+Set and lock preferences.
+
+**NOTE** On Windows, in order to use this policy, you must clear all settings in the old **Preferences (Deprecated)** section.
+
+Previously you could only set and lock a subset of preferences. Starting with Firefox 81 and Firefox ESR 78.3 you can set many more preferences. You can also set default preferences, user preferences and you can clear preferences.
+
+Preferences that start with the following prefixes are supported:
+```
+accessibility.
+app.update.* (Firefox 86, Firefox 78.8)
+browser.
+datareporting.policy.
+dom.
+extensions.
+general.autoScroll (Firefox 83, Firefox ESR 78.5)
+general.smoothScroll (Firefox 83, Firefox ESR 78.5)
+geo.
+gfx.
+intl.
+keyword.enabled (Firefox 95, Firefox ESR 91.4)
+layers.
+layout.
+media.
+network.
+pdfjs. (Firefox 84, Firefox ESR 78.6)
+places.
+print.
+signon. (Firefox 83, Firefox ESR 78.5)
+spellchecker. (Firefox 84, Firefox ESR 78.6)
+toolkit.legacyUserProfileCustomizations.stylesheets (Firefox 95, Firefox ESR 91.4)
+ui.
+widget.
+xpinstall.signatures.required (Firefox ESR 102.10, Firefox ESR only)
+```
+as well as the following security preferences:
+
+| Preference | Type | Default
+| --- | --- | --- |
+| security.default_personal_cert | string | Ask Every Time
+| If set to Select Automatically, Firefox automatically chooses the default personal certificate.
+| security.insecure_connection_text.enabled | bool | false
+| If set to true, adds the words "Not Secure" for insecure sites.
+| security.insecure_connection_text.pbmode.enabled | bool | false
+| If set to true, adds the words "Not Secure" for insecure sites in private browsing.
+| security.mixed_content.block_active_content | boolean | true
+| If false, mixed active content (HTTP and HTTPS) is not blocked.
+| security.osclientcerts.autoload | boolean | false
+| If true, client certificates are loaded from the operating system certificate store.
+| security.OCSP.enabled | integer | 1
+| If 0, do not fetch OCSP. If 1, fetch OCSP for DV and EV certificates. If 2, fetch OCSP only for EV certificates
+| security.OCSP.require | boolean | false
+| If true, if an OCSP request times out, the connection fails.
+| security.osclientcerts.assume_rsa_pss_support | boolean | true
+| If false, we don't assume an RSA key can do RSA-PSS (Firefox 114, Firefox ESR 102.12).
+| security.ssl.enable_ocsp_stapling | boolean | true
+| If false, OCSP stapling is not enabled.
+| security.ssl.errorReporting.enabled | boolean | true
+| If false, SSL errors cannot be sent to Mozilla.
+| security.tls.enable_0rtt_data | boolean | true
+| If false, TLS early data is turned off (Firefox 93, Firefox 91.2, Firefox 78.15).
+| security.tls.hello_downgrade_check | boolean | true
+| If false, the TLS 1.3 downgrade check is disabled.
+| security.tls.version.enable-deprecated | boolean | false
+| If true, browser will accept TLS 1.0. and TLS 1.1 (Firefox 86, Firefox 78.8).
+| security.warn_submit_secure_to_insecure | boolean | true
+| If false, no warning is shown when submitting a form from https to http.