provider.enabled' to 'false'...");
defaultPref("dom.webmidi.enabled.3.NOTE", "and 'dom.webmidi.gated' to 'true' instead.");
defaultPref("geo.enabled.0.NOTE", "Changing this value is unnecessary...");
defaultPref("geo.enabled.1.NOTE", "and WILL aid fingerprinting.");
defaultPref("geo.enabled.2.NOTE", "To block Geolocation, set 'permissions.default.geo' to '2' instead."); // [NO-ANDROID] [NO-MAIL]
defaultPref("pdfjs.disabled.0.NOTE", "Changing this value is unnecessary, and it WILL aid fingerprinting. To disable PDF.js, set 'browser.helperApps.showOpenOptionForPdfJS' to 'false' instead."); // [NO-ANDROID]

/// Always load fonts bundled with Firefox
// The default is -1 - which loads bundled fonts, EXCEPT on "low-memory" devices
// Hence, this could add extra entropy/add an extra fingerprinting vector for users on "low-memory" devices
// In general, this will ensure all users have the same standard behavior here
// https://bugzilla.mozilla.org/show_bug.cgi?id=1686274
// https://searchfox.org/firefox-main/rev/82e2435f/gfx/thebes/gfxFT2FontList.cpp#1625
defaultPref("gfx.bundled-fonts.activate", 1);

/// Disable the ability to switch locales without requiring a restart [NO-ANDROID]
// Currently appears to be buggy and inconsistent - and thus could be potentially fingerprintable, so I think it's best to leave off to be safe [NO-ANDROID]
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42349#note_3057563 [NO-ANDROID]
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42771#note_3057587 [NO-ANDROID]
defaultPref("intl.multilingual.liveReload", false); // [NO-ANDROID] [DEFAULT - non-Firefox release/beta]
defaultPref("intl.multilingual.liveReloadBidirectional", false); // [NO-ANDROID] [DEFAULT]

/// Disable failIfMajorPerformanceCaveat in WebGL contexts
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/18603
defaultPref("webgl.disable-fail-if-major-performance-caveat", true); // [DEFAULT]

/// Disable VP9 Benchmark
// This means that VP9 will always be enabled regardless of performance benchmarks (unless on a plaform where this isn't supported)
// This likely also results in a performance improvement, so that's nice
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/22548
defaultPref("media.benchmark.vp9.threshold", 0);

/// Do not use the theme's toolbar color scheme for in-content pages by default
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/modules/LightweightThemeConsumer.sys.mjs#17
defaultPref("browser.theme.unified-color-scheme", false); // [HIDDEN - non-Thunderbird] [DEFAULT - non-Thunderbird]

/// Enable fdlibm for Math.sin, Math.cos, and Math.tan
// https://searchfox.org/firefox-main/rev/82e2435f/modules/libpref/init/StaticPrefList.yaml#9422
// https://groups.google.com/a/mozilla.org/g/dev-platform/c/0dxAO-JsoXI/m/eEhjM9VsAgAJ
defaultPref("javascript.options.use_fdlibm_for_sin_cos_tan", true); // [DEFAULT - non-Windows]

/// Enable light mode by default
// Matches with RFP & prevents exposing system theme
defaultPref("layout.css.prefers-color-scheme.content-override", 1);

/// Ensure user agent is always set to Firefox [NO-MAIL]
// NOTE: This appears to be broken on Thunderbird; it causes both Thunderbird AND Firefox to be reported in the user agent... [NO-MAIL]
// Primarily useful for ex. users of forks, and serves as defense in depth regardless [NO-MAIL]
// Prevents fingerprinting and ensures we avoid compatibility issues [NO-MAIL]
// https://searchfox.org/firefox-main/rev/83d1a08d/netwerk/protocol/http/nsHttpHandler.cpp#1059 [NO-MAIL]
defaultPref("general.useragent.compatMode.firefox", true); // [NO-MAIL]


/// Expose dynamic rounding of content dimensions (`privacy.resistFingerprinting.letterboxing`) in the `about:config`, but do not enable by default (except for Android: see note below) [NO-MAIL]
// https://bugzilla.mozilla.org/show_bug.cgi?id=1407366 [NO-MAIL]
defaultPref("privacy.resistFingerprinting.letterboxing", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN] [DEFAULT]

/// Harden FPP (which we enable at `003` above) to match RFP with a few exceptions...
// This also improves security - Attack Surface Reduction, reduced timer precision
// List of targets: https://searchfox.org/firefox-main/source/toolkit/components/resistfingerprinting/RFPTargets.inc
// Easily build your own (global) override list: https://raw.githack.com/rindeal/Firefox-FPP-Override-List-Editor/master/FirefoxFPPOverrideListEditor.html
// (We're setting -EfficientCanvasRandomization for now to work-around an upstream bug that prevents randomization from applying everywhere as expected: https://bugzilla.mozilla.org/show_bug.cgi?id=2013976)
defaultPref("privacy.fingerprintingProtection.overrides", "+AllTargets,-CanvasExtractionBeforeUserInputIsBlocked,-CSSPrefersColorScheme,-EfficientCanvasRandomization,-FrameRate,-JSDateTimeUTC"); // [NO-ANDROID] [NO-MAIL]

/// If FPP/RFP is disabled, limit font visibility to base system fonts + fonts from optional language packs
// We could set this to 1 to only allow base system fonts - but this is already covered by FPP/RFP. So if one disables RFP/FPP or adds an override, I think it's reasonable to allow fonts from language packs - as that may be the reason they've disabled it. I see no reason to ever expose user-installed fonts though.
// https://searchfox.org/firefox-main/rev/82e2435f/modules/libpref/init/StaticPrefList.yaml#10128
defaultPref("layout.css.font-visibility", 2);


/// Prevent enumeration of media devices
// Exceptions can be set via the `media.devices.enumerate.legacy.allowlist` pref
// https://bugzilla.mozilla.org/show_bug.cgi?id=1528042
defaultPref("media.devices.enumerate.legacy.enabled", false); // [DEFAULT]

/// Prevent exposing WebGL Renderer Info
// This is equivalent to the RFP/FPP 'WebGLRenderInfo' target
// Useful to ensure users are protected if they disable FPP for whatever reason, or if they just disable ETP/Strict for a specific site/add an exception
// https://searchfox.org/firefox-main/source/dom/canvas/SanitizeRenderer.cpp
defaultPref("webgl.enable-renderer-query", false); // Spoofs "Vendor" and "Renderer" to "Mozilla" (Like the `WebGLRenderInfo` target does)
defaultPref("webgl.override-unmasked-renderer", "Mozilla"); // Spoofs "Unmasked Renderer" Debug info to "Mozilla" (like FPP/RFP does for the WebGL renderer query)
defaultPref("webgl.override-unmasked-vendor", "Mozilla"); // Spoofs "Unmasked Vendor" Debug info to "Mozilla" (like FPP/RFP does for the WebGL renderer query)
defaultPref("webgl.sanitize-unmasked-renderer", false); // Prevents the "Unmasked Renderer" under Debug Info from being set to "Generic Renderer"; we instead set it to "Mozilla" to always match FPP/RFP

/// Prevent pre-allocating content processes
// These can cause certain values/settings to persist, even after a user changes them - which could result in leakage/fingerprinting concerns
// https://firefox-source-docs.mozilla.org/dom/ipc/process_model.html#preallocated-content
defaultPref("dom.ipc.processPrelaunch.enabled", false);
defaultPref("dom.ipc.processPrelaunch.fission.number", 0);

/// Prevent using system accent colors
defaultPref("widget.non-native-theme.use-theme-accent", false); // [DEFAULT - non-Thunderbird Windows]

/// Prevent using system colors
// The `ui.use_standins_for_native_colors` pref does the same thing as the 'UseStandinsForNativeColors' RFP/FPP target (so it shouldn't interfere with FPP/RFP)
// But I also want to set this here to ensure users are protected if they disable FPP for whatever reason, or if they disable ETP/Strict for a specific site/add an exception
// https://searchfox.org/firefox-main/rev/82e2435f/layout/style/PreferenceSheet.cpp#69
defaultPref("browser.display.document_color_use", 1); // [DEFAULT - non-Windows] Contrast Control, supersedes `browser.display.use_system_colors` https://github.com/arkenfox/user.js/issues/1965
defaultPref("browser.display.use_system_colors", false); // [DEFAULT - non-Windows]
defaultPref("ui.use_standins_for_native_colors", true);

/// Prompt to spoof locale to en-US
defaultPref("privacy.spoof_english", 0); // [DEFAULT]

/// Provide example templates to make it easier for users to set custom FPP overrides if needed
defaultPref("privacy.fingerprintingProtection.granularOverrides.0.example", '[{"firstPartyDomain":"example1.invalid","overrides":"+ProtectionIWantToEnableOnThisWebsite,-ProtectionIWantToDisableOnThisWebsite"},{"firstPartyDomain":"*","thirdPartyDomain":"example2.invalid","overrides":"+ThirdPartyDomainsAreSupportedToo"}]');
defaultPref("privacy.fingerprintingProtection.overrides.0.example", "+ProtectionIWantToEnableGlobally,-ProtectionIWantToDisableGlobally");

/// Reset the fingerprinting randomization key daily (in addition to per-session/when the browser restarts)
// https://bugzilla.mozilla.org/show_bug.cgi?id=1816064
defaultPref("privacy.resistFingerprinting.randomization.daily_reset.enabled", true);
defaultPref("privacy.resistFingerprinting.randomization.daily_reset.private.enabled", true);

/// Round window sizes
// Also ensure we always skip earlyBlankFirstPaint to ensure windows are properly sized: https://bugzilla.mozilla.org/show_bug.cgi?id=1448423
defaultPref("browser.startup.blankWindow", false); // [DEFAULT - non-Windows, non-Linux Nightly]
defaultPref("privacy.resistFingerprinting.skipEarlyBlankFirstPaint", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
defaultPref("privacy.window.maxInnerHeight", 900); // [DEFAULT - non-Android/Thunderbird]
defaultPref("privacy.window.maxInnerWidth", 1600);

/// Set a fixed temporary storage limit
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41065
// https://bugzilla.mozilla.org/show_bug.cgi?id=1781277
defaultPref("dom.quotaManager.temporaryStorage.fixedLimit", 52428800); // Ex. matches what Tor Browser uses & what Firefox uses by default in most cases

/// Set FPP granular overrides (if the related target is enabled...)
// See here for details: https://codeberg.org/celenity/Phoenix/wiki/FPP-Overrides
defaultPref("privacy.fingerprintingProtection.granularOverrides", '[{"firstPartyDomain":"google.ad","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.ae","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.al","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.am","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.as","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.at","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.az","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.ba","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.be","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.bf","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.bg","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.bi","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.bj","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.bs","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.bt","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.by","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.ca","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.cat","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.cd","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.cf","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.cg","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.ch","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.ci","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.cl","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.cm","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.cn","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.co.ao","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.co.bw","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.co.ck","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.co.cr","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.co.id","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.co.il","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.co.in","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.co.jp","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.co.ke","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.co.kr","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.co.ls","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.co.ma","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.co.mz","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.co.nz","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.co.th","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.co.tz","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.co.ug","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.co.uk","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.co.uz","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.co.ve","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.co.vi","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.co.za","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.co.zm","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.co.zw","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com.af","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com.ag","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com.ar","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com.au","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com.bd","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com.bh","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com.bn","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com.bo","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com.br","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com.bz","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com.co","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com.cu","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com.cy","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com.do","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com.ec","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com.eg","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com.et","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com.fj","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com.gh","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com.gi","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com.gt","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com.hk","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com.jm","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com.kh","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com.kw","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com.lb","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com.ly","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com.mm","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com.mt","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com.mx","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com.my","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com.na","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com.ng","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com.ni","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com.np","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com.om","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com.pa","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com.pe","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com.pg","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com.ph","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com.pk","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com.pr","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com.py","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com.qa","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com.sa","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com.sb","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com.sg","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com.sl","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com.sv","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com.tj","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com.tr","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com.tw","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com.ua","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com.uy","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com.vc","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.com.vn","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.cv","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.cz","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.de","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.dj","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.dk","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.dm","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.dz","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.ee","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.es","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.fi","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.fm","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.fr","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.ga","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.ge","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.gg","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.gl","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.gm","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.gr","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.gy","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.hn","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.hr","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.ht","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.hu","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.ie","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.im","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.iq","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.is","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.it","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.je","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.jo","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.kg","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.ki","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.kz","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.la","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.li","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.lk","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.lt","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.lu","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.lv","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.md","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.me","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.mg","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.mk","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.ml","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.mn","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.mu","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.mv","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.mw","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.ne","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.nl","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.no","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.nr","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.nu","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.pl","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.pn","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.ps","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.pt","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.ro","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.rs","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.ru","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.rw","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.sc","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.se","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.sh","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.si","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.sk","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.sn","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.so","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.sm","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.sr","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.st","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.td","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.tg","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.tl","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.tm","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.tn","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.to","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.tt","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.vu","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"google.ws","overrides":"+CanvasRandomization,-JSDateTimeUTC"},{"firstPartyDomain":"aa.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"abeto.co","overrides":"-WebGLRenderCapability"},{"firstPartyDomain":"amazon.ae","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"amazon.ca","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"amazon.cn","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"amazon.co.jp","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"amazon.co.uk","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"amazon.co.za","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"amazon.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"amazon.com.au","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"amazon.com.be","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"amazon.com.br","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"amazon.com.mx","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"amazon.com.tr","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"amazon.de","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"amazon.eg","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"amazon.es","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"amazon.fr","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"amazon.ie","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"amazon.in","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"amazon.it","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"amazon.nl","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"amazon.pl","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"amazon.sa","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"amazon.se","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"amazon.sg","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"animepahe.ru","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"annas-archive.org","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"apple.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"apple.com.cn","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"apple.news","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC"},{"firstPartyDomain":"arcticfoxes.net","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"aria.im","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"bahn.expert","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"barnesandnoble.com","overrides":"-ScreenRect"},{"firstPartyDomain":"bitcoinist.org","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"calendly.com","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"cengage.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"chatwave.org","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"chipotle.com","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"cinny.in","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"citybbq.com","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"cloudflare.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+JSDateTimeUTC"},{"firstPartyDomain":"cryptpad.fr","thirdPartyDomain":"cryptpad.info","overrides":"-CanvasExtractionFromThirdPartiesIsBlocked"},{"firstPartyDomain":"cvs.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"discord.com","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"discord.gg","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC"},{"firstPartyDomain":"doordash.com","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"dropbox.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"duesen.chat","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"element.io","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"enza.fun","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"epicgames.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"favicon.io","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"figma.com","overrides":"-WebGLRenderCapability"},{"firstPartyDomain":"flieger.chat","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"g24.at","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"goo.gl","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC,+JSLocale"},{"firstPartyDomain":"gemeinsam.jetzt","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"gnulinux.club","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"hot-chilli.im","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"hoyoverse.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"imdb.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"kosmikdog.eu","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"klippy.pro","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"kroger.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"medium.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"mega.nz","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"mtrx.nz","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"neat.chat","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"nitro.chat","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"nope.chat","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"oblak.be","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"pcriot.org","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"pendora.io","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"pogo.com","thirdPartyDomain":"pogospike.com","overrides":"-CanvasExtractionFromThirdPartiesIsBlocked"},{"firstPartyDomain":"porkbun.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"proton.me","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"reddit.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"redditmedia.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"rezka-ua.in","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"riverside.fm","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"rollenspiel.chat","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"salespanel.io","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"socialnetwork24.com","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"southwest.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"stacksocial.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"starlink.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"studichat.de","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"svgrepo.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"synod.im","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"t.co","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC,+JSLocale"},{"firstPartyDomain":"temoos.app","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"the-apothecary.club","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"tiktok.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"tileman.io","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+JSDateTimeUTC"},{"firstPartyDomain":"unredacted.org","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"usnews.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"usps.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"utwente.io","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"vhlcentral.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"vsynctester.com","overrides":"-ReduceTimerPrecision"},{"firstPartyDomain":"we2.ee","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"yahoo.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"yatrix.org","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"youtu.be","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC,+JSLocale"},{"firstPartyDomain":"youtube-nocookie.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"zennioptical.com","thirdPartyDomain":"fittingbox.com","overrides":"-CanvasExtractionFromThirdPartiesIsBlocked"},{"firstPartyDomain":"zoho.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"zoho.com.au","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"zoho.eu","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"zoho.in","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"zoho.jp","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"zoho.sa","overrides":"+CanvasExtractionBeforeUserInputIsBlocked"},{"firstPartyDomain":"*","thirdPartyDomain":"apple.com","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"apple.news","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"bsky.app","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"cdn-apple.com","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"cdninstagram.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"cloudflare.com","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"discord.gg","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC,+JSLocale"},{"firstPartyDomain":"*","thirdPartyDomain":"favicon.io","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"goo.gl","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC,+JSLocale"},{"firstPartyDomain":"*","thirdPartyDomain":"googlevideo.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC,+JSLocale"},{"firstPartyDomain":"*","thirdPartyDomain":"gravatar.com","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC,+JSLocale"},{"firstPartyDomain":"*","thirdPartyDomain":"instagram.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"licdn.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"linkedin.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"loginwithamazon.com","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"megacloud.blog","overrides":"-CanvasExtractionFromThirdPartiesIsBlocked"},{"firstPartyDomain":"*","thirdPartyDomain":"megacloud.store","overrides":"-CanvasExtractionFromThirdPartiesIsBlocked"},{"firstPartyDomain":"*","thirdPartyDomain":"moviezapiya.fun","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"pinimg.com","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"pinterest.com","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"pornhub.com","overrides":"-CanvasExtractionFromThirdPartiesIsBlocked"},{"firstPartyDomain":"*","thirdPartyDomain":"recaptcha.net","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"recaptcha.net.cn","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"recaptcha-cn.net","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"redd.it","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"reddit.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"redditmedia.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"redditstatic.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"t.co","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC,+JSLocale"},{"firstPartyDomain":"*","thirdPartyDomain":"tiktok.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"tileman.io","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"twitter.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"twimg.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC,+JSLocale"},{"firstPartyDomain":"*","thirdPartyDomain":"vimeo.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"vimeocdn.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"x.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"youtu.be","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC,+JSLocale"},{"firstPartyDomain":"*","thirdPartyDomain":"youtube.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"youtube-nocookie.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"}]'); // [NO-ANDROID] [NO-MAIL]

/// Set target video resolution to 1080p
defaultPref("privacy.resistFingerprinting.target_video_res", 1080); // [DEFAULT]

/// Set zoom levels on a per-site basis
// Changing the zoom level globally can be fingerprintable
// Note: We also set the "SiteSpecificZoom" FPP/RFP target
defaultPref("browser.zoom.siteSpecific", true); // [DEFAULT - non-Android]

/// So people don't freak out when they see RFP isn't enabled...
// We need to keep Android notes under ~50 characters to prevent them from being cut off/un-readable; isn't an issue on Desktop
defaultPref("privacy.resistFingerprinting.0.NOTE", "RFP is disabled on purpose.");
defaultPref("privacy.resistFingerprinting.1.NOTE", "We use a hardened configuration of FPP instead.");
defaultPref("privacy.resistFingerprinting.2.NOTE", "Using RFP is not recommended or supported.");

defaultPref("browser.phoenix.status", "004");

/*** 005 DISK AVOIDANCE ***/

/// Allow permission manager to write to disk
// This is already Firefox's default - but it's hidden, so this exposes it via the `about:config`
// https://searchfox.org/firefox-main/rev/82e2435f/extensions/permissions/PermissionManager.cpp#765
defaultPref("permissions.memory_only", false); // [HIDDEN] [DEFAULT]

/// Allow users to automatically delete files downloaded in Private Browsing
// (browser.download.deletePrivate controls the functionality itself)
// https://bugzilla.mozilla.org/show_bug.cgi?id=1790641
defaultPref("browser.download.enableDeletePrivate", true); // [DEFAULT] https://bugzilla.mozilla.org/show_bug.cgi?id=1981504

/// Check the boxes for clearing browsing data when navigating to `about:preferences#privacy` -> `Cookies and Site Data` -> `Manage Data...` by default [NO-ANDROID]
defaultPref("privacy.clearHistory.browsingHistoryAndDownloads", true); // [NO-ANDROID] [HIDDEN - Thunderbird] [DEFAULT]
defaultPref("privacy.clearHistory.cache", true); // [NO-ANDROID] [HIDDEN - Thunderbird] [DEFAULT]
defaultPref("privacy.clearHistory.formdata", true); // [NO-ANDROID] [HIDDEN - Thunderbird]
defaultPref("privacy.clearSiteData.browsingHistoryAndDownloads", true); // [NO-ANDROID] [HIDDEN - Thunderbird]
defaultPref("privacy.clearSiteData.cache", true); // [NO-ANDROID] [HIDDEN - Thunderbird] [DEFAULT]
defaultPref("privacy.clearSiteData.formdata", true); // [NO-ANDROID] [HIDDEN - Thunderbird]
defaultPref("privacy.clearSiteData.historyFormDataAndDownloads", true); // [NO-ANDROID] [HIDDEN - Thunderbird]
defaultPref("privacy.cpd.cache", true); // [NO-ANDROID] [DEFAULT]
defaultPref("privacy.cpd.downloads", true); // [NO-ANDROID] [HIDDEN - Thunderbird] [DEFAULT]
defaultPref("privacy.cpd.formdata", true); // [NO-ANDROID] [HIDDEN - Thunderbird] [DEFAULT]
defaultPref("privacy.cpd.history", true); // [NO-ANDROID] [DEFAULT]
defaultPref("privacy.cpd.sessions", true); // [NO-ANDROID] [HIDDEN - Thunderbird] [DEFAULT]

//// Except for cookies... (as this ignores `Allow` exceptions) [NO-ANDROID]
defaultPref("privacy.clearHistory.cookiesAndStorage", false); // [NO-ANDROID]
defaultPref("privacy.clearSiteData.cookiesAndStorage", false); // [NO-ANDROID]
defaultPref("privacy.cpd.cookies", false); // [NO-ANDROID]
defaultPref("privacy.cpd.offlineApps", false); // [NO-ANDROID] [HIDDEN - Thunderbird] [DEFAULT]

//// and passwords... [NO-ANDROID]
defaultPref("privacy.cpd.passwords", false); // [NO-ANDROID] [HIDDEN - Thunderbird] [DEFAULT]

/// Clear browsing history, download history, and sessions on exit by default [NO-ANDROID]
defaultPref("privacy.clearOnShutdown.downloads", true); // [NO-ANDROID] [HIDDEN - Thunderbird]
defaultPref("privacy.clearOnShutdown.history", true); // [NO-ANDROID] [HIDDEN - Thunderbird]
defaultPref("privacy.clearOnShutdown.sessions", true); // [NO-ANDROID] [HIDDEN - Thunderbird]
defaultPref("privacy.clearOnShutdown_v2.browsingHistoryAndDownloads", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
defaultPref("privacy.clearOnShutdown_v2.downloads", true); // [NO-ANDROID] [NO-MAIL] [HIDDEN]
defaultPref("privacy.clearOnShutdown_v2.formdata", true); // [NO-ANDROID] [NO-MAIL]

/// Clear cache on exit by default
// We also disable disk cache entirely below...
defaultPref("privacy.clearOnShutdown.cache", true);
defaultPref("privacy.clearOnShutdown_v2.cache", true); // [DEFAULT - Desktop Firefox]
defaultPref("privacy.sanitize.sanitizeOnShutdown", true);

/// Decrease the number of tabs saved in Session Store [NO-MAIL]
// Also improves performance [NO-MAIL]
// (Default = 10 for Android, 25 elsewhere) [NO-MAIL]
defaultPref("browser.sessionstore.max_tabs_undo", 7); // [NO-MAIL]

/// Disable back/forward cache (bfcache)
// This helps ensure that sensitive data/user state is discarded as soon as possible
// https://web.dev/articles/bfcache
// https://github.com/uazo/cromite/blob/master/docs/FEATURES.md
// https://github.com/uazo/cromite/issues/1649
// https://kb.mozillazine.org/Browser.sessionhistory.max_total_viewers#Possible_values_and_their_effects
defaultPref("browser.sessionhistory.max_total_viewers", 0); // (Default = -1 (Automatic) - which is 8 unless you're using a device with under 1GB of RAM)
defaultPref("fission.bfcacheInParent", false);

/// Disable collection/generation of background thumbnails
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/thumbnails/PageThumbs.sys.mjs#631
defaultPref("browser.pagethumbnails.capturing_disabled", true); // [HIDDEN]

/// Disable collection/generation of wireframes
// https://searchfox.org/firefox-main/source/browser/components/sessionstore/PageWireframes.sys.mjs
defaultPref("browser.history.collectWireframes", false); // [DEFAULT]

/// Disable coloring visited links
defaultPref("layout.css.visited_links_enabled", false);

/// Disable disk cache
defaultPref("browser.cache.disk.enable", false);
defaultPref("browser.cache.disk_cache_ssl", true); // [DEFAULT] Controls disk cache for secure (HTTPS) resources, depends on `browser.cache.disk.enable` (which is why we're keeping this on by default)

/// Disable favicons in shortcuts [NO-ANDROID]
// Prevents .ico files from persisting, even after deletion [NO-ANDROID]
defaultPref("browser.shell.shortcutFavicons", false); // [NO-ANDROID] [HIDDEN - Thunderbird]

/// Disable frecency
// This also prevents random recently visited sites from being pinned to the homepage on Desktop
// https://firefox-source-docs.mozilla.org/browser/urlbar/ranking.html#frecency-implementation
// https://devdoc.net/web/developer.mozilla.org/en-US/docs/The_Places_frecency_algorithm.html
// NOTE: `places.frecency.unvisitedBookmarkBonus` is required for bookmark URL bar suggestions on Desktop:
// https://codeberg.org/celenity/Phoenix/issues/218
// https://www.labnol.org/software/browsers/prevent-firefox-showing-bookmarks-address-location-bar/3636#:~:text=Option%20C%3A%20Remove%20Bookmarks%20Completely%20from%20Address%20Bar
defaultPref("places.frecency.bookmarkVisitBonus", 0); // [HIDDEN - Android/Thunderbird] [Default: 75]
defaultPref("places.frecency.defaultVisitBonus", 0); // [HIDDEN - Android/Thunderbird] [DEFAULT]
defaultPref("places.frecency.downloadVisitBonus", 0); // [HIDDEN - Android/Thunderbird] [DEFAULT]
defaultPref("places.frecency.embedVisitBonus", 0); // [HIDDEN - Android/Thunderbird] [DEFAULT]
defaultPref("places.frecency.framedLinkVisitBonus", 0); // [HIDDEN - Android/Thunderbird] [DEFAULT]
defaultPref("places.frecency.linkVisitBonus", 0); // [HIDDEN - Android/Thunderbird] [Default: 100]
defaultPref("places.frecency.permRedirectVisitBonus", 0); // [HIDDEN - Android/Thunderbird] [DEFAULT - non-Firefox Desktop] [Default on Firefox Desktop: 50]
defaultPref("places.frecency.redirectSourceVisitBonus", 0); // [HIDDEN - Android/Thunderbird] [DEFAULT]
defaultPref("places.frecency.reloadVisitBonus", 0); // [HIDDEN - Android/Thunderbird] [Default on Firefox Desktop: 0]
defaultPref("places.frecency.tempRedirectVisitBonus", 0); // [HIDDEN - Android/Thunderbird] [DEFAULT - non-Firefox Desktop] [Default on Firefox Desktop: 40]
defaultPref("places.frecency.typedVisitBonus", 0); // [HIDDEN - Android/Thunderbird] [Default: 2000]
defaultPref("places.frecency.unvisitedTypedBonus", 0); // [HIDDEN - Android/Thunderbird] [Default: 200]


/// Disable LaterRun [NO-ANDROID] [NO-MAIL]
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41568 [NO-ANDROID] [NO-MAIL]
// https://bugzilla.mozilla.org/show_bug.cgi?id=1200639 [NO-ANDROID] [NO-MAIL]
lockPref("browser.laterrun.enabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

/// Disable logging blocked domains to `about:protections` [NO-ANDROID] [NO-MAIL]
defaultPref("browser.contentblocking.cfr-milestone.enabled", false); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.contentblocking.cfr-milestone.milestone-shown-time", "999999999"); // [NO-ANDROID] [NO-MAIL] [HIDDEN]
defaultPref("browser.contentblocking.cfr-milestone.update-interval", 0); // [NO-ANDROID] [NO-MAIL] [HIDDEN]
defaultPref("browser.contentblocking.database.enabled", false); // [DEFAULT - Android/Thunderbird]
defaultPref("browser.contentblocking.report.privacy_metrics.enabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT - non-Nightly]

/// Disable Search & Form History
// Can be leaked to sites...
// https://blog.mindedsecurity.com/2011/10/autocompleteagain.html
defaultPref("browser.formfill.enable", false);


/// Disable WebRTC history
// History will still gather when `about:webrtc` is open
// Also likely improves performance...
defaultPref("media.aboutwebrtc.hist.enabled", false); // [DEFAULT - non-Nightly]

/// Disable window state restoration
// https://searchfox.org/firefox-main/rev/16707ce1/xpfe/appshell/AppWindow.cpp#2404
defaultPref("browser.restoreWindowState.disabled", true);

/// Enable a fire button in Private Browsing Windows to reset the session [NO-ANDROID] [NO-MAIL]
defaultPref("browser.privatebrowsing.resetPBM.enabled", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT - Nightly]

/// Enable the "Forget" button by default [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/4258ca07/browser/components/customizableui/CustomizableWidgets.sys.mjs#576 [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/4258ca07/browser/components/enterprisepolicies/Policies.sys.mjs#950 [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/4258ca07/browser/locales/en-US/browser/policies/policies-descriptions.ftl#81 [NO-ANDROID] [NO-MAIL]
defaultPref("privacy.panicButton.enabled", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

/// Increase the interval between between Session Store save operations
// Also improves performance
// (Default = 10000 (10 secs) for Android, 15000 (15 secs) elsewhere)
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/sessionstore/docs/utils.rst#20
defaultPref("browser.sessionstore.interval", 60000); // 1 minute


/// Prevent clearing cookies by default
defaultPref("privacy.clearOnShutdown.cookies", false); // [NO-ANDROID] [NO-MAIL]
defaultPref("privacy.clearOnShutdown.offlineApps", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
defaultPref("privacy.clearOnShutdown_v2.cookiesAndStorage", false); // [NO-ANDROID] [NO-MAIL]

/// Prevent clearing passwords & site settings by default
defaultPref("privacy.clearOnShutdown.siteSettings", false); // [HIDDEN - Android/Thunderbird] [DEFAULT]
defaultPref("privacy.clearOnShutdown_v2.siteSettings", false); // [HIDDEN - Android/Thunderbird] [DEFAULT]

/// Prevent clearing site settings at `about:preferences#privacy` -> `Cookies and Site Data` -> `Manage Data...` by default [NO-ANDROID] [NO-MAIL]
defaultPref("privacy.clearHistory.siteSettings", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
defaultPref("privacy.clearSiteData.siteSettings", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
defaultPref("privacy.cpd.siteSettings", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

/// Prevent exposing content in the window title for Private Browsing windows [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/82e2435f/browser/app/profile/firefox.js#2619 [NO-ANDROID] [NO-MAIL]
defaultPref("privacy.exposeContentTitleInWindow.pbm", false); // [NO-ANDROID] [NO-MAIL]

/// Prevent storing unnecessary extra session data
defaultPref("browser.sessionstore.privacy_level", 2); // [HIDDEN - Thunderbird]

/// Prevent writing media cache (ex. for video streaming) to disk in private windows
defaultPref("browser.privatebrowsing.forceMediaMemoryCache", true);

/// Remove cached files from browser windows opened with external applications
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=302433,1738574
defaultPref("browser.download.start_downloads_in_tmp_dir", true);
defaultPref("browser.helperApps.deleteTempFileOnExit", true); // [DEFAULT - Thunderbird]

/// Remove files from session list & history when deleted in Firefox [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/82e2435f/browser/app/profile/firefox.js#833 [NO-ANDROID] [NO-MAIL]
defaultPref("browser.download.clearHistoryOnDelete", 2); // [NO-ANDROID] [NO-MAIL]

/// Set default time range when manually clearing data to "everything" [NO-ANDROID]
defaultPref("privacy.sanitize.timeSpan", 0); // [NO-ANDROID]

/// Use `Custom settings' for history at `about:preferences#privacy` -> `History` by default [NO-ANDROID] [NO-MAIL]
defaultPref("privacy.history.custom", true); // [NO-ANDROID] [NO-MAIL]

defaultPref("browser.phoenix.status", "005");

/*** 006 DOWNLOADS ***/

/// Block insecure downloads
defaultPref("dom.block_download_insecure", true); // [DEFAULT]

/// Disable extra download logging by default
// This lets us expose it in the about:config for Android/Thunderbird
defaultPref("browser.download.loglevel", "Error"); // [DEFAULT, HIDDEN - Android/Thunderbird]

/// Notify when downloading files
defaultPref("browser.download.alwaysOpenPanel", true); // [DEFAULT - Desktop] [HIDDEN - Android/Thunderbird]

/// Prevent adding downloads to "recent documents"...
defaultPref("browser.download.manager.addToRecentDocs", false);

/// Prompt before downloading files
defaultPref("browser.download.always_ask_before_handling_new_types", true);
defaultPref("browser.download.useDownloadDir", false); // [DEFAULT - Thunderbird]

defaultPref("browser.phoenix.status", "006");

/*** 007 HTTP(S) ***/

/// Allow users to bypass invalid certificate errors by default
// (To expose the preference via the `about:config`)
defaultPref("security.certerror.hideAddException", false); // [HIDDEN] [DEFAULT]

/// Always attempt to resolve HTTPS resource records, regardless of connectivity checks/other factors
// https://searchfox.org/firefox-main/rev/62066911/netwerk/protocol/http/nsHttpChannel.cpp#987
// https://developer.mozilla.org/docs/Glossary/HTTPS_RR
defaultPref("network.dns.force_use_https_rr", true);

/// Always preload intermediates
// https://wiki.mozilla.org/Security/CryptoEngineering/Intermediate_Preloading
defaultPref("security.remote_settings.intermediates.enabled", true); // [DEFAULT]

/// Always warn on insecure webpages
defaultPref("security.insecure_connection_text.enabled", true);
defaultPref("security.insecure_connection_text.pbmode.enabled", true);
defaultPref("security.ssl.treat_unsafe_negotiation_as_broken", true);

/// Always warn when submitting a form from HTTP to HTTPS, even on local IP addresses
defaultPref("security.insecure_field_warning.ignore_local_ip_address", false);
defaultPref("security.warn_submit_secure_to_insecure", true); // [DEFAULT]

/// Disable the automatic import of OS client authentication certificates
// (Ex. smart cards)
// This prevents loading Mozilla's PKCS#11 module (which then loads these certificates from the OS store).
// AFAICT this functionality is quite obscure, use is seemingly nonexistent outside of very specific environments (ex. enterprise/government).
// Those who do actually use this functionality may also not want the browser to automatically import/expose these certificates, as they have many other uses.
// These certificates can also still be imported in browser settings anyways, so those who do need to use this functionality still can that way.
// So, I see no reason to leave this enabled by default - disabling it reduces attack surface and gives more control to users.
// (For reference, Tor Browser also disables this)
// https://blog.mozilla.org/security/2020/04/14/expanding-client-certificates-in-firefox-75/
// https://bugzilla.mozilla.org/show_bug.cgi?id=1637807
defaultPref("security.osclientcerts.autoload", false); // [DEFAULT - Thunderbird]

/// Disable downgrades to insecure TLS 1.0/1.1
defaultPref("security.tls.insecure_fallback_hosts", ""); // [DEFAULT]
lockPref("security.tls.version.enable-deprecated", false); // [DEFAULT]

/// Disable insecure ciphers (Like Chromium & Tor Browser)
// https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/issues/361#note_3089049
// https://bugzilla.mozilla.org/show_bug.cgi?id=1600437
// https://bugzilla.mozilla.org/show_bug.cgi?id=1036765
defaultPref("security.ssl3.dhe_rsa_aes_128_sha", false); // [DEFAULT]
defaultPref("security.ssl3.dhe_rsa_aes_256_sha", false); // [DEFAULT]
defaultPref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); // [DEFAULT - Nightly] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
defaultPref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false); // [DEFAULT - Nightly] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

/// Disable OCSP revocation checks
//
// So, my current understanding:
// According to Mozilla blog: "With CRLite, Firefox periodically downloads a compact encoding of the set of all revoked certificates that appear in Certificate Transparency logs. Firefox stores this encoding locally, updates it every 12 hours, and queries it privately every time a new TLS connection is created."
// and: "Of course, no browser is performing daily downloads of all CRLs. For a more meaningful comparison, we can consider Chrome’s CRLSets. These are hand-picked sets of revocations that are delivered to Chrome users daily. Recent CRLSets weigh in at 600 kB and include about 1% of all revocations (thirty-five thousand of the four million total). Firefox’s CRLite implementation uses half the bandwidth, updates twice as frequently, and includes all revocations."
// According to MDN: "Firefox desktop from version 135 requires CT log inclusion for all certificates issued by certificate authorities in Mozilla's Root CA Program".
//
// What this means for us:
// 1. We enforce Certificate Transparency (CT) below (security.pki.certificate_transparency.mode -> 2)
// 2. Mozilla requires CAs in their program to implement CT, and we disable using the system's root CAs below (security.certerrors.mitm.auto_enable_enterprise_roots + security.enterprise_roots.enabled)
// 3. We enable + enforce CRLite below (security.pki.crlite_mode -> 2, security.remote_settings.crlite_filters.enabled -> true)
// 4. CRLite works by using CT logs, AND includes ALL revocations from those logs
// 5. Therefore, since we're only trusting CAs that use CT, and since CRLite is covering ALL revocations from CT, we can reasonably conclude that CRLite is covering all revocatons, and thus, OCSP should be superfluous
// So, I'm comfortable finally retiring OCSP... :) - Great to see how far this has come
// https://wikipedia.org/wiki/Online_Certificate_Status_Protocol
// https://hacks.mozilla.org/2025/08/crlite-fast-private-and-comprehensive-certificate-revocation-checking-in-firefox/
// https://developer.mozilla.org/docs/Web/Security/Certificate_Transparency#browser_requirements
// https://github.com/arkenfox/user.js/issues/1576
defaultPref("security.OCSP.enabled", 0); // [NO-MAIL]
defaultPref("security.OCSP.require", false); // [NO-MAIL] [DEFAULT]

/// Disable Parental Controls
// https://searchfox.org/firefox-main/source/toolkit/components/parentalcontrols/nsIParentalControlsService.idl
// https://searchfox.org/firefox-main/rev/cb527813/netwerk/protocol/http/nsHttpHandler.cpp#537
// https://searchfox.org/firefox-main/rev/cb527813/docshell/base/CanonicalBrowsingContext.cpp#3696
// https://searchfox.org/firefox-main/source/toolkit/locales-preview/aboutRestricted.ftl
lockPref("network.parental_controls_cached_state", false); // [DEFAULT]
lockPref("security.restrict_to_adults.always", false); // [DEFAULT]
lockPref("security.restrict_to_adults.respect_platform", false); // [DEFAULT]

/// Disable sending background HTTP requests to websites that do not respond quickly to check if they support HTTPS
defaultPref("dom.security.https_only_mode_send_http_background_request", false);

/// Disable third-party/OS-level root certificates
// I've been torn on how to handle this, but IMO the safest way forward is disabling this functionality in Firefox
// This is commonly abused by malware/etc. and it's even overriden by certain software/garbage AV's...
// Ex. https://support.kaspersky.com/common/compatibility/14620#block3
// Since this is something programs actively try to override, I don't see a safe way to support this, so we'll lock it
// We still allow users to manually import certificates into Firefox... 
// So we can ensure users are aware of certificates they add and are making this decision consciously
// This is also important to ensure that Certificate Transparency is properly enforced, since it (`security.pki.certificate_transparency.mode`) only covers roots issued by Mozilla
// https://wiki.mozilla.org/SecurityEngineering/Certificate_Transparency#Certificate_Transparency_Support_in_Firefox
// We also set "ImportEnterpriseRoots" in policies [NO-ANDROID]
// https://mozilla.github.io/policy-templates/#certificates--importenterpriseroots [NO-ANDROID]
lockPref("security.certerrors.mitm.auto_enable_enterprise_roots", false); // [NO-ANDROID] [HIDDEN - Thunderbird]
lockPref("security.enterprise_roots.enabled", false); // [NO-ANDROID]

//// Ensure HTTP/3 isn't disabled when/if third-party/OS-level root certificates are found
defaultPref("network.http.http3.disable_when_third_party_roots_found", false);

/// Disable TLS 1.3 0-RTT
// Not forward secret
// https://github.com/tlswg/tls13-spec/issues/1001
defaultPref("network.http.http3.enable_0rtt", false); // For HTTP3 https://bugzilla.mozilla.org/show_bug.cgi?id=1689550
defaultPref("security.tls.enable_0rtt_data", false);

/// Enable (+ enforce) Certificate Transparency
// https://wiki.mozilla.org/SecurityEngineering/Certificate_Transparency
defaultPref("security.pki.certificate_transparency.disable_for_hosts", ""); // [DEFAULT]
defaultPref("security.pki.certificate_transparency.disable_for_spki_hashes", ""); // [DEFAULT]
defaultPref("security.pki.certificate_transparency.mode", 2); // [DEFAULT - non-Nightly Android]

/// Enable CRLite revocation checks (and prioritize over OCSP)
// https://blog.mozilla.org/security/2020/01/09/crlite-part-1-all-web-pki-revocations-compressed/
defaultPref("security.pki.crlite_channel", "default"); // [DEFAULT - non-Android] Use CRLite clubcards that contain all revocations, instead of just "priority" revocations
defaultPref("security.pki.crlite_mode", 2); // [DEFAULT - Nightly]
defaultPref("security.remote_settings.crlite_filters.enabled", true); // [DEFAULT - non-Android]

/// Enable Delegated Credentials
// https://wikipedia.org/wiki/Delegated_credential
defaultPref("security.tls.enable_delegated_credentials", true); // [DEFAULT]

/// Enable HTTPS-First
// This is a less-aggressive alternative to HTTPS-Only Mode
// Sets the browser to attempt to use HTTPS for connections first, but silently fall-back if HTTPS is unavailable
// Used if HTTPS-Only Mode is disabled
// https://support.mozilla.org/kb/https-first
defaultPref("dom.security.https_first", true); // [DEFAULT]
defaultPref("dom.security.https_first_add_exception_on_failure", false); // Prevent automatically exempting domains, so that HTTPS-First is always tried no matter what
defaultPref("dom.security.https_first_for_custom_ports", true);
defaultPref("dom.security.https_first_for_local_addresses", true);
defaultPref("dom.security.https_first_for_unknown_suffixes", true);
defaultPref("dom.security.https_first_pbm", true); // [DEFAULT]
defaultPref("dom.security.https_first_schemeless", true); // [DEFAULT]

/// Enable HTTPS-Only Mode
// Enforces the use of HTTPS for connections, and warns the user if HTTPS is unavailable
// https://support.mozilla.org/kb/https-only-prefs
// NOTE: Locked on Desktop due to being a critical privacy and security feature,
// but we won't lock it for Android/Thunderbird, as it's unfortunately not possible to add exceptions there
// https://codeberg.org/ironfox-oss/bugs/issues/48
defaultPref("dom.security.https_only_mode", true);
lockPref("dom.security.https_only_mode", true); // [NO-ANDROID] [NO-MAIL]
defaultPref("dom.security.https_only_mode.upgrade_local", true); // Enforce HTTPS-Only Mode for local requests
defaultPref("dom.security.https_only_mode_pbm", true);
lockPref("dom.security.https_only_mode_pbm", true); // [NO-ANDROID] [NO-MAIL]
defaultPref("dom.security.https_only_mode_error_page_user_suggestions", true); // Show suggestions when an HTTPS page can not be found - ex. if 'example.com' is insecure, the browser may suggest trying to connect to 'www.example.com' instead

/// Enable MITM Detection
// https://github.com/arkenfox/user.js/issues/740
// https://bugzilla.mozilla.org/show_bug.cgi?id=1529643
defaultPref("security.certerrors.mitm.priming.enabled", true); // [HIDDEN - Android/Thunderbird] [DEFAULT - non-Android/Thunderbird]
defaultPref("security.certerrors.mitm.priming.endpoint", "https://mitmdetection.services.mozilla.com/"); // [HIDDEN - Android/Thunderbird] [DEFAULT - non-Android/Thunderbird]

/// Enable OCSP stapling
// https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/
// https://blog.cloudflare.com/high-reliability-ocsp-stapling/#ocsp-must-staple
defaultPref("security.ssl.enable_ocsp_must_staple", true); // [DEFAULT]
defaultPref("security.ssl.enable_ocsp_stapling", true); // [DEFAULT]

/// Enable Post Quantum Key Agreement (Kyber)
defaultPref("media.webrtc.enable_pq_dtls", true); // [NO-ANDROID] [ESR] [DEFAULT]
defaultPref("media.webrtc.enable_pq_hybrid_kex", true); // [DEFAULT]
defaultPref("media.webrtc.send_mlkem_keyshare", true); // [DEFAULT]
defaultPref("network.http.http3.enable_kyber", true); // [DEFAULT]
defaultPref("security.tls.client_hello.send_p256_keyshare", true); // [DEFAULT]
defaultPref("security.tls.enable_kyber", true); // [DEFAULT]

/// Enable prompts for unsafe HTTP redirects
// https://searchfox.org/firefox-main/rev/16707ce1/modules/libpref/init/all.js#1189
// https://bugzilla.mozilla.org/show_bug.cgi?id=677754
// https://searchfox.org/firefox-main/rev/16707ce1/netwerk/protocol/http/nsHttpChannel.cpp#3687
defaultPref("network.http.prompt-temp-redirect", true);

/// Enforce Strict Certificate Pinning
// https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning#How_to_use_pinning
// The list of domains currently covered can be found here: https://searchfox.org/firefox-main/source/security/manager/ssl/StaticHPKPins.h
// Some are also displayed in a prettier format here: https://searchfox.org/firefox-main/source/security/manager/tools/PreloadedHPKPins.json
// For values/modes, see: https://searchfox.org/firefox-main/rev/19539767/security/manager/ssl/PublicKeyPinningService.cpp#32
//    Disabled             = 0
//    AllowUserCAMITM      = 1
//    Strict               = 2
//    EnforceTestMode      = 3
// Strict excludes certain domains that Mozilla wants to collect telemetry for/labels as "testing", while EnforceTestMode
// includes all domains/enforces everything
defaultPref("security.cert_pinning.enforcement_level", 3);

/// Enforce TLS 1.3 downgrade protection
// https://bugzilla.mozilla.org/show_bug.cgi?id=1576790
defaultPref("security.tls.hello_downgrade_check", true); // [DEFAULT]

/// Ensure that the browser omits credentials when making network requests by default
// https://searchfox.org/firefox-main/rev/4dad4a9a/modules/libpref/init/StaticPrefList.yaml#13568
defaultPref("network.fetch.systemDefaultsToOmittingCredentials", true); // [DEFAULT]

/// Ensure we use the HSTS preload list
// https://searchfox.org/firefox-main/rev/82e2435f/security/manager/ssl/nsSiteSecurityService.cpp#799
defaultPref("network.stricttransportsecurity.preloadlist", true); // [DEFAULT]

/// Only allow certificate error exceptions per-session
defaultPref("security.certerrors.permanentOverride", false); // [HIDDEN - Android/Thunderbird]

/// Only load secure websockets from HTTPS pages
defaultPref("network.websocket.allowInsecureFromHTTPS", false); // [DEFAULT]

/// Require safe renegotiations
// Disables connections to servers without RFC 5746
// https://wiki.mozilla.org/Security:Renegotiation
defaultPref("security.ssl.require_safe_negotiation", true);

/// Show detailed information on insecure warning pages
defaultPref("browser.xul.error_pages.expert_bad_cert", true);

/// Upgrade Mixed Content
// These pertain to handling insecure (HTTP) content in secure (HTTPS) contexts
// https://blog.mozilla.org/security/2024/06/05/firefox-will-upgrade-more-mixed-content-in-version-127/
defaultPref("dom.securecontext.allowlist", ""); // [HIDDEN] [DEFAULT] This can be used for adding exceptions: https://searchfox.org/firefox-main/rev/82e2435f/dom/security/nsMixedContentBlocker.cpp#270
defaultPref("security.mixed_content.block_active_content", true); // [DEFAULT - non-Thunderbird]
defaultPref("security.mixed_content.block_display_content", false); // [DEFAULT] Unnecessary with the "security.mixed_content.upgrade_display_content" pref - that pref tries to upgrade mixed content by default and still blocks it if fails, this pref just blocks all mixed content entirely, causing unnecessary breakage for users: https://github.com/mozilla/policy-templates/issues/1141
defaultPref("security.mixed_content.upgrade_display_content", true); // [DEFAULT]

defaultPref("browser.phoenix.status", "007");

/*** 008 IMPLICIT CONNECTIONS ***/

/// Disable Early Hints (Like Cromite)
// https://github.com/uazo/cromite/blob/master/build/patches/Client-hints-overrides.patch
// https://developer.mozilla.org/docs/Web/HTTP/Status/103
// https://github.com/bashi/early-hints-explainer/blob/main/explainer.md
defaultPref("network.early-hints.enabled", false);
defaultPref("network.early-hints.over-http-v1-1.enabled", false);
defaultPref("network.early-hints.preconnect.enabled", false);
defaultPref("network.early-hints.preconnect.max_connections", 0);

/// Disable Network Prefetching
// https://developer.mozilla.org/docs/Glossary/Prefetch
defaultPref("dom.prefetch_dns_for_anchor_http_document", false); // https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42684
defaultPref("dom.prefetch_dns_for_anchor_https_document", false); // [DEFAULT] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42684
defaultPref("network.dns.disablePrefetch", true);
defaultPref("network.dns.disablePrefetchFromHTTPS", true);
defaultPref("network.dns.prefetch_via_proxy", false); // [DEFAULT]
defaultPref("network.http.speculative-parallel-limit", 0); // [DEFAULT - Thunderbird]
defaultPref("network.predictor.enable-hover-on-ssl", false); // [DEFAULT] https://searchfox.org/firefox-main/rev/3c918058/docshell/base/nsDocShell.cpp#14207
defaultPref("network.predictor.enabled", false); // [NO-ANDROID] [ESR]
defaultPref("network.prefetch-next", false);

/// Disable Preconnect
// https://github.com/uBlockOrigin/uBlock-issues/issues/2913
// https://developer.mozilla.org/docs/Web/HTML/Attributes/rel/preconnect
defaultPref("network.preconnect", false);

/// Disable speculative pre-connections [NO-ANDROID] [NO-MAIL]
// https://support.mozilla.org/kb/how-stop-firefox-making-automatic-connections#w_speculative-pre-connections [NO-ANDROID] [NO-MAIL]
defaultPref("browser.places.speculativeConnect.enabled", false); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.speculativeConnect.enabled", false); // [NO-ANDROID] [NO-MAIL]

/// Prevent leaking single word searches to DNS provider [NO-ANDROID] [NO-MAIL]
defaultPref("browser.fixup.dns_first_for_single_words", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
defaultPref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

/// Prevent middle mouse clicks from pasting clipboard contents by default
// Way too easy to accidentally press...
defaultPref("middlemouse.paste", false);

/// Prevent middle mouse clicks on new tab button opening URLs or searches from clipboard
defaultPref("browser.tabs.searchclipboardfor.middleclick", false);
defaultPref("middlemouse.contentLoadURL", false); // [DEFAULT]

defaultPref("browser.phoenix.status", "008");

/*** 009 SEARCH & URL BAR ***/

/// Allow using a different search engine in normal vs. private Windows [NO-MAIL]
defaultPref("browser.search.separatePrivateDefault.ui.enabled", true); // [NO-MAIL]

/// Always show Punycode
// Protects against phishing & IDN Homograph Attacks
// https://wikipedia.org/wiki/IDN_homograph_attack
defaultPref("network.IDN_show_punycode", true);

/// Disable autofill/autocompletion of URLs by default [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.autoFill", false); // [NO-ANDROID] [NO-MAIL]

/// Disable the button to switch search engines when `browser.urlbar.scotchBonnet.enableOverride` is `false` by default [NO-ANDROID] [NO-MAIL]
// Currently broken [NO-ANDROID] [NO-MAIL]
// https://windowsreport.com/firefox-tests-dedicated-address-bar-button-for-easier-search-engine-switching/ [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/82e2435f/browser/themes/shared/identity-block/identity-block.css#33 [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.searchModeSwitcher.featureGate", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN] [DEFAULT]

/// Disable clipboard suggestions by default, but allow users to enable them if desired [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/source/browser/components/urlbar/UrlbarProviderClipboard.sys.mjs [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.clipboard.featureGate", true); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.suggest.clipboard", false); // [NO-ANDROID] [NO-MAIL]

/// Disable Firefox's new 'Unified Trust Panel' by default [NO-ANDROID] [NO-MAIL]
// This prevents setting per-site exceptions for the built-in cookie banner blocker [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.trustPanel.featureGate", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

/// Disable history suggestions by default [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/source/browser/components/urlbar/UrlbarProviderInputHistory.sys.mjs [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.suggest.history", false); // [NO-ANDROID] [NO-MAIL]

/// Disable quick actions by default, but allow users to enable them if desired [NO-ANDROID] [NO-MAIL]
// (Ex. When searching "settings", this causes a "Manage settings" result to appear) [NO-ANDROID] [NO-MAIL]
// https://support.mozilla.org/kb/quick-actions-firefox-search-bar [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/source/browser/components/urlbar/ActionsProviderQuickActions.sys.mjs [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.quickactions.showPrefs", true); // [NO-ANDROID] [NO-MAIL] [HIDDEN] UI
defaultPref("browser.urlbar.secondaryActions.featureGate", true); // [NO-ANDROID] [NO-MAIL] [HIDDEN]
defaultPref("browser.urlbar.shortcuts.actions", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN] `@actions` shortcut
defaultPref("browser.urlbar.suggest.quickactions", false); // [NO-ANDROID] [NO-MAIL] suggestions

/// Disable the quick actions onboarding [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/nimbus/FeatureManifest.yaml#222 [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.quickactions.timesToShowOnboardingLabel", 0); // [NO-ANDROID] [NO-MAIL] [HIDDEN]

/// Disable recent search suggestions by default, but allow users to enable them if desired [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/source/browser/components/urlbar/UrlbarProviderRecentSearches.sys.mjs [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.recentsearches.featureGate", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
defaultPref("browser.urlbar.suggest.recentsearches", false); // [NO-ANDROID] [NO-MAIL]

/// Disable search engine suggestions (Tab to search) by default [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/source/browser/components/urlbar/UrlbarProviderTabToSearch.sys.mjs [NO-ANDROID] [NO-MAIL]
// Way too obnoxious... [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.suggest.engines", false); // [NO-ANDROID] [NO-MAIL]

/// Disable search engine suggestion (Tab to search) onboarding results [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/82e2435f/browser/components/urlbar/UrlbarPrefs.sys.mjs#574 [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.tabToSearch.onboard.interactionsLeft", 0); // [NO-ANDROID] [NO-MAIL] [HIDDEN]

/// Disable search suggestions by default
// https://searchfox.org/firefox-main/source/browser/components/urlbar/UrlbarProviderSearchSuggestions.sys.mjs
// `browser.search.suggest.enabled` and `browser.search.suggest.enabled.private` appear to have no impact on Android & Thunderbird, but they're still defined there by default.. so we can set them anyways
defaultPref("browser.search.suggest.enabled", false); // [DEFAULT - Android]
defaultPref("browser.search.suggest.enabled.private", false); // [DEFAULT]
defaultPref("browser.urlbar.showSearchSuggestionsFirst", false); // [NO-ANDROID] [NO-MAIL] UI
defaultPref("browser.urlbar.suggest.searches", false); // [NO-ANDROID] [NO-MAIL]

/// Disable search tips [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/source/browser/components/urlbar/UrlbarProviderSearchTips.sys.mjs [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.searchTips.test.ignoreShowLimits", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN] [DEFAULT] Ensure we don't bypass checks that prevent tips from being shown https://searchfox.org/firefox-main/rev/82e2435f/browser/components/urlbar/UrlbarPrefs.sys.mjs#406
lockPref("browser.urlbar.tipShownCount.searchTip_onboard", 999); // [NO-ANDROID] [NO-MAIL] [HIDDEN] Onboarding search tip https://searchfox.org/firefox-main/rev/82e2435f/browser/components/urlbar/UrlbarPrefs.sys.mjs#578
lockPref("browser.urlbar.tipShownCount.searchTip_redirect", 999); // [NO-ANDROID] [NO-MAIL] [HIDDEN] Redirect search tip https://searchfox.org/firefox-main/rev/82e2435f/browser/components/urlbar/UrlbarPrefs.sys.mjs#581

/// Disable trending searches by default, but allow users to enable them if desired [NO-ANDROID] [NO-MAIL]
// https://support.mozilla.org/kb/use-google-trending-search-firefox-address-bar [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.suggest.trending", false); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.trending.featureGate", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

/// Disable URL trimming [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.trimHttps", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
defaultPref("browser.urlbar.trimURLs", false); // [NO-ANDROID] [NO-MAIL]

/// Enable bookmark suggestions by default [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/source/browser/components/urlbar/UrlbarProviderBookmarkKeywords.sys.mjs [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.suggest.bookmark", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

/// Enable the calculator by default [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/source/browser/components/urlbar/UrlbarProviderCalculator.sys.mjs [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.suggest.calculator", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

/// Enable the new URL bar/search UI by default [NO-ANDROID] [NO-MAIL]
// Adds Unified Search button to easily switch search engines in URL Bar, among other tweaks
// https://windowsreport.com/firefox-tests-dedicated-address-bar-button-for-easier-search-engine-switching/ [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.scotchBonnet.enableOverride", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

/// Enable local keyword shortcuts by default [NO-ANDROID] [NO-MAIL]
// (ex. `@bookmarks` for searching bookmarks) [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/source/browser/components/urlbar/UrlbarProviderRestrictKeywords.sys.mjs [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/82e2435f/browser/components/urlbar/UrlbarView.sys.mjs#3107 [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/82e2435f/browser/components/urlbar/UrlbarPrefs.sys.mjs#403 [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.searchRestrictKeywords.featureGate", true); // [NO-ANDROID] [NO-MAIL] [HIDDEN] [DEFAULT]

/// Enable open tab suggestions by default [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/source/browser/components/urlbar/UrlbarProviderOpenTabs.sys.mjs [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.suggest.openpage", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

/// Enable rich suggestions by default [NO-ANDROID] [NO-MAIL]
// (Ex. this displays images and additional info alongside suggestions from Google) [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/82e2435f/browser/components/urlbar/UrlbarPrefs.sys.mjs#386 [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.richSuggestions.featureGate", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

/// Enable the Rust-based Search Engine Selector
// https://bugzilla.mozilla.org/show_bug.cgi?id=1914143
defaultPref("browser.search.rustSelector.featureGate", true); // [DEFAULT]

/// Enable the "Search in Private Window" result by default [NO-MAIL]
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/search/SearchService.sys.mjs#1228 [NO-MAIL]
defaultPref("browser.search.separatePrivateDefault.urlbarResult.enabled", true); // [NO-MAIL] [HIDDEN]

/// Enable shortcut suggestions by default [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/source/browser/components/urlbar/UrlbarProviderTopSites.sys.mjs [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.suggest.topsites", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

/// Enable suggestions to add/use search engines on OpenSearch-compatible sites by default [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/82e2435f/browser/components/urlbar/UrlbarPrefs.sys.mjs#83 [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/source/browser/components/urlbar/ActionsProviderContextualSearch.sys.mjs [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.contextualSearch.enabled", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

/// Enable unit conversion by default [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/source/browser/components/urlbar/UrlbarProviderUnitConversion.sys.mjs [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.unitConversion.enabled", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

/// Ensure the default search engine is set to DuckDuckGo [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.placeholderName", "DuckDuckGo"); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.placeholderName.private", "DuckDuckGo"); // [NO-ANDROID] [NO-MAIL]

/// Exclude JavaScript URLS from results [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.filter.javascript", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

/// Expose the pref to enable debug badges in the `about:config`, but do not enable by default [NO-ANDROID] [NO-MAIL]
// (Ex. labels adaptive history results with "A" and semantic history results with "S") [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/82e2435f/browser/themes/shared/urlbarView.css#361 [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.showDebuggingIcons", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN] [DEFAULT]

/// Expose the UI to switch search engines for individual searches [NO-ANDROID] [NO-MAIL]
// "This time, search with..." [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/source/browser/components/urlbar/UrlbarSearchOneOffs.sys.mjs [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/82e2435f/browser/components/urlbar/UrlbarPrefs.sys.mjs#392 [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.scotchBonnet.disableOneOffs", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN]

/// Highlight domains and other styling [NO-ANDROID] [NO-MAIL]
// Protects against phishing [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/82e2435f/browser/components/urlbar/docs/preferences.rst#138 [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.formatting.enabled", true); // [NO-ANDROID] [NO-MAIL] [HIDDEN] [DEFAULT]

/// If URL trimming is enabled, untrim on user interaction [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.untrimOnUserInteraction.featureGate", true); // [NO-ANDROID] [NO-MAIL]

/// Notify users if their default search engine has been removed
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/search/SearchService.sys.mjs#2030
defaultPref("browser.search.removeEngineInfobar.enabled", true); // [DEFAULT]

/// Show full URLs instead of search terms [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.restyleSearches", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN] [DEFAULT]
defaultPref("browser.urlbar.showSearchTerms.enabled", false); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.showSearchTerms.featureGate", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

/// Use the same search engine in normal and private browsing windows by default
// (DuckDuckGo for us)
defaultPref("browser.search.separatePrivateDefault", false);

defaultPref("browser.phoenix.status", "009");

/*** 010 DNS ***/

/// Customize list of built-in DoH resolvers
defaultPref("doh-rollout.provider-list", '[{"uri":"https://base.dns.mullvad.net/dns-query","UIName":"Mullvad (Base) 🇸🇪","autoDefault":true},{"uri":"https://mozilla.cloudflare-dns.com/dns-query","UIName":"Cloudflare 🇺🇸","autoDefault":false},{"uri":"https://security.cloudflare-dns.com/dns-query","UIName":"Cloudflare (Malware Protection) 🇺🇸","autoDefault":false},{"uri":"https://noads.joindns4.eu/dns-query","UIName":"DNS4EU (Ad Blocking) 🇨🇿","autoDefault":false},{"uri":"https://protective.joindns4.eu/dns-query","UIName":"DNS4EU (Protective) 🇨🇿","autoDefault":false},{"uri":"https://unfiltered.joindns4.eu/dns-query","UIName":"DNS4EU (Unfiltered) 🇨🇿","autoDefault":false},{"uri":"https://dns.mullvad.net/dns-query","UIName":"Mullvad (Unfiltered) 🇸🇪","autoDefault":false}]'); // [HIDDEN]
defaultPref("network.trr.default_provider_uri", "https://base.dns.mullvad.net/dns-query"); // Set the default DoH Provider to Mullvad (Base)

/// Disable DoH Connectivity Checks
defaultPref("network.connectivity-service.DNS_HTTPS.domain", "");
defaultPref("network.trr.attempt-when-retrying-confirmation", true); // Ensure we always attempt to use DoH no matter what, regardless of the confirmation connectivity check https://searchfox.org/firefox-main/rev/e535ba2b/netwerk/dns/TRRService.cpp#286
defaultPref("network.trr.confirmationNS", "skip"); // https://searchfox.org/firefox-main/rev/e535ba2b/netwerk/dns/TRRService.cpp#273
defaultPref("network.trr.skip-check-for-blocked-host", true); // https://searchfox.org/firefox-main/rev/82e2435f/netwerk/dns/TRRService.cpp#1062
defaultPref("network.trr.wait-for-confirmation", false); // [DEFAULT] Ensure we always attempt to use DoH no matter what, regardless of the confirmation connectivity check https://searchfox.org/firefox-main/rev/e535ba2b/netwerk/dns/TRRService.cpp#282

/// Disable DoH GET
defaultPref("network.trr.useGET", false); // https://bugzilla.mozilla.org/show_bug.cgi?id=1699759

/// Disable EDNS Client Subnet (ECS) to prevent leaking general location data to authoritative DNS servers...
// https://wikipedia.org/wiki/EDNS_Client_Subnet
defaultPref("network.trr.disable-ECS", true); // [DEFAULT]

/// Disable falling back to system DNS by default
defaultPref("network.trr.retry_on_recoverable_errors", true); // https://searchfox.org/firefox-main/rev/82e2435f/netwerk/dns/nsHostResolver.cpp#1351
defaultPref("network.trr.strict_native_fallback", true); // https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/telemetry/docs/data/environment.rst#418

/// Disable nsNotifyAddrListener
// (Ex. used for disabling DoH if certain conditions are met)
// https://searchfox.org/firefox-main/source/netwerk/system/win32/nsNotifyAddrListener.cpp
defaultPref("network.notify.changed", false);
defaultPref("network.notify.checkForNRPT", false);
defaultPref("network.notify.checkForProxies", false);
defaultPref("network.notify.dnsSuffixList", false);
defaultPref("network.notify.initial_call", false);
defaultPref("network.notify.IPv6", false); // [DEFAULT - Windows]
defaultPref("network.notify.resolvers", false);

/// Enable DNS Rebinding Protection
// https://bugzilla.mozilla.org/show_bug.cgi?id=1672528
defaultPref("network.trr.allow-rfc1918", false); // [DEFAULT]

/// Enable DoH without fallback by default
defaultPref("network.trr.mode", 3);

/// Enable EncryptedClientHello
// https://blog.cloudflare.com/announcing-encrypted-client-hello
defaultPref("network.dns.echconfig.enabled", true); // [DEFAULT]
defaultPref("network.dns.http3_echconfig.enabled", true); // [DEFAULT]

/// Enable native DNS over HTTPS lookups
// NOTE: Native DNS over HTTPS is currently broken on Windows 10, but can be toggled anyways with the
// `network.dns.native_https_query_win10` pref: https://bugzilla.mozilla.org/show_bug.cgi?id=1873461
defaultPref("network.dns.native_https_query", true); // [DEFAULT - non-macOS]
defaultPref("network.dns.native_https_query_in_automation", true); // Used in automation

/// Enable TLS SNI Slicing
// Useful for circumenting certain forms of censorship, ex. from the Great Firewall of China
// https://github.com/uazo/cromite/issues/2403
// https://github.com/net4people/bbs/issues/505
// https://searchfox.org/firefox-main/diff/cb527813/modules/libpref/init/StaticPrefList.yaml#15350
defaultPref("network.http.http3.sni-slicing", true); // [DEFAULT]

/// Ensure we clear cache upon changing DoH prefs
// https://searchfox.org/firefox-main/rev/82e2435f/netwerk/dns/TRRService.cpp#440
defaultPref("network.trr.clear-cache-on-pref-change", true); // [DEFAULT]

/// Expose the DoH bootstrap pref, but don't configure by default
// This is the DNS server Firefox uses to resolve the address of your DoH server
// By default, Firefox just uses the system DNS
// This value MUST match the address of the DoH server you're using
// Ex. you could set this to "9.9.9.9" for Quad9
// We won't configure this by default to prevent unexpected breakage for users when switching DNS providers, but it's hidden - so we can at least expose it in the about:config
// https://searchfox.org/firefox-main/rev/82e2435f/netwerk/dns/TRRService.cpp#903
defaultPref("network.trr.bootstrapAddr", ""); // [HIDDEN] [DEFAULT]

/// Fix IPv6 connectivity when DoH is enabled
// https://codeberg.org/divested/brace/pulls/5
defaultPref("network.dns.preferIPv6", true);

/// Prevent bypassing DoH for /etc/HOSTS entries by default
// Protects against HOSTS file hijacking
// https://www.malwarebytes.com/blog/news/2016/09/hosts-file-hijacks
// https://www.microsoft.com/wdsi/threats/malware-encyclopedia-description?Name=SettingsModifier:Win32/HostsFileHijack
// https://www.microcenter.com/tech_center/article/6472/how-to-clean-the-windows-hosts-file-if-malware-has-tampered-with-it
// https://searchfox.org/firefox-main/rev/82e2435f/netwerk/dns/TRRServiceBase.cpp#359
defaultPref("network.trr.exclude-etc-hosts", false);

/// Prevent sending headers for DoH requests
defaultPref("network.trr.send_accept-language_headers", false); // [DEFAULT]
defaultPref("network.trr.send_empty_accept-encoding_headers", true); // [DEFAULT]
defaultPref("network.trr.send_user-agent_headers", false); // [DEFAULT]

/// Prioritize HTTP/3
// https://searchfox.org/firefox-main/rev/62066911/netwerk/dns/nsIDNSService.idl#354
defaultPref("network.trr.allow_default_http3_first", true); // [DEFAULT - Nightly]
defaultPref("network.trr.force_http3_first", true);


defaultPref("browser.phoenix.status", "010");

/*** 011 PROXIES ***/

/// Prevent Firefox from automatically using the system's proxy configuration by default
// This is commonly abused by content filtering/monitoring/MITM software & malware (just like third-party/OS-level root certificates...)
// There are of course legitimate use cases for proxies, but those require manual set-up anyways... let's ensure the user is always in control and making the conscious decision to use a proxy (if at all)
// Also helps with performance as a bonus
// https://bugzilla.mozilla.org/show_bug.cgi?id=500983
// https://bugzilla.mozilla.org/show_bug.cgi?id=500983#c7
// https://superuser.com/questions/169303/why-are-my-browsers-suddenly-configured-to-use-a-proxy
// The proxy type. See nsIProtocolProxyService.idl
//    PROXYCONFIG_DIRECT   = 0
//    PROXYCONFIG_MANUAL   = 1
//    PROXYCONFIG_PAC      = 2
//    PROXYCONFIG_WPAD     = 4
//    PROXYCONFIG_SYSTEM   = 5 (default)
defaultPref("network.proxy.type", 0);

// Prevent bypasses/leakage

/// Always start proxy extensions (if installed) as soon as possible, instead of waiting for the first browser window to open
defaultPref("extensions.webextensions.early_background_wakeup_on_request", true); // [HIDDEN - non-Android] [DEFAULT - Android]

/// Disable automatic failover from the proxy (if configured) to direct connections when certain system requests fail
// https://bugzilla.mozilla.org/show_bug.cgi?id=1720221
defaultPref("network.proxy.failover_direct", false);

/// Disable file:///net
// https://bugzilla.mozilla.org/show_bug.cgi?id=1412081
// (This unfortunately breaks file upload on Android ATM)
defaultPref("network.file.path_blacklist", "/net"); // [NO-ANDROID] [HIDDEN]

/// Disable GIO
// https://bugzilla.mozilla.org/1433507
defaultPref("network.gio.supported-protocols", ""); // [HIDDEN]

/// Disable Uniform Naming Convention (UNC) file paths
// https://bugzilla.mozilla.org/1413868
defaultPref("network.file.disable_unc_paths", true); // [HIDDEN]

/// Disable Wi-Fi Tickler
// Ex. disabled by the Proxy Bypass Protection build argument
// https://searchfox.org/firefox-main/source/netwerk/base/Tickler.h
// https://searchfox.org/firefox-main/rev/82e2435f/netwerk/base/Tickler.cpp#127
defaultPref("network.tickle-wifi.enabled", false); // [DEFAULT - non-Android]

/// Prevent bypassing the proxy (if configured) for system connections that include the `bypassProxy` flag
// https://bugzilla.mozilla.org/show_bug.cgi?id=1732792
defaultPref("network.proxy.allow_bypass", false);

/// Use the proxy (if configured) for remote DNS lookups
defaultPref("network.proxy.socks_remote_dns", true);
defaultPref("network.proxy.socks5_remote_dns", true); // [DEFAULT]

defaultPref("browser.phoenix.status", "011");

/*** 012 WEBRTC ***/

/// Allow user to silence notifications when screen sharing
// https://searchfox.org/firefox-main/rev/82e2435f/browser/app/profile/firefox.js#2590
defaultPref("privacy.webrtc.allowSilencingNotifications", true); // [HIDDEN - Android/Thunderbird] [DEFAULT]
defaultPref("privacy.webrtc.hideGlobalIndicator", false); // [HIDDEN - Android/Thunderbird] [DEFAULT]

/// Always sandbox Media Transport
// https://searchfox.org/firefox-main/rev/82e2435f/security/sandbox/common/SandboxSettings.cpp#185
defaultPref("media.peerconnection.mtransport_process", true); // [HIDDEN - Android/Thunderbird] [DEFAULT]

/// Disable RTP Control Protocol (RTCP) reception
// https://wikipedia.org/wiki/RTP_Control_Protocol
// Used for quality monitoring and statistics
// https://searchfox.org/firefox-main/rev/874c5779/dom/media/webrtc/transportbridge/MediaPipeline.cpp#651
defaultPref("media.webrtc.net.force_disable_rtcp_reception", true);

/// Enable global toggles for muting the camera/microphone
// https://searchfox.org/firefox-main/rev/82e2435f/browser/app/profile/firefox.js#2595
defaultPref("privacy.webrtc.globalMuteToggles", true); // [HIDDEN - Android]

/// Enable mDNS Host Obfuscation to prevent leaking local IP addresses
// https://bugzilla.mozilla.org/show_bug.cgi?id=1588817
defaultPref("media.peerconnection.ice.obfuscate_host_addresses", true); // [DEFAULT - non-Android]

/// Prevent WebRTC from bypassing the proxy (if configured)
// https://bugzilla.mozilla.org/show_bug.cgi?id=1790270
defaultPref("media.peerconnection.ice.proxy_only_if_behind_proxy", true);

/// Warn users when attempting to switch tabs in a window being shared over WebRTC
// https://searchfox.org/firefox-main/rev/82e2435f/browser/app/profile/firefox.js#2599
defaultPref("privacy.webrtc.sharedTabWarning", true); // [HIDDEN - Android/Thunderbird]

defaultPref("browser.phoenix.status", "012");

/*** 013 MEDIA ***/

/// Add DRM notes
defaultPref("media.eme.enabled.0.NOTE", "DRM/EME is NOT supported or recommended.");
defaultPref("media.eme.enabled.1.NOTE", "Enabling it WILL compromise your privacy/security.");
defaultPref("media.eme.enabled.2.NOTE", "Proceed at your own caution.");
defaultPref("media.eme.enabled.3.NOTE", "Disable media.eme.require-app-approval if you haven't already."); // [NO-ANDROID] [NO-MAIL]
defaultPref("media.eme.enabled.4.NOTE", "You will also need to enable GMP and a CDM."); // [NO-ANDROID] [NO-MAIL]
defaultPref("media.eme.enabled.5.NOTE", "See media.gmp-manager.updateEnabled & media.gmp-widevinecdm.enabled."); // [NO-ANDROID] [NO-MAIL]

/// Block media autoplay by default
// https://support.mozilla.org/kb/block-autoplay
// `media.geckoview.autoplay.request.testing` is used when `media.geckoview.autoplay.request` is set to `true` (ex. on GeckoView/Fenix) - when `media.geckoview.autoplay.request` is false, `media.autoplay.default` appears to be used instead
// https://searchfox.org/firefox-main/rev/82e2435f/modules/libpref/init/StaticPrefList.yaml#12909
defaultPref("media.autoplay.default", 5);
defaultPref("media.geckoview.autoplay.request.testing", 2); // [DEFAULT: 0 - Follows the Autoplay site permission]

/// Configure the media autoplay blocking policy
// https://wiki.mozilla.org/Media/block-autoplay#What_strategy_does_Firefox_use_for_blocking_autoplay?
// Values are:
// 0 (Default): Sticky - Autoplay is blocked until the user interacts with a page, and is allowed indefinitely (until the user refreshes the page or navigates to a different page)
// 1: Transient - Autoplay is blocked until the user interacts with a page, BUT it is only allowed until a certain amount of time passes (controlled by `dom.user_activation.transient.timeout`)
// 2: Click-to-play - Autoplay is always blocked; media will only play on user interaction of the desired media
// 2 is ideal on paper (and we used to use that value, at least on Phoenix Extended), but it unfortunately causes breakage and prevents media from playing at all on certain websites - so I believe 1 is a nice balance/compromise
defaultPref("media.autoplay.blocking_policy", 1);

/// Disable Encrypted Media Extensions (EME) (DRM)
// Garbage technology with privacy, security, and freedom concerns
// https://www.w3.org/TR/encrypted-media/
// https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next
// https://celenity.dev/posts/thoughts/drm/
// (For testing: https://bitmovin.com/demos/drm)
// NOTE: EME also requires Content Decryption Modules (CDMs) to function
// By default, when EME is enabled, Firefox automatically enables/installs Google Widevine on all platforms, in addition to Microsoft PlayReady on Windows
// Unlike Firefox, when EME is enabled, we don't automatically enable any CDMs (see prefs below) - instead, we allow the user to decide which CDM they prefer to use with EME, instead of making that choice for them - allowing the user to remain in control
// NOTE: The standard "media.eme.enabled" pref only disables PROPRIETARY CDMs - Firefox on Desktop also enables an additional CDM (Clear Key: https://www.w3.org/TR/encrypted-media-2/#clear-key), which is ALWAYS active, even when the EME pref is disabled... (For reference, Clear Key has previously had security vulnerabilities: https://www.mozilla.org/security/advisories/mfsa2016-77/ (Tor Browser disables Clear Key FWIW) - and while Clear Key is open source, it still implements basic content protection (such as preventing users from downloading videos... https://bugzilla.mozilla.org/show_bug.cgi?id=1136707#c18))
// BUT: To work around this, we leverage the `media.eme.require-app-approval` pref. This pref was originally intended for Android to block EME unless the user grants permission. However, when this pref is set on Desktop, since there's no way for users to grant permission to use EME like on Android, it ends up blocking EME entirely - INCLUDING Clear Key
// (For testing Clear Key: https://cpearce.github.io/mse-eme/ + https://reference.dashif.org/dash.js/latest/samples/drm/clearkey.html)
// So essentially:
// On Desktop: want to use EME, but ONLY with an open source CDM (Clear Key)? Set `media.eme.require-app-approval` to `false` and don't touch anything else. Otherwise, set `media.eme.enabled` to `true` AND `media.eme.require-app-approval` to `false`, and enable your preferred CDM(s) below
// On Android: want to use EME at all? Set `media.eme.enabled` to `true` (Do NOT touch `media.eme.require-app-approval`), and enable your preferred CDM below (Currently Android only supports Widevine)
defaultPref("browser.eme.ui.enabled", false); // [NO-ANDROID] [NO-MAIL] UI settings/toggle
defaultPref("media.eme.enabled", false);
defaultPref("media.eme.require-app-approval", true); // [DEFAULT - Android] https://bugzilla.mozilla.org/show_bug.cgi?id=1620102 https://searchfox.org/firefox-main/rev/82e2435f/dom/media/eme/MediaKeySystemAccessPermissionRequest.h#17
defaultPref("media.eme.require-app-approval.prompt.testing", true); // [HIDDEN] https://searchfox.org/firefox-main/rev/881a9b31/dom/media/eme/MediaKeySystemAccessPermissionRequest.h#21
defaultPref("media.eme.require-app-approval.prompt.testing.allow", false); // [HIDDEN] https://searchfox.org/firefox-main/rev/881a9b31/dom/media/eme/MediaKeySystemAccessPermissionRequest.h#21

//// Disable the Google Widevine CDM by default (if EME is enabled)
/// https://developers.google.com/widevine/drm/overview
/// NOTE: Widevine on Desktop requires Gecko Media Plugins (GMP) - which we also disable by default, see below
defaultPref("media.gmp-widevinecdm.enabled", false); // [NO-ANDROID] [NO-MAIL]


/// Disable Gecko Media Plugins (GMP)
// This is currently only used for DRM and OpenH264 (both of which we disable)
// So this helps reduce attack surface (and unwanted network activity...)
// https://wiki.mozilla.org/GeckoMediaPlugins
// https://blog.pearce.org.nz/2019/06/firefoxs-gecko-media-plugin-eme.html
// NOTE: We previously set `media.gmp-provider.enabled` to `false`, but it turns out that pref is essentially useless... all it does is hide installed plug-ins from `about:addons` (and prevents manually triggered add-on updates from checking for GMP updates); it doesn't actually disable GMP or plug-ins installed by it, it doesn't prevent the installation or update of GMP plug-ins, etc...
// The `media.gmp-manager.updateEnabled` pref is a better fit, as it (combined with the `media.gmp-manager.allowLocalSources` pref) effectively block all GMP downloads/updates
// https://github.com/arkenfox/user.js/issues/709
defaultPref("media.gmp-manager.updateEnabled", false); // [HIDDEN]


/// Disable GMP encoding
// GMP only makes sense for decoding/media *consumption*
defaultPref("media.gmp.encoder.enabled", false); // [DEFAULT]

/// Disable GMP local sources
// When combined with `media.gmp-manager.updateEnabled`, this blocks all GMP downloads/updates
// When GMP is enabled (`media.gmp-manager.updateEnabled` set to `true`), this is still useful - as it ensures the GMP plug-ins that Firefox installs are always the latest versions available (instead of being outdated/potentially vulnerable), directly from Mozilla
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/modules/GMPInstallManager.sys.mjs#53
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/modules/GMPUtils.sys.mjs#180
defaultPref("media.gmp-manager.allowLocalSources", false);

/// Disable GMP logging by default (to expose via the `about:config`)
defaultPref("media.gmp.log.dump", false); // [HIDDEN] [DEFAULT]
defaultPref("media.gmp.log.level", 70); // [HIDDEN] Limits logging to fatal only


/// Disable OpenH264 (in favor of hardware decoding)
// Mozilla has previously shipped outdated versions of OpenH264 - ex. 2.3.2, which was ~2 years out of date... https://github.com/cisco/openh264/releases/tag/v2.3.1
// The outdated version shipped by Mozilla was subject to a high severity CVE: https://www.cve.org/CVERecord?id=CVE-2025-27091
// https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2025-27091
// Downloads were also still distributed over standard, unencrypted HTTP for a very long time, but thankfully now do appear to be distributed over HTTPS, so at least there's that
// https://searchfox.org/firefox-main/source/toolkit/content/gmp-sources/openh264.json
defaultPref("media.ffmpeg.allow-openh264", false); // [DEFAULT - Nightly]
defaultPref("media.gmp-gmpopenh264.enabled", false);
defaultPref("media.gmp-gmpopenh264.visible", false); // Don't display in UI/`about:addons`
defaultPref("media.webrtc.hw.h264.enabled", true); // [DEFAULT - Android] Enables H264 hardware decoding https://bugzilla.mozilla.org/show_bug.cgi?id=1717679

/// Enable click to play UI for certain CSS skins by default [NO-ANDROID]
// https://github.com/black7375/Firefox-UI-Fix/blob/master/css/leptonContent.css#L223 [NO-ANDROID]
// https://github.com/black7375/Firefox-UI-Fix/wiki/Options#defaults-6 [NO-ANDROID]
defaultPref("userContent.player.click_to_play", true); // [NO-ANDROID] [HIDDEN]

/// Enable the Data Decoder (RDD) process
// https://firefox-source-docs.mozilla.org/dom/ipc/process_model.html#data-decoder-rdd-process
// NOTE: Required for media playback on certain sites (ex. rumble.com, x.com) when isolated content processes
// are enabled on Android: https://bugzilla.mozilla.org/show_bug.cgi?id=1810736
// https://phabricator.services.mozilla.com/D260149
defaultPref("media.rdd-ffmpeg.enabled", true); // [DEFAULT]
defaultPref("media.rdd-ffvpx.enabled", true); // [DEFAULT - non-Android]
defaultPref("media.rdd-opus.enabled", true); // [DEFAULT - non-Android]
defaultPref("media.rdd-process.enabled", true); // [NO-ANDROID] [DEFAULT - non-Android] NOTE: This currently appears to cause memory safety issues on Android (detected via memory tagging), so for now this needs to remain disabled
defaultPref("media.rdd-vorbis.enabled", true); // [DEFAULT - non-Android]
defaultPref("media.rdd-vpx.enabled", true); // [DEFAULT - non-Android]
defaultPref("media.rdd-wav.enabled", true); // [DEFAULT - non-Android]

/// Enable hardware/platform media decoding
// https://searchfox.org/firefox-main/source/dom/media/platforms/PDMFactory.cpp
// NOTE: Required for media playback on certain sites (ex. rumble.com, x.com) when isolated content processes
// are enabled on Android: https://bugzilla.mozilla.org/show_bug.cgi?id=1810736
// https://phabricator.services.mozilla.com/D260149
defaultPref("media.ffvpx-hw.enabled", true); // [DEFAULT - Linux, Windows Nightly]
defaultPref("media.gmp.decoder.preferred", false); // [DEFAULT]
defaultPref("media.hardware-video-decoding.enabled", true); // [DEFAULT]

/// Enable hardware/platform media encoding
// https://searchfox.org/firefox-main/source/dom/media/platforms/PEMFactory.cpp
// NOTE: Required for media playback on certain sites (ex. rumble.com, x.com) when isolated content processes
// are enabled on Android: https://bugzilla.mozilla.org/show_bug.cgi?id=1810736
// https://phabricator.services.mozilla.com/D260149
defaultPref("media.ffmpeg.encoder.enabled", true); // [DEFAULT - non-Android]
defaultPref("media.gmp.encoder.preferred", false); // [DEFAULT]
defaultPref("media.hardware-video-encoding.enabled", true); // [DEFAULT]
defaultPref("media.use-remote-encoder.audio", true);
defaultPref("media.use-remote-encoder.video", true); // [NO-WINDOWS] Do not set on Windows for now, due to performance/stability issues: https://codeberg.org/celenity/Phoenix/issues/253#issuecomment-12472035

/// Enable multi-threaded media decoding
// (Improves performance...)
defaultPref("media.gmp.decoder.multithreaded", true);

/// Enable multi-threaded media encoding
// (Improves performance...)
defaultPref("media.gmp.encoder.multithreaded", true);

/// If GMP is enabled (via `media.gmp-manager.updateEnabled`), ensure that installed plug-ins are visible/exposed in `about:addons`
defaultPref("media.gmp-provider.enabled", true); // [DEFAULT - non-Thunderbird]

/// Sandbox GMP [LINUX-ONLY]
// https://searchfox.org/firefox-main/rev/82e2435f/dom/media/gmp/GMPServiceParent.cpp#1039 [LINUX-ONLY]
defaultPref("media.gmp.insecure.allow", false); // [LINUX-ONLY] [DEFAULT]

/// Use the more confined utility process for media decoding
// https://firefox-source-docs.mozilla.org/dom/ipc/process_model.html#data-decoder-rdd-process
// https://docs.google.com/document/d/1WDEY5fQetK_YE5oxGxXK9BzC1A8kJP3q6F1gAPc2UGE/edit
defaultPref("media.allow-audio-non-utility", false); // [DEFAULT - non-iOS]
defaultPref("media.utility-process.enabled", true); // [DEFAULT]

defaultPref("browser.phoenix.status", "013");

/*** 014 ATTACK SURFACE REDUCTION ***/

/// Disable ASM.JS
// https://rh0dev.github.io/blog/2017/the-return-of-the-jit/
defaultPref("javascript.options.asmjs", false); // [DEFAULT] https://bugzilla.mozilla.org/show_bug.cgi?id=2002635

/// Disable Graphite & SVG OpenType fonts
// https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=firefox+graphite
// https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=firefox+svg
defaultPref("gfx.font_rendering.graphite.enabled", false);
defaultPref("gfx.font_rendering.opentype_svg.enabled", false);

/// Disable JavaScript Just-in-time Compilation (JIT)
// https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/
// https://firefox-source-docs.mozilla.org/js/index.html#javascript-jits
// https://codeberg.org/rusty-snake/firefox-config/src/commit/c8c157b28aad9a52d3bca63b3152b4d11fd62093/assets/user-overrides.js#L46
// https://codeberg.org/celenity/Phoenix/issues/93
// NOTE: Unfortunately, for WebAssembly (WASM) to function, either WASM-Baseline (javascript.options.wasm_baselinejit) OR WASM-Ion (javascript.options.wasm_optimizingjit) MUST be enabled. I've chosen to disable WASM-Ion here, as I think that's the safer bet, due to it having a larger attack surface than WASM-Baseline.
defaultPref("javascript.options.baselinejit", false); // Baseline Compiler
defaultPref("javascript.options.ion", false); // WarpMonkey
defaultPref("javascript.options.jithints", false); // Eager baseline hints https://bugzilla.mozilla.org/show_bug.cgi?id=1831572
// Disabling main process jit breaks translations https://bugzilla.mozilla.org/show_bug.cgi?id=2019140#c31
// defaultPref("javascript.options.main_process_disable_jit", true); // [DEFAULT - iOS] Disable all JITs for the (critical/especially sensitive) parent process https://searchfox.org/firefox-main/rev/1c6a8b56/xpcom/build/XPCOMInit.cpp#239 https://firefox-source-docs.mozilla.org/dom/ipc/process_model.html#parent-process
defaultPref("javascript.options.native_regexp", false); // irregexp JIT, for regex evaluation https://searchfox.org/firefox-main/rev/dc1c78e9/modules/libpref/init/StaticPrefList.yaml#8741 https://searchfox.org/firefox-main/rev/dc1c78e9/js/xpconnect/src/XPCJSContext.cpp#901
defaultPref("javascript.options.wasm_optimizingjit", false); // WASM-Ion (BaldrMonkey)

/// Disable JPEG-XL
// https://github.com/mozilla/standards-positions/pull/1064
defaultPref("image.jxl.enabled", false); // [DEFAULT]

/// Disable MathML
// https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=mathml 
defaultPref("mathml.disabled", true);

/// Disable shared memory allocation from the parent process to content processes
// https://searchfox.org/firefox-main/rev/dc1c78e9/modules/libpref/init/StaticPrefList.yaml#9130
// https://searchfox.org/firefox-main/rev/dc1c78e9/dom/ipc/ContentParent.cpp#2415
// (For reference, Firefox disables this alongside other JITs in Safe mode: https://searchfox.org/firefox-main/rev/dc1c78e9/js/xpconnect/src/XPCJSContext.cpp#904)
defaultPref("javascript.options.self_hosted.use_shared_memory", false);

/// Disable SharedArrayBuffer using window.postMessage
// https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/SharedArrayBuffer
// https://developer.mozilla.org/docs/Web/API/Window/postMessage
// https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
// https://github.com/tc39/ecma262/issues/1435
// By default, Firefox restricts the use of SharedArrayBuffer - this fully disables it.
defaultPref("dom.postMessage.sharedArrayBuffer.bypassCOOP_COEP.insecure.enabled", false); // [DEFAULT]
defaultPref("dom.postMessage.sharedArrayBuffer.withCOOP_COEP", false); // [NO-MAIL]

/// Disable WebVR/WebXR
// https://developer.mozilla.org/docs/Web/API/WebXR_Device_API
defaultPref("permissions.default.xr", 2); // [HIDDEN - Android/Thunderbird]

/// Disable XSLT
// https://bugzilla.mozilla.org/show_bug.cgi?id=1998002
defaultPref("dom.xslt.enabled", false);

/// If JIT (Ion/WarpMonkey) is disabled, also disable it for extensions
// This is the default, but it's hidden - so setting it here lets us expose it...
// https://bugzilla.mozilla.org/show_bug.cgi?id=1599226
defaultPref("javascript.options.jit_trustedprincipals", false); // [HIDDEN] [DEFAULT]

defaultPref("browser.phoenix.status", "014");

/*** 015 PASSWORDS & AUTHENTICATION ***/

/// Allow filling passwords on all websites, even if they try to block it...
// https://bugzilla.mozilla.org/show_bug.cgi?id=956906
// https://blog.0xbadc0de.be/archives/124
defaultPref("signon.storeWhenAutocompleteOff", true); // [DEFAULT]

/// Always display a `reveal password` button in `password` `<input>` types 
// https://developer.mozilla.org/docs/Web/HTML/Element/input/password
defaultPref("layout.forms.reveal-password-button.enabled", true);

/// Always prompt for access to "extended information" (direct attestation) of security keys
// https://bugzilla.mozilla.org/show_bug.cgi?id=1981587
lockPref("security.webauthn.always_allow_direct_attestation", false); // [NO-MAIL] [DEFAULT]


/// Disable Autofill
defaultPref("signon.autofillForms", false);
defaultPref("signon.autofillForms.http", false); // [DEFAULT]

/// Disable Basic authentication over HTTP
// This makes it require secure HTTPS
// https://chromeenterprise.google/policies/#BasicAuthOverHttpEnabled
// https://bugzilla.mozilla.org/show_bug.cgi?id=1763671
defaultPref("network.http.basic_http_auth.enabled", false);

/// Disable formless capture of log-in credentials
// This gets very complicated very fast, and there's very little documentation on this - but TL;DR:
// Firefox's built-in password manager has historically prompted users to save passwords by detecting standard <form> elements and waiting for specific events (ex. `onsubmit`)
// The problem is that not all websites use <form> elements for password fields, meaning Firefox can't always use this standard method.
// So, in order to detect these "formless" password entries (to ask users whether they want to save the password), Firefox uses a heuristic that temporarily monitors & stores user keystrokes...
// Note that with this disabled, Firefox will still show a password icon in the URL bar that allows you to store credentials, this only impacts the actual pop-up (for sites with these "formless" password entires)
// Unfortunately, it appears that Fenix doesn't support showing a password icon in the URL bar like Firefox on desktop does - so we're going to override this (`signon.formlessCapture.enabled`) for Android (but we'll still keep formless capture disabled in private browsing with `signon.privateBrowsingCapture.enabled`, and we still disable the password manager itself by default anyways...)
// https://bugzilla.mozilla.org/show_bug.cgi?id=1119035#c2
// https://bugzilla.mozilla.org/show_bug.cgi?id=1166947
// https://bugzilla.mozilla.org/show_bug.cgi?id=1119077#c1
defaultPref("signon.formlessCapture.enabled", false); // [NO-ANDROID]
defaultPref("signon.privateBrowsingCapture.enabled", false);

/// Disable Microsoft SSO
// https://www.microsoft.com/security/business/identity-access/microsoft-entra-single-sign-on
// https://support.mozilla.org/kb/windows-sso
defaultPref("network.http.microsoft-entra-sso.container-enabled.0", false);
defaultPref("network.http.microsoft-entra-sso.enabled", false); // [DEFAULT]
defaultPref("network.http.windows-sso.container-enabled.0", false);
defaultPref("network.http.windows-sso.enabled", false); // [DEFAULT]
defaultPref("network.microsoft-sso-authority-list", ""); // DEFENSE IN DEPTH

/// Disable NTLM
// https://www.silverfort.com/blog/understanding-the-security-risks-of-ntlm/
// https://htmlpreview.github.io/?https://github.com/mdn/archived-content/blob/main/files/en-us/mozilla/integrated_authentication/raw.html
// https://mozilla.github.io/policy-templates/#authentication
defaultPref("network.auth.force-generic-ntlm", false); // [DEFAULT]
defaultPref("network.auth.force-generic-ntlm-v1", false); // [DEFAULT]
defaultPref("network.automatic-ntlm-auth.allow-non-fqdn", false); // [DEFAULT]
defaultPref("network.automatic-ntlm-auth.allow-proxies", false);
defaultPref("network.automatic-ntlm-auth.trusted-uris", ""); // [DEFAULT]

/// Disable NTLM/SPNEGO SSO in Private Browsing
// https://htmlpreview.github.io/?https://github.com/mdn/archived-content/blob/main/files/en-us/mozilla/integrated_authentication/raw.html
// https://mozilla.github.io/policy-templates/#authentication
defaultPref("network.auth.private-browsing-sso", false); // [DEFAULT] [DEFENSE IN DEPTH]

/// Disable Password Manager by default - Insecure & unencrypted
// You should instead use a proper solution (ex. Bitwarden)
// https://www.wired.com/2016/08/browser-password-manager-probably-isnt-enough/
// https://support.mozilla.org/kb/manage-your-logins-firefox-password-manager
// https://wiki.mozilla.org/Firefox/Features/Form_Autofill
defaultPref("browser.preferences.config_warning.warningPasswordManager.dismissed", true); // [NO-ANDROID] [NO-MAIL] [HIDDEN] By default, when `privacy.ui.status_card` is enabled, Firefox displays a warning (at `about:preferences#privacy`) when the password manager is disabled, and encourages users to re-enable it due to it affecting "privacy and security". This warning is inaccurate/questionable; we disable this intentionally, and shouldn't nag users to re-enable it.
defaultPref("extensions.formautofill.addresses.enabled", false);
defaultPref("extensions.formautofill.addresses.supported", "on"); // This feature is currently only exposed in certain regions by default. We set the browser's region to a dummy value ("XX"), so we need to skip that region check and ensure this is always available.
defaultPref("extensions.formautofill.creditCards.enabled", false);
defaultPref("extensions.formautofill.creditCards.supported", "on"); // [DEFAULT]
defaultPref("signon.rememberSignons", false); // [NO-MAIL]

/// Disable password truncation
// https://www.ghacks.net/2020/05/18/firefox-77-wont-truncate-text-exceeding-max-length-to-address-password-pasting-issues/
defaultPref("editor.truncate_user_pastes", false);

/// Disable SPNEGO
// https://www.ibm.com/think/x-force/critical-remote-code-execution-vulnerability-spnego-extended-negotiation-security-mechanism
// https://htmlpreview.github.io/?https://github.com/mdn/archived-content/blob/main/files/en-us/mozilla/integrated_authentication/raw.html
// https://people.redhat.com/mikeb/negotiate/
// https://mozilla.github.io/policy-templates/#authentication
defaultPref("network.negotiate-auth.allow-non-fqdn", false); // [DEFAULT]
defaultPref("network.negotiate-auth.allow-proxies", false);
defaultPref("network.negotiate-auth.delegation-uris", ""); // [DEFAULT]
defaultPref("network.negotiate-auth.trusted-uris", ""); // [DEFAULT] Modified by ex. RedHat/Fedora

/// Enable alerts for breached and vulnerable passwords (if the Password Manager is enabled) by default [NO-ANDROID] [NO-MAIL]
// Harmless, never sends passwords or sensitive data to Mozilla [NO-ANDROID] [NO-MAIL]
// https://support.mozilla.org/kb/firefox-password-manager-alerts-breached-websites [NO-ANDROID] [NO-MAIL]
// https://support.mozilla.org/kb/mozilla-monitor-faq#w_does-mozilla-monitor-know-my-passwords [NO-ANDROID] [NO-MAIL]
// https://blog.mozilla.org/security/2018/06/25/scanning-breached-accounts-k-anonymity/ [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.trustPanel.breachAlerts", true); // [NO-ANDROID] [NO-MAIL] [HIDDEN] Warn if a site has had a breach from the Unified Trust Panel (if enabled) https://searchfox.org/firefox-main/rev/d81da5ef/browser/base/content/browser-trustPanel.js#533
defaultPref("signon.management.page.breach-alerts.enabled", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
defaultPref("signon.management.page.vulnerable-passwords.enabled", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

/// Enable anti-spoof confirmation prompts
defaultPref("network.auth.confirmAuth.enabled", true);

/// Enable strong password generation (if the Password Manager is enabled) by default
defaultPref("signon.generation.enabled", true); // [DEFAULT]

/// If the PaymentRequest API is enabled, ensure we always require user interaction...
defaultPref("dom.payments.request.user_interaction_required", true); // [DEFAULT]

/// Prevent cross-origin sub-resources from opening HTTP authentication dialogs to protect against phishing
// (Meaning dialogs for embedded items are only presented when originating from the same site)
// https://support.mozilla.org/questions/1245144
defaultPref("network.auth.non-web-content-triggered-resources-http-auth-allow", false); // [NO-MAIL] [DEFAULT - non-Thunderbird]
defaultPref("network.auth.subresource-http-auth-allow", 1); // [NO-MAIL]
defaultPref("network.auth.subresource-img-cross-origin-http-auth-allow", false); // [DEFAULT - non-Thunderbird]

/// Protect against password spoofing for cross-domain auth requests [NO-ANDROID] [NO-MAIL]
// https://bugzilla.mozilla.org/show_bug.cgi?id=791594 [NO-ANDROID] [NO-MAIL]
defaultPref("privacy.authPromptSpoofingProtection", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

defaultPref("browser.phoenix.status", "015");

/*** 016 EXTENSIONS ***/

/// Allow enabling/disabling extensions per-container (if containers are enabled)
// This could allow for some extremely useful use-cases...
// Ex. With the Multi-Account Containers extension, you could use this to only allow certain extensions to access certain websites, regardless of the extension's permissions
defaultPref("extensions.userContextIsolation.defaults.restricted", "[]"); // [HIDDEN] [DEFAULT]
defaultPref("extensions.userContextIsolation.enabled", true); // [HIDDEN]

/// Allow certain trustworthy extensions to run on restricted/quarantined domains by default
defaultPref("extensions.quarantineIgnoredByUser.{290ce447-2abb-4d96-8384-7256dd4a1c43}", true); // Runet Censorship Bypass
defaultPref("extensions.quarantineIgnoredByUser.{446900e4-71c2-419f-a6a7-df9c091e268b}", true); // Bitwarden
defaultPref("extensions.quarantineIgnoredByUser.{5d0d1f87-5991-42d3-98c3-54878ead1ed1}", true); // Censor Tracker
defaultPref("extensions.quarantineIgnoredByUser.{6c00218c-707a-4977-84cf-36df1cef310f}", true); // Port Authority
defaultPref("extensions.quarantineIgnoredByUser.{73a6fe31-595d-460b-a920-fcc0f8843232}", true); // NoScript
defaultPref("extensions.quarantineIgnoredByUser.{b86e4813-687a-43e6-ab65-0bde4ab75758}", true); // LocalCDN
defaultPref("extensions.quarantineIgnoredByUser.{d19a89b9-76c1-4a61-bcd4-49e8de916403}", true); // Mullvad
defaultPref("extensions.quarantineIgnoredByUser.78272b6fa58f4a1abaac99321d503a20@proton.me", true); // Proton Pass
defaultPref("extensions.quarantineIgnoredByUser.adguard-vpn@adguard.com", true); // AdGuard VPN
defaultPref("extensions.quarantineIgnoredByUser.adguardadblocker@adguard.com", true); // AdGuard
defaultPref("extensions.quarantineIgnoredByUser.crxviewer-firefox@robwu.nl", true); // Extension source viewer - important since we add AMO (`addons.mozilla.org`) to our restricted/quarantined domain list
defaultPref("extensions.quarantineIgnoredByUser.foxyproxy@eric.h.jung", true); // FoxyProxy
defaultPref("extensions.quarantineIgnoredByUser.foxyproxy-basic@eric.h.jung", true); // FoxyProxy Basic
defaultPref("extensions.quarantineIgnoredByUser.idcac-pub@guus.ninja", true); // I still don't care about cookies
defaultPref("extensions.quarantineIgnoredByUser.jid1-BoFifL9Vbdl2zQ@jetpack", true); // Decentraleyes
defaultPref("extensions.quarantineIgnoredByUser.jid1-KtlZuoiikVfFew@jetpack", true); // GNU LibreJS
defaultPref("extensions.quarantineIgnoredByUser.jid1-MnnxcxisBPnSXQ@jetpack", true); // Privacy Badger
defaultPref("extensions.quarantineIgnoredByUser.jid1-MnnxcxisBPnSXQ-eff@jetpack", true); // Privacy Badger (from eff.org)
defaultPref("extensions.quarantineIgnoredByUser.keepassxc-browser@keepassxc.org", true); // KeePassXC-Browser
defaultPref("extensions.quarantineIgnoredByUser.skipredirect@sblask", true); // Skip Redirect
defaultPref("extensions.quarantineIgnoredByUser.uBlock0@raymondhill.net", true); // uBlock Origin
defaultPref("extensions.quarantineIgnoredByUser.uBOLiteRedux@raymondhill.net", true); // uBlock Origin Lite
defaultPref("extensions.quarantineIgnoredByUser.vpn@proton.ch", true); // Proton VPN
defaultPref("extensions.quarantineIgnoredByUser.@testpilot-containers", true); // Firefox Multi-Account Containers

/// Always allow installing "incompatible" add-ons
// Especially useful on Android & Thunderbird...
defaultPref("extensions.strictCompatibility", false); // [DEFAULT - non-Thunderbird Release/Beta]

/// Always run extensions OOP (out of process...)
// https://bugzilla.mozilla.org/show_bug.cgi?id=1613141
// https://bugzilla.mozilla.org/show_bug.cgi?id=1880856
// https://groups.google.com/g/tb-planning/c/p4MUTMNYBVo
defaultPref("extensions.webextensions.remote", true); // [DEFAULT]

/// Block extensions signed with weak signature algorithms [NO-MAIL]
defaultPref("xpinstall.signatures.weakSignaturesTemporarilyAllowed", false); // [NO-MAIL] [HIDDEN] [DEFAULT]

/// Clear default list of sites allowed to install add-ons
lockPref("xpinstall.whitelist.add", ""); // [HIDDEN - non-Android] [DEFAULT - non-Android]


/// Disable add-on sideloading
// Only allows installing extensions from profile & application directories (Prevents extensions being installed from the system/via other software)
// https://web.archive.org/web/20220608121322/https://mike.kaply.com/2012/02/21/understanding-add-on-scopes/
// https://support.mozilla.org/kb/deploying-firefox-with-extensions
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/mozapps/extensions/internal/AddonSettings.sys.mjs#125
defaultPref("extensions.autoDisableScopes", 15); // [DEFAULT - non-Thunderbird] Defense in depth, ensures sideloaded extensions are always disabled by default... (Not locked for desktop because it can be useful in certain instances, ex. for those who use impermanence)
defaultPref("extensions.enabledScopes", 5); // [HIDDEN]
defaultPref("extensions.installDistroAddons", false); // [HIDDEN - non-Android] [DEFAULT - Android]
defaultPref("extensions.sideloadScopes", 0); // [HIDDEN]
defaultPref("extensions.startupScanScopes", 0); // [HIDDEN - Android] [DEFAULT - non-Thunderbird]

/// Disable the AMO Abuse Report API (`navigator.mozAddonManager.reportAbuse`)
// This depends on mozAddonManager anyways, which we disable below
// Users can still report add-ons from within Firefox using the standard form (`extensions.addonAbuseReport.url`), this just prevents using the API from the browser itself directly
// https://mozilla.github.io/addons-server/topics/api/abuse.html
defaultPref("extensions.addonAbuseReport.url", "");

/// Disable arbitrary content script execution for extension (moz-extension) documents by default
// https://bugzilla.mozilla.org/show_bug.cgi?id=2011234
// https://searchfox.org/firefox-main/rev/da6c7924/toolkit/components/extensions/WebExtensionPolicy.cpp#959
// https://searchfox.org/firefox-main/rev/da6c7924/toolkit/components/extensions/WebExtensionPolicy.cpp#999
defaultPref("extensions.webextensions.allow_executeScript_in_moz_extension", false); // [DEFAULT - Nightly]

/// Disable installation of add-ons by default [DESKTOP]
// We also reset this per-session by setting it as a user pref in `phoenix-user-pref.cfg` [DESKTOP]
// Includes extensions and themes
// Does NOT apply to Android's `Recommended` extensions (collections) found at `Settings` -> `Advanced` -> `Extensions`
// This doesn't impact already installed add-ons and add-ons installed by policies
// Firefox (on Desktop) and Thunderbird will prompt to re-enable this when necessary
// Unfortunately Android doesn't have a prompt like this :( - so we won't disable this by default there - but we'll still set the pref to `true` to expose it via the `about:config` 
// We're also setting this as a user pref, which is quite nice from a security perspective - as it allows users to enable this functionality only when it's necessary...
// Ex: A user attempts to install an extension, sees the extra prompt/warning, and selects `Enable` (which temporarily sets this pref to `true`...). The user then proceeds to install the extension. On the next launch of Firefox/Thunderbird, this pref is reset back to `false`, meaning the ability to install extensions is fully disabled without them even thinking about it
defaultPref("xpinstall.enabled", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN] So the default is `false`

/// Disable mozAddonManager
// mozAddonManager has various privacy (fingerprinting) and security (added attack surface) concerns.
// It also bypasses the permission prompt to install add-ons, and prevents add-ons (like uBlock Origin) from working on `addons.mozilla.org` (`addons.thunderbird.net` for Thunderbird).
// Note that disabling mozAddonManager unfortunately breaks installation of extensions from `addons.mozilla.org` on Android. It also typically breaks installation of extensions from `addons.thunderbird.net` on Thunderbird as well, but we have a clever work-around for Dove.
// https://bugzilla.mozilla.org/show_bug.cgi?id=1952390#c4
// https://bugzilla.mozilla.org/show_bug.cgi?id=1384330
// https://github.com/thunderbird/addons-server/issues/332
defaultPref("extensions.webapi.enabled", false); // [NO-ANDROID] [NO-MAIL]
defaultPref("extensions.webapi.testing", false); // [DEFAULT] Disables mozAddonManager on Mozilla testing domains
defaultPref("extensions.webapi.testing.http", false); // [DEFAULT] Disables mozAddonManager on Mozilla testing domains using insecure protocols
defaultPref("privacy.resistFingerprinting.block_mozAddonManager", true); // [NO-ANDROID] [NO-MAIL]

/// Enable Add-on Distribution Control (Install Origins)
// Prevents extensions being installed from websites that they don't specify in their manifest
// https://groups.google.com/g/firefox-dev/c/U7GpHE4R-ZY
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs#341
defaultPref("extensions.install_origins.enabled", true);

/// Enable optional permission prompts
// https://bugzilla.mozilla.org/show_bug.cgi?id=1392176
defaultPref("extensions.webextOptionalPermissionPrompts", true); // [DEFAULT]

/// Enable Mozilla's Extension Blocklist
defaultPref("extensions.blocklist.enabled", true); // [DEFAULT]

/// Enable Manifest V3
// https://blog.mozilla.org/addons/2022/05/18/manifest-v3-in-firefox-recap-next-steps/
defaultPref("extensions.manifestV3.enabled", true); // [DEFAULT]

/// Enable restricted/quarantined domains by default, and use our own list instead of Mozilla's
// Mozilla's list unfortunately hasn't been updated in ~2 years (FWIW: Our list includes all of their entries in addition to our own)
// We can use this to prevent less trustworthy add-ons from running on sensitive websites, while still allowing important/legitimate ones and content blockers (like uBlock Origin) to run on them
// Also useful, since we disable Mozilla's restrictions on certain domains that prevent ALL extensions from running on them (like AMO) - so we can add back some level of protection there
// Domains we add here can include downloads for add-ons/software, payment/banking, medical/health, password managers, sign-in pages, file storage, etc.
// Firefox on Desktop also shows a UI when the user is on a restricted domain, and to indicate which add-ons can't run
// https://support.mozilla.org/kb/quarantined-domains
// Mozilla's current list: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/addons-manager-settings/changeset?_expected=0
defaultPref("extensions.remoteSettings.disabled", true); // [HIDDEN] Used for downloading/updating Mozilla's list https://searchfox.org/firefox-main/source/toolkit/mozapps/extensions/docs/AMRemoteSettings-overview.rst
defaultPref("extensions.quarantinedDomains.enabled", true); // [DEFAULT]
defaultPref("extensions.quarantinedDomains.list", "autoatendimento.bb.com.br,ibpf.sicredi.com.br,ibpj.sicredi.com.br,internetbanking.caixa.gov.br,www.ib12.bradesco.com.br,www2.bancobrasil.com.br,10.0.0.1,192.168.1.1,192.168.50.1,1password.ca,1password.com,1password.eu,365online.com,account.amd.com,account.apple.com,account.asus.com,account.brave.com,account.collegeboard.org,account.live.com,account.microcenter.com,account.microsoft.com,account.nordpass.com,account.proton.me,account.sony.com,account.t-mobile.com,account-api.proton.me,accounts.1password.ca,accounts.1password.com,accounts.1password.eu,accounts.ent.1password.com,accounts.fedoraproject.org,accounts.firefox.com,accounts.google.com,accounts.nintendo.com,accounts.pixiv.net,accounts.scdn.co,accounts.snapchat.com,accounts.spotify.com,acs-home-prod-login-fde-hhd4d2h9drbfg7hy.a02.azurefd.net,addons.allizom.org,addons.mozilla.org,addons.thunderbird.net,admin.google.com,adyen.com,agrd.io,agreementexpress.net,alipay.com,alipayobjects.com,alipayplus.com,amazon.syf.com,amazonpay.in,amp.pandora.com,anz.com,anz.com.au,ap.www.namecheap.com,apay-us.amazon.com,api.pnc.com,api.stripe.com,api-auth.soundcloud.com,app.1password.ca,app.1password.com,app.1password.eu,app.advancedmd.com,app.dashlane.com,app.privacy.com,app.tuta.com,appleconnect.apple.com,appleid.apple.com,appleid.cdn-apple.com,applepay.cdn-apple.com,apply.commonapp.org,apps.apple.com,apps.microsoft.com,apps.obtainium.imranr.dev,api-dashboard.search.brave.com,apt.izzysoft.de,archive.mozilla.org,archlinux.org,argenta.be,artists.soundcloud.com,artists.spotify.com,asrock.com,asrockchina.com.cn,assets.loginwithamazon.com,att-yahoo.att.net,attestation.app,aur.archlinux.org,auth.adguard.io,auth.adguardaccount.com,auth.calibour.com,auth.hulu.com,auth.meta.com,auth.max.com,auth.mozilla.auth0.com,auth.openai.com,auth.services.adobe.com,auth.sharefile.io,auth.synchronybank.com,auth.uber.com,auth.wikimedia.org,auth.zennioptical.com,b.stripecdn.com,bancogalicia.com.ar,bank99.at,bankaust.com.au,bankaustria.at,bankdirekt.at,bankeasy.com,bankofamerica.com,bankofireland.com,bankvic.com.au,belfius.be,belkart.by,belveb.by,bendigobank.com.au,binance.com,binance.us,bisq.network,bitpay.com,bitwarden.com,bkash.com,bnpparibasfortis.be,bobpony.com,braintree-api.com,braintreegateway.com,brave.com,brave-browser-apk-beta.s3.brave.com,brave-browser-apk-nightly.s3.brave.com,brave-browser-apk-release.s3.brave.com,build.opensuse.org,businessaccess.citibank.citigroup.com,businessonline-boi.com,cakepay.com,cakewallet.com,calendar.proton.me,calyxos.org,cardcomplete.com,cash.app,cbaccount.collegeboard.org,cbzsecure.com,cdn.akamai.steamstatic.com,cdn.mullvad.net,cdn.plaid.com,cdn.sso.mozilla.com,cdimage.debian.org,checkout.com,checkout.stripe.com,coinspot.com.au,commbank.com.au,console.accrescent.app,console.aws.amazon.com,console.calibour.com,console.cloud.google.com,consumer.intel.com,copr.fedorainfracloud.org,creditcall.com,crelan.be,cromite.org,dash.cloudflare.com,developer.apple.com,developer.nvidia.com,discord.gg,dist.torproject.org,dl.google.com,donate.torproject.org,download.cdn.mozilla.net,download.fedoraproject.org,download.gigabyte.com,download.lineageos.org,download.mozilla.org,download-installer.cdn.mozilla.net,download-installer-origin.cdn.mozilla.net,download-origin.cdn.mozilla.net,drive.google.com,drive.proton.me,dsadata.intel.com,easybanking.unifi-digitalbanking.com,easybankint.com,ebanking.easybank.at,eff.org,ente.io,epicmychart.nychhc.org,epicmychart.optum.com,etoro.com,f-droid.org,fdroid.ironfoxoss.org,fdroid.link,fedoraproject.org,flatex.at,flathub.org,flex.okta.com,franciscanmychart.org,franklincollege.okta.com,ftp.eu.mozilla.org,ftp.mozilla.org,ftp.prod.mozaws.net,ftp.prod.mozilla.org,ftp-ssl.mozilla.org,ftp-test.mozilla.org,galicia.ar,gateway.bank,gatewaybank.bank,gatewaybank.com.au,gatewayfirst.com,gds.google.com,geogroup.okta.com,george.sparkasse.at,george-business.sparkasse.at,gfgsa.com,google-admin.corp.google.com,grapheneos.org,greasyfork.org,guardarian.com,heartland.us,heartlandpaymentsystems.com,heartlandportico.com,hellobank.be,hendrick.okta.com,hpc.freedompay.com,hsbc.com,hsbc.com.au,icard.com,id.fedoraproject.org,id.sonyentertainmentnetwork.com,id.spectrum.net,identity.corp.google.com,identity.doordash.com,identity.eset.com,identity.gtm.eset.com,identity.kde.org,identity.lego.com,identity.walmart.com,idmsa.apple.com,idmsa.apple.com.cn,idmsac.apple.com,idp.ddp.akoya.com,idp.iam.mozilla.com,iforgot.apple.com,ing.com,ing.com.au,ingwb.com,iparitet.by,ironfoxoss.org,itsme-id.com,js.stripe.com,kairoscope.org,kbc.be,kdrp.okta.com,keytradebank.be,klarna.com,kraken.com,laptop-updates.brave.com,lastpass.com,lineageos.org,login.aa.com,login.advancedmd.com,login.amd.com,login.aol.com,login.corp.google.com,login.disney.com,login.eset.com,login.gov,login.kroger.com,login.live.com,login.mailbox.org,login.microsoftonline.com,login.nvgs.nvidia.com,login.okta.com,login.sparkasse.at,login.tailscale.com,login.wikimedia.org,login.yahoo.com,login.yahoo.net,login.xfinity.com,login-app.advancedmd.com,login-dev.advancedmd.com,login-no1a.www.tiktok.com,login3.id.hp.com,login4.fisglobal.com,lowes.syf.com,m.stripe.com,m.stripe.network,magic.falcon-2-eu.veriff.me,magic.veriff.me,mail.proton.me,mailbox.org,marmon.okta.com,matrix.to,mblogin.verizonwireless.com,mebank.com.au,merchant-ui-api.stripe.com,microg.org,mirrorbits.lineageos.org,linuxmint.com,login.pnc.com,molly.im,monero.com,mpay24.com,msauth.net,msauthimages.net,msdl.gravesoft.dev,msftauth.net,msftauthimages.net,msp.nordpass.com,mt-bank.net,mtb.com,mullvad.net,my.calibour.com,my.collegeboard.org,my.dish.com,my.disney.com,my.eir.ie,myaccount.google.com,myaccount.microsoft.com,myaccounts.wizards.com,mychart.albanymed.org,mychart.asante.org,mychart.atlantichealth.org,mychart.austinregionalclinic.com,mychart.azacp.com,mychart.bmc.org,mychart.carolinaeasthealth.com,mychart.ccf.org,mychart.centracare.com,mychart.childrenscolorado.org,mychart.clevelandclinic.org,mychart.crmcwy.org,mychart.duly.com,mychart.ecommunity.com,mychart.hopkinsmedicine.org,mychart.inova.org,mychart.kansashealthsystem.com,mychart.lovelace.com,mychart.mainehealth.org,mychart.med.utah.edu,mychart.metrohealth.net,mychart.multicare.org,mychart.mwhc.com,mychart.nghs.com,mychart.nortonhealthcare.org,mychart.ohiohealth.com,mychart.orlandohealth.com,mychart.premierhealthpartners.org,mychart.selfregional.org,mychart.sfdph.org,mychart.sih.net,mychart.stcharleshealthcare.org,mychart.texashealth.org,mychart.tmcaz.com,mychart.uchospitals.edu,mychart.uconn.edu,mychart.uihealthcare.org,mychart.uillinois.edu,mychart.upstate.edu,mychart.urmc.rochester.edu,mychartonline.umassmemorial.org,myhealthchart.com,mysignins.microsoft.com,mysinaichicago.org,mystate.com.au,nab.com.au,nmi.com,nordaccount.com,nordpass.com,nordstrom.okta.com,noscript.net,novantmychart.org,nrc.okta.com,oauth.xfinity.com,oidc.idp.clogin.att.com,ok1static.oktacdn.com,ok2static.oktacdn.com,ok7static.oktacdn.com,okta.jumbo.com,oldsecond.com,onedrive.com,onedrive.live.com,online.citi.com,open-banking.pnc.com,openuserjs.org,outlook.com,outlook.office365.com,ow2-cqm-01.advancedmd.com,panel.nordpass.com,paritetbank.by,pass.proton.me,passwordreset.microsoftonline.com,passwords.google,passwords.google.com,patientportal.advancedmd.com,pay.amazon.co.jp,pay.amazon.co.uk,pay.amazon.com,pay.amazon.de,pay.amazon.es,pay.amazon.eu,pay.amazon.fr,pay.amazon.it,pay.google.com,pay.viasat.com,paybox.com,paybox.com.co,payconiq.be,payeezystrg.z19.web.core.windows.net,payments.amazon.com,payments-amazon.com,payoneer.com,payscout.com,paysend.com,payu.com,paywire.com,play.google.com,plex.direct,portal.corp.google.com,poste.dz,pp-wfe-100.advancedmd.com,ppixiv.org,privacybadger.org,probo.ddp.akoya.com,prod.idp.collegeboard.org,productdelivery.mozilla-backup.org,production.plaid.com,profile.theguardian.com,proton.me,protonapps.com,psendbank.com,qdoba-prod.us.auth0.com,raiffeisen.at,rb.okta.com,register.gitlab.gnome.org,register.mailbox.org,registerdisney.go.com,release.calyxinstitute.org,releases.celenity.dev,releases.ironfoxoss.org,releases.mozilla.org,renault-bank-direkt.de,renaultbank.es,renaultbank.fr,retoswap.com,revolut.com,rh.okta.com,rpmfusion.org,secure.chase.com,secure.informaction.com,secure.login.gov,secure.myvirtua.org,secure.pnc.com,secure.sndcdn.com,secure.soundcloud.com,secure.verizon.com,secure-api.pnc.com,secure-qa.pnc.com,securelogin.synchronybank.com,secureonline.pnc.com,secureonline.yourstatebank.com,send.vis.ee,signal.org,signin.att.com,signin.aws.amazon.com,signin.costco.com,signin.ebay.com,signin-static-js.att.com,signup.ebay.com,skydrive.com,smartpay.profitstars.com,sso.canvaslms.com,sso.fachschaften.org,sso.kroger.com,sso.mozilla.com,sso.redhat.com,start.1password.ca,start.1password.com,start.1password.eu,static.adguard.com,static.adtidy.org,stgeorge.com.au,store.epicgames.com,store.nintendo.com.hk,studio.youtube.com,tam.onecampus.com,tpeweb.paybox.com,tuta.com,u.bank,ubank.bank,ubank.com.au,ubuntu.com,unbelgin.com,unionpayintl.com,unzer.com,up.com.au,us.download.nvidia.com,usaepay.com,usbank.com,vault.bitwarden.com,vault.bitwarden.eu,venmo.com,verifone.com,viewmychart.com,vpn.proton.me,wallet.google,wallet.google.com,wallet.proton.me,wero-wallet.eu,westpac.co.nz,westpac.com.au,wiki.lineageos.org,wise.com,www.365online.com,www.chase.com,www.citi.com,www.citidirect.com,www.cromite.org,www.dashlane.com,www.debian.org,www.easybank.at,www.easybanking.net,www.eff.org,www.epicgames.com,www.firefox.com,www.franciscanmychart.org,www.gigabyte.com,www.icloud.com,www.icloud.com.cn,www.intel.com,www.lineageos.org,www.linuxmint.com,www.macquarie.com.au,www.mozilla.org,www.mychart.org,www.noscript.net,www.onlinebanking.pnc.com,www.paypal.com,www.paypalobjects.com,www.pnc.com,www.privacy.com,www.privatebank.citibank.com,www.sparkasse.at,www.synchrony.com,www.synchronymastercard.com,www.thunderbird.net,www.torproject.org,www.virustotal.com,www.wintrustbank.com,www.wintrustdigitalbanking.com,www.xmrbazaar.com,www.yourstatebank.com,xmrbazaar.com");
defaultPref("extensions.quarantinedDomains.uiDisabled", false); // [HIDDEN] [DEFAULT] UI

/// Enable userScripts
// userScripts ran this way run in separate isolated sandboxes
// https://wiki.mozilla.org/WebExtensions/UserScripts
// https://bugzilla.mozilla.org/show_bug.cgi?id=1875475
defaultPref("extensions.userScripts.mv3.enabled", true); // [DEFAULT]
defaultPref("extensions.webextensions.userScripts.enabled", true); // [DEFAULT]

/// Ensure Firefox Multi-Account Containers can access all containers by default (if installed)
defaultPref("extensions.userContextIsolation.@testpilot-container.restricted", "[]"); // [HIDDEN]

/// Ensure uBlock Origin can access all containers by default (if installed)
defaultPref("extensions.userContextIsolation.uBlock0@raymondhill.net.restricted", "[]"); // [HIDDEN]

/// Ensure Web Compatibility interventions use the MV3 API instead of the older MV2 one
// https://searchfox.org/firefox-main/rev/82e2435f/modules/libpref/init/all.js#4118
defaultPref("extensions.webcompat.useScriptingAPI", true); // [DEFAULT]

/// Harden CSP policy
// Compared to Firefox's default, this:
// Blocks scripts unless they're loaded from the same origin
// Blocks unsafe eval() - including WebAssembly (WASM)
// Upgrades network requests to HTTPS
// Etc...
defaultPref("extensions.webextensions.base-content-security-policy", "script-src 'self' 'unsafe-inline'; upgrade-insecure-requests;"); // [NO-ANDROID] `unsafe-inline` is required for Web Compatibility interventions (`about:compat`)
defaultPref("extensions.webextensions.base-content-security-policy.v3", "script-src 'self'; upgrade-insecure-requests;");
defaultPref("extensions.webextensions.base-content-security-policy.v3-with-localhost", "script-src 'self'; upgrade-insecure-requests;");
defaultPref("extensions.webextensions.default-content-security-policy", "script-src 'self'; upgrade-insecure-requests;");
defaultPref("extensions.webextensions.default-content-security-policy.v3", "script-src 'self'; upgrade-insecure-requests;"); // [DEFAULT]

/// Never allow installing extensions without first prompting the user
lockPref("extensions.postDownloadThirdPartyPrompt", false); // [HIDDEN - Android/Thunderbird] https://github.com/arkenfox/user.js/issues/1090
defaultPref("xpinstall.whitelist.directRequest", false); // [HIDDEN] For direct URL requests https://searchfox.org/firefox-main/rev/82e2435f/toolkit/mozapps/extensions/internal/XPIInstall.sys.mjs#4488
defaultPref("xpinstall.whitelist.fileRequest", false); // [HIDDEN - non-Android] [DEFAULT - Android] For `file://` requests https://searchfox.org/firefox-main/rev/82e2435f/toolkit/mozapps/extensions/internal/XPIInstall.sys.mjs#4500
lockPref("xpinstall.whitelist.required", true); // [DEFAULT] This is the `Warn you when websites try to install add-ons` setting at `about:preferences#privacy`

/// Only allow installation and updates of extensions using Firefox's built-in certificates by default
defaultPref("extensions.install.requireBuiltInCerts", true); // [HIDDEN]
defaultPref("extensions.update.requireBuiltInCerts", true); // [HIDDEN]

/// Only allow installation of signed extensions by default [NO-MAIL]
// Unfortunately not supported on Thunderbird :( [NO-MAIL]
defaultPref("extensions.langpacks.signatures.required", true); // [NO-MAIL] [DEFAULT - non-Thunderbird]
defaultPref("xpinstall.signatures.required", true); // [NO-MAIL] [DEFAULT - non-Thunderbird]

/// Prevent automatically granting MV3 extensions optional host permissions by default
// These permissions can still be enabled manually at `about:addons`, from the 'Permissions' tab at the extension's settings page
defaultPref("extensions.originControls.grantByDefault", false);

/// Prevent certain undesired extensions from running on restricted/quarantined domains
// By default, Mozilla allows all add-ons they "recommend" to run on restricted/quarantined domains: https://support.mozilla.org/kb/add-on-badges#w_recommended-extensions
// This prevents some of those add-ons from running on our list of sensitive domains
defaultPref("extensions.quarantineIgnoredByUser.{00000f2a-7cde-4f20-83ed-434fcb420d71}", false); // Imagus
defaultPref("extensions.quarantineIgnoredByUser.{1018e4d6-728f-4b20-ad56-37578a4de76b}", false); // Flagfox
defaultPref("extensions.quarantineIgnoredByUser.{154cddeb-4c8b-4627-a478-c7e5b427ffdf}", false); // PopUpOFF - Popup and overlay blocker
defaultPref("extensions.quarantineIgnoredByUser.{2e5ff8c8-32fe-46d0-9fc8-6b8986621f3c}", false); // Search by Image
defaultPref("extensions.quarantineIgnoredByUser.{32af1358-428a-446d-873e-5f8eb5f2a72e}", false); // Download All Images
defaultPref("extensions.quarantineIgnoredByUser.{3c078156-979c-498b-8990-85f7987dd929}", false); // Sidebery
defaultPref("extensions.quarantineIgnoredByUser.{4a313247-8330-4a81-948e-b79936516f78}", false); // Image Search Options
defaultPref("extensions.quarantineIgnoredByUser.{506e023c-7f2b-40a3-8066-bc5deb40aebe}", false); // Gesturefy
defaultPref("extensions.quarantineIgnoredByUser.{52bda3fd-dc48-4b3d-a7b9-58af57879f1e}", false); // Stylebot
defaultPref("extensions.quarantineIgnoredByUser.{531906d3-e22f-4a6c-a102-8057b88a1a63}", false); // SingleFile
defaultPref("extensions.quarantineIgnoredByUser.{5384767E-00D9-40E9-B72F-9CC39D655D6F}", false); // EPUBReader
defaultPref("extensions.quarantineIgnoredByUser.{54e2eb33-18eb-46ad-a4e4-1329c29f6e17}", false); // Block Site
defaultPref("extensions.quarantineIgnoredByUser.{63d150c4-394c-4275-bc32-c464e76a891c}", false); // Audio Equalizer
defaultPref("extensions.quarantineIgnoredByUser.{79b2e4de-8fb4-4ccc-b9f6-362ac2fb74b2}", false); // Measure-it
defaultPref("extensions.quarantineIgnoredByUser.{7a7a4a92-a2a0-41d1-9fd7-1e92480d612d}", false); // Stylus
defaultPref("extensions.quarantineIgnoredByUser.{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}", false); // YouTube High Definition
defaultPref("extensions.quarantineIgnoredByUser.{91aa5abe-9de4-4347-b7b5-322c38dd9271}", false); // Clippings
defaultPref("extensions.quarantineIgnoredByUser.{a6c4a591-f1b2-4f03-b3ff-767e5bedf4e7}", false); // User-Agent Switcher and Manager
defaultPref("extensions.quarantineIgnoredByUser.{a9c2ad37-e940-4892-8dce-cd73c6cbbc0c}", false); // Feedbro
defaultPref("extensions.quarantineIgnoredByUser.{b9acf540-acba-11e1-8ccb-001fd0e08bd4}", false); // Easy Youtube Video Downloader Express
defaultPref("extensions.quarantineIgnoredByUser.{b9db16a4-6edc-47ec-a1f4-b86292ed211d}", false); // Video DownloadHelper
defaultPref("extensions.quarantineIgnoredByUser.{c2c003ee-bd69-42a2-b0e9-6f34222cb046}", false); // Auto Tab Discard
defaultPref("extensions.quarantineIgnoredByUser.{c5867acc-54c9-4074-9574-04d8818d53e8}", false); // Livemarks
defaultPref("extensions.quarantineIgnoredByUser.{d07ccf11-c0cd-4938-a265-2a4d6ad01189}", false); // Web Archives
defaultPref("extensions.quarantineIgnoredByUser.{d37dc5d0-431d-44e5-8c91-49419370caa1}", false); // FoxClocks
defaultPref("extensions.quarantineIgnoredByUser.{DDC359D1-844A-42a7-9AA1-88A850A938A8}", false); // DownThemAll!
defaultPref("extensions.quarantineIgnoredByUser.{de22fd49-c9ab-4359-b722-b3febdc3a0b0}", false); // Popup Blocker (strict)
defaultPref("extensions.quarantineIgnoredByUser.{e839c3f9-298e-4cd0-99e0-464431cb7c34}", false); // Foxy Gestures
defaultPref("extensions.quarantineIgnoredByUser.{e90f5de4-8510-4515-9f67-3b6654e1e8c2}", false); // Dictionary Anywhere
defaultPref("extensions.quarantineIgnoredByUser.addon@darkreader.org", false); // Dark Reader
lockPref("extensions.quarantineIgnoredByUser.adb@mozilla.org", false); // Firefox DevTools ADB Extension
lockPref("extensions.quarantineIgnoredByUser.ads@mozac.org", false); // Mozilla Android Components - Ads Telemetry
defaultPref("extensions.quarantineIgnoredByUser.ATBC@EasonWong", false); // Adaptive Tab Bar Color
lockPref("extensions.quarantineIgnoredByUser.cookies@mozac.org", false); // Mozilla Android Components - Search Telemetry
defaultPref("extensions.quarantineIgnoredByUser.copyplaintext@eros.man", false); // Copy PlainText
defaultPref("extensions.quarantineIgnoredByUser.customscrollbars@computerwhiz", false); // Custom Scrollbars
defaultPref("extensions.quarantineIgnoredByUser.dont-track-me-google@robwu.nl", false); // Don't track me Google
lockPref("extensions.quarantineIgnoredByUser.ddg@search.mozilla.org", false); // DuckDuckGo - search engine
defaultPref("extensions.quarantineIgnoredByUser.deArrow@ajay.app", false); // DeArrow
defaultPref("extensions.quarantineIgnoredByUser.emoji@saveriomorelli.com", false); // Emoji
defaultPref("extensions.quarantineIgnoredByUser.firefox@ghostery.com", false); // Ghostery
defaultPref("extensions.quarantineIgnoredByUser.foxytab@eros.man", false); // Ghostery
defaultPref("extensions.quarantineIgnoredByUser.jid0-dsq67mf5kjjhiiju2dfb6kk8dfw@jetpack", false); // FoxyTab
defaultPref("extensions.quarantineIgnoredByUser.jid1-KdTtiCj6wxVAFA@jetpack", false); // Swift Selection Search
defaultPref("extensions.quarantineIgnoredByUser.jid1-q4sG8pYhq8KGHs@jetpack", false); // AdBlocker for YouTube™
defaultPref("extensions.quarantineIgnoredByUser.jid1-QoFqdK4qzUfGWQ@jetpack", false); // Dark Background and Light Text
defaultPref("extensions.quarantineIgnoredByUser.juraj.masiar@gmail.com_ScrollAnywhere", false); // ScrollAnywhere
defaultPref("extensions.quarantineIgnoredByUser.languagetool-webextension@languagetool.org", false); // LanguageTool
defaultPref("extensions.quarantineIgnoredByUser.leechblockng@proginosko.com", false); // LeechBlock NG
defaultPref("extensions.quarantineIgnoredByUser.linkgopher@oooninja.com", false); // Link Gopher
defaultPref("extensions.quarantineIgnoredByUser.printedit-we@DW-dev", false); // Print Edit WE
defaultPref("extensions.quarantineIgnoredByUser.s3download@statusbar", false); // Download Manager (S3)
defaultPref("extensions.quarantineIgnoredByUser.simple-tab-groups@drive4ik", false); // Simple Tab Groups
defaultPref("extensions.quarantineIgnoredByUser.snaplinks@snaplinks.mozdev.org", false); // Snap Links
defaultPref("extensions.quarantineIgnoredByUser.soundfixer@unrelenting.technology", false); // SoundFixer
defaultPref("extensions.quarantineIgnoredByUser.sponsorBlocker@ajay.app", false); // SponsorBlock
defaultPref("extensions.quarantineIgnoredByUser.stefanvandamme@stefanvd.net", false); // Turn Off the Lights
defaultPref("extensions.quarantineIgnoredByUser.tabby@whatsyouridea.com", false); // Tabby - Window and Tab Manager
defaultPref("extensions.quarantineIgnoredByUser.tranquility@ushnisha.com", false); // Tranquility Reader
defaultPref("extensions.quarantineIgnoredByUser.treestyletab@piro.sakura.ne.jp", false); // Tree Style Tabs
lockPref("extensions.quarantineIgnoredByUser.wikipedia@search.mozilla.org", false); // Wikipedia (en) - search engine
defaultPref("extensions.quarantineIgnoredByUser.worldwide@radio", false); // Worldwide Radio
defaultPref("extensions.quarantineIgnoredByUser.zoompage-we@DW-dev", false); // Zoom Page WE

/// Prevent certain undesired websites from prompting to install add-ons by default
defaultPref("xpinstall.blacklist.add.GNU", "gnuzilla.gnu.org"); // Mozzarella - Hosts very outdated versions of extensions...

/// Prevent extensions from opening pop-ups to remote websites
// https://bugzilla.mozilla.org/show_bug.cgi?id=1760608
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/extensions/ExtensionActions.sys.mjs#286
defaultPref("extensions.manifestV2.actionsPopupURLRestricted", true); // [DEFAULT - Android]

/// Prevent extensions from opening pop-ups without user interaction
// https://searchfox.org/firefox-main/rev/82e2435f/browser/components/extensions/parent/ext-browserAction.js#1071
// https://searchfox.org/firefox-main/rev/82e2435f/mobile/shared/components/extensions/ext-browserAction.js#184
defaultPref("extensions.openPopupWithoutUserGesture.enabled", false); // [DEFAULT - non-Nightly]

/// Prevent extensions from using the Gecko Profiler
// Includes certain Mozilla extensions by default
// https://firefox-source-docs.mozilla.org/tools/profiler/index.html
defaultPref("extensions.geckoProfiler.acceptedExtensionIds", ""); // [HIDDEN - Android] [DEFAULT - Android]

/// Prevent recommending search extensions [NO-ANDROID] [NO-MAIL]
// This is the "Find more search engines" link at `about:preferences#search` [NO-ANDROID] [NO-MAIL]
// If users want to add more search engines, they should add them manually using the `Add` button - or directly from the URL bar on the desired search engine. Let's not encourage them to install add-ons that are both unnecessary, and will directly compromise their privacy and security in most cases. [NO-ANDROID] [NO-MAIL]
defaultPref("browser.search.searchEnginesURL", ""); // [NO-ANDROID] [NO-MAIL]

/// Prevent unprivileged extensions from accessing experimental APIs by default
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/extensions/docs/basics.rst#142
defaultPref("extensions.experiments.enabled", false); // [DEFAULT - non-Thunderbird]

/// Prevent hiding extensions [NO-ANDROID]
lockPref("devtools.aboutdebugging.showHiddenAddons", true); // [NO-ANDROID]

/// Require resources loaded by MV2 extensions to be specified under web_accessible_resources in the extension's manifest
// (This is the default for MV3)
// https://developer.chrome.com/docs/extensions/reference/manifest/web-accessible-resources
// https://searchfox.org/firefox-main/rev/82e2435f/modules/libpref/init/StaticPrefList.yaml#6013
// https://searchfox.org/firefox-main/rev/82e2435f/caps/nsScriptSecurityManager.cpp#723
defaultPref("extensions.content_web_accessible.enabled", true);

/// Require secure origins to install add-ons
defaultPref("extensions.install.requireSecureOrigin", true); // [HIDDEN]

defaultPref("browser.phoenix.status", "016");

/*** 017 AI ***/

/// Disable all AI functionality by default
defaultPref("browser.ai.control.default", "blocked");
defaultPref("browser.ai.control.linkPreviewKeyPoints", "blocked");
defaultPref("browser.ai.control.pdfjsAltText", "blocked");
defaultPref("browser.ai.control.sidebarChatbot", "blocked");
defaultPref("browser.ai.control.smartTabGroups", "blocked");
defaultPref("browser.ai.control.smartWindow", "blocked");
defaultPref("browser.preferences.aiControls", false); // [NO-ANDROID] [NO-MAIL] Hides the AI Controls UI settings panel (about:preferences#ai)

/// Allow managing models from `about:addons`
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/mozapps/extensions/internal/ModelHubProvider.sys.mjs#18
defaultPref("extensions.htmlaboutaddons.local_model_management", true); // [DEFAULT]

/// Allow typing a custom AI chat prompt based on your selection (if pop-up when highlighting text is enabled) [NO-ANDROID] [NO-MAIL]
defaultPref("browser.ml.chat.shortcuts.custom", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

/// Disable the Firefox "AI" (Local machine learning) Runtime
// https://firefox-source-docs.mozilla.org/toolkit/components/ml/index.html
// Note that, even when this is enabled, we don't actually enable/install any AI models/functionality by default
defaultPref("browser.ml.enable", false);

/// Disable AI Chat [NO-ANDROID] [NO-MAIL]
// https://support.mozilla.org/kb/ai-chatbot [NO-ANDROID] [NO-MAIL]
defaultPref("browser.ml.chat.enabled", false); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.ml.chat.menu", false); // [NO-ANDROID] [NO-MAIL] Same issue as `browser.ml.chat.page`, this also doesn't seem to be covered by `browser.ml.chat.enabled` :/ https://github.com/mozilla/policy-templates/issues/1230#issuecomment-3412973906
defaultPref("browser.ml.chat.page", false); // [NO-ANDROID] [NO-MAIL] This disables the "Ask AI Chatbot" context menu item - for some reason this isn't covered by `browser.ml.chat.enabled`, and I'm only seeing it on my YouTube specialized config profile? https://bugzilla.mozilla.org/show_bug.cgi?id=1994785
defaultPref("browser.ml.chat.sidebar", false); // [NO-ANDROID] [NO-MAIL]

/// Disable AI/ML Autofill [NO-ANDROID]
// https://searchfox.org/firefox-esr140/source/toolkit/components/formautofill/MLAutofill.sys.mjs [NO-ANDROID]
defaultPref("extensions.formautofill.ml.experiment.enabled", false); // [NO-ANDROID] [ESR]

/// Disable AI windows/"Smart" windows [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/source/browser/components/aiwindow/ui/modules/AIWindow.sys.mjs [NO-ANDROID] [NO-MAIL]
// Appears to be similar to "Smart Assist" below, relies on OpenAI/ChatGPT [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/28d9e40f/browser/components/aiwindow/models/Utils.sys.mjs#32 [NO-ANDROID] [NO-MAIL]
defaultPref("browser.aiwindow.apiKey", ''); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
defaultPref("browser.aiwindow.enabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
defaultPref("browser.aiwindow.endpoint", ""); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.aiwindow.insights", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
defaultPref("browser.aiwindow.memories", false); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.aiwindow.model", ""); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
defaultPref("browser.smartwindow.apiKey", ''); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
defaultPref("browser.smartwindow.enabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
defaultPref("browser.smartwindow.endpoint", ""); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.smartwindow.memories", false); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.smartwindow.model", ""); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
defaultPref("browser.smartwindow.preferences.endpoint", ""); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

/// Disable Link Preview "Key Points" [NO-ANDROID] [NO-MAIL]
// Currently no-op anyways - requires `dom.postMessage.sharedArrayBuffer.withCOOP_COEP` set to `true`: https://codeberg.org/celenity/Phoenix/issues/151 [NO-ANDROID] [NO-MAIL]
// https://blog.mozilla.org/mozilla/ai/ai-tech/ai-link-previews-firefox/ [NO-ANDROID] [NO-MAIL]
defaultPref("browser.ml.linkPreview.collapsed", true); // [NO-ANDROID] [NO-MAIL] Ensure we don't prompt users to enable AI "key points" - https://codeberg.org/librewolf/settings/pulls/98#issuecomment-9002205
defaultPref("browser.ml.linkPreview.enabled", false); // [NO-ANDROID] [NO-MAIL] This disables Link Preview itself by default - if this alone is re-enabled, it'll still provide basic previews without AI
defaultPref("browser.ml.linkPreview.longPress", false); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.ml.linkPreview.optin", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
defaultPref("browser.ml.linkPreview.supportedLocales", "null"); // [NO-ANDROID] [NO-MAIL] This hides the UI toggle at `about:preferences#general`

/// Disable Page Assist [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/source/browser/components/genai/PageAssist.sys.mjs [NO-ANDROID] [NO-MAIL]
defaultPref("browser.ml.pageAssist.enabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

/// Disable Perplexity URL bar promotion [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/82e2435f/browser/components/urlbar/UrlbarPrefs.sys.mjs#229 [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.perplexity.hasBeenInSearchMode", true); // [NO-ANDROID] [NO-MAIL]

/// Disable semantic history
// https://searchfox.org/firefox-main/source/toolkit/components/places/PlacesSemanticHistoryManager.sys.mjs
defaultPref("places.semanticHistory.featureGate", false); // [HIDDEN - Android/Thunderbird] [DEFAULT - non-Nightly/Dev Firefox Desktop]

/// Disable "Smart Assist" [NO-ANDROID] [NO-MAIL]
// Currently relies on OpenAI/ChatGPT... so I'm going to be aggressive here, because I don't really want to deal with this :/ [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/source/browser/components/genai/SmartAssistEngine.sys.mjs [NO-ANDROID] [NO-MAIL]
defaultPref("browser.ml.smartAssist.apiKey", ""); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
defaultPref("browser.ml.smartAssist.enabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
defaultPref("browser.ml.smartAssist.endpoint", ""); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
defaultPref("browser.ml.smartAssist.model", ""); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
defaultPref("browser.ml.smartAssist.overrideNewTab", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

/// Disable the WebExtensions AI API
// https://firefox-source-docs.mozilla.org/toolkit/components/ml/extensions.html#webextensions-ai-api
defaultPref("extensions.ml.enabled", false);

/// Do not use AI to "suggest tabs and a name for tab groups" by default [NO-ANDROID] [NO-MAIL]
defaultPref("browser.tabs.groups.smart.enabled", false); // [NO-ANDROID] [NO-MAIL] UI
defaultPref("browser.tabs.groups.smart.optin", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
defaultPref("browser.tabs.groups.smart.userEnabled", false); // [NO-ANDROID] [NO-MAIL]

/// If Link Preview is enabled, do not censor results [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/82e2435f/browser/components/genai/LinkPreviewModel.sys.mjs#529 [NO-ANDROID] [NO-MAIL]
defaultPref("browser.ml.linkPreview.blockListEnabled", false); // [NO-ANDROID] [NO-MAIL]

/// Remove privacy-invasive AI Chatbot providers [NO-ANDROID] [NO-MAIL]
// (Anthropic Claude, ChatGPT, Google Gemini, Le Chat Mistral, and Microsoft Copilot) [NO-ANDROID] [NO-MAIL]
// Unfortunately, at the moment, this includes all of them... [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/82e2435f/browser/components/genai/GenAI.sys.mjs#74 [NO-ANDROID] [NO-MAIL]
defaultPref("browser.ml.chat.providers", ""); // [NO-ANDROID] [NO-MAIL] [HIDDEN]

/// Set the default AI Chatbot (if enabled) to DuckDuckGo [NO-ANDROID] [NO-MAIL]
// Unfortunately this is not compatible with the pop-up when selecting text [NO-ANDROID] [NO-MAIL]
// Also AFAICT currently not possible to add this as a persistent option [NO-ANDROID] [NO-MAIL]
defaultPref("browser.ml.chat.provider", "https://duck.ai/"); // [NO-ANDROID] [NO-MAIL] 

defaultPref("browser.phoenix.status", "017");

/*** 018 GEOLOCATION ***/

/// Block websites from prompting to access geolocation by default [NO-MAIL]
// `geo.prompt.testing.allow` is used when `geo.prompt.testing` is set to `true` - when `geo.prompt.testing` is set to false, the site permissions are followed like normal instead [NO-MAIL]
// https://searchfox.org/firefox-main/rev/82e2435f/dom/base/nsContentPermissionHelper.h#144 [NO-MAIL]
// https://searchfox.org/firefox-main/rev/82e2435f/dom/base/nsContentPermissionHelper.cpp#493 [NO-MAIL]
defaultPref("permissions.default.geo", 2); // [NO-ANDROID] [NO-MAIL]

/// Disable logging network geolocation requests by default
// This is already Firefox's default setting - but setting it here exposes it in the `about:config` since it's hidden
// https://searchfox.org/firefox-main/rev/83d1a08db47b91a4d53341a799745caac9c38bde/dom/system/NetworkGeolocationProvider.sys.mjs#18
defaultPref("geo.provider.network.loglevel", "Off"); // [HIDDEN] [DEFAULT] 


/// Disable Mozilla's GeoIP/Region Service
// Prevents Firefox from monitoring the user's region/general location
// Note: Firefox will still use different regional search engines based on the browser/system locale (ex. tested with Wikipedia), but this prevents using geolocation
// https://firefox-source-docs.mozilla.org/toolkit/modules/toolkit_modules/Region.html
// https://searchfox.org/firefox-main/source/toolkit/modules/Region.sys.mjs
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16254
defaultPref("browser.region.local-geocoding", false); // [HIDDEN] [DEFAULT]
defaultPref("browser.region.network.scan", false); // [DEFAULT] [DEFENSE IN DEPTH] Disable Wi-Fi scanning for these requests
defaultPref("browser.region.network.url", "");
defaultPref("browser.region.update.enabled", false);
defaultPref("browser.search.region", "XX"); // [HIDDEN]
defaultPref("doh-rollout.home-region", "XX"); // [HIDDEN]

/// Do not force the use of the network geolocation provider by default
// When either of these preferences are set to `true`, Firefox will ALWAYS use the network geolocation provider (BeaconDB in our case), instead of OS geolocation providers
// We're just setting these here to expose via the `about:config`
// https://searchfox.org/firefox-main/rev/82e2435f/dom/geolocation/Geolocation.cpp#774
// https://searchfox.org/firefox-main/rev/82e2435f/dom/geolocation/Geolocation.cpp#778
defaultPref("geo.provider.testing", false); // [HIDDEN] [DEFAULT]
defaultPref("geo.provider.use_mls", false); // [HIDDEN] [DEFAULT]


/// Enable Geoclue for GNU/Linux distros by default [LINUX-ONLY] [NO-MAIL]
defaultPref("geo.provider.use_geoclue", true); // [LINUX-ONLY] [NO-MAIL] [DEFAULT]

/// Enable network request cache for the network geolocation provider by default
// This is already Firefox's default setting - but setting it here exposes it in the `about:config` since it's hidden
// https://searchfox.org/firefox-main/rev/82e2435f/dom/system/NetworkGeolocationProvider.sys.mjs#69
defaultPref("geo.provider.network.debug.requestCache.enabled", true); // [HIDDEN] [DEFAULT]

/// Prevent unconditionally providing high location accuracy [LINUX-ONLY]
// By default, Firefox provides all websites with high location accuracy, even if they don't request it... [LINUX-ONLY]
// https://searchfox.org/firefox-main/rev/82e2435f/dom/system/linux/GeoclueLocationProvider.cpp#308 [LINUX-ONLY]
defaultPref("geo.provider.geoclue.always_high_accuracy", false); // [LINUX-ONLY]

/// Set BeaconDB as the default network geolocation provider
// Default is Google :/
// https://searchfox.org/firefox-main/rev/82e2435f/dom/system/NetworkGeolocationProvider.sys.mjs#341
defaultPref("geo.provider.network.url", "https://api.beacondb.net/v1/geolocate");

/// Update info URL to ours so that users receive accurate information [NO-ANDROID] [NO-MAIL]
defaultPref("browser.geolocation.warning.infoURL", "https://phoenix.celenity.dev/geo"); // [NO-ANDROID] [NO-MAIL]

defaultPref("browser.phoenix.status", "018");

/*** 019 PDF.js ***/

/// Disable Automatic Alt Text by default
// This is generated by a local machine learning model
// Setting these ensures that the inference model is only downloaded if the user opts in (by enabling the toggle to "Create alt text automatically" from "Image alt text settings" when viewing a PDF)
// https://support.mozilla.org/kb/pdf-alt-text#w_add-alt-text-automatically
// https://hacks.mozilla.org/2024/05/experimenting-with-local-alt-text-generation-in-firefox-nightly/
defaultPref("pdfjs.enableAltTextModelDownload", false);
defaultPref("pdfjs.enableGuessAltText", false);

/// Disable automatic hyperlinks
// By default, PDF.js automatically creates hyperlinks for URLs - and clicking on or attempting to select a Hyperlink immediately navigates the user to the link, without warning or prior indication
// So this prevents that - but users can still easily select and navigate to links if desired
defaultPref("pdfjs.enableAutoLinking", false);

/// Disable JavaScript
defaultPref("pdfjs.enableScripting", false);

/// Disable XFA
// Not even a standard...
// https://learn.microsoft.com/deployedge/microsoft-edge-policies#viewxfapdfiniemodeallowedorigins
// https://insert-script.blogspot.com/2019/01/adobe-reader-pdf-callback-via-xslt.html
// https://www.sentinelone.com/blog/malicious-pdfs-revealing-techniques-behind-attacks/
// https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=xfa
// https://wikipedia.org/wiki/XFA
// https://deepwiki.com/mozilla/pdfjs-dist/6.2-advanced-configuration#security-considerations
defaultPref("pdfjs.enableXfa", false);

/// Enable the ability to add signatures
defaultPref("pdfjs.enableSignatureEditor", true);

/// Enable Alt Text creation
// This does NOT enable "Automatic Alt Text", we disable that separately above
// https://support.mozilla.org/kb/pdf-alt-text
defaultPref("pdfjs.enableAltText", true);
defaultPref("pdfjs.enableAltTextForEnglish", true);
defaultPref("pdfjs.enableNewAltTextWhenAddingImage", true); // [DEFAULT] Enables the Alt Text Editor after adding an image
defaultPref("pdfjs.enableUpdatedAddImage", true); // [DEFAULT]

/// Enable hardware acceleration by default
// This should help improve performance, which is especially notable for us since we disable JIT
defaultPref("pdfjs.enableHWA", true);

/// Enable optimized partial rendering by default
// In my testing, this appears to make a *significant* performance improvement
// https://github.com/mozilla/pdf.js/blob/010e52e15db0cb534774cdf92e20c03bcd13d735/web/pdf_page_view.js#L93
defaultPref("pdfjs.enableOptimizedPartialRendering", true);

/// Enforce using the internal font renderer
// This disable the CSS Font Loading API
// https://mozilla.github.io/pdf.js/api/draft/module-pdfjsLib.html
// https://developer.mozilla.org/docs/Web/API/CSS_Font_Loading_API
defaultPref("pdfjs.disableFontFace", true);

/// Ensure users can select and interact with text
defaultPref("pdfjs.textLayerMode", 1); // [DEFAULT]

/// Force PDFs to be downloaded/viewed locally, and prompt before opening the PDF Viewer
// So by default, if Firefox encounters a PDF file, it'll just automatically open it in most cases, and will load them from remote origins
// But thanks to the "Handlers" policy on Desktop (https://mozilla.github.io/policy-templates/#handlers), we force Firefox to prompt users before opening the file - and additionally, with the `browser.download.start_downloads_in_tmp_dir` & `browser.helperApps.deleteTempFileOnExit` prefs, when the users chooses to "Open" the PDF, it downloads the PDF to a temporary directory and loads it locally (from a `file://` URL), instead of from remote origins like the normal behavior
// This is also beneficial because it also allows users to effectively disable PDF.js (via the `browser.helperApps.showOpenOptionForPdfJS` pref), without being fingerprintable (like is the case with the standard `pdfjs.disabled` pref)
// The pref below are to further ensure we don't automatically open PDFs, and that we don't try to fetch anything remotely
// As a bonus, these likely also improve performance in many cases...
// https://deepwiki.com/mozilla/pdfjs-dist/6.2-advanced-configuration#network-options
// https://deepwiki.com/mozilla/pdfjs-dist/6.2-advanced-configuration#performance-optimization-configurations
// (For testing: https://emk.name/test/bug1790641.html)
defaultPref("browser.download.open_pdf_attachments_inline", false); // [DEFAULT - non-Android] https://bugzilla.mozilla.org/show_bug.cgi?id=1772569
defaultPref("pdfjs.disableRange", true);
defaultPref("pdfjs.disableStream", true);

/// Never allow documents to prevent copying text
defaultPref("pdfjs.enablePermissions", false); // [DEFAULT]

/// Open external links in new tabs/windows
// https://github.com/mozilla/pdf.js/blob/master/extensions/chromium/preferences_schema.json
defaultPref("pdfjs.externalLinkTarget", 2);

/// Prevent attempting to load/convert unknown binary files
// https://developer.mozilla.org/docs/Web/HTTP/Guides/MIME_types#applicationoctet-stream
defaultPref("pdfjs.handleOctetStream", false);

/// Show sidebar by default when viewing PDFs
defaultPref("pdfjs.sidebarViewOnLoad", 2);

/// Update URL when changing pages [NO-ANDROID]
// ex. Typically, if I load "https://example.invalid/example.pdf", and navigate to Page 27, the URL stays the same as "https://example.invalid/example.pdf" [NO-ANDROID]
// When this is set to "true", if I loaded "https://example.invalid/example.pdf", and navigated to Page 27, the URL would instead update to "https://example.invalid/example.pdf#page=27" [NO-ANDROID]
// So this is an incredibly useful feature that allows easy bookmarking/sharing of PDFs, keeping track of what you've read, etc. [NO-ANDROID]
// (We also still nuke browsing history by default on exit) [NO-ANDROID]
// This currently doesn't seem to work properly on Android [NO-ANDROID]
defaultPref("pdfjs.historyUpdateUrl", true); // [NO-ANDROID]

defaultPref("browser.phoenix.status", "019");

/*** 020 SAFE BROWSING ***/

/// Block notifications for websites on Safe Browsing lists
defaultPref("dom.webnotifications.block_if_on_safebrowsing", true); // [DEFAULT]

/// By default, when you report a Safe Browsing false positive, it sends the URL to both Mozilla and Google (NOT PROXIED), as well as your locale to Mozilla
// (ex. https://en-us.phish-error.mozilla.com/?url=example.org - which redirects directly to https://safebrowsing.google.com/safebrowsing/report_error/?tpl=mozilla&url=example.org)
// We can improve privacy and speed by sending the domain *only* to Google & without sending your locale to anyone
// We could also potentially strip tpl=mozilla which tells Google the request is from Firefox - though it looks like there is a different page for Firefox users with a better privacy policy, so we will leave it for now
// Unclear whether 'MalwareMistake' is used, but we can set it anyways
defaultPref("browser.safebrowsing.provider.google.reportMalwareMistakeURL", "https://safebrowsing.google.com/safebrowsing/report_error/?tpl=mozilla&url=");
defaultPref("browser.safebrowsing.provider.google.reportPhishMistakeURL", "https://safebrowsing.google.com/safebrowsing/report_error/?tpl=mozilla&url=");
defaultPref("browser.safebrowsing.provider.google4.reportMalwareMistakeURL", "https://safebrowsing.google.com/safebrowsing/report_error/?tpl=mozilla&url=");
defaultPref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", "https://safebrowsing.google.com/safebrowsing/report_error/?tpl=mozilla&url=");
defaultPref("browser.safebrowsing.provider.google5.reportMalwareMistakeURL", "https://safebrowsing.google.com/safebrowsing/report_error/?tpl=mozilla&url=");
defaultPref("browser.safebrowsing.provider.google5.reportPhishMistakeURL", "https://safebrowsing.google.com/safebrowsing/report_error/?tpl=mozilla&url=");

//// Similar behavior also appears to happen when you report a URL to Safe Browsing
defaultPref("browser.safebrowsing.reportPhishURL", "https://safebrowsing.google.com/safebrowsing/report_phish/?tpl=mozilla&url=");

/// Disable extra logging by default
// These are currently the default values, but we can set them here to expose at about:config
defaultPref("browser.safebrowsing.debug", false); // [DEFAULT]
defaultPref("browser.safebrowsing.realTime.debug", false); // [HIDDEN] [DEFAULT] [NIGHTLY] https://searchfox.org/firefox-main/rev/83d1a08d/toolkit/components/url-classifier/RealTimeRequestSimulator.cpp#31

/// Disable the legacy (v2.2) Safe Browsing API
// https://code.google.com/archive/p/google-safe-browsing/wikis/Protocolv2Spec.wiki
// Has been nonfunctional since October 2018
// https://security.googleblog.com/2018/01/announcing-turndown-of-deprecated.html
// Let's make sure it's not used for defense in depth (and attack surface reduction...)
defaultPref("browser.safebrowsing.provider.google.advisoryName", "Google Safe Browsing (Legacy)"); // Label it so it's clearly distinguishable if it is ever enabled for whatever reason...
defaultPref("browser.safebrowsing.provider.google.lists", "disabled");
defaultPref("browser.safebrowsing.provider.google.lists.default", "goog-badbinurl-shavar,goog-downloadwhite-digest256,goog-phish-shavar,googpub-phish-shavar,goog-malware-shavar,goog-unwanted-shavar"); // [HIDDEN] This pref does nothing, just makes it easier for users to re-enable this Safe Browsing provider if desired by copying and pasting the value of this pref as the value for `browser.safebrowsing.provider.google.lists`

/// Disable Real Time Mode (1) (2) [NIGHTLY]
// This sets Safe Browsing to use Local List Mode instead (3)
// Real Time Mode results in hashes for every URL being submitted to Google,
// while Local List Mode works more like V4 and only submits hashes if there's a match with the local threat list
// 1: https://developers.google.com/safe-browsing/reference/Real.Time.Mode
// 2: https://bugzilla.mozilla.org/show_bug.cgi?id=2010020
// 3: https://developers.google.com/safe-browsing/reference/Local.List.Mode
defaultPref("browser.safebrowsing.realTime.enabled", false); // [DEFAULT - non-Nightly]

/// Disable the Real Time Request Simulator (1) (2) [NIGHTLY]
// This is just used for data collection/telemetry and testing...
// 1: https://phabricator.services.mozilla.com/D280931
// 2: https://bugzilla.mozilla.org/show_bug.cgi?id=2010022
defaultPref("browser.safebrowsing.realTime.simulation.enabled", false); // [DEFAULT - non-Nightly]

/// Enable an additional plug-in blocklist from Mozilla
defaultPref("urlclassifier.blockedTable", "moztest-block-simple,mozplugin-block-digest256"); // [DEFAULT - Nightly]

/// Enable the Potentially Harmful Application list (when Safe Browsing is enabled)
// This contains threats that are specific to Mobile/Android (of the `POTENTIALLY_HARMFUL_APPLICATION` type)
// Firefox on non-Android devices will just silently ignore/disregard this list
// https://bugzilla.mozilla.org/show_bug.cgi?id=1980046
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/url-classifier/nsUrlClassifierUtils.cpp#176
// https://developers.google.com/safe-browsing/reference/Local.Database
defaultPref("urlclassifier.malwareTable", "goog-malware-proto,goog-unwanted-proto,moztest-harmful-simple,moztest-malware-simple,moztest-unwanted-simple,goog-harmful-proto");

/// Enable Safe Browsing by default
// This won't do anything if you don't have an API key from Google, though doesn't hurt...
// Harmless from a privacy perspective due to the below changes, also effective at preventing real-time malicious domains and downloads.
// We will of course **ALWAYS** give users the ability to disable.
// https://searchfox.org/firefox-main/source/toolkit/components/url-classifier/SafeBrowsing.sys.mjs
defaultPref("browser.safebrowsing.blockedURIs.enabled", true); // [DEFAULT]
defaultPref("browser.safebrowsing.downloads.enabled", true); // [DEFAULT - non-Android]
defaultPref("browser.safebrowsing.id", "navclient-auto-ffox"); // [DEFAULT - Official] Ensure we use Mozilla's ID
defaultPref("browser.safebrowsing.malware.enabled", true); // [DEFAULT]
defaultPref("browser.safebrowsing.phishing.enabled", true); // [DEFAULT]
defaultPref("browser.safebrowsing.provider.google5.enabled", true); // [DEFAULT - Nightly]
defaultPref("browser.safebrowsing.provider.mozilla.gethashURL", "https://shavar.services.mozilla.com/gethash?client=navclient-auto-ffox&appver=%MAJOR_VERSION%&pver=2.2"); // Ensure we always use Mozilla's official ID
defaultPref("browser.safebrowsing.update.enabled", true); // [HIDDEN] [DEFAULT] Also covers Mozilla's tracking protection lists
defaultPref("urlclassifier.downloadAllowTable", "goog-downloadwhite-proto"); // [DEFAULT - non-Android]
defaultPref("urlclassifier.downloadBlockTable", "goog-badbinurl-proto"); // [DEFAULT - non-Android]
defaultPref("urlclassifier.enabled_mode", 3); // [DEFAULT] Ensure we enable classification for ETP and Safe Browsing https://searchfox.org/firefox-main/rev/4dad4a9a/netwerk/base/nsNetUtil.cpp#3332 https://searchfox.org/firefox-main/rev/ac83682a/modules/libpref/init/StaticPrefList.yaml#18483
defaultPref("urlclassifier.phishTable", "goog-phish-proto,moztest-phish-simple"); // [DEFAULT - Official] Ensure we're using Google's full/private phishing list https://bugzilla.mozilla.org/show_bug.cgi?id=1288840

/// Ensure users can override Safe Browsing warnings by default
defaultPref("browser.safebrowsing.allowOverride", true); // [DEFAULT]

/// Prevent sending metadata of downloaded files to Safe Browsing providers
// NOTE: If this is enabled, we proxy this (via the `browser.safebrowsing.downloads.remote.url` pref)
// https://support.mozilla.org/kb/how-does-phishing-and-malware-protection-work#w_how-does-phishing-and-malware-protection-work-in-firefox
// https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/
defaultPref("browser.safebrowsing.downloads.remote.enabled", false);

/// Prevent sharing data/telemetry with Safe Browsing providers
// https://searchfox.org/mozilla-central/source/netwerk/url-classifier/nsChannelClassifier.cpp#364
// https://searchfox.org/mozilla-central/source/toolkit/components/url-classifier/nsUrlClassifierDBService.cpp#1964
// https://bugzilla.mozilla.org/show_bug.cgi?id=1351147
// (Known providers taken from here: https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/url-classifier/nsUrlClassifierUtils.cpp#444)
lockPref("browser.safebrowsing.provider.google.dataSharing.enabled", false); // [HIDDEN - non-Android] [DEFAULT]
lockPref("browser.safebrowsing.provider.google.dataSharingURL", ""); // [HIDDEN] [DEFAULT]
lockPref("browser.safebrowsing.provider.google4.dataSharing.enabled", false); // [DEFAULT]
lockPref("browser.safebrowsing.provider.google4.dataSharingURL", "");
lockPref("browser.safebrowsing.provider.google5.dataSharing.enabled", false); // [HIDDEN] [DEFAULT]
lockPref("browser.safebrowsing.provider.google5.dataSharingURL", ""); // [HIDDEN] [DEFAULT]
lockPref("browser.safebrowsing.provider.mozilla.dataSharing.enabled", false); // [HIDDEN] [DEFAULT]
lockPref("browser.safebrowsing.provider.mozilla.dataSharingURL", ""); // [HIDDEN] [DEFAULT]
lockPref("browser.safebrowsing.provider.test.dataSharing.enabled", false); // [HIDDEN] [DEFAULT]
lockPref("browser.safebrowsing.provider.test.dataSharingURL", ""); // [HIDDEN] [DEFAULT]

/// Proxy Safe Browsing
// This sets up a new Safe Browsing "provider", using the servers we've set up for IronFox, hosted on our Cloudflare storage bucket (in EU jurisdiction)
defaultPref("browser.safebrowsing.downloads.remote.url", "https://safebrowsing.ironfoxoss.org/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%");
defaultPref("browser.safebrowsing.provider.google4.advisoryName", "Google Safe Browsing (Proxied by IronFox) - v4");
defaultPref("browser.safebrowsing.provider.google4.gethashURL", "https://safebrowsing.ironfoxoss.org/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSING_API_KEY%&$httpMethod=POST");
defaultPref("browser.safebrowsing.provider.google4.nextupdatetime", "1"); // [HIDDEN]
defaultPref("browser.safebrowsing.provider.google4.updateURL", "https://safebrowsing.ironfoxoss.org/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSING_API_KEY%&$httpMethod=POST");
defaultPref("browser.safebrowsing.provider.google5.advisoryName", "Google Safe Browsing (Proxied by IronFox) - v5");
defaultPref("browser.safebrowsing.provider.google5.gethashURL", "https://safebrowsing.ironfoxoss.org/v5/hashes:search?key=%GOOGLE_SAFEBROWSING_API_KEY%");
defaultPref("browser.safebrowsing.provider.google5.nextupdatetime", "1"); // [HIDDEN]
defaultPref("browser.safebrowsing.provider.google5.updateURL", "https://safebrowsing.ironfoxoss.org/v5/hashLists:batchGet?key=%GOOGLE_SAFEBROWSING_API_KEY%");

/// Show advanced details on pages blocked by Safe Browsing by default [NO-ANDROID] [NO-MAIL]
defaultPref("browser.xul.error_pages.show_safe_browsing_details_on_load", true); // [NO-ANDROID] [NO-MAIL]

/// Unbreak Google's download protection and legacy Safe Browsing provider (if enabled via the `browser.safebrowsing.provider.google.lists` pref)
//  Some (ex. LibreWolf) override these for no reason
defaultPref("browser.safebrowsing.provider.google.gethashURL", "https://safebrowsing.google.com/safebrowsing/gethash?client=navclient-auto-ffox&appver=%MAJOR_VERSION%&pver=2.2"); // [DEFAULT]
defaultPref("browser.safebrowsing.provider.google.updateURL", "https://safebrowsing.google.com/safebrowsing/downloads?client=navclient-auto-ffox&appver=%MAJOR_VERSION%&pver=2.2&key=%GOOGLE_SAFEBROWSING_API_KEY%"); // [DEFAULT]

/// Unclear whether these are actually used or not, but looks like Firefox has some kind of functionality to view a "report" from Safe Browsing about the safety, history, and general status of a site
// By default, it unnecessarily redirects from ex. https://safebrowsing.google.com/safebrowsing/diagnostic?site=example.org to https://transparencyreport.google.com/safe-browsing/search?url=example.org
// We can skip the redirect to improve performance
defaultPref("browser.safebrowsing.provider.google.reportURL", "https://transparencyreport.google.com/safe-browsing/search?url=");
defaultPref("browser.safebrowsing.provider.google4.reportURL", "https://transparencyreport.google.com/safe-browsing/search?url=");
defaultPref("browser.safebrowsing.provider.google5.reportURL", "https://transparencyreport.google.com/safe-browsing/search?url=");

defaultPref("browser.phoenix.status", "020");

/*** 021 MISC. PRIVACY + SECURITY ***/

/// Block background tabs from opening file pickers
// https://searchfox.org/firefox-main/rev/62066911/modules/libpref/init/StaticPrefList.yaml#2210
// https://searchfox.org/firefox-main/rev/62066911/docshell/base/CanonicalBrowsingContext.cpp#3705
defaultPref("browser.disable_pickers_background_tabs", true); // [DEFAULT]

/// Block background/hidden extension pages from opening file pickers
// https://searchfox.org/firefox-main/rev/62066911/modules/libpref/init/StaticPrefList.yaml#2216
// https://searchfox.org/firefox-main/rev/62066911/docshell/base/CanonicalBrowsingContext.cpp#3719
defaultPref("browser.disable_pickers_in_hidden_extension_pages", true); // [DEFAULT - Nightly]

/// Disable Accessibility Services
// PRIVACY: Can be used to monitor users by design
// SECURITY: Can be easily abused by bad actors, Attack Surface Reduction
// "Firefox Accessibility Service is a technology built into Firefox that provides 3rd party applications running on the same device the ability to inspect, monitor, visualize, and alter web page content hosted within Firefox."
// We need to ensure we're still accomodating for impaired users, but I feel this is something that must be handled by the browser instead of external software
// https://web.archive.org/web/20240608190300/support.mozilla.org/en-US/kb/accessibility-services
// Values are -1 always on. 1 always off, 0 (default) is auto as some platform perform further checks.
// This pref is checked only once, and the browser needs a restart to pick up any changes.
defaultPref("accessibility.force_disabled", 1);
defaultPref("devtools.accessibility.enabled", false); // [NO-ANDROID] - Disables the Accessibility Inspector/context menu item by default - https://firefox-source-docs.mozilla.org/devtools-user/accessibility_inspector/

/// Disable automatic updates for OpenSearch engines
// PRIVACY: Unsolicited connections to search providers
// SECURITY: Could be abused to alter a user's search engine(s) without consent
// Doesn't appear to impact Mozilla's built-in search engines
// https://firefox-source-docs.mozilla.org/toolkit/search/Preferences.html#hidden
// https://developer.mozilla.org/docs/Web/XML/Guides/OpenSearch#supporting_automatic_updates_for_opensearch_plugins
defaultPref("browser.search.update", false); // [DEFAULT - Android]

/// Disable Battery API (Navigator.getBattery)
// PRIVACY: Fingerprinting concerns, just plain creepy...
// SECURITY: Attack Surface Reduction
// NOTE: This only impacts chrome/certain privileged code; this is thankfully never exposed to websites
// I'm still not convinced that there's a legitimate use/need for this functionality though...
// https://developer.mozilla.org/docs/Web/API/Battery_Status_API
// https://developer.mozilla.org/docs/Web/API/Navigator/getBattery
// https://bugzilla.mozilla.org/show_bug.cgi?id=1313580
defaultPref("dom.battery.enabled", false);

/// Disable Beacon API (Navigator.sendBeacon)
// PRIVACY: Used for analytics/tracking by design, see explanation below
// SECURITY: Attack Surface Reduction
// I was originally against disabling this, but after careful consideration, I've changed my position.
// The explicit, stated purpose/use case of this API is for analytics/tracking.
// Websites *can* obtain the data shared from this API through other means; though the other ways to obtain it are more disruptive and less reliable.
// Analytics/tracking is also evidently not a use case that we, as the user agent, should support or assist with.
// I don't see a justification for adding APIs/features to support this hostile behavior. We are the user agent and must act in the best interest of users...
// Also disabled by ex. Cromite: https://github.com/uazo/cromite/blob/master/docs/FEATURES.md https://github.com/uazo/cromite/issues/1454
// https://developer.mozilla.org/docs/Web/API/Beacon_API
// https://developer.mozilla.org/docs/Web/API/Navigator/sendBeacon
// https://udn.realityripple.com/docs/Web/API/Navigator/sendBeacon
// https://w3c.github.io/beacon/#privacy-and-security
// https://bugzilla.mozilla.org/show_bug.cgi?id=1454252
defaultPref("beacon.enabled", false);

/// Disable Clipboard API
// PRIVACY: Fingerprinting concerns, prevents monitoring users' clipboards without their consent
// SECURITY: Prevents leaking sensitive information (ex. passwords), Attack Surface Reduction
// NOTE: This only impacts extensions; this is thankfully never exposed to websites
// I'm still not convinced extensions need or should have access to this data though (While there are currently other ways for extensions to access clipboard data, those are deprecated and will presumably not be around for much longer)
// https://developer.mozilla.org/docs/Web/API/Clipboard
lockPref("dom.events.testing.asyncClipboard", false); // [DEFAULT]

/// Disable Content Analysis SDK
// PRIVACY: Used for monitoring users by design
// SECURITY: Can be easily abused by bad actors, Attack Surface Reduction
// DESKTOP: We also set "ContentAnalysis" in policies
// https://mozilla.github.io/policy-templates/#contentanalysis
// https://github.com/chromium/content_analysis_sdk
lockPref("browser.contentanalysis.default_result", 0); // [DEFAULT]
lockPref("browser.contentanalysis.enabled", false); // [DEFAULT]
lockPref("browser.contentanalysis.interception_point.clipboard.enabled", false);
lockPref("browser.contentanalysis.interception_point.drag_and_drop.enabled", false);
lockPref("browser.contentanalysis.interception_point.file_upload.enabled", false);
lockPref("browser.contentanalysis.interception_point.print.enabled", false);
lockPref("browser.contentanalysis.max_connections", 0); // Sets maximum number of allowed connections to 0
lockPref("browser.contentanalysis.show_blocked_result", true); // [DEFAULT] - Always notify users when Content Analysis blocks access to something...
lockPref("browser.contentanalysis.silent_notifications", false); // [DEFAULT] If Content Analysis is enabled, ensure notifications aren't silenced so that users are fully aware

/// Disable Federated Credential Management (FedCM) API
// PRIVACY: Provides support for "identity federation services"/third party sign-in - which can be used for tracking by design
// SECURITY: Attack Surface Reduction
// https://developer.mozilla.org/docs/Web/API/FedCM_API
// https://w3c-fedid.github.io/FedCM/
defaultPref("dom.security.credentialmanagement.identity.enabled", false); // [DEFAULT - non-Nightly]
defaultPref("dom.security.credentialmanagement.identity.heavyweight.enabled", false); // [DEFAULT - non-Nightly]
defaultPref("dom.security.credentialmanagement.identity.lightweight.enabled", false); // [DEFAULT]

/// Disable File System Access API
// NOTE: This is required for local machine learning (/AI) models - see https://codeberg.org/celenity/Phoenix/issues/151 for details
// PRIVACY: Currently not supported in Private Browsing mode, so disabling this helps prevent sites from detecting if a user is in Private Browsing: https://bugzilla.mozilla.org/show_bug.cgi?id=1366318#c13
// SECURITY: Attack Surface Reduction
// This API also has other general privacy and security concerns, but Mozilla has acknowledged those and seems to only be implementing a subset of the functionality: https://developer.mozilla.org/docs/Web/API/File_System_API#browser_compatibility - so I'm definitely open to reconsidering this in the future if its use becomes widespread and/or the behavior is made consistent in Private Browsing
// https://developer.mozilla.org/docs/Web/API/File_System_API
defaultPref("dom.fs.enabled", false);


/// Disable Native Messaging
// This functionality is used to allow browser extensions to communicate with external apps/programs
// Naturally, this raises various privacy and security concerns
// NOTE: Android requires native messaging for certain functionality - ex. it's used for obtaining favicons, sync, etc.
// So we won't disable it by default there, but we'll set it to the defaults to expose at `about:config`
// https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/Native_messaging
// https://developer.chrome.com/docs/extensions/develop/concepts/native-messaging
// https://searchfox.org/firefox-main/rev/af0f713f/toolkit/components/extensions/NativeMessaging.sys.mjs#12
defaultPref("webextensions.native-messaging.max-input-message-bytes", 0); // [NO-ANDROID] [HIDDEN] [DEFAULT: 1048576]
defaultPref("webextensions.native-messaging.max-output-message-bytes", 0); // [NO-ANDROID] [HIDDEN] [DEFAULT: -1, but, to override: set to 2147483647]
defaultPref("widget.use-xdg-desktop-portal.native-messaging", 0); // [LINUX-ONLY] [DEFAULT] For Flatpak/Snap https://searchfox.org/firefox-main/source/toolkit/components/extensions/docs/native-messaging-portal-design.rst

/// Disable Reporting API
// PRIVACY: Fingerprinting concerns, used for analytics by design
// SECURITY: Attack Surface Reduction
// https://w3c.github.io/reporting/
// https://bugzilla.mozilla.org/show_bug.cgi?id=1492036
defaultPref("dom.reporting.crash.enabled", false); // [DEFAULT]
defaultPref("dom.reporting.enabled", false); // [DEFAULT]
defaultPref("dom.reporting.featurePolicy.enabled", false); // [DEFAULT]
defaultPref("dom.reporting.header.enabled", false); // [DEFAULT]
defaultPref("dom.reporting.testing.enabled", false); // [DEFAULT]

/// Disable tab hover previews by default [NO-ANDROID] [NO-MAIL]
// PRIVACY: Reduces disk activity [NO-ANDROID] [NO-MAIL]
// SECURITY: Attack Surface Reduction [NO-ANDROID] [NO-MAIL]
// As a bonus, also boosts performance... [NO-ANDROID] [NO-MAIL]
defaultPref("browser.tabs.hoverPreview.enabled", false); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.tabs.hoverPreview.showThumbnails", false); // [NO-ANDROID] [NO-MAIL]

/// Disable Web Serial API
// PRIVACY: Fingerprinting concerns
// SECURITY: Attack Surface Reduction
// https://developer.mozilla.org/docs/Web/API/Web_Serial_API
// Toggling 'dom.webserial.enabled' itself could be fingerprintable, but setting these instead just causes the permission to be automatically denied
defaultPref("dom.webserial.gated", true); // [DEFAULT]
defaultPref("permissions.default.serial", 2); // [HIDDEN]

/// Disable Web Share API
// This API allows websites to share data directly to system applications...
// PRIVACY: Could result in leakage/unexpected behavior
// SECURITY: "The data passed to {{Navigator/share()}} might be used to exploit buffer overflow or other remote code execution vulnerabilities in the [=share target=] that receive shares. There is no general way to guard against this, but implementors will want to be aware that it is a possibility (particularly when sharing files).", Attack Surface Reduction
// https://developer.mozilla.org/docs/Web/API/Web_Share_API
defaultPref("dom.webshare.enabled", false); // [DEFAULT - non-Android/non-Nightly Windows]
defaultPref("dom.webshare.requireinteraction", true); // [DEFAULT] If enabled, ensure we always require interaction...

/// Disable WebGPU
// PRIVACY: Fingerprinting concerns
// SECURITY: Attack Surface Reduction
// https://gpuweb.github.io/gpuweb/#privacy-considerations
// https://gpuweb.github.io/gpuweb/#security-considerations
// https://browserleaks.com/webgpu
defaultPref("dom.webgpu.enabled", false); // [DEFAULT - non-Windows/non-Silicon-OSX/non-Nightly]

/// Disable WebMIDI
// PRIVACY: Fingerprinting concerns
// SECURITY: Attack Surface Reduction
// See "Privacy Considerations" & "Security Considerations": https://webaudio.github.io/web-midi-api
// Toggling 'dom.webmidi.enabled' itself could be fingerprintable, but setting these instead just causes the permission to be automatically denied at a random interval
// https://searchfox.org/firefox-main/rev/82e2435f/dom/midi/MIDIPermissionRequest.cpp#120
// Test: https://permission.site/
defaultPref("dom.sitepermsaddon-provider.enabled", false); // [DEFAULT - non-Android]
defaultPref("dom.webmidi.gated", true); // [DEFAULT]
defaultPref("permissions.default.midi", 2); // [HIDDEN]
defaultPref("permissions.default.midi-sysex", 2); // [HIDDEN]

/// Disable the Windows UI Automation API
// Similar privacy and security concerns as with Accessibility Services (accessibility.force_disabled) above
// https://wikipedia.org/wiki/Microsoft_UI_Automation 
// https://searchfox.org/firefox-main/rev/87a1e2a5/modules/libpref/init/StaticPrefList.yaml#298
// 0: Never.
// 1: Always.
// 2: Enable unless incompatible accessibility clients are detected. (default)
defaultPref("accessibility.uia.enable", 0); // [Windows]

/// Enable Local Network Access Restrictions
// https://wicg.github.io/local-network-access/
// https://searchfox.org/firefox-main/rev/7f33a0cc/netwerk/protocol/http/nsHttpTransaction.cpp#3735
// NOTE: `network.localhost.prompt.testing.allow` is used when `network.localhost.prompt.testing` is set to `true`, same applies for `network.localnetwork.prompt.testing.allow` and  `network.localnetwork.prompt.testing`
// when `network.localhost.prompt.testing`/`network.localnetwork.prompt.testing.allow` are set to false, the site permissions are followed like normal instead
defaultPref("network.lna.allow_top_level_navigation", false); // Enforce LNA for top-level document navigation https://searchfox.org/firefox-main/rev/8e6b6cb1/modules/libpref/init/StaticPrefList.yaml#14619
defaultPref("network.lna.benchmarking-is-local", true); // Enable LNA for IP addresses in the 192.18.X.X range https://searchfox.org/firefox-main/rev/28328852/modules/libpref/init/StaticPrefList.yaml#14678
defaultPref("network.lna.block_trackers", true); // https://searchfox.org/firefox-main/rev/7f33a0cc/modules/libpref/init/StaticPrefList.yaml#14469
defaultPref("network.lna.enabled", true); // [DEFAULT]
defaultPref("network.lna.etp.enabled", false); // [DEFAULT] Enable LNA, regardless of ETP/ETP Strict https://searchfox.org/firefox-main/rev/7f33a0cc/browser/components/protections/ContentBlockingPrefs.sys.mjs#265
defaultPref("network.lna.local-network-to-localhost.skip-checks", false); // Enforce LNA for requests from local network to your device https://searchfox.org/firefox-main/rev/8e6b6cb1/modules/libpref/init/StaticPrefList.yaml#14641
defaultPref("network.lna.websocket.enabled", true); // Enforce LNA for WebSocket connections https://searchfox.org/firefox-main/rev/7f33a0cc/modules/libpref/init/StaticPrefList.yaml#14490
defaultPref("permissions.default.local-network", 2); // [NO-ANDROID] Blocks websites from prompting to access the local network by default - 0: Always ask, 1: Allow, 2: Block
defaultPref("permissions.default.localhost", 0); // [NO-ANDROID] [DEFAULT] Blocks websites from prompting to access apps and services (outside of the browser) on your device - 0: Always ask, 1: Allow, 2: Block

/// Enable Messaging Layer Security (MLS)
// PRIVACY: Ensures messages are only received by the intended recipient
// SECURITY: Protects the authenticity and integrity of messages
// Security layer for E2EE messaging
// https://wikipedia.org/wiki/Messaging_Layer_Security
// https://blog.mozilla.org/mozilla/messaging-layer-security-is-now-an-internet-standard/
// https://bugzilla.mozilla.org/show_bug.cgi?id=1876002
defaultPref("dom.origin-trials.mls.state", 1);

/// Enable unused permission expiration
// Automatically removes permissions that haven't been used recently
// Improves privacy and security by resetting no longer necessary/possibly unwanted permissions
defaultPref("permissions.expireUnused.enabled", true); // [DEFAULT - Nightly]

/// Prevent exposing XPCOM Components.interfaces to websites
// PRIVACY: Fingerprinting concerns
// SECURITY: Attack Surface Reduction
// (For reference, this is also set by ex. Tor Browser)
// https://bugzilla.mozilla.org/show_bug.cgi?id=429070
// https://devdoc.net/web/developer.mozilla.org/en-US/docs/Components.interfaces.html
defaultPref("dom.use_components_shim", false); // [DEFAULT - Nightly]


defaultPref("browser.phoenix.status", "021");

/*** 022 MISC. PRIVACY ***/

/// Block ports currently known to be abused by Android apps for tracking/fingerprinting
// Previously blocked by default on Android - and assuming they don't cause issues, I'd also like to keep these blocked for other platforms (for defense in depth and in case this method of tracking is also being used elsewhere...)
// https://localmess.github.io/
// https://bugzilla.mozilla.org/show_bug.cgi?id=1970141
defaultPref("network.security.ports.banned", "29009, 29010, 30102, 30103, 12387, 12388, 12580, 12581, 12582, 12583, 12584, 12585, 12586, 12587, 12588, 12589, 12590, 12591");

/// Disable CSP reporting
// Fingerprinting concerns, Used for analytics by design
// Also reduces unsolicited network activity and bandwidth consumption
// Glad we managed to convince Mozilla to add this :)
// https://bugzilla.mozilla.org/show_bug.cgi?id=1964249
defaultPref("security.csp.reporting.enabled", false);

/// Disable Hyperlink Auditing (Click Tracking)
// https://www.bleepingcomputer.com/news/software/major-browsers-to-prevent-disabling-of-click-tracking-privacy-risk/
// https://searchfox.org/firefox-main/rev/82e2435f/docshell/base/nsPingListener.cpp#32
defaultPref("browser.send_pings", false); // [DEFAULT]
defaultPref("browser.send_pings.max_per_link", 1); // [DEFAULT] Ensure max number of pings are limited to 1 if Hyperlink Auditing is enabled
defaultPref("browser.send_pings.require_same_host", true); // [DEFENSE IN DEPTH]

/// Disable Network Error Logging
// Fingerprinting concerns, Used for analytics by design
// https://developer.mozilla.org/docs/Web/HTTP/Network_Error_Logging
// https://w3c.github.io/network-error-logging/
// https://bugzilla.mozilla.org/show_bug.cgi?id=1145235
// https://searchfox.org/firefox-main/rev/82e2435f/modules/libpref/init/StaticPrefList.yaml#13696
defaultPref("network.http.network_error_logging.enabled", false); // [DEFAULT]

/// Disable online speech recognition
// https://searchfox.org/firefox-main/rev/82e2435f/dom/media/webspeech/recognition/OnlineSpeechRecognitionService.cpp#41
// https://searchfox.org/firefox-main/source/dom/media/webspeech/recognition/SpeechRecognition.cpp
defaultPref("media.webspeech.service.endpoint", "data;"); // [HIDDEN]

/// Disable referers when leaving .onion domains
// NOTE: Please use TOR BROWSER for accessing .onion domains...
defaultPref("network.http.referer.hideOnionSource", true); // [DEFAULT]

/// Disable storage access heuristics
// https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning#storage_access_heuristics
defaultPref("dom.storage_access.auto_grants", false); // Automatic storage access grants
defaultPref("privacy.restrict3rdpartystorage.heuristic.navigation", false); // [DEFAULT - Android] 
defaultPref("privacy.restrict3rdpartystorage.heuristic.opened_window_after_interaction", false);
defaultPref("privacy.restrict3rdpartystorage.heuristic.recently_visited", false); // [DEFAULT - non-Android]
defaultPref("privacy.restrict3rdpartystorage.heuristic.redirect", false); // [DEFAULT]
defaultPref("privacy.restrict3rdpartystorage.heuristic.window_open", false); // [DEFAULT]
defaultPref("privacy.restrict3rdpartystorage.heuristic.recently_visited_time", 0);

/// Disable TLS session identifiers
// Fingerprinting/tracking concerns
// Especially important for Android, where users likely leave the app open (and by extension: keep their browsing session active) for days at a time, much longer than on Desktop
// Even on Desktop, this can be used as a vector to detect whether Private Browsing is active: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/44187
// For reference, this is also disabled by ex. Cromite
// https://arxiv.org/abs/1810.07304
defaultPref("security.ssl.disable_session_identifiers", true);

/// Enable Containers
// https://support.mozilla.org/kb/how-use-firefox-containers
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/contextualidentity/ContextualIdentityService.sys.mjs#9
defaultPref("privacy.userContext.enabled", true); // [HIDDEN - Android] [DEFAULT - Firefox Desktop Nightly]

/// Enable Cookie Banner Reduction
// https://support.mozilla.org/kb/cookie-banner-reduction
defaultPref("cookiebanners.bannerClicking.enabled", true); // [DEFAULT]
defaultPref("cookiebanners.cookieInjector.enabled", true); // [DEFAULT]
defaultPref("cookiebanners.service.mode", 1);
defaultPref("cookiebanners.service.mode.privateBrowsing", 1);
defaultPref("cookiebanners.service.enableGlobalRules", true); // [DEFAULT]
defaultPref("cookiebanners.service.enableGlobalRules.subFrames", true); // [DEFAULT]

/// Enable Cookies Having Independent Partitioned State (CHIPS)
// This allows websites to set cookies with a 'Partitioned' attribute, meaning they're limited in scope
// We still use ETP Strict for partioning anyways, so this could be useful as a defense in depth if a user decides to allow a specific domain (or domains) to access a third party cookie
// https://developer.mozilla.org/docs/Web/Privacy/Privacy_sandbox/Partitioned_cookies
// https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie#partitioned
// https://github.com/privacycg/CHIPS
defaultPref("network.cookie.CHIPS.enabled", true); // [DEFAULT]
defaultPref("network.cookie.chips.partitionLimitDryRun", false); // [DEFAULT]

/// Enable Do Not Track
// https://wikipedia.org/wiki/Do_Not_Track
// Has legal backing in certain regions, such as Germany (1)
// Also still respected by a surprising number of sites - including Mozilla's own
// (ex. addons.mozilla.org disables Google Analytics if DNT is enabled)
// 1: https://vivaldi.com/blog/do-no-track-gets-legal-backing-in-germany/
defaultPref("browser.preferences.config_warning.donottrackheader.dismissed", true); // [NO-ANDROID] [NO-MAIL] [HIDDEN] Hide notice that DNT is no longer supported at `about:preferences#privacy` (when `privacy.ui.status_card` is enabled)
defaultPref("privacy.donottrackheader.enabled", true);

/// Enable Global Privacy Control
// https://globalprivacycontrol.org/
defaultPref("privacy.globalprivacycontrol.enabled", true);
defaultPref("privacy.globalprivacycontrol.functionality.enabled", true); // [DEFAULT - non-Thunderbird]
defaultPref("privacy.globalprivacycontrol.pbmode.enabled", true); // [DEFAULT - non-Thunderbird]

/// Enable the (new) UI for browser profiles by default [NO-ANDROID] [NO-MAIL]
defaultPref("browser.profiles.enabled", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT - Nightly]

/// Enable the UI for containers at `about:preferences#general` (`about:preferences#containers`) [NO-ANDROID] [NO-MAIL]
// We also include the Firefox Multi-Account Containers extension by default [NO-ANDROID] [NO-MAIL]
// https://support.mozilla.org/kb/how-use-firefox-containers [NO-ANDROID] [NO-MAIL]
defaultPref("privacy.userContext.ui.enabled", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT - Nightly]

/// Enable the UI for Cookie Banner Reduction at `about:preferences#privacy` [NO-ANDROID] [NO-MAIL]
// https://support.mozilla.org/kb/cookie-banner-reduction [NO-ANDROID] [NO-MAIL]
defaultPref("cookiebanners.ui.desktop.enabled", true); // [NO-ANDROID] [NO-MAIL]

/// Exclude third party trackers from storage access heuristics (if enabled)
// https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning#storage_access_heuristics
defaultPref("dom.storage_access.auto_grants.exclude_third_party_trackers", true); // [DEFAULT] Automatic storage access grants
defaultPref("privacy.restrict3rdpartystorage.heuristic.exclude_third_party_trackers", true); // [DEFAULT]

/// Improve built-in query stripping to be on par with LibreWolf and Brave
// See Mozilla's defaults here: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=0
// https://github.com/brave/brave-core/blob/9ce48443963b47716b73b643335aab67d9a6c664/components/query_filter/utils.cc#L26
defaultPref("privacy.query_stripping.strip_list", "__hsfp __hssc __hstc __s _bhlid _branch_match_id _branch_referrer _gl _hsenc _kx _openstat at_recipient_id at_recipient_list bbeml bsft_clkid bsft_uid dclid et_rid fb_action_ids fb_comment_id fbclid gbraid gclid guce_referrer guce_referrer_sig hsCtaTracking igshid irclickid mc_eid mkt_tok ml_subscriber ml_subscriber_hash msclkid mtm_cid oft_c oft_ck oft_d oft_id oft_ids oft_k oft_lk oft_sk oly_anon_id oly_enc_id pk_cid rb_clickid s_cid sc_customer sc_eh sc_uid sms_click sms_source sms_uph srsltid ss_email_id syclid ttclid twclid unicorn_click_id vero_conv vero_id vgo_ee wbraid wickedid yclid ymclid ysclid");

//// Unbreak urldefense.com redirects
/// (ex. https://urldefense.com/v3/__https://www.portainer.io/hs/preferences-center/en/direct?data=W2nXS-N30h-M1W45lXqV2nFX8ZW3SzKNq3gnnN0W4cQh6C1Bnn1kW1VjfB24fr2-BW4mm3dy3T2wkqW2MWfBj49z9PPW4mqs512qWTfrW4px5K71Nn7N2W32DKbz1V7s-qW21bSln2KWpS4W1SdHmq2YwgS9W3P8RNt2r6W8pW49QSSt1_tcPsW3GSrf749CfyJW2PPdX33JPrgmW4hcHf84hm-NmW2FS2pd2sMKL-W2YGYkz43RS-9W4pjpV52t0rxlW3SB_f94psLW2W3_Sm6w2FGVTjW3K2-cG4fzZLWW2qDSdB3bzPyBW3j8X_q2PMxWzW36CtK22MvcXrW4hNdFB3DLWP3W3VMWNy3SYMyvW1Vs-MC43NZJNW4hLsTd2B1T2JW2sB9wk3DMh2mW2D0QS-2t04tYW43Cpv42Tz6SwW32rgcB3_SfvDW4mq1yB36nnnkW3BNLQw2YfSH9W49sKsP3z4zKPW3zd1YL1Zm6S3W4kmj3Z2sQ7WVW36xkSD2RSm5hW1Q0SqC30sK9ZW2-kSbQ2nH5KcW36fNc_2RjGNjW36pblN43qsbhW2CCNvJ3_SL29W1_sQHx4fqK9NW3Sy1cb4mpD3h0&utm_campaign=XNF&utm_source=hs_automation&utm_medium=email&utm_content=264158909&_hsenc=p2ANqtz--9JvIgI266aB1UVizENwYNYREZSotsXOhWcMNeKjZLJO9ZwmR9xlyfsQN2orbT25IymZ_vKUNTANMKQMVQBnzowi2339ExVoOKMJaHx0t2yn5esgg&_hsmi=264158909__;!!MlclJBHn!0eDf-zTf69h-IhFT9WDu2GIXAtCy6RENwguPVpTF1k2K-Nbnzy1NXix2Gj7azc8yDFyI2z3Tz4nTFuGe2hlLzsBl$)
/// https://github.com/brave/brave-browser/issues/41134
defaultPref("privacy.query_stripping.allow_list", "urldefense.com");

/// Isolate permissions per container (if containers are enabled)
// https://support.mozilla.org/kb/how-use-firefox-containers
defaultPref("permissions.isolateBy.userContext", true);

/// Isolate resources (ex. referrers and cookies) injected by extensions
// (ex. https://searchfox.org/mozilla-central/source/toolkit/components/extensions/test/xpcshell/test_ext_contentscript_antitracking.js)
defaultPref("privacy.antitracking.isolateContentScriptResources", true); // [DEFAULT - Nightly]

/// Limit maximum cookie lifetime to 6 months/180 days (Like Brave)
// Firefox's default is currently 400 days (34560000)
// https://github.com/brave/brave-browser/issues/3443
// https://github.com/fmarier/brave-core/commit/4d222df50a8dfaaabb31e9f2c5070c4db5ba8fd5
// For testing: https://setcookie.net/
defaultPref("network.cookie.maxageCap", 15552000);

/// Prevent Firefox from automatically guessing which container to open an external link in (if containers are enabled) [NO-ANDROID] [NO-MAIL]
// Instead, stick to the default [NO-ANDROID] [NO-MAIL]
// This can lead to cross contamination for those who keep separate containers exclusively for specific websites [NO-ANDROID] [NO-MAIL]
// https://bugzilla.mozilla.org/show_bug.cgi?id=1874599#c8 [NO-ANDROID] [NO-MAIL]
defaultPref("browser.link.force_default_user_context_id_for_external_opens", true); // [NO-ANDROID] [NO-MAIL]

/// Prevent sharing identifying information if a remote AutoConfig is being used
// https://searchfox.org/firefox-main/rev/82e2435f/extensions/pref/autoconfig/src/nsAutoConfig.cpp#213
lockPref("autoadmin.append_emailaddr", false); // [HIDDEN] [DEFAULT]

/// Prevent third parties from setting cookies unless the third party already has cookies as a first party (Like Safari)
// https://webkit.org/tracking-prevention/#the-default-cookie-policy
// https://bugzilla.mozilla.org/show_bug.cgi?id=1587182
defaultPref("privacy.dynamic_firstparty.limitForeign", true);

/// Restrict tracking referers
// 0=no-referrer, 1=same-origin, 2=strict-origin-when-cross-origin (default),
// 3=no-referrer-when-downgrade.
// Setting to 1 currently breaks various functionality https://codeberg.org/celenity/Phoenix/pulls/228#issuecomment-10051167
// defaultPref("network.http.referer.defaultPolicy.trackers", 1); // [DEFAULT]
// defaultPref("network.http.referer.defaultPolicy.trackers.pbmode", 1); // [DEFAULT]

/// Strip tracking parameters from URLs when shared by default
defaultPref("privacy.query_stripping.strip_on_share.enabled", true); // [DEFAULT - non-Android/Thunderbird]

/// Trim cross-origin referers (Like Safari)
// https://wiki.mozilla.org/Security/Referrer
defaultPref("network.http.referer.XOriginTrimmingPolicy", 2);

defaultPref("browser.phoenix.status", "022");

/*** 023 MISC. SECURITY ***/

/// Always prompt users for a certificate when websites request one, rather than automatically selecting one...
// https://www.stigviewer.com/stig/mozilla_firefox/2023-06-05/finding/V-251547
lockPref("security.default_personal_cert", "Ask Every Time"); // [DEFAULT]

/// Apply CSP to internal browser.xhtml
defaultPref("security.browser_xhtml_csp.enabled", true); // [DEFAULT]

/// Block privileged `about:` pages from loading remote scripts
// https://searchfox.org/firefox-main/rev/82e2435f/dom/security/nsContentSecurityManager.cpp#1102
defaultPref("security.disallow_privilegedabout_remote_script_loads", true);

/// Configure protocol handling
// This can get very confusing, very fast - so here's a basic explanation:
// If a protocol is "exposed", it can be opened/used by the browser in all contexts
// If a protocol is "external", it can not be opened/used by the browser directly, and the protocol will instead open in an external application
// If a protocol is "external" and set to "warn-external", the user will be warned/prompted before the protocol is opened in an external application
// By default, Firefox on Desktop "exposes" ALL protocols (network.protocol-handler.expose-all), and allows ALL protocols to be opened externally (network.protocol-handler.external-default) - though it does require prompting before all of them (network.protocol-handler.warn-external-default), except for `mailto:` (network.protocol-handler.external.mailto), and it does manually block several protocols from being opened externally
// Android is similar, except, in addition to `mailto`, it also disables prompting before opening `sms`, `tel`, and YouTube
// https://bugzilla.mozilla.org/show_bug.cgi?id=819554
// https://bugzilla.mozilla.org/show_bug.cgi?id=589403
// https://bugzilla.mozilla.org/show_bug.cgi?id=630364
// Instead of "exposing" all protocols, we can reduce attack surface by limiting them to only the ones we actually need/use/want
// We can also ensure that the user is always warned before opening a protocol externally, and we can block protocols ourselves if desired
defaultPref("network.protocol-handler.expose.about", true); // [DEFAULT - Thunderbird]
defaultPref("network.protocol-handler.expose.blob", true); // [DEFAULT - Thunderbird]
defaultPref("network.protocol-handler.expose.chrome", true); // [DEFAULT - Thunderbird]
defaultPref("network.protocol-handler.expose.data", true); // [DEFAULT - Thunderbird]
defaultPref("network.protocol-handler.expose.file", true); // [DEFAULT - Thunderbird]
defaultPref("network.protocol-handler.expose.http", true); // [DEFAULT - Thunderbird]
defaultPref("network.protocol-handler.expose.https", true); // [DEFAULT - Thunderbird]
defaultPref("network.protocol-handler.expose.javascript", true); // [DEFAULT - Thunderbird]
defaultPref("network.protocol-handler.expose.moz-extension", true); // [DEFAULT - Thunderbird] [HIDDEN - non-Thunderbird]
defaultPref("network.protocol-handler.expose.resource", true); // [HIDDEN]
defaultPref("network.protocol-handler.expose.view-source", true); // [NO-ANDROID] [NO-MAIL]
defaultPref("network.protocol-handler.expose-all", false); // [DEFAULT - Thunderbird]
defaultPref("network.protocol-handler.external.about", false); // [HIDDEN]
defaultPref("network.protocol-handler.external.afp", false); // [DEFAULT]
defaultPref("network.protocol-handler.external.bankid", true); // [HIDDEN] Ensure we do not try to handle BankID authentication internally...
defaultPref("network.protocol-handler.external.blob", false); // [HIDDEN]
defaultPref("network.protocol-handler.external.chrome", false); // [HIDDEN]
defaultPref("network.protocol-handler.external.data", false); // [DEFAULT]
defaultPref("network.protocol-handler.external.disk", false); // [DEFAULT]
defaultPref("network.protocol-handler.external.disks", false); // [DEFAULT]
defaultPref("network.protocol-handler.external.hcp", false); // [DEFAULT]
defaultPref("network.protocol-handler.external.help", false); // [HIDDEN - non-macOS] [DEFAULT - macOS]
defaultPref("network.protocol-handler.external.htp", false); // [DEFAULT]
defaultPref("network.protocol-handler.external.htps", false); // [DEFAULT]
defaultPref("network.protocol-handler.external.http", false); // [NO-MAIL] [HIDDEN]
defaultPref("network.protocol-handler.external.https", false); // [NO-MAIL] [HIDDEN]
defaultPref("network.protocol-handler.external.ie.http", false); // [DEFAULT]
defaultPref("network.protocol-handler.external.iehistory", false); // [DEFAULT]
defaultPref("network.protocol-handler.external.ierss", false); // [DEFAULT]
defaultPref("network.protocol-handler.external.ile", false); // [DEFAULT]
defaultPref("network.protocol-handler.external.javascript", false); // [DEFAULT]
defaultPref("network.protocol-handler.external.le", false); // [DEFAULT]
defaultPref("network.protocol-handler.external.mk", false); // [DEFAULT]
defaultPref("network.protocol-handler.external.moz", false); // [HIDDEN]
defaultPref("network.protocol-handler.external.moz-extension", false); // [HIDDEN]
defaultPref("network.protocol-handler.external.moz-icon", false); // [DEFAULT]
defaultPref("network.protocol-handler.external.moz-sbrs", false); // [HIDDEN]
defaultPref("network.protocol-handler.external.ms-cxh", false); // [DEFAULT]
defaultPref("network.protocol-handler.external.ms-cxh-full", false); // [DEFAULT]
defaultPref("network.protocol-handler.external.ms-help", false); // [DEFAULT]
defaultPref("network.protocol-handler.external.ms-msdt", false); // [DEFAULT]
defaultPref("network.protocol-handler.external.obtainium", true); // [HIDDEN] Ensure we do not try to handle Obtainium app installation internally...
defaultPref("network.protocol-handler.external.ps", false); // [DEFAULT]
defaultPref("network.protocol-handler.external.res", false); // [DEFAULT]
defaultPref("network.protocol-handler.external.resource", false); // [HIDDEN]
defaultPref("network.protocol-handler.external.search", false); // [DEFAULT]
defaultPref("network.protocol-handler.external.search-ms", false); // [DEFAULT]
lockPref("network.protocol-handler.external.shell", false); // [DEFAULT] Never expose shell access https://www.stigviewer.com/stig/mozilla_firefox/2019-12-12/finding/V-15771
defaultPref("network.protocol-handler.external.tel", true); // [HIDDEN] Ensure we do not try to handle tel (Phone) links internally...
defaultPref("network.protocol-handler.external.tps", false); // [DEFAULT]
defaultPref("network.protocol-handler.external.ttp", false); // [DEFAULT]
defaultPref("network.protocol-handler.external.ttps", false); // [DEFAULT]
defaultPref("network.protocol-handler.external.vbscript", false); // [DEFAULT]
defaultPref("network.protocol-handler.external.view-source", false); // [HIDDEN]
defaultPref("network.protocol-handler.external.vnd.ms.radio", false); // [DEFAULT]
defaultPref("network.protocol-handler.warn-external.file", true); // [DEFAULT - non-Android]
defaultPref("network.protocol-handler.warn-external.ftp", true); // [HIDDEN - non-Thunderbird] [DEFAULT - non-Thunderbird]
defaultPref("network.protocol-handler.warn-external.mailto", true); // [HIDDEN - Thunderbird] [DEFAULT - non-Android/Firefox Desktop]
lockPref("network.protocol-handler.warn-external.shell", true); // [HIDDEN] [DEFAULT]
defaultPref("network.protocol-handler.warn-external.sms", true); // [HIDDEN - non-Android] [DEFAULT - non-Android]
defaultPref("network.protocol-handler.warn-external.tel", true); // [HIDDEN - non-Android] [DEFAULT - non-Android]
defaultPref("network.protocol-handler.warn-external.vnd.youtube", true); // [HIDDEN - non-Android] [DEFAULT - non-Android]
defaultPref("network.protocol-handler.warn-external-default", true); // [DEFAULT]

/// Decrease the lifetime of extension processes
// https://bugzilla.mozilla.org/show_bug.cgi?id=1847608
defaultPref("dom.ipc.keepProcessesAlive.extension", 0); // [HIDDEN - non-Android] [DEFAULT - non-Android]

/// Decrease the lifetime of privileged processes for `about:` pages
defaultPref("dom.ipc.keepProcessesAlive.privilegedabout", 0);

/// Decrease the lifetime of web content processes
// https://bugzilla.mozilla.org/show_bug.cgi?id=1447393
defaultPref("dom.ipc.keepProcessesAlive.web", 0); // [HIDDEN - non-Android] [DEFAULT - non-Android]

/// Disable GNOME Integration [LINUX-ONLY]
// https://searchfox.org/firefox-main/rev/82e2435f/browser/components/shell/nsGNOMEShellService.cpp#77 [LINUX-ONLY]
defaultPref("browser.gnome-search-provider.enabled", false); // [LINUX-ONLY] [HIDDEN]

/// Disable Navigator Media Objects & getUserMedia Support in insecure contexts
// https://developer.mozilla.org/docs/Web/API/Navigator/mediaDevices
// https://searchfox.org/firefox-main/rev/82e2435f/modules/libpref/init/StaticPrefList.yaml#12475
defaultPref("media.devices.insecure.enabled", false); // [DEFAULT]
defaultPref("media.getusermedia.insecure.enabled", false); // [DEFAULT]


/// Do not allow additional ports by default
// This is just to expose the preference via the `about:config`
defaultPref("network.security.ports.banned.override", ""); // [HIDDEN] [DEFAULT]



/// Enable content process sandboxing [NO-ANDROID]
// These are especially useful for ex. Thunderbird, which seems to disable sandboxing by default... [NO-ANDROID]
// Sandboxing is obviously critical from a security perspective as well, so doesn't hurt IMO to explicitly enable here [NO-ANDROID]
defaultPref("security.sandbox.content.level", 6); // [LINUX-ONLY] [DEFAULT] https://searchfox.org/firefox-main/rev/82e2435f/browser/app/profile/firefox.js#1596

/// Enable the Cross-Origin-Embedder Policy Header
// https://developer.mozilla.org/docs/Web/HTTP/Reference/Headers/Cross-Origin-Embedder-Policy
defaultPref("browser.tabs.remote.coep.credentialless", true); // [DEFAULT - non-Android stable] 'credentialless' 
defaultPref("browser.tabs.remote.useCrossOriginEmbedderPolicy", true); // [DEFAULT]
defaultPref("dom.origin-trials.coep-credentialless.state", 1); // 'credentialless' 

/// Enable the Cross-Origin-Opener Policy Header
// https://developer.mozilla.org/docs/Web/HTTP/Reference/Headers/Cross-Origin-Opener-Policy
defaultPref("browser.tabs.remote.useCrossOriginOpenerPolicy", true); // [DEFAULT]

/// Enable GPU Sandboxing
// https://www.ghacks.net/2023/01/17/firefox-110-will-launch-with-gpu-sandboxing-on-windows/
// https://searchfox.org/firefox-main/rev/82e2435f/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp#1293
// https://searchfox.org/firefox-main/rev/82e2435f/security/sandbox/chromium/sandbox/win/src/security_level.h#38
// For macOS, any level >= 1 enables the sandbox and setting a higher level has no effect. (default 1)
defaultPref("security.sandbox.gpu.level", 2); // [1 = USER_RESTRICTED_NON_ADMIN (Default: Windows), 2 = USER_LIMITED (Stricter)]

/// Enable the Integrity-Policy header
// https://developer.mozilla.org/docs/Web/HTTP/Reference/Headers/Integrity-Policy
defaultPref("security.integrity_policy.enabled", true); // [DEFAULT]
defaultPref("security.integrity_policy.stylesheet.enabled", true); // [DEFAULT]

/// Enable Opaque Response Blocking
// https://github.com/annevk/orb
defaultPref("browser.opaqueResponseBlocking", true); // [DEFAULT - non-Android]
defaultPref("browser.opaqueResponseBlocking.javascriptValidator", true); // [DEFAULT]

/// Enable Origin-keyed agent clustering by default (Like Chromium)
// https://chromeenterprise.google/policies/#OriginAgentClusterDefaultEnabled
// https://developer.chrome.com/blog/immutable-document-domain/
defaultPref("dom.origin_agent_cluster.default", true);
defaultPref("dom.origin_agent_cluster.enabled", true); // [DEFAULT]

/// Enforce Per-site Process Isolation + isolate all websites
// https://wiki.mozilla.org/Project_Fission
defaultPref("browser.sessionstore.disable_platform_collection", false); // [DEFAULT - non-Thunderbird]
defaultPref("fission.autostart", true); // [DEFAULT]
defaultPref("fission.autostart.session", true); // [DEFAULT]
defaultPref("fission.disableSessionHistoryInParent", false); // [DEFAULT] SHIP, required for Fission
defaultPref("fission.highValue.login.monitor", true); // [DEFAULT - Android] Ensure that we are always marking log-in attempts as "high value", even if Fission is disabled - for if/when users decide to enable it later https://searchfox.org/firefox-main/rev/d88792ab/dom/ipc/LoginDetectionService.cpp#64
defaultPref("fission.webContentIsolationStrategy", 1); // [DEFAULT] Isolate everything https://searchfox.org/firefox-main/rev/d88792ab/dom/ipc/ProcessIsolation.cpp#50
defaultPref("gfx.webrender.all", true);

/// Enable the Sanitizer API
// https://github.com/WICG/sanitizer-api
defaultPref("dom.security.sanitizer.enabled", true); // [DEFAULT]


/// Enable socket process sandboxing
// https://bugzilla.mozilla.org/show_bug.cgi?id=1608558
defaultPref("security.sandbox.socket.process.level", 2); // [DEFAULT - Linux, non-Thunderbird]

/// Enable Spectre mitigations for isolated content
// Also enabled by ex. Tor Browser
defaultPref("javascript.options.spectre.disable_for_isolated_content", false);

/// Enable Trusted Types
// https://developer.mozilla.org/docs/Web/API/Trusted_Types_API
defaultPref("dom.security.trusted_types.enabled", true); // [DEFAULT]

/// Enable WebAssembly Memory Control
// https://github.com/WebAssembly/memory-control/blob/main/proposals/memory-control/Overview.md
defaultPref("javascript.options.wasm_memory_control", true);

/// Enforce strict file:// Origin Policy
// https://stuffandnonsense.co.uk/blog/firefoxs_file_uri_origin_policy_and_web_fonts
// https://stackoverflow.com/questions/2856502/css-font-face-not-working-with-firefox-but-working-with-chrome-and-ie
defaultPref("security.fileuri.strict_origin_policy", true); // [DEFAULT]

/// Enforce various important security-related prefs
defaultPref("dom.block_external_protocol_in_iframes", true); // [DEFAULT]
defaultPref("security.all_resource_uri_content_accessible", false); // [DEFAULT]
defaultPref("security.allow_eval_in_parent_process", false); // [DEFAULT - non-Android/Thunderbird]
defaultPref("security.allow_eval_with_system_principal", false); // [DEFAULT - non-Android]
defaultPref("security.allow_parent_unrestricted_js_loads", false); // [DEFAULT - non-Android/Thunderbird]
defaultPref("security.allow_unsafe_parent_loads", false); // [DEFAULT]
defaultPref("security.data_uri.block_toplevel_data_uri_navigations", true); // [DEFAULT]

/// Ensure we block old/obsolete libavcodec libraries
// https://searchfox.org/firefox-main/rev/82e2435f/dom/media/platforms/ffmpeg/FFmpegLibWrapper.cpp#61
defaultPref("media.libavcodec.allow-obsolete", false); // [DEFAULT]

/// If WebGL is enabled, force it to be loaded out of process
defaultPref("webgl.out-of-process", true); // [DEFAULT]
defaultPref("webgl.out-of-process.force", true);
defaultPref("webgl.out-of-process.worker", true); // [DEFAULT]


/// Never skip the assertion that about:pages don't have content security policies (CSP)
// This is default on Standard Firefox releases, but not on ex. Thunderbird & other builds
defaultPref("dom.security.skip_about_page_has_csp_assert", false); // [DEFAULT - non-Thunderbird]

/// Prefer to create new content processes, instead of re-using existing ones
// https://searchfox.org/firefox-main/rev/82e2435f/modules/libpref/init/StaticPrefList.yaml#2034
defaultPref("browser.tabs.remote.subframesPreferUsed", false);

/// Prevent marking JIT code pages as both writable and executable, only one or the other...
// Might cause issues in certain specific set-ups
// https://bugzilla.mozilla.org/show_bug.cgi?id=1876632
defaultPref("javascript.options.content_process_write_protect_code", true); // [DEFAULT - OpenBSD?]

/// Prevent AutoConfig files (if being used) from gaining privileged browser access...
// https://www.mozilla.org/firefox/62.0/releasenotes/
// https://searchfox.org/firefox-main/rev/82e2435f/extensions/pref/autoconfig/src/nsReadConfig.cpp#148
lockPref("general.config.sandbox_enabled", true); // [HIDDEN] [DEFAULT - Release/Beta]

/// Prevent remoteTypes from triggering process switches they shouldn't be able to...
// https://searchfox.org/firefox-main/rev/82e2435f/dom/ipc/ContentParent.cpp#5535
// https://searchfox.org/firefox-main/rev/82e2435f/modules/libpref/init/all.js#1917
defaultPref("browser.tabs.remote.enforceRemoteTypeRestrictions", true); // [DEFAULT - Nightly Desktop]

/// Protect against CSRF Attacks (Like Chromium)
// https://groups.google.com/a/mozilla.org/g/dev-platform/c/6PZtLH7c6JQ
// https://hacks.mozilla.org/2020/08/changes-to-samesite-cookie-behavior/
// https://web.dev/articles/samesite-cookies-explained
// https://help.salesforce.com/s/articleView?id=000389944&type=1
// https://portswigger.net/web-security/csrf/bypassing-samesite-restrictions
// https://web.dev/articles/schemeful-samesite
defaultPref("network.cookie.sameSite.laxByDefault", true);
defaultPref("network.cookie.sameSite.laxByDefaultWarningsForBeta", true); // If `network.cookie.sameSite.laxByDefault` is disabled, ensure we still display a warning in the web console
defaultPref("network.cookie.sameSite.noneRequiresSecure", true); // [DEFAULT]
defaultPref("network.cookie.sameSite.schemeful", true); // [DEFAULT - Nightly]

/// Protect against MIME Exploits
// https://www.pcmag.com/encyclopedia/term/mime-exploit
defaultPref("network.sniff.use_extension", true); // Sniff content types based on file extensions (Default only does this for `file://` URLs)
defaultPref("security.block_fileuri_script_with_wrong_mime", true);
defaultPref("security.block_Worker_with_wrong_mime", true); // [DEFAULT]

/// Sandbox AudioIPC (cubeb)
// https://searchfox.org/firefox-main/rev/82e2435f/modules/libpref/init/StaticPrefList.yaml#11215
defaultPref("media.cubeb.sandbox", true); // [DEFAULT]

/// Use a separate content process for `file://` URLs
defaultPref("browser.tabs.remote.separateFileUriProcess", true); // [DEFAULT - non-Android]

/// Warn on unprivileged namespaces [LINUX-ONLY]
defaultPref("security.sandbox.warn_unprivileged_namespaces", true); // [LINUX-ONLY] [DEFAULT]

/// Yes, this is a real pref... 
// https://searchfox.org/firefox-main/rev/82e2435f/js/xpconnect/src/nsXPConnect.cpp#1167
lockPref("security.turn_off_all_security_so_that_viruses_can_take_over_this_computer", false); // [HIDDEN] [DEFAULT]

defaultPref("browser.phoenix.status", "023");

/*** 024 MISC. ***/

/// Block pop-ups by default
defaultPref("dom.disable_open_during_load", true); // [DEFAULT - non-Thunderbird]

/// Block third-party redirects by default
defaultPref("dom.security.framebusting_intervention.enabled", true); // [DEFAULT]

/// Block websites from prompting to display notifications by default [NO-MAIL]
// I have yet to see a legitimate use-case for websites using push notifications... [NO-MAIL]
// but I see them constantly abused for malicious purposes & spam :/ [NO-MAIL]
// `notification.prompt.testing.allow` is used when `notification.prompt.testing` is set to `true` - when `notification.prompt.testing` is set to false, the site permissions are followed like normal instead [NO-MAIL]
// https://searchfox.org/firefox-main/rev/82e2435f/dom/base/nsContentPermissionHelper.h#144 [NO-MAIL]
// https://searchfox.org/firefox-main/rev/82e2435f/dom/base/nsContentPermissionHelper.cpp#493 [NO-MAIL]
defaultPref("permissions.default.desktop-notification", 2); // [NO-ANDROID] [NO-MAIL]

/// Disable Captive Portal Detection & Connectivity Checks
// Privacy & security concerns, and in general best handled by the OS.
// https://support.mozilla.org/kb/how-stop-firefox-making-automatic-connections#w_network-detection
// https://www.eff.org/deeplinks/2017/08/how-captive-portals-interfere-wireless-security-and-privacy
defaultPref("captivedetect.canonicalURL", "");
defaultPref("network.captive-portal-service.enabled", false); // [DEFAULT - Android/Thunderbird]
defaultPref("network.connectivity-service.DNSv4.domain", "");
defaultPref("network.connectivity-service.DNSv6.domain", "");
defaultPref("network.connectivity-service.enabled", false);
defaultPref("network.connectivity-service.IPv4.url", "");
defaultPref("network.connectivity-service.IPv6.url", "");
defaultPref("network.trr.wait-for-portal", false); // [DEFAULT] Do not wait for captive portal to enable DoH https://searchfox.org/firefox-main/rev/82e2435f/modules/libpref/init/StaticPrefList.yaml#14839

/// Disable Firefox's "Reset/Refresh Profile" prompt [NO-ANDROID] [NO-MAIL]
// This could cause Phoenix users serious issues, especially those with custom configs/user.js files... [NO-ANDROID] [NO-MAIL]
// We also configure the "DisableProfileRefresh" policy [NO-ANDROID] [NO-MAIL]
// https://mozilla.github.io/policy-templates/#disableprofilerefresh [NO-ANDROID] [NO-MAIL]
lockPref("browser.disableResetPrompt", true); // [NO-ANDROID] [NO-MAIL] [HIDDEN]

/// Disable input (editable field) auto-zoom by default [NO-ANDROID]
// https://bugzilla.mozilla.org/show_bug.cgi?id=834613 [NO-ANDROID]
// https://searchfox.org/firefox-main/rev/62066911/mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoRuntimeSettings.java#464 [NO-ANDROID]
// This is the default value for desktop, but it's typically hidden - so we're just setting it here to expose at `about:config` [NO-ANDROID]
// https://searchfox.org/firefox-main/rev/62066911/dom/base/nsDOMWindowUtils.cpp#3018 [NO-ANDROID]
defaultPref("formhelper.autozoom", false); // [NO-ANDROID] [HIDDEN] [DEFAULT]

/// Disable network connectivity status monitoring
// (Ex. used for automatically switching between offline & online mode)
// https://bugzilla.mozilla.org/show_bug.cgi?id=620472
defaultPref("network.manage-offline-status", false);
defaultPref("network.offline-mirrors-connectivity", false); // [DEFAULT]

/// Disable network requests to 0.0.0.0
// Appears to mitigate a (potentially severe?) privacy/security issue, but bug is confidential so I'm unable to find actual details...
// This is also being set by Tor Browser
// https://bugzilla.mozilla.org/show_bug.cgi?id=1889130
defaultPref("network.socket.ip_addr_any.disabled", true); // [DEFAULT]

/// Disable profiler integration/icons at about:processes
// Improves UI/UX - we don't really support the Gecko Profiler
// Also useful for hardened forks that remove the Gecko Profiler entirely (ex. IronFox)
// https://searchfox.org/firefox-main/rev/83d1a08d/modules/libpref/init/all.js#3722
defaultPref("toolkit.aboutProcesses.showProfilerIcons", false);

/// Disable WebVTT Testing Events
// https://searchfox.org/firefox-main/rev/82e2435f/dom/media/webvtt/HTMLTrackElement.cpp#530
defaultPref("media.webvtt.testing.events", false); // [DEFAULT]

/// Enable Firefox's newer 'Felt privacy' design for Certificate Errors
defaultPref("security.certerrors.felt-privacy-v1", true); // [HIDDEN - Android/Thunderbird]

/// Enable Firefox's newer 'Felt privacy' design for Private Browsing [NO-ANDROID] [NO-MAIL]
defaultPref("browser.privatebrowsing.felt-privacy-v1", true); // [NO-ANDROID] [NO-MAIL]

/// Enable GREASE (Generate Random Extensions And Sustain Extensibility)
// This indirectly improves security for users, by ensuring that future TLS extensions/implementations are properly supported by websites
// For reference, this is enabled/always enforced by Chromium
// https://groups.google.com/a/chromium.org/g/security-dev/c/d_f6higCJzc
defaultPref("security.tls.ech.disable_grease_on_fallback", false); // [DEFAULT]
defaultPref("security.tls.ech.grease_http3", true); // [DEFAULT]
defaultPref("security.tls.ech.grease_probability", 100); // [DEFAULT] Sets probability of using GREASE for ECH to 100%
defaultPref("security.tls.grease_http3_enable", true);

/// Enable more detailed property error messages
defaultPref("javascript.options.property_error_message_fix", true); // [DEFAULT]

/// Ensure that holding shift bypasses context menu events
// (When holding shift, this prevents websites from hijacking the right click/context menu)
// https://developer.mozilla.org/docs/Web/API/Element/contextmenu_event
defaultPref("dom.event.contextmenu.shift_suppresses_event", true); // [DEFAULT]

/// Force pop-up windows to open in new tabs instead
defaultPref("browser.link.open_newwindow", 3); // [DEFAULT]
defaultPref("browser.link.open_newwindow.restriction", 0); // [DEFAULT - Android/Thunderbird]

/// If a connection with HTTP/3 fails, allow retrying it with a different IP address
// https://searchfox.org/firefox-main/rev/62066911/netwerk/protocol/http/ConnectionEntry.cpp#1031
defaultPref("network.http.http3.retry_different_ip_family", true); // [DEFAULT - Nightly]

/// If a connection to a primary or back-up half-open network socket fails while the other is still connecting,
// retry the connection with the one that is still connecting
// https://searchfox.org/firefox-main/rev/62066911/modules/libpref/init/StaticPrefList.yaml#16190
defaultPref("network.http.retry_with_another_half_open", true); // [DEFAULT - Nightly]

/// Limit what events can cause pop-ups
defaultPref("dom.popup_allowed_events", "click dblclick");

/// Notify on Pop-up blocking by default [NO-ANDROID] [NO-MAIL]
defaultPref("privacy.popups.showBrowserMessage", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

/// Open links from external programs in new tabs by default [NO-ANDROID] [NO-MAIL]
defaultPref("browser.link.open_newwindow.override.external", 3); // [NO-ANDROID] [NO-MAIL]

/// Prevent Safe Mode from automatically starting by default
// This causes ex. all extensions (such as uBlock Origin) to be disabled
// Users can still manually start Safe Mode from the command line if needed
// https://searchfox.org/firefox-main/rev/82e2435f/browser/app/profile/firefox.js#2142
defaultPref("toolkit.startup.max_resumed_crashes", -1); // [HIDDEN - non-Firefox Desktop]

/// Prevent scripts from moving, resizing, and messing with windows
defaultPref("dom.allow_scripts_to_close_windows", false); // [DEFAULT]
defaultPref("dom.disable_window_flip", true); // [DEFAULT - non-Android]
defaultPref("dom.disable_window_move_resize", true); // [DEFAULT - Android]

/// Prevent websites from automatically refreshing
defaultPref("accessibility.blockautorefresh", true); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.meta_refresh_when_inactive.disabled", true); // [DEFAULT - Android]

/// Show 'Always ask' for camera & microphone in the permissions drop-down (when that's what the user chose...) [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/82e2435f/browser/app/profile/firefox.js#933 [NO-ANDROID] [NO-MAIL]
defaultPref("permissions.media.show_always_ask.enabled", true); // [NO-ANDROID] [NO-MAIL]

/// Show an error page/details instead of a blank page for HTTP responses with certain error codes (ex. 4xx, 5xx, & Content-Length: 0)
// ex. https://ozuma.sakura.ne.jp/httpstatus/400
defaultPref("browser.http.blank_page_with_error_response.enabled", false); // [DEFAULT - non-Android]

/// Set certain default site permissions [NO-ANDROID] [NO-MAIL]
// These match Firefox's default settings, but, the prefs are hidden by default - so this exposes them at `about:config` [NO-ANDROID] [NO-MAIL]
defaultPref("permissions.default.focus-tab-by-prompt", 0); // [NO-ANDROID] [NO-MAIL] [HIDDEN] [DEFAULT] Tab focus/switching - 0: Always ask, 1: Allow
defaultPref("permissions.default.persistent-storage", 0); // [NO-ANDROID] [NO-MAIL] [HIDDEN] [DEFAULT] Persistent storage - 0: Always ask, 1: Allow, 2: Block
defaultPref("permissions.default.screen", 0); // [NO-ANDROID] [NO-MAIL] [HIDDEN] [DEFAULT] Screensharing - 0: Always ask, 2: Block
defaultPref("permissions.default.speaker", 0); // [NO-ANDROID] [NO-MAIL] [HIDDEN] [DEFAULT] Speaker Selection - 0: Always ask, 2: Block

defaultPref("browser.phoenix.status", "024");

/*** 025 DEBUGGING ***/

/// Allow inspecting the browser chrome by default
defaultPref("devtools.chrome.enabled", true); // [DEFAULT - Thunderbird]

/// Allow inspecting the DOM by default [NO-ANDROID]
defaultPref("devtools.dom.enabled", true); // [NO-ANDROID]

/// Allow inspecting/debugging local tabs from `about:debugging` by default [NO-ANDROID]
// Useful, especially for Thunderbird, as it gives us a URL bar... [NO-ANDROID]
// On Thunderbird, you can use it by navigating to `Tools` -> `Developer Tools` -> `Debug Add-ons` (`about:debugging`), and choosing `Inspect` next to any tab... [NO-ANDROID]
defaultPref("devtools.aboutdebugging.local-tab-debugging", true); // [NO-ANDROID] [DEFAULT - non-MOZILLA_OFFICIAL builds]

/// Allow inspecting/debugging processes from `about:debugging` by default [NO-ANDROID]
defaultPref("devtools.aboutdebugging.process-debugging", true); // [NO-ANDROID] [DEFAULT]

/// Always prompt before connecting to Remote Debugging...
lockPref("devtools.debugger.prompt-connection", true); // [DEFAULT - non-Nightly]

/// "Beautify" HTML content upon copy to the clipboard by default [NO-ANDROID]
defaultPref("devtools.markup.beautifyOnCopy", true); // [NO-ANDROID]

/// Disable annoying "A simpler highlighter can be enabled in the settings..." banner when using developer tools [NO-ANDROID]
defaultPref("devtools.inspector.simple-highlighters.message-dismissed", true); // [NO-ANDROID] [HIDDEN]

/// Disable annoying "Firefox Profiler is now integrated into Developer Tools" banner when opening the performance panel [NO-ANDROID]
defaultPref("devtools.performance.new-panel-onboarding", false); // [NO-ANDROID] [HIDDEN]

/// Disable automatic bracket/quote closing by default [NO-ANDROID]
defaultPref("devtools.editor.autoclosebrackets", false); // [NO-ANDROID]

/// Disable editor onboarding [NO-ANDROID]
defaultPref("devtools.webconsole.input.editorOnboarding", false); // [NO-ANDROID]

/// Disable gecko-trace
// https://searchfox.org/firefox-main/rev/83d1a08d/toolkit/components/gecko-trace/GeckoTrace.cpp#251
// https://searchfox.org/firefox-main/rev/83d1a08d/modules/libpref/init/StaticPrefList.yaml#18411
defaultPref("toolkit.gecko-trace.enable", false); // [DEFAULT]

/// Disable JS dump()
// https://searchfox.org/firefox-main/rev/82e2435f/modules/libpref/init/all.js#602
defaultPref("browser.dom.window.dump.enabled", false); // [DEFAULT - non-Android, desktop `MOZILLA_OFFICIAL` builds]

/// Disable network monitoring by default [NO-ANDROID]
defaultPref("devtools.browserconsole.enableNetworkMonitoring", false); // [NO-ANDROID] [DEFAULT]

/// Disable pausing on debugger statements by default [NO-ANDROID]
defaultPref("devtools.debugger.pause-on-debugger-statement", false); // [NO-ANDROID]

/// Disable the performance panel intro [NO-ANDROID]
defaultPref("devtools.performance.popup.intro-displayed", true); // [NO-ANDROID]

/// Disable Remote Debugging by default
// We also reset this per-session by setting it as a user pref in `phoenix-user-pref.cfg`
// https://firefox-source-docs.mozilla.org/devtools/backend/protocol.html
defaultPref("devtools.debugger.remote-enabled", false); // [DEFAULT - non-Thunderbird]

/// Disable the Remote Debugging Web Socket
lockPref("devtools.debugger.remote-websocket", false); // [DEFAULT]


/// Display content scripts injected by extensions when debugging by default [NO-ANDROID] [NO-MAIL]
defaultPref("devtools.debugger.show-content-scripts", true); // [NO-ANDROID] [NO-MAIL]

/// Display Web Console timestamps by default [NO-ANDROID]
// https://searchfox.org/firefox-main/rev/82e2435f/devtools/client/webconsole/constants.js#81 [NO-ANDROID]
defaultPref("devtools.webconsole.timestampMessages", true); // [NO-ANDROID]

/// Disable WebDriver BiDi experimental commands and events
// https://wiki.mozilla.org/WebDriver/RemoteProtocol/WebDriver_BiDi
// https://searchfox.org/firefox-main/rev/82e2435f/remote/doc/Prefs.md#25
lockPref("remote.experimental.enabled", false); // [DEFAULT - non-Nightly]

/// Display responses in the "raw" format in the network monitor by default [NO-ANDROID]
defaultPref("devtools.netmonitor.ui.default-raw-response", true); // [NO-ANDROID]

/// Enable the Anti tracking debug panel by default [NO-ANDROID]
// https://searchfox.org/firefox-main/rev/644f0db1/devtools/client/definitions.js#485 [NO-ANDROID]
defaultPref("devtools.anti-tracking.enabled", true); // [NO-ANDROID]

/// Enable DevTools buttons by default [NO-ANDROID]
defaultPref("devtools.command-button-errorcount.enabled", true); // [NO-ANDROID] [DEFAULT] Error Count - https://searchfox.org/firefox-main/rev/82e2435f/devtools/client/framework/toolbox.js#2209
defaultPref("devtools.command-button-frames.enabled", true); // [NO-ANDROID] [DEFAULT] Frame Target - https://searchfox.org/firefox-main/rev/82e2435f/devtools/client/framework/toolbox.js#2189
defaultPref("devtools.command-button-measure.enabled", true); // [NO-ANDROID] Measure - https://searchfox.org/firefox-main/rev/82e2435f/devtools/client/themes/toolbox.css#541
defaultPref("devtools.command-button-noautohide.enabled", true); // [NO-ANDROID] No Pop-up Autohide - https://searchfox.org/mozilla-central/rev/f1e32fa7/devtools/client/framework/components/ToolboxToolbar.js#118
defaultPref("devtools.command-button-pick.enabled", true); // [NO-ANDROID] [DEFAULT] Element picker https://searchfox.org/firefox-main/rev/82e2435f/devtools/client/framework/toolbox.js#2333
defaultPref("devtools.command-button-responsive.enabled", true); // [NO-ANDROID] [DEFAULT] Responsive - https://searchfox.org/firefox-main/rev/82e2435f/devtools/client/definitions.js#557
defaultPref("devtools.command-button-rulers.enabled", true); // [NO-ANDROID] Ruler - https://searchfox.org/firefox-main/rev/82e2435f/devtools/client/themes/toolbox.css#537
defaultPref("devtools.command-button-screenshot.enabled", true); // [NO-ANDROID] Screenshot - https://searchfox.org/firefox-main/rev/82e2435f/devtools/client/definitions.js#588

/// Enable experimental DevTools preferences by default [NO-ANDROID]
// https://searchfox.org/firefox-main/rev/82e2435f/devtools/client/definitions.js#550 [NO-ANDROID]
defaultPref("devtools.command-button-experimental-prefs.enabled", true); // [NO-ANDROID] [HIDDEN - non-MOZILLA_OFFICIAL builds] [DEFAULT - non-MOZILLA_OFFICIAL builds]

/// Enable the Web Console sidebar toggle [NO-ANDROID]
// https://searchfox.org/firefox-main/rev/82e2435f/devtools/client/webconsole/webconsole-ui.js#46 [NO-ANDROID]
defaultPref("devtools.webconsole.sidebarToggle", true); // [NO-ANDROID] [DEFAULT - Nightly]

/// Enforce local debugging only
lockPref("devtools.debugger.force-local", true); // [DEFAULT]
lockPref("devtools.inspector.remote", false); // [NO-ANDROID] [DEFAULT]

/// Enforce system access checks for WebDriver
// https://searchfox.org/firefox-esr140/rev/ba1d416c/remote/marionette/driver.sys.mjs#65
// https://searchfox.org/firefox-main/rev/82e2435f/remote/doc/Prefs.md#61
// https://bugzilla.mozilla.org/show_bug.cgi?id=1955007
lockPref("remote.system-access-check.enabled", true); // [NO-ANDROID] [HIDDEN] [DEFAULT] [ESR]

/// Highlight syntax when viewing the source of webpages (via `view-source:`)
defaultPref("view_source.syntax_highlight", true); // [DEFAULT - non-Thunderbird]


/// Pretty print code when debugging by default [NO-ANDROID]
defaultPref("devtools.debugger.auto-pretty-print", true); // [NO-ANDROID]

/// Prevent automatically clearing log messages after page reloads/navigation [NO-ANDROID]
defaultPref("devtools.netmonitor.persistlog", true); // [NO-ANDROID]
defaultPref("devtools.webconsole.persistlog", true); // [NO-ANDROID]

/// Prevent console API from writing to `stdout` when used by chrome content
defaultPref("devtools.console.stdout.chrome", false); // [DEFAULT - non-Android, `MOZILLA_OFFICIAL` builds]

/// Prevent filter queries/searches and recent selections from persisting across restarts [NO-ANDROID]
// (For this to be effective, these pref must be set as "user" prefs) [NO-ANDROID]
defaultPref("devtools.debugger.pending-selected-location", "{}"); // [NO-ANDROID] [DEFAULT]
defaultPref("devtools.netmonitor.requestfilter", ""); // [NO-ANDROID] [DEFAULT]

/// Prevent logging URLs in Reader errors
defaultPref("reader.errors.includeURLs", false); // [DEFAULT - Android/Thunderbird]

/// Prevent WebDriver from overriding preferences by default
// https://searchfox.org/firefox-main/rev/82e2435f/remote/doc/Prefs.md#41
defaultPref("remote.prefs.recommended", false);

/// Significantly reduce input history [NO-ANDROID]
defaultPref("devtools.webconsole.inputHistoryCount", 10); // [NO-ANDROID] [DEFEAULT: 300]

/// Set Browser/Error Console scope to "Multiprocess" instead of "Parent process only" by default [NO-ANDROID]
// https://searchfox.org/firefox-main/rev/82e2435f/devtools/client/webconsole/webconsole-ui.js#47 [NO-ANDROID]
defaultPref("devtools.browsertoolbox.scope", "everything"); // [NO-ANDROID] [DEFAULT - Thunderbird] 

// Show default/browser styles in the Inspector by default [NO-ANDROID]
defaultPref("devtools.inspector.showUserAgentStyles", true); // [NO-ANDROID]

/// Unbreak debugging if `localhost` can't be looked up via DNS [NO-ANDROID]
// (Ex. for Tor Browser) [NO-ANDROID]
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16523 [NO-ANDROID]
defaultPref("devtools.debugger.chrome-debugging-host", "127.0.0.1"); // [NO-ANDROID]

/// Wrap lines when debugging by default [NO-ANDROID]
// https://discourse.mozilla.org/t/long-line-wrapping-in-developer-tools-css-editor-and-debugger-code-views/47058 [NO-ANDROID]
defaultPref("devtools.debugger.ui.editor-wrapping", true); // [NO-ANDROID]

/// Wrap lines when viewing the source of webpages (via `view-source:`)
defaultPref("view_source.wrap_long_lines", true); // [DEFAULT - Android]

defaultPref("browser.phoenix.status", "025");

/*** 026 PERFORMANCE ***/

// Some of these are taken from https://github.com/yokoffing/Betterfox/blob/main/Fastfox.js

/// Compress cached JavaScript bytecode
// https://github.com/yokoffing/Betterfox/issues/247
// https://searchfox.org/firefox-main/rev/82e2435f/dom/script/ScriptCompression.cpp#99
// (Default = 0, which means it's off)
defaultPref("browser.cache.jsbc_compression_level", 3);

/// Disable async stack tracing by default
// https://searchfox.org/firefox-main/rev/52e25e8b/modules/libpref/init/all.js#891
defaultPref("javascript.options.asyncstack", false);
defaultPref("javascript.options.asyncstack_capture_debuggee_only", true); // [DEFAULT] If async stack tracing (javascript.options.asyncstack) is enabled, only capture data when devtools are open

/// Disable certain UI animations by default // [NO-ANDROID]
// https://searchfox.org/firefox-main/rev/82e2435f/widget/nsXPLookAndFeel.cpp#87 [NO-ANDROID]
// https://searchfox.org/firefox-main/rev/82e2435f/widget/LookAndFeel.h#48 [NO-ANDROID]
defaultPref("sidebar.animation.enabled", false); // [NO-ANDROID] [NO-MAIL] https://searchfox.org/firefox-main/rev/82e2435f/browser/components/sidebar/browser-sidebar.js#2439
defaultPref("ui.panelAnimations", 0); // [NO-ANDROID] [HIDDEN]
defaultPref("ui.prefersReducedMotion", 1); // [NO-ANDROID] [HIDDEN] 
defaultPref("ui.swipeAnimationEnabled", 0); // [NO-ANDROID] [HIDDEN]

/// Disable CSS error reporting by default
// https://bugzilla.mozilla.org/show_bug.cgi?id=831123
defaultPref("layout.css.report_errors", false); // [DEFAULT - Android]

/// Disable extra extension logging by default
// https://searchfox.org/firefox-main/rev/82e2435f/browser/app/profile/firefox.js#29
defaultPref("extensions.logging.enabled", false); // [DEFAULT]

/// Disable pacing requests
// https://codeberg.org/celenity/Phoenix/issues/84
defaultPref("network.http.pacing.requests.enabled", false);

/// Display advanced performance settings at `about:preferences#general` [NO-ANDROID] [NO-MAIL]
// Despite what the name suggests, Firefox will remain at the default/recommended performance settings - all this does is expose the UI settings... [NO-ANDROID] [NO-MAIL]
defaultPref("browser.preferences.defaultPerformanceSettings.enabled", false); // [NO-ANDROID] [NO-MAIL]

/// Enable Advanced Vector Extensions (AVX)
// https://wikipedia.org/wiki/Advanced_Vector_Extensions
// https://www.supportyourtech.com/articles/how-to-enable-avx-support-in-windows-11-a-step-by-step-guide/
defaultPref("javascript.options.wasm_simd_avx", true); // [DEFAULT]

/// Enable Branch Hinting
// https://github.com/WebAssembly/branch-hinting/blob/main/proposals/branch-hinting/Overview.md
defaultPref("javascript.options.wasm_branch_hinting", true); // [DEFAULT]

/// Enable Canvas2D acceleration (if supported)
// `gfx.canvas.accelerated.force-enabled` can be used to forcefully enable this acceleration, regardless of platform support
defaultPref("gfx.canvas.accelerated", true); // [DEFAULT]
defaultPref("gfx.canvas.accelerated.cache-items", 32768); // [Default = 8192, Chromium = 4096]
defaultPref("gfx.canvas.accelerated.cache-size", 4096); // Increase cache size (Default = 256, Chromium = 512)

/// Enable CSS Masonry Layout
// https://www.smashingmagazine.com/native-css-masonry-layout-css-grid/
// (For testing: https://codepen.io/rachelandrew/pen/wvWmZWB)
defaultPref("layout.css.grid-template-masonry-value.enabled", true); // [DEFAULT - Nightly/Thunderbird] 

/// Enable dynamic reflow roots
// https://bugzilla.mozilla.org/show_bug.cgi?id=1159042
defaultPref("layout.dynamic-reflow-roots.enabled", true); // [DEFAULT - Nightly]

/// Enable the "fetchpriority" attribute
// https://web.dev/articles/fetch-priority
defaultPref("network.fetchpriority.enabled", true); // [DEFAULT]

/// Enable hardware acceleration by default
defaultPref("layers.acceleration.disabled", false); // [DEFAULT]

/// Enable JS GC Parallel Marking
defaultPref("javascript.options.mem.gc_parallel_marking", true); // [DEFAULT - non-Android]

/// Enable SIMD
// https://stackoverflow.blog/2020/07/08/improving-performance-with-simd-intrinsics-in-three-use-cases/
defaultPref("javascript.options.wasm_relaxed_simd", true); // [DEFAULT]

/// Enable the WebRender native compositor (if supported)
// `gfx.webrender.compositor.force-enabled` can be used to forcefully enable this acceleration, regardless of platform support
defaultPref("gfx.webrender.compositor", true); // [DEFAULT - macOS/Windows]


/// Increase buffering for video playback
// This doesn't apply to videos delivered via Media Source Extensions
// https://www.cloudflare.com/learning/video/what-is-buffering/
// https://bugzilla.mozilla.org/show_bug.cgi?id=1540573
// https://searchfox.org/firefox-main/rev/82e2435f/dom/media/ChannelMediaDecoder.cpp#467
defaultPref("media.cache_readahead_limit", 600); // (Default = 60)
defaultPref("media.cache_readahead_limit.cellular", 600); // (Default = 30)
defaultPref("media.cache_resume_threshold", 300); // (Default = 30)
defaultPref("media.cache_resume_threshold.cellular", 300); // (Default = 10)
defaultPref("media.throttle-cellular-regardless-of-download-rate", false); // [HIDDEN - non-Android] [DEFAULT - non-Android]

/// Increase the chunk size for calls to image decoders
// (Default = 16384)
defaultPref("image.mem.decode_bytes_at_a_time", 65536);

/// Increase DNS caching
defaultPref("network.dnsCacheExpiration", 3600); // (Default = 60)
defaultPref("network.dnsCacheEntries", 10000); // (Default = 1600)

/// Increase the file-backed media cache size for cellular connections
// (Default = 32768)
// This is set to match the value of "media.cache_size"
defaultPref("media.cache_size.cellular", 512000);

/// Increase the image cache size
// (Default = 5242880 - non-Android, 1048576 - Android)
defaultPref("image.cache.size", 10485760);

/// Increase the memory-backed media cache size
defaultPref("media.memory_cache_max_size", 262144); // (Default = 8192)
defaultPref("media.memory_caches_combined_limit_kb", 1048576); // (Default = 524288)

/// Increase memory cache
defaultPref("browser.cache.memory.capacity", 131072); // (Default = -1)
defaultPref("browser.cache.memory.max_entry_size", 20480); // (Default = 5120)

/// Increase the skia font cache size (Similar to Chromium)
// https://bugzilla.mozilla.org/show_bug.cgi?id=1239151#c2
// (Default = 5, Chromium = 20)
defaultPref("gfx.content.skia-font-cache-size", 32);

/// Increase the maximum number of HTTP connections
defaultPref("network.http.max-connections", 1800); // (Default = 128 for Android, 900 elsewhere)
defaultPref("network.http.max-persistent-connections-per-proxy", 48); // (Default = 20 for Android, 32 elsewhere)
defaultPref("network.http.max-persistent-connections-per-server", 10); // (Default = 6)
defaultPref("network.http.max-urgent-start-excessive-connections-per-host", 5); // (Default = 3)
defaultPref("network.http.request.max-start-delay", 5); // (Default = 10)

/// Increase TLS token caching
// https://codeberg.org/celenity/Phoenix/issues/84
// https://searchfox.org/firefox-main/rev/82e2435f/netwerk/base/SSLTokensCache.cpp#491
// (Default = 2048)
defaultPref("network.ssl_tokens_cache_capacity", 10240);

/// Use higher performance pinch-zoom
// https://searchfox.org/firefox-main/rev/82e2435f/modules/libpref/init/StaticPrefList.yaml#8039
defaultPref("gfx.webrender.low-quality-pinch-zoom", true); // [DEFAULT - Android Nightly]

defaultPref("browser.phoenix.status", "026");

/*** 027 Personal Touch 💜 ***/

/// Things that are nice to have™
// Not directly privacy & security related

/// Allow downloading and switching locales [NO-ANDROID]
defaultPref("app.update.langpack.enabled", true); // [NO-ANDROID] [DEFAULT]
defaultPref("intl.multilingual.downloadEnabled", true); // [NO-ANDROID] [DEFAULT - non-Developer/Nightly]
defaultPref("intl.multilingual.enabled", true); // [NO-ANDROID] [DEFAULT - non-Developer/Nightly]

/// Allow Picture-in-Picture on all websites, even if they try to block it...
defaultPref("media.videocontrols.picture-in-picture.respect-disablePictureInPicture", false);

/// Allow zoom by default...
defaultPref("apz.allow_zooming", true); // [DEFAULT]

/// Allow zoom on all websites, even if the website tries to block it...
// (This is the `Zoom on all websites` UI setting for Android)
defaultPref("browser.ui.zoom.force-user-scalable", true);

/// Allow zooming out beyond the initial scale of websites by default
// https://searchfox.org/firefox-main/rev/82e2435f/gfx/layers/apz/src/AsyncPanZoomController.cpp#155
defaultPref("apz.allow_zooming_out", true);

/// Allow the use of custom CSS by default [NO-ANDROID]
defaultPref("toolkit.legacyUserProfileCustomizations.stylesheets", true); // [NO-ANDROID]

/// Always display the Bookmarks toolbar by default [NO-ANDROID] [NO-MAIL]
// https://support.mozilla.org/kb/bookmarks-toolbar-display-favorite-websites [NO-ANDROID] [NO-MAIL]
defaultPref("browser.toolbars.bookmarks.visibility", "always"); // [NO-ANDROID] [NO-MAIL]

/// Always load bookmarks in new tabs by default [NO-ANDROID] [NO-MAIL]
defaultPref("browser.tabs.loadBookmarksInTabs", true); // [NO-ANDROID] [NO-MAIL]

/// Clean-up default UI [NO-ANDROID] [NO-MAIL]
defaultPref("browser.uiCustomization.state", '{"placements":{"widget-overflow-fixed-list":[],"unified-extensions-area":[],"nav-bar":["sidebar-button","screenshot-button","back-button","forward-button","vertical-spacer","stop-reload-button","urlbar-container","_testpilot-containers-browser-action","fxa-toolbar-menu-button","reset-pbm-toolbar-button","developer-button","ublock0_raymondhill_net-browser-action","downloads-button","unified-extensions-button"],"toolbar-menubar":["menubar-items"],"TabsToolbar":["tabbrowser-tabs","new-tab-button"],"vertical-tabs":[],"PersonalToolbar":["personal-bookmarks"]},"seen":["reset-pbm-toolbar-button","developer-button","_testpilot-containers-browser-action","ublock0_raymondhill_net-browser-action","screenshot-button"],"dirtyAreaCache":["nav-bar","vertical-tabs","PersonalToolbar","unified-extensions-area","TabsToolbar","toolbar-menubar"],"currentVersion":23,"newElementCount":8}'); // [NO-ANDROID] [NO-MAIL]

/// Disable annoying Web Speech API error pop-ups, especially relevant on Linux [NO-ANDROID]
// https://searchfox.org/firefox-main/rev/82e2435f/browser/actors/SpeechDispatcherParent.sys.mjs#7 [NO-ANDROID]
defaultPref("media.webspeech.synth.dont_notify_on_error", true); // [NO-ANDROID] [HIDDEN]

/// Disable extra logging for policies by default [NO-MAIL] 
// This pref allows controlling the log level of policies (extremely useful for troubleshooting...), set here to the default value so that it's exposed in `about:config` [NO-MAIL] 
// https://searchfox.org/firefox-main/rev/16707ce1/browser/components/enterprisepolicies/Policies.sys.mjs#35 [NO-ANDROID] [NO-MAIL] 
defaultPref("browser.policies.loglevel", "error"); // [NO-MAIL] [HIDDEN] [DEFAULT]

/// Disable fullscreen delay
defaultPref("full-screen-api.transition-duration.enter", "0 0"); // [Default = 200 200]
defaultPref("full-screen-api.transition-duration.leave", "0 0"); // [Default = 200 200]

/// Display an icon to clear search boxes (for `search` `<input>` types)
// https://bugzilla.mozilla.org/show_bug.cgi?id=1654288
// https://developer.mozilla.org/docs/Web/HTML/Reference/Elements/input/search
defaultPref("layout.forms.input-type-search.enabled", true);

/// Display "More settings" on print previews by default
// https://searchfox.org/firefox-main/rev/643d7328/modules/libpref/init/all.js#761
defaultPref("print.more-settings.open", true);

/// Display the option to enable `Compact` mode at `Customize toolbar...` [NO-ANDROID] [NO-MAIL]
defaultPref("browser.compactmode.show", true); // [NO-ANDROID] [NO-MAIL]

/// Display a spinning animation while websites are loading [NO-ANDROID] [NO-MAIL]
defaultPref("browser.spin_cursor_while_busy", true); // [NO-ANDROID] [NO-MAIL]

/// Display supported media codecs/capabilities at `about:support` by default
// https://searchfox.org/firefox-release/rev/70f5597c/toolkit/content/aboutSupport.js#1044
defaultPref("media.mediacapabilities.from-database", true); // [DEFAULT - Nightly]

/// Do not close the browser window if all tabs are closed by default [NO-ANDROID] [NO-MAIL]
defaultPref("browser.tabs.closeWindowWithLastTab", false); // [NO-ANDROID] [NO-MAIL]

/// Enable autoscrolling by default
defaultPref("apz.autoscroll.enabled", true); // [DEFAULT]
defaultPref("general.autoScroll", true); // [HIDDEN - Android] [DEFAULT - non-Android/Unix (excluding macOS, where it is on by default)]

/// Enable Backup settings (at `about:preferences#general`) by default [NO-ANDROID] [NO-MAIL] [ESR]
defaultPref("browser.backup.preferences.ui.enabled", true); // [NO-ANDROID] [NO-MAIL] [ESR]

/// Enable + customize the new Sidebar by default [NO-ANDROID] [NO-MAIL]
defaultPref("browser.toolbarbuttons.introduced.sidebar-button", false); // [NO-ANDROID] [NO-MAIL] Prevents Sidebar from automatically opening and closing on first launch - also needs `browser.uiCustomization.state`
defaultPref("sidebar.backupState", '{"command":"","launcherWidth":0,"launcherExpanded":false,"launcherVisible":false}'); // [NO-ANDROID] [NO-MAIL] Hide by default
defaultPref("sidebar.main.tools", "bookmarks,syncedtabs,history"); // [NO-ANDROID] [NO-MAIL] Removes AI Chat, adds Bookmarks
defaultPref("sidebar.revamp", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT - Nightly]
defaultPref("sidebar.visibility", "hide-sidebar"); // [NO-ANDROID] [NO-MAIL] Hide by default

/// Enable developer options for `about:profiling`
defaultPref("devtools.performance.aboutprofiling.has-developer-options", true);

/// Enable display of in-process subframes at `about:processes` by default
defaultPref("toolkit.aboutProcesses.showAllSubframes", true);

/// Enable image/table resizing (for text input) by default
// https://bugzilla.mozilla.org/show_bug.cgi?id=1449564
// https://bugzilla.mozilla.org/show_bug.cgi?id=1604144
defaultPref("editor.inline_table_editing.enabled_by_default", true);
defaultPref("editor.positioning.enabled_by_default", true);
defaultPref("editor.resizing.enabled_by_default", true);


/// Enable display of thread information at `about:processes` by default
defaultPref("toolkit.aboutProcesses.showThreads", true); // [DEFAULT - Nightly]

/// Enable Firefox Translations (+ the pop-up) by default [NO-MAIL]
// Translations are done locally - very nice to have [NO-MAIL]
// https://support.mozilla.org/kb/website-translation [NO-MAIL]
// Currently broken on Thunderbird :( [NO-MAIL]
defaultPref("browser.ai.control.translations", "enabled"); // [NO-MAIL]
defaultPref("browser.translations.automaticallyPopup", true); // [NO-MAIL] [DEFAULT]
defaultPref("browser.translations.enable", true); // [NO-MAIL] [DEFAULT - non-Thunderbird]
defaultPref("browser.translations.select.enable", true); // [NO-MAIL] [DEFAULT - non-Android/Thunderbird]
defaultPref("browser.translations.newSettingsUI.enable", true); // [NO-ANDROID] [NO-MAIL] [ESR] Enables the new UI at `about:preferences#general`
defaultPref("browser.translations.simulateUnsupportedEngine", false); // [NO-MAIL] [DEFAULT]
defaultPref("extensions.translations.disabled", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN] Enables `Exceptions` UI at `about:preferences#general`

/// Enable IPv6
// Important, nice to have
defaultPref("network.dns.disableIPv6", false); // [DEFAULT]

/// Enable overscrolling by default
// https://www.omgubuntu.co.uk/2024/09/mozilla-firefox-130-new-features
defaultPref("apz.overscroll.enabled", true); // [DEFAULT]

/// Enable the "Page Setup.." menu by default (under `File` - ex. on the menu bar)
// https://searchfox.org/firefox-main/rev/643d7328/modules/libpref/init/all.js#729
// https://searchfox.org/firefox-main/rev/643d7328/toolkit/components/printing/content/printUtils.js#82
defaultPref("print.show_page_setup_menu", true);

/// Enable the `Share` (URL) context menu item by default [NO-ANDROID] [NO-MAIL]
// (ex. appears when right-clicking a tab) [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/d81da5ef/browser/modules/SharingUtils.sys.mjs#45 [NO-ANDROID] [NO-MAIL]
defaultPref("browser.menu.share_url.allow", true); // [NO-ANDROID] [NO-MAIL] [HIDDEN - non-MOZ_PROXY_BYPASS_PROTECTION builds] [DEFAULT - non-MOZ_PROXY_BYPASS_PROTECTION builds]

/// Enable QR code creation (from the `Share` (URL) menu) [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/d81da5ef/browser/modules/SharingUtils.sys.mjs#352 [NO-ANDROID] [NO-MAIL]
defaultPref("browser.shareqrcode.enabled", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT - OS X Nightly]

/// Enable smooth scrolling by default
// This currently appears to be overriden by `ui.prefersReducedMotion` on Desktop
defaultPref("general.smoothScroll", true); // [DEFAULT]

/// Enable Spellcheck for both multi-line and single-line boxes [NO-ANDROID]
// [Default = 1, only checks multi-line boxes] [NO-ANDROID]
// https://codeberg.org/celenity/Phoenix/issues/33 [NO-ANDROID]
defaultPref("layout.spellcheckDefault", 2); // [NO-ANDROID]

/// Enable support for web applications manifests [NO-MAIL]
// Ex. required for PWAs (& PWA inspection on desktop) [NO-MAIL]
// https://developer.mozilla.org/docs/Web/Progressive_web_apps/Manifest [NO-MAIL]
// https://bugzilla.mozilla.org/show_bug.cgi?id=1603673 [NO-MAIL]
// https://bugzilla.mozilla.org/show_bug.cgi?id=1647858 [NO-MAIL]
defaultPref("dom.manifest.enabled", true); // [NO-MAIL] [DEFAULT]

/// Enable Tab Groups [NO-ANDROID] [NO-MAIL]
// https://www.ghacks.net/2024/12/03/how-to-enable-tab-groups-in-firefox/ [NO-ANDROID] [NO-MAIL]
defaultPref("browser.tabs.groups.enabled", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

/// Enable Taskbar Tabs (PWAs) by default [NO-ANDROID] [NO-MAIL]
// https://bugzilla.mozilla.org/show_bug.cgi?id=1915736 [NO-ANDROID] [NO-MAIL]
// https://windowsreport.com/firefox-is-bringing-web-apps-to-windows-11-with-taskbar-tabs-first-look/ [NO-ANDROID] [NO-MAIL]
defaultPref("browser.taskbarTabs.enabled", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT - Windows]

/// Enable the `Unload Tab` context menu item by default [NO-ANDROID] [NO-MAIL]
defaultPref("browser.tabs.unloadTabInContextMenu", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

/// Enable the `View Image Info` context menu item by default [NO-ANDROID] [NO-MAIL]
defaultPref("browser.menu.showViewImageInfo", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT - Developer Edition]


/// Ensure users can always control Nimbus recipes
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/nimbus/lib/RemoteSettingsExperimentLoader.sys.mjs#692
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/nimbus/lib/RemoteSettingsExperimentLoader.sys.mjs#952
defaultPref("nimbus.debug", true); // [HIDDEN - non-Firefox Desktop]
defaultPref("nimbus.validation.enabled", false); // [HIDDEN - non-Firefox Desktop]

/// Export bookmarks to a `bookmarks.html` file by default [NO-ANDROID] [NO-MAIL]
defaultPref("browser.bookmarks.autoExportHTML", true); // [NO-ANDROID] [NO-MAIL]

/// Expose hidden UI preferences at about:config [NO-ANDROID]
// https://searchfox.org/firefox-main/rev/82e2435f/widget/nsXPLookAndFeel.cpp#87 [NO-ANDROID]
// https://searchfox.org/firefox-main/rev/82e2435f/widget/LookAndFeel.h#48 [NO-ANDROID]
defaultPref("ui.hideCursorWhileTyping", 1); // [NO-ANDROID] [HIDDEN] [DEFAULT]
defaultPref("ui.prefersReducedTransparency", 0); // [NO-ANDROID] [HIDDEN] [DEFAULT]
defaultPref("ui.scrollToClick", 1); // [NO-ANDROID] [HIDDEN]
defaultPref("ui.useAccessibilityTheme", 0); // [NO-ANDROID] [HIDDEN] [DEFAULT]

/// Fade out unloaded tabs in the tab bar [NO-ANDROID] [NO-MAIL]
// By default, Firefox only fades tabs unloaded explicitly (`browser.tabs.fadeOutExplicitlyUnloadedTabs`), but, with `browser.tabs.fadeOutUnloadedTabs`, we can fade all unloaded tabs, regardless of the reason they're unloaded [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/1a8c62b8/browser/app/profile/firefox.js#2650 [NO-ANDROID] [NO-MAIL]
defaultPref("browser.tabs.fadeOutExplicitlyUnloadedTabs", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
defaultPref("browser.tabs.fadeOutUnloadedTabs", true); // [NO-ANDROID] [NO-MAIL]

/// Hide the Title Bar by default
defaultPref("browser.tabs.inTitlebar", 1);

/// Highlight all Findbar (Ctrl + F) results by default
defaultPref("findbar.highlightAll", true);

/// Prevent automatically closing the Bookmarks menu after selecting a bookmark [NO-ANDROID] [NO-MAIL]
defaultPref("browser.bookmarks.openInTabClosesMenu", false); // [NO-ANDROID] [NO-MAIL]

/// Prevent displaying Private Browsing windows as separate icons on the Windows Taskbar by default [NO-ANDROID] [NO-MAIL]
defaultPref("browser.privateWindowSeparation.enabled", false); // [NO-ANDROID] [NO-MAIL]

/// Prevent including the space next to words when double-clicking/selecting text
// https://codeberg.org/celenity/Phoenix/issues/84#issuecomment-3097957
defaultPref("layout.word_select.eat_space_to_next_word", false); // [DEFAULT - non-Windows]

/// Set the default log level for Background Tasks
// This is the default value - this just exposes the pref via the `about:config`
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/backgroundtasks/BackgroundTasksManager.sys.mjs#18
defaultPref("toolkit.backgroundtasks.loglevel", "error"); // [HIDDEN] [DEFAULT]

/// Set the default log level for Remote Settings
// This is the default value - this just exposes the pref via the `about:config`
defaultPref("services.settings.loglevel", "warn"); // [HIDDEN] [DEFAULT]

/// Set default URL to load when navigating to `moz://a`
// Default is https://www.mozilla.org/about/manifesto/
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/mozprotocol/MozProtocolHandler.sys.mjs#10
defaultPref("toolkit.mozprotocol.url", "about:mozilla"); // [HIDDEN]

/// Toggle the menu bar with the alt key by default
defaultPref("ui.key.menuAccessKeyFocuses", true); // [NO-OSX] [DEFAULT - Windows/Linux]

defaultPref("browser.phoenix.status", "027");

/*** 028 UPDATES ***/

// Ensure the browser's binary is always old enough to check for browser updates [NO-ANDROID]
defaultPref("app.update.checkInstallTime.days", 0); // [NO-ANDROID]

/// Alert users of browser updates ASAP [NO-ANDROID]
defaultPref("app.update.badgeWaitTime", 0); // [NO-ANDROID] Immediately show badge on hamburger menu when an update is available
defaultPref("app.update.notifyDuringDownload", true); // [NO-ANDROID] Ensure that users are notified when an update is downloaded
defaultPref("app.update.promptWaitTime", 0); // [NO-ANDROID] Immediately prompt users to update when an update is ready

/// (Attempt to) Allow background browser updates without BITS [NO-ANDROID]
// (For info on BITS: https://bugzilla.mozilla.org/show_bug.cgi?id=1540193) [NO-ANDROID]
// NOTE: This only appears to work in automation, and doesn't apply outside of Windows, but doesn't hurt to set here [NO-ANDROID]
// https://searchfox.org/firefox-main/rev/881a9b31/toolkit/mozapps/update/UpdateService.sys.mjs#6414 [NO-ANDROID]
defaultPref("app.update.background.allowDownloadsWithoutBITS", true); // [NO-ANDROID] [HIDDEN]

/// Automatically update extensions by default
defaultPref("extensions.systemAddon.update.enabled", true); // [DEFAULT] https://searchfox.org/firefox-main/rev/82e2435f/toolkit/mozapps/extensions/AddonManager.sys.mjs#1317
defaultPref("extensions.systemAddon.update.url", "https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml"); // [HIDDEN - Thunderbird] [DEFAULT - non-Thunderbird]
defaultPref("extensions.update.autoUpdateDefault", true); // [HIDDEN - ANDROID] [DEFAULT] https://searchfox.org/firefox-main/rev/82e2435f/toolkit/mozapps/extensions/AddonManager.sys.mjs#4580
defaultPref("extensions.update.enabled", true); // [DEFAULT] https://searchfox.org/firefox-main/rev/82e2435f/toolkit/mozapps/extensions/AddonManager.sys.mjs#1348

/// Check for browser updates hourly [NO-ANDROID]
defaultPref("app.update.background.interval", 3600); // [NO-ANDROID] (Default: 25200 (7 hours))
defaultPref("app.update.interval", 3600); // [NO-ANDROID] (Default: 21600 (6 hours))

/// Check for extension/theme updates hourly
// Default is once every 24 hours
defaultPref("extensions.update.interval", 3600);

/// Check for GMP plug-in updates hourly (assuming GMP is enabled)
// Default is once every 24 hours
// https://searchfox.org/firefox-main/rev/d81da5ef/toolkit/modules/GMPInstallManager.sys.mjs#574
defaultPref("media.gmp-manager.secondsBetweenChecks", 3600); // [HIDDEN]

/// Disable insecure extension updates
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/mozapps/extensions/internal/AddonUpdateChecker.sys.mjs#66
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs#2707
defaultPref("extensions.checkUpdateSecurity", true); // [HIDDEN] [DEFAULT]

/// Ensure that another browser instance isn't running before applying browser updates
// (This is the default, but it's usually hidden, so this exposes it at `about:config`, as it can be useful to disable in certain cases)
// https://searchfox.org/firefox-main/rev/0ea834f7/toolkit/mozapps/update/UpdateService.sys.mjs#436
defaultPref("app.update.checkOnlyInstance.enabled", true); // [HIDDEN] [DEFAULT]

/// Ensure we do not throttle background update checks
// This typically occurs after the browser hasn't been used for a set number of days (ex. 2 weeks)
defaultPref("app.update.background.checkPolicy.throttleEnabled", false); // [HIDDEN] [DEFAULT - ESR]

/// Sync with Remote Settings hourly, rather than the default of only once a day
// This is used for delivering lots of security-critical databases (Ex. CRLite/revocation checks, malicious add-on blocklists, etc...)
// So let's make sure our users are up to date as quick as possible
defaultPref("services.settings.poll_interval", 3600);

defaultPref("browser.phoenix.status", "028");

/*** 029 FIREFOX HOME ***/

/// Allow users to enable widgets, but disable by default to provide a cleaner homepage [NO-ANDROID] [NO-MAIL]
defaultPref("browser.newtabpage.activity-stream.widgets.enabled", false); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.newtabpage.activity-stream.widgets.focusTimer.enabled", false); // [NO-ANDROID] [NO-MAIL] Timer
defaultPref("browser.newtabpage.activity-stream.widgets.focusTimer.showSystemNotifications", true); // [NO-ANDROID] [NO-MAIL] Display timer notifications
defaultPref("browser.newtabpage.activity-stream.widgets.lists.enabled", false); // [NO-ANDROID] [NO-MAIL] Task list
defaultPref("browser.newtabpage.activity-stream.widgets.system.enabled", true); // [NO-ANDROID] [NO-MAIL] UI
defaultPref("browser.newtabpage.activity-stream.widgets.system.focusTimer.enabled", true); // [NO-ANDROID] [NO-MAIL] Timer (UI)
defaultPref("browser.newtabpage.activity-stream.widgets.system.lists.enabled", true); // [NO-ANDROID] [NO-MAIL] Task list (UI)

/// Disable AccuWeather by default, but allow users to enable it if desired [NO-ANDROID] [NO-MAIL]
// NOTE: This depends on Merino: `browser.urlbar.merino.endpointURL`, and the AccuWeather provider must be allowed: `browser.urlbar.merino.providers`) [NO-ANDROID] [NO-MAIL]
// NOTE: We also warn users before navigating to AccuWeather if they select the widget, via uBlock Origin, so that this feature can be used safely without directly navigating to AccuWeather's website (which includes ads/tracking/etc.) [NO-ANDROID] [NO-MAIL]
defaultPref("browser.newtabpage.activity-stream.showWeather", false); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.newtabpage.activity-stream.system.showWeather", true); // [NO-ANDROID] [NO-MAIL] UI
defaultPref("browser.newtabpage.activity-stream.widgets.system.weather.enabled", true); // [NO-ANDROID] [NO-MAIL] UI
defaultPref("browser.newtabpage.activity-stream.widgets.system.weatherForecast.enabled", true); // [NO-ANDROID] [NO-MAIL] UI
defaultPref("browser.newtabpage.activity-stream.widgets.weather.enabled", false); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.newtabpage.activity-stream.widgets.weatherForecast.enabled", false); // [NO-ANDROID] [NO-MAIL]

/// Disable adult content filtering by default [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/source/browser/modules/FilterAdult.sys.mjs [NO-ANDROID] [NO-MAIL]
defaultPref("browser.newtabpage.activity-stream.filterAdult", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN]

/// Disable Contile (Sponsored tiles) [NO-ANDROID] [NO-MAIL]
// https://mozilla-services.github.io/contile/ [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/source/browser/extensions/newtab/lib/TopSitesFeed.sys.mjs [NO-ANDROID] [NO-MAIL]
lockPref("browser.newtabpage.activity-stream.sov.enabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT] https://searchfox.org/firefox-main/rev/e5219f2a/browser/extensions/newtab/lib/TopSitesFeed.sys.mjs#534
lockPref("browser.newtabpage.activity-stream.sov.frecency.exposure", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
lockPref("browser.newtabpage.activity-stream.sov.name", ""); // [NO-ANDROID] [NO-MAIL]
lockPref("browser.topsites.contile.enabled", false); // [NO-ANDROID] [NO-MAIL] https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/nimbus/FeatureManifest.yaml#993
lockPref("browser.topsites.contile.endpoint", ""); // [NO-ANDROID] [NO-MAIL]
lockPref("browser.topsites.contile.sov.enabled", false); // [NO-ANDROID] [NO-MAIL] https://searchfox.org/firefox-release/rev/9d94f5e3/toolkit/components/nimbus/FeatureManifest.yaml#2007

/// Disable Fakespot [NO-ANDROID] [NO-MAIL]
defaultPref("browser.newtabpage.activity-stream.discoverystream.contextualContent.fakespot.enabled", false); // [NO-ANDROID] [NO-MAIL] [ESR] https://searchfox.org/firefox-release/rev/9d94f5e3/browser/extensions/newtab/lib/ActivityStream.sys.mjs#1338
defaultPref("browser.newtabpage.activity-stream.discoverystream.contextualContent.feeds", "need_to_know"); // [NO-ANDROID] [NO-MAIL] [DEFAULT = "need_to_know, fakespot"] https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/nimbus/FeatureManifest.yaml#1094

/// Disable fetching favicons remotely from Mozila's remote Tippy Top service [NO-ANDROID] [NO-MAIL]
// https://superuser.com/questions/1358289/how-are-the-icons-for-top-sites-in-the-firefox-new-tab-rendered/1495054#1495054 [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/ActivityStream.sys.mjs#1507 [NO-ANDROID] [NO-MAIL]
defaultPref("browser.newtabpage.activity-stream.feeds.favicon", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN]

/// Disable fetching the layout remotely [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-release/rev/db5de899/browser/extensions/newtab/lib/SectionsLayoutFeed.sys.mjs#455 [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/cdf7090f/browser/extensions/newtab/lib/ActivityStream.sys.mjs#1761 [NO-ANDROID] [NO-MAIL]
defaultPref("browser.newtabpage.activity-stream.discoverystream.sections.clientLayout.enabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
defaultPref("browser.newtabpage.activity-stream.feeds.sectionslayoutfeed", false); // [NO-ANDROID] [NO-MAIL]

/// Disable fetching locale/fluent files remotely [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/82e2435f/browser/components/asrouter/docs/remote_cfr.md#60 [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/source/browser/components/asrouter/modules/RemoteL10n.sys.mjs [NO-ANDROID] [NO-MAIL]
defaultPref("browser.newtabpage.activity-stream.asrouter.useRemoteL10n", false); // [NO-ANDROID] [NO-MAIL]

/// Disable fetching top sites remotely [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/82e2435f/browser/components/topsites/TopSites.sys.mjs#359 [NO-ANDROID] [NO-MAIL]
defaultPref("browser.topsites.useRemoteSetting", false); // [NO-ANDROID] [NO-MAIL]

/// Disable hiding URLs with certain parameters from Top Sites by default [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/modules/NewTabUtils.sys.mjs#1001 [NO-ANDROID] [NO-MAIL]
defaultPref("browser.newtabpage.activity-stream.hideTopSitesWithSearchParam", ""); // [NO-ANDROID] [NO-MAIL] [Default: mfadid=adm]

/// Disable Firefox Sync first run/promotion and metrics [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/PrefsFeed.sys.mjs#268 [NO-ANDROID] [NO-MAIL]
defaultPref("browser.newtabpage.activity-stream.fxaccounts.endpoint", ""); // [NO-ANDROID] [NO-MAIL]

/// Disable impression stats [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/source/browser/components/urlbar/private/ImpressionCaps.sys.mjs [NO-ANDROID] [NO-MAIL]
lockPref("browser.urlbar.quicksuggest.impressionCaps.nonSponsoredEnabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
lockPref("browser.urlbar.quicksuggest.impressionCaps.sponsoredEnabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

/// Disable MARS (Mozilla Ad Routing Service) [NO-ANDROID] [NO-MAIL]
// https://ads.mozilla.org/assets/docs/openapi/mars-api.html [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/source/browser/extensions/newtab/lib/AdsFeed.sys.mjs [NO-ANDROID] [NO-MAIL]
lockPref("browser.newtabpage.activity-stream.discoverystream.reportAds.enabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT] [NIGHTLY]
lockPref("browser.newtabpage.activity-stream.discoverystream.sections.contextualAds.enabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
lockPref("browser.newtabpage.activity-stream.discoverystream.sections.contextualAds.locale-config", ""); // [NO-ANDROID] [NO-MAIL]
lockPref("browser.newtabpage.activity-stream.discoverystream.sections.contextualAds.region-config", ""); // [NO-ANDROID] [NO-MAIL]
lockPref("browser.newtabpage.activity-stream.feeds.adsfeed", false); // [NO-ANDROID] [NO-MAIL]
lockPref("browser.newtabpage.activity-stream.unifiedAds.adsFeed.enabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
lockPref("browser.newtabpage.activity-stream.unifiedAds.adsFeed.spocs.enabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
lockPref("browser.newtabpage.activity-stream.unifiedAds.adsFeed.tiles.enabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
lockPref("browser.newtabpage.activity-stream.unifiedAds.enabled", false); // [NO-ANDROID] [NO-MAIL]
lockPref("browser.newtabpage.activity-stream.unifiedAds.endpoint", ""); // [NO-ANDROID] [NO-MAIL]
lockPref("browser.newtabpage.activity-stream.unifiedAds.spocs.enabled", false); // [NO-ANDROID] [NO-MAIL]
lockPref("browser.newtabpage.activity-stream.unifiedAds.tiles.enabled", false); // [NO-ANDROID] [NO-MAIL]

/// Disable mobile promotions [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/ActivityStream.sys.mjs#271 [NO-ANDROID] [NO-MAIL]
lockPref("browser.newtabpage.activity-stream.mobileDownloadModal.enabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
lockPref("browser.newtabpage.activity-stream.mobileDownloadModal.variant-a", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
lockPref("browser.newtabpage.activity-stream.mobileDownloadModal.variant-b", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
lockPref("browser.newtabpage.activity-stream.mobileDownloadModal.variant-c", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

/// Disable new tab attribution [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/ActivityStream.sys.mjs#781 [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/ActivityStream.sys.mjs#1563 [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/source/browser/extensions/newtab/lib/NewTabAttributionFeed.sys.mjs [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/source/browser/extensions/newtab/lib/NewTabAttributionService.sys.mjs [NO-ANDROID] [NO-MAIL]
lockPref("browser.newtabpage.activity-stream.discoverystream.attribution.enabled", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN] [DEFAULT]
lockPref("browser.newtabpage.activity-stream.feeds.newtabattributionfeed", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN]
lockPref("dap.ohttp.hpke", ""); // [NO-ANDROID] [NO-MAIL]
lockPref("dap.ohttp.relayURL", ""); // [NO-ANDROID] [NO-MAIL]

/// Disable onboarding [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/mozilla-central/rev/7d68baf8/browser/app/profile/firefox.js#1972 [NO-ANDROID] [NO-MAIL]
lockPref("browser.newtabpage.activity-stream.discoverystream.onboardingExperience.dismissed", true); // [NO-ANDROID] [NO-MAIL]
lockPref("browser.newtabpage.activity-stream.discoverystream.onboardingExperience.enabled", false); // [NO-ANDROID] [NO-MAIL]
lockPref("browser.newtabpage.activity-stream.discoverystream.topicSelection.onboarding.enabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
lockPref("browser.newtabpage.activity-stream.discoverystream.topicSelection.onboarding.maybeDisplay", false); // [NO-ANDROID] [NO-MAIL]

/// Disable Pocket [NO-ANDROID] [NO-MAIL] [ESR]
defaultPref("browser.newtabpage.activity-stream.discoverystream.saveToPocketCard.enabled", false); // [NO-ANDROID] [NO-MAIL] [ESR]
defaultPref("browser.newtabpage.activity-stream.discoverystream.sendToPocket.enabled", false); // [NO-ANDROID] [NO-MAIL] [ESR]
defaultPref("browser.newtabpage.activity-stream.section.highlights.includePocket", false); // [NO-ANDROID] [NO-MAIL] [ESR]
defaultPref("browser.newtabpage.activity-stream.showRecentSaves", false); // [NO-ANDROID] [NO-MAIL] [ESR]

/// Disable Pocket sponsored stories [NO-ANDROID] [NO-MAIL]
// https://support.mozilla.org/kb/pocket-sponsored-stories-new-tabs [NO-ANDROID] [NO-MAIL]
// https://github.com/Pocket/proxy-server [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/mozilla-central/rev/7d68baf8/browser/extensions/newtab/lib/AboutPreferences.sys.mjs#135 [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/mozilla-central/rev/16a9e4fb/browser/app/profile/firefox.js#1864 [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/mozilla-central/rev/16a9e4fb/toolkit/components/nimbus/FeatureManifest.yaml#1115 [NO-ANDROID] [NO-MAIL]
lockPref("browser.newtabpage.activity-stream.discoverystream.ctaButtonSponsors", ""); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
lockPref("browser.newtabpage.activity-stream.discoverystream.placements.spocs", ""); // [NO-ANDROID] [NO-MAIL]
lockPref("browser.newtabpage.activity-stream.discoverystream.placements.spocs.counts", ""); // [NO-ANDROID] [NO-MAIL]
lockPref("browser.newtabpage.activity-stream.discoverystream.spocs-endpoint", "data;"); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
lockPref("browser.newtabpage.activity-stream.discoverystream.spocs-endpoint-query", ""); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
lockPref("browser.newtabpage.activity-stream.discoverystream.spocAdTypes", ""); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
lockPref("browser.newtabpage.activity-stream.discoverystream.spocMessageVariant", ""); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
lockPref("browser.newtabpage.activity-stream.discoverystream.spocSiteId", ""); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
lockPref("browser.newtabpage.activity-stream.discoverystream.sponsored-collections.enabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
lockPref("browser.newtabpage.activity-stream.discoverystream.endpointSpocsClear", ""); // [NO-ANDROID] [NO-MAIL] Ensure we don't try to send a deletion request, as there's no data to delete... and we block the endpoint anyways https://searchfox.org/mozilla-central/rev/7d68baf8/browser/extensions/newtab/docs/v2-system-addon/preferences.md#128
lockPref("browser.newtabpage.activity-stream.discoverystream.region-spocs-config", ""); // [NO-ANDROID] [NO-MAIL] Don't show sponsored content to any region by default... https://searchfox.org/mozilla-central/rev/96296f9d/toolkit/components/nimbus/FeatureManifest.yaml#1769
lockPref("browser.newtabpage.activity-stream.discoverystream.spoc-positions", ""); // [NO-ANDROID] [NO-MAIL]
lockPref("browser.newtabpage.activity-stream.showSponsored", false); // [NO-ANDROID] [NO-MAIL]
lockPref("browser.newtabpage.activity-stream.system.showSponsored", false); // [NO-ANDROID] [NO-MAIL]

/// Disable the promotion card [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/ActivityStream.sys.mjs#685 [NO-ANDROID] [NO-MAIL]
lockPref("browser.newtabpage.activity-stream.discoverystream.promoCard.enabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
lockPref("browser.newtabpage.activity-stream.discoverystream.promoCard.visible", false); // [NO-ANDROID] [NO-MAIL]

/// Disable recent activity by default [NO-ANDROID] [NO-MAIL]
defaultPref("browser.newtabpage.activity-stream.feeds.section.highlights", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
defaultPref("browser.newtabpage.activity-stream.section.highlights.includeBookmarks", false); // [NO-ANDROID] [NO-MAIL] Bookmarks
defaultPref("browser.newtabpage.activity-stream.section.highlights.includeDownloads", false); // [NO-ANDROID] [NO-MAIL] Downloads
defaultPref("browser.newtabpage.activity-stream.section.highlights.includeVisited", false); // [NO-ANDROID] [NO-MAIL] Visited websites

/// Disable "smart" shortcut personalization [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/cdf7090f/browser/extensions/newtab/lib/ActivityStream.sys.mjs#1792 [NO-ANDROID] [NO-MAIL]
defaultPref("browser.newtabpage.activity-stream.feeds.smartshortcutsfeed", false); // [NO-ANDROID] [NO-MAIL]

/// Disable sponsored shortcuts [NO-ANDROID] [NO-MAIL]
// https://support.mozilla.org/kb/sponsor-privacy [NO-ANDROID] [NO-MAIL]
lockPref("browser.newtabpage.activity-stream.discoverystream.spoc-topsites-positions", ""); // [NO-ANDROID] [NO-MAIL] [ESR]
lockPref("browser.newtabpage.activity-stream.discoverystream.spocTopsitesPlacement.enabled", false); // [NO-ANDROID] [NO-MAIL] [ESR]
lockPref("browser.newtabpage.activity-stream.discoverystream.spocZoneIds", ""); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
lockPref("browser.newtabpage.activity-stream.showSponsoredTopSites", false); // [NO-ANDROID] [NO-MAIL] https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/AboutPreferences.sys.mjs#69

/// Disable stories [NO-ANDROID] [NO-MAIL]
defaultPref("browser.newtabpage.activity-stream.feeds.section.topstories", false); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.newtabpage.activity-stream.feeds.system.topstories", false); // [NO-ANDROID] [NO-MAIL] Hides the UI setting

/// Disable telemetry [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/source/browser/components/newtab/pings.yaml [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/source/browser/extensions/newtab/lib/TelemetryFeed.sys.mjs [NO-ANDROID] [NO-MAIL]
lockPref("browser.contextual-services.contextId", "{foo-123-foo}"); // [NO-ANDROID] [NO-MAIL] https://searchfox.org/firefox-main/source/browser/modules/ContextId.sys.mjs
lockPref("browser.newtabpage.activity-stream.feeds.telemetry", false); // [NO-ANDROID] [NO-MAIL] https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/ActivityStream.sys.mjs#1501
lockPref("browser.newtabpage.activity-stream.telemetry", false); // [NO-ANDROID] [NO-MAIL] https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/ActivityStream.sys.mjs#494
lockPref("browser.newtabpage.activity-stream.telemetry.privatePing.enabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT] https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/ActivityStream.sys.mjs#517
lockPref("browser.newtabpage.activity-stream.telemetry.privatePing.inferredInterests.enabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT] Ensure we never submit "inferred" New Tab interests with new tab pings https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/ActivityStream.sys.mjs#537
lockPref("browser.newtabpage.activity-stream.telemetry.privatePing.redactNewtabPing.enabled", true); // [NO-ANDROID] [NO-MAIL] Redact information from new tab pings https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/ActivityStream.sys.mjs#530 https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/TelemetryFeed.sys.mjs#386
lockPref("browser.newtabpage.activity-stream.telemetry.structuredIngestion.endpoint", ""); // [NO-ANDROID] [NO-MAIL] https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/ActivityStream.sys.mjs#510
lockPref("browser.newtabpage.activity-stream.telemetry.surfaceId", ""); // [NO-ANDROID] [NO-MAIL] [DEFAULT] https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/ActivityStream.sys.mjs#524
lockPref("browser.newtabpage.activity-stream.telemetry.ut.events", false); // [NO-ANDROID] [NO-MAIL] https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/ActivityStream.sys.mjs#502
lockPref("browser.newtabpage.ping.enabled", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN] https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/TelemetryFeed.sys.mjs#501 https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/TelemetryFeed.sys.mjs#1254
lockPref("browser.places.interactions.enabled", false); // [NO-ANDROID] [NO-MAIL] Disable interaction measurements https://searchfox.org/firefox-main/source/browser/components/places/Interactions.sys.mjs
defaultPref("browser.places.interactions.log", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN] [DEFAULT] Disable logging https://searchfox.org/firefox-main/rev/82e2435f/browser/components/places/Interactions.sys.mjs#20
lockPref("browser.privacySegmentation.preferences.show", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
lockPref("browser.search.serpEventTelemetryCategorization.enabled", false); // [NO-ANDROID] [NO-MAIL]
lockPref("browser.search.serpEventTelemetryCategorization.regionEnabled", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN] [DEFAULT]
lockPref("browser.search.serpMetricsRecordedCounter", 0); // [NO-ANDROID] [NO-MAIL] [DEFAULT] Ensure we never try to submit SERP categorization event metrics https://searchfox.org/firefox-main/rev/82e2435f/browser/components/search/SERPCategorization.sys.mjs#546

/// Disable trending searches by default [NO-ANDROID] [NO-MAIL]
// Currently appears to be no-op, so we can also ensure the UI is hidden [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/source/browser/extensions/newtab/lib/TrendingSearchFeed.sys.mjs [NO-ANDROID] [NO-MAIL]
defaultPref("browser.newtabpage.activity-stream.system.trendingSearch.enabled", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN] [DEFAULT]
defaultPref("browser.newtabpage.activity-stream.trendingSearch.enabled", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN]

/// Disable wallpaper promotions [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/ActivityStream.sys.mjs#910 [NO-ANDROID] [NO-MAIL]
defaultPref("browser.newtabpage.activity-stream.newtabWallpapers.highlightDismissed", true); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.newtabpage.activity-stream.newtabWallpapers.highlightEnabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

/// Disable the widgets feedback link [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/cdf7090f/browser/extensions/newtab/lib/ActivityStream.sys.mjs#1289 [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/cdf7090f/browser/extensions/newtab/content-src/components/Widgets/Widgets.jsx#126 [NO-ANDROID] [NO-MAIL]
lockPref("browser.newtabpage.activity-stream.widgets.feedback.enabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

/// Enable Firefox Home [NO-ANDROID] [NO-MAIL]
defaultPref("browser.newtabpage.activity-stream.testing.shouldInitializeFeeds", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT] [HIDDEN] https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/ActivityStream.sys.mjs#150
defaultPref("browser.newtabpage.disableNewTabAsAddon", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT] [HIDDEN] https://searchfox.org/firefox-main/rev/82e2435f/browser/components/newtab/AboutNewTabResourceMapping.sys.mjs#186
defaultPref("browser.newtabpage.enabled", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

/// Enable publisher favicons (if stories are enabled) by default [NO-ANDROID] [NO-MAIL]
defaultPref("browser.newtabpage.activity-stream.discoverystream.publisherFavicon.enabled", true); // [NO-ANDROID] [NO-MAIL]

/// Enable shortcuts by default [NO-ANDROID] [NO-MAIL] [DEFAULT]
// https://searchfox.org/firefox-main/source/browser/components/urlbar/UrlbarProviderTopSites.sys.mjs [NO-ANDROID] [NO-MAIL] [DEFAULT]
defaultPref("browser.newtabpage.activity-stream.feeds.places", true);// [NO-ANDROID] [NO-MAIL] [DEFAULT] Required to click shortcuts...
defaultPref("browser.newtabpage.activity-stream.feeds.system.topsites", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
defaultPref("browser.newtabpage.activity-stream.feeds.topsites", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

/// Enable wallpapers, but disable fetching them remotely by default [NO-ANDROID] [NO-MAIL]
// By default, Firefox to connect to ex. `https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/newtab-wallpapers-v2/...` on every browser launch after the user navigates to `about:home` :/ [NO-ANDROID] [NO-MAIL]
// This is a work-around that enables *partial* support for custom wallpapers, but without hitting the network [NO-ANDROID] [NO-MAIL]
// Currently, only colors are supported, no built-in wallpapers or custom files work yet sadly [NO-ANDROID] [NO-MAIL]
// To apply a color wallpaper, set the value of `browser.newtabpage.activity-stream.newtabWallpapers.wallpaper` to `solid-color-picker-`, followed by your desired color hex (ex: `solid-color-picker-#ffffff` for white) [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/data/content/activity-stream.bundle.js#14257 [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/source/browser/extensions/newtab/lib/Wallpapers/WallpaperFeed.sys.mjs [NO-ANDROID] [NO-MAIL]
// https://bugzilla.mozilla.org/show_bug.cgi?id=1972944 [NO-ANDROID] [NO-MAIL]
defaultPref("browser.newtabpage.activity-stream.feeds.wallpaperfeed", false); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.newtabpage.activity-stream.newtabWallpapers.customColor.enabled", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
defaultPref("browser.newtabpage.activity-stream.newtabWallpapers.customWallpaper.enabled", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
defaultPref("browser.newtabpage.activity-stream.newtabWallpapers.customWallpaper.uploadedPreviously", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
defaultPref("browser.newtabpage.activity-stream.newtabWallpapers.customWallpaper.uuid", ""); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
defaultPref("browser.newtabpage.activity-stream.newtabWallpapers.enabled", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
defaultPref("browser.newtabpage.activity-stream.newtabWallpapers.wallpaper", "solid-color-picker-#f4dbe9"); // [NO-ANDROID] [NO-MAIL]

/// Ensure default homepage is `about:home` [NO-ANDROID] [NO-MAIL]
// This is typically the default, but overriden by some distro-packaged versions of Firefox (ex. Fedora) [NO-ANDROID] [NO-MAIL]
defaultPref("browser.startup.homepage", "about:home"); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
defaultPref("browser.startup.page", 1); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

/// Ensure we isolate content with containers [NO-ANDROID] [NO-MAIL]
defaultPref("browser.discovery.containers.enabled", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

/// Expose debug prefs to the `about:config` [NO-ANDROID] [NO-MAIL]
defaultPref("browser.newtabpage.activity-stream.asrouter.debugLogLevel", "error"); // [NO-ANDROID] [NO-MAIL] [HIDDEN] [DEFAULT] To expose via the `about:config` - https://searchfox.org/firefox-main/rev/82e2435f/browser/components/asrouter/modules/ASRouterPreferences.sys.mjs#95
defaultPref("browser.newtabpage.activity-stream.debug", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN - non-Nightly] [DEFAULT] To expose via the `about:config`

/// Hide checkboxes to enable sponsored shortcuts and Pocket sponsored stories [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/ActivityStream.sys.mjs#1386 [NO-ANDROID] [NO-MAIL]
lockPref("browser.newtabpage.activity-stream.showSponsoredCheckboxes", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN]

/// Hide the Firefox logo [NO-ANDROID] [NO-MAIL]
defaultPref("browser.newtabpage.activity-stream.logowordmark.alwaysVisible", false); // [NO-ANDROID] [NO-MAIL]

/// If ads are somehow enabled, use OHTTP for superior privacy [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/nimbus/FeatureManifest.yaml#1158 [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/AdsFeed.sys.mjs#366 [NO-ANDROID] [NO-MAIL]
defaultPref("browser.newtabpage.activity-stream.unifiedAds.ohttp.enabled", true); // [NO-ANDROID] [NO-MAIL] [DEFENSE IN DEPTH]

/// If Merino is enabled, disable experimentation [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/DiscoveryStreamFeed.sys.mjs#1924 [NO-ANDROID] [NO-MAIL]
defaultPref("browser.newtabpage.activity-stream.discoverystream.merino-feed-experiment", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

/// If Merino is enabled, use OHTTP for superior privacy [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/nimbus/FeatureManifest.yaml#1171 [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/DiscoveryStreamFeed.sys.mjs#1727 [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/c2646728/browser/components/urlbar/MerinoClient.sys.mjs#75 [NO-ANDROID] [NO-MAIL]
defaultPref("browser.newtabpage.activity-stream.discoverystream.merino-provider.ohttp.enabled", true); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.newtabpage.activity-stream.discoverystream.ohttp.configURL", "https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs"); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
defaultPref("browser.newtabpage.activity-stream.discoverystream.ohttp.relayURL", "https://mozilla-ohttp.fastly-edge.com/"); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
defaultPref("browser.urlbar.merino.ohttpConfigURL", "https://prod.merino.prod.webservices.mozgcp.net/ohttp-configs"); // [NO-ANDROID] [NO-MAIL] [DEFAULT - Nightly]
defaultPref("browser.urlbar.merino.ohttpRelayURL", "https://ohttp-merino.mozilla.fastly-edge.com"); // [NO-ANDROID] [NO-MAIL] [DEFAULT - Nightly]

/// If sponsored content is somehow enabled, ensure that privacy protections are enabled [NO-ANDROID] [NO-MAIL]
defaultPref("browser.newtabpage.sponsor-protection.debug", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN] [DEFAULT]
defaultPref("browser.newtabpage.sponsor-protection.enabled", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

/// If stories are enabled, allow customization and following/unfollowing interests/topics [NO-ANDROID] [NO-MAIL]
defaultPref("browser.newtabpage.activity-stream.discoverystream.sections.customizeMenuPanel.enabled", true); // [NO-ANDROID] [NO-MAIL] https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/ActivityStream.sys.mjs#714
defaultPref("browser.newtabpage.activity-stream.discoverystream.sections.interestPicker.enabled", true); // [NO-ANDROID] [NO-MAIL] https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/ActivityStream.sys.mjs#831
defaultPref("browser.newtabpage.activity-stream.discoverystream.sections.personalization.enabled", true); // [NO-ANDROID] [NO-MAIL] https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/ActivityStream.sys.mjs#706
defaultPref("browser.newtabpage.activity-stream.discoverystream.topicSelection.enabled", true); // [NO-ANDROID] [NO-MAIL] https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/ActivityStream.sys.mjs#1236

/// If stories are enabled, disable "personalization" [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/mozilla-central/source/browser/extensions/newtab/lib/RecommendationProvider.sys.mjs [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/mozilla-central/rev/7d68baf8/browser/app/profile/firefox.js#1967 [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/mozilla-central/source/browser/extensions/newtab/lib/InferredPersonalizationFeed.sys.mjs [NO-ANDROID] [NO-MAIL]
lockPref("browser.newtabpage.activity-stream.discoverystream.personalization.enabled", false); // [NO-ANDROID] [NO-MAIL]
lockPref("browser.newtabpage.activity-stream.discoverystream.recs.personalized", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
lockPref("browser.newtabpage.activity-stream.discoverystream.sections.personalization.inferred.enabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
lockPref("browser.newtabpage.activity-stream.discoverystream.sections.personalization.inferred.locale-config", ""); // [NO-ANDROID] [NO-MAIL]
lockPref("browser.newtabpage.activity-stream.discoverystream.sections.personalization.inferred.region-config", ""); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
lockPref("browser.newtabpage.activity-stream.discoverystream.sections.personalization.inferred.user.enabled", false); // [NO-ANDROID] [NO-MAIL]
lockPref("browser.newtabpage.activity-stream.discoverystream.shortcuts.personalization.enabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
lockPref("browser.newtabpage.activity-stream.discoverystream.spocs.personalized", false); // [NO-ANDROID] [NO-MAIL]
lockPref("browser.newtabpage.activity-stream.feeds.inferredpersonalizationfeed", false); // [NO-ANDROID] [NO-MAIL]

/// If stories are enabled, disable impression tracking [NO-ANDROID] [NO-MAIL]
lockPref("browser.newtabpage.activity-stream.impressionId", "{some-fake-impression-ID}"); // [NO-ANDROID] [NO-MAIL] https://searchfox.org/mozilla-central/source/browser/extensions/newtab/test/xpcshell/test_TelemetryFeed.js
lockPref("browser.newtabpage.activity-stream.discoverystream.rec.impressions", "{}"); // [NO-ANDROID] [NO-MAIL] [DEFAULT] https://searchfox.org/mozilla-central/rev/cc4985b7/browser/extensions/newtab/lib/ActivityStream.sys.mjs#978
lockPref("browser.newtabpage.activity-stream.discoverystream.spoc.impressions", "{}"); // [NO-ANDROID] [NO-MAIL] [DEFAULT] https://searchfox.org/mozilla-central/rev/cc4985b7/browser/extensions/newtab/lib/ActivityStream.sys.mjs#962
lockPref("browser.newtabpage.activity-stream.feeds.section.topstories.rec.impressions", "{}"); // [NO-ANDROID] [NO-MAIL] [HIDDEN] https://searchfox.org/mozilla-central/rev/cc4985b7/browser/extensions/newtab/lib/TopStoriesFeed.sys.mjs#33
lockPref("browser.newtabpage.activity-stream.feeds.section.topstories.spoc.impressions", "{}"); // [NO-ANDROID] [NO-MAIL] [HIDDEN] https://searchfox.org/mozilla-central/rev/cc4985b7/browser/extensions/newtab/lib/TopStoriesFeed.sys.mjs#27

/// If stories are enabled, enable the new sections UI by default [NO-ANDROID] [NO-MAIL]
defaultPref("browser.newtabpage.activity-stream.discoverystream.sections.cards.enabled", true); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.newtabpage.activity-stream.discoverystream.sections.enabled", true); // [NO-ANDROID] [NO-MAIL]

/// If stories are enabled, fetch content from Merino (instead of Pocket and friends) [NO-ANDROID] [NO-MAIL]
// Newer, more private (ex. OHTTP), etc. [NO-ANDROID] [NO-MAIL]
defaultPref("browser.newtabpage.activity-stream.discoverystream.config", '{"collapsible":true,"enabled":true}'); // [NO-ANDROID] [NO-MAIL] https://searchfox.org/mozilla-central/rev/7d68baf8/browser/extensions/newtab/lib/ActivityStream.sys.mjs#886
defaultPref("browser.newtabpage.activity-stream.discoverystream.enabled", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
defaultPref("browser.newtabpage.activity-stream.discoverystream.endpoints", "https://merino.services.mozilla.com/"); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.newtabpage.activity-stream.discoverystream.merino-provider.enabled", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
defaultPref("browser.newtabpage.activity-stream.discoverystream.merino-provider.endpoint", "merino.services.mozilla.com"); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
defaultPref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
defaultPref("browser.newtabpage.activity-stream.feeds.recommendationprovider", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
defaultPref("browser.newtabpage.activity-stream.feeds.section.topstories.options", '{"hidden":true,"show_spocs":false}'); // [NO-ANDROID] [NO-MAIL] [ESR] https://searchfox.org/firefox-esr140/rev/8c69555d/browser/extensions/newtab/lib/ActivityStream.sys.mjs#187 (Hides the toggle at `about:preferences#home`)

/// Prevent searches from jumping to the URL bar [NO-ANDROID] [NO-MAIL] [ESR]
// https://www.reddit.com/r/firefox/comments/oxwvbo/firefox_start_page_search_options/ [NO-ANDROID] [NO-MAIL] [ESR]
defaultPref("browser.newtabpage.activity-stream.improvesearch.handoffToAwesomebar", false); // [NO-ANDROID] [NO-MAIL] [ESR]

/// Proxy images [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/aee7c0f2/browser/extensions/newtab/lib/ActivityStream.sys.mjs#921 [NO-ANDROID] [NO-MAIL]
defaultPref("browser.newtabpage.activity-stream.discoverystream.imageProxy.enabled", true); // [NO-ANDROID] [NO-MAIL] [NIGHTLY]

/// Remove default shortcuts [NO-ANDROID] [NO-MAIL]
defaultPref("browser.newtabpage.activity-stream.default.sites", ""); // [NO-ANDROID] [NO-MAIL] https://searchfox.org/mozilla-central/rev/7d68baf8/browser/extensions/newtab/lib/ActivityStream.sys.mjs#181
defaultPref("browser.newtabpage.activity-stream.improvesearch.noDefaultSearchTile", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT] https://searchfox.org/mozilla-central/rev/7d68baf8/browser/extensions/newtab/lib/ActivityStream.sys.mjs#831
defaultPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts", false); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.havePinned", ""); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
defaultPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.searchEngines", ""); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.newtabpage.pinned", '[{"url":"","label":"! Placeholder"}]'); // [NO-ANDROID] [NO-MAIL] [HIDDEN] https://searchfox.org/mozilla-central/rev/7d68baf8/toolkit/modules/NewTabUtils.sys.mjs#147 - Set as a placeholder to allow easily adding custom shortcuts/pins

defaultPref("browser.phoenix.status", "029");

/*** 030 FIREFOX SUGGEST ***/ // [NO-ANDROID] [NO-MAIL]

/// Disable AccuWeather suggestions by default, but allow users to enable them if desired [NO-ANDROID] [NO-MAIL]
// NOTE: This requires `browser.urlbar.suggest.quicksuggest.sponsored` set to `true` (when that pref is true, we still prevent the standard sponsored content from showing and disable the standard ad providers, thanks to `browser.urlbar.merino.providers`) [NO-ANDROID] [NO-MAIL]
// NOTE: We also warn users before navigating to AccuWeather if they select a result, via uBlock Origin, so that this feature can be used safely without directly navigating to AccuWeather's website (which includes ads/tracking/etc.) [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.suggest.weather", false); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.weather.featureGate", true); // [NO-ANDROID] [NO-MAIL]

/// Disable adMarketplace (AMP) suggestions [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/mozilla-central/source/browser/components/urlbar/private/AmpSuggestions.sys.mjs [NO-ANDROID] [NO-MAIL]
lockPref("browser.urlbar.amp.featureGate", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
lockPref("browser.urlbar.suggest.amp", false); // [NO-ANDROID] [NO-MAIL]

/// Disable AMO suggestions by default, but allow users to enable them if desired [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/mozilla-central/source/browser/components/urlbar/private/AddonSuggestions.sys.mjs [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.addons.featureGate", true); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.suggest.addons", false); // [NO-ANDROID] [NO-MAIL]

/// Disable "Exposure" telemetry [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/mozilla-central/rev/cc4985b7/toolkit/components/nimbus/FeatureManifest.yaml#281 [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/mozilla-central/rev/cc4985b7/toolkit/components/nimbus/FeatureManifest.yaml#326 [NO-ANDROID] [NO-MAIL]
lockPref("browser.urlbar.exposureResults", ""); // [NO-ANDROID] [NO-MAIL] [HIDDEN]
lockPref("browser.urlbar.keywordExposureResults", ""); // [NO-ANDROID] [NO-MAIL] [HIDDEN]
lockPref("browser.urlbar.showExposureResults", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN]

/// Disable Fakespot suggestions [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/mozilla-central/source/browser/components/urlbar/private/FakespotSuggestions.sys.mjs [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.fakespot.featureGate", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
defaultPref("browser.urlbar.suggest.fakespot", false); // [NO-ANDROID] [NO-MAIL]

/// Disable fetching minimum keyword lengths from Nimbus and/or Remote Settings [NO-ANDROID] [NO-MAIL]
// We also set these as user prefs in `phoenix-user-pref.cfg`, to ensure that Firefox properly uses/recognizes them [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.addons.minKeywordLength", 4); // [NO-ANDROID] [NO-MAIL] https://searchfox.org/firefox-main/rev/16707ce1/browser/app/profile/firefox.js#736
defaultPref("browser.urlbar.flightStatus.minKeywordLength", 4); // [NO-ANDROID] [NO-MAIL] [HIDDEN] https://searchfox.org/firefox-main/rev/16707ce1/browser/components/urlbar/UrlbarPrefs.sys.mjs#143
defaultPref("browser.urlbar.market.minKeywordLength", 4); // [NO-ANDROID] [NO-MAIL] https://searchfox.org/firefox-main/rev/16707ce1/browser/components/urlbar/UrlbarPrefs.sys.mjs#181
defaultPref("browser.urlbar.weather.minKeywordLength", 4); // [NO-ANDROID] [NO-MAIL] https://searchfox.org/firefox-main/rev/16707ce1/browser/components/urlbar/UrlbarPrefs.sys.mjs#627
defaultPref("browser.urlbar.yelp.minKeywordLength", 4); // [NO-ANDROID] [NO-MAIL] [DEFAULT] https://searchfox.org/firefox-main/rev/16707ce1/browser/components/urlbar/UrlbarPrefs.sys.mjs#642
defaultPref("browser.urlbar.yelpRealtime.minKeywordLength", 4); // [NO-ANDROID] [NO-MAIL] https://searchfox.org/firefox-main/rev/16707ce1/browser/components/urlbar/UrlbarPrefs.sys.mjs#666

/// Disable Firefox Suggest by default [NO-ANDROID] [NO-MAIL]
/// I'd rather not set this, but unfortunately, when it's on, it causes Firefox to connect to `https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/quicksuggest-amp/changeset?_expected=*` and `https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/quicksuggest-other/changeset?_expected=*` on every launch, EVEN IF no suggestions are enabled :/ [NO-ANDROID] [NO-MAIL]
// This also gives us a cleaner UI, and I highly doubt that this is something most of our users want anyways [NO-ANDROID] [NO-MAIL]
// NOTE: This usually gets ignored and set to `true` anyways (unless we lock it), but we also set the region to a dummy one ("XX"), which prevents that from happening - https://searchfox.org/firefox-main/source/browser/components/urlbar/QuickSuggest.sys.mjs [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.quicksuggest.enabled", false); // [NO-ANDROID] [NO-MAIL]

/// Disable FlightAware (flight status) suggestions by default, but allow users to enable them if desired [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/source/browser/components/urlbar/private/FlightStatusSuggestions.sys.mjs[NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/16707ce1/browser/app/profile/firefox.js#788 [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/16707ce1/browser/components/urlbar/UrlbarPrefs.sys.mjs#489 [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.flightStatus.featureGate", true); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.suggest.flightStatus", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN]

/// Disable machine learning [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/mozilla-central/source/browser/components/urlbar/private/MLSuggest.sys.mjs [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.quicksuggest.mlEnabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
defaultPref("browser.urlbar.yelp.mlEnabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

/// Disable MDN suggestions by default, but allow users to enable them if desired [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/mozilla-central/source/browser/components/urlbar/private/MDNSuggestions.sys.mjs [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.mdn.featureGate", true); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.suggest.mdn", false); // [NO-ANDROID] [NO-MAIL]

/// Disable nags to opt-in to "real-time suggestions" [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/4258ca07/browser/components/urlbar/UrlbarPrefs.sys.mjs#489 [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/4258ca07/browser/app/profile/firefox.js#758 [NO-ANDROID] [NO-MAIL]
lockPref("browser.urlbar.suggest.realtimeOptIn", false); // [NO-ANDROID] [NO-MAIL]

/// Disable online suggestions [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/16707ce1/browser/app/profile/firefox.js#470 [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/16707ce1/browser/app/profile/firefox.js#492 [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/16707ce1/browser/app/profile/firefox.js#499 [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.quicksuggest.online.available", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT] Hides UI at `about:preferences#search`
defaultPref("browser.urlbar.quicksuggest.online.enabled", false); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.quicksuggest.settingsUi", 2); // [NO-ANDROID] [NO-MAIL] Hides UI at `about:preferences#search`
defaultPref("browser.urlbar.suggest.quicksuggest.all", false); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.suggest.quicksuggest.nonsponsored", false); // [NO-ANDROID] [NO-MAIL]

/// Disable partner links/attribution [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/mozilla-central/source/browser/modules/PartnerLinkAttribution.sys.mjs [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/mozilla-central/rev/7d68baf8/browser/app/profile/firefox.js#1745 [NO-ANDROID] [NO-MAIL]
lockPref("browser.partnerlink.attributionURL", ""); // [NO-ANDROID] [NO-MAIL]
lockPref("browser.partnerlink.campaign.topsites", ""); // [NO-ANDROID] [NO-MAIL]

/// Disable Polygon (stock market) suggestions by default, but allow users to enable them if desired [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/source/browser/components/urlbar/private/MarketSuggestions.sys.mjs [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/4258ca07/browser/app/profile/firefox.js#761 [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/4258ca07/browser/components/urlbar/UrlbarPrefs.sys.mjs#470 [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.market.featureGate", true); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.suggest.market", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN]

/// Disable row labels by default [NO-ANDROID] [NO-MAIL]
// Provides a cleaner UI, and removes Firefox Suggest branding from results [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/16707ce1/browser/components/urlbar/UrlbarPrefs.sys.mjs#159 [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.groupLabels.enabled", false); // [NO-ANDROID] [NO-MAIL]

/// Disable sponsored suggestions [NO-ANDROID] [NO-MAIL]
// NOTE: `browser.urlbar.suggest.quicksuggest.sponsored` is required for weather suggestions; due to `browser.urlbar.merino.providers` though, when `browser.urlbar.suggest.quicksuggest.sponsored` is on, the only thing it does is allow weather suggestions - so we won't lock this [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/mozilla-central/rev/7d68baf8/browser/components/urlbar/UrlbarPrefs.sys.mjs#415 [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/mozilla-central/rev/10ecded0/browser/app/profile/firefox.js#495 [NO-ANDROID] [NO-MAIL]
lockPref("browser.urlbar.sponsoredTopSites", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
defaultPref("browser.urlbar.suggest.quicksuggest.sponsored", false); // [NO-ANDROID] [NO-MAIL]

/// Disable sports suggestions by default, but allow users to enable them if desired [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/source/browser/components/urlbar/private/SportsSuggestions.sys.mjs [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/70425199/browser/app/profile/firefox.js#795 [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/70425199/browser/components/urlbar/UrlbarPrefs.sys.mjs#532 [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.sports.featureGate", true); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.suggest.sports", false); // [NO-ANDROID] [NO-MAIL]

/// Disable telemetry [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/mozilla-central/source/browser/components/urlbar/docs/firefox-suggest-telemetry.rst [NO-ANDROID] [NO-MAIL]
lockPref("browser.urlbar.quicksuggest.contextualOptIn", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
lockPref("browser.urlbar.quicksuggest.dataCollection.enabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

/// Disable Wikipedia suggestions by default, but allow users to enable them if desired [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/mozilla-central/source/browser/components/urlbar/private/WikipediaSuggestions.sys.mjs [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.suggest.wikipedia", false); // [NO-ANDROID] [NO-MAIL] [NIGHTLY]
defaultPref("browser.urlbar.wikipedia.featureGate", true); // [NO-ANDROID] [NO-MAIL] [NIGHTLY]

/// Disable Yelp suggestions [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/source/browser/components/urlbar/private/YelpSuggestions.sys.mjs [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/source/browser/components/urlbar/private/YelpRealtimeSuggestions.sys.mjs [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.suggest.yelp", false); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.suggest.yelpRealtime", false); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.yelp.featureGate", false); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.yelpRealtime.featureGate", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

/// Enable important date suggestions by default [NO-ANDROID] [NO-MAIL]
// (If these are set and Firefox Suggest (browser.urlbar.quicksuggest.enabled) is enabled, ex. searching "Christmas" shows "Thursday, December 25, 2025") [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/source/browser/components/urlbar/private/ImportantDatesSuggestions.sys.mjs[NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/16707ce1/browser/app/profile/firefox.js#769 [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/firefox-main/rev/16707ce1/browser/app/profile/firefox.js#772 [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.importantDates.featureGate", true); // [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.suggest.importantDates", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

/// Ensure that we're using the newer Rust backend [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/mozilla-central/rev/cc4985b7/browser/components/urlbar/UrlbarPrefs.sys.mjs#317 [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.quicksuggest.rustEnabled", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

/// If Merino is enabled, only allow fetching content from AccuWeather, AMO, MDN, Polygon (stock market), and Wikipedia (if the corresponding prefs are enabled) [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/mozilla-central/rev/cc4985b7/browser/components/urlbar/MerinoClient.sys.mjs#123 [NO-ANDROID] [NO-MAIL]
// NOTE: These are also required for displaying Weather on Firefox Home (`about:home`) [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.merino.endpointURL", "https://prod.merino.prod.webservices.mozgcp.net/api/v1/suggest"); // [NO-ANDROID] [NO-MAIL] [DEFAULT - Nightly]
defaultPref("browser.urlbar.merino.providers", "accuweather,amo,flightaware,market,mdn,sports,wikipedia"); // [NO-ANDROID] [NO-MAIL]

/// If Yelp suggestions are enabled, show subject/title for results [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/mozilla-central/rev/cc4985b7/browser/app/profile/firefox.js#706 [NO-ANDROID] [NO-MAIL]
defaultPref("browser.urlbar.yelp.serviceResultDistinction", true); // [NO-ANDROID] [NO-MAIL]

defaultPref("browser.phoenix.status", "030"); // [NO-ANDROID] [NO-MAIL]

/*** 031 SYNC ***/ // [NO-ANDROID]

/// Disable Firefox Sync by default [NO-ANDROID]
// When signing in to Firefox Sync, this controls the items (checkboxes) that are set to sync (under `about:preferences#sync`). [NO-ANDROID]
// This allows the user to control and choose for themselves what they'd like to sync, rather than automatically syncing everything (like the default) [NO-ANDROID]
defaultPref("services.sync.engine.addons", false); // [NO-ANDROID]
defaultPref("services.sync.engine.addresses", false); // [NO-ANDROID] [DEFAULT]
defaultPref("services.sync.engine.bookmarks", false); // [NO-ANDROID]
defaultPref("services.sync.engine.creditcards", false); // [NO-ANDROID] [DEFAULT]
defaultPref("services.sync.engine.history", false); // [NO-ANDROID]
defaultPref("services.sync.engine.passwords", false); // [NO-ANDROID]
defaultPref("services.sync.engine.prefs", false); // [NO-ANDROID]
defaultPref("services.sync.engine.tabs", false); // [NO-ANDROID]

/// Disable promotions [NO-ANDROID] [NO-MAIL]
lockPref("identity.fxaccounts.toolbar.pxiToolbarEnabled", false); // [NO-ANDROID] [NO-MAIL]
lockPref("identity.fxaccounts.toolbar.pxiToolbarEnabled.monitorEnabled", false); // [NO-ANDROID] [NO-MAIL]
lockPref("identity.fxaccounts.toolbar.pxiToolbarEnabled.relayEnabled", false); // [NO-ANDROID] [NO-MAIL]
lockPref("identity.fxaccounts.toolbar.pxiToolbarEnabled.vpnEnabled", false); // [NO-ANDROID] [NO-MAIL]
lockPref("identity.mobilepromo.android", ""); // [NO-ANDROID] [NO-MAIL]
lockPref("identity.mobilepromo.ios", ""); // [NO-ANDROID] [NO-MAIL]
lockPref("identity.sendtabpromo.url", ""); // [NO-ANDROID] [NO-MAIL]

/// Disable sending the user agent with Firefox Sync requests [NO-ANDROID]
// https://searchfox.org/firefox-main/rev/af0f713f/services/sync/modules/resource.sys.mjs#38 [NO-ANDROID]
// https://searchfox.org/firefox-main/rev/af0f713f/services/sync/modules/resource.sys.mjs#99 [NO-ANDROID]
defaultPref("services.sync.sendVersionInfo", false); // [NO-ANDROID]

/// Disable set-up/feature recommendation [NO-ANDROID] [NO-MAIL]
// https://searchfox.org/mozilla-central/source/browser/base/content/browser-sync.js [NO-ANDROID] [NO-MAIL]
lockPref("identity.fxaccounts.toolbar.syncSetup.panelAccessed", true); // [NO-ANDROID] [NO-MAIL]

/// Disable telemetry [NO-ANDROID]
lockPref("identity.fxaccounts.account.telemetry.sanitized_uid", ""); // [NO-ANDROID]
lockPref("identity.fxaccounts.telemetry.clientAssociationPing.enabled", false); // [NO-ANDROID]
defaultPref("services.sync.log.logger.telemetry", "Fatal"); // [NO-ANDROID] [HIDDEN]
lockPref("services.sync.telemetry.maxEventsCount", 0); // [NO-ANDROID] [HIDDEN] Disable `sync` ping https://searchfox.org/mozilla-central/source/toolkit/components/telemetry/docs/data/sync-ping.rst
lockPref("services.sync.telemetry.maxPayloadCount", 0); // [NO-ANDROID] Disable `sync` ping https://searchfox.org/mozilla-central/source/toolkit/components/telemetry/docs/data/sync-ping.rst
lockPref("services.sync.telemetry.submissionInterval", 2147483647); // [NO-ANDROID] Disable `sync` ping https://searchfox.org/mozilla-central/source/toolkit/components/telemetry/docs/data/sync-ping.rst

/// If Firefox sync is enabled, disable avatar fetching [NO-ANDROID]
// See "network.dns.localDomains" above, we need to block "profile.accounts.firefox.com" [NO-ANDROID]
// The pref below just prevents Firefox from complaining and generating log files/errors when that domain can't be reached (even though it's unnecessary for Sync to function AFAICT...) [NO-ANDROID]
defaultPref("services.sync.log.appender.file.level", "Fatal"); // [NO-ANDROID]

/// Improve the reliability of extension storage sync [NO-ANDROID]
defaultPref("services.sync.extension-storage.skipPercentageChance", 0); // [NO-ANDROID]

/// Sync additional preferences... [NO-ANDROID] [NO-MAIL]
defaultPref("services.sync.prefs.sync.browser.bookmarks.autoExportHTML", true); // [NO-ANDROID] [NO-MAIL]
defaultPref("services.sync.prefs.sync.browser.bookmarks.openInTabClosesMenu", true); // [NO-ANDROID] [NO-MAIL]
defaultPref("services.sync.prefs.sync.browser.compactmode.show", true); // [NO-ANDROID] [NO-MAIL]
defaultPref("services.sync.prefs.sync.browser.download.open_pdf_attachments_inline", true); // [NO-ANDROID] [NO-MAIL]
defaultPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.discoverystream.recentSaves.enabled", true); // [NO-ANDROID] [NO-MAIL] [ESR]
defaultPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.improvesearch.handoffToAwesomebar", true); // [NO-ANDROID] [NO-MAIL] [ESR]
defaultPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.showRecentSaves", true); // [NO-ANDROID] [NO-MAIL] [ESR]
defaultPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.showWeather", true); // [NO-ANDROID] [NO-MAIL]
defaultPref("services.sync.prefs.sync.browser.preferences.experimental", true); // [NO-ANDROID] [NO-MAIL]
defaultPref("services.sync.prefs.sync.browser.privatebrowsing.resetPBM.enabled", true); // [NO-ANDROID] [NO-MAIL]
defaultPref("services.sync.prefs.sync.browser.privateWindowSeparation.enabled", true); // [NO-ANDROID] [NO-MAIL]
defaultPref("services.sync.prefs.sync.browser.search.openintab", true); // [NO-ANDROID] [NO-MAIL]
defaultPref("services.sync.prefs.sync.browser.search.separatePrivateDefault.urlbarResult.enabled", true); // [NO-ANDROID] [NO-MAIL]
defaultPref("services.sync.prefs.sync.browser.spin_cursor_while_busy", true); // [NO-ANDROID] [NO-MAIL]
defaultPref("services.sync.prefs.sync.browser.tabs.groups.enabled", true); // [NO-ANDROID] [NO-MAIL]
defaultPref("services.sync.prefs.sync.browser.tabs.loadBookmarksInTabs", true); // [NO-ANDROID] [NO-MAIL]
defaultPref("services.sync.prefs.sync.browser.toolbars.bookmarks.visibility", true); // [NO-ANDROID] [NO-MAIL]
defaultPref("services.sync.prefs.sync.browser.urlbar.openintab", true); // [NO-ANDROID] [NO-MAIL]
defaultPref("services.sync.prefs.sync.browser.urlbar.suggest.calculator", true); // [NO-ANDROID] [NO-MAIL]
defaultPref("services.sync.prefs.sync.browser.urlbar.suggest.clipboard", true); // [NO-ANDROID] [NO-MAIL]
defaultPref("services.sync.prefs.sync.browser.urlbar.unitConversion.enabled", true); // [NO-ANDROID] [NO-MAIL]
defaultPref("services.sync.prefs.sync.browser.urlbar.update2.engineAliasRefresh", true); // [NO-ANDROID] [NO-MAIL]
defaultPref("services.sync.prefs.sync.browser.xul.error_pages.expert_bad_cert", true); // [NO-ANDROID] [NO-MAIL]
defaultPref("services.sync.prefs.sync.browser.xul.error_pages.show_safe_browsing_details_on_load", true); // [NO-ANDROID] [NO-MAIL]
defaultPref("services.sync.prefs.sync.devtools.chrome.enabled", true); // [NO-ANDROID] [NO-MAIL]
defaultPref("services.sync.prefs.sync.devtools.command-button-measure.enabled", true); // [NO-ANDROID] [NO-MAIL]
defaultPref("services.sync.prefs.sync.devtools.command-button-rulers.enabled", true); // [NO-ANDROID] [NO-MAIL]
defaultPref("services.sync.prefs.sync.devtools.command-button-screenshot.enabled", true); // [NO-ANDROID] [NO-MAIL]
defaultPref("services.sync.prefs.sync.devtools.dom.enabled", true); // [NO-ANDROID] [NO-MAIL]
defaultPref("services.sync.prefs.sync.devtools.debugger.ui.editor-wrapping", true); // [NO-ANDROID] [NO-MAIL]
defaultPref("services.sync.prefs.sync.dom.security.https_only_mode_error_page_user_suggestions", true); // [NO-ANDROID] [NO-MAIL]
defaultPref("services.sync.prefs.sync.dom.security.https_only_mode_send_http_background_request", true); // [NO-ANDROID] [NO-MAIL]
defaultPref("services.sync.prefs.sync.extensions.quarantineIgnoredByUser.{b86e4813-687a-43e6-ab65-0bde4ab75758}", true); // [NO-ANDROID] [NO-MAIL]
defaultPref("services.sync.prefs.sync.extensions.quarantineIgnoredByUser.{d19a89b9-76c1-4a61-bcd4-49e8de916403}", true); // [NO-ANDROID] [NO-MAIL]
defaultPref("services.sync.prefs.sync.findbar.highlightAll", true); // [NO-ANDROID] [NO-MAIL]
defaultPref("services.sync.prefs.sync.layout.forms.reveal-password-button.enabled", true); // [NO-ANDROID] [NO-MAIL]
defaultPref("services.sync.prefs.sync.media.autoplay.blocking_policy", true); // [NO-ANDROID] [NO-MAIL]
defaultPref("services.sync.prefs.sync.middlemouse.paste", true); // [NO-ANDROID] [NO-MAIL]
defaultPref("services.sync.prefs.sync.network.IDN_show_punycode", true); // [NO-ANDROID] [NO-MAIL]
defaultPref("services.sync.prefs.sync.pdfjs.sidebarViewOnLoad", true); // [NO-ANDROID] [NO-MAIL]
defaultPref("services.sync.prefs.sync.privacy.webrtc.globalMuteToggles", true); // [NO-ANDROID] [NO-MAIL]
defaultPref("services.sync.prefs.sync.sidebar.main.tools", true); // [NO-ANDROID] [NO-MAIL]
defaultPref("services.sync.prefs.sync.sidebar.revamp", true); // [NO-ANDROID] [NO-MAIL]
defaultPref("services.sync.prefs.sync.startup.homepage_override_nimbus_disable_wnp", true); // [NO-ANDROID] [NO-MAIL]
defaultPref("services.sync.prefs.sync.view_source.wrap_long_lines", true); // [NO-ANDROID] [NO-MAIL]

defaultPref("browser.phoenix.status", "031"); // [NO-ANDROID]

/*** 032 LIBREWOLF ***/ // [NO-ANDROID] [NO-MAIL]

/// The following prefs are specific to LibreWolf and its derivatives, you can safely ignore them if you're not using LibreWolf [NO-ANDROID] [NO-MAIL]
// While we don't officially support LibreWolf, I am aware of people using Phoenix with LibreWolf - and these are nice to have anyways, especially if we do support them in the future [NO-ANDROID] [NO-MAIL]
// https://codeberg.org/librewolf/settings/src/branch/master/librewolf.cfg [NO-ANDROID] [NO-MAIL]

/// Enable update checks when navigating to `About LibreWolf` [NO-ANDROID] [NO-MAIL]
defaultPref("librewolf.aboutMenu.checkVersion", true); // [NO-ANDROID] [NO-MAIL]

/// Set the uBlock Origin config to our own by default [NO-ANDROID] [NO-MAIL]
// https://phoenix.celenity.dev/content-blocking [NO-ANDROID] [NO-MAIL]
defaultPref("librewolf.uBO.assetsBootstrapLocation", "https://assets.celenity.dev/ublock/phoenix/assets.json"); // [NO-ANDROID] [NO-MAIL]

defaultPref("browser.phoenix.status", "032"); // [NO-ANDROID] [NO-MAIL]

/*** 033 WATERFOX ***/ // [NO-ANDROID] [NO-MAIL]

/// The following prefs are specific to Waterfox and its derivatives, you can safely ignore them if you're not using Waterfox [NO-ANDROID] [NO-MAIL]
// Note that we definitely do NOT support or recommend using Waterfox... [NO-ANDROID] [NO-MAIL]

/// Do not allow ads/tracking on "partner" sites [NO-ANDROID] [NO-MAIL]
// (Currently includes Startpage) [NO-ANDROID] [NO-MAIL]
// https://github.com/BrowserWorks/waterfox/issues/4182 [NO-ANDROID] [NO-MAIL]
defaultPref("waterfox.blocker.allowSearchPartnerAds", false); // [NO-ANDROID] [NO-MAIL]

defaultPref("browser.phoenix.status", "033"); // [NO-ANDROID] [NO-MAIL]

/*** 034 SPECIALIZED/CUSTOM CONFIGS ***/ // [NO-ANDROID]

/// Configure remote AutoConfig files (if active) [NO-ANDROID]
defaultPref("autoadmin.failover_to_cached", true); // [NO-ANDROID]
defaultPref("autoadmin.offline_failover", true); // [NO-ANDROID]
defaultPref("autoadmin.refresh_interval", 60); // [NO-ANDROID]

defaultPref("browser.phoenix.status", "034"); // [NO-ANDROID]

lockPref("browser.phoenix.status", "successfully applied :D");
lockPref("browser.phoenix.applied.cfg", true);

//
// Copyright (C) 2024-2026 celenity
//
// This file is part of Phoenix.
//
// Phoenix is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
//
// Phoenix is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License along with Phoenix. If not, see https://www.gnu.org/licenses/.
//

// This file contains Phoenix's "user" prefs, as it's not really possible to set those with the standard `.js` pref files
// See `phoenix-unified.js` (or `phoenix.js`/`phoenix-desktop.js` if you're looking at this locally...) for info on these prefs/why they're included.

// Determine our platform
/// See: https://codeberg.org/celenity/Phoenix/issues/231 - in the future, we'll likely use these to ship a single, unified .cfg
/// file for all platforms
defaultPref("browser.phoenix.platform", "unknown");
defaultPref("browser.phoenix.platform.current", "unknown");
defaultPref("browser.phoenix.platformSet", false);

try {
    // First, check the value of PHOENIX_HOST_PLATFORM
    if (getenv("PHOENIX_HOST_PLATFORM") == "android") {
        PHOENIX_PLATFORM = 'android'
    } else if (getenv("PHOENIX_HOST_PLATFORM") == "linux") {
        PHOENIX_PLATFORM = 'linux'
    // For now, we don't really need to distinguish between OS X and OS X Intel
    } else if (getenv("PHOENIX_HOST_PLATFORM") == "osx" || getenv("PHOENIX_HOST_PLATFORM") == "osx-intel") {
        PHOENIX_PLATFORM = 'osx'
    } else if (getenv("PHOENIX_HOST_PLATFORM") == "windows") {
        PHOENIX_PLATFORM = 'windows'

    // Now, fall-back to system env variables...

    // If any of the following env variables are defined, we know we're on Android:
    // (For general ANDROID_ vars, see ex.: https://android.googlesource.com/platform/system/core/+/refs/heads/main/rootdir/init.environ.rc.in)
    // ANDROID_ART_ROOT
    // ANDROID_ASSETS
    // ANDROID_BOOTLOGO
    // ANDROID_DATA
    // ANDROID_I18N_ROOT
    // ANDROID_ROOT
    // ANDROID_STORAGE
    // ANDROID_TZDATA_ROOT
    // MOZ_ANDROID_CPU_ABI
    // MOZ_ANDROID_CRASH_HANDLER
    // MOZ_ANDROID_LIBDIR
    // MOZ_ANDROID_LIBDIR_OVERRIDE
    // MOZ_ANDROID_PACKAGE_NAME
    // MOZ_ANDROID_USER_SERIAL_NUMBER
    } else if (getenv("ANDROID_ART_ROOT") || getenv("ANDROID_ASSETS") || getenv("ANDROID_BOOTLOGO") || getenv("ANDROID_DATA") || getenv("ANDROID_I18N_ROOT") || getenv("ANDROID_ROOT") || getenv("ANDROID_STORAGE") || getenv("ANDROID_TZDATA_ROOT") || getenv("MOZ_ANDROID_CPU_ABI") || getenv("MOZ_ANDROID_CRASH_HANDLER") || getenv("MOZ_ANDROID_LIBDIR") || getenv("MOZ_ANDROID_LIBDIR_OVERRIDE") || getenv("MOZ_ANDROID_PACKAGE_NAME") || getenv("MOZ_ANDROID_USER_SERIAL_NUMBER")) {
        PHOENIX_PLATFORM = 'android'
    // If any of the following env variables are defined, we know we're on OS X:
    // __CFBundleIdentifier
    // MOZ_APP_NO_DOCK
    // MOZ_NO_GLOBAL_MOUSE_MONITOR
    // XPC_FLAGS
    // XPC_SERVICE_NAME
    } else if (getenv("__CFBundleIdentifier") || getenv("MOZ_APP_NO_DOCK") || getenv("MOZ_NO_GLOBAL_MOUSE_MONITOR") || getenv("XPC_FLAGS") || getenv("XPC_SERVICE_NAME")) {
        PHOENIX_PLATFORM = 'osx'
    // If any of the following env variables are defined, we know we're on Windows:
    // MOZ_ENABLE_WIN32K
    // USERPROFILE
    // XRE_NO_DLL_READAHEAD
    // XRE_NO_WINDOWS_CRASH_DIALOG
    } else if (getenv("MOZ_ENABLE_WIN32K") || getenv("USERPROFILE") || getenv("XRE_NO_DLL_READAHEAD") || getenv("XRE_NO_WINDOWS_CRASH_DIALOG")) {
        PHOENIX_PLATFORM = 'windows'
    // If any of the following env variables are defined, we know we're on Linux:
    // DESKTOP_SESSION
    // GDK_BACKEND
    // GDMSESSION
    // GNOME_DESKTOP_SESSION_ID
    // GTK_USE_PORTAL
    // KDE_FULL_SESSION
    // LXQT_SESSION_CONFIG
    // MATE_DESKTOP_SESSION_ID
    // MOZ_DISABLE_WAYLAND_PROXY
    // MOZ_GDK_DISPLAY
    // MOZ_USE_XINPUT2
    // MOZ_X_SYNC
    // MOZ_X11_EGL
    // SNAP
    // SNAP_DESKTOP_RUNTIME
    // SNAP_INSTANCE_NAME
    // SNAP_NAME
    // SNAP_REAL_HOME
    // SYSTEMD_EXEC_PID
    // WAYLAND_DISPLAY
    // WAYLAND_PROXY_LOG
    // XDG_ACTIVATION_TOKEN
    // XDG_CACHE_HOME
    // XDG_CONFIG_DIRS
    // XDG_CONFIG_HOME
    // XDG_CURRENT_DESKTOP
    // XDG_DATA_DIRS
    // XDG_DATA_HOME
    // XDG_MENU_PREFIX
    // XDG_RUNTIME_DIR
    // XDG_SESSION_CLASS
    // XDG_SESSION_DESKTOP
    // XDG_SESSION_TYPE
    } else if (getenv("DESKTOP_SESSION") || getenv("GDK_BACKEND") || getenv("GDMSESSION") || getenv("GNOME_DESKTOP_SESSION_ID") || getenv("GTK_USE_PORTAL") || getenv("KDE_FULL_SESSION") || getenv("LXQT_SESSION_CONFIG") || getenv("MATE_DESKTOP_SESSION_ID") || getenv("MOZ_DISABLE_WAYLAND_PROXY") || getenv("MOZ_GDK_DISPLAY") || getenv("MOZ_USE_XINPUT2") || getenv("MOZ_X_SYNC") || getenv("MOZ_X11_EGL") || getenv("SNAP") || getenv("SNAP_DESKTOP_RUNTIME") || getenv("SNAP_INSTANCE_NAME") || getenv("SNAP_NAME") || getenv("SNAP_REAL_HOME") || getenv("SYSTEMD_EXEC_PID") || getenv("WAYLAND_DISPLAY") || getenv("WAYLAND_PROXY_LOG") || getenv("XDG_ACTIVATION_TOKEN") || getenv("XDG_CACHE_HOME") || getenv("XDG_CONFIG_DIRS") || getenv("XDG_CONFIG_HOME") || getenv("XDG_CURRENT_DESKTOP") || getenv("XDG_DATA_DIRS") || getenv("XDG_DATA_HOME") || getenv("XDG_MENU_PREFIX") || getenv("XDG_RUNTIME_DIR") || getenv("XDG_SESSION_CLASS") || getenv("XDG_SESSION_DESKTOP") || getenv("XDG_SESSION_TYPE")) {
        PHOENIX_PLATFORM = 'linux'
    // At this point, we should really have our OS, but in case we don't for some reason, check prefs
    // In practice, these shouldn't be used
    } else if (getPref("apz.android.chrome_fling_physics.friction") || getPref("apz.android.chrome_fling_physics.inflexion") || getPref("apz.android.chrome_fling_physics.stop_threshold") || getPref("network.dns.native_https_timeout_android")) {
        PHOENIX_PLATFORM = 'android'
    } else if (getPref("browser.low_commit_space_threshold_percent") || getPref("media.ffmpeg.vaapi.force-surface-zero-copy") || getPref("widget.gtk.file-manager-show-items-timeout-ms")) {
        PHOENIX_PLATFORM = 'linux'
    } else if (getPref("network.dns.native_https_timeout_mac_msec") || getPref("widget.macos.shift-by-menubar-on-fullscreen") || getPref("widget.macos.automatic.text_substitution_fetch_length")) {
        PHOENIX_PLATFORM = 'osx'
    } else if (getPref("accessibility.windows.suppress-after-clipboard-copy") || getPref("accessibility.windows.suppress-for-snap-layout")) {
        PHOENIX_PLATFORM = 'windows'
    } else {
        PHOENIX_PLATFORM = 'unknown'
    }
} catch (e) {
    PHOENIX_PLATFORM = 'unknown'
};

pref("browser.phoenix.platform.current", `${PHOENIX_PLATFORM}`);
phoenixPlatformPrefCurrentValue = getPref("browser.phoenix.platform.current");

if (getPref("browser.phoenix.platformSet") == false || getPref("browser.phoenix.platform") == "unknown") {
    pref("browser.phoenix.platform", `${phoenixPlatformPrefCurrentValue}`);
    pref("browser.phoenix.platformSet", true); 
};

defaultPref("browser.phoenix.firstRun.complete", false);

// Handle migration of the default DoH provider
/// We previously used Quad9, but we're now using Mullvad (Base)
/// So we need to ensure that Quad9 remains the default provider for
/// existing users
/// (The reason this migration is needed is because we've been setting Quad9 as the DoH provider via
/// policies - we shouldn't have been doing that. That means this doesn't impact Android, so we can skip this migration on Android).
if (getPref("browser.phoenix.platform") != "android") {
    defaultPref("browser.phoenix.dohMigration.complete", false);
    if (getPref("browser.phoenix.dohMigration.complete") == false) {
        defaultPref("network.trr.uri", "default"); // Set default to a dummy value so that we can check if the user has overriden it
        if (getPref("browser.phoenix.firstRun.complete") == true && getPref("network.trr.uri") == "default") {
            // If the user is an existing Phoenix user who has NOT changed the DoH provider
            // (by setting `network.trr.uri` to a non-default value), we know they've been using
            // Quad9, so to ensure their DoH provider isn't overriden, set it as a user pref
            pref("network.trr.uri", "https://dns.quad9.net/dns-query");
        };
        defaultPref("network.trr.uri", ""); // Reset the default value back to nothing
    };
    pref("browser.phoenix.dohMigration.complete", true);
};

/// On first run, we need to reset the value of `extensions.quarantinedDomains.list`, in order for our custom list of quarantined domains to take effect
// (This is necessary because, for some reason, on Firefox Desktop, Mozilla sets their default list as a user pref/value)
// After first run though, we don't want to reset it, so that ex. users can customize the list if desired
// Similar applies for `browser.search.region` - that pref gets set as a `user` value, so we need to reset it
// Smooth scrolling (`general.smoothScroll`) is a similar weird case - we do attempt to enable it by default, but due to us disabling UI animations,
// Firefox disables it anyways - so, to work around that, we can set it as a user pref on first launch
if (getPref("browser.phoenix.firstRun.complete") == false) {
    clearPref("browser.search.region");
    clearPref("extensions.quarantinedDomains.list"); // [NO-ANDROID] [NO-MAIL]
    pref("general.smoothScroll", true);
    pref("browser.phoenix.firstRun.complete", true);
};

pref("browser.urlbar.addons.minKeywordLength", 4); // [NO-ANDROID]
pref("browser.urlbar.flightStatus.minKeywordLength", 4); // [NO-ANDROID]
pref("browser.urlbar.market.minKeywordLength", 4); // [NO-ANDROID]
pref("browser.urlbar.weather.minKeywordLength", 4); // [NO-ANDROID]
pref("browser.urlbar.yelp.minKeywordLength", 4); // [NO-ANDROID]
pref("browser.urlbar.yelpRealtime.minKeywordLength", 4); // [NO-ANDROID]
pref("devtools.debugger.pending-selected-location", "{}"); // [NO-ANDROID]
pref("devtools.debugger.remote-enabled", false);
pref("devtools.netmonitor.requestfilter", ""); // [NO-ANDROID]
pref("nimbus.profileId", "");
pref("xpinstall.enabled", false); // [NO-ANDROID] [NO-MAIL]

// Deregister the Glean add-on ping scheduler
clearPref("app.update.lastUpdateTime.glean-addons-daily");

clearPref("browser.policies.runOncePerModification.removeSearchEngines"); // [NO-ANDROID]
clearPref("browser.safebrowsing.provider.ironfox.lastupdatetime");
clearPref("browser.safebrowsing.provider.ironfox.nextupdatetime");

lockPref("browser.phoenix.applied.userCfg", true);
