| **[`ExtensionSettings`](#extensionsettings)** | Manage all aspects of extensions.
| **[`ExtensionUpdate`](#extensionupdate)** | Control extension updates.
| **[`FirefoxHome`](#firefoxhome)** | Customize the Firefox Home page.
+| **[`FirefoxSuggest`](#firefoxsuggest)** | Customize Firefox Suggest.
| **[`GoToIntranetSiteForSingleWordEntryInAddressBar`](#gotointranetsiteforsinglewordentryinaddressbar)** | Force direct intranet site navigation instead of searching when typing single word entries in the address bar.
| **[`Handlers`](#handlers)** | Configure default application handlers.
| **[`HardwareAcceleration`](#hardwareacceleration)** | Control hardware acceleration.
| **[`PopupBlocking`](#popupblocking)** | Configure the default pop-up window policy as well as origins for which pop-up windows are allowed.
| **[`Preferences`](#preferences)** | Set and lock preferences.
| **[`PrimaryPassword`](#primarypassword)** | Require or prevent using a primary (formerly master) password.
+| **[`PrintingEnabled`](#printingenabled)** | Enable or disable printing.
| **[`PromptForDownloadLocation`](#promptfordownloadlocation)** | Ask where to save each file before downloading.
| **[`Proxy`](#proxy)** | Configure proxy settings.
| **[`RequestedLocales`](#requestedlocales)** | Set the the list of requested locales for the application in order of preference.
`SafeBrowsing` prevents selecting "ignore the risk" and visiting a harmful site anyway.
+These policies only affect what happens when an error is shown, they do not affect any settings in preferences.
+
**Compatibility:** Firefox 60, Firefox ESR 60\
**CCK2 Equivalent:** N/A\
**Preferences Affected:** `security.certerror.hideAddException`, `browser.safebrowsing.allowOverride`
### FirefoxHome
Customize the Firefox Home page.
-**Compatibility:** Firefox 68, Firefox ESR 68 (SponsoredTopSites and SponsoredPocket were added in Firefox 95, Firefox ESR 91.4)
+**Compatibility:** Firefox 68, Firefox ESR 68 (SponsoredTopSites and SponsoredPocket were added in Firefox 95, Firefox ESR 91.4, Snippets was deprecated in Firefox 122)
**CCK2 Equivalent:** N/A\
**Preferences Affected:** `browser.newtabpage.activity-stream.showSearch`, `browser.newtabpage.activity-stream.feeds.topsites`, `browser.newtabpage.activity-stream.feeds.section.highlights`, `browser.newtabpage.activity-stream.feeds.section.topstories`, `browser.newtabpage.activity-stream.feeds.snippets`, `browser.newtabpage.activity-stream.showSponsoredTopSites`, `browser.newtabpage.activity-stream.showSponsored`
}
}
```
+### FirefoxSuggest
+Customize Firefox Suggest (US only).
+
+**Compatibility:** Firefox 118, Firefox ESR 115.3.
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `browser.urlbar.suggest.quicksuggest.nonsponsored`, `browser.urlbar.suggest.quicksuggest.sponsored`, `browser.urlbar.quicksuggest.dataCollection.enabled`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\FirefoxSuggest\WebSuggestions = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\FirefoxSuggest\SponsoredSuggestions = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\FirefoxSuggest\ImproveSuggest = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\FirefoxSuggest\Locked = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~FirefoxSuggest/WebSuggestions
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~FirefoxSuggest/SponsoredSuggestions
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~FirefoxSuggest/ImproveSuggest
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~FirefoxSuggest/Locked
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+#### macOS
+```
+<dict>
+ <key>FirefoxSuggest</key>
+ <dict>
+ <key>WebSuggestions</key>
+ <true/> | <false/>
+ <key>SponsoredSuggestions</key>
+ <true/> | <false/>
+ <key>ImproveSuggest</key>
+ <true/> | <false/>
+ <key>Locked</key>
+ <true/> | <false/>
+ </dict>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "FirefoxSuggest": {
+ "WebSuggestions": true | false,
+ "SponsoredSuggestions": true | false,
+ "ImproveSuggest": true | false,
+ "Locked": true | false
+ }
+ }
+}
+```
### GoToIntranetSiteForSingleWordEntryInAddressBar
Whether to always go through the DNS server before sending a single word search string to a search engine.
**Compatibility:** Firefox 77, Firefox ESR 68.9\
**CCK2 Equivalent:** N/A\
-**Preferences Affected:** `pdfjs.diabled`, `pdfjs.enablePermissions`
+**Preferences Affected:** `pdfjs.disabled`, `pdfjs.enablePermissions`
#### Windows (GPO)
```
Preferences that start with the following prefixes are supported:
```
accessibility.
-app.update.* (Firefox 86, Firefox 78.8)
+alerts.* (Firefox 122, Firefox ESR 115.7)
+app.update.* (Firefox 86, Firefox ESR 78.8)
browser.
datareporting.policy.
dom.
network.
pdfjs. (Firefox 84, Firefox ESR 78.6)
places.
+pref.
print.
signon. (Firefox 83, Firefox ESR 78.5)
spellchecker. (Firefox 84, Firefox ESR 78.6)
ui.
widget.
xpinstall.signatures.required (Firefox ESR 102.10, Firefox ESR only)
+xpinstall.whitelist.required (Firefox 118, Firefox ESR 115.3)
```
as well as the following security preferences:
| --- | --- | --- |
| security.default_personal_cert | string | Ask Every Time
| If set to Select Automatically, Firefox automatically chooses the default personal certificate.
+| security.disable_button.openCertManager | string | N/A
+| If set to true and locked, the View Certificates button in preferences is disabled (Firefox 121, Firefox ESR 115.6)
+| security.disable_button.openDeviceManager | string | N/A
+| If set to true and locked, the Security Devices button in preferences is disabled (Firefox 121, Firefox ESR 115.6)
| security.insecure_connection_text.enabled | bool | false
| If set to true, adds the words "Not Secure" for insecure sites.
| security.insecure_connection_text.pbmode.enabled | bool | false
| security.osclientcerts.autoload | boolean | false
| If true, client certificates are loaded from the operating system certificate store.
| security.OCSP.enabled | integer | 1
-| If 0, do not fetch OCSP. If 1, fetch OCSP for DV and EV certificates. If 2, fetch OCSP only for EV certificates
+| If 0, do not fetch OCSP. If 1, fetch OCSP for DV and EV certificates. If 2, fetch OCSP only for EV certificates.
| security.OCSP.require | boolean | false
| If true, if an OCSP request times out, the connection fails.
| security.osclientcerts.assume_rsa_pss_support | boolean | true
-| If false, we don't assume an RSA key can do RSA-PSS (Firefox 114, Firefox ESR 102.12).
+| If false, we don't assume an RSA key can do RSA-PSS. (Firefox 114, Firefox ESR 102.12)
| security.ssl.enable_ocsp_stapling | boolean | true
| If false, OCSP stapling is not enabled.
| security.ssl.errorReporting.enabled | boolean | true
| If false, SSL errors cannot be sent to Mozilla.
+| security.ssl.require_safe_negotiation | boolean | false
+| If true, Firefox will only negotiate TLS connections with servers that indicate they support secure renegotiation. (Firefox 118, Firefox ESR 115.3)
| security.tls.enable_0rtt_data | boolean | true
-| If false, TLS early data is turned off (Firefox 93, Firefox 91.2, Firefox 78.15).
+| If false, TLS early data is turned off. (Firefox 93, Firefox 91.2, Firefox 78.15)
| security.tls.hello_downgrade_check | boolean | true
| If false, the TLS 1.3 downgrade check is disabled.
| security.tls.version.enable-deprecated | boolean | false
-| If true, browser will accept TLS 1.0. and TLS 1.1 (Firefox 86, Firefox 78.8).
+| If true, browser will accept TLS 1.0. and TLS 1.1. (Firefox 86, Firefox 78.8)
| security.warn_submit_secure_to_insecure | boolean | true
| If false, no warning is shown when submitting a form from https to http.
}
}
```
+### PrintingEnabled
+Enable or disable printing.
+
+**Compatibility:** Firefox 120, Firefox ESR 115.5\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `print.enabled`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\PrintingEnabled = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PrintingEnabled
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+#### macOS
+```
+<dict>
+ <key>PrintingEnabled</key>
+ <true/> | <false/>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "PrintingEnabled": true | false
+ }
+}
+```
### PromptForDownloadLocation
Ask where to save each file before downloading.
```
Software\Policies\Mozilla\Firefox\Proxy\Mode = "none" | "system" | "manual" | "autoDetect" | "autoConfig"
Software\Policies\Mozilla\Firefox\Proxy\Locked = 0x1 | 0x0
-Software\Policies\Mozilla\Firefox\=Proxy\HTTPProxy = https://httpproxy.example.com
+Software\Policies\Mozilla\Firefox\Proxy\HTTPProxy = https://httpproxy.example.com
Software\Policies\Mozilla\Firefox\Proxy\UseHTTPProxyForAllProtocols = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\Proxy\SSLProxy = https://sslproxy.example.com
Software\Policies\Mozilla\Firefox\Proxy\FTPProxy = https://ftpproxy.example.com
```
### SSLVersionMax
-Set and lock the maximum version of TLS.
+Set and lock the maximum version of TLS. (Firefox defaults to a maximum of TLS 1.3.)
**Compatibility:** Firefox 66, Firefox ESR 60.6\
**CCK2 Equivalent:** N/A\
```
### SSLVersionMin
-Set and lock the minimum version of TLS.
+Set and lock the minimum version of TLS. (Firefox defaults to a minimum of TLS 1.2.)
**Compatibility:** Firefox 66, Firefox ESR 60.6\
**CCK2 Equivalent:** N/A\