This is an explanation of all the settings in my Firefox hardening guide.
This setting disables WebRTC which can leak your IP address even with a VPN.
This enables first party isolation which seperates cookies from different websites. This means cookies from one site cannot interact with cookies from other websites which prevents websites from seeing your open tabs.
This enables fingerprinting protection which helps protect against multiple browser fingerprinting techniques.
This disables offline caching to prevent any data about what you did in your browser being stored on your hard drive.
This prevents your previous tabs from being saved in your browser.
This disables preloading of autocomplete URLs.
This prevents websites from seeing what you do with your clipboard e.g. copying or pasting certain things on their website.
This disables geolocation.
This disables playback of DRM controlled content which automatically downloads the Widevine Content Decryption Module by Google.
This disables the Widevine Content Decryption Module.
This prevents websites from being able to track your webcam and microphone status.
This blocks third party cookies.
This clears cookies at the end of each browser session.
This makes Firefox only send the scheme, host and port in the referer header.
This makes Firefox send the referer header only when the hostnames match.
This makes Firefox only send the scheme, host and port in the referer header of cross-origin requests.
This disables webgl which can be used for browser fingerprinting and is insecure.
This setting makes Firefox never store any extra session data.
This renders IDNs as punycode which if not set, may make you vulnerable to hard to notice phishing attacks.
This limits the amount of identifiable information sent when requesting the Mozilla harmful extension blocklist.
This prevents websites from messing with the context menu.
This makes Firefox send the target URL as the referer.
This disables tracking protection which is useless and just adds to your fingerprint when used with Ublock Origin.
These remove Firefox's geolocation provider.
These disable connections Firefox makes when your start the browser or visit your home page.
Disables telemetry ID.
This makes Firefox only send pings to the website you are currently on.
This limits the amount of entries in your DNS cache which can give someone who has access to your computer a list of websites you visited.
This disables recording of visited websites.
This disables the saving of form data.
Disables caching.
Disables prefetching.
Disable prefetching on mouse hover.
Disables Pocket.
Disables telemetry, datareporting, crash reporting and experiments.
This makes websites only able to see "English" and not your set language for enhanced privacy.
This sets your language to "en-US" which is the most common language so you will blend more.
This prevents accessibility services from accessing your browser.
This disables Firefox's captive portal which sends requests to detectportal.firefox.com every time you start the browser. This may give Mozilla information about you or your browser. The captive portal also uses http which can be manipulated.
This disables snippets.
This disables graphite which is a "smart font" system. Mozilla was convinced that leaving this enabled was too risky but reverted that decision after a few bug fixes.
This blocks remote JAR files to reduce attack surface.
These disable the JavaScript ION JIT, native regular expressions and Baseline JIT. This improves security as JIT causes a lot of security problems such as heap spraying attacks.
This disables WebAudio which can be used to fingerprint your browser.
This disables mathml to reduce attack surface.
These disable SVG images. In the past, these have had vulnerabilities that helped to de-anonymize Tor Browser users by giving them malware so it's best to disable these.