
How to Harden Firefox for Privacy: The Complete 2026 Guide
Firefox is already one of the most privacy-respecting mainstream browsers available. But out of the box, it still makes compromises between usability and privacy. If you want to push Firefox from “good” to “fortress,” you need to harden it — systematically disabling telemetry, tightening cookie controls, enabling anti-fingerprinting measures, and installing the right extensions.
This guide shows you exactly how to harden Firefox for privacy in 2026, step by step. We’ll cover the critical about:config tweaks, the extensions that actually matter (and which ones to skip), Enhanced Tracking Protection optimization, HTTPS and DNS hardening, telemetry disabling, and how to use pre-built user.js profiles like arkenfox for maximum protection. Whether you’re a privacy enthusiast or a professional managing sensitive workflows, this guide has you covered.
Step 1: Optimize Enhanced Tracking Protection (ETP)
Firefox’s Enhanced Tracking Protection is your first line of defense. It comes in three levels — Standard, Strict, and Custom. For a hardened setup, you want Strict at minimum.
Setting ETP to Strict
- Open Firefox and navigate to Settings → Privacy & Security
- Under “Enhanced Tracking Protection,” select “Strict”
- This enables:
- Total Cookie Protection — partitions all third-party cookies per site (see our detailed total cookie protection explainer)
- Tracker blocking — blocks known tracking scripts from the Disconnect list
- Fingerprinter blocking — blocks known fingerprinting scripts
- Cryptominer blocking — blocks browser-based cryptocurrency miners
- Cross-site cookie isolation — cookies from embedded content are isolated per site
Custom Mode for Fine-Tuning
If you want even more control, select “Custom” and configure each category individually. The most aggressive Custom configuration is:
- Cookies: “All third-party cookies” (blocks all rather than partitioning — more breakage but stronger isolation)
- Tracking content: “In all windows” (not just private windows)
- Cryptominers: Checked
- Known fingerprinters: Checked
- Suspected fingerprinters: Checked
Be aware that blocking all third-party cookies (rather than partitioning them) will cause more website breakage than the Strict mode’s partitioning approach. You’ll need to manually add exceptions for sites that break.
Step 2: Critical about:config Privacy Tweaks
Firefox’s about:config page provides access to hundreds of advanced settings that aren’t exposed in the standard Settings UI. To access it, type about:config in the address bar and click “Accept the Risk and Continue.”
Warning: Changing about:config settings can break websites or Firefox functionality. Document your changes so you can revert them if needed. The tweaks below are well-tested and widely recommended by the privacy community.
Anti-Fingerprinting
| Preference | Set To | What It Does |
|---|---|---|
privacy.resistFingerprinting |
true |
Master fingerprinting defense — spoofs timezone to UTC, reports generic screen size, standardizes fonts, disables certain APIs. The single most impactful anti-fingerprinting toggle. |
privacy.resistFingerprinting.letterboxing |
true |
Adds padding around web content so the viewport dimensions are rounded to standard sizes, preventing window-size fingerprinting. |
privacy.fingerprintingProtection |
true |
Enables Firefox’s newer granular fingerprint protection system (works alongside resistFingerprinting). |
Note on privacy.resistFingerprinting: This is the most powerful single privacy toggle in Firefox, but it has noticeable usability impacts. Your timezone will appear as UTC (affecting calendar apps, scheduling tools), websites won’t see your actual screen resolution, and some media features may behave differently. For maximum privacy, keep it on. For daily-driver use, consider leaving it off and relying on the privacy.fingerprintingProtection granular system instead.
Cookie and Storage Controls
| Preference | Set To | What It Does |
|---|---|---|
network.cookie.cookieBehavior |
5 |
Enables Total Cookie Protection (cookie partitioning). Value 5 = “Block cross-site and social media trackers, partition all others.” This is what Strict ETP sets. |
network.cookie.lifetimePolicy |
2 |
Deletes all cookies when Firefox closes. Value 2 = session-only cookies. Aggressive but effective. |
dom.storage.enabled |
true |
Keep enabled — disabling breaks too many sites. Storage is already partitioned under TCP. |
For a comprehensive look at how Firefox partitions storage beyond cookies, read our guide on storage partitioning in browser privacy.
WebRTC Leak Prevention
| Preference | Set To | What It Does |
|---|---|---|
media.peerconnection.enabled |
false |
Disables WebRTC entirely. Prevents real IP address leaks even when using a VPN. Breaks video/voice calling in the browser (Google Meet, Zoom web client, etc.). |
media.peerconnection.ice.default_address_only |
true |
Less aggressive alternative — allows WebRTC but only exposes your default network interface IP. Use this instead of disabling WebRTC if you need video calling. |
media.peerconnection.ice.no_host |
true |
Prevents WebRTC from exposing local/private IP addresses. Use with the setting above for a balanced approach. |
Network Privacy
| Preference | Set To | What It Does |
|---|---|---|
network.dns.disablePrefetch |
true |
Stops Firefox from pre-resolving DNS for links on the page. Prevents DNS-based tracking of browsing intent. |
network.prefetch-next |
false |
Disables link prefetching — Firefox won’t preload pages you haven’t clicked on, reducing data leakage. |
network.predictor.enabled |
false |
Disables speculative pre-connections to sites Firefox predicts you’ll visit. |
network.http.speculative-parallel-limit |
0 |
Eliminates speculative connections entirely. |
beacon.enabled |
false |
Disables the Beacon API, which sites use to send analytics data even as you navigate away from the page. |
Telemetry and Data Collection
| Preference | Set To | What It Does |
|---|---|---|
toolkit.telemetry.enabled |
false |
Disables Firefox’s telemetry data collection. |
toolkit.telemetry.unified |
false |
Disables the unified telemetry system. |
toolkit.telemetry.archive.enabled |
false |
Stops archiving of telemetry data locally. |
datareporting.healthreport.uploadEnabled |
false |
Prevents Firefox from uploading health reports. |
datareporting.policy.dataSubmissionEnabled |
false |
Master switch to disable all data submission to Mozilla. |
app.shield.optoutstudies.enabled |
false |
Opts out of Mozilla Shield studies (A/B tests pushed to users). |
browser.ping-centre.telemetry |
false |
Disables ping-centre telemetry. |
browser.newtabpage.activity-stream.feeds.telemetry |
false |
Disables new tab page telemetry. |
browser.newtabpage.activity-stream.telemetry |
false |
Disables activity stream telemetry. |
Additional Privacy Hardening
| Preference | Set To | What It Does |
|---|---|---|
geo.enabled |
false |
Disables the Geolocation API entirely. Sites cannot request your location. |
dom.battery.enabled |
false |
Disables the Battery API — prevents battery level from being used as a fingerprinting signal. |
dom.event.clipboardevents.enabled |
false |
Prevents sites from detecting clipboard copy/cut/paste events. |
browser.safebrowsing.malware.enabled |
true |
Keep enabled — malware protection outweighs the minor privacy cost of safe browsing checks. |
browser.send_pings |
false |
Disables hyperlink auditing pings (click tracking via <a ping=””>). |
Step 3: Install Essential Privacy Extensions
Extensions extend Firefox’s privacy capabilities beyond what built-in settings can achieve. However, each extension also adds to your browser fingerprint and represents a potential attack surface. Be selective — install only what you need.
Must-Have Extensions
uBlock Origin
The single most important privacy extension. uBlock Origin is an open-source, wide-spectrum content blocker that blocks ads, trackers, malware domains, and more. It’s significantly more efficient than alternatives like Adblock Plus and doesn’t participate in “acceptable ads” programs. Key configuration tips:
- Enable additional filter lists: AdGuard Tracking Protection, EasyPrivacy, Fanboy’s Enhanced Tracking List
- Enable “I am an advanced user” for dynamic filtering capabilities
- Consider enabling uBlock Origin’s Medium Mode for more aggressive blocking with per-site overrides
How Send.win Helps You Master How To Harden Firefox For Privacy
Send.win makes How To Harden Firefox For Privacy simple and secure with powerful browser isolation technology:
- Browser Isolation – Every tab runs in a sandboxed environment
- Cloud Sync – Access your sessions from any device
- Multi-Account Management – Manage unlimited accounts safely
- No Installation Required – Works instantly in your browser
- Affordable Pricing – Enterprise features without enterprise costs
Try Send.win Free – No Credit Card Required
Experience the power of browser isolation with our free demo:
- Instant Access – Start testing in seconds
- Full Features – Try all capabilities
- Secure – Bank-level encryption
- Cross-Platform – Works on desktop, mobile, tablet
- 14-Day Money-Back Guarantee
Ready to upgrade? View pricing plans starting at just $9/month.
Multi-Account Containers
Mozilla’s official Multi-Account Containers extension lets you create colored container tabs that isolate cookies, storage, and browser state. You can assign specific sites to specific containers — for example, putting all Google services in one container and all social media in another. This prevents cross-service tracking within the same browser profile. Learn more about how this relates to Firefox’s built-in isolation in our first party isolation Firefox guide.
Worth Considering
NoScript
Blocks all JavaScript, Java, Flash, and other executable content by default, allowing you to whitelist trusted sites. Extremely effective but high-maintenance — you’ll need to manually allow scripts on virtually every new website you visit. Best for advanced users who are willing to invest time in building a whitelist.
Cookie AutoDelete
Automatically deletes cookies from closed tabs after a configurable delay, while allowing you to whitelist domains whose cookies you want to keep (like sites you’re logged into). This provides a middle ground between keeping all cookies and using session-only cookies via about:config. Note that with Firefox’s Total Cookie Protection, the urgency for this extension has decreased — partitioned cookies are already isolated per site.
Skip These Extensions
- Privacy Badger: Largely redundant with Firefox’s built-in Enhanced Tracking Protection in Strict mode
- Ghostery: Has a history of collecting user data. uBlock Origin does everything Ghostery does, better
- HTTPS Everywhere: Deprecated — Firefox now has built-in HTTPS-Only mode
- Multiple ad blockers: Running two ad blockers causes conflicts and increases fingerprint surface. Pick uBlock Origin and stick with it
Extension Configuration Summary
| Extension | Purpose | Priority | Maintenance Level |
|---|---|---|---|
| uBlock Origin | Content blocking (ads, trackers, malware) | 🔴 Essential | Low (automatic filter updates) |
| Multi-Account Containers | Cookie/storage isolation per identity | 🟡 Recommended | Medium (assign sites to containers) |
| NoScript | Script blocking (whitelist model) | 🟢 Advanced | High (manual whitelisting required) |
| Cookie AutoDelete | Auto-clear unused cookies | 🟢 Optional | Medium (set up whitelist once) |
Step 4: Enable HTTPS-Only Mode
HTTPS-Only mode forces Firefox to use encrypted HTTPS connections for every website. If a site doesn’t support HTTPS, Firefox shows a warning page rather than silently loading the insecure HTTP version.
- Go to Settings → Privacy & Security
- Scroll to “HTTPS-Only Mode”
- Select “Enable HTTPS-Only Mode in all windows”
This is one of the simplest and most impactful hardening steps. In 2026, the vast majority of websites support HTTPS, so you’ll rarely encounter the warning page. When you do, it’s usually a sign that the site is outdated, misconfigured, or potentially malicious.
Step 5: Configure DNS over HTTPS
DNS queries are typically sent in plaintext, meaning your ISP (and anyone monitoring your network) can see every domain you visit — even if the connection itself is encrypted via HTTPS. DNS over HTTPS (DoH) encrypts these lookups.
- Go to Settings → Privacy & Security
- Scroll to “DNS over HTTPS”
- Select “Max Protection” — this forces all DNS queries through the encrypted DoH channel and fails closed (refuses to fall back to unencrypted DNS)
- Choose a provider:
- Cloudflare (1.1.1.1): Fast, privacy-focused, default option
- NextDNS: Adds configurable DNS-level filtering (block ads, trackers, malware at DNS level)
- Quad9: Non-profit, focuses on security (blocks known malicious domains)
- Custom: Enter any DoH resolver URL for full control
Pro tip: Using NextDNS with a custom configuration gives you DNS-level ad and tracker blocking that works even when uBlock Origin can’t (like in-app browsers, non-browser apps, etc.).
Step 6: Disable All Telemetry
While Mozilla is generally trustworthy, a hardened Firefox should minimize data sent to any external server. In addition to the about:config tweaks listed earlier, verify these settings in the standard Settings UI:
- Go to Settings → Privacy & Security
- Scroll to “Firefox Data Collection and Use”
- Uncheck ALL boxes:
- “Allow Firefox to send technical and interaction data to Mozilla”
- “Allow Firefox to install and run studies”
- “Allow Firefox to send backlogged crash reports on your behalf”
Also disable the “Firefox Suggest” features under Address Bar settings, which can send keystroke data to Mozilla or partners for search suggestions.
Step 7: Use a Pre-Built user.js Profile (Arkenfox)
If manually configuring dozens of about:config settings feels overwhelming, the arkenfox user.js project provides a pre-built, community-maintained configuration file that applies comprehensive privacy hardening automatically.
What Is user.js?
The user.js file is a Firefox configuration file that lives in your profile directory. When Firefox starts, it reads this file and applies the preferences it contains, overriding any previous values. This means you can maintain a consistent hardened configuration that survives Firefox updates and settings resets.
Installing Arkenfox
- Visit the arkenfox/user.js GitHub repository
- Download the latest
user.jsfile - Find your Firefox profile directory:
- Type
about:profilesin the address bar - Find your active profile and click “Open Folder” next to “Root Directory”
- Type
- Copy the
user.jsfile into your profile directory - Create a
user-overrides.jsfile in the same directory for your personal customizations - Restart Firefox
Key Arkenfox Features
Arkenfox applies hundreds of privacy-oriented preferences, including:
- All telemetry disabled
- Tracking protection set to strict
privacy.resistFingerprintingenabled- WebRTC leak prevention
- DNS prefetching disabled
- Speculative connections disabled
- Beacon API disabled
- Battery API disabled
- Session restoration limited (prevents data persistence between sessions)
- Safe browsing maintained (security protections kept active)
Customizing with user-overrides.js
Arkenfox is intentionally aggressive. Some settings may break your workflow — for example, privacy.resistFingerprinting sets your timezone to UTC, which affects calendar and scheduling apps. Create a user-overrides.js file to override specific preferences you want to relax:
// user-overrides.js — personal overrides for arkenfox
// Keep resistFingerprinting but disable letterboxing
user_pref("privacy.resistFingerprinting.letterboxing", false);
// Allow WebRTC for video calls (but restrict IP exposure)
user_pref("media.peerconnection.enabled", true);
user_pref("media.peerconnection.ice.default_address_only", true);
user_pref("media.peerconnection.ice.no_host", true);
// Keep geolocation for maps (will still prompt for permission)
user_pref("geo.enabled", true);
After editing your overrides, restart Firefox for the changes to take effect.
Hardened Firefox Configuration Summary
Here’s a complete overview of the hardening levels, from light to maximum, and what to choose based on your needs. For a broader perspective on browser options, check out our comparison of the best browser for privacy in 2026.
| Hardening Level | Settings | Web Breakage | Recommended For |
|---|---|---|---|
| 🟢 Light | ETP Strict + HTTPS-Only + DoH + Disable telemetry | Minimal | Everyone (daily driver) |
| 🟡 Medium | Light + uBlock Origin + Multi-Account Containers + WebRTC restricted | Low | Privacy-conscious users |
| 🔴 Heavy | Medium + about:config tweaks + privacy.resistFingerprinting | Moderate | Privacy enthusiasts |
| ⚫ Maximum | Arkenfox user.js + NoScript + Cookie AutoDelete + session-only cookies | High | Security professionals, researchers, whistleblowers |
The Limits of Firefox Hardening
Even with a fully hardened Firefox, there are fundamental limits to what a single browser profile can achieve:
- Single fingerprint: No matter how much you spoof, you still have one browser fingerprint pattern per profile. Advanced fingerprinting can detect that you’re spoofing, which itself becomes a signal.
- Single IP address: Without a VPN or proxy, all sites see the same IP. Even with a VPN, all tabs share the same exit IP.
- Shared session state: Your entire browsing session — across all tabs and windows — shares the same profile context.
- Configuration overhead: Maintaining a hardened Firefox requires ongoing effort — checking for about:config regressions after updates, updating filter lists, managing exceptions for broken sites.
- Cross-account risk: If you manage multiple accounts on the same platform, even a hardened single-profile browser makes linking those accounts trivial.
These limitations aren’t bugs in Firefox — they’re inherent to the single-profile browser architecture. For users who need true identity separation, the solution isn’t more hardening — it’s multiple isolated environments.
🏆 Send.win Verdict
Hardening Firefox is a powerful way to reduce your digital footprint within a single browser profile. The about:config tweaks, extensions, and arkenfox configurations covered in this guide will block most trackers, prevent fingerprinting, encrypt your connections, and stop telemetry. But all of this work protects one identity. Send.win gives you what no amount of Firefox hardening can — completely separate browser environments, each with its own fingerprint, cookies, IP address, and browsing context. Instead of spending hours configuring about:config and managing extensions, Send.win provides hardened, isolated cloud browser profiles out of the box. It’s the difference between fortifying one house and having an entire neighborhood of separate, secure residences.
Try Send.win free today — skip the manual hardening and get per-identity isolation with zero configuration.
Frequently Asked Questions
What is the single most important about:config setting for Firefox privacy?
privacy.resistFingerprinting is the most impactful single toggle. When set to true, it spoofs your timezone to UTC, reports a generic screen resolution, standardizes font metrics, and disables several APIs used for fingerprinting. It has noticeable usability impacts (especially timezone reporting), but it provides more fingerprinting protection than any other individual setting.
Will hardening Firefox break websites?
It depends on the hardening level. Light hardening (ETP Strict, HTTPS-Only, DoH) causes minimal breakage. Medium hardening with uBlock Origin and WebRTC restrictions occasionally breaks video calling. Heavy hardening with privacy.resistFingerprinting will cause timezone-related issues and some visual quirks. Maximum hardening with NoScript will break most sites until you manually whitelist their scripts. The comparison table in this guide helps you choose the right level for your tolerance.
Is arkenfox user.js safe to use as a daily driver?
Arkenfox is well-maintained and widely used, but it’s designed for privacy maximalists. Out of the box, it enables privacy.resistFingerprinting, disables session restoration, and makes other aggressive changes. For daily use, create a user-overrides.js file to relax specific settings that impact your workflow — like re-enabling geolocation for maps or allowing WebRTC for video calls. Many users successfully run arkenfox daily with a handful of overrides.
Do I need both uBlock Origin and Firefox’s Enhanced Tracking Protection?
Yes, they complement each other. ETP blocks known trackers from the Disconnect list and partitions cookies, while uBlock Origin provides broader content blocking including ad networks, malicious domains, and custom filter rules. ETP works at the browser level (blocking network requests before they execute), while uBlock Origin works at the content level (parsing page content and removing unwanted elements). Together, they provide significantly more protection than either alone.
Should I disable WebRTC completely or just restrict it?
If you never use browser-based video or voice calling (Google Meet, Zoom web, Discord in browser), setting media.peerconnection.enabled to false is the safest option — it eliminates WebRTC IP leaks entirely. If you do use these services, keep WebRTC enabled but set media.peerconnection.ice.default_address_only and media.peerconnection.ice.no_host to true to restrict IP exposure.
How often do I need to update my hardened Firefox configuration?
Firefox updates can occasionally reset or override about:config settings. If you’re using arkenfox, the user.js file is reapplied on every Firefox startup, protecting against resets. Check the arkenfox GitHub repository after major Firefox releases for any new recommendations. If you’re managing settings manually, review your about:config preferences after each major Firefox update (roughly every 4 weeks) to ensure nothing was reverted.
Can I use Firefox Multi-Account Containers instead of a tool like Send.win?
Multi-Account Containers isolate cookies and storage between containers within a single Firefox profile. This provides meaningful separation for casual use — keeping your work Google account separate from personal. However, all containers share the same browser fingerprint, IP address, and browser configuration. Platforms with advanced detection (social media, e-commerce, ad networks) can easily correlate accounts across containers. Send.win provides fully separate browser environments with unique fingerprints, IPs, and configurations — a fundamentally stronger isolation model.
What’s the difference between hardening Firefox and using the Tor Browser?
Tor Browser is a modified Firefox that routes all traffic through the Tor network (multi-hop encryption), comes pre-hardened with arkenfox-like settings, and is designed to make all users look identical. It provides stronger anonymity but is significantly slower, and many websites block Tor exit nodes. A hardened Firefox offers a better daily browsing experience with strong (but not maximum) privacy. For true anonymity needs, Tor Browser is superior. For everyday privacy-conscious browsing, a hardened Firefox strikes the better balance.
