Sane security conscious settings
To use, place user.js in one of the following folders:
- Unix-like (hidden folder): ~/.mozilla/firefox/
- Windows: C:\Users<Username>\AppData\Roaming\Mozilla\Firefox\Profiles\yourprofile\
- DOM storage's size has been reduced, but has not been disabled for compatibility purposes;
- webGL is turned on for my convenience;
- HTTPS Finder
- uMatrix (in default-deny mode; malware lists checked)
- uBlock by Gorhill (non-advanced mode; all lists checked in uMatrix unchecked)
Chromium requires Chameleon 0.6 in order to change the HTTP_ACCEPT headers, as well as the user agent (although replacing the latter is trivial).
Flash users, disable font enumeration if possible (mms.cfg). Firefox users ought to use freshplayerplugin, a ppapi2npapi compatibility layer that allows Firefox to use Chrome's up-to-date pepperflash.
For a user.js with more emphasis on security (occasionally at the cost of functionality, like when you completely disable DOM storage, for instance), and less emphasis on blending in, check pyllyukko's user.js. To compare privacy conscious user.js files, use jm42's compare-user.js.