I consider myself a Firefox power user: I love it and I take full advantage of its features. Here’s how I do it.
- Tabs containers, to avoid tracking, privacy intrusion, etc.
- Decentraleyes emulates CDNs to improve your online privacy. It intercepts traffic, finds supported resources locally, and injects them into the environment.
- Disconnect, another thing to avoid tracking
- DownThemAll!, to download all the links or images on a website
- DuckDuckGo Privacy Essentials, personal data protection
- Feed Preview, to quickly and easily get the RSS feed links of a website
- Firefox Voice, something like a more open, private and secure Siri or Google Assistant
- Gitpod, ready-to-code development environments for any GitLab, GitHub, and Bitbucket project.
- HTTPS Everywhere, to encrypt communications with many major websites, making the browsing experience more secure.
- Invidition, to redirect YouTube and Twitter requests to their counterparts (invidio.us and nitter) before loading them. Invidition has the purpose to not let any YouTube or Twitter requests pass.
- Joplin Web Clipper, a Joplin integration with the browser, to save links but also whole web pages
- KeePassXC-Browser, a KeePassXC browser integration, to auto-fill password fields and get a seamless auto-completion experience
- Kutt, to quickly shorten links of the visited page
- Markdown Here, to convert and stylize Markdown text just by clicking a button
- Midnight Lizard, to show a dark interface even in websites which don’t support it by default
- Mind the Time, to be aware of how much time has been spent online, and in which specific website
- Pontoon Add-on, for Mozilla l10n volounteers, to check the translation status of a Mozilla page with ease
- Privacy Badger, the most famous privacy-aware extension
- Search by Image, to quickly search for an image on several different search engines
- uBlock Origin, the most famous (and effective) ad-blocker
- Wappalyzer, for self-hosting enthusiasts like me, to check which framework, web server, OS, plugin, analytics service, etc. the visited website uses
- Watch on LBRY, automatic redirection when a YouTube video can be found also on LBRY. It works exactly as Invidition.
- Polisis, to get a glimpse of what websites actually say in their privacy policies
- Gesturefy, a pure mouse gesture extension, which means it’s only suited for mice and not touchpads.
- Firefox Multi-Account Containers, a Firefox add-on that allows separate work, shopping or personal browsing without having to clear your history, log in and out, or use multiple browsers.
A record of all the tweaks I made in
true- [FF67+] Blocks Fingerprinting
true- [FF67+] Blocks CryptoMining
true- A result of the Tor Uplift effort, this preference makes Firefox more resistant to browser fingerprinting.
trueso letterboxing is used to hide real browser size.
true- This is Mozilla’s new built-in tracking protection. One of it’s benefits is blocking tracking (i.e. Google Analytics) on privileged pages where add-ons that usually do that are disabled.
false- Disable that websites can get notifications if you copy, paste, or cut something from a web page, and it lets them know which part of the page had been selected.
false- Disables playback of DRM-controlled HTML5 content, which, if enabled, automatically downloads the Widevine Content Decryption Module provided by Google Inc. Details
false- Disables the Widevine Content Decryption Module provided by Google Inc., used for the playback of DRM-controlled HTML5 content.
false- Websites can track the microphone and camera status of your device.
1- Disable cookies
0= Accept all cookies by default
1= Only accept from the originating site (block third-party cookies)
2= Block all cookies by default
true- or preventing domains from accessing each other’s data. If something breaks, it’s most likely related to
false- make Pocket integration go away
https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%in order to send nearby WiFi networks to Mozilla instead of Google. See also MLS Software.
trueto see punycode instead of UTF-8 in case of spoofing attempt.
trueallow websites to know you’re using dark theme
1- Only send Referer header when the full hostnames match. (Note: if you notice significant breakage, you might try 1 combined with an XOriginTrimmingPolicy tweak below.) Source
0= Send Referer in all cases
1= Send Referer to same eTLD sites
2= Send Referer only when the full hostnames match
2- When sending Referer across origins, only send scheme, host, and port in the Referer header of cross-origin requests. Source
0= Send full url in Referer
1= Send url without query string in Referer
2= Only send scheme, host, and port in Referer
false- Disables sending additional analytics to web servers. Details
false- Prevents Firefox from sending information about downloaded executable files to Google Safe Browsing to determine whether it should be blocked for safety reasons. Details
true- Not rendering IDNs as their Punycode equivalent leaves you open to phishing attacks that can be very difficult to notice. Source
trueto hopefully prefer IPv6
184.108.40.206(Resolver 2 of Quad9) - DNS server to use for resolving the DoH name.
false- While software like NoScript prevents this, it’s probably a good idea to block this protocol directly as well, just to be safe. Note: This disables browser-based call functionality that is used for webapps
true- seems like a cool thing to do
true- seems like another cool thing to do
true- seems like another cool thing to do