Preferences

Set and lock preferences.

Previously you could only set and lock a subset of preferences. Starting with Firefox 81 and Firefox ESR 78.3 you can set many more preferences. You can also set default preferences, user preferences and you can clear preferences.

Compatibility: Firefox 81, Firefox ESR 78.3
CCK2 Equivalent: preferences
Preferences Affected: Many

Values

Preferences that start with the following prefixes are supported:

accessibility.
alerts.* (Firefox 122, Firefox ESR 115.7)
app.update.* (Firefox 86, Firefox ESR 78.8)
browser.
datareporting.policy.
dom.
extensions.
general.autoScroll (Firefox 83, Firefox ESR 78.5)
general.smoothScroll (Firefox 83, Firefox ESR 78.5)
geo.
gfx.
identity.fxaccounts.toolbar (Firefox 133)
intl.
keyword.enabled (Firefox 95, Firefox ESR 91.4)
layers.
layout.
mathml.disabled (Firefox 141, Firefox ESR 140.1)
media.
network.
pdfjs. (Firefox 84, Firefox ESR 78.6)
places.
pref.
print.
privacy.baselineFingerprintingProtection, privacy.baselineFingerprintingProtection.* (Firefox 141, Firefox ESR 140.1)
privacy.fingerprintingProtection, privacy.fingerprintingProtection.* (Firefox 141, Firefox ESR 140.1)
privacy.globalprivacycontrol.enabled (Firefox 127, Firefox ESR 128.0)
privacy.userContext.enabled (Firefox 126, Firefox ESR 115.11)
privacy.userContext.ui.enabled (Firefox 126, Firefox ESR 115.11)
signon. (Firefox 83, Firefox ESR 78.5)
spellchecker. (Firefox 84, Firefox ESR 78.6)
svg.context-properties.content.enabled (Firefox 141, Firefox ESR 140.1)
svg.disabled (Firefox 141, Firefox ESR 140.1)
toolkit.legacyUserProfileCustomizations.stylesheets (Firefox 95, Firefox ESR 91.4)
ui.
webgl.disabled (Firefox 141, Firefox ESR 140.1)
webgl.force-enabled (Firefox 141, Firefox ESR 140.1)
widget.
xpinstall.enabled (Firefox 141, Firefox ESR 140.1)
xpinstall.signatures.required (Firefox ESR 102.10, Firefox ESR only)
xpinstall.whitelist.required (Firefox 118, Firefox ESR 115.3)

as well as the following security preferences:

Preference	Type	Default	Description
security.csp.reporting.enabled	bool	true	If set to false, disables CSP reporting. (Firefox 141, Firefox ESR 140.1)
security.default_personal_cert	string	Ask Every Time	If set to Select Automatically, Firefox automatically chooses the default personal certificate.
security.disable_button.openCertManager	string	N/A	If set to true and locked, the View Certificates button in preferences is disabled. (Firefox 121, Firefox ESR 115.6)
security.disable_button.openDeviceManager	string	N/A	If set to true and locked, the Security Devices button in preferences is disabled. (Firefox 121, Firefox ESR 115.6)
security.insecure_connection_text.enabled	bool	false	If true, adds the words "Not Secure" for insecure sites.
security.insecure_connection_text.pbmode.enabled	bool	false	If true, adds the words "Not Secure" for insecure sites in private browsing.
security.mixed_content.block_active_content	boolean	true	If true, mixed active content (HTTP subresources such as scripts, fetch requests, etc. on a HTTPS page) will be blocked.
security.mixed_content.block_display_content	boolean	false	If true, mixed passive/display content (HTTP subresources such as images, videos, etc. on a HTTPS page) will be blocked and `security.mixed_content.upgrade_display_content` will be ignored. (Firefox 127, Firefox ESR 128.0)
security.mixed_content.upgrade_display_content	boolean	true	If false, mixed passive/display content (HTTP subresources such as images, videos, etc. on a HTTPS page) will NOT be upgraded to HTTPS. (Firefox 127, Firefox ESR 128.0)
security.osclientcerts.autoload	boolean	false	If true, client certificates are loaded from the operating system certificate store.
security.OCSP.enabled	integer	1	If 0, do not fetch OCSP. If 1, fetch OCSP for DV and EV certificates. If 2, fetch OCSP only for EV certificates.
security.OCSP.require	boolean	false	If true, if an OCSP request times out, the connection fails.
security.osclientcerts.assume_rsa_pss_support	boolean	true	If false, we don't assume an RSA key can do RSA-PSS. (Firefox 114, Firefox ESR 102.12)
security.pki.certificate_transparency.disable_for_hosts	—	—	See this page for more details.
security.pki.certificate_transparency.disable_for_spki_hashes	—	—	See this page for more details.
security.pki.certificate_transparency.mode	integer	0	Configures Certificate Transparency support mode (Firefox 133).
security.ssl.enable_ocsp_stapling	boolean	true	If false, OCSP stapling is not enabled.
security.ssl.errorReporting.enabled	boolean	true	If false, SSL errors cannot be sent to Mozilla.
security.ssl.require_safe_negotiation	boolean	false	If true, Firefox will only negotiate TLS connections with servers that indicate they support secure renegotiation. (Firefox 118, Firefox ESR 115.3)
security.tls.enable_0rtt_data	boolean	true	If false, TLS early data is turned off. (Firefox 93, Firefox 91.2, Firefox 78.15)
security.tls.hello_downgrade_check	boolean	true	If false, the TLS 1.3 downgrade check is disabled.
security.tls.version.enable-deprecated	boolean	false	If true, browser will accept TLS 1.0 and TLS 1.1. (Firefox 86, Firefox 78.8)
security.warn_submit_secure_to_insecure	boolean	true	If false, no warning is shown when submitting a form from https to http.

Using the preference as the key, set the Value to the corresponding preference value.

Status can be "default", "locked", "user" or "clear"

"default": Read/Write: Settings appear as default even if factory default differs.
"locked": Read-Only: Settings appear as default even if factory default differs.
"user": Read/Write: Settings appear as changed if it differs from factory default.
"clear": Read/Write: Value has no effect. Resets to factory defaults on each startup.

"user" preferences persist across invocations of Firefox. It is the equivalent of a user setting the preference. They are most useful when a preference is needed very early in startup so it can't be set as default by policy. An example of this is toolkit.legacyUserProfileCustomizations.stylesheets.

"user" preferences persist even if the policy is removed, so if you need to remove them, you should use the clear policy.

You can also set the Type starting in Firefox 123 and Firefox ESR 115.8. It can be number, boolean or string. This is especially useful if you are seeing 0 or 1 values being converted to booleans when set as user preferences.

See the examples below for more detail.

Windows (GPO)

Software\Policies\Mozilla\Firefox\Preferences (REG_MULTI_SZ) =

{
  "accessibility.force_disabled": {
    "Value": 1,
    "Status": "default",
    "Type": "number"
  },
  "browser.cache.disk.parent_directory": {
    "Value": "SOME_NATIVE_PATH",
    "Status": "user"
  },
  "browser.tabs.warnOnClose": {
    "Value": false,
    "Status": "locked"
  }
}

Windows (Intune)

OMA-URI:

./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Preferences

Value (string):

<enabled/>
<data id="JSON" value='
{
  "accessibility.force_disabled": {
    "Value": 1,
    "Status": "default",
    "Type": "number"
  },
  "browser.cache.disk.parent_directory": {
    "Value": "SOME_NATIVE_PATH",
    "Status": "user"
  },
  "browser.tabs.warnOnClose": {
    "Value": false,
    "Status": "locked"
  }
}'/>

If you are using custom ADMX and ADML administrative templates in Intune, you can use this OMA-URI instead to workaround the limit on the length of strings. Put all of your JSON on one line.