How to harden Firefox

Setup

Step 1: install Firefox

Go to https://www.firefox.com/, download and install Firefox.

Step 2: add arkenfox/user.js to profile

Heads-up: see user.js to learn more about settings.

Start Firefox, paste “about:profiles” in address bar and press Enter.

Find default profile root directory and copy path to clipboard.

Download user.js to default profile root directory.

Heads-up: replace /Users/sunknudsen/Library/Application Support/Firefox/Profiles/rzrw17yo.default-release with default profile root directory copied to clipboard.

$ cd "/Users/sunknudsen/Library/Application Support/Firefox/Profiles/rzrw17yo.default-release"

$ curl --fail --remote-name https://raw.githubusercontent.com/arkenfox/user.js/refs/heads/master/user.js
Expand code

Step 3: append user-overrides.js to user.js

Heads-up: enables Mullvad DNS over HTTPS.

Mullvad DNS over HTTPS uses Anycast for DNS query routing via BGP. As a result, server selection is determined by BGP routing policies rather than geographic proximity and may route DNS queries to distant servers. If browsing feels slow, consider bypassing Anycast by specifying DNS server using network.trr.custom_uri and network.trr.uri in user-overrides.js (for example: https://us-nyc-dns-601.mullvad.net/dns-query for North America’s East Coast).

$ curl --fail --remote-name https://sunknudsen.com/guides/how-to-harden-firefox/user-overrides.js

$ cat user-overrides.js >> user.js
Expand code

Step 4 (optional): enable Mullvad SOCKS5 proxy kill switch (disabled by default, Mullvad app and subscription required)

Open user.js and user-overrides.js using text editor and set network.proxy.type to 1.

Step 5 (optional): install GitHub Dark Default Faded theme

Step 6: restart Firefox

Step 7: set default search engine to DuckDuckGo

Paste “about:preferences#search” in address bar, press Enter and set default search engine to “DuckDuckGo”.

Step 8: uncheck all search shortcuts

Paste “about:preferences#search” in address bar, press Enter and uncheck all search shortcuts.

Usage

Temporarily disable cookie and site data deletion (useful when Firefox is restarted to install update or one wishes to reboot computer while persisting Firefox sessions)

Heads-up: “Delete cookies and site data when Firefox is closed” will be enabled again next time Firefox starts.

Start Firefox, paste “about:preferences#privacy” in address bar and press Enter.

Uncheck “Delete cookies and site data when Firefox is closed”.

Want things back the way they were before following this guide?

Delete user.js and user-overrides.js and set Firefox settings as they were before following guide.