+ "DisableProfileRefresh": true | false
+ }
+}
+```
+### DisableSafeMode
+Disable safe mode within the browser.
+
+On Windows, this disables safe mode via the command line as well.
+
+**Compatibility:** Firefox 60, Firefox ESR 60 (Windows, macOS)\
+**CCK2 Equivalent:** `disableSafeMode`\
+**Preferences Affected:** N/A
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\DisableSafeMode = 0x1 | 0x0
+```
+#### macOS
+```
+<dict>
+ <key>DisableSafeMode</key>
+ <true/> | <false/>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "DisableSafeMode": true | false
+ }
+}
+```
+### DisableSecurityBypass
+Prevent the user from bypassing security in certain cases.
+
+`InvalidCertificate` prevents adding an exception when an invalid certificate is shown.
+
+`SafeBrowsing` prevents selecting "ignore the risk" and visiting a harmful site anyway.
+
+**Compatibility:** Firefox 60, Firefox ESR 60\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `security.certerror.hideAddException`,`browser.safebrowsing.allowOverride`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\DisableSecurityBypass\InvalidCertificate = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\DisableSecurityBypass\SafeBrowsing = 0x1 | 0x0
+```
+#### macOS
+```
+<dict>
+ <key>DisableSecurityBypass</key>
+ <dict>
+ <key>InvalidCertificate</key>
+ <true/> | <false/>
+ <key><SafeBrowsing/key>
+ <true/> | <false/>
+ </dict>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "DisableSecurityBypass": {
+ "InvalidCertificate": true false,
+ "SafeBrowsing": true false
+ }
+ }
+}
+```
+### DisableSystemAddonUpdate
+Prevent system add-ons from being installed or update.
+
+**Compatibility:** Firefox 60, Firefox ESR 60\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** N/A
+
+#### Windows (GPO)
+```Software\Policies\Mozilla\Firefox\DisableSystemAddonUpdate = 0x1 | 0x0
+```
+#### macOS
+```
+<dict>
+ <key>DisableSystemAddonUpdate</key>
+ <true/> | <false/>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "DisableSystemAddonUpdate": true | false
+ }
+}
+```
+### DisableTelemetry
+Prevent the upload of telemetry data.
+
+Mozilla recommends that you do not disable telemetry. Information collected through telemetry helps us build a better product for businesses like yours.
+
+**Compatibility:** Firefox 60, Firefox ESR 60\
+**CCK2 Equivalent:** `disableTelemetry`\
+**Preferences Affected:** `datareporting.healthreport.uploadEnabled,datareporting.policy.dataSubmissionEnabled`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\DisableTelemetry = 0x1 | 0x0
+```
+#### macOS
+```
+<dict>
+ <key>DisableTelemetry</key>
+ <true/> | <false/>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "DisableTelemetry": true | false
+ }
+}
+```
+### DisplayBookmarksToolbar
+Set the initial state of the bookmarks toolbar. A user can still hide it and it will stay hidden.
+
+**Compatibility:** Firefox 60, Firefox ESR 60\
+**CCK2 Equivalent:** `displayBookmarksToolbar`\
+**Preferences Affected:** N/A
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\DisplayBookmarksToolbar = 0x1 | 0x0
+```
+#### macOS
+```
+<dict>
+ <key>DisplayBookmarksToolbar</key>
+ <true/> | <false/>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "DisplayBookmarksToolbar": true | false
+ }
+}
+```
+### DisplayMenuBar (Deprecated)
+Set the initial state of the menubar. A user can still hide it and it will stay hidden.
+
+**Compatibility:** Firefox 60, Firefox ESR 60 (Windows, some Linux)\
+**CCK2 Equivalent:** `displayMenuBar`\
+**Preferences Affected:** N/A
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\DisplayMenuBar = 0x1 | 0x0
+```
+#### macOS
+```
+<dict>
+ <key>DisplayMenuBar</key>
+ <true/> | <false/>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "DisplayMenuBar": true | false
+ }
+}
+```
+### DisplayMenuBar
+Set the state of the menubar.
+
+`always` means the menubar is shown and cannot be hidden.
+
+`never` means the menubar is hidden and cannot be shown.
+
+`default-on` means the menubar is on by default but can be hidden.
+
+`default-off` means the menubar is off by default but can be shown.
+
+**Compatibility:** Firefox 73, Firefox ESR 68.5 (Windows, some Linux)\
+**CCK2 Equivalent:** `displayMenuBar`\
+**Preferences Affected:** N/A
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\DisplayMenuBar = "always", "never", "default-on", "default-off"
+```
+#### macOS
+```
+<dict>
+ <key>DisplayMenuBar</key>
+ <string>always | never | default-on | default-off</string>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "DisplayMenuBar": "always", "never", "default-on", "default-off"
+ }
+}
+```
+### DNSOverHTTPS
+Configure DNS over HTTPS.
+
+`Enabled` determines whether DNS over HTTPS is enabled
+
+`ProviderURL` is a URL to another provider.
+
+`Locked` prevents the user from changing DNS over HTTPS preferences.
+
+**Compatibility:** Firefox 63, Firefox ESR 68\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `network.trr.mode`,`network.trr.uri`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Enabled = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\DNSOverHTTPS\ProviderURL = "URL_TO_ALTERNATE_PROVIDER"
+Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Locked = 0x1 | 0x0
+```
+#### macOS
+```
+<dict>
+ <key>DNSOverHTTPS</key>
+ <dict>
+ <key>Enabled</key>
+ <true/> | <false/>
+ <key>ProviderURL</key>
+ <string>URL_TO_ALTERNATE_PROVIDER</string>
+ <key>Locked</key>
+ <true/> | <false/>
+ </dict>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "DNSOverHTTPS": {
+ "Enabled": true | false,
+ "ProviderURL": "URL_TO_ALTERNATE_PROVIDER",
+ "Locked": true | false
+ }
+ }
+}
+```
+### DontCheckDefaultBrowser
+Don't check if Firefox is the default browser at startup.
+
+**Compatibility:** Firefox 60, Firefox ESR 60\
+**CCK2 Equivalent:** `dontCheckDefaultBrowser`\
+**Preferences Affected:** `browser.shell.checkDefaultBrowser`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\DontCheckDefaultBrowser = 0x1 | 0x0
+```
+#### macOS
+```
+<dict>
+ <key>DontCheckDefaultBrowser</key>
+ <true/> | <false/>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "DontCheckDefaultBrowser": true | false
+ }
+}
+```
+### DefaultDownloadDirectory
+Set the default download directory.
+
+You can use ${home} for the native home directory.
+
+**Compatibility:** Firefox 68, Firefox ESR 68\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `browser.download.dir`,`browser.download.folderList`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\DefaultDownloadDirectory = "${home}\Downloads"
+```
+#### macOS
+```
+<dict>
+ <key>DefaultDownloadDirectory</key>
+ <string>${home}/Downloads</string>
+</dict>
+```
+#### policies.json (macOS and Linux)
+```
+{
+ "policies": {
+ "DefaultDownloadDirectory": "${home}/Downloads"
+}
+```
+#### policies.json (Windows)
+```
+{
+ "policies": {
+ "DefaultDownloadDirectory": "${home}\\Downloads"
+}
+```
+### DownloadDirectory
+Set and lock the download directory.
+
+You can use ${home} for the native home directory.
+
+**Compatibility:** Firefox 68, Firefox ESR 68\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `browser.download.dir`,`browser.download.folderList`,`browser.download.useDownloadDir`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\DownloadDirectory = "${home}\Downloads"
+```
+#### macOS
+```
+<dict>
+ <key>DownloadDirectory</key>
+ <string>${home}/Downloads</string>
+</dict>
+```
+#### policies.json (macOS and Linux)
+```
+{
+ "policies": {
+ "DownloadDirectory": "${home}/Downloads"
+}
+```
+#### policies.json (Windows)
+```
+{
+ "policies": {
+ "DownloadDirectory": "${home}\\Downloads"
+}
+```
+### EnableTrackingProtection
+Configure tracking protection.
+
+If this policy is not configured, tracking protection is not enabled by default in the browser, but it is enabled by default in private browsing and the user can change it.
+
+If `Value` is set to false, tracking protection is disabled and locked in both the regular browser and private browsing.
+
+If `Value` is set to true, tracking protection is enabled by default in both the regular browser and private browsing and the `Locked` value determines whether or not a user can change it.
+
+If `Cryptomining` is set to true, cryptomining scripts on websites are blocked.
+
+If `Fingerprinting` is set to true, fingerprinting scripts on websites are blocked.
+
+`Exceptions` are origins for which tracking protection is not enabled.
+
+**Compatibility:** Firefox 60, Firefox ESR 60 (Cryptomining and Fingerprinting added in 70/68.2, Exceptions added in 73/68.5)\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `privacy.trackingprotection.enabled`,`privacy.trackingprotection.pbmode.enabled`,`privacy.trackingprotection.cryptomining.enabled`,`privacy.trackingprotection.fingerprinting.enabled`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Value = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Locked = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Cryptomining = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Fingerprinting = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Exceptions\1 = "https://example.com"
+```
+#### macOS
+```
+<dict>
+ <key>EnableTrackingProtection</key>
+ <dict>
+ <key>Value</key>
+ <true/> | <false/>
+ <key><Locked</key>
+ <true/> | <false/>
+ <key><Cryptomining</key>
+ <true/> | <false/>
+ <key><Fingerprinting</key>
+ <true/> | <false/>
+ <key>Exceptions</key>
+ <array>
+ <string>https://example.com</string>
+ </array>
+ </dict>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "EnableTrackingProtection": {
+ "Value": [true, false],
+ "Locked": [true, false],
+ "Cryptomining": [true, false],
+ "Fingerprinting": [true, false],
+ "Exceptions": ["https://example.com"]
+ }
+}
+```
+### EnterprisePoliciesEnabled
+Enable policy support on macOS.
+
+**Compatibility:** Firefox 63, Firefox ESR 60.3 (macOS only)\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** N/A
+
+#### macOS
+```
+<dict>
+ <key>EnterprisePoliciesEnabled</key>
+ <true/>
+</dict>
+```
+### Extensions
+Control the installation, uninstallation and locking of extensions.
+
+`Install` is a list of URLs or native paths for extensions to be installed.
+
+`Uninstall` is a list of extension IDs that should be uninstalled if found.
+
+`Locked` is a list of extension IDs that the user cannot disable or uninstall.
+
+**Compatibility:** Firefox 60, Firefox ESR 60\
+**CCK2 Equivalent:** `addons`\
+**Preferences Affected:** N/A
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\Extensions\Install\1 = "https://addons.mozilla.org/firefox/downloads/somefile.xpi"
+Software\Policies\Mozilla\Firefox\Extensions\Install\2 = "//path/to/xpi"
+Software\Policies\Mozilla\Firefox\Extensions\Uninstall\1 = "bad_addon_id@mozilla.org"
+Software\Policies\Mozilla\Firefox\Extensions\Locked\1 = "addon_id@mozilla.org"
+```
+#### macOS
+```
+<dict>
+ <key>Extensions</key>
+ <dict>
+ <key>Install</key>
+ <array>
+ <string>https://addons.mozilla.org/firefox/downloads/somefile.xpi</string>
+ <string>//path/to/xpi</string>
+ </array>
+ <key>Uninstall</key>
+ <array>
+ <string>bad_addon_id@mozilla.org</string>
+ </array>
+ <key>Locked</key>
+ <array>
+ <string>addon_id@mozilla.org</string>
+ </array>
+ </dict>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "Extensions": {
+ "Install": ["https://addons.mozilla.org/firefox/downloads/somefile.xpi", "//path/to/xpi"],
+ "Uninstall": ["bad_addon_id@mozilla.org"],
+ "Locked": ["addon_id@mozilla.org"]
+ }
+ }
+}
+```
+### ExtensionSettings
+Manage all aspects of extensions. This policy is based heavily on the [Chrome policy](https://dev.chromium.org/administrators/policy-list-3/extension-settings-full) of the same name.
+
+This policy maps an extension ID to its configuration. With an extension ID, the configuration will be applied to the specified extension only. A default configuration can be set for the special ID "*", which will apply to all extensions that don't have a custom configuration set in this policy.
+
+To obtain an extension ID, install the extension and go to about:support. You will see the ID in the Extensions section.
+
+The configuration for each extension is another dictionary that can contain the fields documented below.
+
+| Name | Description |
+| --- | --- |
+| `installation_mode` | Maps to a string indicating the installation mode for the extension. The valid strings are `allowed`,`blocked`,`force_installed`, and `normal_installed`.
+| `allowed` | Allows the extension to be installed by the user. This is the default behavior.
+| `blocked`| Blocks installation of the extension and removes it from the device if already installed.
+| `force_installed`| The extension is automatically installed and can't be removed by the user. This option is not valid for the default configuration and requires an install_url.
+| `normal_installed`| The extension is automatically installed but can be disabled by the user. This option is not valid for the default configuration and requires an install_url.
+| `install_url`| Maps to a URL indicating where Firefox can download a force_installed or normal_installed extension. If installing from the addons.mozilla.org, use the following URL (substituting SHORT_NAME from the URL on AMO), https://addons.mozilla.org/firefox/downloads/latest/SHORT_NAME/latest.xpi. If installing from the local file system, use a file:/// URL. Languages packs are available from https://releases.mozilla.org/pub/firefox/releases/VERSION/PLATFORM/xpi/LANGUAGE.xpi.
+| `install_sources` | Each item in this list is an extension-style match pattern. Users will be able to easily install items from any URL that matches an item in this list. Both the location of the *.xpi file and the page where the download is started from (i.e. the referrer) must be allowed by these patterns. This setting can be used only for the default configuration.
+| `allowed_types` | This setting whitelists the allowed types of extension/apps that can be installed in Firefox. The value is a list of strings, each of which should be one of the following: "extension", "theme", "dictionary", "langpack" This setting can be used only for the default configuration.
+| `blocked_install_message` | This maps to a string specifying the error message to display to users if they're blocked from installing an extension. This setting allows you to append text to the generic error message displayed when the extension is blocked. This could be be used to direct users to your help desk, explain why a particular extension is blocked, or something else.
+
+**Compatibility:** Firefox 69, Firefox ESR 68.1\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** N/A
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\ExtensionSettings (REG_MULTI_SZ) =
+{
+ "*": {
+ "blocked_install_message": "Custom error message.",
+ "install_sources": ["https://addons.mozilla.org/"],
+ "installation_mode": "blocked",
+ "allowed_types": ["extension"]
+ },
+ "uBlock0@raymondhill.net": {
+ "installation_mode": "force_installed",
+ "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
+ }
+}
+```
+#### macOS
+```
+<dict>
+ <key>ExtensionSettings</key>
+ <dict>
+ <key>*</key>
+ <dict>
+ <key>blocked_install_message</key>
+ <string>Custom error message.</string>
+ <key>install_sources</key>
+ <array>
+ <string>https://addons.mozilla.org/</string>
+ </array>
+ <key>installation_mode</key>
+ <string>blocked</string>
+ <key>allowed_types</key>
+ <array>
+ <string>extension</string>
+ </array>
+ </dict>
+ <key>uBlock0@raymondhill.net</key>
+ <dict>
+ <key>installation_mode</key>
+ <string>force_installed</string>
+ <key>install_url</key>
+ <string>https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi</string>
+ </dict>
+ </dict>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "ExtensionSettings": {
+ "*": {
+ "blocked_install_message": "Custom error message.",
+ "install_sources": ["https://addons.mozilla.org/"],
+ "installation_mode": "blocked",
+ "allowed_types": ["extension"]
+ },
+ "uBlock0@raymondhill.net": {
+ "installation_mode": "force_installed",
+ "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
+ }
+ }
+ }
+}
+```
+### ExtensionUpdate
+Control extension updates.
+
+**Compatibility:** Firefox 67, Firefox ESR 60.7\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `extensions.update.enabled`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\ExtensionUpdate = 0x1 | 0x0
+```
+#### macOS
+```
+<dict>
+ <key>ExtensionUpdate</key>
+ <true/> | <false/>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "ExtensionUpdate": true | false
+ }
+}
+```
+### FlashPlugin
+Configure the default Flash plugin policy as well as origins for which Flash is allowed.
+
+`Allow` is a list of origins where Flash are allowed.
+
+`Block` is a list of origins where Flash is not allowed.
+
+`Default` determines whether or not Flash is allowed by default.
+
+`Locked` prevents the user from changing Flash preferences.
+
+**Compatibility:** Firefox 60, Firefox ESR 60\
+**CCK2 Equivalent:** `permissions.plugin`\
+**Preferences Affected:** `plugin.state.flash`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\FlashPlugin\Allow\1 = "https://example.org"
+Software\Policies\Mozilla\Firefox\FlashPlugin\Block\1 = "https://example.edu"
+Software\Policies\Mozilla\Firefox\FlashPlugin\Default = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\FlashPlugin\Locked = 0x1 | 0x0
+```
+#### macOS
+```
+<dict>
+ <key>FlashPlugin</key>
+ <dict>
+ <key>Allow</key>
+ <array>
+ <string>http://example.org</string>
+ </array>
+ <key>Block</key>
+ <array>
+ <string>http://example.edu</string>
+ </array>
+ <key>Default</key>
+ <true/> | <false/>
+ <key>Locked</key>
+ <true/> | <false/>
+ </dict>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "FlashPlugin": {
+ "Allow": ["http://example.org/"],
+ "Block": ["http://example.edu/"],
+ "Default": true | false,
+ "Locked": true | false
+ }
+ }
+}
+```
+### FirefoxHome
+Customize the Firefox Home page.
+
+**Compatibility:** Firefox 68, Firefox ESR 68\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `browser.newtabpage.activity-stream.showSearch`,`browser.newtabpage.activity-stream.feeds.topsites`,`browser.newtabpage.activity-stream.feeds.section.highlights`,`browser.newtabpage.activity-stream.feeds.section.topstories`,`browser.newtabpage.activity-stream.feeds.snippets`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\FirefoxHome\Search = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\FirefoxHome\TopSites = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\FirefoxHome\Highlights = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\FirefoxHome\Pocket = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\FirefoxHome\Snippets = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\FirefoxHome\Locked = 0x1 | 0x0
+```
+#### macOS
+```
+<dict>
+ <key>FirefoxHome</key>
+ <dict>
+ <key>Search</key>
+ <true/> | <false/>
+ <key>TopSites</key>
+ <true/> | <false/>
+ <key>Highlights</key>
+ <true/> | <false/>
+ <key>Pocket</key>
+ <true/> | <false/>
+ <key>Snippets</key>
+ <true/> | <false/>
+ <key>Locked</key>
+ <true/> | <false/>
+ </dict>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "FirefoxHome": {
+ "Search": true | false,
+ "TopSites": true | false,
+ "Highlights": true | false,
+ "Pocket": true | false,
+ "Snippets": true | false,
+ "Locked": true | false
+ }
+ }
+}
+```
+### HardwareAcceleration
+Control hardware acceleration.
+
+**Compatibility:** Firefox 60, Firefox ESR 60\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `layers.acceleration.disabled`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\HardwareAcceleration = 0x1 | 0x0
+```
+#### macOS
+```
+<dict>
+ <key>HardwareAcceleration</key>
+ <true/> | <false/>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "HardwareAcceleration": true | false