Microsoft Windows XP SP2 or later No longer supported. Firefox 60 or later, Firefox 60 ESR or later Firefox 62 or later, Firefox 60.2 ESR or later Firefox 63 or later Firefox 64 or later, Firefox 60.4 ESR or later Firefox 66 or later, Firefox 60.6 ESR or later Firefox 67 or later, Firefox 60.7 ESR or later Firefox 68 or later, Firefox 68 ESR or later Firefox 68.0.1 or later, Firefox 68.0.1 ESR or later Firefox 60 ESR or later Firefox 68.5 ESR or later Firefox 69 or later, Firefox 68.1 ESR or later Firefox 70 or later, Firefox 68.2 ESR or later Firefox 71 or later, Firefox 68.3 ESR or later Firefox 72 or later, Firefox 68.4 ESR or later Firefox 73 or later, Firefox 68.5 ESR or later Firefox 74 or later, Firefox 68.6 ESR or later Firefox 75 or later, Firefox 68.7 ESR or later Firefox 75 or later Firefox 76 or later, Firefox 68.8 ESR or later Firefox 76 or later Firefox 77 or later, Firefox 68.9 ESR or later Firefox 77 or later Firefox 78 or later Firefox 79 or later, Firefox 78.1 ESR or later Firefox 80 or later, Firefox 78.2 ESR or later Firefox 81 or later, Firefox 78.3 ESR or later Firefox 82 or later, Firefox 78.4 ESR or later Firefox 83 or later, Firefox 78.5 ESR or later Firefox 84 or later, Firefox 78.6 ESR or later Firefox 85 or later, Firefox 78.7 ESR or later Firefox 86 or later, Firefox 78.8 ESR or later Firefox 88 or later, Firefox 78.10 ESR or later Firefox 89 or later, Firefox 78.11 ESR or later Firefox 90 or later, Firefox 78.12 ESR or later Firefox 91 or later Firefox 95 or later, Firefox 91.4 ESR or later Firefox 96 or later, Firefox 91.5 ESR or later Firefox 96 or later Firefox 97 or later, Firefox 91.6 ESR or later Firefox 98 or later Firefox 99 or later, Firefox 91.8 ESR or later Firefox 100 or later, Firefox 91.9 ESR or later Firefox 101 or later, Firefox 91.10 ESR or later Firefox 102 or later Firefox 104 or later, Firefox 102.2 ESR or later Firefox 105 or later, Firefox 102.3 ESR or later Firefox 106 or later, Firefox 102.4 ESR or later Firefox 107 or later, Firefox 102.5 ESR or later Firefox 108 or later, Firefox 102.6 ESR or later Firefox 109 or later, Firefox 102.7 ESR or later Firefox 110 or later, Firefox 102.8 ESR or later Firefox 112 or later Firefox 113 or later Firefox 114 or later, Firefox 102.12 ESR or later Firefox 118 or later, Firefox 115.3 ESR or later Firefox 120 or later, Firefox 115.5 ESR or later Firefox 121 or later, Firefox 115.6 ESR or later Firefox 122 or later, Firefox 115.7 ESR or later Firefox 123 or later, Firefox 115.8 ESR or later Firefox 124 or later, Firefox 115.9 ESR or later Firefox 124 or later Firefox 125 or later, Firefox 115.10 ESR or later Firefox 126 or later Firefox 127 or later, Firefox 115.12 ESR or later Firefox 128 or later, Firefox 115.13 ESR or later Firefox 129 or later, Firefox 115.14 ESR or later Firefox 130 or later, Firefox 115.15 ESR or later Firefox Permissions Camera Microphone Location Notifications Autoplay Virtual Reality Authentication Bookmarks Certificates Popups Cookies Addons Extensions Flash Home page Search Preferences (Deprecated) User Messaging Disabled Ciphers Encrypted Media Extensions PDF.js Picture-in-Picture Proxy Settings Security Devices Firefox Suggest (US only) Allowed Sites Allowed Sites (Session Only) Blocked Sites Application Autoupdate If this policy is enabled, Firefox is automatically updated without user approval. If this policy is disabled, Firefox updates are downloaded but the user can choose when to install the update. If this policy is not configured, the user can choose whether not Firefox is automatically updated. Custom Update URL If this policy is enabled, you can set a URL to an update server other than the default. This could be helpful if you run your own update server on your network. If this policy is disabled or not configured, the default update URL is used. SPNEGO If this policy is enabled, the specified websites are permitted to engage in SPNEGO authentication with the browser. Entries in the list are formatted as mydomain.com or https://myotherdomain.com. If this policy is disabled or not configured, no websites are permitted to engage in SPNEGO authentication with the browser. For more information, see https://developer.mozilla.org/en-US/docs/Mozilla/Integrated_authentication. Delegated If this policy is enabled, the browser may delegate user authorization to the server for the specified websites. Entries in the list are formatted as mydomain.com or https://myotherdomain.com. If this policy is disabled or not configured, the browser will not delegate user authorization to the server for any websites. For more information, see https://developer.mozilla.org/en-US/docs/Mozilla/Integrated_authentication. NTLM If this policy is enabled, the specified websites are trusted to use NTLM authentification. Entries in the list are formatted as mydomain.com or https://myotherdomain.com. If this policy is disabled or not configured, no websites are trusted to use NTLM authentification. For more information, see https://developer.mozilla.org/en-US/docs/Mozilla/Integrated_authentication. Allow Non FQDN If this policy is enabled (and the checkboxes are checked), you can always allow SPNEGO or NTLM on non FQDNs (fully qualified domain names). If this policy is disabled or not configured, NTLM and SPNEGO are not enabled on non FQDNs. Allow Proxies If this policy is disabled, SPNEGO and NTLM will not authenticate with proxy servers. If this policy is enabled (and the checkboxes are checked) or not configured, NTLM and SPNEGO will always authenticate with proxies. Do not allow authentication preferences to be changed If this policy is disabled, authentication preferences can be changed by the user. If this policy is enabled or not configured, authentication preferences cannot be changed by the user. Allow authentication in private browsing If this policy is enabled, integrated authentication is used in private browsing. If this policy is disabled or not configured, integrated authentication is not used in private browsing. Block Add-ons Manager If this policy is enabled, the user cannot access the Add-ons Manager or about:addons. If this policy is disabled or not configured, the user can access the Add-ons Manager and about:addons. Block about:config If this policy is enabled, the user cannot access about:config. If this policy is disabled or not configured, the user can access about:config. Block about:profiles If this policy is enabled, the user cannot access about:profiles. If this policy is disabled or not configured, the user can access about:profiles. Block Troubleshooting Information If this policy is enabled, the user cannot access Troubleshooting Information or about:support. If this policy is disabled or not configured, the user can access Troubleshooting Information and about:support. Disable Set Desktop Background If this policy is enabled, the user cannot set an image as their desktop background. If this policy is disabled or not configured, users can set images as their desktop background. Captive Portal If this policy is disabled, captive portal support is disabled. If this policy is enabled or not configured, captive portal support is enabled. Import Enterprise Roots If this policy is enabled, Firefox will read certificates from the Windows certificate store. If this policy is disabled or not configured, Firefox will not read certificates from the Windows certificate store. Install Certificates If this policy is enabled, Firefox will install the listed certificates into Firefox. It will look in %USERPROFILE%\AppData\Local\Mozilla\Certificates and %USERPROFILE%\AppData\Roaming\Mozilla\Certificates. If this policy is disabled or not configured, Firefox will not install additional certificates. Default Download Directory If this policy is enabled, you can set the default directory for downloads. ${home} can be used for the native home path. If this policy is disabled or not configured, the default Firefox download directory is used. Download Directory If this policy is enabled, you can set and lock the directory for downloads. ${home} can be used for the native home path. If this policy is disabled or not configured, the default Firefox download directory is used and the user can change it. DNS Over HTTPS Enabled If this policy is disabled, DNS over HTTPS is disabled. If this policy is enabled or not configured, DNS Over HTTPS is enabled. Provider URL If this policy is enabled, the URL specified is used as the provider URL. If this policy is disabled or not configured, the default provider is used. Locked If this policy is enabled, DNS over HTTPS settings cannot be changed by the user. If this policy is disabled or not configured, DNS over HTTPS settings can be changed by the user. Excluded Domains If this policy is enabled, the specified domains are excluded from DNS over HTTPS. If this policy is disabled or not configured, no domains are excluded from DNS over HTTPS. Configure DNS Over HTTPS (Moved) If this policy is enabled, the default configuration for DNS over HTTPS can be changed. If this policy is disabled or not configured, DNS Over HTTPS uses the default Firefox configuration. Fallback If this policy is disabled, Firefox will not fallback to your default DNS resolver if there is a problem with the secure DNS provider. If this policy is enabled or not configured, Firefox will use your default DNS resolver if there is a problem with the secure DNS provider. Disable Master Password Creation If this policy is enabled, users cannot create a master password. If this policy is disabled or not configured, users can create a master password. Disable Update If this policy is enabled, the browser does not receive updates. If this policy is disabled or not configured, the browser receives updates. Disable Built-in PDF Viewer (PDF.js) If this policy is enabled, PDF files are not viewed within Firefox. If this policy is disabled or not configured, PDF files are viewed within Firefox. Disable the default browser agent If this policy is enabled, the default browser agent is disabled. If this policy is disabled or not configured, the default browser agent is enabled. For more information about the default browser agent, see https://firefox-source-docs.mozilla.org/toolkit/mozapps/defaultagent/default-browser-agent/index.html Disable Developer Tools If this policy is enabled, web developer tools are not available within Firefox. If this policy is disabled or not configured, web developer tools are available within Firefox. Disable Feedback Commands If this policy is enabled, the "Submit Feedback" and "Report Deceptive Site" menuitems are not available from the help menu. If this policy is disabled or not configured, the "Submit Feedback" and "Report Deceptive Site" menuitems are available from the help menu. Disable Firefox Accounts If this policy is enabled, Firefox Accounts is disabled which includes disabling Sync. If this policy is disabled or not configured, Firefox Accounts and Sync are available. Disable Firefox Screenshots If this policy is enabled, Firefox Screenshots is not available. If this policy is disabled or not configured, Firefox Screenshots is available. Disable Firefox Studies If this policy is enabled, Firefox will never run SHIELD studies or do Heartbeat surveys. If this policy is disabled or not configured, the user can choose to enable SHIELD studies or Heartbeat surveys. For more information, see https://support.mozilla.org/en-US/kb/shield and https://wiki.mozilla.org/Firefox/Shield/Heartbeat Disable Forget Button If this policy is enabled, the "Forget" button is not available. If this policy is disabled or not configured, the "Forget" button is available. Disable Form History If this policy is enabled, Firefox will not remember form or search history. If this policy is disabled or not configured, Firefox will remember form and search history. Do not allow passwords to be revealed in saved logins If this policy is enabled, users cannot show passwords in saved logins. If this policy is disabled or not configured, users can show passwords in saved logins. Disable Pocket If this policy is enabled, Pocket is not available. If this policy is disabled or not configured, Pocket is available. Disable Private Browsing If this policy is enabled, private browsing is not allowed. If this policy is disabled or not configured, private browsing is allowed. Disable Profile Import If this policy is enabled, the "Import data from another browser" option is not available in the bookmarks window. If this policy is disabled or not configured, the "Import data from another browser" option is available. Disable Profile Refresh If this policy is enabled, the "Refresh Firefox" button is not available on the about:support page or on support.mozilla.org. If this policy is disabled or not configured, the "Refresh Firefox" button is available. Disable Safe Mode If this policy is enabled, the user cannot restart the browser into safe mode. If this policy is disabled or not configured, safe mode is allowed. Prevent overriding certificate errors If this policy is enabled, the "Add Exception" button is not available when a certificate is invalid. This prevents the user from overriding the certificate error. If this policy is disabled or not configured, certificate errors can be overridden. Prevent overriding safe browsing errors If this policy is enabled, a user cannot bypass the warning and visit a harmful site. If this policy is disabled or not configured, a user can choose to visit a harmful site. Disable System Addon Updates If this policy is enabled, new system add-ons will not be installed and existing system add-ons will not be updated. If this policy is disabled or not configured, system add-ons are installed and updated. Disable Telemetry If this policy is enabled, telemetry is not uploaded. If this policy is disabled or not configured, telemetry is collected and uploaded. Mozilla recommends that you do not disable telemetry. Information collected through telemetry helps us build a better product for businesses like yours. Display Bookmarks Toolbar (Deprecated) If this policy is enabled, the bookmarks toolbar is displayed by default. The user can still hide it. If this policy is disabled or not configured, the bookmarks toolbar is not displayed by default. Display Bookmarks Toolbar If this policy is enabled, the default bokmarks toolbar display can be configured. If this policy is disabled or not configured, the bookmarks toolbar is displayed on the new tab page by default. Always Never New Tab Display Menu Bar (Deprecated) If this policy is enabled, the menu bar is displayed by default. The user can still hide it. If this policy is disabled or not configured, the menu bar is not displayed by default. Display Menu Bar If this policy is enabled, you can choose whether or not the menu bar is displayed and whether or not the user can show and hide the menu bar. If this policy is disabled or not configured, the menu bar is not displayed by default. Always Never On by default Off by default Don't Check Default Browser If this policy is enabled, Firefox does not check to see if it is the default browser at startup. If this policy is disabled or not configured, Firefox checks to see if it is the default browser at startup. Extensions to Install If this policy is enabled, you can specify a list of extension URLs or paths that will be installed when Firefox is started. Anytime this list is changed, the extensions will be reinstalled. If this policy is disabled or not configured, no extensions are installed. Extensions to Uninstall If this policy is enabled, you can specify a list of extension IDs that will be uninstalled. Anytime this list is changed, the extensions will be uninstalled. If this policy is disabled or not configured, no extensions are uninstalled. Prevent extensions from being disabled or removed If this policy is enabled, you can specify a list of extension IDs that the user will be unable to uninstall or disable. If this policy is disabled or not configured, no extensions are locked Extension Update If this policy is disabled, extensions will not be updated automatically. If this policy is enabled or not configured, extensions will be updated automatically. Extension Management If this policy is enabled, you can use JSON to describe the extension management policy. If this policy is disabled or not configured, extensions will not be managed. For detailed information on creating the policy, see https://github.com/mozilla/policy-templates/blob/master/README.md#extensionsettings. Extension Management (JSON on one line) Hardware Acceleration If this policy is disabled, hardware acceleration is disabled and cannot be enabled. If this policy is enabled or not configured, hardware acceleration is enabled. Legacy Profiles If this policy is enabled, Firefox will not try to create different profiles for installations of Firefox in different directories. This is the equivalent of the MOZ_LEGACY_PROFILES environment variable. If this policy is disabled or not configured, Firefox will create a new profile for each unique installation of Firefox. Revert to legacy SameSite behavior If this policy is enabled, Firefox will revert to the legacy behavior of SameSite. This means that cookies that don't explicitly specify a SameSite attribute are treated as if they were SameSite=None. If this policy is disabled or not configured, Firefox will enforce SameSite=lax. Revert to legacy SameSite behavior on specific domains If this policy is enabled, Firefox will revert to the legacy behavior of SameSite for the specified domains. This means that cookies that don't explicitly specify a SameSite attribute are treated as if they were SameSite=None. If this policy is disabled or not configured, Firefox will enforce SameSite=lax for all domains. Local File Links If this policy is enabled, you can specify origins where linking to local files is allowed. If this policy is disabled or not configured, websites can't link to local files. Network Prediction If this policy is disabled, network prediction (DNS prefetching) will be disabled. If this policy is enabled or not configured, network prediction (DNS prefetching) will be enabled. New Tab Page If this policy is disabled, the new tab page will be blank. If this policy is enabled or not configured, the new tab page will be the default. Offer to save logins If this policy is enabled or not configured, Firefox will offer to save website logins and passwords. If this policy is disabled, Firefox will not offer to save website logins and passwords. Offer to save logins (default) If this policy is enabled or not configured, Firefox will offer to save website logins and passwords. If this policy is disabled, Firefox will not offer to save website logins and passwords. In either case, the user will be able to change the value (it is not locked). If this policy is enabled, pop-up windows are always allowed for the origins indicated. If a top level domain is specified (http://example.org), pop-up windows are allowed for all subdomains as well. If this policy is disabled or not configured, the default pop-up policy is followed. Block pop-ups from websites If this policy is disabled, pop-up windows are allowed from websites by default. If this policy is not configured or enabled, popups are not allowed from websites. Do not allow preferences to be changed If this policy is enabled, pop-up preferences cannot be changed by the user. If this policy is disabled or not configured, the user can change their pop-up preferences. If this policy is enabled, add-ons are always allowed for the origins indicated unless add-on install is disabled. If a top level domain is specified (http://example.org), add-ons are allowed for all subdomains as well. If this policy is disabled or not configured, the default add-on policy is followed. Allow add-on installs from websites If this policy is disabled, add-ons cannot be installed. If this policy is not configured or enabled, add-ons can be installed. If this policy is enabled, cookies are always allowed for the origins indicated. If a top level domain is specified (http://example.org), cookies are allowed for all subdomains as well. If this policy is disabled or not configured, the default cookie policy is followed. If this policy is enabled, cookies are allowed for the origins indicated, but removed at the end of the session. If a top level domain is specified (http://example.org), cookies are allowed for all subdomains as well. If this policy is disabled or not configured, the default cookie policy is followed. If this policy is enabled, cookies are blocked for the origins indicated. If a top level domain is specified (http://example.org), cookies are blocked from all subdomains as well. If this policy is disabled or not configured, cookies are not blocked by default. Accept cookies from websites (Deprecated) If this policy is disabled, cookies are not accepted from websites by default. If this policy is not configured or enabled, cookies are accepted from websites. Accept third-party cookies (Deprecated) If this policy is enabled and cookies are allowed, you can set when to accept third-party cookies. This setting is ignored if this policy is disabled or not configured or if cookies are not allowed. Always Never From visited Keep cookies until Firefox is closed If this policy is enabled and cookies are allowed, they will expire when Firefox is closed. This setting is ignored if this policy is disabled or not configured or if cookies are not allowed. Reject trackers (Deprecated) If this policy is enabled and cookies are allowed, Firefox will reject tracker cookies by default. This setting is ignored if this policy is disabled or not configured or if cookies are not allowed. Do not allow preferences to be changed If this policy is enabled, cookie preferences cannot be changed by the user. Cookie Behavior If this policy is enabled, you can configure cookie behavior. If this policy is not configured or disabled, cookies are rejected for known trackers. Cookie Behavior in private browsing If this policy is enabled, you can configure cookie behavior in private browsing. If this policy is not configured or disabled, in private browsing, cookies are rejected for known trackers and third-party cookies are partitioned. Accept all cookies Reject third party cookies Reject all cookies Reject third party cookies for sites you haven't visited Reject cookies for known trackers Reject cookies for known trackers and partition third-party cookies (Total Cookie Protection) If this policy is enabled, access to the camera is always allowed for the origins indicated. If this policy is disabled or not configured, the default camera policy is followed. If this policy is enabled, access to the camera is blocked for the origins indicated. If this policy is disabled or not configured, access to the camera is not blocked by default. Block new requests asking to access the camera If this policy is enabled, sites that are not in the Allow policy will not be allowed to ask permission to access the camera. If this policy is disabled or not configured, any site that is not in the Block policy can ask permission to access the camera. Do not allow preferences to be changed If this policy is enabled, camera preferences cannot be changed by the user. If this policy is disabled or not configured, the user can change their camera preferences. If this policy is enabled, access to the microphone is always allowed for the origins indicated. If this policy is disabled or not configured, the default microphone policy is followed. If this policy is enabled, access to the microphone is blocked for the origins indicated. If this policy is disabled or not configured, access to the microphone is not blocked by default. Block new requests asking to access the microphone If this policy is enabled, sites that are not in the Allow policy will not be allowed to ask permission to access the microphone. If this policy is disabled or not configured, any site that is not in the Block policy can ask permission to access the microphone. Do not allow preferences to be changed If this policy is enabled, microphone preferences cannot be changed by the user. If this policy is disabled or not configured, the user can change their camera preferences. If this policy is enabled, access to location is always allowed for the origins indicated. If this policy is disabled or not configured, the default location policy is followed. If this policy is enabled, access to location is blocked for the origins indicated. If this policy is disabled or not configured, access to location is not blocked by default. Block new requests asking to access location If this policy is enabled, sites that are not in the Allow policy will not be allowed to ask permission to access location. If this policy is disabled or not configured, any site that is not in the Block policy can ask permission to access location. Do not allow preferences to be changed If this policy is enabled, location preferences cannot be changed by the user. If this policy is disabled or not configured, the user can change location preferences. If this policy is enabled, notifications can always be sent for the origins indicated. If this policy is disabled or not configured, the default notification policy is followed. If this policy is enabled, notifications are always blocked for the origins indicated. If this policy is disabled or not configured, notifications are not blocked by default. Block new requests asking to send notifications If this policy is enabled, sites that are not in the Allow policy will not be allowed to ask permission to send notifications. If this policy is disabled or not configured, any site that is not in the Block policy can ask permission to send notifications. Do not allow preferences to be changed If this policy is enabled, notification preferences cannot be changed by the user. If this policy is disabled or not configured, the user can change their notification preferences. If this policy is enabled, autoplay is always enabled for the origins indicated. If this policy is disabled or not configured, the default autoplay policy is followed. If this policy is enabled, autoplay is always blocked for the origins indicated. If this policy is disabled or not configured, the default autoplay policy is followed. Default autoplay level If this policy is enabled, you can choose the default autoplay level. If this policy is disabled or not configured, audio is blocked by default. Note: Blocking audio and video does not work on the ESR. Do not allow preferences to be changed If this policy is enabled, autoplay preferences cannot be changed by the user. If this policy is disabled or not configured, the user can change autoplay preferences. Allow Audio and Video Block Audio Block Audio and Video If this policy is enabled, access to virtual reality devices is always allowed for the origins indicated. If this policy is disabled or not configured, the default virtual reality policy is followed. If this policy is enabled, access to virtual reality devices is blocked for the origins indicated. If this policy is disabled or not configured, access to virtual reality devices is not blocked by default. Block new requests asking to access virtual reality devices. If this policy is enabled, sites that are not in the Allow policy will not be allowed to ask permission to access virtual reality devices. If this policy is disabled or not configured, any site that is not in the Block policy can ask permission to virtual reality devices. Do not allow preferences to be changed If this policy is enabled, virtual reality preferences cannot be changed by the user. If this policy is disabled or not configured, the user can change their virtual reality preferences. Customize Firefox Home If this policy is enabled, you can choose the sections displayed on Firefox Home and prevent the user from changing them. If this policy is disabled or not configured, the default sections are displayed and the user can change them. If this policy is enabled, Flash is activated by default for the origins indicated unless Flash is completely disabled. If a top level domain is specified (http://example.org), Flash is allowed for all subdomains as well. If this policy is disabled or not configured, the default Flash policy is followed. If this policy is enabled, Flash is blocked for the origins indicated. If a top level domain is specified (http://example.org), Flash is blocked from all subdomains as well. If this policy is disabled or not configured, the default Flash policy is followed. Activate Flash on websites If this policy is enabled, Flash is always activated on websites. If this policy is disabled, Flash is never activated on websites, even if they are in the specified in the Allow list. If this policy is not configured, Flash is click to play. Do not allow preferences to be changed If this policy is enabled, Flash preferences cannot be changed by the user. If this policy is disabled or not configured, the user can change their Flash preferences. Override the first run page If this policy is enabled, you can specify a URL to be used as the first run page. If you leave the URL blank, no first run page will be shown. Starting with Firefox 83, Firefox ESR 78.5, you can also specify multiple URLS separated by a vertical bar (|). If this policy is disabled or not configured, the first run page is displayed. Override the upgrade page If this policy is enabled, you can specify a URL to be displayed after Firefox is updated. If you leave the URL blank, no upgrade page will be shown. If this policy is disabled or not configured, the upgrade is displayed. Clear data when browser is closed (Moved) If this policy is enabled, you can choose data to be cleared when Firefox is closed. If this policy is disabled or not configured, data is not cleared when the browser is closed. Clear data when browser is closed Cache If the policy is enabled, the cache is cleared when the browser is closed. If this policy is disabled or not configured, the cache is not cleared when the browser is closed. Cookies If the policy is enabled, cookies are cleared when the browser is closed. If this policy is disabled or not configured, cookies are not cleared when the browser is closed. Download History If the policy is enabled, download history is cleared when the browser is closed. If this policy is disabled or not configured, download history is not cleared when the browser is closed. Form & Search History If the policy is enabled, form data is cleared when the browser is closed. If this policy is disabled or not configured, form data is not cleared when the browser is closed. Browsing History If the policy is enabled, browsing history is cleared when the browser is closed. If this policy is disabled or not configured, browsing history is not cleared when the browser is closed. Active Logins If the policy is enabled, sessions cleared when the browser is closed. If this policy is disabled or not configured, sessions not cleared when the browser is closed. Site Preferences If the policy is enabled, site preferences are cleared when the browser is closed. If this policy is disabled or not configured, site preferences are not cleared when the browser is closed. Offline Website Data If the policy is enabled, offline application storage is cleared when the browser is closed. If this policy is disabled or not configured, offline application storage is not cleared when the browser is closed. Locked If this policy is disabled, all shutdown preferences can be changed by the user. If this policy is enabled, any shutdown preferences explicitly set via policy cannot be changed by the user. If this policy is not configured, no shutdown preferences can be changed by the user (previous behavior). Blocked websites If this policy is enabled, you can specify match patterns that indicate sites to be blocked. The match patterns are documented at https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Match_patterns. There is a 1000 entry limit. If this policy is disabled or not configured, no websites are blocked. Exceptions to blocked websites If this policy is enabled, and the website filter is enabled, you can specify match patterns for sites you do not want to block. The match patterns are documented at https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Match_patterns. There is a 1000 entry limit. If this policy is disabled or not configured, there are no exceptions to the website filter. Website Filter (JSON on one line) Website Filter (JSON) If this policy is enabled, you can specify blocked sites and exceptions via JSON. If this policy is disabled or not configured, websites are not filtered. Bookmark 01 Bookmark 02 Bookmark 03 Bookmark 04 Bookmark 05 Bookmark 06 Bookmark 07 Bookmark 08 Bookmark 09 Bookmark 10 Bookmark 11 Bookmark 12 Bookmark 13 Bookmark 14 Bookmark 15 Bookmark 16 Bookmark 17 Bookmark 18 Bookmark 19 Bookmark 20 Bookmark 21 Bookmark 22 Bookmark 23 Bookmark 24 Bookmark 25 Bookmark 26 Bookmark 27 Bookmark 28 Bookmark 29 Bookmark 30 Bookmark 31 Bookmark 32 Bookmark 33 Bookmark 34 Bookmark 35 Bookmark 36 Bookmark 37 Bookmark 38 Bookmark 39 Bookmark 40 Bookmark 41 Bookmark 42 Bookmark 43 Bookmark 44 Bookmark 45 Bookmark 46 Bookmark 47 Bookmark 48 Bookmark 49 Bookmark 50 If this policy is enabled, you can configure a bookmark be added to Firefox. Due to a bug, you must select the location. Note that you must specify the bookmarks in order. If this policy is disabled or not configured, a new bookmark is not added. Toolbar Menu No Default Bookmarks If this policy is enabled, the default bookmarks and Smart Bookmarks (Most Visited, Recent Tags) are not created. If this policy is disabled or not configured, default bookmarks and Smart Bookmarks (Most Visited, Recent Tags) are created. Note: this policy is only effective if used before the first run of the profile. URL for Home page If this policy is enabled, you can set a default home page. You can also lock the home page. If this policy is disabled or not configured, the user can set and change the home page. Additional Homepages If this policy is enabled, you can have additional home pages. They are opened in multiple tabs. If this policy is disabled or not configured, there is only one home page. Start Page If this policy is enabled, you can change what is displayed when Firefox starts. It can be the homepage, the previous session, or a blank page. If this policy is disabled or not configured, the start page defaults to the previous session. None Homepage Previous Session Homepage (Locked) Show Home button on toolbar If this policy is enabled, the home button will appear on the toolbar by default. If this policy is disabled, the home button will not appear on the toolbar by default. If this policy is not configured, Firefox will determine whether or not the home button appears on the toolbar by default. Password Manager If this policy is disabled, the password manager is not available via preferences. If this policy is enabled or not configured, the password manager is available via preferences. Password Manager Exceptions If this policy is enabled, you can specify sites where Firefox won't offer to save passwords. If this policy is disabled or not configured, Firefox will offer to save passwords on all sites. Prompt for download location If this policy is disabled, the user is not prompted for a download location. If this policy is enabled, the user is always prompted for a download location. If this policy is not configured, the user is prompted for a download location, but can change the default. Proxy Settings (Moved) If this policy is enabled, you can configure and lock network settings. Select the connection type and then fill in the appropriate sections. Due to a bug, you must select a value for the SOCKS proxy version. If this policy is disabled or not configured, the default network settings are used and user can change them. SOCKS v4 SOCKS v5 Automatic proxy configuration URL These should only be set if you selected autoConfig Proxy bypass URLs These should only be set if you selected manual proxy Connection Type No Proxy Use system proxy settings Manual proxy configuration Auto-detect proxy settings Automatic proxy configuration Tracking Protection (Moved) If this policy is not configured, tracking protection is not enabled by default in the browser but it is enabled by default in private browsing and the user can change it. If this policy is disabled, tracking protection is disabled and locked in both the browser and private browsing. If this policy is enabled, private browsing is enabled by default in both the browser and private browsing and you can choose whether or not to prevent the user from changing it. Tracking Protection Enabled If this policy is enabled, tracking protection is enabled. If this policy is disabled, tracking protection is disabled and cannot be changed by the user. If this policy is not configured, standard tracking protection is used and the user can change it. Cryptomining If this policy is enabled, scripts that use cryptomining are blocked. If this policy is disabled or not configured, scripts that use cryptomining are not blocked. Fingerprinting If this policy is enabled, scripts that use fingerprinting are blocked. If this policy is disabled or not configured, scripts that use fingerprinting are not blocked. Exceptions If this policy is enabled, you can specify origins where tracking protection is not enabled. If this policy is disabled or not configured, tracking protection is enabled for all websites. Do not allow tracking protection preferences to be changed If this policy is enabled, tracking protection preferences cannot be changed by the user. If this policy is disabled or not configured, the user can change tracking protection preferences. Email Tracking If this policy is enabled, hidden email tracking pixels and scripts on websites are blocked. If this policy is disabled or not configured, hidden email tracking pixels and scripts on websites are not blocked. Requested locale Requested locale (string) If this policy is enabled, you can specify a list of requested locales for the application in order of preference. It will cause the corresponding language pack to become active. If this policy is disabled or not configured, the application will use the default locale. Security Devices If this policy is enabled, you can specify a list of PKCS #11 modules to be installed. Modules are specified as a name and a fully qualified path. If this policy is disabled or not configured, no additional PKCS #11 modules will be installed. Add Delete If this policy is enabled, you can specify the names of PKCS #11 modules to be deleted. If this policy is disabled or not configured, no PKCS #11 modules will be deleted. Search bar location If this policy is enabled, you can set whether the search bar is separate from the URL bar. If this policy is disabled or not configured, new users get a unified search bar, users upgrading from Firefox 56 and below get a separate search bar. Search Engine One Search Engine Two Search Engine Three Search Engine Four Search Engine Five If this policy is enabled, you can configure a search engine to be added to Firefox. Use {searchTerms} to indicate where the search term is placed. Due to a bug, you must select the method (usually GET). Note that you must specify the search engines in order. If this policy is disabled or not configured, a new search engine is not added. Unified Separate GET POST Default Search Engine If this policy is enabled, you can set the name of a search engine to be used as the default. If this policy is disabled or not configured, the Firefox default engine is used. Prevent Search Engine Installs If this policy is enabled, the user cannot install search engines from web page. If this policy is disabled or not configured, search engines can be installed from web pages. Remove Search Engines If this policy is enabled, you can specify the names of engines to be removed or hidden. If this policy is disabled or not configured, search engines will not be removed or hidden. Search Suggestions If this policy is disabled, search suggestions will be disabled. If this policy is enabled, search suggestions will be enabled. If this policy is not configured, search suggestions will be enabled, but the user can turn them off. Minimum SSL version enabled If this policy is enabled, Firefox will not use SSL/TLS versions less than the value specified. If this policy is disabled or not configured, Firefox defaults to a minimum of TLS 1.2. Maximum SSL version enabled If this policy is enabled, Firefox will not use SSL/TLS versions greater than the value specified. If this policy is disabled or not configured, Firefox defaults to a maximum of TLS 1.3. TLS 1.0 TLS 1.1 TLS 1.2 TLS 1.3 Support Menu If this policy is enabled, a new menuitem is added to the help menu with support information. If this policy is disabled or not configured, no menuitem is added. What's New (Deprecated) If this policy is disabled, the What's new icon and menuitem will not be displayed. If this policy is enabled or not configured, the What's New icon and menuitem will be displayed. Extension Recommendations If this policy is disabled, extensions will not be recommended as the user visits websites. If this policy is enabled or not configured, extensions will be recommended as the user visits websites. Feature Recommendations If this policy is disabled, Firefox features will not be recommended as the user uses Firefox. If this policy is enabled or not configured, Firefox features will be recommended as the user uses Firefox. Urlbar Interventions If this policy is disabled, actions will not be recommended based on what the user types in the URL bar. If this policy is enabled or not configured, actions will be recommended based on what the user types in the URL bar. Skip Onboarding If this policy is enabled, onboarding messages will not be shown on the new tab page. If this policy is disabled or not configured, onboarding messages will be shown on the new tab page. More from Mozilla If this policy is disabled, the More from Mozilla section will not be shown in preferences. If this policy is enabled or not configured, the More from Mozilla section will be shown in preferences. Do not allow user messaging preferences to be changed If this policy is disabled, user messaging preferences can be changed by the user. If this policy is enabled or not configured, user messaging preferences cannot be changed by the user. TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 If this policy is enabled, the corresponding cipher is disabled. If this policy is disabled, the corresponding cipher is enabled. If this policy is not configured, the corresponding cipher is enabled or disabled based on the default in Firefox. Enable Encrypted Media Extensions If this policy is disabled, encrypted media extensions (like Widevine) are not downloaded by Firefox unless the user consents to installing them. If this policy is enabled or not configured, encrypted media extensions (like Widevine) are downloaded automatically and used by Firefox. Lock Encrypted Media Extensions If this policy is enabled and EncryptedMediaExtensions are disabled, Firefox will not download encrypted media extensions (like Widevine) or ask the user to install them. If this policy is not disabled or not configured, it has no effect. Enable PDF.js If this policy is disabled, the built-in PDF viewer is not used. If this policy is enabled or not configured, the built-in PDF viewer is used. Enable Permissions If this policy is enabled, the built-in PDF viewer will honor document permissions like preventing the copying of text. If this policy is not disabled or not configured, document permissions are ignored. Enabled If this policy is disabled, the Picture-in-Picture toggle does not appear on videos. If this policy is enabled or not configured, the Picture-in-Picture toggle is available on videos. Locked If this policy is enabled, Picture-in-Picture settings cannot be changed by the user. If this policy is disabled or not configured,Picture-in-Picture settings can be changed by the user. Primary (Master) Password If this policy is enabled, a primary password is required. If this policy is disabled, users cannot create a primary password. If this policy is not configured, users can choose to create a primary password. Handlers (JSON on one line) Handlers If this policy is enabled, you can use JSON to configure default application handlers. If this policy is disabled or not configured, Firefox defaults are used. For detailed information on creating the policy, see https://github.com/mozilla/policy-templates/blob/master/README.md#handlers. Preferences (JSON on one line) Preferences Note: In order to use this policy, you must clear all settings in the old Preferences (Deprecated) section. If this policy is enabled, you can use JSON to configure preferences. If this policy is disabled or not configured, preferences are not modified. For detailed information on creating the policy, see https://github.com/mozilla/policy-templates/blob/master/README.md#preferences. Bookmarks (JSON on one line) Bookmarks (JSON) If this policy is enabled, you can use JSON to configure bookmarks, including [] to clear all bookmarks. If this policy is disabled or not configured, the individual bookmark policies are used. If this policy is enabled along with individual bookmarks, those bookmarks will not be added. This policy has no effect on Managed Bookmarks. For detailed information on the JSON, see https://github.com/mozilla/policy-templates/blob/master/README.md#bookmarks. Managed Bookmarks (JSON on one line) Managed Bookmarks If this policy is enabled, you can use JSON to configure managed bookmarks. If this policy is disabled or not configured, managed bookmarks are not added. For detailed information on creating the policy, see https://github.com/mozilla/policy-templates/blob/master/README.md#managedbookmarks. Define domains allowed to access Google Workspace If this policy is enabled, users can only access Google Workspace for the specified domains (separated by a comma). To allow access to Gmail, you can add consumer_accounts. If this policy is disabled or not configured, users can access any account on Google Workspace as well as Gmail. Background updater If this policy disabled, the application will not try to install updates when the application is not running. If this policy is enabled or not configured, application updates may be installed (without user approval) in the background, even when the application is not running. The operating system might still require approval. Auto Launch Protocols From Origins (JSON on one line) Auto Launch Protocols From Origins If this policy is enabled, you can define a list of external protocols that can be used from listed origins without prompting the user. If this policy is disabled or not configured, any site that invokes an external protocol will ask the user for permission. For detailed information on creating the policy, see https://github.com/mozilla/policy-templates/blob/master/README.md#autolaunchprotocolsfromorigins. Windows SSO If this policy is enabled, Firefox will use credentials stored in Windows to sign in to Microsoft, work, and school accounts. If this policy is disabled or not configured, credentials must be entered manually. Use System Print Dialog If this policy is enabled, Firefox will use the system print dialog instead of showing print preview before printing. If this policy is disabled or not configured, Firefox will show print preview before printing. Disable warnings based on file extension for specific file types on domains (JSON on one line) Disable warnings based on file extension for specific file types on domains If this policy is enabled, you can define a list of domains and file type extensions that will be exempt from executable warnings. If this policy is disabled or not configured, warnings are shown for all executable file types. For detailed information on creating the policy, see https://github.com/mozilla/policy-templates/blob/master/README.md#exemptdomainfiletypepairsfromfiletypedownloadwarnings. Start Downloads in Temporary Directory If this policy is enabled, Firefox will start downloads in a temporary directory and automatically deleted when you close the browser. If this policy is disabled or not configured, Firefox will to the download folder and will not be automatically deleted when you close the browser. Force direct intranet site navigation on single word entries in the address bar If this policy is enabled, typing single word entries in the address bar will attempt to navigate to intranet sites first, falling back to search if the DNS request fails. If this policy is disabled or not configured, typing single word entries in the address bar will search. Pin updates to a specific version If this policy is enabled, you can specify a Firefox version as xx. or xx.xx. and Firefox will not be updated beyond that major or minor version. If this policy is disabled or not configured, Firefox will update normally. Do not allow proxy settings to be changed If this policy is enabled, proxy settings cannot be changed by the user. If this policy is disabled or not configured, the user can change their proxy settings. Connection Type If this policy is enabled, you can set the connection type. If this policy is disabled or not configured, Firefox defaults to using the system proxy. HTTP Proxy If this policy is enabled, you can set the HTTP Proxy used when manual proxy configuration is specified. If this policy is disabled or not configured, Firefox does not use an HTTP Proxy. Use HTTP proxy for HTTPS If this policy is enabled, the HTTP Proxy is used for HTTPS when manual proxy configuration is specified. If this policy is disabled or not configured, Firefox does not use an HTTPS Proxy unless specified. HTTPS Proxy If this policy is enabled, you can set the HTTPS Proxy used when manual proxy configuration is specified. If this policy is disabled or not configured, Firefox does not use an HTTPS Proxy. SOCKS Host If this policy is enabled, you can set the SOCKS Host and version used when manual proxy configuration is specified. If this policy is disabled or not configured, Firefox does not use a SOCKS Host. Automatic proxy configuration URL If this policy is enabled, you can set the automatic proxy configuration URL. If this policy is disabled or not configured, Firefox does not use an automatic proxy configuration URL. Proxy Passthrough If this policy is enabled, the proxy settings are bypassed for the locations specified. If this policy is disabled or not configured, Firefox does not bypass the proxy. Do not prompt for authentication if password is saved If this policy is enabled, Firefox will not prompt for proxy authentication when a password is saved. If this policy is disabled or not configured, Firefox will always prompt for proxy authentication. Proxy DNS when using SOCKS v5 If this policy is enabled, DNS is proxied when using SOCKS v5. If this policy is disabled or not configured, DNS is not proxied when using SOCKS v5. Disable Third Party Module Blocking If this policy is enabled, users are not allowed to block third-party modules from the about:third-party page. If this policy is disabled or not configured, users users are allowed to block third-party modules from the about:third-party page. Containers (JSON on one line) Containers If this policy is enabled, you can use JSON to configure the default containers. If this policy is disabled or not configured, the built-in defaults are used. For detailed information on creating the policy, see https://github.com/mozilla/policy-templates/blob/master/README.md#containers. Suggestions from the web If this policy is enabled, you will get suggestions from Firefox related to your search. If this policy is disabled, you will not get these suggestions. If this policy is not configured, , you will get suggestions from Firefox related to your search. Suggestions from sponsors If this policy is enabled, you will support the development of Firefox with occasional sponsored suggestions. If this policy is disabled, you will not get these suggestions. If this policy is not configured, you will get occasional sponsored suggestions. Improve the Firefox Suggest experience If this policy is enabled, you will help create a richer search experience by allowing Mozilla to process your search queries. If this policy is disabled or not configured, you do not allow Mozilla to process your search queries. Do not allow preferences to be changed If this policy is enabled, Firefox Suggest preferences cannot be changed by the user. If this policy is disabled or not configured, the user can change their Firefox Suggest preferences. Printing If this policy is disabled, printing is disabled. If this policy is enabled or not configured, printing is enabled. Manual Update Only If this policy is enabled, users will not be prompted to install updates and Firefox will not check for updates in the background. The user must manually check and install updates from the About dialog. If this policy is disabled or not configured, the browser receives updates. This policy is not recommended for most users. Allow File Selection Dialogs If this policy is disabled, users will not be able to open file selection dialogs. In most cases, Firefox will act as if the user clicked the cancel button. If this policy is enabled or not configured, users can open file selection dialogs. Enable autofill for addresses If this policy is disabled, addresses will not be autofilled for Firefox versions and regions that support it. If this policy is enabled or not configured, addresses will be autofilled for Firefox versions and regions that support it. Enable autofill for payment methods If this policy is disabled, payment methods will not be autofilled for Firefox versions and regions that support it. If this policy is enabled or not configured, payment methods will be autofilled for Firefox versions and regions that support it. Enable webpage translation If this policy is disabled, web page translation will not be available. If this policy is enabled or not configured, web page translation will be available. Note: Web page translation is done completely on the client, so there is no data or privacy risk. If this policy is enabled, the preference is locked to true. If this policy is disabled, the preference is locked to false. For a description of the preference, see: https://github.com/mozilla/policy-templates/blob/master/README.md#preferences If this policy is enabled, the preference is locked to the string entered. If this policy is disabled, it has no effect. For a description of the preference, see: https://github.com/mozilla/policy-templates/blob/master/README.md#preferences If this policy is enabled, the preference is locked to the value selected. If this policy is disabled, it has no effect. For a description of the preference, see: https://github.com/mozilla/policy-templates/blob/master/README.md#preferences. This preference is no longer support on Windows. We are investigating creating a policy. Auto (0) Always Off (1) Ask Every Time Select Automatically accessibility.force_disabled app.update.auto (Deprecated) browser.bookmarks.autoExportHTML browser.bookmarks.file browser.bookmarks.restore_default_bookmarks browser.cache.disk.enable browser.fixup.dns_first_for_single_words browser.places.importBookmarksHTML browser.safebrowsing.phishing.enabled browser.safebrowsing.malware.enabled browser.search.update browser.tabs.warnOnClose browser.cache.disk.parent_directory browser.slowStartup.notificationDisabled browser.taskbar.previews.enable browser.urlbar.suggest.bookmark browser.urlbar.suggest.history browser.urlbar.suggest.openpage datareporting.policy.dataSubmissionPolicyBypassNotification dom.allow_scripts_to_close_windows dom.disable_window_flip dom.disable_window_move_resize dom.event.contextmenu.enabled dom.keyboardevent.keypress.hack.dispatch_non_printable_keys.addl dom.keyboardevent.keypress.hack.use_legacy_keycode_and_charcode.addl dom.xmldocument.load.enabled dom.xmldocument.async.enabled extensions.blocklist.enabled geo.enabled extensions.getAddons.showPane intl.accept_languages media.eme.enabled (Deprecated) media.gmp-gmpopenh264.enabled media.gmp-widevinecdm.enabled network.dns.disableIPv6 network.IDN_show_punycode places.history.enabled print.save_print_settings security.default_personal_cert security.ssl.errorReporting.enabled security.mixed_content.block_active_content ui.key.menuAccessKeyFocuses browser.newtabpage.activity-stream.default.sites extensions.htmlaboutaddons.recommendations.enabled media.peerconnection.enabled media.peerconnection.ice.obfuscate_host_addresses.whitelist (Deprecated) media.peerconnection.ice.obfuscate_host_addresses.blocklist security.osclientcerts.autoload security.tls.hello_downgrade_check widget.content.gtk-theme-override Always allow NTLM on non FQDNs Always allow SPNEGO on non FQDNs Allow NTLM to automatically authenticate with proxy servers Allow SPNEGO to automatically authenticate with proxy servers Allow popups for websites Don't allow tracking protection preferences to be changed. Block cryptomining scripts. Block fingerprinting scripts. Exceptions: URL: Don't allow the homepage to be changed. Additional homepages Title: URL: Favicon URL: Placement: Folder name: Method: Don't allow proxy settings to be changed. Connection Type: HTTP Proxy: Use this proxy server for all protocols. SSL Proxy: FTP Proxy: SOCKS Host: SOCKS Version: No proxy for Example: .mozilla.org, .net.nz, 192.168.1.0/24 Automatic proxy configuration URL: Do not prompt for authentication if password is saved. Proxy DNS when using SOCKS v5. Provider URL: Enable DNS over HTTPS. Don't allow DNS over HTTPS preferences to be changed. Title: URL: Access key: Cache Cookies Download History Form & Search History Browsing History Active Logins Site Preferences Offline Website Data Search Top Sites Sponsored Top Sites Download History Recommended by Pocket Sponsored Pocket Stories Snippets Don't allow settings to be changed Host including port: SOCKS Version: No proxy for Example: .mozilla.org, .net.nz, 192.168.1.0/24 Connections to localhost, 127.0.0.1/8, and ::1 are never proxied.