A custom user.js configuration file designed to make your Firefox more secure

A user.js file is an alternative method of modifying Firefox’s preferences: it can make certain preference settings more or less “permanent” in a specific profile, and is also a way of documenting preference customizations and it makes it easier to transfer customized settings to another profile.

The GitHub user pyllyukko has developed a custom user.js focused on hardening browser settings and make it more secure:

Main goals

- Limit the possibilities to track the user through web analytics.

- Harden the browser against known data disclosure or code execution vulnerabilities.

- Limit the browser from storing anything even remotely sensitive persistently.

- Make sure the browser doesn’t reveal too much information to shoulder surfers.

- Harden the browser’s encryption (cipher suites, protocols, trusted CAs).

- Limit possibilities to uniquely identify the browser/device using browser fingerpriting.

- Hopefully limit the attack surface by disabling various features.

- Still be usable in daily use.


Simply copy user.js in your current user profile directory, or (recommended) to a fresh, newly created Firefox profile directory.

The file should be located at:

Windows 7





~/Library/Application Support/Firefox/Profiles/XXXXXXXX.your_profile_name



Sailfish OS + Alien Dalvik


Windows (portable)

[firefox directory]Dataprofile


Installing user.js will remove your saved passwords (https://github.com/pyllyukko/user.js/issues/27)

More informations and downloads