firedragon.cfg

/** WARNING: Please make sure the first line (here above ^^^) of this file remains empty. This is a known Firefox bug.*/

/** FIREDRAGON SETTINGS
 *
 * Please take the time to read and understand, but also to customize the settings to find your own setup.
 * The answers to the most common questions are at this link https://librewolf.net/docs/faq/
 *
 * When you customize the settings to fit your requirements, you have 2 choices:
 * 1 - You can either apply the changes directly to this file. You need to understand the changes will be system-wide for all users and when you will update Firedragon, it is very possible you will find firedragon.cfg.pacnew in the same location as this file. This means your firedragon.cfg is different than the one used by default in the package. It is up to you to compare those changes and do what you want with the result.
 * 
 * 2 - Our RECOMMENDED solution is to use the file firedragon.overrides.cfg, which is also located in the same place as this file originally. You then copy it in ~/.firedragon/firedragon.overrides.cfg. The file is user-specific but for all Profiles of the user. Any change you apply in it will override firedragon.cfg or append to it. It will not erase all the firedragon.cfg settings, only override those you write in firedragon.overrides.cfg. It is highly recommended to close Firedragon before you make any change to either file. There exists somekind of glitch with Firefox when you edit or add a configuration file while the browser is still opened.
 * For troubleshooting issues, please visit https://firedragon.garudalinux.org/troubleshooting


FUNCTIONS OF CONFIG FILE

The following functions are available within the file (do not use the []):

  [pref(prefName, value)] – sets the user value of a preference. This function explicitly sets the preference as a user preference. That means that if the user has changed the value, it will get reset every time the browser is started.

  [defaultPref(prefName, value)] – sets the default value of a preference. This is the value that a preference has when the user has not set any value or the user resets the preference. It can be permanently changed by the user.

  [lockPref(prefName, value)] – sets the default value of a preference and locks it. This is the most commonly used function. Locking a preference prevents a user from changing it, and in most cases, disables the UI in preferences so it is obvious to the user that the preference has been disabled.

  [unlockPref(prefName)] – unlocks a preference. As an example, this would be used in case where a preference should be locked for all users, but unlocked for particular users.

  [getPref(prefName)] – retrieves the value of a preference. If the preference doesn’t exist, it displays an error. This function should only be used on preferences that always exist.

  [clearPref(prefName)] – removes the user value of a preference, resetting it to its default value.

  [displayError(funcname, message)] – displays an error in a specific format, which is a handy tool for debugging.

   Netscape.cfg/AutoConfig failed. Please contact your system administrator.
   Error: [funcname] failed: [message]

  [getenv(name)] – used to query environment variables. This can allow access to things like usernames and other system information.
 */
defaultPref("firedragon.cfg.version", "2024-10-27"); // --> FIREDRAGON CONFIG
// Based on Librewolf config version - 8.5

/** INDEX
* The file is organized in categories, and each one has a number of sections:
* 
* PRIVACY [ISOLATION, SANITIZING, CACHE AND STORAGE, HISTORY AND SESSION RESTORE, QUERY STRIPPING, LOGGING]
* NETWORKING [HTTPS, REFERERS, WEBRTC, PROXY, DNS, PREFETCHING AND SPECULATIVE CONNECTIONS, MEDIA]
* FINGERPRINTING AND USER AGENT [RFP AND FPP, USER AGENT, WEBGL]
* SECURITY [CERTIFICATES, TLS/SSL, PERMISSIONS,  SAFE BROWSING, OTHERS]
* REGION [LOCATION, LANGUAGE]
* BEHAVIOR [DRM, SEARCH AND URLBAR, DOWNLOADS, AUTOPLAY, POP-UPS AND WINDOWS, MOUSE, MACHINE LEARNING]
* EXTENSIONS [USER INSTALLED, SYSTEM, EXTENSION FIREWALL]
* BUILT-IN FEATURES [UPDATER, SYNC, LOCKWISE AND AUTOFILL, CONTAINERS, DEVTOOLS, SHOPPING, OTHERS]
* UI [BRANDING, FIRST LAUNCH, NEW TAB PAGE, ABOUT, RECOMMENDED, FLOORP AND FIREDRAGON TWEAKS]
* TELEMETRY
* OTHER TWEAKS [FASTFOX, SMOOTHFOX]
* TEMPORARY TESTING SECTION [DISK CACHE, NETWORK, EXPERIMENTAL, TRACKING PROTECTION, OCSP & CERTS / HPKP, SEARCH / URLBAR, HTTPS-FIRST POLICY, MIXED CONTENT + CROSS-SITE, MOZILLA UI, COOKIE BANNER HANDLING, FULLSCREEN NOTICE, DOWNLOADS, TAB BEHAVIOR, OTHER]
 
* OVERRIDES
*/



/** [CATEGORY] PRIVACY */

/** [SECTION] ISOLATION
 * Defaults to strict mode, which includes:
 * 1. dFPI for both normal and private windows
 * 2. Strict blocking lists for trackers
 * 3. Shims to avoid breakage caused by blocking lists
 * 4. Stricter policies for xorigin referrers
 * 5. dFPI specific cookie cleaning mechanism
 * 6. Query stripping
 *
 * The desired category must be set with pref() otherwise it will not stick.
 * The UI that allows to change mode manually is hidden.
 */
pref("browser.contentblocking.category", "strict");
defaultPref("network.cookie.cookieBehavior", 5); // Enforce dFPI --> FIREDRAGON CONFIG
// Enable APS
defaultPref("privacy.partition.always_partition_third_party_non_cookie_storage", true);
defaultPref("privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage", false);
defaultPref("privacy.partition.serviceWorkers", true); // Isolate service workers

/** [SECTION] SANITIZING */
defaultPref("network.cookie.lifetimePolicy", 0); // Keep cookies
/**
 * This way of sanitizing cookies would override the exceptions set by the users and just delete everything.
 * We disable it but cookies and site data are still cleared per session unless exceptions are set.
 */
defaultPref("privacy.clearOnShutdown.cache", false);
defaultPref("privacy.clearOnShutdown.cookies", false);
defaultPref("privacy.clearOnShutdown.downloads", false);
defaultPref("privacy.clearOnShutdown.history", false);
defaultPref("privacy.clearOnShutdown.offlineApps", false);
defaultPref("privacy.clearOnShutdown.sessions", false);
defaultPref("privacy.sanitize.sanitizeOnShutdown", false); // Set this to true to clear data and cookies on shutdown --> FIREDRAGON CONFIG
defaultPref("privacy.sanitize.clearOnShutdown.hasMigratedToNewPrefs2",true);
defaultPref("privacy.clearOnShutdown_v2.historyFormDataAndDownloads", false);
defaultPref("privacy.sanitize.timeSpan", 0);

/** [SECTION] CACHE AND STORAGE */
defaultPref("browser.cache.disk.enable", false); // Disables disk cache
/** Prevent media cache from being written to disk in pb, but increase max cache size to avoid playback issues */
defaultPref("browser.privatebrowsing.forceMediaMemoryCache", true);
defaultPref("media.memory_cache_max_size", 65536);
defaultPref("browser.helperApps.deleteTempFileOnExit", true); // Delete temporary files opened with external apps
defaultPref("browser.shell.shortcutFavicons", false); // disable favicons in profile folder
defaultPref("browser.helperApps.deleteTempFileOnExit", true); // delete temporary files opened with external apps

/** [SECTION] HISTORY AND SESSION RESTORE
 * Since we hide the UI for modes other than custom we want to reset it for
 * everyone. same thing for always on PB mode.
 */
pref("privacy.history.custom", true);
pref("browser.privatebrowsing.autostart", false);

/** Firefox 2.0 introduces a built-in Session Restore feature, allowing the user to continue browsing from where they left off if browser restarts. This preference controls when to store extra information about a session: contents of forms, scrollbar positions, cookies, and POST data.
* Possible values and their effects
* 0 = Store extra session data for any site. (Default starting with Firefox 4.)
* 1= Store extra session data for unencrypted (non-HTTPS) sites only. (Default before Firefox 4.)
* 2= Never store extra session data. 
*/
defaultPref("browser.sessionstore.privacy_level", 2); // Prevent websites from storing session data like cookies and forms


/** [SECTION] QUERY STRIPPING
 * Currently we set the same query stripping list that Brave uses:
 * https://github.com/brave/brave-core/blob/f337a47cf84211807035581a9f609853752a32fb/browser/net/brave_site_hacks_network_delegate_helper.cc#L29
 */
defaultPref("privacy.query_stripping.strip_list", "__hsfp __hssc __hstc __s _hsenc _openstat dclid fbclid gbraid gclid hsCtaTracking igshid mc_eid ml_subscriber ml_subscriber_hash msclkid oft_c oft_ck oft_d oft_id oft_ids oft_k oft_lk oft_sk oly_anon_id oly_enc_id rb_clickid s_cid twclid vero_conv vero_id wbraid wickedid yclid");
defaultPref("privacy.query_stripping.enabled.pbmode", true); // Query Parameter stripping for URL tracking --> FIREDRAGON CONFIG
/**
 * Librewolf specific pref that allows to include the query stripping lists in uBO by default.
 * The asset file is fetched every 7 days.
 */
defaultPref("librewolf.uBO.assetsBootstrapLocation", "https://codeberg.org/librewolf/source/src/branch/main/assets/uBOAssets.json");

/** [SECTION] LOGGING
 * These prefs are off by default in the official Mozilla builds,
 * so it only makes sense that we also disable them.
 * See https://codeberg.org/librewolf/issues/issues/1514
 */
pref("browser.dom.window.dump.enabled", false);
pref("devtools.console.stdout.chrome", false);



/** [CATEGORY] NETWORKING */

/** [SECTION] HTTPS */
defaultPref("dom.security.https_only_mode", true); // Only allow HTTPS in all windows, including private browsing
defaultPref("network.auth.subresource-http-auth-allow", 1); // Block HTTP authentication credential dialogs
defaultPref("security.mixed_content.block_display_content", true); // Blocks non-HTTPS requests over an HTTPS website --> FIREDRAGON CONFIG

/** [SECTION] IPv6
 * Privacy extension is not the default for all Linux distros, so we disable IPv6.
 */
defaultPref("network.dns.disableIPv6", true);

/** [SECTION] REFERERS
 * To enhance privacy but keep a certain level of usability we trim cross-origin
 * referers, instead of completely avoid sending them.
 * As a general rule, the behavior of referes which are not cross-origin should not
 * be changed.
 */
defaultPref("network.http.referer.XOriginTrimmingPolicy", 2); // Trim referer to only send scheme, host and port

/** [SECTION] WEBRTC
 * There is no point in disabling webrtc as mDNS protects the private IP on Linux, OSX and Win10+.
 * The private IP address is only used in trusted environments, eg. allowed camera and mic access.
 */
defaultPref("media.peerconnection.ice.default_address_only", true); // Use a single interface for ICE candidates, the VPN one when a VPN is used

/** [SECTION] PROXY */
defaultPref("network.gio.supported-protocols", ""); // Disables GIO as it could bypass proxy
defaultPref("network.file.disable_unc_paths", true); // Hidden, disables using uniform naming convention to prevent proxy bypass
defaultPref("network.proxy.socks_remote_dns", true); // Forces DNS query through the proxy when using one
defaultPref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); // Forces webrtc inside proxy when one is used

/** [SECTION] DNS */
defaultPref("network.dns.disablePrefetch", true); // Disables DNS prefetching
defaultPref("network.dns.skipTRR-when-parental-control-enabled", false);  // Arkenfox user.js v117

/** [SECTION] DOH
 * DoH can be enabled with the following prefs:
 *
 * The possible modes are:
 * 0 = default
 * 1 = browser picks faster
 * 2 = DoH with system dns fallback
 * 3 = DoH without fallback
 * 5 = DoH is off, default currently
  */
defaultPref("network.trr.mode", 5); // DoH is turned off.
defaultPref("network.trr.uri", "https://dns10.quad9.net/dns-query"); // Current 'reasonable default' proposal: NON-malware-blocking quad9 endpoint.

// Additions by Acideburn in https://codeberg.org/librewolf/issues/issues/1975
defaultPref("network.trr.strict_native_fallback", false); // Allow native fallback
defaultPref("network.trr.retry_on_recoverable_errors", true); // Retry on recoverable errors
defaultPref("network.trr.disable-heuristics", true);  // Disables the canary telemetry detection request "use-application-dns.net" for DOH
defaultPref("network.trr.default_provider_uri", "https://doh.dns4all.eu/dns-query");  // Define a fallback DoH server
defaultPref("network.trr.allow-rfc1918", true); // Allows the use of private IP addresses (RFC 1918) in DOH responses

// The current DoH providers are:
//  ->  LibreDNS, Quad9, Wikimedia, dns4all, Mullvad.
// For more providers: https://github.com/curl/curl/wiki/DNS-over-HTTPS

defaultPref("doh-rollout.provider-list", `[
  {
    "UIName": "Quad9 (No Filtering)",
    "uri": "https://dns10.quad9.net/dns-query"
  },
  {
    "UIName": "Quad9 (Malware blocking)",
    "uri": "https://dns.quad9.net/dns-query"
  },
  {
    "UIName":"Quad9+ECS",
    "uri":"https://dns11.quad9.net/dns-query"
  },
  {
    "UIName": "LibreDNS (No Filtering)",
    "uri": "https://doh.libredns.gr/dns-query"
  },
  {
    "UIName": "LibreDNS (Adblocking)",
    "uri": "https://doh.libredns.gr/noads"
  },
  {
    "UIName": "Wikimedia DNS (No Filtering)",
    "uri": "https://wikimedia-dns.org/dns-query"
  },
  {
    "UIName": "DNS4All (No Filtering)",
    "uri": "https://doh.dns4all.eu/dns-query"
  },
  {
    "UIName": "Mullvad (No Filtering)",
    "uri": "https://dns.mullvad.net/dns-query"
  }
]`);

/** [SECTION] PREFETCHING AND SPECULATIVE CONNECTIONS
 * Disables prefecthing for different things such as links, bookmarks and predictors.
 */
pref("network.predictor.enabled", false);
pref("network.prefetch-next", false);
pref("network.http.speculative-parallel-limit", 0);
defaultPref("browser.places.speculativeConnect.enabled", false);
// Disables speculative connections and domain guessing from the urlbar
defaultPref("browser.urlbar.speculativeConnect.enabled", false);

/** [SECTION] MEDIA
 * Let users set some media tweaks.
 */
defaultPref("media.cubeb.sandbox", false);
defaultPref("media.cubeb.sandbox_v2", true);
defaultPref("media.cache_readahead_limit", 120);
defaultPref("media.cache_resume_threshold", 60);
defaultPref("media.ffmpeg.vaapi.enabled", true);
defaultPref("media.hardware-video-decoding.force-enabled", true);



/** [CATEGORY] FINGERPRINTING AND USER AGENT */

/** [SECTION] RFP AND FPP
 * We should not set prefs that interfere with RFP for fingerprinting and disabling
 * API for no good reason will be counter productive, so it should also be avoided.
 */
defaultPref("privacy.resistFingerprinting", false); // Setting this to false (and the next one below) allows user to change its UserAgent from the UI or from settings in this file. Setting to true will lock the UserAgent to a value less recognized by websites and will cause issues at some point.
/**
 * Also, the above setting, when set to true, will report your TimeZone as being UTC. Some web services may not work
 * properly or may display the incorrect time. It will also alter some canvas, like picture/video thumbnails or displaying
 * interactive content from a website (like a Terminal window). There are several downsides you may incounter, up to you
 * to determine whether the added Privacy is worth it.
 */
// FPP only related setting
defaultPref("privacy.fingerprintingProtection", false); // Setting this to false (and the one above) allows user to change its UserAgent from the UI or from settings in this file. Setting to true will lock the UserAgent to a value less recognized by websites and will cause issues at some point. Also See https://github.com/arkenfox/user.js/issues/1661#issue-1679505411
defaultPref("privacy.resistFingerprinting.letterboxing", false); // --> FIREDRAGON CONFIG
defaultPref("privacy.trackingprotection.fingerprinting.enabled", true); // --> FIREDRAGON CONFIG
// Resist fingerprinting in private mode
defaultPref("privacy.resistFingerprinting.pbmode", true); // If you enable credentials' Autofill (Section LOCKWISE) you need to disable this in order to use a different input field background color than white --> FIREDRAGON CONFIG
defaultPref("privacy.resistFingerprinting.autoDeclineNoUserInputCanvasPrompts", false); // --> FIREDRAGON CONFIG
defaultPref("privacy.resistFingerprinting.block_mozAddonManager", true); // Prevents RFP from breaking AMO --> FIREDRAGON CONFIG
defaultPref("browser.display.use_system_colors", false); // Default but enforced due to RFP
/**
 * Increase the size of new RFP windows for better usability, while still using a rounded value.
 * If the screen resolution is lower it will stretch to the biggest possible rounded value.
 * Also, expose hidden letterboxing pref but do not enable it for now.
 * These settings are only used when you enable RFP and were based on 1920x1080 screen. Different resolution may require different numbers.
 */
defaultPref("privacy.window.maxInnerWidth", 1600);
defaultPref("privacy.window.maxInnerHeight", 900);

/** [SECTION] USER AGENT */
defaultPref("general.useragent.override", "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0) Gecko/20100101 Firefox/128.0");
//defaultPref("general.useragent.override", "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:129.0) Gecko/20100101 Firefox/129.0"); // In case you want to try something different.
// [DEPRECATED] defaultPref("floorp.browser.UserAgent", 1); // Let Floorp manage the spoofing on Windows --> FIREDRAGON CONFIG. Floorp removed this NICE feature in 11.17.4.
// [DEPRECATED] defaultPref("floorp.general.useragent.override", "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:129.0) Gecko/20100101 Firefox/129.0"); // In case you want to use a specific UserAgent, enable this and change the above config for "5" --> FIREDRAGON CONFIG. Floorp removed this NICE feature in 11.17.4.

/** [SECTION] WEBGL */
defaultPref("webgl.disabled", true); // --> FIREDRAGON CONFIG



/** [CATEGORY] SECURITY */

/** [SECTION] CERTIFICATES */
defaultPref("security.cert_pinning.enforcement_level", 2); // Enables strict public key pinning. Might cause issues with AVs
/**
 * Enables safe negotiation and shows warning when it is not supported. Might cause breakage
 * on some very rare websites that dont care updating their SSL since about 2010.
 * If the the server does not support RFC 5746, in that case SSL_ERROR_UNSAFE_NEGOTIATION
 * will be shown.
 * There is no button to accept the risk and continue.
 * https://wiki.mozilla.org/Security:Renegotiation
 */
defaultPref("security.ssl.require_safe_negotiation", true); // --> FIREDRAGON CONFIG
defaultPref("security.ssl.treat_unsafe_negotiation_as_broken", true); // --> FIREDRAGON CONFIG
/**
 * Our strategy with revocation is to perform all possible checks with CRL, but when a cert
 * cannot be checked with it we use OCSP stapled with hard-fail, to still keep privacy and
 * increase security.
 * CRLITE is in mode 3 by default, which allows us to detect false positive with OCSP.
 * in v103, when CRLITE is fully mature, it should switch to mode 2 and no longer double-check.
 */
defaultPref("security.remote_settings.crlite_filters.enabled", true);
defaultPref("security.OCSP.require", true); // Set to hard-fail, might cause SEC_ERROR_OCSP_SERVER_ERROR

/** [SECTION] TLS/SSL */
pref("security.tls.enable_0rtt_data", false); // Disables 0 RTT to improve TLS 1.3 security
pref("security.tls.version.enable-deprecated", false); // Make TLS downgrades session only by enforcing it with pref(), default
defaultPref("browser.xul.error_pages.expert_bad_cert", true); // Shows relevant and advanced issues on warnings and error screens

/** [SECTION] PERMISSIONS */
pref("permissions.delegation.enabled", false); // Force permission request to show real origin
pref("permissions.manager.defaultsUrl", ""); // Revoke special permissions for some Mozilla domains

/** [SECTION] SAFE BROWSING
 * Disables safe browsing, including the fetch of updates. Reverting the 7 last prefs below
 * allows to perform local checks and to fetch updated lists from Google.
 */
defaultPref("browser.safebrowsing.allowOverride", true); // Enables/disables the "Ignore this warning" button on pages the SafeBrowsing blocks. Useless for regular users, it's meant for admins on bigger network as a way to secure their users.  --> FIREDRAGON CONFIG
defaultPref("browser.safebrowsing.malware.enabled", false);
defaultPref("browser.safebrowsing.phishing.enabled", false);
defaultPref("browser.safebrowsing.blockedURIs.enabled", false);
defaultPref("browser.safebrowsing.provider.google4.gethashURL", "");
defaultPref("browser.safebrowsing.provider.google4.updateURL", "");
defaultPref("browser.safebrowsing.provider.google.gethashURL", "");
defaultPref("browser.safebrowsing.provider.google.updateURL", "");
/**
 * Disables safe browsing checks on downloads, both local and remote. The locked prefs
 * control remote checks, while the first one is for local checks only.
 */
defaultPref("browser.safebrowsing.downloads.enabled", false);
pref("browser.safebrowsing.downloads.remote.enabled", false);
pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false);
pref("browser.safebrowsing.downloads.remote.block_uncommon", false);
defaultPref("browser.safebrowsing.downloads.remote.block_dangerous", false);
defaultPref("browser.safebrowsing.downloads.remote.block_dangerous_host", false);
 // Empty for defense in depth
pref("browser.safebrowsing.downloads.remote.url", "");
// Other safe browsing options, all default but enforce
lockPref("browser.safebrowsing.passwords.enabled", false);
lockPref("browser.safebrowsing.provider.google4.dataSharing.enabled", false);
lockPref("browser.safebrowsing.provider.google4.dataSharingURL", "");
// Handle Google and Mozilla safebrowsing settings
defaultPref("browser.safebrowsing.provider.google.advisoryName", "");
defaultPref("browser.safebrowsing.provider.google.advisoryURL", "");
defaultPref("browser.safebrowsing.provider.google.lists", "");
defaultPref("browser.safebrowsing.provider.google.reportURL", "");
defaultPref("browser.safebrowsing.provider.google4.advisoryName", "");
defaultPref("browser.safebrowsing.provider.google4.advisoryURL", "");
defaultPref("browser.safebrowsing.provider.google4.lists", "");
defaultPref("browser.safebrowsing.provider.google4.reportURL", "");
defaultPref("browser.safebrowsing.provider.google.reportMalwareMistakeURL", "");
defaultPref("browser.safebrowsing.provider.google.reportPhishMistakeURL", "");
defaultPref("browser.safebrowsing.provider.google4.reportMalwareMistakeURL", "");
defaultPref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", "");
defaultPref("browser.safebrowsing.provider.mozilla.gethashURL", "");
defaultPref("browser.safebrowsing.provider.mozilla.lists", "");
defaultPref("browser.safebrowsing.provider.mozilla.updateURL", "");
defaultPref("browser.safebrowsing.reportPhishURL", "");

/** [SECTION] OTHERS */
defaultPref("network.IDN_show_punycode", true); // Use punycode in idn to prevent spoofing
defaultPref("pdfjs.enableScripting", false); // Disable js scripting in the built-in PDF reader



/** [CATEGORY] REGION */

/** [SECTION] LOCATION
 * Replace Google with Mozilla as the default geolocation provide and prevent use of OS location services
 */
defaultPref("geo.provider.network.url", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%");
defaultPref("geo.provider.ms-windows-location", false); // [WINDOWS]
defaultPref("geo.provider.use_corelocation", false); // [MAC]
defaultPref("geo.provider.use_gpsd", false); // [LINUX]
defaultPref("geo.provider.use_geoclue", false); // [LINUX]

/** [SECTION] LANGUAGE
 * Show language as en-US for all users, regardless of their OS language and browser language.
 * Both prefs must use pref() and not defaultPref to work.
 */
pref("javascript.use_us_english_locale", true);
pref("intl.accept_languages", "en-US, en");
// Disable region specific updates from mozilla
pref("browser.region.network.url", "");
pref("browser.region.update.enabled", false);



/** [CATEGORY] BEHAVIOR */

/** [SECTION] DRM */
defaultPref("media.eme.enabled", false); // Master switch for drm content
defaultPref("media.gmp-manager.url", "data:text/plain,"); // Prevent checks for plugin updates when drm is disabled
// Disable the widevine and the openh264 plugins
defaultPref("media.gmp-provider.enabled", false);
defaultPref("media.gmp-gmpopenh264.enabled", false);
// But allow h264 itself.
defaultPref("media.webrtc.hw.h264.enabled", true);

/** [SECTION] SEARCH AND URLBAR
 * Disable search suggestion and do not update opensearch engines.
 */
defaultPref("browser.urlbar.suggest.searches", false);
defaultPref("browser.search.suggest.enabled", false);
defaultPref("browser.search.update", false);
defaultPref("browser.search.separatePrivateDefault", true); // [FF70+] // Arkenfox user.js v119
defaultPref("browser.search.separatePrivateDefault.ui.enabled", true); // [FF71+]  // Arkenfox user.js v119
defaultPref("browser.search.serpEventTelemetry.enabled",false);

/**
 * Quicksuggest is a feature of Firefox that shows sponsored suggestions. We disable it in full
 * but the list could and should be trimmed at some point. The scenario controls the opt-in, while
 * the second pref disables the feature and hides it from the UI.
 */
defaultPref("browser.urlbar.suggest.mdn", true);
defaultPref("browser.urlbar.addons.featureGate", false);
defaultPref("browser.urlbar.mdn.featureGate", false);
defaultPref("browser.urlbar.pocket.featureGate", false);
defaultPref("browser.urlbar.trending.featureGate", false);
defaultPref("browser.urlbar.weather.featureGate", false);
lockPref("browser.urlbar.quicksuggest.scenario", "history"); // --> FIREDRAGON CONFIG
lockPref("browser.urlbar.suggest.quicksuggest.nonsponsored", false); // --> FIREDRAGON CONFIG
lockPref("browser.urlbar.suggest.quicksuggest.sponsored", false); // --> FIREDRAGON CONFIG
lockPref("browser.urlbar.quicksuggest.dataCollection.enabled", false); // Default --> FIREDRAGON CONFIG

/**
 * The pref disables the whole feature and hide it from the UI
 * (as noted in https://bugzilla.mozilla.org/show_bug.cgi?id=1755057).
 * This also includes the best match feature, as it is part of Firefox suggest.
 */
pref("browser.urlbar.quicksuggest.enabled", false);
defaultPref("browser.urlbar.suggest.weather", false); // Disable weather suggestions in urlbar once they are no longer behind feature gate

// Allows the user to add a custom search engine in the settings.
defaultPref("browser.urlbar.update2.engineAliasRefresh", true); // --> FIREDRAGON CONFIG

/** [SECTION] DOWNLOADS
 * User interaction should always be required for downloads, as a way to enhance security by asking
 * the user to specific a certain save location.
 */
defaultPref("browser.download.useDownloadDir", false);
defaultPref("browser.download.autohideButton", false); // Do not hide download button automatically
defaultPref("browser.download.manager.addToRecentDocs", false); // Do not add downloads to recents --> FIREDRAGON CONFIG
defaultPref("browser.download.alwaysOpenPanel", false); // Do not expand toolbar menu for every download, we already have enough interaction
//defaultPref("browser.download.improvements_to_download_panel", false); // --> FIREDRAGON CONFIG

/** [SECTION] AUTOPLAY
 * Block autoplay unless element is clicked, and apply the policy to all elements
 * including muted ones.
 */
/** The below pref defines what the blocking policy would be used in blocking autoplay.
 * 0 : use sticky activation (default)
 * https://html.spec.whatwg.org/multipage/interaction.html#sticky-activation
 * 1 : use transient activation (the transient activation duration can be
 *     adjusted by the pref `dom.user_activation.transient.timeout`)
 * https://html.spec.whatwg.org/multipage/interaction.html#transient-activation
 *  2 : user input depth (allow autoplay when the play is trigged by user input
 *     which is determined by the user input depth)
 */
defaultPref("media.autoplay.blocking_policy", 2); // --> FIREDRAGON CONFIG
defaultPref("media.autoplay.default", 5);

/** [SECTION] POP-UPS AND WINDOWS
 * Prevent scripts from resizing existing windows and opening new ones, by forcing them into
 * new tabs that can not be resized as well.
 */
defaultPref("dom.disable_window_move_resize", true);
defaultPref("browser.link.open_newwindow", 3);
defaultPref("browser.link.open_newwindow.restriction", 0);

/** [SECTION] MOUSE */
defaultPref("browser.tabs.searchclipboardfor.middleclick", false); // Prevent mouse middle click on new tab button to trigger searches or page loads --> FIREDRAGON CONFIG

/** [SECTION] MACHINE LEARNING **/
// See ticket: #1919 - LibreWolf should delete all AI code - https://codeberg.org/librewolf/issues/issues/1919
defaultPref("browser.ml.enable", false);
defaultPref("browser.ml.chat.enabled", false);
// Hide from UI
defaultPref("browser.ml.chat.hideFromLabs", true);
defaultPref("browser.ml.chat.hideLabsShortcuts", true);


/** [CATEGORY] EXTENSIONS */

/** [SECTION] USER INSTALLED
 * Extensions are allowed to operate on restricted domains, while their scope
 * is set to profile+applications (https://mike.kaply.com/2012/02/21/understanding-add-on-scopes/).
 * An installation prompt should always be displayed.
 */
defaultPref("extensions.webextensions.restrictedDomains", "");
defaultPref("extensions.enabledScopes", 5); // Hidden
defaultPref("extensions.postDownloadThirdPartyPrompt", false);

/** [SECTION] SYSTEM
 * Built-in extension are not allowed to auto-update. Additionally the reporter extension
 * of webcompat is disabled. URLs are stripped for defense in depth - FireDragon however allows auto-update.
 */
// defaultPref("extensions.systemAddon.update.enabled", false);
// defaultPref("extensions.systemAddon.update.url", "");
lockPref("extensions.webcompat-reporter.enabled", false);
lockPref("extensions.webcompat-reporter.newIssueEndpoint", "");

/** [SECTION] EXTENSION FIREWALL
 * The firewall can be enabled with the below prefs, but it is not a sane default:
 */
 // defaultPref("extensions.webextensions.base-content-security-policy", "default-src 'none'; script-src 'none'; object-src 'none';");
 // defaultPref("extensions.webextensions.base-content-security-policy.v3", "default-src 'none'; script-src 'none'; object-src 'none';");




/** [CATEGORY] BUILT-IN FEATURES */

/** [SECTION] UPDATER
 * Since we do not bake auto-updates in the browser it does not make sense at the moment.
 */
lockPref("app.update.auto", false);

/** [SECTION] SYNC
 * This functionality is disabled by default but it can be activated in one click.
 * This pref fully controls the feature, including its ui.
 */
defaultPref("identity.fxaccounts.enabled", true);
// Required for syncing to work through Garuda server. This prevents sending your browsing history to Mozilla. ALL your other browsers using the Sync feature should have their URL changed for this one in order to sync between all your browsers. Get rid of the Mozilla URL watching you. :D
defaultPref("identity.sync.tokenserver.uri", "https://ffsync.garudalinux.org/token/1.0/sync/1.5"); // --> FIREDRAGON CONFIG
// Allow using portals without setting environment variables
lockPref("widget.use-xdg-desktop-portal.file-picker", 1);

/** [SECTION] LOCKWISE AND AUTOFILL
 * Disable the default password manager built into the browser, including its autofill
 * capabilities and formless login capture.
 */
defaultPref("signon.rememberSignons", false);
defaultPref("signon.autofillForms", false);
defaultPref("extensions.formautofill.addresses.enabled", false);
defaultPref("extensions.formautofill.creditCards.enabled", false);
defaultPref("signon.formlessCapture.enabled", false);
// If enabling the Password Manager and Form Autofill, the following will give color to input fields
defaultPref("ui.-moz-autofill-background", "rgba(197, 14, 210, .4)"); // Must disable privacy.resistFingerprinting.pbmode for it to work

/** [SECTION] CONTAINERS
 * Enable containers and show the settings to control them in the stock ui
 */
defaultPref("privacy.userContext.enabled", true);
defaultPref("privacy.userContext.ui.enabled", true);

/** [SECTION] DEVTOOLS
 * Disable chrome and remote debugging.
 */
pref("devtools.debugger.remote-enabled", false); // Default, but subject to branding so keep it
defaultPref("devtools.selfxss.count", 0); // Required for devtools console to work

/** [SECTION] SHOPPING
 * Disable the fakespot shopping sidebar
 */
defaultPref("browser.shopping.experience2023.enabled", false);
defaultPref("browser.shopping.experience2023.optedIn", 2);
defaultPref("browser.shopping.experience2023.active", false);

/** [SECTION] OTHERS */
pref("webchannel.allowObject.urlWhitelist", ""); // Remove web channel whitelist
defaultPref("services.settings.server", "https://%.invalid") // Sets the remote settings URL (REMOTE_SETTINGS_SERVER_URL in the code). This setting needs to be commented out if you want the Firefox Translate feature to work. More information on what that server is used for can be found at https://groups.google.com/g/mozilla.support.firefox/c/O2Rswb1jBUw?pli=1 



/** [CATEGORY] UI
* Many visual examples can be found here https://github-wiki-see.page/m/black7375/Firefox-UI-Fix/wiki/Options
*/

/** [SECTION] BRANDING
* Set Firedragon support and releases urls in the UI, so that users land in the proper places.
*/
defaultPref("app.support.baseURL", "https://firedragon.garudalinux.org/faq/");
defaultPref("browser.search.searchEnginesURL", "https://searx.garudalinux.org/?q={searchTerms}");
defaultPref("browser.geolocation.warning.infoURL", "https://firedragon.garudalinux.org/faq#how-do-i-enable-location-aware-browsing");
defaultPref("app.feedback.baseURL", "https://forum.garudalinux.org");
defaultPref("app.releaseNotesURL", "https://firedragon.garudalinux.org/changelogs");
defaultPref("app.releaseNotesURL.aboutDialog", "https://firedragon.garudalinux.org/changelogs");
defaultPref("app.update.url.details", "https://gitlab.com/garuda-linux/firedragon/settings/-/commits/master");
defaultPref("app.update.url.manual", "https://firedragon.garudalinux.org/");

/** [SECTION] FIRST LAUNCH
 * Disable what is new and UI tour on first start and updates. The browser
 * should also not stress user about being the default one.
 */
defaultPref("browser.startup.homepage_override.mstone", ""); // --> FIREDRAGON CONFIG
defaultPref("startup.homepage_override_url", ""); // --> FIREDRAGON CONFIG
defaultPref("startup.homepage_welcome_url", "about:blank"); // --> FIREDRAGON CONFIG
defaultPref("startup.homepage_welcome_url.additional", "about:blank"); // --> FIREDRAGON CONFIG
lockPref("browser.messaging-system.whatsNewPanel.enabled", false);
lockPref("browser.uitour.enabled", false);
lockPref("browser.uitour.url", "");
defaultPref("browser.shell.checkDefaultBrowser", false); // --> FIREDRAGON CONFIG

/** [SECTION] NEW TAB PAGE
 * We want the New Tab page to display Top Sites and Recent Activity, ignoring other distractions.
 */
defaultPref("browser.newtab.preload", false);
defaultPref("browser.newtabpage.activity-stream.section.highlights.includeDownloads", true); // --> FIREDRAGON CONFIG
defaultPref("browser.newtabpage.activity-stream.section.highlights.includeVisited", true); // --> FIREDRAGON CONFIG
defaultPref("browser.newtabpage.activity-stream.feeds.topsites", true); // --> FIREDRAGON CONFIG
// Hide stories and sponsored content from Firefox Home
lockPref("browser.newtabpage.activity-stream.feeds.section.topstories", false);
lockPref("browser.newtabpage.activity-stream.feeds.system.topstories", false);
lockPref("browser.newtabpage.activity-stream.feeds.telemetry", false);
lockPref("browser.newtabpage.activity-stream.feeds.section.topstories.options", "{\"hidden\":true}"); // Hide buggy pocket section from about:preferences#home
lockPref("browser.newtabpage.activity-stream.showSponsored", false);
lockPref("browser.newtabpage.activity-stream.showSponsoredTopSites", false);
// Disable telemetry in Firefox Home
lockPref("browser.newtabpage.activity-stream.feeds.telemetry", false);
lockPref("browser.newtabpage.activity-stream.telemetry", false);
// Hide stories UI in about:preferences#home, empty highlights list
lockPref("browser.newtabpage.activity-stream.feeds.section.topstories.options", "{\"hidden\":true}");
lockPref("browser.newtabpage.activity-stream.default.sites", "");
lockPref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", false); // --> FIREDRAGON CONFIG
lockPref("browser.newtabpage.activity-stream.discoverystream.enabled", false); // --> FIREDRAGON CONFIG
lockPref("browser.newtabpage.activity-stream.feeds.snippets", false); // Default --> FIREDRAGON CONFIG
// Disable weather info fetching (ticket #2048)
// defaultPref("browser.newtabpage.activity-stream.feeds.weatherfeed", false);
// defaultPref("browser.newtabpage.activity-stream.showWeather", false);

/** [SECTION] ABOUT
 * Remove annoying UI elements from the about pages, including about:protections
 */
defaultPref("browser.contentblocking.report.lockwise.enabled", false);
lockPref("browser.contentblocking.report.hide_vpn_banner", true);
lockPref("browser.contentblocking.report.vpn.enabled", false);
lockPref("browser.contentblocking.report.show_mobile_app", false);
lockPref("browser.vpn_promo.enabled", false);
lockPref("browser.promo.focus.enabled", false);
// ...about:addons recommendations sections and more
defaultPref("extensions.htmlaboutaddons.recommendations.enabled", false);
defaultPref("extensions.getAddons.showPane", false);
defaultPref("lightweightThemes.getMoreURL", ""); // Disable button to get more themes
// ...about:preferences#home
defaultPref("browser.topsites.useRemoteSetting", false); // Hide sponsored shortcuts button
// ...and about:config
defaultPref("browser.aboutConfig.showWarning", false);
// Hide about:preferences#moreFromMozilla
defaultPref("browser.preferences.moreFromMozilla", false);

/** [SECTION] RECOMMENDED
 * Disable all "recommend as you browse" activity.
 */
lockPref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false);
lockPref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false);

/** [SECTION] FLOORP AND FIREDRAGON TWEAKS
 * Various config preference tweaks that only apply to Firedragon.
 */
defaultPref("floorp.lepton.interface", 3);
defaultPref("floorp.browser.sidebar.right", false);
defaultPref("floorp.delete.browser.border", true);
defaultPref("floorp.browser.tabs.openNewTabPosition", 0);
defaultPref("floorp.browser.user.interface", 3);
defaultPref("floorp.chrome.theme.mode", -1);
defaultPref("floorp.download.notification", 2);
defaultPref("floorp.fluerial.roundVerticalTabs", true);
defaultPref("floorp.tabsleep.enabled", true);
defaultPref("floorp.tabsleep.tabTimeoutMinutes", 30);
defaultPref("floorp.tabbar.style", 0);
defaultPref("floorp.verticaltab.hover.enabled", true);
defaultPref("browser.urlbar.placeholderName", "Garuda's searX");
//defaultPref("browser.startup.homepage_override.mstone", "115.6.0");
defaultPref("browser.proton.toolbar.version", 3);
defaultPref("browser.newtabpage.activity-stream.feeds.section.highlights", true);
defaultPref("browser.newtabpage.activity-stream.feeds.topsites", true);
defaultPref("browser.newtabpage.activity-stream.topSitesRows", 2);
defaultPref("extensions.webcompat.enable_shims", true);
defaultPref("extensions.webcompat.perform_injections", true);
defaultPref("extensions.webcompat.perform_ua_overrides", true);
defaultPref("privacy.trackingprotection.fingerprinting.enabled", false);
//defaultPref("floorp.browser.sidebar2.data", {"data":{"floorp__bmt":{"url":"floorp//bmt","width":600},"floorp__bookmarks":{"url":"floorp//bookmarks","width":415},"floorp__history":{"url":"floorp//history","width":415},"floorp__downloads":{"url":"floorp//downloads","width":415},"floorp__notes":{"url":"floorp//notes","width":550},"w0":{"url":"https://translate.google.com"}},"index":["floorp__bmt","floorp__bookmarks","floorp__history","floorp__downloads","floorp__notes","w0"]});
defaultPref("userContent.player.noaudio", true);
defaultPref("userChrome.rounding.square_panel", false);
defaultPref("userChrome.rounding.square_panelitem", false);
defaultPref("userChrome.rounding.square_menupopup", false);
defaultPref("userChrome.rounding.square_menuitem", false);
defaultPref("userChrome.rounding.square_checklabel", false);
defaultPref("userChrome.rounding.square_field", false);
defaultPref("userChrome.rounding.square_button", false);
defaultPref("userChrome.rounding.square_tab", false);
defaultPref("userChrome.padding.tabbar_height", false);
defaultPref("userChrome.urlView.always_show_page_actions", true);
defaultPref("userChrome.tab.dynamic_separator", true);
defaultPref("userChrome.tab.box_shadow", false);
defaultPref("userChrome.tab.sound_hide_label", false);
defaultPref("userChrome.tab.sound_show_label", true);
defaultPref("userChrome.tab.always_show_tab_icon", true);
defaultPref("userContent.newTab.field_border", true);
defaultPref("userChrome.tab.photon_like_padding", false);
defaultPref("userChrome.tab.lepton_like_padding", false);
defaultPref("userChrome.tab.newtab_button_proton", false);
defaultPref("userChrome.tab.newtab_button_like_proton", true);
defaultPref("userChrome.tab.newtab_button_like_tab", true); // Makes the New Tab button bigger and quickly accessible --> FIREDRAGON CONFIG
defaultPref("userChrome.tab.connect_to_window", false);
defaultPref("userChrome.tab.bottom_rounded_corner", false);
defaultPref("userChrome.icon.disabled", true);
defaultPref("userChrome.icon.menu", false);
//defaultPref("userChrome.icon.context_menu", true);
//defaultPref("userChrome.icon.global_menubar", true);
//defaultPref("userChrome.icon.library", true);
//defaultPref("userChrome.icon.menu", true);
//defaultPref("userChrome.icon.panel", true);
//defaultPref("userChrome.icon.panel_full", true);
defaultPref("userChrome.autohide.page_action", true);
defaultPref("userChrome.autohide.forward_button", true);
defaultPref("userChrome.autohide.back_button", true);
//defaultPref("userChrome.centered.tab", true);
//defaultPref("userChrome.centered.tab.label", true);
defaultPref("image.avif.enabled", true);
defaultPref("layout.css.backdrop-filter.enabled", true);
defaultPref("browser.startup.page", 3);
defaultPref("browser.tabs.inTitlebar", 0); // Fix (read: workaround) missing window buttons
defaultPref("browser.tabs.loadDivertedInBackground", true);
defaultPref("signon.management.page.fileImport.enabled", true);
defaultPref("browser.bookmarks.addedImportButton", true);
// defaultPref("widget.wayland.fractional-scale.enabled", true); // This *can* be useful, but can also cause issues. Therefore, it is disabled by default.
// defaultPref("browser.translations.enable, false"); // --> FIREDRAGON CONFIG
/**
 * defaultPref("browser.translations.automaticallyPopup, false"); // --> This config does not want to set automatically. User needs to either set it
 * via about:config or by checking/unchecking the box within the translataion pop-up itself when a website makes it appear.
 */



/** [CATEGORY] TELEMETRY
 * Telemetry is already disabled elsewhere and most of the stuff in here is just for redundancy.
 */
lockPref("toolkit.telemetry.unified", false); // Master switch
lockPref("toolkit.telemetry.enabled", false);  // Master switch
lockPref("toolkit.telemetry.server", "data:,");
lockPref("toolkit.telemetry.archive.enabled", false);
lockPref("toolkit.telemetry.newProfilePing.enabled", false);
lockPref("toolkit.telemetry.updatePing.enabled", false);
lockPref("toolkit.telemetry.firstShutdownPing.enabled", false);
lockPref("toolkit.telemetry.shutdownPingSender.enabled", false);
lockPref("toolkit.telemetry.shutdownPingSender.enabledFirstSession", false); // Default --> FIREDRAGON CONFIG
lockPref("toolkit.telemetry.reportingpolicy.firstRun", false); // Default --> FIREDRAGON CONFIG
lockPref("toolkit.telemetry.bhrPing.enabled", false);
lockPref("toolkit.telemetry.cachedClientID", "");
lockPref("toolkit.telemetry.previousBuildID", "");
lockPref("toolkit.telemetry.server_owner", "");
lockPref("toolkit.coverage.opt-out", true); // Hidden
lockPref("toolkit.telemetry.coverage.opt-out", true); // Hidden
lockPref("toolkit.coverage.enabled", false);
lockPref("toolkit.coverage.endpoint.base", "");
lockPref("toolkit.crashreporter.infoURL", "");
lockPref("datareporting.healthreport.uploadEnabled", false);
lockPref("datareporting.policy.dataSubmissionEnabled", false);
lockPref("security.protectionspopup.recordEventTelemetry", false);
lockPref("browser.ping-centre.telemetry", false);
// Opt-out of normandy and studies
lockPref("app.normandy.enabled", false);
lockPref("app.normandy.api_url", "");
lockPref("app.shield.optoutstudies.enabled", false);
// Disable personalized extension recommendations
lockPref("browser.discovery.enabled", false);
// Disable crash report
lockPref("browser.tabs.crashReporting.sendReport", false);
lockPref("breakpad.reportURL", "");
// Disable connectivity checks
pref("network.connectivity-service.enabled", false);
// Disable captive portal
pref("network.captive-portal-service.enabled", false);
pref("captivedetect.canonicalURL", "");
// Disable Privacy-Preserving Attribution
pref("dom.private-attribution.submission.enabled", false);



/** [CATEGORY] OTHER TWEAKS
 * Some tweaks imported from other browser tweaks, found wihin the UI of Floorp.
 */

/** [SECTION] FASTFOX
 * Various Fastfox tweaks.
 */
defaultPref("browser.cache.memory.max_entry_size", 153600);
defaultPref("browser.laterrun.bookkeeping.sessionCount", 4);
defaultPref("browser.startup.lastColdStartupCheck", 1703699045);
defaultPref("browser.startup.preXulSkeletonUI", false);
defaultPref("content.notify.interval", 100000);
defaultPref("dom.enable_web_task_scheduling", true);
defaultPref("gfx.canvas.accelerated.cache-items", 32768);
defaultPref("gfx.canvas.accelerated.cache-size", 4096);
defaultPref("gfx.content.skia-font-cache-size", 80);
defaultPref("gfx.webrender.all", true);
defaultPref("gfx.webrender.compositor", true);
defaultPref("gfx.webrender.precache-shaders", true);
defaultPref("image.cache.size", 10485760);
defaultPref("image.mem.decode_bytes_at_a_time", 131072);
defaultPref("image.mem.shared.unmap.min_expiration_ms", 120000);
defaultPref("layers.gpu-process.enabled", true);
defaultPref("layout.css.grid-template-masonry-value.enabled", true);
defaultPref("media.cache_readahead_limit", 9000);
defaultPref("media.cache_readahead_limit.cellular", 30);
defaultPref("media.cache_resume_threshold", 6000);
defaultPref("media.memory_cache_max_size", 1048576);
defaultPref("media.memory_caches_combined_limit_kb", 2560000);
defaultPref("network.buffer.cache.count", 128);
defaultPref("network.buffer.cache.size", 262144);
defaultPref("nglayout.initialpaint.delay", 0);
defaultPref("nglayout.initialpaint.delay_in_oopif", 0);
defaultPref("services.sync.declinedEngines", "");
defaultPref("services.sync.globalScore", 0);
defaultPref("services.sync.nextSync", 0);

/** [SECTION] SMOOTHTFOX
 * Various Smoothfox tweaks.
 */
defaultPref("browser.laterrun.bookkeeping.sessionCount", 9);
defaultPref("general.smoothScroll.msdPhysics.continuousMotionMaxDeltaMS", 12);
defaultPref("general.smoothScroll.msdPhysics.enabled", true);
defaultPref("general.smoothScroll.msdPhysics.motionBeginSpringConstant", 600);
defaultPref("general.smoothScroll.msdPhysics.regularSpringConstant", 650);
defaultPref("general.smoothScroll.msdPhysics.slowdownMinDeltaMS", 25);
defaultPref("general.smoothScroll.msdPhysics.slowdownSpringConstant", 250);
defaultPref("mousewheel.default.delta_multiplier_y", 300);



/** [CATEGORY] TEMPORARY TESTING SECTION
*/
/** [SECTION] DISK CACHE
*/
defaultPref("browser.cache.jsbc_compression_level", 3);

/** [SECTION] NETWORK
*/
defaultPref("network.http.max-connections", 1800);
defaultPref("network.http.max-persistent-connections-per-server", 10);
defaultPref("network.http.max-urgent-start-excessive-connections-per-host", 5);
defaultPref("network.http.pacing.requests.enabled", true);
defaultPref("network.dns.max_high_priority_threads", 8);

/** [SECTION] EXPERIMENTAL
*/
defaultPref("layout.css.has-selector.enabled", true);
defaultPref("dom.security.sanitizer.enabled", true);

/** [SECTION] TRACKING PROTECTION
*/
defaultPref("urlclassifier.trackingSkipURLs", "*.reddit.com, *.twitter.com, *.x.com, *.twimg.com, *.tiktok.com");
defaultPref("urlclassifier.features.socialtracking.skipURLs", "*.instagram.com, *.twitter.com, *.x.com, *.twimg.com");
defaultPref("network.cookie.sameSite.noneRequiresSecure", true);
// Enable GPC ( see issue: https://codeberg.org/librewolf/issues/issues/1840 )
defaultPref("privacy.globalprivacycontrol.pbmode.enabled", true);
defaultPref("privacy.globalprivacycontrol.enabled", true);
defaultPref("privacy.globalprivacycontrol.functionality.enabled", true);

/** [SECTION] OCSP & CERTS / HPKP
*/
defaultPref("security.OCSP.enabled", 0);
defaultPref("security.pki.crlite_mode", 2);

/** [SECTION] SEARCH / URLBAR
*/
defaultPref("security.insecure_connection_text.enabled", true);
defaultPref("security.insecure_connection_text.pbmode.enabled", true);
defaultPref("browser.urlbar.suggest.calculator", true);
defaultPref("browser.urlbar.unitConversion.enabled", true);
defaultPref("browser.urlbar.trending.featureGate", false);

/** [SECTION] HTTPS-FIRST POLICY
*/
defaultPref("dom.security.https_first", true);

/** [SECTION] MIXED CONTENT + CROSS-SITE
*/
defaultPref("security.mixed_content.upgrade_display_content", true);
defaultPref("security.mixed_content.upgrade_display_content.image", true);

/** [SECTION] MOZILLA UI
*/
defaultPref("browser.privatebrowsing.vpnpromourl", "");

/** [SECTION] COOKIE BANNER HANDLING
*/
defaultPref("cookiebanners.service.mode", 1);
defaultPref("cookiebanners.service.mode.privateBrowsing", 1);
defaultPref("cookiebanners.service.enableGlobalRules", true);

/** [SECTION] FULLSCREEN NOTICE
*/
defaultPref("full-screen-api.transition-duration.enter", "0 0");
defaultPref("full-screen-api.transition-duration.leave", "0 0");
defaultPref("full-screen-api.warning.delay", -1);
defaultPref("full-screen-api.warning.timeout", 0);

/** [SECTION] DOWNLOADS
*/
defaultPref("browser.download.always_ask_before_handling_new_types", true);

/** [SECTION] TAB BEHAVIOR
*/
defaultPref("browser.bookmarks.openInTabClosesMenu", false);
defaultPref("browser.menu.showViewImageInfo", true);
defaultPref("findbar.highlightAll", true); // --> FIREDRAGON CONFIG
defaultPref("layout.word_select.eat_space_to_next_word", false);

/** [SECTION] OTHER
*/
defaultPref("network.stricttransportsecurity.preloadlist", true);
defaultPref("dom.event.clipboardevents.enabled", true); // Restore user-triggered clipboard access --> FIREDRAGON CONFIG




/** [CATEGORY] OVERRIDES
 * Allow settings to be overriden or appended with a file placed in the right location - open firedragon.overrides.cfg for more info.
 * Here's some documentation on that file: https://librewolf.net/docs/settings/#where-do-i-find-my-librewolfoverridescfg
 */
let profile_directory;
if (profile_directory = getenv('USERPROFILE') || getenv('HOME')) {
  defaultPref('autoadmin.global_config_url', `file://${profile_directory}/.firedragon/firedragon.overrides.cfg`);
}