You probably know about the about:config page in the Tor browser. It allows you to modify the way your browser behaves. An explanation of a number of these settings can be found at kb.mozillazine.org/About:config_entries.
To change a setting:
Enter 'about:config' in the address bar.
Search for the setting you want to change.
Double-click the entry. If it is a boolean type, it will change from 'true' to 'false' or vice versa. If it is a string or integer type you will be prompted to enter a new value.
I will discuss a number of settings, and give an advice for the value you should give them. Note that it is possible that a setting already has that value. In that case, don't change it.
browser.cache.disk.capacity = 0
Do not cache files on the hard drive. This has the same effect as setting browser.cache.disk.enable to false.
browser.cache.disk.enable = false
Don't store cache on the hard drive. This has the same effect as setting browser.cache.disk.capacity to 0.
browser.cache.disk_cache_ssl = false
Don't cache to disk content retrieved by SSL.
browser.cache.memory.capacity = 0
Do not cache decoded images and chrome in memory. This has the same effect as setting browser.cache.memory.enable to false.
browser.cache.memory.enable = false
Don't cache decoded images, chrome, and secure pages in memory. This has the same effect as setting browser.cache.memory.capacity to 0.
browser.cache.offline.capacity = 0
A positive integer specifying the amount of disk space the offline cache may use, in kilobytes. Setting this to 0 has the same effect as setting browser.cache.offline.enable to false.
browser.cache.offline.enable = false
Do not download URLs for the offline cache. This has the same effect as setting browser.cache.offline.capacity to 0.
browser.fixup.alternate.enabled = false
Do not second-guess.
browser.formfill.enable = false
Do not save information entered in web page forms and the search bar.
browser.safebrowsing.enabled = false
Do not check if a site is a web forgery. This is a SECURITY RISK, but it increases your privacy, since setting this to true would make you send request to a Google server (see here).
browser.safebrowsing.malware.enabled = false
Do not download malware blacklists and do not check downloads. This is a SECURITY RISK. See also the note for browser.safebrowsing.enabled.
browser.send_pings = false
Ignore the ping attribute. This would otherwise let websites track your clicks.
dom.event.clipboardevents.enabled = false
This disables that websites can get notifications if you copy, paste, or cut something from a web page, and know which part of the page had been selected.
dom.event.contextmenu.enabled = false
This disables website control over the right-click menu.
dom.storage.default_quota = 0
Sets session storage to 0. The Web Applications 1.0 specification defines a mechanism allowing web pages to store information with a web browser (similar to cookies) called “client-side session and persistent storage.” This preference sets a hard limit on how much information any given site can store in this client-side storage. This has the same effect as setting dom.storage.enabled to false.
dom.storage.enabled = false
Disables client-side session and persistent storage.
geo.enabled = false
geo.wifi.loggin.enabled = false
Disables Firefox logging geo-location requests.
Which geolocation service provider to use. For WINDOWS, set this to localhost. For LINUX/MAC, set this empty.
gfx.downloadable_fonts.enabled = false
Prevent the retrieving and displaying of remote fonts.
media.peerconnection.enabled = false
media.peerconnection.identity.timeout = 1
media.peerconnection.turn.disable = true
media.peerconnection.use_document_iceservers = false
media.peerconnection.video.enabled = false
This disables WebRTC. It should already be disabled in Tor.
network.cookie.alwaysAcceptSessionCookies = false
Disables acceptance of session cookies.
network.cookie.cookieBehavior = 2
Determines how the browser should handle cookies. 0 : Enable all cookies (default), 1: Allow cookies from originating server only, 2: Disable all cookies
network.cookie.lifetimePolicy = 2
Determines how browser sets cookie lifetimes. 0 (default): Use supplied lifetime, 1: Ask before accepting, 2: Accept for session only, 3: Cookies last for the number of days specified in network.cookie.lifetime.days
network.dns.disableIPv6 = true
Do not perform IPv6 name lookups. If your OS or ISP does not support IPv6, there is no reason to have this preference set to false.
network.dns.disablePrefetch = true
Disable DNS prefetching. To disable DNS prefetching you will need to add network.dns.disablePrefetch as a new boolean preference and set the value to true.
network.dnsCacheEntries = 100
Number of cached DNS entries. Lower number = More requests but less data stored.
network.dnsCacheExpiration = 60
Determines the maximum number of seconds to cache resolved DNS entries.
network.http.sendRefererHeader = 0
Determines when to send the Referer HTTP header. 0: Never send the referring URL, 1: Send only on clicked links, 2 (default): Send for links and images
network.http.sendSecureXSiteReferrer = false
Disable referrer headers between https websites.
network.http.use-cache = false
Disables caching of http documents.
network.prefetch-next = false
Link prefetching is when a webpage hints to the browser that certain pages are likely to be visited, so the browser downloads them immediately so they can be displayed immediately when the user requests it. This preference controls whether link prefetching is enabled.
network.websocket.enabled = false
WebSockets is a technology that makes it possible to open an interactive communication session between the user's browser and a server.
places.history.enabled = false
Disables the recording of visited websites.
webgl.disabled = true
WebGL is a potential security risk (link).
Some of these may also be available for Firefox. This information is partly a reproduction of the advice given at privacytools.io (see 'Firefox: Privacy Related "about:config" Tweaks'). Please note that this list is probably not complete, there may be other useful settings.