| **[`DisableSystemAddonUpdate`](#disablesystemaddonupdate)** | Prevent system add-ons from being installed or update.
| **[`DisableTelemetry`](#disabletelemetry)** | DisableTelemetry
| **[`DisplayBookmarksToolbar`](#displaybookmarkstoolbar)** | Set the initial state of the bookmarks toolbar.
-| **[`DisplayMenuBar`](#displaymenubar)** | Set the initial state of the menubar.
+| **[`DisplayMenuBar (Deprecated)`](#displaymenubar-deprecated)** | Set the initial state of the menubar.
+| **[`DisplayMenuBar`](#displaymenubar)** | Set the state of the menubar.
| **[`DNSOverHTTPS`](#dnsoverhttps)** | Configure DNS over HTTPS.
| **[`DontCheckDefaultBrowser`](#dontcheckdefaultbrowser)** | Don't check if Firefox is the default browser at startup.
| **[`DefaultDownloadDirectory`](#defaultdownloaddirectory)** | Set the default download directory.
See https://developer.mozilla.org/en-US/docs/Mozilla/Integrated_authentication for more information.
-**Compatibility:** Firefox 60, Firefox ESR 60 (AllowNonFQDN added in 62/60.2, AllowProxies added in 70/68.2)\
+**Compatibility:** Firefox 60, Firefox ESR 60 (AllowNonFQDN added in 62/60.2, AllowProxies added in 70/68.2, Locked added in 71/68.3)\
**CCK2 Equivalent:** N/A\
**Preferences Affected:** `network.negotiate-auth.trusted-uris`,`network.negotiate-auth.delegation-uris`,`network.automatic-ntlm-auth.trusted-uris`,`network.automatic-ntlm-auth.allow-non-fqdn`,`network.negotiate-auth.allow-non-fqdn`,`network.automatic-ntlm-auth.allow-proxies`,`network.negotiate-auth.allow-proxies`
Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\NTLM = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\SPNEGO = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\NTLM = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\Authentication\Locked = 0x1 | 0x0
```
#### macOS
```
<key>NTLM</key>
<true/> | <false/>
</dict>
+ <key>Locked</key>
+ <true/> | <false/>
</dict>
</dict>
```
"AllowProxies": {
"SPNEGO": true | false,
"NTLM": true | false
- }
+ },
+ "Locked": true | false
}
}
}
"Allow": ["http://example.org/"],
"Block": ["http://example.edu/"],
"Default": true | false,
- "AcceptThirdParty": "always" | "never" | "from-visited"],
+ "AcceptThirdParty": "always" | "never" | "from-visited",
"ExpireAtSessionEnd": true | false,
"RejectTracker": true | false,
"Locked": true | false
}
}
```
+### DisablePasswordReveal
+Do not allow passwords to be shown in saved logins
+
+**Compatibility:** Firefox 71, Firefox ESR 68.3\
+**CCK2 Equivalent:** N/A
+**Preferences Affected:** N/A
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\DisablePasswordReveal = 0x1 | 0x0
+```
+
+#### macOS
+```
+<dict>
+ <key>DisablePasswordReveal</key>
+ <true/> | <false/>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "DisablePasswordReveal": true | false
+ }
+}
+```
### DisablePocket
Remove Pocket in the Firefox UI. It does not remove it from the new tab page.
}
}
```
-### DisplayMenuBar
+### DisplayMenuBar (Deprecated)
Set the initial state of the menubar. A user can still hide it and it will stay hidden.
**Compatibility:** Firefox 60, Firefox ESR 60 (Windows, some Linux)\
}
}
```
+### DisplayMenuBar
+Set the state of the menubar.
+
+`always` means the menubar is shown and cannot be hidden.
+
+`never` means the menubar is hidden and cannot be shown.
+
+`default-on` means the menubar is on by default but can be hidden.
+
+`default-off` means the menubar is off by default but can be shown.
+
+**Compatibility:** Firefox 73, Firefox ESR 68.5 (Windows, some Linux)\
+**CCK2 Equivalent:** `displayMenuBar`\
+**Preferences Affected:** N/A
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\DisplayMenuBar = "always", "never", "default-on", "default-off"
+```
+#### macOS
+```
+<dict>
+ <key>DisplayMenuBar</key>
+ <string>always | never | default-on | default-off</string>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "DisplayMenuBar": "always", "never", "default-on", "default-off"
+ }
+}
+```
### DNSOverHTTPS
Configure DNS over HTTPS.
If `Fingerprinting` is set to true, fingerprinting scripts on websites are blocked.
-**Compatibility:** Firefox 60, Firefox ESR 60 (Cryptomining and Fingerprinting added in 70/68.2)\
+`Exceptions` are origins for which tracking protection is not enabled.
+
+**Compatibility:** Firefox 60, Firefox ESR 60 (Cryptomining and Fingerprinting added in 70/68.2, Exceptions added in 73/68.5)\
**CCK2 Equivalent:** `dontCheckDefaultBrowser`\
**Preferences Affected:** `privacy.trackingprotection.enabled`,`privacy.trackingprotection.pbmode.enabled`,`privacy.trackingprotection.cryptomining.enabled`,`privacy.trackingprotection.fingerprinting.enabled`
Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Locked = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Cryptomining = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Fingerprinting = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Exceptions\1= "https://example.com"
+
```
#### macOS
```
<dict>
<key>Value</key>
<true/> | <false/>
- <key><Locked/key>
+ <key><Locked</key>
<true/> | <false/>
- <key><Cryptomining/key>
+ <key><Cryptomining</key>
<true/> | <false/>
- <key><Fingerprinting/key>
+ <key><Fingerprinting</key>
<true/> | <false/>
+ <key>Exceptions</key>
+ <array>
+ <string>https://example.com</string>
+ </array>
</dict>
</dict>
```
"Value": [true, false],
"Locked": [true, false],
"Cryptomining": [true, false],
- "Fingerprinting": [true, false]
+ "Fingerprinting": [true, false],
+ "Exceptions": ["https://example.com"]
}
}
```
"*": {
"blocked_install_message": "Custom error message.",
"install_sources": ["https://addons.mozilla.org/"],
- "installation_mode": "blocked"
+ "installation_mode": "blocked",
+ "allowed_types": ["extension"]
},
"uBlock0@raymondhill.net": {
"installation_mode": "force_installed",
</array>
<key>installation_mode</key>
<string>blocked</string>
+ <key>allowed_types</key>
+ <array>
+ <string>extension</string>
+ </array>
</dict>
<key>uBlock0@raymondhill.net</key>
<dict>
"*": {
"blocked_install_message": "Custom error message.",
"install_sources": ["https://addons.mozilla.org/"],
- "installation_mode": "blocked"
+ "installation_mode": "blocked",
+ "allowed_types": ["extension"]
},
"uBlock0@raymondhill.net": {
"installation_mode": "force_installed",
<string>http://example.edu</string>
</array>
<key>StartPage</key>
- <string>always | never | from-visited</string>
+ <string>none | homepage | previous-session</string>
</dict>
</dict>
```
"Locked": true | false,
"Additional": ["http://example.org/",
"http://example.edu/"],
- "StartPage": "none" | "homepage" | "previous-session"
+ "StartPage": "none" | "homepage" | "previous-session"
}
}
}
}
```
### Permissions
-Set permissions associated with camera, microphone, location, and notifications
+Set permissions associated with camera, microphone, location, and notifications. Because these are origins, not domains, entries with unique ports must be specified separately. See examples below.
`Allow` is a list of origins where the feature is allowed.
#### Windows (GPO)
```
Software\Policies\Mozilla\Firefox\Permissions\Camera\Allow\1 = "https://example.org"
+Software\Policies\Mozilla\Firefox\Permissions\Camera\Allow\2 = "https://example.org:1234"
Software\Policies\Mozilla\Firefox\Permissions\Camera\Block\1 = "https://example.edu"
Software\Policies\Mozilla\Firefox\Permissions\Camera\BlockNewRequests = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\Permissions\Camera\Locked = 0x1 | 0x0
<key>Allow</key>
<array>
<string>https://example.org</string>
+ <string>https://example.org:1234</string>
</array>
<key>Block</key>
<array>
"policies": {
"Permissions": {
"Camera": {
- "Allow": ["https://example.org"],
+ "Allow": ["https://example.org","https://example.org:1234"],
"Block": ["https://example.edu"],
"BlockNewRequests": true | false,
"Locked": true | false
| If true, bookmarks are exported on shutdown.
| browser.bookmarks.file | string | Firefox 70, Firefox ESR 68.2 | N/A
| If set, the name of the file where bookmarks are exported and imported.
-| browser.bookmarks.restore_default_bookmarks | string | Firefox 70, Firefox ESR 68.2 | N/A
+| browser.bookmarks.restore_default_bookmarks | boolean | Firefox 70, Firefox ESR 68.2 | N/A
| If true, bookmarks are restored to their defaults.
| browser.cache.disk.enable | boolean | Firefox 68, Firefox ESR 68 | true
| If false, don't store cache on the hard drive.
-| browser.cache.disk.parent_directory | string | Firefox 68, Firefox ESR 68 | Profile temporary directory
-| If set, changes the location of the disk cache.
+| ~browser.cache.disk.parent_directory~ | string | Firefox 68, Firefox ESR 68 | Profile temporary directory
+| ~If set, changes the location of the disk cache.~ This policy doesn't work. It's being worked on.
| browser.fixup.dns_first_for_single_words | boolean | Firefox 68, Firefox ESR 68 | false
| If true, single words are sent to DNS, not directly to search.
-| browser.places.importBookmarksHTML | string | Firefox 70, Firefox ESR 68.2
+| browser.newtabpage.activity-stream.default.sites | string | Firefox 72, ESR 68.4 | Locale dependent
+| If set, a list of URLs to use as the default top sites on the new tab page.
+| browser.places.importBookmarksHTML | boolean | Firefox 70, Firefox ESR 68.2
| If true, bookmarks are always imported on startup.
-| browser.safebrowsing.phishing.enabled | string | Firefox 70, Firefox ESR 68.2 | true
+| browser.safebrowsing.phishing.enabled | boolean | Firefox 70, Firefox ESR 68.2 | true
| If false, phishing protection is not enabled (Not recommended)
-| browser.safebrowsing.malware.enabled | string | Firefox 70, Firefox ESR 68.2 | true
-| IF false, malware protection is not enabled (Not recommended)
+| browser.safebrowsing.malware.enabled | boolean | Firefox 70, Firefox ESR 68.2 | true
+| If false, malware protection is not enabled (Not recommended)
| browser.search.update | boolean | Firefox 68, Firefox ESR 68 | true
| If false, updates for search engines are not checked.
-| browser.slowStartup.notificationDisabled | string | Firefox 70, Firefox ESR 68.2 | false
+| browser.slowStartup.notificationDisabled | boolean | Firefox 70, Firefox ESR 68.2 | false
| If true, a notification isn't shown if startup is slow.
| browser.tabs.warnOnClose | boolean | Firefox 68, Firefox ESR 68 | true
| If false, there is no warning when the browser is closed.
-| browser.taskbar.previews.enable | string | Firefox 70, Firefox ESR 68.2 (Windows only) | false
+| browser.taskbar.previews.enable | boolean | Firefox 70, Firefox ESR 68.2 (Windows only) | false
| If true, tab previews are shown in the Windows taskbar.
| browser.urlbar.suggest.bookmark | boolean | Firefox 68, Firefox ESR 68 | true
| If false, bookmarks aren't suggested when typing in the URL bar.
| If false, open tabs aren't suggested when typing in the URL bar.
| datareporting.policy.dataSubmissionPolicyBypassNotification | boolean | Firefox 68, Firefox ESR 68 | false
| If true, don't show the privacy policy tab on first run.
-| dom.allow_scripts_to_close_windows | string | Firefox 70, Firefox ESR 68.2 | false
+| dom.allow_scripts_to_close_windows | boolean | Firefox 70, Firefox ESR 68.2 | false
| If false, web page can close windows.
| dom.disable_window_flip | boolean | Firefox 68, Firefox ESR 68 | true
| If false, web pages can focus and activate windows.
| See https://support.mozilla.org/en-US/kb/dom-events-changes-introduced-firefox-66
| dom.keyboardevent.keypress.hack.use_legacy_keycode_and_charcode.addl | string | Firefox 68, Firefox ESR 68 | N/A
| See https://support.mozilla.org/en-US/kb/dom-events-changes-introduced-firefox-66
-| extensions.blocklist.enabled | string | Firefox 70, Firefox ESR 68.2 | true
+| extensions.blocklist.enabled | boolean | Firefox 70, Firefox ESR 68.2 | true
| If false, the extensions blocklist is not used (Not recommended)
| extensions.getAddons.showPane | boolean | Firefox 68, Firefox ESR 68 | N/A
| If false, the Recommendations tab is not displayed in the Add-ons Manager.
-| geo.enabled | string | Firefox 70, Firefox ESR 68.2 | true
+| extensions.htmlaboutaddons.recommendations.enabled | boolean | Firefox 72, Firefox ESR 68.4 | true
+| If false, recommendations are not shown on the Extensions tab in the Add-ons Manager.
+| geo.enabled | boolean | Firefox 70, Firefox ESR 68.2 | true
| If false, the geolocation API is disabled. | Language dependent
| intl.accept_languages | string | Firefox 70, Firefox ESR 68.2
| If set, preferred language for web pages.
-| media.eme.enabled | string | Firefox 70, Firefox ESR 68.2 | true
+| media.eme.enabled | boolean | Firefox 70, Firefox ESR 68.2 | true
| If false, Encrypted Media Extensions are not enabled.
| media.gmp-gmpopenh264.enabled | boolean | Firefox 68, Firefox ESR 68 | true
| If false, the OpenH264 plugin is not downloaded.
| media.gmp-widevinecdm.enabled | boolean | Firefox 68, Firefox ESR 68 | true
| If false, the Widevine plugin is not downloaded.
+| media.peerconnection.enabled | boolean | Firefox 72, Firefox ESR 68.4 | true
+| If false, WebRTC is disabled
+| media.peerconnection.ice.obfuscate_host_addresses.whitelist | string | Firefox 72, Firefox ESR 68.4 | N/A
+| If set, a list of domains for which mDNS hostname obfuscation is
+disabled
| network.dns.disableIPv6 | boolean | Firefox 68, Firefox ESR 68 | false
| If true, IPv6 DNS lokoups are disabled.
| network.IDN_show_punycode | boolean | Firefox 68, Firefox ESR 68 | false
| If true, display the punycode version of internationalized domain names.
| places.history.enabled | boolean | Firefox 68, Firefox ESR 68 | true
| If false, history is not enabled.
-| print.save_print_settings | string | Firefox 70, Firefox ESR 68.2 | true
+| print.save_print_settings | boolean | Firefox 70, Firefox ESR 68.2 | true
| If false, print settings are not saved between jobs.
| security.default_personal_cert | string | Firefox 68, Firefox ESR 68 | Ask Every Time
| If set to Select Automatically, Firefox automatically chooses the default personal certificate.
-| security.mixed_content.block_active_content | string | Firefox 70, Firefox ESR 68.2 | true
+| security.mixed_content.block_active_content | boolean | Firefox 70, Firefox ESR 68.2 | true
| If false, mixed active content (HTTP and HTTPS) is not blocked.
+| security.osclientcerts.autoload | boolean | Firefox 72, Firefox ESR 68.4 (Windows only) | false
+| If true, client certificates are loaded from the operating system certificate store.
| security.ssl.errorReporting.enabled | boolean | Firefox 68, Firefox ESR 68 | true
| If false, SSL errors cannot be sent to Mozilla.
+| security.tls.hello_downgrade_check | boolean | Firefox 72, Firefox ESR 68.4 | true
+| If false, the TLS 1.3 downgrade check is disabled.
| ui.key.menuAccessKeyFocuses | boolean | Firefox 68, Firefox ESR 68 | true
| If false, the Alt key doesn't show the menubar on Windows.
+| widget.content.gtk-theme-override | string | Firefox 72, Firefox ESR 68.4 (Linux only) | N/A
+| If set, overrides the GTK theme for widgets.
#### Windows (GPO)
```
Software\Policies\Mozilla\Firefox\Preferences\boolean_preference_name = 0x1 | 0x0
<key>Proxy</key>
<dict>
<key>Mode</key>
- <string>none | system | manual | autoDetect| autoConfig</string>
+ <string>none | system | manual | autoDetect | autoConfig</string>
<key>Locked</key>
<true> | </false>
<key>HTTPProxy</key>