type in about
:config <-- just like that. where you normally type in
www.fedoraforums.com.
A bunch of options appear, here are some tweaks I have made (and why).
Feel free to copy them.
browser. blink_allowed = false
(reason: I don't need the blink tag or CSS's text-decoration: blink, the less junk futures the better security).
browser.download.useDownloadDir = false
(reason: With this set to true, files will just save themself in your default folder without alerting you. Having this set to false will give you an extra warning and let you thing throug if you really want to save this or that file)
browser.frames.enabled = false
(reason: frames lets a webmaster(or hacker) put 2 sites or more loading side by side, most sites don't use frames and this can probably be disabled without breaking anything)
clipboard.autocopy = false
(reason: some sites tries to auto copy stuff for you, you probably don't need this. Use ctrl + C instead)
dom.indexedDB.enabled = false
(reason: IndexedDB is an API for client-side storage of significant amounts of structured data and for high performance searches on this data using indexes. Pose a risk of tracking users according to what I read)
dom.storage.default_quota = 1000
(reason: basically used for sessions and the default of 5 MB is probably more than you ever will store, no reason to have a bunch of old stuff there and have to relaxed rules.)
geo.enabled = false
(reason: I don't want my browser to be location aware. Privacy mainly)
gfx.downloadable_fonts.enabled = false
(reason: security
https://wiki.mozilla.org/Firefox3.1/...ecurity_Review the default fonts should be enough)
intl.locale.matchOS = false
(reason: privacy, now my browser allways state whats stated at General.useragent.locale currently: en-US)
media.enforce_same_site_origin = true
(reason: security: prevents media from loading if its coming from a diffrent site)
media.ogg.enabled = false
(reason: security: lets you play videos of the .ogg and .ogm format and possible some others, I have yet to find this format needed so I keep it disabled)
media.wave.enabled = false
(reason: also some media thing I do not need)
media.webm.enabled
(reason: an other media format that you probably can live without, but may be useful if you are watching youtube using html5 instead of flashplayer,
http://www.youtube.com/html5/)
network.dns.disableIPv6 = true
(reason: security: (AFAIK) No site needs IPv6 to work as of yet and IPv6 is best to be disabled all togheter as of now. This settings tells FireFox if it should do IPv6 lookups)
network.http.max-connections = 20
(reason: paranoia, I feel uneasy about having too many connections. Sites may load slower with this setting turned this low however).
network.http.max-connections-per-server = 6
(reason: a site should load fine with that.. If not I would suspect that something is not right)
network.http.max-persistent-connections-per-proxy = 2
(reson: I rarley use a proxy..)
network.http.max-persistent-connections-per-server = 2
(reason: presistant connections are fairly rare and 2 should be enough for most users)
network.http.redirection-limit = 6
(reason: I feel uneasy about having my connection jump to much between diffrent hosts. But I noted that many sites will not function properly with this disabled)
network.http.sendRefererHeader = 1
(reason: 0: Never send the referring URL 1: Send only on clicked links 2 (default): Send for links and images, 1 is a good compromize between privacy and usability I think)
network.websocket.max-connections = 8
(reason: this is probably more than needed but still its better than the default settings)
network.websocket.max-message-size = 2000000
(Reason: 16000000 as it was set to as default just allows very big messages and possible also big nasty things. Something makes me uneasy about this and tells me that this should be restricted at least some)
offline-apps.quota.max = 2000
(reason: security/privacy. This is a HTML5 future that allows web pages to store information and pre-cached data in a web browser)
privacy.clearOnShutdown.offlineApps = true
(reason: security/privacy: I don't use offline apps, so please clear them IF they got there somehow)
webgl.disabled = true
(reason: security: webGL lets your browser use some 3d effects rarley seen)
I have some more changes but I didn't want to make this list too complicated. Feel free to add to this, or suggest changes!
Linear Mode
