https://github.com/pyllyukko/user.js/issues/367

Differences from Tor Browser

/******************************************************************************
user_pref("dom.workers.enabled",					false); // TOR: true

// PREF: Disable web notifications
user_pref("dom.webnotifications.enabled",			false); // TOR: true

// PREF: When geolocation is enabled, use Mozilla geolocation service instead of Google
user_pref("geo.wifi.uri", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%"); // TOR: ""

// PREF: When geolocation is enabled, don't log geolocation requests to the console
user_pref("geo.wifi.logging.enabled", false); // TOR: missing

// PREF: Don't reveal your internal IP when WebRTC is enabled (Firefox >= 42)
user_pref("media.peerconnection.ice.default_address_only",	true); // Firefox 42-51 // TOR: missing
user_pref("media.peerconnection.ice.no_host",			true); // Firefox >= 52 // TOR: missing

// PREF: Disable WebRTC getUserMedia, screen sharing, audio capture, video capture
user_pref("media.navigator.video.enabled",			false); // TOR: missing
user_pref("media.getusermedia.screensharing.enabled",		false); // TOR: true

// PREF: Disable battery API (Firefox < 52)
user_pref("dom.battery.enabled",				false); // TOR: true

// PREF: Disable telephony API
user_pref("dom.telephony.enabled",				false); // TOR: missing

// PREF: Disable "beacon" asynchronous HTTP transfers
user_pref("beacon.enabled",					false); // TOR: true

// PREF: Disable clipboard event detection via Javascript
user_pref("dom.event.clipboardevents.enabled",			false); // TOR: true

// PREF: Disable "copy to clipboard" functionality via Javascript (Firefox >= 41)
user_pref("dom.allow_cut_copy", false); // TOR: missing

// PREF: Disable speech synthesis
user_pref("media.webspeech.synth.enabled",			false); // TOR: missing

// PREF: When browser pings are enabled, only allow pinging the same host as the origin page
user_pref("browser.send_pings.require_same_host",		true); // TOR: false

// PREF: Disable vibrator API
user_pref("dom.vibrator.enabled",           false); // TOR: true

// PREF: Disable webGL
user_pref("webgl.disabled",					true); // TOR: false
// somewhat related...
//user_pref("pdfjs.enableWebGL",					false); // TOR: false

// PREF: Spoof dual-core CPU
user_pref("dom.maxHardwareConcurrency",				2); // TOR: 1

 * SECTION: Misc *

// PREF: Disable face detection
user_pref("camera.control.face_detection.enabled",		false); // TOR: true

// PREF: Set the default search engine to DuckDuckGo (disabled)
//user_pref("browser.search.defaultenginename",		"DuckDuckGo"); // TOR: data:text/plain,browser.search.defaultenginename=DuckDuckGo
//user_pref("browser.search.order.1",				"DuckDuckGo"); // TOR: Google
//user_pref("keyword.URL", 							"https://duckduckgo.com/html/?q=!+"); // TOR: missing

// PREF: Set Accept-Language HTTP header to en-US regardless of Firefox localization
user_pref("intl.accept_languages",				"en-us, en"); // TOR: en-US, en

// PREF: Do not automatically send selection to clipboard on some Linux platforms
user_pref("clipboard.autocopy",					false); // TOR: true

// PREF: Do not submit invalid URIs entered in the address bar to the default search engine
user_pref("keyword.enabled",					false); // TOR: true

// PREF: Don't trim HTTP off of URLs in the address bar
user_pref("browser.urlbar.trimURLs",				false); // TOR: true

// PREF: Enforce Mixed Passive Content blocking (a.k.a. Mixed Display Content)
user_pref("security.mixed_content.block_display_content",	true); // TOR: false

// CIS 2.7.4 Disable Scripting of Plugins by JavaScript
user_pref("security.xpconnect.plugin.unrestricted",		false); // TOR: true

// PREF: Disable in-content SVG rendering (Firefox >= 53)
user_pref("svg.disabled", true); // TOR: missing

// PREF: Don't reveal build ID
user_pref("browser.startup.homepage_override.buildID",		"20100101"); // TOR: 20180202070101

// PREF: Prevent font fingerprinting
user_pref("browser.display.use_document_fonts",			0); // TOR: 1

// PREF: Enable only whitelisted URL protocol handlers
user_pref("network.protocol-handler.external.http",		false); // TOR: missing, there is external.ttp
user_pref("network.protocol-handler.external.https",		false); // TOR: missing, there is external.ttps
user_pref("network.protocol-handler.external.moz-extension",	false); // TOR: missing
user_pref("network.protocol-handler.external.ftp",		false); // TOR: missing, there is external.tp
user_pref("network.protocol-handler.external.file",		false); // TOR: missing, there is external.ile
user_pref("network.protocol-handler.external.about",		false); // TOR: missing
user_pref("network.protocol-handler.external.chrome",		false); // TOR: missing
user_pref("network.protocol-handler.external.blob",		false); // TOR: missing
user_pref("network.protocol-handler.expose-all",		false); // TOR: true
user_pref("network.protocol-handler.expose.http",		true); // TOR: missing
user_pref("network.protocol-handler.expose.https",		true); // TOR: missing
user_pref("network.protocol-handler.expose.javascript",		true); // TOR: missing
user_pref("network.protocol-handler.expose.moz-extension",	true); // TOR: missing
user_pref("network.protocol-handler.expose.ftp",		true); // TOR: missing
user_pref("network.protocol-handler.expose.file",		true); // TOR: missing
user_pref("network.protocol-handler.expose.about",		true); // TOR: missing
user_pref("network.protocol-handler.expose.chrome",		true); // TOR: missing
user_pref("network.protocol-handler.expose.blob",		true); // TOR: missing
user_pref("network.protocol-handler.expose.data",		true); // TOR: missing

 * SECTION: Extensions / plugins*

// PREF: Opt-out of themes (Persona) updates
user_pref("lightweightThemes.update.enabled",			false); // TOR: true

// PREF: Disable Flash Player NPAPI plugin
user_pref("plugin.state.flash",					0); // TOR: 1

// PREF: Disable Java NPAPI plugin
user_pref("plugin.state.java",					0); // TOR: 1

// PREF: Disable sending Flash Player crash reports
user_pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled",	false); // TOR: true

// PREF: When Flash crash reports are enabled, don't send the visited URL in the crash report
user_pref("dom.ipc.plugins.reportCrashURL",			false); // TOR: true

// PREF: When Flash is enabled, download and use Mozilla SWF URIs blocklist
user_pref("browser.safebrowsing.blockedURIs.enabled", true); // TOR: false

// PREF: Disable Shumway (Mozilla Flash renderer)
user_pref("shumway.disabled", true); // TOR: missing

// PREF: Disable Gnome Shell Integration NPAPI plugin
user_pref("plugin.state.libgnome-shell-browser-plugin",		0); // TOR: missing

// PREF: Disable the bundled OpenH264 video codec (disabled)
//user_pref("media.gmp-provider.enabled",		false); // TOR: false

// PREF: Enable add-on and certificate blocklists (OneCRL) from Mozilla
user_pref("services.blocklist.update_enabled",			true); // TOR: false

// PREF: Decrease system information leakage to Mozilla blocklist update servers
user_pref("extensions.blocklist.url",				"https://blocklist.addons.mozilla.org/blocklist/3/%APP_ID%/%APP_VERSION%/"); // TOR: https://blocklist.addons.mozilla.org/blocklist/3/%APP_ID%/%APP_VERSION%/%PRODUCT%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/%PING_COUNT%/%TOTAL_PING_COUNT%/%DAYS_SINCE_LAST_PING%/

 * SECTION: Firefox (anti-)features / components*

// PREF: Disable Mozilla telemetry/experiments
user_pref("experiments.supported",				false); // TOR: true
user_pref("experiments.manifest.uri",				""); // TOR: https://telemetry-experiment.cdn.mozilla.net/manifest/v1/firefox/%VERSION%/%CHANNEL%

// PREF: Disallow Necko to do A/B testing
user_pref("network.allow-experiments",				false); // TOR: true

// PREF: Disable sending Firefox crash reports to Mozilla servers
user_pref("breakpad.reportURL",					""); // TOR: https://crash-stats.mozilla.com/report/index/

// PREF: Disable sending reports of tab crashes to Mozilla (about:tabcrashed), don't nag user about unsent crash reports
user_pref("browser.tabs.crashReporting.sendReport",		false); // TOR: true

// PREF: Enable Firefox Tracking Protection
user_pref("privacy.trackingprotection.enabled",			true); // TOR: false
user_pref("privacy.trackingprotection.pbmode.enabled",		true); // TOR: false

// PREF: Enable contextual identity Containers feature (Firefox >= 52)
user_pref("privacy.userContext.enabled",			true); // TOR: false

// PREF: Disable the built-in PDF viewer
user_pref("pdfjs.disabled",					true); // TOR: false

// PREF: Disable Firefox Hello (disabled) (Firefox < 49)
// NOTICE-DISABLED: Firefox Hello requires setting `media.peerconnection.enabled` and `media.getusermedia.screensharing.enabled` to true, `security.OCSP.require` to false to work. // TOR: false, true, false
//user_pref("loop.enabled",		false); // TOR: missing

// PREF: Disable Firefox Hello metrics collection
user_pref("loop.logDomains",					false); // TOR: missing

// PREF: Enable Auto Update (disabled)
//user_pref("app.update.auto",					true); // TOR: true

// PREF: Enable blocking reported web forgeries
user_pref("browser.safebrowsing.enabled",			true); // Firefox < 50 // TOR: false
user_pref("browser.safebrowsing.phishing.enabled",		true); // firefox >= 50 // TOR: false

// PREF: Enable blocking reported attack sites
user_pref("browser.safebrowsing.malware.enabled",		true); //TOR: false

// PREF: Disable Pocket
user_pref("extensions.pocket.enabled",				false); // TOR: true

// PREF: Disable SHIELD
user_pref("extensions.shield-recipe-client.enabled",		false); // TOR: missing
user_pref("app.shield.optoutstudies.enabled",			false); // TOR: missing

// PREF: Disable "Recommended by Pocket" in Firefox Quantum
user_pref("browser.newtabpage.activity-stream.feeds.section.topstories",	false); // TOR: missing

 * SECTION: Automatic connections*

// PREF: Disable prefetching of <link rel="next"> URLs
user_pref("network.prefetch-next",				false); // TOR: true

// PREF: Disable DNS prefetching
user_pref("network.dns.disablePrefetchFromHTTPS",		true); // TOR: missing

// PREF: Disable "Show search suggestions in location bar results"
user_pref("browser.urlbar.suggest.history",			false); // TOR: true

// PREF: Disable automatic downloading of OpenH264 codec
user_pref("media.gmp-gmpopenh264.enabled",			false); // TOR: missing
user_pref("media.gmp-manager.url",				""); // TOR: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml

// PREF: Disable speculative pre-connections
user_pref("network.http.speculative-parallel-limit",		0); // TOR: 6

// PREF: Disable downloading homepage snippets/messages from Mozilla
user_pref("browser.aboutHomeSnippets.updateUrl",		""); // TOR: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/

 * SECTION: HTTP*

// PREF: Disallow NTLMv1
user_pref("network.negotiate-auth.allow-insecure-ntlm-v1",	false); // TOR: missing
//user_pref("network.negotiate-auth.allow-insecure-ntlm-v1-https",		false); // TOR: missing

// PREF: Enable CSP 1.1 script-nonce directive support
user_pref("security.csp.experimentalEnabled",			true); // TOR: false

// PREF: DNT HTTP header (disabled)
//user_pref("privacy.donottrackheader.enabled",		true); // TOR: false

// PREF: Send a referer header with the target URI as the source
user_pref("network.http.referer.spoofSource",			true); // TOR: false

// PREF: Don't send referer headers when following links across different domains (disabled)
// user_pref("network.http.referer.XOriginPolicy",		2); // TOR: 0

// PREF: Make sure that third-party cookies (if enabled) never persist beyond the session.
user_pref("network.cookie.thirdparty.sessionOnly",		true); // TOR: false

// PREF: Spoof User-agent (disabled)
//user_pref("general.appversion.override",			"5.0 (Windows)"); // TOR: 5.0 (Windows)

 * SECTION: Caching*

// PREF: Clear history when Firefox closes
user_pref("privacy.sanitize.sanitizeOnShutdown",		true); // TOR: false
user_pref("privacy.clearOnShutdown.offlineApps",		true); // TOR: false
user_pref("privacy.clearOnShutdown.openWindows",		true); // TOR: false

// PREF: Set time range to "Everything" as default in "Clear Recent History"
user_pref("privacy.sanitize.timeSpan",				0); // TOR: 1

// PREF: Clear everything but "Site Preferences" in "Clear Recent History"
user_pref("privacy.cpd.offlineApps",				true); // TOR: false

// PREF: Don't remember browsing history
user_pref("places.history.enabled",				false); // TOR: true

// PREF: Disable memory cache (disabled)
//user_pref("browser.cache.memory.enable",		false); // TOR: true

// PREF: Disable Caching of SSL Pages
user_pref("browser.cache.disk_cache_ssl",			false); // TOR: true

// PREF: Disable download history
user_pref("browser.download.manager.retention",			0); // TOR: 1

// PREF: Disable formless login capture
user_pref("signon.formlessCapture.enabled",			false); // TOR: true

// PREF: Disable the password manager for pages with autocomplete=off (disabled)
//user_pref("signon.storeWhenAutocompleteOff",			false); // TOR: true

// PREF: Delete Search and Form History
user_pref("browser.formfill.expire_days",			0); // TOR: 180

// PREF: Do not create screenshots of visited pages (relates to the "new tab page" feature)
user_pref("browser.pagethumbnails.capturing_disabled",		true); // TOR: missing

// PREF: Don't fetch and permanently store favicons for Windows .URL shortcuts created by drag and drop
user_pref("browser.shell.shortcutFavicons",					false); // TOR: true

// PREF: Disable bookmarks backups (default: 15)
user_pref("browser.bookmarks.max_backups", 0); // TOR: 15

 * SECTION: UI related*

// PREF: Disable right-click menu manipulation via JavaScript (disabled)
//user_pref("dom.event.contextmenu.enabled",		false); // TOR: true

// PREF: Disable "Are you sure you want to leave this page?" popups on page close
//user_pref("dom.disable_beforeunload",    true); // TOR: false

// PREF: Disable Downloading on Desktop
user_pref("browser.download.folderList",			2); // TOR: 1

// PREF: Disable the "new tab page" feature and show a blank tab instead
user_pref("browser.newtabpage.enabled",				false); // TOR: true
user_pref("browser.newtab.url",					"about:blank"); // TOR: missing

// PREF: Disable Activity Stream
user_pref("browser.newtabpage.activity-stream.enabled",		false); // TOR: missing

// PREF: Disable new tab tile ads & preload
user_pref("browser.newtab.preload",				false); // TOR: true
user_pref("browser.newtabpage.directory.ping",			""); //TOR: data:text/plain,

// PREF: Enable Auto Notification of Outdated Plugins (Firefox < 50)
user_pref("plugins.update.notifyUser",				true); // TOR: missing

// PREF: Force Punycode for Internationalized Domain Names
user_pref("network.IDN_show_punycode",				true); // TOR: false

// PREF: Disable inline autocomplete in URL bar
user_pref("browser.urlbar.autoFill",				false); // TOR: true
user_pref("browser.urlbar.autoFill.typed",			false); // TOR: true

// PREF: Disable CSS :visited selectors
user_pref("layout.css.visited_links_enabled",			false); // TOR: true

// PREF: Disable URL bar autocomplete and history/bookmarks suggestions dropdown
user_pref("browser.urlbar.autocomplete.enabled",		false); // TOR: true

// PREF: When password manager is enabled, lock the password storage periodically
user_pref("security.ask_for_password",				2); // TOR: 0

// PREF: Lock the password storage every 1 minutes (default: 30)
user_pref("security.password_lifetime",				1); // TOR: 30

 * SECTION: Cryptography*

// PREF: Require a valid OCSP response for OCSP enabled certificates
user_pref("security.OCSP.require",				true); // TOR: false

// PREF: Only allow TLS 1.[0-3]
user_pref("security.tls.version.max",				4); // TOR: 3

// PREF: Disallow SHA-1
user_pref("security.pki.sha1_enforcement_level",		1); // TOR: 2

// PREF: Warn the user when server doesn't support RFC 5746 ("safe" renegotiation)
user_pref("security.ssl.treat_unsafe_negotiation_as_broken",	true); // TOR: false

// PREF: Disallow connection to servers not supporting safe renegotiation
//user_pref("security.ssl.require_safe_negotiation",		true); // TOR: false

// PREF: Pre-populate the current URL but do not pre-fetch the certificate in the "Add Security Exception" dialog
user_pref("browser.ssl_override_behavior",			1); // TOR: 2

 * SECTION: Cipher suites *

// PREF: Disable null ciphers
user_pref("security.ssl3.rsa_null_sha",				false); // TOR: missing
user_pref("security.ssl3.rsa_null_md5",				false); // TOR: missing
user_pref("security.ssl3.ecdhe_rsa_null_sha",			false); // TOR: missing
user_pref("security.ssl3.ecdhe_ecdsa_null_sha",			false); // TOR: missing
user_pref("security.ssl3.ecdh_rsa_null_sha",			false); // TOR: missing
user_pref("security.ssl3.ecdh_ecdsa_null_sha",			false); // TOR: missing

// PREF: Disable SEED cipher
user_pref("security.ssl3.rsa_seed_sha",				false); // TOR: missing

// PREF: Disable 40/56/128-bit ciphers
// 40-bit ciphers
user_pref("security.ssl3.rsa_rc4_40_md5",			false); // TOR: missing
user_pref("security.ssl3.rsa_rc2_40_md5",			false); // TOR: missing
// 56-bit ciphers
user_pref("security.ssl3.rsa_1024_rc4_56_sha",			false); // TOR: missing
// 128-bit ciphers
user_pref("security.ssl3.rsa_camellia_128_sha",			false); // TOR: missing
user_pref("security.ssl3.ecdhe_rsa_aes_128_sha",		false); // TOR: true
user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha",		false); // TOR: true
user_pref("security.ssl3.ecdh_rsa_aes_128_sha",			false); // TOR: missing
user_pref("security.ssl3.ecdh_ecdsa_aes_128_sha",		false); // TOR: missing
user_pref("security.ssl3.dhe_rsa_camellia_128_sha",		false); // TOR: missing
user_pref("security.ssl3.dhe_rsa_aes_128_sha",			false); // TOR: true

// PREF: Disable RC4
user_pref("security.ssl3.ecdh_ecdsa_rc4_128_sha",		false); // TOR: missing
user_pref("security.ssl3.ecdh_rsa_rc4_128_sha",			false); // TOR: missing
user_pref("security.ssl3.ecdhe_ecdsa_rc4_128_sha",		false); // TOR: missing
user_pref("security.ssl3.ecdhe_rsa_rc4_128_sha",		false); // TOR: missing
user_pref("security.ssl3.rsa_rc4_128_md5",			false); // TOR: missing
user_pref("security.ssl3.rsa_rc4_128_sha",			false); // TOR: missing
user_pref("security.tls.unrestricted_rc4_fallback",		false);

// PREF: Disable 3DES (effective key size is < 128)
user_pref("security.ssl3.dhe_dss_des_ede3_sha",			false); // TOR: missing
user_pref("security.ssl3.dhe_rsa_des_ede3_sha",			false); // TOR: missing
user_pref("security.ssl3.ecdh_ecdsa_des_ede3_sha",		false); // TOR: missing
user_pref("security.ssl3.ecdh_rsa_des_ede3_sha",		false); // TOR: missing
user_pref("security.ssl3.ecdhe_ecdsa_des_ede3_sha",		false); // TOR: missing
user_pref("security.ssl3.ecdhe_rsa_des_ede3_sha",		false); // TOR: missing
user_pref("security.ssl3.rsa_des_ede3_sha",			false); // TOR: true
user_pref("security.ssl3.rsa_fips_des_ede3_sha",		false); // TOR: missing

// PREF: Disable ciphers with ECDH (non-ephemeral)
user_pref("security.ssl3.ecdh_rsa_aes_256_sha",			false); // TOR: missing
user_pref("security.ssl3.ecdh_ecdsa_aes_256_sha",		false); // TOR: missing

// PREF: Disable 256 bits ciphers without PFS
user_pref("security.ssl3.rsa_camellia_256_sha",			false); // TOR: missing

// PREF: Disable ciphers susceptible to the logjam attack
user_pref("security.ssl3.dhe_rsa_aes_256_sha",			false); // TOR: true

// PREF: Disable ciphers with DSA (max 1024 bits)
user_pref("security.ssl3.dhe_dss_aes_128_sha",			false); // TOR: missing
user_pref("security.ssl3.dhe_dss_aes_256_sha",			false); // TOR: missing
user_pref("security.ssl3.dhe_dss_camellia_128_sha",		false); // TOR: missing
user_pref("security.ssl3.dhe_dss_camellia_256_sha",		false); // TOR: missing
 ******************************************************************************/