A user agent is a particular string of characters in each browser that allows acts as an identification agent. The user agent allows the web-server ti to identify the operating system and the browser.
This article overviews how to configure Firefox to enhance security and privacy.
Configuration
The following are privacy-focused tweaks to prevent browser fingerprinting and tracking.
- This graph shows absolute numbers of requests to Tor's web servers to download a Tor Browser executable and requests made by Tor Browser to check for an update, broken down by loc.
- Understand what information is contained in a Bingbot user agent string. Get an analysis of your or any other user agent string. Find lists of user agent strings from browsers, crawlers, spiders, bots, validators and others.
- For more on Firefox- and Gecko-based user agent strings, see the Firefox user agent string reference. The UA string of Firefox is broken down into 4 components: Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefoxversion. Mozilla/5.0 is the general token that says the browser is Mozilla-compatible. For historical reasons.
Anti-fingerprinting
Mozilla has started an anti-fingerprinting project in Firefox, as part of a project to upstream features from Tor Browser. Many of these anti-fingerprinting features are enabled by setting about:config
:
privacy.resistFingerprinting
true
There is no user-facing documentation about this flag, and Mozilla does not recommend users enable it, since it will break a few websites (it exists mostly to make life easier for the Tor Browser developers). But it does automatically enable many of the features listed below (such as changing your reported timezone and user agent), as well as protection against other, lesser-known fingerprinting techniques. See the tracking bug that lists many of these features.
Tracking protection
Firefox gained an option for tracking protection. It can be enabled by setting about:config
:
![Web browser user agent Web browser user agent](https://2.bp.blogspot.com/-HPFovGyOoX4/Wf7BJfJHIuI/AAAAAAAAEhY/xx3ujavOJZoLxP9iCE9TLsrB4qCukzUgACLcBGAs/s1600/tor-browser.png)
privacy.trackingprotection.enabled
true
Apart from privacy benefits, enabling tracking protection may also reduce load time by 44%.
Note that this is not a replacement for ad blocking extensions such as uBlock Origin and it may or may not work with Firefox forks. If you are already running such an ad blocker with the correct lists, tracking protection might be redundant.
Change browser time zone
The time zone of your system can be used in browser fingerprinting. To set Firefox's time zone to UTC launch it as:
Or, set a script to launch the above (for example, at /usr/local/bin/firefox
).
Change user agent and platform
You can override Firefox's user agent with the general.useragent.override
preference in about:config
.
The value for the key is your browser's user agent. Select a known common one.
Tip:- The value
Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0
is used as the user agent for the Tor browser, thus being very common. - The #Anti-fingerprinting option also enables the Tor browser user agent and changes your browser platform automatically.
To change the platform for firefox, add the following string
key in about:config
:
Select a known common platform that corresponds with your user agent.
Win32
is used as the platform for the Tor browser, corresponding with the user agent provided above.WebRTC exposes LAN IP address
To prevent websites from getting your local IP address via WebRTC's peer-to-peer (and JavaScript), open about:config
and set:
media.peerconnection.ice.default_address_only
totrue
media.peerconnection.enabled
tofalse
. (only if you want to completely disable WebRTC)
You can use this WebRTC test page and WebRTC IP Leak VPN / Tor IP Test to confirm that your internal/external IP address is no longer leaked.
Disable HTTP referer
HTTP referer is an optional HTTP header field that identifies the address of the previous webpage from which a link to the currently requested page was followed.
Set network.http.sendRefererHeader
to 0
or 1
, depending on your preferences.
network.http.referer.XOriginPolicy
may provide a better solution.Disable connection tests
By default Firefox attempts to connect to Amazon and/or Akamai servers at regularintervals, to test your connection. For example a hotel, restaurant or other business might require you to enter a password to access the internet. If such a Captive portal exists and is blocking traffic this feature blocks all other connection attempts. This may leak your usage habits.
To disable Captive Portal testing, in about:config
set:
network.captive-portal-service.enabled
tofalse
Disable telemetry
Set toolkit.telemetry.enabled
to false
and/or disable it under Preferences > Privacy & Security > Firefox Data Collection and Use.
Enable 'Do Not Track' header
Set privacy.donottrackheader.enabled
to true
or toggle it in Preferences > Privacy & Security > Tracking Protection
Disable/enforce 'Trusted Recursive Resolver'
Firefox 60 introduced a feature called Trusted Recursive Resolver (TRR). It circumvents DNS servers configured in your system, instead sending all DNS requests over HTTPS to Cloudflare servers. While this is significantly more secure (as 'classic' DNS requests are sent in plain text over the network, and everyone along the way can snoop on these), this also makes all your DNS requests readable by Cloudflare, providing TRR servers.
- If you trust DNS servers you have configured yourself more than Cloudflare's, you can disable TRR in
about:config
by settingnetwork.trr.mode
(integer, create it if it does not exist) to5
. (A value of 0 means disabled by default, and might be overridden by future updates - a value of 5 is disabled by choice and will not be overridden.) - If you trust Cloudflare DNS servers and would prefer extra privacy (thanks to encrypted DNS requests), you can enforce TRR by setting
network.trr.mode
to3
(which completely disables classic DNS requests) or2
(uses TRR by default, falls back to classic DNS requests if that fails). Keep in mind that if you are using any intranet websites or trying to access computers in your local networks by their hostnames, enabling TRR may break name resolving in such cases. - If you want to encrypt your DNS requests but not use Cloudflare servers, you can point to a new DNS over HTTPS server by setting
network.trr.uri
to your resolver URL. A list of currently available resolvers can be found in the curl wiki, along with other configuration options for TRR.
Disable geolocation
Set geo.enabled
to false
in about:config
.
Disable 'Safe Browsing' service
Safe Browsing offers phishing protection and malware checks, however it may send user information (e.g. URL, file hashes, etc.) to third parties like Google.
To disable the Safe Browsing service, in about:config
set:
browser.safebrowsing.malware.enabled
tofalse
browser.safebrowsing.phishing.enabled
tofalse
In addition disable download checking, by setting browser.safebrowsing.downloads.enabled
to false
.
Disable WebGL
WebGL is a potential security risk.[1] Set webgl.disabled
to true
in about:config
if you want to disable it.
![Web browser user agent list Web browser user agent list](https://styles.redditmedia.com/t5_2219rs/styles/profileIcon_snooec9bb055-7bd1-4a11-98ac-29dfd0f49c78-headshot.png?width=256&height=256&crop=256:256,smart&s=666cddf41c0a4a0aa1a312976021be271de23a8d)
privacy.trackingprotection.enabled
true
Apart from privacy benefits, enabling tracking protection may also reduce load time by 44%.
Note that this is not a replacement for ad blocking extensions such as uBlock Origin and it may or may not work with Firefox forks. If you are already running such an ad blocker with the correct lists, tracking protection might be redundant.
Change browser time zone
The time zone of your system can be used in browser fingerprinting. To set Firefox's time zone to UTC launch it as:
Or, set a script to launch the above (for example, at /usr/local/bin/firefox
).
Change user agent and platform
You can override Firefox's user agent with the general.useragent.override
preference in about:config
.
The value for the key is your browser's user agent. Select a known common one.
Tip:- The value
Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0
is used as the user agent for the Tor browser, thus being very common. - The #Anti-fingerprinting option also enables the Tor browser user agent and changes your browser platform automatically.
To change the platform for firefox, add the following string
key in about:config
:
Select a known common platform that corresponds with your user agent.
Win32
is used as the platform for the Tor browser, corresponding with the user agent provided above.WebRTC exposes LAN IP address
To prevent websites from getting your local IP address via WebRTC's peer-to-peer (and JavaScript), open about:config
and set:
media.peerconnection.ice.default_address_only
totrue
media.peerconnection.enabled
tofalse
. (only if you want to completely disable WebRTC)
You can use this WebRTC test page and WebRTC IP Leak VPN / Tor IP Test to confirm that your internal/external IP address is no longer leaked.
Disable HTTP referer
HTTP referer is an optional HTTP header field that identifies the address of the previous webpage from which a link to the currently requested page was followed.
Set network.http.sendRefererHeader
to 0
or 1
, depending on your preferences.
network.http.referer.XOriginPolicy
may provide a better solution.Disable connection tests
By default Firefox attempts to connect to Amazon and/or Akamai servers at regularintervals, to test your connection. For example a hotel, restaurant or other business might require you to enter a password to access the internet. If such a Captive portal exists and is blocking traffic this feature blocks all other connection attempts. This may leak your usage habits.
To disable Captive Portal testing, in about:config
set:
network.captive-portal-service.enabled
tofalse
Disable telemetry
Set toolkit.telemetry.enabled
to false
and/or disable it under Preferences > Privacy & Security > Firefox Data Collection and Use.
Enable 'Do Not Track' header
Set privacy.donottrackheader.enabled
to true
or toggle it in Preferences > Privacy & Security > Tracking Protection
Disable/enforce 'Trusted Recursive Resolver'
Firefox 60 introduced a feature called Trusted Recursive Resolver (TRR). It circumvents DNS servers configured in your system, instead sending all DNS requests over HTTPS to Cloudflare servers. While this is significantly more secure (as 'classic' DNS requests are sent in plain text over the network, and everyone along the way can snoop on these), this also makes all your DNS requests readable by Cloudflare, providing TRR servers.
- If you trust DNS servers you have configured yourself more than Cloudflare's, you can disable TRR in
about:config
by settingnetwork.trr.mode
(integer, create it if it does not exist) to5
. (A value of 0 means disabled by default, and might be overridden by future updates - a value of 5 is disabled by choice and will not be overridden.) - If you trust Cloudflare DNS servers and would prefer extra privacy (thanks to encrypted DNS requests), you can enforce TRR by setting
network.trr.mode
to3
(which completely disables classic DNS requests) or2
(uses TRR by default, falls back to classic DNS requests if that fails). Keep in mind that if you are using any intranet websites or trying to access computers in your local networks by their hostnames, enabling TRR may break name resolving in such cases. - If you want to encrypt your DNS requests but not use Cloudflare servers, you can point to a new DNS over HTTPS server by setting
network.trr.uri
to your resolver URL. A list of currently available resolvers can be found in the curl wiki, along with other configuration options for TRR.
Disable geolocation
Set geo.enabled
to false
in about:config
.
Disable 'Safe Browsing' service
Safe Browsing offers phishing protection and malware checks, however it may send user information (e.g. URL, file hashes, etc.) to third parties like Google.
To disable the Safe Browsing service, in about:config
set:
browser.safebrowsing.malware.enabled
tofalse
browser.safebrowsing.phishing.enabled
tofalse
In addition disable download checking, by setting browser.safebrowsing.downloads.enabled
to false
.
Disable WebGL
WebGL is a potential security risk.[1] Set webgl.disabled
to true
in about:config
if you want to disable it.
Extensions
See Browser extensions#Privacy.
Disable WebAssembly (and JavaScript)
Also known as Wasm, WebAssembly is a relatively new language. As opposed to JavaScript, Wasm executes pre-compiled code natively in browsers for high-performance simulations and apps. It has been criticized for hiding pathways for malware and as with JavaScript, can be used to track users. Tor Browser blocks both JavaScript and Wasm.
See NoScript in Browser extensions#Privacy to block JavaScript the way Tor Browser does, which enables quick access when needed. To disable Wasm, in about:config
set:
javascript.options.wasm
tofalse
javascript.options.wasm_baselinejit
tofalse
javascript.options.wasm_ionjit
tofalse
Remove system-wide hidden extensions
Some extensions are hidden and installed by default in /usr/lib/firefox/browser/features
. Many can be safely removed via rm extension-name.xpi
. They might not be enabled by default and may have a menu option for enabling or disabling. Note that any files removed will return upon update of the firefox package. To keep these extensions removed, consider adding the directories to NoExtract=
in pacman.conf
, see Pacman#Skip files from being installed to system. Some extensions include:
doh-rollout@mozilla.org.xpi
- DoH Roll-Out (do not remove if you chose to use #Disable/enforce 'Trusted Recursive Resolver' above).screenshots@mozilla.org.xpi
- Firefox Screenshots.webcompat-reporter@mozilla.org.xpi
- For reporting sites that are compromised in Firefox, so Mozilla can improve Firefox or patch the site dynamically using thewebcompat@mozilla.org.xpi
extension.- All combined user and system extensions are listed in
about:support
. See [2] for a full list of system extensions including README files describing their functions.
Firefox installations to paths such as the default release installed to /opt
have system extensions installed at /firefox/firefox/browser/features
.
Web search over Searx
Privacy can be boosted by reducing the amount of information you give to a single entity. For example, sending each new web search via a different, randomly selected proxy makes it near impossible for a single search engine to build a profile of you. We can do this using public instances (or sites) of Searx. Searx is an AGPL-3.0, open-source site-builder, that produces site, known as an 'instances'. Each public 'instance' can act as a middle-man between you and a myriad of different search engines.
From this list of public instances and others, bookmark as many Searx sites as you wish (if JavaScript is disabled you will need to enable it temporarily to load the list). For fast access to these bookmarks, consider adding SX1
, SX2
.. SX(n)
to the bookmark's Name field, with (n)
being the number of searx instances you bookmark.
After this bookmarking, simply typing sx
, a number and Enter
in the URL bar will load an instance.
- If you have a web server and available bandwidth, consider improving your privacy further by running a public Searx instance (more info).
- For increased privacy, use searx instances with Tor Browser, which uses onion-routing to provide a degree of anonymity.
Watch videos over Invidious
Invidious instances act as an alternative front-end to YouTube. They are websites built from open-source code. It has typically been difficult to limit the amount of information a user sent to YouTube (Google) in order to access content.
Benefits of using Invidious include:
- Videos are accessible without running scripts. YouTube forces users to run scripts.
- Videos can be saved for future viewing, or for viewing by others, including when offline. This reduces feedback sent to Google about when content is viewed or re-viewed.
- An optional audio-only mode that reduces bandwidth usage. When combined with a browser like Tor, using fewer data packets on a more lightweight website is likely to improve your anonymity.
- Invidious is a free and open-source interface that makes setting up an independent, private, video-hosting service easier. As such there are website that exist that are using Invidious to serve their own content or content removed from YouTube. Therefore it may help limit the profile-building capabilities of YouTube into the future (see note).
Bookmark as many functioning invidious instances from the following lists as possible (here, here, here). Note that some of these instances may be hosted by Cloudflare.
You can change any YouTube video URL to an Invidious one by simply replacing the youtube.com
part with the domain of the instance you want to use.
Enterprise policies
Network and system-wide policies may be established through the use of enterprise policies which both supplements and overrides user configuration preferences. For example, there is no documented user preference to disable the checking of updates for beta channel releases. However, there exists an enterprise policy which can be effectively deployed as a workaround. Single and/or multiple policies may be administered through policies.json
as follows:
- Disable application updates
- Force-enable hardware acceleration
Verify that Enterprise Policies
is set to Active
under about:support and review release-specific policies under about:policies.
Sanitized profiles
prefs.js
Files which constitute a Firefox profile can be be stripped of certain metadata. For example, a typical prefs.js
contains strings which identify the client and/or the user.
There are multiple approaches by which these strings can be reset with the caveat that a master prefs.js
must first be created without such identifiers and synced into a working profile. The simplest solution is close Firefox before copying its prefs.js
to a separate location:
Strip out any and all identfier strings and date codes by either setting them to 0 or removing the entries outright from the copied prefs.js
. Sync the now sanitized prefs.js
to the working profile as required:
A secondary privacy effect is also incurred which can be witnessed by examining the string results between a sanitized prefs.js
versus a working prefs.js
at Fingerprint JS API Demo.
extensions.json
Assuming that extensions are installed, the extensions.json
file lists all profile extensions and their settings. Of note is the location of the user home directory where the .mozilla
and extensions
folder exist by default. Unwanted background updates may be disabled by setting applyBackgroundUpdates
to the appropriate 0
value. Of minor note are installDate
and updateDate
. Bubblewrap can effectively mask the username and location of the home directory at which time the extensions.json
file may be sanitized and modified to point to the sandboxed HOME
location.
Removal of similar metadata from addonStartup.json.lz4
and search.json.mozlz4
can also be accomplished. mozlz4 is a command-line tool which provides compression/decompression support for Mozilla (non-standard) LZ4 files.
Tor Browser User Agent Free
Removal of subsystems
This article or section needs expansion.
Telemetry related to crash reporting may be disabled by removing the following:
For those who have opted to install Firefox manually from official Mozilla sources, the updater system may be disabled by removing updater
in the firefox
directory.
Editing the contents of omni.ja
This Mozilla-optimized zip file contains most of the default configuration settings used by Firefox. As an example, starting from Firefox 73, network calls to firefox.settings.services.mozilla.com
and/or content-signature-2.cdn.mozilla.net
cannot be blocked by extensions or by setting preference URLs to ');
. Aside from using a DNS sinkhole or firewalling resolved IP blocks, one solution is to grep(1) through the extracted contents of omni.ja
before removing all references to firefox.settings.services.mozilla.com
and/or cdn.mozilla.net
. Extraneous modules such as unused dictionaries and hyphenation files can also be removed in order to reduce the size of omni.ja
for both security and performance reasons.
Browser User Agent Id
To repack/rezip, use the command zip -0DXqr omni.ja *
and make sure that your working directory is the root directory of the files from the omni.ja
file (eg.
will not work) as stated at the Mozilla page.(..) -0DXqr omni.ja path/to/omni/*
omni.ja
. It is up to the user to determine whether the gain in privacy is worth the loss of expected usabilityHardened user.js templates
Several active projects maintain comprehensive hardened Firefox configurations in the form of a user.js
config that can be dropped to Firefox profile directory:
- ffprofile.com (github) - online user.js generator. You select which features you want to enable and disable and in the end you get a download link for a zip-file with your profile template. You can for example disable some functions, which send data to Mozilla and Google, or disable several annoying Firefox functions like Mozilla Hello or the Pocket integration.
See also
- MozillaWiki:Privacy/Privacy Task Force/firefox about config privacy tweeks - a wiki page maintained by Mozilla with descriptions of privacy specific settings.
- How to stop Firefox from making automatic connections - Is an annotated list of corresponding Firefox functionality and settings to disable it case-by-case.
Browser User Agent List
Search user agents via the API
Instead of trawling through the huge listing for the types of user agents you need, use the Database Search Interface to query the API instead of having to download and load the huge database dump. Sign up for a Pro or Enterprise account to get started.
You can perform detailed user agent searches, including refining by software/browser name and version, operating system name and version, software type (browser, bot, app etc), hardware type and so on. You can easily find groups of user agents that match your search criteria.
Use the API to decode user agents
If you need to integrate the user agent parser directly into your website or system then it's very simple to use the API. It's free to use, and has paid tiers for more access and better features. This lets you identify the browser, OS and device your users have. Find out more.
Deadpool amazon prime canada. It's Deadpool, and the Super Duper uncut version of the movie is just what you expect from an Deadpool movie. Only thing I wish there was is the option to go directly to the Super Duper Uncut Version since the digital version on Amazon plays the Theatrical First, then the Uncut one right after. Deadpool at its heart is a funny and light-hearted take on a classic comic book character. It breaks the fourth wall knowingly, it uses in-jokes and banter between its characters to fire off barbs and make each scene worth smiling at or laughing with. Go to amazon.com to see the video catalog in United States. 8.0 1 h 48 min 2016 X-Ray HDR 18+ Hold onto your chimichangas and prepare to be blown (away) by DEADPOOL, the block-busting, fourth-wall-breaking masterpiece about Marvel Comics' sexiest anti-hero! Directors Tim Miller Starring Ryan Reynolds, Morena Baccarin, Ed Skrein.
Download the whole database
If you want to get a copy of the database of 66,832,893 user agents you can download it very easily. This will let you do things like advanced filtering and searching, identify trends in user agents, perform statistical analysis and other interesting applications. Find out more.