+#### policies.json
+```
+{
+ "policies": {
+ "PopupBlocking": {
+ "Allow": ["http://example.org/",
+ "http://example.edu/"],
+ "Default": true | false,
+ "Locked": true | false
+ }
+ }
+}
+```
+### Preferences
+Set and lock preferences.
+
+**NOTE** On Windows, in order to use this policy, you must clear all settings in the old **Preferences (Deprecated)** section.
+
+Previously you could only set and lock a subset of preferences. Starting with Firefox 81 and Firefox ESR 78.3 you can set many more preferences. You can also set default preferences, user preferences and you can clear preferences.
+
+Preferences that start with the following prefixes are supported:
+```
+accessibility.
+app.update.* (Firefox 86, Firefox 78.8)
+browser.
+datareporting.policy.
+dom.
+extensions.
+general.autoScroll (Firefox 83, Firefox ESR 78.5)
+general.smoothScroll (Firefox 83, Firefox ESR 78.5)
+geo.
+gfx.
+intl.
+keyword.enabled (Firefox 95, Firefox ESR 91.4)
+layers.
+layout.
+media.
+network.
+pdfjs. (Firefox 84, Firefox ESR 78.6)
+places.
+print.
+signon. (Firefox 83, Firefox ESR 78.5)
+spellchecker. (Firefox 84, Firefox ESR 78.6)
+toolkit.legacyUserProfileCustomizations.stylesheets (Firefox 95, Firefox ESR 91.4)
+ui.
+widget.
+xpinstall.signatures.required (Firefox ESR 102.10, Firefox ESR only)
+```
+as well as the following security preferences:
+
+| Preference | Type | Default
+| --- | --- | --- |
+| security.default_personal_cert | string | Ask Every Time
+| If set to Select Automatically, Firefox automatically chooses the default personal certificate.
+| security.insecure_connection_text.enabled | bool | false
+| If set to true, adds the words "Not Secure" for insecure sites.
+| security.insecure_connection_text.pbmode.enabled | bool | false
+| If set to true, adds the words "Not Secure" for insecure sites in private browsing.
+| security.mixed_content.block_active_content | boolean | true
+| If false, mixed active content (HTTP and HTTPS) is not blocked.
+| security.osclientcerts.autoload | boolean | false
+| If true, client certificates are loaded from the operating system certificate store.
+| security.OCSP.enabled | integer | 1
+| If 0, do not fetch OCSP. If 1, fetch OCSP for DV and EV certificates. If 2, fetch OCSP only for EV certificates
+| security.OCSP.require | boolean | false
+| If true, if an OCSP request times out, the connection fails.
+| security.osclientcerts.assume_rsa_pss_support | boolean | true
+| If false, we don't assume an RSA key can do RSA-PSS (Firefox 114, Firefox ESR 102.12).
+| security.ssl.enable_ocsp_stapling | boolean | true
+| If false, OCSP stapling is not enabled.
+| security.ssl.errorReporting.enabled | boolean | true
+| If false, SSL errors cannot be sent to Mozilla.
+| security.tls.enable_0rtt_data | boolean | true
+| If false, TLS early data is turned off (Firefox 93, Firefox 91.2, Firefox 78.15).
+| security.tls.hello_downgrade_check | boolean | true
+| If false, the TLS 1.3 downgrade check is disabled.
+| security.tls.version.enable-deprecated | boolean | false
+| If true, browser will accept TLS 1.0. and TLS 1.1 (Firefox 86, Firefox 78.8).
+| security.warn_submit_secure_to_insecure | boolean | true
+| If false, no warning is shown when submitting a form from https to http.
+
+Using the preference as the key, set the `Value` to the corresponding preference value.
+
+`Status` can be "default", "locked", "user" or "clear"
+
+* `"default"`: Read/Write: Settings appear as default even if factory default differs.
+* `"locked"`: Read-Only: Settings appear as default even if factory default differs.
+* `"user"`: Read/Write: Settings appear as changed if it differs from factory default.
+* `"clear"`: Read/Write: `Value` has no effect. Resets to factory defaults on each startup.
+
+`"user"` preferences persist across invocations of Firefox. It is the equivalent of a user setting the preference. They are most useful when a preference is needed very early in startup so it can't be set as default by policy. An example of this is ```toolkit.legacyUserProfileCustomizations.stylesheets```.
+
+`"user"` preferences persist even if the policy is removed, so if you need to remove them, you should use the clear policy.
+
+See the examples below for more detail.
+
+IMPORTANT: Make sure you're only setting a particular preference using this mechanism and not some other way.
+
+Status
+**Compatibility:** Firefox 81, Firefox ESR 78.3\
+**CCK2 Equivalent:** `preferences`\
+**Preferences Affected:** Many
+
+#### Windows (GPO)
+Software\Policies\Mozilla\Firefox\Preferences (REG_MULTI_SZ) =
+```
+{
+ "accessibility.force_disabled": {
+ "Value": 1,
+ "Status": "default"
+ },
+ "browser.cache.disk.parent_directory": {
+ "Value": "SOME_NATIVE_PATH",
+ "Status": "user"
+ },
+ "browser.tabs.warnOnClose": {
+ "Value": false,
+ "Status": "locked"
+ }
+}
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Preferences
+```
+Value (string):
+```
+<enabled/>
+<data id="JSON" value='
+{
+ "accessibility.force_disabled": {
+ "Value": 1,
+ "Status": "default"
+ },
+ "browser.cache.disk.parent_directory": {
+ "Value": "SOME_NATIVE_PATH",
+ "Status": "user"
+ },
+ "browser.tabs.warnOnClose": {
+ "Value": false,
+ "Status": "locked"
+ }
+}'/>
+```
+#### macOS
+```
+<dict>
+ <key>Preferences</key>
+ <dict>
+ <key>accessibility.force_disabled</key>
+ <dict>
+ <key>Value</key>
+ <integer>1</integer>
+ <key>Status</key>
+ <string>default</string>
+ </dict>
+ <key>browser.cache.disk.parent_directory</key>
+ <dict>
+ <key>Value</key>
+ <string>SOME_NATIVE_PATH</string>
+ <key>Status</key>
+ <string>user</string>
+ </dict>
+ <key>browser.tabs.warnOnClose</key>
+ <dict>
+ <key>Value</key>
+ <false/>
+ <key>Status</key>
+ <string>locked</string>
+ </dict>
+ </dict>
+</dict>
+```
+#### policies.json