⭐ Features

Note that this list is not exhaustive...

For features specific to Extended configurations of Phoenix, please see here.

For features specific to Android configurations of Phoenix, please see here.

🔒 Privacy

Blocks cookie banners using Firefox's built-in Cookie Banner Reduction & uBlock Origin
Blocks known tracking resources using Firefox's built-in Tracking Protection (with the strict (level 2) list) & uBlock Origin
Blocks websites from prompting to access geolocation by default
Clears active logins (sessions) on exit by default
Clears browsing history on exit by default
Clears cache on exit by default
Clears download history on exit by default
Clears form data on exit by default
Disables Address Bar speculative connections
Disables autofill/autocompletion of URLs by default
Disables automatic authentication on Microsoft websites via Microsoft Entra & Windows SSO
Disables automatic failover from the proxy (if configured) to direct connections when certain system requests fail
Disables the Beacon API (Navigator.sendBeacon)
Disables bypassing the proxy (if configured) for system connections that include the bypassProxy flag
Disables Captive Portal Detection
Disables collection and generation of background thumbnails
Disables coloring of visited links
Disables disk caching
Disables DNS over HTTPS Connectivity Checks
Disables DNS Prefetching
Disables Early Hints
Disables favicons in shortcuts (as the .ico files persist after deletion...)
Disables GIO to prevent proxy bypasses
Disables interaction measurements
Disables LaterRun
Disables Link Prefetching
Disables logging domains blocked as part of Firefox's Enhanced Tracking Protection in about:protections
Disables Menu and Toolbar speculative connections
Disables Network Connectivity Checks
Disables the Network Predictor
Disables Preconnect
Disables search and form history
Disables search suggestions
Disables sending metadata of downloaded files to Google as part of Google Safe Browsing
Disables speculative pre-connections
Disables storing unnecessary, extra session data
Disables Uniform Naming Conventions (UNC) file paths to prevent proxy bypasses
Disables Windows Location Service for geolocation
Disables writing media cache to disk in private windows
Enables Bounce Tracking Protection
Enables Containers + isolates permissions per-container by default
Enables Cookies Having Independent Partitioned State (CHIPS)
Enables Do Not Track
Enables Global Privacy Control
Enables global toggles for controlling the camera/microphone in WebRTC
Enables SmartBlock, with support for embeds/placeholders to make certain resources click to load
Enables State Partitioning
Enables Strict Enhanced Tracking Protection (ETP Strict)
Enables Total Cookie Protection (dFPI)
Explicitly disables EDNS Client Subnet (ECS) for DNS over HTTPS
Explicitly disables Hyperlink Auditing (Click Tracking)
Explicitly disables logging URLs in Reader Mode by default
Explicitly disables Negotiate Authentication by default
Explicitly disables Network Error Logging
Explicitly disables the Reporting API
Explicitly disables saving clipboard history/contents to the cloud
Explicitly disables sharing reports with Google as part of Google Safe Browsing
Explicitly disables Wi-Fi Scanning as part of Geolocation/Region requests
Explicitly enables EncryptedClientHello
Explicitly enables mDNS Host Obfuscation for WebRTC
Explicitly sets Firefox's homepage to Firefox Home (about:home)
Ignores referer policies that are less restricted than the default
Installs uBlock Origin by default, using an enhanced configuration
Prevents exposing content in the title of Private Browsing windows
Prevents Firefox from automatically guessing which container to open external links in...
Prevents Firefox from automatically starting & restoring session after reboot on Windows
Prevents middle mouse clicks from automatically pasting clipboard contents by default
Prevents middle mouse clicks on the new tab button from automatically opening URLs/searches from the clipboard by default
Prevents WebRTC from bypassing the proxy (if configured)
Proxies connections made as part of Google Safe Browsing
Removes cached files from browser windows opened with external applications
Removes files deleted in Firefox from session list & history
Removes privacy-invasive AI Chatbot providers - Anthropic Claude, ChatGPT, Google Gemini, Le Chat Mistral, and Microsoft Copilot
Restricts tracking referers
Sets the default AI Chatbot (if enabled) to DuckDuckGo
Sets the default network Geolocation provider to BeaconDB (instead of Google)
Sets the default search engine to DuckDuckGo (instead of Google)
Strips URL tracking parameters using Firefox's built-in Query Stripping (with an extended list of parameters to match Brave and LibreWolf) & uBlock Origin
Trims cross-origin referers (Like Safari)
Uses the proxy (if configured) for remote DNS lookups
Warns users when attempting to switch tabs in a window being shared over WebRTC
When reporting false positives found in Google Safe Browsing, sends the URL only to Google instead of sending the URL to both Google and Mozilla + your locale to Mozilla

🫆 Fingerprinting

⚠️ BEFORE PROCEEDING: Please take a look at Phoenix's limitations when it comes to fingerprinting protection, to better understand what we can/can not protect against.

In order to combat fingerprinting, Phoenix enables Mozilla's Suspected Fingerprinters Protection (FPP). However: Phoenix modifies the set of protections (targets) covered by FPP to match that of Resist Fingerprinting (RFP) (+AllTargets), with the following exceptions:

Rather than automatically denying prompts for permission to extract canvas data, Phoenix always alerts the user. Canvas data extraction is still prevented unless the user grants permission (-CanvasExtractionBeforeUserInputIsBlocked)
CSS prefers-color-scheme is not spoofed, meaning users can enable Dark mode if desired (-CSSPrefersColorScheme)
Display of content over 60FPS is permitted (-FrameRate)
The timezone is not spoofed to UTC-0 by default (-JSDateTimeUTC)
The locale reported by the Internationalization API is not spoofed to en-US by default (-JSLocale)

Additionally, Phoenix:

Blocks known fingerprinting resources
Disables use of system accent colors
Disables use of system colors
Disables WebGPU
Enables fdlibm for Math.sin, Math.cos, and Math.tan
Enables light mode by default
Rounds window sizes

🛡️ Security

⚠️ BEFORE PROCEEDING: Please take a look at Phoenix's limitations when it comes to security, so that you can make an informed descision on what is best for you.

Alerts users of browser updates as soon as they are available (instead of waiting 4 days) via a badge on the hamburger menu
Alerts users on major browser upgrades via a pop-up/dialog
Alerts users when updates are being downloaded via a message in the hamburger menu
Blocks access to the system's shell
Blocks AutoConfig files from gaining privileged browser access (if configured)
Blocks Content Analysis (Data Loss Prevention agents)
Blocks cross-origin sub-resources from opening HTTP authentication credentials dialogs (meaning dialogs for embedded items are only presented when originating from the same site) to protect against phishing
Blocks execution of scripts loaded via file:// with improper MIME types
Blocks extensions signed with weak signature algorithms
Blocks insecure mixed active content on secure websites
Blocks insecure mixed display content on secure websites
Blocks insecure mixed object subrequests on secure websites
Blocks remoteTypes from triggering process switches they shouldn't be able to
Checks for extension updates hourly (instead of once every 24 hours...)
Disables Accessibility Services by default
Disables Address Bar URL trimming
Disables autofill of form data & log-in credentials by default
Disables automatic installation/enablement of third party extensions in Firefox's installation directory
Disables Basic authentication over HTTP by default
Disables Firefox's built-in Password Manager by default
Disables formless capture of log-in credentials
Disables GNOME Shell Integration
Disables Graphite and OpenType SVG fonts
Disables insecure background requests in HTTPS-Only Mode
Disables JavaScript in PDF.js
Disables JavaScript Just-in-time Compilation (JIT)
Disables MathML
Disables SharedArrayBuffer using window.postMessage
Disables third-party/OS-level root certificates
Disables TLS 1.3 0-RTT
Disables UITour
Disables WebXR by default
Disables XFA in PDF.js
Displays hidden extensions in about:debugging
Displays URLs in punycode for protection against IDN homograph attacks
Displays URLs instead of search terms in the Address Bar on search results
Enables Certificate Transparency
Enables the credentialless Cross-Origin-Embedder-Policy (COEP) header
Enables CRLite revocation checks (without deferral to OCSP)
Enables DNS over HTTPS with Max Protection (without fallback) by default, via Quad9
Enables an enhanced blocklist of malicious/undesirable extensions (in addition to Mozilla's Add-on Blocklist)
Explicitly enables Fission (Per-site process isolation)
Enables GPU sandboxing
Enables HTTPS-First
Enables HTTPS-Only Mode
Enables Post-Quantum Key Agreement
Enables protection against CSRF Attacks (Like Chromium)
Enables Spectre mitigations for isolated content
Enforces prompting the user if a website requests a certificate, rather than automatically selecting one...
Enforces Strict Certificate Pinning
Explicitly blocks insecure downloads
Explicitly enables Google Safe Browsing by default
Explicitly enables Opaque Response Blocking
Explicitly enables Quarantined Domains
Explicitly excludes JavaScript URLs from Address Bar results
Forces Remote Debugging (if enabled) to always prompt users before connecting
Forces Remote Debugging (if enabled) to only work locally
Limits add-on scopes to only allow installation from profile & application directories
Limits the use of Remote Debugging to per-session
Only allows installation of signed extensions
Prevents marking JIT code pages as both writable and executable (only one or the other)
Prevents unprivileged extensions from using Experimental APIs
Prevents websites from bypassing prompts to install extensions
Prompts the user before downloading/saving files
Requires the use of Firefox's built-in certificates for installation and updates of extensions
Sets certificate error overrides to be per-session rather than permanent by default
Sets the delay between browser update prompts to 1 hour (instead of 192 hours...)
Requires safe renegotiations
Upgrades insecure mixed display content on secure websites
Warns users for external mailto: URLs

💡 Enhancements

Adds support for syncing more preferences with Firefox Sync (if enabled)
Adds various privacy-respecting search engines - DuckDuckGo (HTML), DuckDuckGo (Lite), DuckDuckGo (No AI), Marginalia, Mojeek, Startpage, and Startpage (EU).
Allows LocalCDN (if installed) to run on quarantined domains by default
Allows Mullvad Browser Extension (if installed) to run on quarantined domains by default
Always displays the Bookmarks Toolbar by default
Always displays a reveal password button in password <input> types
Automatically exports bookmarks to HTML on exit by default
Blocks media autoplay by default
Blocks web notifications by default
Cleans up the default UI/customization state
Customizes the list of built-in DNS over HTTPS resolvers
Disables Address Bar clipboard suggestions
Disables Address Bar history suggestions
Disables Address Bar recent search suggestions
Disables Address Bar search engine suggestions
Disables annoying Web Speech API errors
Disables automatic browser console log clearing upon page reloads/navigations
Disables checking if Firefox is the default PDF viewer
Disables checking if Firefox is the default web browser
Disables delays when switching to full screen
Disables DRM
Disables Highlights from appearing on Firefox Home by default
Disables password truncation
Disables prompts to refresh/reset Firefox
Disables Quick Actions
Disables Recent activity from appearing on Firefox Home by default
Disables the site protections info message
Disables warning the user when accessing the about:config by default
Displays advanced information on Insecure Connection warning pages
Displays more details on Safe Browsing warning pages
Displays the option to add a separate search bar in Firefox's Customize menu
Displays the option to enable Compact mode in Firefox's Customize menu
Displays timestamps in the web console by default
Enables the ability to add custom search engines in about:preferences#search
Enables the ability to specify a different search engine for use in Private Windows vs. Normal Windows in about:preferences#search
Enables Address Bar calculator suggestions
Enables an Address Bar suggestion to use Private Browsing
Enables Address Bar unit conversion suggestions
Enables autoscrolling by default
Enables a cursor spinning animation when websites are loading by default
Enables debugging chrome by default
Enables debugging DOM by default
Enables an experimental UI for managing profiles
Enables a fire button in Private Browsing Windows to reset session
Enables Firefox Home Wallpapers
Enables Firefox's newer Felt privacy design for Certificate Errors and Private Browsing windows
Enables long line wrapping in developer tools by default
Enables long line wrapping in view-source: by default
Enables a Measure button in debugging
Enables a Rulers button in debugging
Enables a Screenshot button in debugging
Enables a sidebar/table of contents when viewing PDFs by default
Enables smooth scrolling by default
Enables Spellcheck for both multi-line and single-line boxes by default
Enables a subset of performance optimizations from Betterfox by default
Enables suggestions when a HTTPS-page can't be found in HTTPS-Only Mode
Enables support for custom CSS by default
Enables the Unload Tab context menu item
Enables the View Image Info context menu item
Exposes the ability to disable UI animations (ui.prefersReducedMotion) in the about:config by default
Exposes the ability to enable dynamic rounding of content dimensions (privacy.resistFingerprinting.letterboxing) in the about:config by default
Exposes the ability to log geolocation requests (geo.provider.network.logging.enabled) in the about:config by default
Exposes the ability to log policies (browser.policies.loglevel) in the about:config by default
Exposes the ability to prevent the Permission Manager from writing to disk (permissions.memory_only) in the about:config by default
Fixes IPv6 connectivity when DNS over HTTPS is enabled
Forces pop-ups to open in new tabs instead of windows by default
Highlights all Findbar (Ctrl + F) results by default
Highlights syntax in view-source: by default
Includes a set of granular overrides to unbreak websites with FPP (via privacy.fingerprintingProtection.granularOverrides) by default
Installs Firefox Multi-Account Containers by default
Leaves the Bookmarks menu open after selecting a website by default
Limits what events can cause pop-ups by default
Opens bookmarks in new tabs by default
Prevents private windows from appearing as separate icons in the taskbar on Windows
Prevents scripts from moving, resizing, and messing with windows
Prevents websites from dictating whether autofilling credentials is allowed
Sets the default time-range when manually clearing browser data to everything

🦖 Mozilla

Allows extensions to run on specific Mozilla domains by default
Clears Firefox's default top sites
Disables about:welcome
Disables Activity Stream (Firefox Home) Telemetry
Disables Activity Stream (Firefox Home) Content Recommendations
Disables Address Bar add-on suggestions
Disables Address Bar Fakespot suggestions
Disables Address Bar MDN suggestions
Disables Address Bar Pocket suggestions
Disables Address Bar trending suggestions
Disables Address Bar weather suggestions
Disables Address Bar Yelp suggestions
Disables AI Chatbot functionality by default
Disables the Background Hang Monitor
Disables CAPTCHA Detection pings
Disables Daily Usage Ping Data Collection
Disables Data Reporting
Disables the Default Browser Agent
Disables Discovery Stream
Disables DNS Over HTTPS/Trusted Recursive Resolver (TRR) Automatic Rollout
Disables DNS Over HTTPS/Trusted Recursive Resolver (TRR) Confirmation Request Telemetry
Disables Fakespot
Disables feedback prompts
Disables Firefox Focus promotions
Disables Firefox mobile promotions
Disables Firefox Relay by default
Disables Firefox Relay promotions
Disables Firefox Suggest
Disables Firefox Suggest Telemetry
Disables Firefox Sync promotions
Disables the Firefox View feature tour
Disables health pings
Disables Interest-based content relevance ranking
Disables list recommendations in about:addons
Disables More from Mozilla in about:preferences
Disables the Mozilla Ad Routing Service (MARS)
Disables Mozilla Monitor promotions
Disables Mozilla VPN promotions
Disables Network Traffic Categories Telemetry
Disables new-profile pings
Disables Origin Trials
Disables the PDF.js feature tour
Disables personalized extension recommendations
Disables the Ping Sender
Disables Pocket
Disables Privacy-Preserving Attribution
Disables Recommendations from Firefox
Disables Region Updates
Disables the Remote Settings Experiment Loader
Disables the sending of crash reports
Disables the sending of technical and interaction data (Health Reports) to Mozilla (Glean)
Disables the Shield Recipe Client (Normandy)
Disables shutdown pings
Disables Snippets
Disables Sponsored Tiles (Contile)
Disables Sponsored Shortcuts
Disables Studies
Disables Targeting Context Telemetry
Disables Telemetry Archiving
Disables Telemetry Coverage
Disables the Telemetry module
Disables third party email tracking telemetry
Disables Top Site Previews (Tippy Top)
Disables Unexpected Privileged System Loads Telemetry
Disables Unified Telemetry
Disables update pings
Disables user characteristic data collection
Disables user interactions with search engine result pages (SERP) telemetry
Disables Weather on Firefox Home by default
Disables the Web Compatibility Reporter
Removes special privileges from Mozilla domains
Removes tracking parameters from various Mozilla URLs

Phoenix - A suite of configurations & advanced modifications for Mozilla Firefox, designed to put the user first.