So, depending on the radio button checked above, unnecessary preferences are disabled in the list
of all the available user preferences below. There you may decide to include (check ) or
else exclude (uncheck ) specific preferences. NOTE: Do remember that you by the use of this
script will only choose which user_pref("
[pref
name ]",
[value ]);
will be included in the user.js
file. If a box is left unchecked, the user_pref
will not be included and will have no effect on
the preference whatsoever, i.e. the old pref
in the prefs.js file will hold. Only when
a user_pref
is included, it can alter the corresponding pref
.
By also checking
unchecked preferences, you might change program functionality in a perhaps unintended way, so be particular when
fine-tuning.
The first group of user_pref
settings are security or privacy related. The settings
are relevant to all current (around 2009-2010) applications. If you would like enhanced security/privacy for a
program that is no longer being developed, e.g.
Firefox 2, Thunderbird 2 or SeaMonkey 1 , you should be better off with version 1.1 of the 100 User
Preferences Script .
ALL APPLICATIONS SECURITY OR PRIVACY RELATED PREFERENCES
These preferences will have an effect on applications built on the Gecko 1.9 code-base,
including amongst others Firefox 3.0 .
Source roots: The preferences refered to in this section are usually found in the all.js or
security-prefs.js files on the CVS repository for
the Gecko/Mozilla 1.9.0 releases in the project’s source tree .
1-7 Managing security certificates and secure sites
Ease the handling of self-signed certificates. The first preference enables some extra UI
on the SSL error page that makes it easier to accept an invalid
certificate, and the second preference pre-fetches the certificate. See bug 427293 for more
information.
user_pref("browser.xul.error_pages.expert_bad_cert ", );
Unchecked. Note: The user preference above would somewhat jeopardise security. Application default is false
.
user_pref("browser.ssl_override_behavior ", );
Unchecked. Note: The user preference above would somewhat jeopardise security. Application default is 1
.
Disable the TLS session ticket extension. See
bug 403563 about the implementation of the TLS session ticket extension. However, some servers have a
hard time dealing with the TLS session ticket extension, but the problem can be worked around by disabling the
functionality in your own program.
user_pref("security.enable_tls_session_tickets ", );
Unchecked. Application default is true
.
Require that an OCSP service is
available for control of a certificate’s status, otherwise treat the certificate as not valid.
For more information, see bug 110161 .
user_pref("security.OCSP.require ", );
Unchecked. Application default is false
.
Enforce the asking by prompting every time for the selection of a security certificate to present to web sites that
require one. By the resolution of bug 431819 a compromise was
reached concerning the requirement of the application’s prompting in this regard. To keep it always
asking, check this preference, but be prepared since the result might be an annoying
series of prompts.
user_pref("security.remember_cert_checkbox_default_setting ", );
Unchecked. Application default is true
.
Warn when browsing secure/normal pages. The dialogue will let you disable each warning until the next
time you start the browser. For pros and cons about these warnings, see bug 341472 . Only the warnings when leaving a secure page, and submitting over an insecure
connection are contained, since the application defaults for those warnings are the less secure option.
user_pref("security.warn_leaving_secure ", );
Unchecked. Application default is false
.
user_pref("security.warn_submit_insecure ", );
Unchecked. Application default is false
.
8-12 Managing password protected sites
Checking the first preference would disable the Password Manager .
user_pref("signon.rememberSignons ", );
Unchecked. Application default is true
.
If you keep it enabled though, do not automatically fill sign-in forms with known usernames and passwords;
instead, act as though there are multiple usernames/password pairs remembered for the form (fill
password after username has been manually typed).
user_pref("signon.autofillForms ", );
Checked. Application default is true
.
Ask for the master password (if enabled) every 30 minutes.
You could change the interval by entering any number of minutes in the second user preference. Change
the value of the first user preference to 1
if the application should ask for the password
every time it’s needed. The application default is to ask once per session.
user_pref("security.ask_for_password ",
1
2
);
Checked. Application default is 0
.
user_pref("security.password_lifetime ", );
Checked. Application default is 30
.
When logging in from an intranet, you could reverse the preference for automatically authenticating with proxy servers,
to instead prompt for authentication. For more info about this feature, see the Mozilla Developer Center article
on Integrated Authentication .
user_pref("network.automatic-ntlm-auth.allow-proxies ", );
Unchecked. Application default is true
.
13 Do not click too quick
Security-sensitive prompt dialogs is delaying the button enabling. The default value is 2000 milliseconds. You
could change the time frame for the button to become enabled, by entering another value in milliseconds.
user_pref("security.dialog_enable_delay ", );
Unchecked. Application default is 2000
.
14-15 Manage the sending of referer headers
The application default is to send referer headers. With the first user preference below, you would stop this.
Change the value to 1
, if rather
than denying referers altogether, link clicks – but still not images – should result in the sending of the
referer. Checking the second user preference would inhibit sending of HTTPS referers to other HTTPS sites. See bugs
1582 and 141641 for caveats about
disabling sending of referer headers.
user_pref("network.http.sendRefererHeader ",
0
1
);
Unchecked. Application default is 2
.
user_pref("network.http.sendSecureXSiteReferrer ", );
Unchecked. Application default is true
.
16-21 Managing JavaScript applications
The application will alert you when a script is taking a long time to run and let you stop the script. The first
preference below let you define what "a long time" is, counting in seconds. User preference
no 16 is regulating the time for scripts at web sites. Setting the time to
0
will allow the script to run for as long as it needs. See
bug 231009 for a discussion about appropriate time frames.
Problematic regular expressions could cause the application to hang. The user preference no 17
will make the application throw an exception, stopping execution before this eventually happens. See
bug 330569 for info about exponentially explosive regular expressions.
By checking user preference no 18 JavaScript would be disabled altogether.
user_pref("dom.max_script_run_time ", );
Unchecked. Application default is 10
.
user_pref("javascript.options.relimit ", );
Unchecked. Application default is false
.
user_pref("javascript.enabled ", );
Unchecked. Application default is true
.
Do not allow unlimited access to XPConnect . For more info about
XPConnect , see the Mozilla Developer Center documentation .
user_pref("security.xpconnect.plugin.unrestricted ", );
Unchecked. Application default is true
.
Scripts should not be able to hide or change the status bar or the context menu.
user_pref("dom.disable_window_status_change ", );
Checked. Application default is false
.
user_pref("dom.event.contextmenu.enabled ", );
Checked. Application default is true
.
22-26 Managing pop-up windows
Pop-up windows (created by scripts) should not hide the location bar, or be
impossible to minimize or close. See bug 337344 for caveats about
the first setting below.
user_pref("dom.disable_window_open_feature.location ",
);
Unchecked. Application default is false
.
user_pref("dom.disable_window_open_feature.minimizable ", );
Checked. Application default is false
.
user_pref("dom.disable_window_open_feature.close ", );
Checked. Application default is false
.
Block popup windows not created as a result of a mouse click. The value 2
of user
preference no 26 allows whitelisted sites to open popups. To disable popups
for all sites, change the value to 3
.
user_pref("dom.disable_open_during_load ", );
Checked. Application default is false
.
user_pref("privacy.popups.disable_from_plugins ",
2
3
);
Unchecked. Application default is 2
.
27-31 Cookies and DOM storage
Due to a variety of opinions, all user preferences in this section are left unchecked. See bug 324397 and
bug 417800 for arguments about the best settings, the default now resolved as
"Allow All Cookies", which is option value 0
for preference
no 27 . The available values mean:
1 Allow cookies from originating server only
2 Disable all cookies
By checking user preference no 28 you could separately disable so-called
DOM storage. Cp. bug 341524 .
user_pref("network.cookie.cookieBehavior ",
1
2
);
Unchecked. Application default is 0
.
user_pref("dom.storage.enabled ", );
Unchecked. Application default is true
.
The application default for preference no 29 is "Accept cookies normally",
i.e. value 0
, and the available option values mean:
1 Ask once for cookie per site – recommended to also check user preference no 30 to avoid an
excess of prompts
2 Accept for current session only
3 Accept for any number of days set in user preference no 31
user_pref("network.cookie.lifetimePolicy ",
1
2
3
);
Unchecked. Application default is 0
.
user_pref("network.cookie.alwaysAcceptSessionCookies ",
);
Unchecked. Application default is false
.
user_pref("network.cookie.lifetime.days ", );
Unchecked. Application default is 90
.
32 No prefetching of next page
Disable link prefetching triggered in web pages by <link rel="next">
.
user_pref("network.prefetch-next ", );
Checked. Application default is true
.
33 Disable Java ™
Disable Java ™ features, e.g. java applets.
user_pref("security.enable_java ", );
Unchecked. Application default is true
.
The user preferences so far were security or privacy related. In the following sections, the user preferences more depend on a
matter of taste. An initially checked preference either has an obvious security/privacy benefit or will bring with it a
steadier/less jumpy user interface. Feel free to check and uncheck at will.
GENERAL BROWSER RELATED PREFERENCES
The settings will control behaviour of the browser component, but note that some functionality might
be dependent on preferences refered to in the previous section.
Source roots: The preferences refered to in this section are usually found in the all.js or else
the browser-prefs.js and firefox.js files on the CVS repository for
the Gecko/Mozilla 1.9.0 releases in the project’s source tree .
34-36 Turn on Location Bar features
Disable domain guessing and enable Internet keywords . See a mozilla.org ®
document for information about the implementation of that feature.
user_pref("browser.fixup.alternate.enabled ", );
Unchecked. Application default is true
.
user_pref("keyword.enabled ", );
Unchecked. Application default is false
.
Apply automatic filling in of the address in the location bar.
user_pref("browser.urlbar.autoFill ", );
Unchecked. Application default is false
.
37-38 Keep the tabs under control
Do not hide the tab bar when only one tab is open.
user_pref("browser.tabs.autoHide ", );
Checked. Application default is true
.
Prevent tabs opened by other applications from receiving focus.
user_pref("browser.tabs.loadDivertedInBackground ", );
Unchecked. Application default is false
.
39-40 Blinking and tipping off
The first preference disables tooltips and the second puts an end to blinking text.
user_pref("browser.chrome.toolbar_tips ", );
Unchecked. Application default is true
.
user_pref("browser.blink_allowed ", );
Unchecked. Application default is true
.
41 Zoom behaviour
Revert to old text size zoom behaviour (not zooming everything on the page). See bug 401322 for more
information.
user_pref("browser.zoom.full ", );
Unchecked. Application default is false
but Fx is
reversing that.
42 Do not mark wrong spelling
Disable - option value 0
- automatic inline spellchecking for text entry controls such as
textarea
in HTML , or make it also
available for single line controls - option value 2
.
user_pref("layout.spellcheckDefault ",
0
2
);
Checked. Application default is 1
.
The preferences changes in the framed area below are there to smooth things a bit by getting rid of possible
program specific annoyances.
PROGRAM SPECIFIC PREFERENCES ‣ FIREFOX ®
The settings will have effect in Firefox 3 and its derivatives.
Source roots: Firefox specific preferences are usually found in the firefox.js file in the
project’s source tree .
43 Control the domain display in the identity box for SSL connections
There is the capacity to show extra UI to convey
information about a site using SSL to encrypt
communications. From Fx 3.5 the default will show the effective
top-level domain along with the
second-level domain (e.g., mozilla.org) emphasized to the left of the URL in the Location Bar. All available option values
mean:
0 Refrain from showing the domain at all
1 Show the top-level domain + 1 (e.g. mozilla.org)
2 Show the full domain (e.g. bugzilla.mozilla.org)
user_pref("browser.identity.ssl_domain_display ",
0
1
2
);
Checked. Application default is 1
(changed from 0
in earlier versions).
44 Always show the toolbars and tab strip in fullscreen mode
In fullscreen mode, toolbars and the tab strip are by default hidden at the top of the screen and only shown
on mouseover. This preference will keep them in sight.
user_pref("browser.fullscreen.autohide ", );
Checked. Application default is true
.
45-49 Controlling the tabs
Return to Fx 1.5 defaults. By user preference
no 45 you would only show the tab’s close button
at the end of the tabstrip – value 3
– or use no close buttons at all, value 2
.
By user preference no 46 you would give focus to the
adjacent tab on closing a tab, rather than give focus to the tab by which you opened the tab now getting closed.
user_pref("browser.tabs.closeButtons ",
2
3
);
Unchecked. Application default is 1
.
user_pref("browser.tabs.selectOwnerOnClose ", );
Unchecked. Application default is true
.
Prevent tabs opened with an item from the bookmarks list from receiving focus.
user_pref("browser.tabs.loadBookmarksInBackground ", );
Checked. Application default is false
.
Have search bar results always open in a new tab.
user_pref("browser.search.openintab ", );
Checked. Application default is false
.
Append a group of tabs instead of replacing the existing tabs.
user_pref("browser.tabs.loadFolderAndReplace ", );
Checked. Application default is true
.
50 Forget the zoom level
Do not remember zooming on a per-site basis, instead the zoom level should be applied on the current
tab only. Cp. bug 419609 .
user_pref("browser.zoom.siteSpecific ", );
Unchecked. Application default is true
.
51-52 Download directory
When downloading, use the last folder specified for a download, i.e.
value 2
, or else either the dedicated downloads folder – option value 1
– or the desktop
– option value 0
. Alternatively, check user preference no 52 to choose every time
where downloads get put.
user_pref("browser.download.folderList ",
0
1
2
);
Unchecked. Application default is 1
(changed from 0 in earlier versions).
user_pref("browser.download.useDownloadDir ", );
Unchecked. Application default is true
.
53 Page reloading
Disable automatic reload of web pages done by the meta
refresh tag in HTML .
user_pref("accessibility.blockautorefresh ", );
Checked. Application default is false
.
54 Export bookmarks as HTML at shutdown
The program uses JSON as the format
to store bookmark backups by default. By this preference you switch back to using
bookmarks.html instead. Cp. bug 384370 .
user_pref("browser.bookmarks.autoExportHTML ", );
Unchecked. Application default is false
.
55 Do not restore the session after a crash
This user preference is for disabling the session restore utility after a crash. See the issues list for
Fx 2 for the relevance of this preference.
user_pref("browser.sessionstore.resume_from_crash ",
);
Unchecked. Application default is true
.
The next group of user preferences are directed towards mail management, addressbooks and newsgroups.
Note that some functionality might be dependent on preferences refered to in a previous section.
GENERAL MAIL & NEWSGROUPS PREFERENCES
The settings will control behaviour in the mail and newsgroups component in application suites like
SeaMonkey , and in stand-alone e-mail clients like Thunderbird
and its derivatives.
Source roots: The preferences refered to in this section are usually found in the all.js or
mailnews.js files on the CVS repository for
the Gecko/Mozilla 1.9.0 releases in the project’s source tree .
56-57 Format=flowed prefs and RFC 2646
Read messages using old style wrapping. By also checking preference no 57
composed messages would be prevented from being transmitted with format=flowed. See Format=Flowed
Mini-FAQ about this feature.
user_pref("mailnews.display.disable_format_flowed_support ", );
Unchecked. Application default is false
.
user_pref("mailnews.send_plaintext_flowed ", );
Unchecked. Application default is true
.
58-60 Mail list appearance
Do not remember the last selected message or auto-scroll to a new message.
user_pref("mailnews.remember_selected_message ", );
Checked. Application default is true
.
user_pref("mailnews.scroll_to_new_message ", );
Checked. Application default is true
.
Mark duplicat messages as read. See bug 9413 for information. The application
default is 0
for no particular action (keeping dupes). The available
option values mean:
1 Delete dupes
2 Move Dupes to trash
3 Mark Dupes as Read
user_pref("mail.server.default.dup_action ",
1
2
3
);
Unchecked. Application default is 0
.
61-62 Collecting addresses
Add e-mail addresses to the Collected addressbook (not to muddle the Personal
addressbook ). By also checking user preference no 62 , address collecting (for outgoing messages)
would be disabled altogether.
user_pref("mail.collect_addressbook ", );
Unchecked. Application default is moz-abmdbdirectory://abook.mab
.
user_pref("mail.collect_email_address_outgoing ", );
Unchecked. Application default is true
.
63-66 Return receipts
Never send a return receipt if addressee is not in To or CC (user preference no 64 ), ask me
if addressee is outside my domain (user preference no 65 ), and
ask me if addressee is other (user preference no 66 ). By
checking the first preference, return receipts would become disabled altogether, nullifying the effect
of the others. The available option values mean:
0 Never send
1 Always send
2 Ask me
3 Deny the request (only user preference no 66 )
user_pref("mail.mdn.report.enabled ",
);
Unchecked. Application default is true
.
user_pref("mail.mdn.report.not_in_to_cc ", );
Checked. Application default is 2
.
user_pref("mail.mdn.report.outside_domain ",
0
2
);
Checked. Application default is 2
.
user_pref("mail.mdn.report.other ",
1
2
3
);
Checked. Application default is 2
.
67-69 Regular compacting of folders
Compact folders when it will save over a certain amount of kilobytes, by default 100 kB. Do change
the number to any threshhold.
user_pref("mail.prompt_purge_threshhold ", );
Unchecked. Application default is false
.
user_pref("mail.purge_threshhold ", );
Unchecked. Application default is 100
.
The mail client will show a confirmation alert when starting automatic compacting of
folders. Check the preference if you do not want this alert and you also checked no 67 above.
user_pref("mail.purge.ask ", );
Unchecked. Application default is true
.
The preferences changes in the framed area below are there to smooth things a bit by getting rid of possible
program specific annoyances.
PROGRAM SPECIFIC PREFERENCES ‣ THUNDERBIRD ®
The settings will have effect in Thunderbird 3 and its derivatives.
Source roots: Thunderbird specific preferences are usually found in the all-thunderbird.js
file on the mercurial (hg) repository for Thunderbird ®, SeaMonkey ®, and
Sunbird ® in the project’s source tree .
70-71 Fine-tune the phishing detection
You could turn parts of phishing detection, i.e. analyzing of url ’s in mail messages for scams, off
in Thunderbird by setting two preferences to false
. The first will make the
client refrain from checking the matching of visible links with ip-addresses, and the second will
make it refrain from checking the matching of visible links with host names.
user_pref("mail.phishing.detection.ipaddresses ", );
Unchecked. Note: The user preference above is somewhat jeopardising security. Application default is true
.
user_pref("mail.phishing.detection.mismatched_hosts ", );
Unchecked. Note: The user preference above is somewhat jeopardising security. Application default is true
.
72-74 Controlling the tabs
If a message is opened using Enter or a double-click, it will by default open in a new tab. By this preference,
you will decide to instead open messages in new – value 0
– or existing windows,
value 1
.
user_pref("mail.openMessageBehavior ",
0
1
);
Unchecked. Application default is 2
.
Only show the tab’s close button
at the end of the tabstrip – value 3
– or use no close buttons at all, value 2
.
user_pref("mail.tabs.closeButtons ",
2
3
);
Unchecked. Application default is 1
.
Do not let the window close when you close the last tab.
user_pref("mail.tabs.closeWindowWithLastTab ", );
Checked. Application default is true
.
75 No preview text
Disable preview text in mail alerts and folder tooltips.
user_pref("mail.showPreviewText ", );
Checked. Application default is true
.
76 No reminders for missing attachments
When you use particular key words like attachment in the mail message, TB
will remind you not to forget to attach a file to the message. By this preference you will disable those reminders.
user_pref("mail.compose.attachment_reminder ", );
Unchecked. Application default is true
.
PROGRAM SPECIFIC PREFERENCES ‣ SEAMONKEY ®
These preferences will have an effect in SeaMonkey 2 and its derivatives.
Source roots: SeaMonkey specific preferences are usually found in the browser-prefs.js file
on the mercurial (hg) repository for Thunderbird ®, SeaMonkey ®, and
Sunbird ® in the project’s source tree .
77-79 Location bar behaviour
Turn off location bar popups.
user_pref("browser.urlbar.showPopup ", );
Checked. Application default is true
.
user_pref("browser.urlbar.showSearch ", );
Checked. Application default is true
.
Do not select the text when clicking past it in the location bar.
user_pref("browser.urlbar.clickAtEndSelects ", );
Checked. Application default is true
.
80-85 Controlling the tabs
Open middle- or Ctrl - clicked hyper links, links from external programs, targeted links, and unspecified
window.open
calls in tabs instead of new windows – i.e. , mimic Fx behaviour.
user_pref("browser.tabs.opentabfor.middleclick ", );
Checked. Application default is false
.
user_pref("browser.link.open_external ", );
Checked. Application default is 2
.
user_pref("browser.link.open_newwindow ", );
Checked. Application default is 2
.
user_pref("browser.link.open_newwindow.restriction ",
);
Checked. Application default is 0
.
Append a group of tabs instead of replacing the existing tabs and prevent tabs opened from links from receiving focus.
user_pref("browser.tabs.loadGroup ", );
Checked. Application default is 1
.
user_pref("browser.tabs.loadInBackground ", );
Checked. Application default is false
.
86 Control the sidebar
Do not automatically open the search sidebar when doing a search.
user_pref("browser.search.opensidebarsearchpanel ", );
Checked. Application default is true
.
87-88 Tooltip previews and menu icons
Disable the tooltip preview of a tab’s contents. Cp. bug 315207 .
user_pref("browser.tabs.tooltippreview.enable ", );
Checked. Application default is true
.
Load site icons/favicons when displaying bookmarks in menus, but only if they have already been
cached. Changing the number to 2
would make the browser always load and show the icons
in menus. The default behaviour is to never show, i.e. option value 0
.
user_pref("browser.chrome.load_toolbar_icons ",
1
2
);
Unchecked. Application default is 0
.
89 Do not check for new mail until the mail client is started
A check for new mail will be done, even when the Mail
& Newsgroups component remains closed. Check this user preference to disable the feature.
user_pref("mail.biff.on_new_window ", );
Checked. Application default is true
.
MISCELLANEOUS
The remaining user preferences we need to deal with are diverse peculiarities found here and there and they
might or might not have an effect on your software. Some are slightly dated while others are the bleeding edge!
90-92 Handling personal information
Do not save form data, and use encryption when storing sensitive data. (The Form manager and wallet
preferences are gone in TB 3 and SM 2 .)
user_pref("wallet.captureForms ", );
Unchecked. Application default differs.
user_pref("wallet.crypto ", );
Unchecked. Application default is false
.
Do not fill in form data automatically.
user_pref("browser.formfill.enable ", );
Checked. Application default is true
.
93 Disable the geolocation API for content
From Gecko 1.9.1 you could provide your location to web applications if you so desire. See this article for more information.
user_pref("geo.enabled ",
);
Checked. Application default is true
.
94-95 Media controls
From Gecko 1.9.1 a web site could use the tags video
and audio
to play media in the
browser. The first preference below would disable autostart of a media element, and the second one would disallow a connection
if the Access-Control-Allow-Origin header is absent or revealing that the media is coming from a different site.
user_pref("media.autoplay.enabled ",
);
Checked. Application default is true
.
user_pref("media.enforce_same_site_origin ",
);
Checked. Application default is false
.
96-97 Automatic updates
The application should automatically check to see if there is an updated version of itself, but should
prompt before downloading major releases. Checking user preference
no 97 would disable automatic
updates.
user_pref("app.update.mode ", );
Checked. Application default is 1
.
user_pref("app.update.auto ", );
Unchecked. Note: The user preference above is somewhat jeopardising security. Application default is true
.
98 Uncover the secret add-ons install button
Unhides the install button in the add-ons manager. See Uncover... for a blog entry about this feature.
user_pref("extensions.hideInstallButton ", );
Unchecked. Application default is true
.
99 Let Windows OS have memory if the application is
minimized
Allow the application to release memory for the benefit of other programs. See bug 76831 for more information.
user_pref("config.trim_on_minimize ", );
Unchecked. Does not exist by default.
100 Show the world
Add a note to the user agent string. Do observe that this user preference is always included.
user_pref("general.useragent.extra.user_js ",
);
Checked. Does not exist by default.