Microsoft Windows XP SP2 or laterFirefox 60 or later, Firefox 60 ESR or laterFirefox 62 or later, Firefox 60.2 ESR or laterFirefox 63 or laterFirefox 64 or later, Firefox 60.4 ESR or laterFirefox 66 or later, Firefox 60.6 ESR or laterFirefox 67 or later, Firefox 60.7 ESR or laterFirefox 68 or later, Firefox 68 ESR or laterFirefox 68.0.1 or later, Firefox 68.0.1 ESR or laterFirefox 60 ESR or laterFirefoxPermissionsCameraMicrophoneLocationNotificationsAuthenticationBookmarksCertificatesPopupsCookiesAddonsExtensionsFlashHome pageSearchPreferencesAllowed SitesBlocked SitesCustom Update URLIf this policy is enabled, you can set a URL to an update server other than the default. This could be helpful if you run your own update server on your network.
If this policy is disabled or not configured, the default update URL is used.SPNEGOIf this policy is enabled, the specified websites are permitted to engage in SPNEGO authentication with the browser. Entries in the list are formatted as mydomain.com or https://myotherdomain.com.
If this policy is disabled or not configured, no websites are permitted to engage in SPNEGO authentication with the browser.
For more information, see https://developer.mozilla.org/en-US/docs/Mozilla/Integrated_authentication.DelegatedIf this policy is enabled, the browser may delegate user authorization to the server for the specified websites. Entries in the list are formatted as mydomain.com or https://myotherdomain.com.
If this policy is disabled or not configured, the browser will not delegate user authorization to the server for any websites.
For more information, see https://developer.mozilla.org/en-US/docs/Mozilla/Integrated_authentication.NTLMIf this policy is enabled, the specified websites are trusted to use NTLM authentification. Entries in the list are formatted as mydomain.com or https://myotherdomain.com.
If this policy is disabled or not configured, no websites are trusted to use NTLM authentification.
For more information, see https://developer.mozilla.org/en-US/docs/Mozilla/Integrated_authentication.Allow Non FQDNIf this policy is enabled, you can always allow SPNEGO or NTLM on non FQDNs (fully qualified domain names).
If this policy is disabled or not configured, NTLM and SPNEGO are not enabled on non FQDNs.Block Add-ons ManagerIf this policy is enabled, the user cannot access the Add-ons Manager or about:addons.
If this policy is disabled or not configured, the user can access the Add-ons Manager and about:addons.Block about:configIf this policy is enabled, the user cannot access about:config.
If this policy is disabled or not configured, the user can access about:config.Block about:profilesIf this policy is enabled, the user cannot access about:profiles.
If this policy is disabled or not configured, the user can access about:profiles.Block Troubleshooting InformationIf this policy is enabled, the user cannot access Troubleshooting Information or about:support.
If this policy is disabled or not configured, the user can access Troubleshooting Information and about:support.Disable Set Desktop BackgroundIf this policy is enabled, the user cannot set an image as their desktop background.
If this policy is disabled or not configured, users can set images as their desktop background.Captive PortalIf this policy is disabled, captive portal support is disabled.
If this policy is enabled or not configured, captive portal support is enabled.Import Enterprise RootsIf this policy is enabled, Firefox will read certificates from the Windows certificate store.
If this policy is disabled or not configured, Firefox will not read certificates from the Windows certificate store.Install CertificatesIf this policy is enabled, Firefox will install the listed certificates into Firefox. It will look in %USERPROFILE%\AppData\Local\Mozilla\Certificates and %USERPROFILE%\AppData\Roaming\Mozilla\Certificates.
If this policy is disabled or not configured, Firefox will not install additional certificates.Default Download DirectoryIf this policy is enabled, you can set the default directory for downloads. ${home} can be used for the native home path.
If this policy is disabled or not configured, the default Firefox download directory is used.Download DirectoryIf this policy is enabled, you can set and lock the directory for downloads. ${home} can be used for the native home path.
If this policy is disabled or not configured, the default Firefox download directory is used and the user can change it.Configure DNS Over HTTPSIf this policy is enabled, the default configuration for DNS over HTTPS can be changed.
If this policy is disabled or not configured, DNS Over HTTPS uses the default Firefox configuration.Disable Master Password CreationIf this policy is enabled, users cannot create a master password.
If this policy is disabled or not configured, users can create a master password.Disable UpdateIf this policy is enabled, the browser does not receive updates.
If this policy is disabled or not configured, the browser receives updates.Disable Built-in PDF Viewer (PDF.js)If this policy is enabled, PDF files are not viewed within Firefox.
If this policy is disabled or not configured, PDF files are viewed within Firefox.Disable Developer ToolsIf this policy is enabled, web developer tools are not available within Firefox.
If this policy is disabled or not configured, web developer tools are available within Firefox.Disable Feedback CommandsIf this policy is enabled, the "Submit Feedback" and "Report Deceptive Site" menuitems are not available from the help menu.
If this policy is disabled or not configured, the "Submit Feedback" and "Report Deceptive Site" menuitems are available from the help menu.Disable Firefox AccountsIf this policy is enabled, Firefox Accounts is disabled which includes disabling Sync.
If this policy is disabled or not configured, Firefox Accounts and Sync are available.Disable Firefox ScreenshotsIf this policy is enabled, Firefox Screenshots is not available.
If this policy is disabled or not configured, Firefox Screenshots is available.Disable Firefox StudiesIf this policy is enabled, Firefox will never run SHIELD studies or do Heartbeat surveys.
If this policy is disabled or not configured, the user can choose to enable SHIELD studies or Heartbeat surveys.
For more information, see https://support.mozilla.org/en-US/kb/shield and https://wiki.mozilla.org/Firefox/Shield/HeartbeatDisable Forget ButtonIf this policy is enabled, the "Forget" button is not available.
If this policy is disabled or not configured, the "Forget" button is available.Disable Form HistoryIf this policy is enabled, Firefox will not remember form or search history.
If this policy is disabled or not configured, Firefox will remember form and search history.Disable PocketIf this policy is enabled, Pocket is not available.
If this policy is disabled or not configured, Pocket is available.Disable Private BrowsingIf this policy is enabled, private browsing is not allowed.
If this policy is disabled or not configured, private browsing is allowed.Disable Profile ImportIf this policy is enabled, the "Import data from another browser" option is not available in the bookmarks window.
If this policy is disabled or not configured, the "Import data from another browser" option is available.Disable Profile RefreshIf this policy is enabled, the "Refresh Firefox" button is not available on the about:support page or on support.mozilla.org.
If this policy is disabled or not configured, the "Refresh Firefox" button is available.Disable Safe ModeIf this policy is enabled, the user cannot restart the browser into safe mode.
If this policy is disabled or not configured, safe mode is allowed.Prevent overriding certificate errorsIf this policy is enabled, the "Add Exception" button is not available when a certificate is invalid. This prevents the user from overriding the certificate error.
If this policy is disabled or not configured, certificate errors can be overridden.Prevent overriding safe browsing errorsIf this policy is enabled, a user cannot bypass the warning and visit a harmful site.
If this policy is disabled or not configured, a user can choose to visit a harmful site.Disable System Addon UpdatesIf this policy is enabled, new system add-ons will not be installed and existing system add-ons will not be updated.
If this policy is disabled or not configured, system add-ons are installed and updated.Disable TelemetryIf this policy is enabled, telemetry is not uploaded.
If this policy is disabled or not configured, telemetry is collected and uploaded.
Mozilla recommends that you do not disable telemetry. Information collected through telemetry helps us build a better product for businesses like yours.Display Bookmarks ToolbarIf this policy is enabled, the bookmarks toolbar is displayed by default. The user can still hide it.
If this policy is disabled or not configured, the bookmarks toolbar is not displayed by default.Display Menu BarIf this policy is enabled, the menu bar is displayed by default. The user can still hide it.
If this policy is disabled or not configured, the menu bar is not displayed by default.Don't Check Default BrowserIf this policy is enabled, Firefox does not check to see if it is the default browser at startup.
If this policy is disabled or not configured, Firefox checks to see if it is the default browser at startup.Extensions to InstallIf this policy is enabled, you can specify a list of extension URLs or paths that will be installed when Firefox is started.
Anytime this list is changed, the extensions will be reinstalled.
If this policy is disabled or not configured, no extensions are installed.Extensions to UninstallIf this policy is enabled, you can specify a list of extension IDs that will be uninstalled.
Anytime this list is changed, the extensions will be uninstalled.
If this policy is disabled or not configured, no extensions are uninstalled.Prevent extensions from being disabled or removedIf this policy is enabled, you can specify a list of extension IDs that the user will be unable to uninstall or disable.
If this policy is disabled or not configured, no extensions are lockedExtension UpdateIf this policy is disabled, extensions will not be updated automatically.
If this policy is enabled or not configured, extensions will be updated automatically.Extension ManagementIf this policy is enabled, you can use JSON to describe the extension management policy.
If this policy is disabled or not configured, extensions will not be managed.
For detailed information on creating the policy, see https://github.com/mozilla/policy-templates/blob/master/README.md#extensionsettings.Hardware AccelerationIf this policy is disabled, hardware acceleration and cannot be enabled.
If this policy is enabled or not configured, hardware acceleration is enabled.Local File LinksIf this policy is enabled, you can specify origins where linking to local files is allowed.
If this policy is disabled or not configured, websites can't link to local files.Network PredictionIf this policy is disabled, network prediction (DNS prefetching) will be disabled.
If this policy is enabled or not configured, network prediction (DNS prefetching) will be enabled.New Tab PageIf this policy is disabled, the new tab page will be blank.
If this policy is enabled or not configured, the new tab page will be the default.Offer to save loginsIf this policy is enabled or not configured, Firefox will offer to save website logins and passwords.
If this policy is disabled, Firefox will not offer to save website logins and passwords.If this policy is enabled, pop-up windows are always allowed for the origins indicated. If a top level domain is specified (http://example.org), pop-up windows are allowed for all subdomains as well.
If this policy is disabled or not configured, the default pop-up policy is followed.Allow pop-ups from websitesIf this policy is disabled, pop-up windows are allowed from websites by default.
If this policy is not configured or enabled, popups are not allowed from websites.Do not allow preferences to be changedIf this policy is enabled, pop-up preferences cannot be changed by the user.
If this policy is disabled or not configured, the user can change their pop-up preferences.If this policy is enabled, add-ons are always allowed for the origins indicated unless add-on install is disabled. If a top level domain is specified (http://example.org), add-ons are allowed for all subdomains as well.
If this policy is disabled or not configured, the default add-on policy is followed.Allow add-on installs from websitesIf this policy is disabled, add-ons cannot be installed.
If this policy is not configured or enabled, add-ons can be installed.If this policy is enabled, cookies are always allowed for the origins indicated. If a top level domain is specified (http://example.org), cookies are allowed for all subdomains as well.
If this policy is disabled or not configured, the default cookie policy is followed.If this policy is enabled, cookies are blocked for the origins indicated. If a top level domain is specified (http://example.org), cookies are blocked from all subdomains as well.
If this policy is disabled or not configured, cookies are not blocked by default.Accept cookies from websitesIf this policy is disabled, cookies are not accepted from websites by default.
If this policy is not configured or enabled, cookies are accepted from websites.Accept third-party cookiesIf this policy is enabled and cookies are allowed, you can set when to accept third-party cookies.
This setting is ignored if this policy is disabled or not configured or if cookies are not allowed.AlwaysNeverFrom visitedKeep cookies until Firefox is closedIf this policy is enabled and cookies are allowed, they will expire when Firefox is closed.
This setting is ignored if this policy is disabled or not configured or if cookies are not allowed.Reject trackersIf this policy is enabled and cookies are allowed, Firefox will reject tracker cookies by default.
This setting is ignored if this policy is disabled or not configured or if cookies are not allowed.Do not allow preferences to be changedIf this policy is enabled, cookie preferences cannot be changed by the user.
If this policy is disabled or not configured, the user can change their cookie preferences.If this policy is enabled, access to the camera is always allowed for the origins indicated.
If this policy is disabled or not configured, the default camera policy is followed.If this policy is enabled, access to the camera is blocked for the origins indicated.
If this policy is disabled or not configured, access to the camera is not blocked by default.Block new requests asking to access the cameraIf this policy is enabled, sites that are not in the Allow policy will not be allowed to ask permission to access the camera.
If this policy is disabled or not configured, any site that is not in the Block policy can ask permission to access the camera.Do not allow preferences to be changedIf this policy is enabled, camera preferences cannot be changed by the user.
If this policy is disabled or not configured, the user can change their camera preferences.If this policy is enabled, access to the microphone is always allowed for the origins indicated.
If this policy is disabled or not configured, the default microphone policy is followed.If this policy is enabled, access to the microphone is blocked for the origins indicated.
If this policy is disabled or not configured, access to the microphone is not blocked by default.Block new requests asking to access the microphoneIf this policy is enabled, sites that are not in the Allow policy will not be allowed to ask permission to access the microphone.
If this policy is disabled or not configured, any site that is not in the Block policy can ask permission to access the microphone.Do not allow preferences to be changedIf this policy is enabled, microphone preferences cannot be changed by the user.
If this policy is disabled or not configured, the user can change their camera preferences.If this policy is enabled, access to location is always allowed for the origins indicated.
If this policy is disabled or not configured, the default location policy is followed.If this policy is enabled, access to location is blocked for the origins indicated.
If this policy is disabled or not configured, access to location is not blocked by default.Block new requests asking to access locationIf this policy is enabled, sites that are not in the Allow policy will not be allowed to ask permission to access location.
If this policy is disabled or not configured, any site that is not in the Block policy can ask permission to access location.Do not allow preferences to be changedIf this policy is enabled, location preferences cannot be changed by the user.
If this policy is disabled or not configured, the user can change location preferences.If this policy is enabled, notifications can always be sent for the origins indicated.
If this policy is disabled or not configured, the default notification policy is followed.If this policy is enabled, notifications are always blocked for the origins indicated.
If this policy is disabled or not configured, notifications are not blocked by default.Block new requests asking to send notificationsIf this policy is enabled, sites that are not in the Allow policy will not be allowed to ask permission to send notifications.
If this policy is disabled or not configured, any site that is not in the Block policy can ask permission to send notifications.Do not allow preferences to be changedIf this policy is enabled, notification preferences cannot be changed by the user.
If this policy is disabled or not configured, the user can change their notification preferences.Customize Firefox HomeIf this policy is enabled, you can choose the sections displayed on Firefox Home and prevent the user from changing them.
If this policy is disabled or not configured, the default sections are displayed and the user can change them.If this policy is enabled, Flash is activated by default for the origins indicated unless Flash is completely disabled. If a top level domain is specified (http://example.org), Flash is allowed for all subdomains as well.
If this policy is disabled or not configured, the default Flash policy is followed.If this policy is enabled, Flash is blocked for the origins indicated. If a top level domain is specified (http://example.org), Flash is blocked from all subdomains as well.
If this policy is disabled or not configured, the default Flash policy is followed.Activate Flash on websitesIf this policy is enabled, Flash is always activated on websites.
If this policy is disabled, Flash is never activated on websites, even if they are in the specified in the Allow list.
If this policy is not configured, Flash is click to play.Do not allow preferences to be changedIf this policy is enabled, Flash preferences cannot be changed by the user.
If this policy is disabled or not configured, the user can change their Flash preferences.Override the first run pageIf this policy is enabled, you can specify a URL to be used as the first run page. If you leave the URL blank, no first run page will be shown.
If this policy is disabled or not configured, the first run page is displayed.Override the upgrade pageIf this policy is enabled, you can specify a URL to be displayed after Firefox is updated. If you leave the URL blank, no upgrade page will be shown.
If this policy is disabled or not configured, the upgrade is displayed.Clear data when browser is closedIf this policy is enabled, you can choose data to be cleared when Firefox is closed.
If this policy is disabled or not configured, data is not cleared when the browser is closed.Blocked websitesIf this policy is enabled, you can specify match patterns that indicate sites to be blocked. The match patterns are documented at https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Match_patterns. Only http/https addresses are supported at the moment. There is a 1000 entry limit.
If this policy is disabled or not configured, no websites are blocked.Exceptions to blocked websitesIf this policy is enabled, and the website filter is enabled, you can specify match patterns for sites you do not want to block. The match patterns are documented at https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Match_patterns. Only http/https addresses are supported at the moment. There is a 1000 entry limit.
If this policy is disabled or not configured, there are no exceptions to the website filter.Bookmark 01Bookmark 02Bookmark 03Bookmark 04Bookmark 05Bookmark 06Bookmark 07Bookmark 08Bookmark 09Bookmark 10Bookmark 11Bookmark 12Bookmark 13Bookmark 14Bookmark 15Bookmark 16Bookmark 17Bookmark 18Bookmark 19Bookmark 20Bookmark 21Bookmark 22Bookmark 23Bookmark 24Bookmark 25Bookmark 26Bookmark 27Bookmark 28Bookmark 29Bookmark 30Bookmark 31Bookmark 32Bookmark 33Bookmark 34Bookmark 35Bookmark 36Bookmark 37Bookmark 38Bookmark 39Bookmark 40Bookmark 41Bookmark 42Bookmark 43Bookmark 44Bookmark 45Bookmark 46Bookmark 47Bookmark 48Bookmark 49Bookmark 50If this policy is enabled, you can configure a bookmark be added to Firefox. Due to a bug, you must select the location. Note that you must specify the bookmarks in order.
If this policy is disabled or not configured, a new bookmark is not added.ToolbarMenuNo Default BookmarksIf this policy is enabled, the default bookmarks and Smart Bookmarks (Most Visited, Recent Tags) are not created.
If this policy is disabled or not configured, default bookmarks and Smart Bookmarks (Most Visited, Recent Tags) are created.
Note: this policy is only effective if used before the first run of the profile.URL for Home pageIf this policy is enabled, you can set a default home page. You can also lock the home page.
If this policy is disabled or not configured, the user can set and change the home page.Additional HomepagesIf this policy is enabled, you can have additional home pages. They are opened in multiple tabs.
If this policy is disabled or not configured, there is only one home page.Start PageIf this policy is enabled, you can change what is displayed when Firefox starts. It can be the homepage, the previous session, or a blank page.
If this policy is disabled or not configured, the start page defaults to the previous session.NoneHomepagePrevious SessionPrompt for download locationIf this policy is disabled, the user is not prompted for a download location.
If this policy is enabled, the user is always prompted for a download location.
If this policy is not configured, the user is prompted for a download location, but can change the default.Proxy SettingsIf this policy is enabled, you can configure and lock network settings.
Select the connection type and then fill in the appropriate sections. Due to a bug, you must select a value for the SOCKS proxy version.
If this policy is disabled or not configured, the default network settings are used and user can change them.SOCKS v4SOCKS v5Automatic proxy configuration URLThese should only be set if you selected autoConfigProxy bypass URLsThese should only be set if you selected manual proxyConnection TypeNo ProxyUse system proxy settingsManual proxy configurationAuto-detect proxy settingsAutomatic proxy configurationTracking ProtectionIf this policy is not configured, tracking protection is not enabled by default in the browser but it is enabled by default in private browsing and the user can change it.
If this policy is disabled, tracking protection is disabled and locked in both the browser and private browsing.
If this policy is enabled, private browsing is enabled by default in both the browser and private browsing and you can choose whether or not to prevent the user from changing it.Requested localeRequested locale (string)If this policy is enabled, you can specify a list of requested locales for the application in order of preference. It will cause the corresponding language pack to become active.
If this policy is disabled or not configured, the application will use the default locale.Security DevicesIf this policy is enabled, you can specify a list of PKCS #11 modules to be installed. Modules are specified as a name and a fully qualified path.
If this policy is disabled or not configured, no additional PKCS #11 modules will be installed.Search bar locationIf this policy is enabled, you can set whether the search bar is separate from the URL bar.
If this policy is disabled or not configured, new users get a unified search bar, users upgrading from Firefox 56 and below get a separate search bar.Search Engine OneSearch Engine TwoSearch Engine ThreeSearch Engine FourSearch Engine FiveIf this policy is enabled, you can configure a search engine to be added to Firefox. Use {searchTerms} to indicate where the search term is placed. Due to a bug, you must select the method (usually GET). Note that you must specify the search engines in order.
If this policy is disabled or not configured, a new search engine is not added.UnifiedSeparateGETPOSTDefault Search EngineIf this policy is enabled, you can set the name of a search engine to be used as the default.
If this policy is disabled or not configured, the Firefox default engine is used.Prevent Search Engine InstallsIf this policy is enabled, the user cannot install search engines from web page.
If this policy is disabled or not configured, search engines can be installed from web pages.Remove Search EnginesIf this policy is enabled, you can specify the names of engines to be removed or hidden.
If this policy is disabled or not configured, search engines will not be removed or hidden.Search SuggestionsIf this policy is disabled, search suggestions will be disabled.
If this policy is enabled, search suggestions will be enabled.
If this policy is not configured, search suggestions will be enabled, but the user can turn them off.Minimum SSL version enabledIf this policy is enabled, Firefox will not use SSL/TLS versions less than the value specified.
If this policy is disabled or not configured, Firefox defaults to a minimum of TLS 1.0.Maximum SSL version enabledIf this policy is enabled, Firefox will not use SSL/TLS versions greater than the value specified.
If this policy is disabled or not configured, Firefox defaults to a maximum of TLS 1.3.TLS 1.0TLS 1.1TLS 1.2TLS 1.3Support MenuIf this policy is enabled, a new menuitem is added to the help menu with support information.
If this policy is disabled or not configured, no menuitem is added.If this policy is enabled, the preference is locked to true. If this policy is disabled, the preference is locked to false.If this policy is enabled, the preference is locked to the string entered. If this policy is disabled, it has no effect.If this policy is enabled, the preference is locked to the value selected. If this policy is disabled, it has no effect.Ask Every TimeSelect Automaticallyapp.update.autobrowser.cache.disk.enablebrowser.fixup.dns_first_for_single_wordsbrowser.search.updatebrowser.tabs.warnOnClosebrowser.cache.disk.parent_directorybrowser.urlbar.suggest.bookmarkbrowser.urlbar.suggest.historybrowser.urlbar.suggest.openpagedatareporting.policy.dataSubmissionPolicyBypassNotificationbrowser.dom.disable_window_flipdom.disable_window_move_resizedom.event.contextmenu.enableddom.keyboardevent.keypress.hack.dispatch_non_printable_keys.addldom.keyboardevent.keypress.hack.use_legacy_keycode_and_charcode.addlextensions.getAddons.showPanemedia.gmp-gmpopenh264.enabledmedia.gmp-widevinecdm.enablednetwork.dns.disableIPv6network.IDN_show_punycodeplaces.history.enabledsecurity.default_personal_certsecurity.ssl.errorReporting.enabledui.key.menuAccessKeyFocusesAlways allow NTLM on non FQDNsAlways allow SPNEGO on non FQDNsAllow popups for websitesDon't allow tracking protection preferences to be changed.URL:Don't allow the homepage to be changed.Additional homepagesTitle:URL:Favicon URL:Placement:Folder name:Method:Don't allow proxy settings to be changed.Connection Type:HTTP Proxy:Use this proxy server for all protocols.SSL Proxy:FTP Proxy:SOCKS Host:SOCKS Version:No proxy forExample: .mozilla.org, .net.nz, 192.168.1.0/24Automatic proxy configuration URL:Do not prompt for authentication if password is saved.Proxy DNS when using SOCKS v5.Provider URL:Enable DNS over HTTPS.Don't allow DNS over HTTPS preferences to be changed.Title:URL:Access key:CacheCookiesDownload HistoryForm & Search HistoryBrowsing HistoryActive LoginsSite PreferencesOffline Website DataSearchTop SitesDownload HistoryRecommended by PocketSnippetsDon't allow settings to be changed