| Policy Name | Description
| --- | --- |
+| **[`AppAutoUpdate`](#AppAutoUpdate)** | Enable or disable automatic application update.
| **[`AppUpdateURL`](#AppUpdateURL)** | Change the URL for application update.
| **[`Authentication`](#Authentication)** | Configure sites that support integrated authentication.
| **[`BlockAboutAddons`](#blockaboutaddons)** | Block access to the Add-ons Manager (about:addons).
| **[`DisableFormHistory`](#disableformhistory)** | Turn off saving information on web forms and the search bar.
| **[`DisablePocket`](#disablepocket)** | Remove Pocket in the Firefox UI.
| **[`DisablePrivateBrowsing`](#disableprivatebrowsing)** | Remove access to private browsing.
+| **[`DisablePasswordReveal`](#disablepasswordreveal)** | Do not allow passwords to be revealed in saved logins.
| **[`DisableProfileImport`](#disableprofileimport)** | Disables the "Import data from another browser" option in the bookmarks window.
| **[`DisableProfileRefresh`](#disableprofilerefresh)** | Disable the Refresh Firefox button on about:support and support.mozilla.org
| **[`DisableSafeMode`](#disablesafemode)** | Disable safe mode within the browser.
| **[`DisableSystemAddonUpdate`](#disablesystemaddonupdate)** | Prevent system add-ons from being installed or update.
| **[`DisableTelemetry`](#disabletelemetry)** | DisableTelemetry
| **[`DisplayBookmarksToolbar`](#displaybookmarkstoolbar)** | Set the initial state of the bookmarks toolbar.
-| **[`DisplayMenuBar`](#displaymenubar)** | Set the initial state of the menubar.
+| **[`DisplayMenuBar (Deprecated)`](#displaymenubar-deprecated)** | Set the initial state of the menubar.
+| **[`DisplayMenuBar`](#displaymenubar)** | Set the state of the menubar.
| **[`DNSOverHTTPS`](#dnsoverhttps)** | Configure DNS over HTTPS.
| **[`DontCheckDefaultBrowser`](#dontcheckdefaultbrowser)** | Don't check if Firefox is the default browser at startup.
| **[`DefaultDownloadDirectory`](#defaultdownloaddirectory)** | Set the default download directory.
| **[`SSLVersionMax`](#sslversionmax)** | Set and lock the maximum version of TLS.
| **[`SSLVersionMin`](#sslversionmin)** | Set and lock the minimum version of TLS.
| **[`SupportMenu`](#supportmenu)** | Add a menuitem to the help menu for specifying support information.
+| **[`UserMessaging`](#usermessaging)** | Don't show certain messages to the user.
| **[`WebsiteFilter`](#websitefilter)** | Block websites from being visited.
+### AppAutoUpdate
+
+Enable or disable **automatic** application update.
+
+If set to true, application updates are installed without user approval.
+
+If set to false, application updates are downloaded but the user can choose when to install the update.
+
+If you have disabled updates via DisableAppUpdate, this policy has no effect.
+
+**Compatibility:** Firefox 75, Firefox ESR 68.7\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** app.update.auto
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\AppAutoUpdate = 0x1 | 0x0
+```
+#### macOS
+```
+<dict>
+ <key>AppAutoUpdate</key>
+ <true/> | <false/>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "AppAutoUpdate": true | false
+ }
+}
+```
### AppUpdateURL
Change the URL for application update.
Disable Firefox studies (Shield).
**Compatibility:** Firefox 60, Firefox ESR 60\
-**CCK2 Equivalent:** `disableForget`\
+**CCK2 Equivalent:** N/A\
**Preferences Affected:** N/A
#### Windows (GPO)
}
}
```
-### DisplayMenuBar
+### DisplayMenuBar (Deprecated)
Set the initial state of the menubar. A user can still hide it and it will stay hidden.
**Compatibility:** Firefox 60, Firefox ESR 60 (Windows, some Linux)\
}
}
```
+### DisplayMenuBar
+Set the state of the menubar.
+
+`always` means the menubar is shown and cannot be hidden.
+
+`never` means the menubar is hidden and cannot be shown.
+
+`default-on` means the menubar is on by default but can be hidden.
+
+`default-off` means the menubar is off by default but can be shown.
+
+**Compatibility:** Firefox 73, Firefox ESR 68.5 (Windows, some Linux)\
+**CCK2 Equivalent:** `displayMenuBar`\
+**Preferences Affected:** N/A
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\DisplayMenuBar = "always", "never", "default-on", "default-off"
+```
+#### macOS
+```
+<dict>
+ <key>DisplayMenuBar</key>
+ <string>always | never | default-on | default-off</string>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "DisplayMenuBar": "always", "never", "default-on", "default-off"
+ }
+}
+```
### DNSOverHTTPS
Configure DNS over HTTPS.
If `Fingerprinting` is set to true, fingerprinting scripts on websites are blocked.
-**Compatibility:** Firefox 60, Firefox ESR 60 (Cryptomining and Fingerprinting added in 70/68.2)\
-**CCK2 Equivalent:** `dontCheckDefaultBrowser`\
+`Exceptions` are origins for which tracking protection is not enabled.
+
+**Compatibility:** Firefox 60, Firefox ESR 60 (Cryptomining and Fingerprinting added in 70/68.2, Exceptions added in 73/68.5)\
+**CCK2 Equivalent:** N/A\
**Preferences Affected:** `privacy.trackingprotection.enabled`,`privacy.trackingprotection.pbmode.enabled`,`privacy.trackingprotection.cryptomining.enabled`,`privacy.trackingprotection.fingerprinting.enabled`
#### Windows (GPO)
Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Locked = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Cryptomining = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Fingerprinting = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Exceptions\1 = "https://example.com"
```
#### macOS
```
<dict>
<key>Value</key>
<true/> | <false/>
- <key><Locked/key>
+ <key><Locked</key>
<true/> | <false/>
- <key><Cryptomining/key>
+ <key><Cryptomining</key>
<true/> | <false/>
- <key><Fingerprinting/key>
+ <key><Fingerprinting</key>
<true/> | <false/>
+ <key>Exceptions</key>
+ <array>
+ <string>https://example.com</string>
+ </array>
</dict>
</dict>
```
"Value": [true, false],
"Locked": [true, false],
"Cryptomining": [true, false],
- "Fingerprinting": [true, false]
+ "Fingerprinting": [true, false],
+ "Exceptions": ["https://example.com"]
}
}
```
**Compatibility:** Firefox 70, Firefox ESR 60.2\
**CCK2 Equivalent:** N/A\
-**Preferences Affected:** `prefs.privacy.disable_button.view_passwords`
+**Preferences Affected:** `pref.privacy.disable_button.view_passwords`
#### Windows (GPO)
```
}
```
### Permissions
-Set permissions associated with camera, microphone, location, and notifications. Because these are origins, not domains, entries with unique ports must be specified separately. See examples below.
+Set permissions associated with camera, microphone, location, notifications, and autoplay. Because these are origins, not domains, entries with unique ports must be specified separately. See examples below.
`Allow` is a list of origins where the feature is allowed.
`Locked` prevents the user from changing preferences for the feature.
-**Compatibility:** Firefox 62, Firefox ESR 60.2\
+**Compatibility:** Firefox 62, Firefox ESR 60.2 (Autoplay added in Firefox 74, Firefox ESR 68.6\
**CCK2 Equivalent:** N/A\
**Preferences Affected:** `permissions.default.camera`,`permissions.default.microphone`,`permissions.default.geo`,`permissions.default.desktop-notification`
Software\Policies\Mozilla\Firefox\Permissions\Notifications\Block\1 = "https://example.edu"
Software\Policies\Mozilla\Firefox\Permissions\Notifications\BlockNewRequests = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\Permissions\Notifications\Locked = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Allow\1 = "https://example.org"
+Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Block\1 = "https://example.edu"
```
#### macOS
```
<key>Locked</key>
<true/>
</dict>
+ <key>Autoplay</key>
+ <dict>
+ <key>Allow</key>
+ <array>
+ <string>https://example.org</string>
+ </array>
+ <key>Block</key>
+ <array>
+ <string>https://example.edu</string>
+ </array>
+ </dict>
</dict>
</dict>
```
"Block": ["https://example.edu"],
"BlockNewRequests": true | false,
"Locked": true | false
+ },
+ "Autoplay": {
+ "Allow": ["https://example.org"],
+ "Block": ["https://example.edu"]
}
}
}
| --- | --- | --- | ---
| accessibility.force_disabled | integer | Firefox 70, Firefox ESR 68.2 | 0
| If set to 1, platform accessibility is disabled.
-| app.update.auto | boolean | Firefox 68, Firefox ESR 68 | true
+| app.update.auto (Deprecated - Switch to AppAutoUpdate policy) | boolean | Firefox 68, Firefox ESR 68 | true
| If false, Firefox doesn't automatically install update.
| browser.bookmarks.autoExportHTML | boolean | Firefox 70, Firefox ESR 68.2 | false
| If true, bookmarks are exported on shutdown.
| See https://support.mozilla.org/en-US/kb/dom-events-changes-introduced-firefox-66
| dom.keyboardevent.keypress.hack.use_legacy_keycode_and_charcode.addl | string | Firefox 68, Firefox ESR 68 | N/A
| See https://support.mozilla.org/en-US/kb/dom-events-changes-introduced-firefox-66
+| dom.xmldocument.load.enabled | boolean | Firefox ESR 68.5 | true.
+| If false, XMLDocument.load is not available.
+| dom.xmldocument.async.enabled | boolean | Firefox ESR 68.5 | true
+| If false, XMLDocument.async is not available.
| extensions.blocklist.enabled | boolean | Firefox 70, Firefox ESR 68.2 | true
| If false, the extensions blocklist is not used (Not recommended)
| extensions.getAddons.showPane | boolean | Firefox 68, Firefox ESR 68 | N/A
Ask where to save each file before downloading.
**Compatibility:** Firefox 68, Firefox ESR 68\
-**CCK2 Equivalent:** N/A
+**CCK2 Equivalent:** N/A\
**Preferences Affected:** `browser.download.useDownloadDir`
#### Windows (GPO)
<key>Proxy</key>
<dict>
<key>Mode</key>
- <string>none | system | manual | autoDetect| autoConfig</string>
+ <string>none | system | manual | autoDetect | autoConfig</string>
<key>Locked</key>
<true> | </false>
<key>HTTPProxy</key>
### SanitizeOnShutdown (Selective)
Clear data on shutdown. Choose from Cache, Cookies, Download History, Form & Search History, Browsing History, Active Logins, Site Preferences and Offline Website Data.
-**Compatibility:** Firefox 68, Firefox ESR 68\
+Previously, these values were always locked. Starting with Firefox 74 and Firefox ESR 68.6, you can use the `Locked` option to either keep the values unlocked (set it to false), or lock only the values you set (set it to true). If you want the old behavior of locking everything, do not set `Locked` at all.
+
+**Compatibility:** Firefox 68, Firefox ESR 68 (Locked added in 74/68.6)\
**CCK2 Equivalent:** N/A\
**Preferences Affected:** `privacy.sanitize.sanitizeOnShutdown`,`privacy.clearOnShutdown.cache`,`privacy.clearOnShutdown.cookies`,`privacy.clearOnShutdown.downloads`,`privacy.clearOnShutdown.formdata`,`privacy.clearOnShutdown.history`,`privacy.clearOnShutdown.sessions`,`privacy.clearOnShutdown.siteSettings`,`privacy.clearOnShutdown.offlineApps`
#### Windows (GPO)
Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Sessions = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\SiteSettings = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\OfflineApps = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Locked = 0x1 | 0x0
```
#### macOS
```
<true/> | <false/>
<key>OfflineApps</key>
<true/> | <false/>
+ <key>Locked</key>
+ <true/> | <false/>
</dict>
</dict>
```
"History": true | false,
"Sessions": true | false,
"SiteSettings": true | false,
- "OfflineApps": true | false
+ "OfflineApps": true | false,
+ "Locked": true | false
}
}
}
}
}
```
+### UserMessaging
+
+Prevent installing search engines from webpages.
+
+`WhatsNew` Remove the "What's New" icon and menuitem. (Firefox 75 only)
+
+`ExtensionRecommendations` Don't recommend extensions.
+
+`FeatureRecommendations` Don't recommend browser features.
+
+`UrlbarInterventions` Don't offer Firefox specific suggestions in the URL bar. (Firefox 75 only)
+
+**Compatibility:** Firefox 75, Firefox ESR 68.7\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `browser.messaging-system.whatsNewPanel.enabled`,`browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons`,`browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\UserMessaging\WhatsNew = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\UserMessaging\ExtensionRecommendations = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\UserMessaging\FeatureRecommendations = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\UserMessaging\UrlbarInterventions = 0x1 | 0x0
+```
+#### macOS
+```
+<dict>
+ <key>UserMessaging</key>
+ <dict>
+ <key>WhatsNew</key>
+ <true/> | <false/>
+ <key>ExtensionRecommendations</key>
+ <true/> | <false/>
+ <key>FeatureRecommendations</key>
+ <true/> | <false/>
+ <key>UrlbarInterventions</key>
+ <true/> | <false/>
+ </dict>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "UserMessaging": {
+ "WhatsNew": true | false,
+ "ExtensionRecommendations": true | false,
+ "FeatureRecommendations": true | false,
+ "UrlbarInterventions": true | false
+ }
+ }
+}
+```
### WebsiteFilter
Block websites from being visited. The parameters take an array of Match Patterns, as documented in https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Match_patterns. Only http/https addresses are supported at the moment. The arrays are limited to 1000 entries each.
#### Windows (GPO)
```
-Software\Policies\Mozilla\Firefox\WebsiteFilter
s\Block\1 = "<all_urls>"
-Software\Policies\Mozilla\Firefox\WebsiteFilters\Exceptions\1 = "http://example.org/*"
+Software\Policies\Mozilla\Firefox\WebsiteFilter\Block\1 = "<all_urls>"
+Software\Policies\Mozilla\Firefox\WebsiteFilter\Exceptions\1 = "http://example.org/*"
```
#### macOS
```
git.p6c8.net / policy-templates.git / blobdiff