//
// The Phoenix shall rise from the ashes of what fell before it.

//
// Copyright (C) 2024-2026 celenity
//
// This file is part of Phoenix.
//
// Phoenix is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
//
// Phoenix is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License along with Phoenix. If not, see https://www.gnu.org/licenses/.
//

// Welcome to the birth of the Phoenix.
// This file contains default values for Phoenix-specific preferences (as well as some initial defines), so that
// projects consuming Phoenix (ex. Dove, IronFox) can override their values.
// These preferences need to be ready very early, so it doesn't really work to just set them as overrides at the end.
// In practice, this file is just appended to the top of `phoenix-unified.cfg`.

// Whether we're targeting Thunderbird
/// PHOENIX_MAIL is set by the build scripts
let phoenixMail = false;

// Determine our platform
/// (See: https://codeberg.org/celenity/Phoenix/issues/231)

/// If PHOENIX_HARDCODE_PLATFORM is set to 1 at build-time, we will hardcode the target platform, instead of trying to
// determine it automatically (from the checks below)
/// While our checks do seem to work reliably, it's safer to hardcode/set the platform directly, especially since we still currently
/// ship other OS-specific files anyways (ex. policies)
/// (See discussion at: https://codeberg.org/celenity/Phoenix/issues/231)
/// PHOENIX_PLATFORM_TO_HARDCODE is set by the build scripts
let phoenixPlatformToHardcode = "linux";

// Ensure the platform (if set directly) is properly set to a recognized value
if (phoenixPlatformToHardcode == "android" || phoenixPlatformToHardcode == "linux" || phoenixPlatformToHardcode == "osx" ||
     phoenixPlatformToHardcode == "windows") {
    lockPref("browser.phoenix.platform", `${phoenixPlatformToHardcode}`); // [FN]
    lockPref("browser.phoenix.platform.current", `${phoenixPlatformToHardcode}`); // [FN]
    lockPref("browser.phoenix.platformSet", true); // [FN]
    phoenixSetValidPlatform = true;
} else {
    defaultPref("browser.phoenix.platform", "unknown"); // [FN]
    defaultPref("browser.phoenix.platform.current", "unknown"); // [FN]
    defaultPref("browser.phoenix.platformSet", false); // [FN]
    phoenixSetValidPlatform = false;
};

if (phoenixSetValidPlatform != true) {
    try {
        // First, check the value of PHOENIX_HOST_PLATFORM
        if (getenv("PHOENIX_HOST_PLATFORM") == "android") {
            PHOENIX_PLATFORM = 'android'
        } else if (getenv("PHOENIX_HOST_PLATFORM") == "linux") {
            PHOENIX_PLATFORM = 'linux'
        // We distinguish between OS X and OS X Intel later
        } else if (getenv("PHOENIX_HOST_PLATFORM") == "osx" || getenv("PHOENIX_HOST_PLATFORM") == "osx-intel") {
            PHOENIX_PLATFORM = 'osx'
        } else if (getenv("PHOENIX_HOST_PLATFORM") == "windows") {
            PHOENIX_PLATFORM = 'windows'

        // Now, fall-back to system env variables...

        // If any of the following env variables are defined, we know we're on Android:
        // (For general ANDROID_ vars, see ex.: https://android.googlesource.com/platform/system/core/+/refs/heads/main/rootdir/init.environ.rc.in)
        // ANDROID_ART_ROOT
        // ANDROID_ASSETS
        // ANDROID_BOOTLOGO
        // ANDROID_DATA
        // ANDROID_I18N_ROOT
        // ANDROID_ROOT
        // ANDROID_STORAGE
        // ANDROID_TZDATA_ROOT
        // MOZ_ANDROID_CPU_ABI
        // MOZ_ANDROID_CRASH_HANDLER
        // MOZ_ANDROID_LIBDIR
        // MOZ_ANDROID_LIBDIR_OVERRIDE
        // MOZ_ANDROID_PACKAGE_NAME
        // MOZ_ANDROID_USER_SERIAL_NUMBER
        } else if (getenv("ANDROID_ART_ROOT") || getenv("ANDROID_ASSETS") || getenv("ANDROID_BOOTLOGO") || getenv("ANDROID_DATA") || getenv("ANDROID_I18N_ROOT") || getenv("ANDROID_ROOT") || getenv("ANDROID_STORAGE") || getenv("ANDROID_TZDATA_ROOT") || getenv("MOZ_ANDROID_CPU_ABI") || getenv("MOZ_ANDROID_CRASH_HANDLER") || getenv("MOZ_ANDROID_LIBDIR") || getenv("MOZ_ANDROID_LIBDIR_OVERRIDE") || getenv("MOZ_ANDROID_PACKAGE_NAME") || getenv("MOZ_ANDROID_USER_SERIAL_NUMBER")) {
            PHOENIX_PLATFORM = 'android'
        // If any of the following env variables are defined, we know we're on OS X:
        // __CFBundleIdentifier
        // MOZ_APP_NO_DOCK
        // MOZ_NO_GLOBAL_MOUSE_MONITOR
        // XPC_FLAGS
        // XPC_SERVICE_NAME
        } else if (getenv("__CFBundleIdentifier") || getenv("MOZ_APP_NO_DOCK") || getenv("MOZ_NO_GLOBAL_MOUSE_MONITOR") || getenv("XPC_FLAGS") || getenv("XPC_SERVICE_NAME")) {
            PHOENIX_PLATFORM = 'osx'
        // If any of the following env variables are defined, we know we're on Windows:
        // MOZ_ENABLE_WIN32K
        // OS (set to "Windows_NT")
        // PSModulePath
        // USERPROFILE
        // XRE_NO_DLL_READAHEAD
        // XRE_NO_WINDOWS_CRASH_DIALOG
        // windir
        } else if (getenv("OS") == "Windows_NT" || getenv("MOZ_ENABLE_WIN32K") || getenv("PSModulePath") || getenv("USERPROFILE") || getenv("XRE_NO_DLL_READAHEAD") || getenv("XRE_NO_WINDOWS_CRASH_DIALOG") || getenv("windir")) {
            PHOENIX_PLATFORM = 'windows'
        // If any of the following env variables are defined, we know we're on Linux:
        // DESKTOP_SESSION
        // FLATPAK_ID
        // GDK_BACKEND
        // GDMSESSION
        // GNOME_DESKTOP_SESSION_ID
        // GTK_USE_PORTAL
        // KDE_FULL_SESSION
        // LXQT_SESSION_CONFIG
        // MATE_DESKTOP_SESSION_ID
        // MOZ_DISABLE_WAYLAND_PROXY
        // MOZ_GDK_DISPLAY
        // MOZ_USE_XINPUT2
        // MOZ_X_SYNC
        // MOZ_X11_EGL
        // SNAP
        // SNAP_DESKTOP_RUNTIME
        // SNAP_INSTANCE_NAME
        // SNAP_NAME
        // SNAP_REAL_HOME
        // SYSTEMD_EXEC_PID
        // WAYLAND_DISPLAY
        // WAYLAND_PROXY_LOG
        // XDG_ACTIVATION_TOKEN
        // XDG_CACHE_HOME
        // XDG_CONFIG_DIRS
        // XDG_CONFIG_HOME
        // XDG_CURRENT_DESKTOP
        // XDG_DATA_DIRS
        // XDG_DATA_HOME
        // XDG_MENU_PREFIX
        // XDG_RUNTIME_DIR
        // XDG_SESSION_CLASS
        // XDG_SESSION_DESKTOP
        // XDG_SESSION_TYPE
        } else if (getenv("DESKTOP_SESSION") || getenv("FLATPAK_ID") || getenv("GDK_BACKEND") || getenv("GDMSESSION") || getenv("GNOME_DESKTOP_SESSION_ID") || getenv("GTK_USE_PORTAL") || getenv("KDE_FULL_SESSION") || getenv("LXQT_SESSION_CONFIG") || getenv("MATE_DESKTOP_SESSION_ID") || getenv("MOZ_DISABLE_WAYLAND_PROXY") || getenv("MOZ_GDK_DISPLAY") || getenv("MOZ_USE_XINPUT2") || getenv("MOZ_X_SYNC") || getenv("MOZ_X11_EGL") || getenv("SNAP") || getenv("SNAP_DESKTOP_RUNTIME") || getenv("SNAP_INSTANCE_NAME") || getenv("SNAP_NAME") || getenv("SNAP_REAL_HOME") || getenv("SYSTEMD_EXEC_PID") || getenv("WAYLAND_DISPLAY") || getenv("WAYLAND_PROXY_LOG") || getenv("XDG_ACTIVATION_TOKEN") || getenv("XDG_CACHE_HOME") || getenv("XDG_CONFIG_DIRS") || getenv("XDG_CONFIG_HOME") || getenv("XDG_CURRENT_DESKTOP") || getenv("XDG_DATA_DIRS") || getenv("XDG_DATA_HOME") || getenv("XDG_MENU_PREFIX") || getenv("XDG_RUNTIME_DIR") || getenv("XDG_SESSION_CLASS") || getenv("XDG_SESSION_DESKTOP") || getenv("XDG_SESSION_TYPE")) {
            PHOENIX_PLATFORM = 'linux'
        // At this point, we should really have our OS, but in case we don't for some reason, check prefs
        // In practice, these shouldn't be used
        } else if (getPref("apz.android.chrome_fling_physics.friction") || getPref("apz.android.chrome_fling_physics.inflexion") || getPref("apz.android.chrome_fling_physics.stop_threshold") || getPref("network.dns.native_https_timeout_android")) {
            PHOENIX_PLATFORM = 'android'
        } else if (getPref("browser.low_commit_space_threshold_percent") || getPref("media.ffmpeg.vaapi.force-surface-zero-copy") || getPref("widget.gtk.file-manager-show-items-timeout-ms")) {
            PHOENIX_PLATFORM = 'linux'
        } else if (getPref("network.dns.native_https_timeout_mac_msec") || getPref("widget.macos.shift-by-menubar-on-fullscreen") || getPref("widget.macos.automatic.text_substitution_fetch_length")) {
            PHOENIX_PLATFORM = 'osx'
        } else if (getPref("accessibility.windows.suppress-after-clipboard-copy") || getPref("accessibility.windows.suppress-for-snap-layout")) {
            PHOENIX_PLATFORM = 'windows'
        } else {
            PHOENIX_PLATFORM = 'unknown'
        }
    } catch (e) {
        PHOENIX_PLATFORM = 'unknown'
    };

    pref("browser.phoenix.platform.current", `${PHOENIX_PLATFORM}`); // [FN]
    phoenixPlatformPrefCurrentValue = getPref("browser.phoenix.platform.current");

    if (getPref("browser.phoenix.platformSet") == false || getPref("browser.phoenix.platform") == "unknown") {
        pref("browser.phoenix.platform", `${phoenixPlatformPrefCurrentValue}`); // [FN]
        pref("browser.phoenix.platformSet", true); // [FN]
    };
};

let phoenixPlatform = getPref("browser.phoenix.platform");

/// For OS X users, determine whether we're on Apple Silicon or Intel
if (phoenixPlatform == "osx") {
    /// PHOENIX_OSX_VARIANT_TO_HARDCODE is set by the build scripts
    phoenixOsXVariantToHardcode = "not-osx";

    // Ensure the OS X variant (if set directly) is properly set to a recognized value
    if (phoenixOsXVariantToHardcode == "silicon" || phoenixOsXVariantToHardcode == "intel") {
        lockPref("browser.phoenix.osx", `${phoenixOsXVariantToHardcode}`); // [FN]
        lockPref("browser.phoenix.osxCurrent", `${phoenixOsXVariantToHardcode}`); // [FN]
        lockPref("browser.phoenix.osxSet", true); // [FN]
        phoenixSetValidOsXVariant = true;
    } else {
        defaultPref("browser.phoenix.osx", "unknown"); // [FN]
        defaultPref("browser.phoenix.osxCurrent", "unknown"); // [FN]
        defaultPref("browser.phoenix.osxSet", false); // [FN]
        phoenixSetValidOsXVariant = false;
    };

    if (phoenixSetValidOsXVariant != true) {
        try {
            if (getenv("PHOENIX_HOST_PLATFORM") == "osx-intel") {
                PHOENIX_OSX = 'intel'
            } else if (getenv("PHOENIX_HOST_PLATFORM") == "osx") {
                PHOENIX_OSX = 'silicon'
            } else {
                PHOENIX_OSX = 'unknown'
            };
        } catch (e) {
            PHOENIX_OSX = 'unknown'
        };

        pref("browser.phoenix.osxCurrent", `${PHOENIX_OSX}`); // [FN]
        phoenixOsxPrefCurrentValue = getPref("browser.phoenix.osxCurrent");

        if (getPref("browser.phoenix.osxSet") == false || getPref("browser.phoenix.osx") == "unknown") {
            pref("browser.phoenix.osx", `${phoenixOsxPrefCurrentValue}`); // [FN]
            pref("browser.phoenix.osxSet", true); // [FN]
        };
    };

    phoenixOSX = getPref("browser.phoenix.osx");
} else {
    phoenixOSX = 'not-osx';
};

/// Determine whether we're in ESR
defaultPref("browser.phoenix.esr", "unknown"); // [FN]
defaultPref("browser.phoenix.esrCurrent", "unknown"); // [FN]
defaultPref("browser.phoenix.esrSet", false); // [FN]

try {
    if (phoenixPlatform == "android") {
        PHOENIX_ESR = 'false'
    } else if (getPref("app.update.channel") == "esr") {
        PHOENIX_ESR = 'true'
    } else {
        PHOENIX_ESR = 'false'
    };
} catch (e) {
    PHOENIX_ESR = 'unknown'
};

pref("browser.phoenix.esrCurrent", `${PHOENIX_ESR}`); // [FN]
phoenixEsrPrefCurrentValue = getPref("browser.phoenix.esrCurrent");

if (getPref("browser.phoenix.esrSet") == false || getPref("browser.phoenix.esr") == "unknown") {
    pref("browser.phoenix.esr", `${phoenixEsrPrefCurrentValue}`); // [FN]
    pref("browser.phoenix.esrSet", true); // [FN]
};

if (getPref("browser.phoenix.esr") == "true") {
    phoenixESR = true;
} else {
    phoenixESR = false;
};

// Whether we support Phoenix's specialized config functionality
/// PHOENIX_NO_SPEC is set by the build scripts
let phoenixNoSpec = false;

// Migrate existing users of specialized configs
/// I'd prefer to handle this at `phoenix-unified.cfg` instead, but this needs to run early due to its impact on the prefs below
if (phoenixPlatform != "android" && phoenixMail == false && phoenixNoSpec != true) {
    defaultPref("autoadmin.global_config_url", ""); // [FN]
    defaultPref("browser.phoenix.specConfig.migrationCompleted", false); // [FN]
    if (getPref("browser.phoenix.specConfig.migrationCompleted") == false && getPref("autoadmin.global_config_url") != "") {
        if (getPref("autoadmin.global_config_url") == "file:///etc/firefox/phoenix/configs/hardened.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///app/etc/firefox/phoenix/configs/hardened.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///opt/homebrew/opt/phoenix-osx/configs/hardened.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///usr/local/opt/phoenix-osx-intel/configs/extended.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///etc/firefox/phoenix/configs/ui-fix/hardened.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///app/etc/firefox/phoenix/configs/ui-fix/hardened.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///opt/homebrew/opt/phoenix-osx/configs/ui-fix/hardened.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///usr/local/opt/phoenix-osx-intel/configs/ui-fix/hardened.cfg") {
            pref("browser.phoenix.extended", true); // [FN]
            pref("browser.phoenix.usingLegacySpecConfig", true); // [FN]
        };

        if (getPref("autoadmin.global_config_url") == "file:///etc/firefox/phoenix/configs/apple-maps.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///app/etc/firefox/phoenix/configs/apple-maps.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///opt/homebrew/opt/phoenix-osx/configs/apple-maps.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///usr/local/opt/phoenix-osx-intel/configs/apple-maps.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///etc/firefox/phoenix/configs/ui-fix/apple-maps.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///app/etc/firefox/phoenix/configs/ui-fix/apple-maps.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///opt/homebrew/opt/phoenix-osx/configs/ui-fix/apple-maps.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///usr/local/opt/phoenix-osx-intel/configs/ui-fix/apple-maps.cfg") {
            pref("browser.phoenix.specConfig", "apple-maps"); // [FN]
            pref("browser.phoenix.usingLegacySpecConfig", true); // [FN]
        };

        if (getPref("autoadmin.global_config_url") == "file:///etc/firefox/phoenix/configs/discord.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///app/etc/firefox/phoenix/configs/discord.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///opt/homebrew/opt/phoenix-osx/configs/discord.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///usr/local/opt/phoenix-osx-intel/configs/discord.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///etc/firefox/phoenix/configs/ui-fix/discord.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///app/etc/firefox/phoenix/configs/ui-fix/discord.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///opt/homebrew/opt/phoenix-osx/configs/ui-fix/discord.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///usr/local/opt/phoenix-osx-intel/configs/ui-fix/discord.cfg") {
            pref("browser.phoenix.specConfig", "discord"); // [FN]
            pref("browser.phoenix.usingLegacySpecConfig", true); // [FN]
        };

        if (getPref("autoadmin.global_config_url") == "file:///etc/firefox/phoenix/configs/element.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///app/etc/firefox/phoenix/configs/element.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///opt/homebrew/opt/phoenix-osx/configs/element.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///usr/local/opt/phoenix-osx-intel/configs/element.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///etc/firefox/phoenix/configs/ui-fix/element.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///app/etc/firefox/phoenix/configs/ui-fix/element.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///opt/homebrew/opt/phoenix-osx/configs/ui-fix/element.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///usr/local/opt/phoenix-osx-intel/configs/ui-fix/element.cfg") {
            pref("browser.phoenix.specConfig", "element"); // [FN]
            pref("browser.phoenix.usingLegacySpecConfig", true); // [FN]
        };

        if (getPref("autoadmin.global_config_url") == "file:///etc/firefox/phoenix/configs/google-maps.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///app/etc/firefox/phoenix/configs/google-maps.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///opt/homebrew/opt/phoenix-osx/configs/google-maps.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///usr/local/opt/phoenix-osx-intel/configs/google-maps.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///etc/firefox/phoenix/configs/ui-fix/google-maps.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///app/etc/firefox/phoenix/configs/ui-fix/google-maps.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///opt/homebrew/opt/phoenix-osx/configs/ui-fix/google-maps.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///usr/local/opt/phoenix-osx-intel/configs/ui-fix/google-maps.cfg") {
            pref("browser.phoenix.specConfig", "google-maps"); // [FN]
            pref("browser.phoenix.usingLegacySpecConfig", true); // [FN]
        };

        if (getPref("autoadmin.global_config_url") == "file:///etc/firefox/phoenix/configs/photopea.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///app/etc/firefox/phoenix/configs/photopea.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///opt/homebrew/opt/phoenix-osx/configs/photopea.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///usr/local/opt/phoenix-osx-intel/configs/photopea.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///etc/firefox/phoenix/configs/ui-fix/photopea.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///app/etc/firefox/phoenix/configs/ui-fix/photopea.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///opt/homebrew/opt/phoenix-osx/configs/ui-fix/photopea.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///usr/local/opt/phoenix-osx-intel/configs/ui-fix/photopea.cfg") {
            pref("browser.phoenix.specConfig", "photopea"); // [FN]
            pref("browser.phoenix.usingLegacySpecConfig", true); // [FN]
        };

        if (getPref("autoadmin.global_config_url") == "file:///etc/firefox/phoenix/configs/twitter.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///app/etc/firefox/phoenix/configs/twitter.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///opt/homebrew/opt/phoenix-osx/configs/twitter.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///usr/local/opt/phoenix-osx-intel/configs/twitter.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///etc/firefox/phoenix/configs/ui-fix/twitter.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///app/etc/firefox/phoenix/configs/ui-fix/twitter.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///opt/homebrew/opt/phoenix-osx/configs/ui-fix/twitter.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///usr/local/opt/phoenix-osx-intel/configs/ui-fix/twitter.cfg") {
            pref("browser.phoenix.specConfig", "twitter"); // [FN]
            pref("browser.phoenix.usingLegacySpecConfig", true); // [FN]
        };

        if (getPref("autoadmin.global_config_url") == "file:///etc/firefox/phoenix/configs/youtube.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///app/etc/firefox/phoenix/configs/youtube.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///opt/homebrew/opt/phoenix-osx/configs/youtube.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///opt/homebrew/opt/phoenix-osx-intel/configs/youtube.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///etc/firefox/phoenix/configs/ui-fix/youtube.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///app/etc/firefox/phoenix/configs/ui-fix/youtube.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///opt/homebrew/opt/phoenix-osx/configs/ui-fix/youtube.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///opt/homebrew/opt/phoenix-osx-intel/configs/ui-fix/youtube.cfg") {
            pref("browser.phoenix.specConfig", "youtube"); // [FN]
            pref("browser.phoenix.usingLegacySpecConfig", true); // [FN]
        };

        if (getPref("autoadmin.global_config_url") == "file:///etc/firefox/phoenix/configs/youtube-music.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///app/etc/firefox/phoenix/configs/youtube-music.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///opt/homebrew/opt/phoenix-osx/configs/youtube-music.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///opt/homebrew/opt/phoenix-osx-intel/configs/youtube-music.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///etc/firefox/phoenix/configs/ui-fix/youtube-music.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///app/etc/firefox/phoenix/configs/ui-fix/youtube-music.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///opt/homebrew/opt/phoenix-osx/configs/ui-fix/youtube-music.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///opt/homebrew/opt/phoenix-osx-intel/configs/ui-fix/youtube-music.cfg") {
            pref("browser.phoenix.specConfig", "youtube-music"); // [FN]
            pref("browser.phoenix.usingLegacySpecConfig", true); // [FN]
        };

        // While we're here, we might as well also handle migration for the Firefox UI-Fix pref
        if (getPref("autoadmin.global_config_url") == "file:///etc/firefox/phoenix/configs/ui-fix/hardened.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///app/etc/firefox/phoenix/configs/ui-fix/hardened.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///opt/homebrew/opt/phoenix-osx/configs/ui-fix/hardened.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///usr/local/opt/phoenix-osx-intel/configs/ui-fix/extended.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///etc/firefox/phoenix/configs/ui-fix/apple-maps.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///app/etc/firefox/phoenix/configs/ui-fix/apple-maps.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///opt/homebrew/opt/phoenix-osx/configs/ui-fix/apple-maps.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///usr/local/opt/phoenix-osx-intel/configs/ui-fix/apple-maps.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///etc/firefox/phoenix/configs/ui-fix.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///opt/homebrew/opt/phoenix-osx/configs/ui-fix.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///usr/local/opt/phoenix-osx-intel/configs/ui-fix.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///etc/firefox/phoenix/configs/ui-fix/discord.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///app/etc/firefox/phoenix/configs/ui-fix/discord.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///opt/homebrew/opt/phoenix-osx/configs/ui-fix/discord.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///usr/local/opt/phoenix-osx-intel/configs/ui-fix/discord.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///etc/firefox/phoenix/configs/ui-fix/element.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///app/etc/firefox/phoenix/configs/ui-fix/element.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///opt/homebrew/opt/phoenix-osx/configs/ui-fix/element.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///usr/local/opt/phoenix-osx-intel/configs/ui-fix/element.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///etc/firefox/phoenix/configs/ui-fix/google-maps.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///app/etc/firefox/phoenix/configs/ui-fix/google-maps.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///opt/homebrew/opt/phoenix-osx/configs/ui-fix/google-maps.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///usr/local/opt/phoenix-osx-intel/configs/ui-fix/google-maps.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///etc/firefox/phoenix/configs/ui-fix/photopea.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///app/etc/firefox/phoenix/configs/ui-fix/photopea.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///opt/homebrew/opt/phoenix-osx/configs/ui-fix/photopea.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///usr/local/opt/phoenix-osx-intel/configs/ui-fix/photopea.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///etc/firefox/phoenix/configs/ui-fix/twitter.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///app/etc/firefox/phoenix/configs/ui-fix/twitter.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///opt/homebrew/opt/phoenix-osx/configs/ui-fix/twitter.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///usr/local/opt/phoenix-osx-intel/configs/ui-fix/twitter.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///etc/firefox/phoenix/configs/ui-fix/youtube.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///app/etc/firefox/phoenix/configs/ui-fix/youtube.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///opt/homebrew/opt/phoenix-osx/configs/ui-fix/youtube.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///opt/homebrew/opt/phoenix-osx-intel/configs/ui-fix/youtube.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///etc/firefox/phoenix/configs/ui-fix/youtube-music.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///app/etc/firefox/phoenix/configs/ui-fix/youtube-music.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///opt/homebrew/opt/phoenix-osx/configs/ui-fix/youtube-music.cfg" ||
            getPref("autoadmin.global_config_url") == "file:///opt/homebrew/opt/phoenix-osx-intel/configs/ui-fix/youtube-music.cfg") {
            pref("browser.phoenix.FFUIFix", true); // [FN]
            pref("browser.phoenix.usingLegacySpecConfig", true); // [FN]
        };
        clearPref("autoadmin.global_config_url");
        pref("browser.phoenix.specConfig.migrationCompleted", true); // [FN]
    };
};

// Whether we should apply one of Phoenix's specialized configs
/// NOTE: `browser.phoenix.specConfig` MUST be set as a user preference for it to work as expected
if (phoenixPlatform == "android" || phoenixMail == true || phoenixNoSpec == true) {
    lockPref("browser.phoenix.specConfig", "unsupported"); // [FN]
} else {
    defaultPref("browser.phoenix.specConfig", "none"); // [FN]
};

if (getPref("browser.phoenix.specConfig") != "none" && getPref("browser.phoenix.specConfig") != "unsupported") {
    phoenixSpec = true;
    phoenixSpecActive = getPref("browser.phoenix.specConfig");
} else {
    phoenixSpec = false;
    phoenixSpecActive = "none";
};

// Whether we should apply preferences from Phoenix `Extended`
/// PHOENIX_APPLY_EXTENDED is set by the build scripts
/// NOTE: Consuming projects that want to use Phoenix `Extended` by default should NOT directly override `browser.phoenix.extended`
/// Instead, please set the `PHOENIX_EXTENDED` environment variable
defaultPref("browser.phoenix.extended", false); // [FN]
let phoenixExtendedDefault = false;
if (phoenixExtendedDefault == true || phoenixMail == true || phoenixSpec == true) {
    defaultPref("browser.phoenix.extended", true); // [FN]
};
phoenixExtended = getPref("browser.phoenix.extended");

// Whether we should allow users to control whether Remote Debugging (`devtools.debugger.remote-enabled`) is reset per-session via a preference
/// If PHOENIX_FORCE_RESET_REMOTE_DEBUGGING is set to 1 (Default), `devtools.debugger.remote-enabled` is ALWAYS reset per-session
/// If PHOENIX_FORCE_RESET_REMOTE_DEBUGGING is set to 0, `devtools.debugger.remote-enabled` is only reset per-session if
/// `browser.phoenix.reset.devtools.debugger.remote-enabled` is set to `true`
/// (Useful because some like IronFox handle this with their own mechanisms instead)
let phoenixForceResetRemoteDebugging = true;
if (phoenixForceResetRemoteDebugging == false) {
    defaultPref("browser.phoenix.reset.devtools.debugger.remote-enabled", true); // [FN]
} else {
    lockPref("browser.phoenix.reset.devtools.debugger.remote-enabled", true); // [FN]
};

// Whether Phoenix's FPP granular override functionality should be enabled
/// If false, this completely disables Phoenix's mechanism for handling FPP granular overrides
/// This mainly exists for consumers (ex. IronFox - they package Phoenix's FPP targets as Remote Settings dumps, so it's preferable
/// for users there to just set the value of `privacy.fingerprintingProtection.granularOverrides` directly so they immediately take effect)
/// It's also nice to have this as a preference so users can re-enable Phoenix's FPP granular override mechanism if necessary for whatever reason
defaultPref("browser.phoenix.fingerprintingProtection.granular.functionality.enabled", true); // [FN]

// Global FPP overrides that are specified by consuming projects
/// This should generally NOT be touched by users, in favor of `browser.phoenix.fingerprintingProtection.global.userOverrides`
defaultPref("browser.phoenix.fingerprintingProtection.global.consumerOverrides", ""); // [FN]

// Global FPP overrides that are set by users
defaultPref("browser.phoenix.fingerprintingProtection.global.userOverrides", ""); // [FN]

// Granular (per-site) FPP overrides that are specified by consuming projects
/// This should generally NOT be touched by users, in favor of `browser.phoenix.fingerprintingProtection.granular.userOverrides`
defaultPref("browser.phoenix.fingerprintingProtection.granular.consumerOverrides", ""); // [FN]

// Granular (per-site) FPP overrides that are set by users
defaultPref("browser.phoenix.fingerprintingProtection.granular.userOverrides", ""); // [FN]

// Whether default granular (per-site) FPP overrides are applied
/// ("default" = FPP overrides that are NOT configured by users/set at `browser.phoenix.fingerprintingProtection.granular.userOverrides`)
/// When set to false, this disables ALL default overrides, from both us AND Mozilla
defaultPref("browser.phoenix.fingerprintingProtection.granular.enabled", true); // [FN]

// Whether our default granular (per-site) FPP overrides that *harden* protections for certain sites should be applied
defaultPref("browser.phoenix.fingerprintingProtection.granular.hardenOverrides.enabled", true); // [FN]

// Whether our default granular (per-site) FPP overrides that *relax* protections for certain sites to reduce breakage should be applied
if (phoenixMail == true) {
    defaultPref("browser.phoenix.fingerprintingProtection.granular.unbreakOverrides.enabled", false); // [FN]
} else {
    defaultPref("browser.phoenix.fingerprintingProtection.granular.unbreakOverrides.enabled", true); // [FN]
};

// Whether our default granular (per-site) FPP overrides that disable timezone spoofing for certain sites to reduce breakage should be applied
if (phoenixMail == true) {
    defaultPref("browser.phoenix.fingerprintingProtection.granular.unbreakTimezoneOverrides.enabled", false); // [FN]
} else {
    defaultPref("browser.phoenix.fingerprintingProtection.granular.unbreakTimezoneOverrides.enabled", true); // [FN]
};

// Whether we should apply preferences necessary for Firefox UI-Fix
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.phoenix.FFUIFix", false); // [FN]
};

// Whether we should automatically set the value of `network.trr.bootstrapAddr` depending on the configured DoH provider
/// Downside is this means changing DoH providers requires a restart - minor annoyance for an improvement in privacy for users
/// (Also helps circumvent censorship)
defaultPref("browser.phoenix.trr.autoBootstrap", true); // [FN]

// Whether we should use the secondary/fall-back DNS server for bootstraping (depends on `browser.phoenix.trr.autoBootstrap`)
/// This can be used if ex. users experience connectivity issues or the primary DNS server is offline/inaccessible for whatever reason
/// If the current provider doesn't have a secondary/fall-back server, this will just do nothing
/// (Currently only applies to Cloudflare)
defaultPref("browser.phoenix.trr.autoBootstrap.useFallback", false); // [FN]

// Whether we should reset the preference to enable add-on installation per-session
/// This is nice from a security perspective - as it allows users to enable this functionality only when it's necessary...
/// (Ex: A user attempts to install an extension, sees the extra prompt/warning, and selects `Enable` (which temporarily sets this pref to `true`...)
/// The user then proceeds to install the extension. On the next launch of Firefox/Thunderbird, this pref is reset back to `false`, meaning
/// the ability to install extensions is fully disabled without them even thinking about it).
/// We don't want to enable this by default for Android and Thunderbird, because, unlike Firefox (on Desktop), they unfortunately don't
/// don't usually display a prompt to re-enable this functionality when necessary :(
if (phoenixPlatform == "android" || phoenixMail == true) {
    defaultPref("browser.phoenix.reset.xpinstall.enabled", false); // [FN]
} else {
    defaultPref("browser.phoenix.reset.xpinstall.enabled", true); // [FN]
};

// Whether we should reset the preference to control the cross-origin referer policy per-session
defaultPref("browser.phoenix.reset.network.http.referer.XOriginPolicy", false); // [FN]

// Whether we should reset the preference to disable WebGL per-session
defaultPref("browser.phoenix.reset.webgl.disabled", false); // [FN]

// Whether we should reset the preference to enable WebAssembly (WASM) per-session
defaultPref("browser.phoenix.reset.javascript.options.wasm", false); // [FN]
// Welcome to the heart of the Phoenix.
// This file contains preferences shared across all Phoenix configs, platforms (Desktop & Android), and Dove.

// PHOENIX_VERSION is set by the build scripts
lockPref("browser.phoenix.version", "2026.05.21.1");

// Ensure our policies aren't overriden...
/// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/enterprisepolicies/EnterprisePoliciesParent.sys.mjs#22
lockPref("toolkit.policies.perUserDir", false); // [HIDDEN] [DEFAULT]

/* INDEX 

000: ABOUT:CONFIG
001: DATA COLLECTION
002: MOZILLA CRAP™
003: TRACKING PROTECTION
004: FINGERPRINTING PROTECTION
005: DISK AVOIDANCE
006: DOWNLOADS
007: HTTP(S)
008: IMPLICIT CONNECTIONS
009: SEARCH & URL BAR
010: DNS
011: PROXIES
012: WEBRTC
013: MEDIA
014: ATTACK SURFACE REDUCTION
015: PASSWORDS & AUTHENTICATION
016: EXTENSIONS
017: AI
018: GEOLOCATION
019: PDF.js
020: SAFE BROWSING
021: MISC. PRIVACY + SECURITY
022: MISC. PRIVACY
023: MISC. SECURITY
024: MISC.
025: DEBUGGING
026: PERFORMANCE
027: Personal Touch 💜
028: UPDATES
029: FIREFOX HOME
030: FIREFOX SUGGEST
031: SYNC
032: LIBREWOLF
033: WATERFOX
034: FIREFOX UI-FIX
035: SPECIALIZED/CUSTOM CONFIGS

*/

// Ensure our search engine policies are properly applied
if (phoenixPlatform != "android") {
    clearPref("browser.policies.runOncePerModification.removeSearchEngines");
};

// For first-run tasks
defaultPref("browser.phoenix.firstRun.complete", false); // [FN]

// Handle migration of the default DoH provider
/// We previously used Quad9, but we're now using Mullvad (Base)
/// So we need to ensure that Quad9 remains the default provider for
/// existing users
/// (The reason this migration is needed is because we've been setting Quad9 as the DoH provider via
/// policies - we shouldn't have been doing that. That means this doesn't impact Android, so we can skip this migration on Android).
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.phoenix.dohMigration.complete", false); // [FN]
    if (getPref("browser.phoenix.dohMigration.complete") == false) {
        defaultPref("network.trr.uri", "default"); // [FN] Set default to a dummy value so that we can check if the user has overriden it
        if (getPref("browser.phoenix.firstRun.complete") == true && getPref("network.trr.uri") == "default") {
            // If the user is an existing Phoenix user who has NOT changed the DoH provider
            // (by setting `network.trr.uri` to a non-default value), we know they've been using
            // Quad9, so to ensure their DoH provider isn't overriden, set it as a user pref
            pref("network.trr.uri", "https://dns.quad9.net/dns-query"); // [FN]
        };
        defaultPref("network.trr.uri", ""); // [FN] Reset the default value back to nothing
    };
    pref("browser.phoenix.dohMigration.complete", true); // [FN]
};

/// Similar to `browser.search.region` below, we also need to reset `doh-rollout.home-region`
defaultPref("browser.phoenix.dohRegionMigration.complete", false); // [FN]
if (getPref("browser.phoenix.firstRun.complete") == false || getPref("browser.phoenix.dohRegionMigration.complete") == false) {
    clearPref("doh-rollout.home-region");
    pref("browser.phoenix.dohRegionMigration.complete", true); // [FN]
};

/// On first run, we need to reset the value of `extensions.quarantinedDomains.list`, in order for our custom list of quarantined domains to take effect
// (This is necessary because, for some reason, on Firefox Desktop, Mozilla sets their default list as a user pref/value)
// After first run though, we don't want to reset it, so that ex. users can customize the list if desired
// Similar applies for `browser.search.region` - that pref gets set as a `user` value, so we need to reset it
// Smooth scrolling (`general.smoothScroll`) is a similar weird case - we do attempt to enable it by default, but due to us disabling UI animations,
// Firefox disables it anyways - so, to work around that, we can set it as a user pref on first launch
if (getPref("browser.phoenix.firstRun.complete") == false) {
    clearPref("browser.search.region");
    pref("general.smoothScroll", true); // [FN]
    if (phoenixPlatform != "android" && phoenixMail == false) {
        clearPref("extensions.quarantinedDomains.list");
    };
    pref("browser.phoenix.firstRun.complete", true); // [FN]
};

/*** BRANDING ***/

/// Add custom branding at `about:support`
// PHOENIX_VERSION is set by the build scripts
if (phoenixMail == false) {
    if (phoenixExtended == true) {
        defaultPref("app.support.vendor", "Phoenix - Extended: 2026.05.21.1"); // [EXTENDED-ONLY] [NO-MAIL] [HIDDEN]
    } else {
        defaultPref("app.support.vendor", "Phoenix: 2026.05.21.1"); // [NO-EXTENDED] [NO-MAIL] [HIDDEN] `about:support` -> `Version`
    };
};

/// Add custom branding under `Firefox Updates` at `about:preferences#general`
// This will unfortunately only display if `distribution.id` and `distribution.version` are set properly
// PHOENIX_VERSION is set by the build scripts
if (phoenixPlatform != "android" && phoenixMail == false) {
    if (phoenixExtended == true) {
        lockPref("distribution.about", "Phoenix - Extended for Mozilla Firefox: 2026.05.21.1 💜"); // [EXTENDED-ONLY] [NO-ANDROID] [NO-MAIL] [HIDDEN]
    } else {
        lockPref("distribution.about", "Phoenix for Mozilla Firefox - 2026.05.21.1 💜"); // [NO-EXTENDED] [NO-ANDROID] [NO-MAIL] [HIDDEN]
    };
};

/// Distribution ID and version must be set for `distribution.about` to display
// `default` matches Mozilla's stock/default value - setting this to anything else could potentially compromise privacy (as this value is shared with Mozilla via the browser update endpoint)
// For now, we only want to set these on Linux - since Mozilla offers EME-free builds on macOS and Windows that use different values here - so it's unclear how they'd interact
if (phoenixPlatform == "linux") {
    lockPref("distribution.id", "default"); // [LINUX-ONLY] [HIDDEN]
    lockPref("distribution.version", "default"); // [LINUX-ONLY] [HIDDEN]
};

/*** 000: ABOUT:CONFIG ***/

/// Disable warning when attempting to access `about:config`
if (phoenixPlatform != "android") {
    defaultPref("browser.aboutConfig.showWarning", false); // [NO-ANDROID] [HIDDEN - Thunderbird] [DEFAULT - Thunderbird]
};

/// Ensure that the `about:config` is always enabled
lockPref("general.aboutConfig.enable", true); // [DEFAULT - non-Android]

defaultPref("browser.phoenix.status", "000");

/*** 001 DATA COLLECTION ***/

// A lot of defense in depth...
// These also provide Attack Surface Reduction

/// Block domains
// Any domains listed here are redirected to `127.0.0.1`
// We'll use this primarily for Mozilla ad/telemetry domains, but we'll also use it for ads & trackers that appear on Mozilla properties and services, as well as ad/tracking/telemetry domains that appear on other default connections/services
// Ex. We use DuckDuckGo as our default search engine, so we'll include their analytics domains
// On IronFox, we link to our GitLab releases via the `What's New` alert, so we'll also cover their analytics domains, etc...
// But generally we'll want to keep this limited in favor of ex. uBlock Origin & other mechanisms.
// `profile.accounts.firefox.com` appears to break Firefox Sync-related UI for Android (https://codeberg.org/ironfox-oss/bugs/issues/250),
// so it's only blocked for Desktop
if (phoenixPlatform == "android") {
    defaultPref("network.dns.localDomains", "250analytics.com,a.omappapi.com,activity-stream-icons.services.mozilla.com,ads.allizom.org,ads.mozilla.org,ads.nonprod.webservices.mozgcp.net,ads.prod.webservices.mozgcp.net,ads-img.mozilla.org,analytics.getpocket.com,analytics.google.com,analytics.withgoogle.com,anf1.fuzzing.mozilla.org,anonymco.com,api.divviup.org,asan-nightly-frontend-elb-1348905149.us-east-2.elb.amazonaws.com,braze.com,contile.services.mozilla.com,contile-images.services.mozilla.com,classify-client.nonprod.webservices.mozgcp.net,classify-client.prod.webservices.mozgcp.net,classify-client.services.mozilla.com,crash-reports.allizom.org,crash-reports.mozilla.com,crash-reports-xpsp2.mozilla.com,crash-stacks.mozilla.com,crash-stats.allizom.org,crash-stats.mozilla.com,crash-stats.mozilla.org,dap.services.mozilla.com,dap.nonprod.webservices.mozgcp.net,dap.prod.webservices.mozgcp.net,dap-09-3.api.divviup.org,data.mozilla.com,data-ingestion.prod.dataops.mozgcp.net,dataops.mozgcp.net,dataservices.mozgcp.net,debug-ping-preview.firebaseapp.com,discovery.addons.allizom.org,discovery.addons.mozilla.org,discovery.addons-dev.allizom.org,divviup.org,download-stats.mozilla.org,download-stats.r53-2.services.mozilla.com,experimenter.services.mozilla.com,experimenter.nonprod.webservices.mozgcp.net,experimenter.prod.webservices.mozgcp.net,fhr.data.mozilla.com,fhr.r53-2.services.mozilla.com,firefox-android-home-recommendations.getpocket.com,firefox-dns-perf-test.net,fuzzing.mozilla.org,google-analytics.com,google-analytics-cn.com,googleanalytics.com,googlesyndication.com,googlesyndication-cn.com,googletagmanager.com,googletagmanager-cn.com,googletagservices.com,googletagservices-cn.com,improving.duckduckgo.com,incoming.glean.example.com,incoming.telemetry.mozilla.org,incoming.thunderbird.net,incoming-telemetry.thunderbird.net,ingestion-edge.prod.dataops.mozgcp.net,location.services.mozilla.com,locprod1-elb-eu-west-1.prod.mozaws.net,locprod2-elb-us-west-2.prod.mozaws.net,metrics-content.duckduckgo.com,new-sentry.gitlab.net,nonprod.classify-client.nonprod.webservices.mozgcp.net,normandy.cdn.mozilla.net,normandy.nonprod.cloudops.mozgcp.net,normandy.prod.cloudops.mozgcp.net,normandy-cdn.services.mozilla.com,omappapi.com,pipeline-incoming-prod-elb-149169523.us-west-2.elb.amazonaws.com,prod.ads.prod.webservices.mozgcp.net,prod.classify-client.prod.webservices.mozgcp.net,prod.dap.prod.webservices.mozgcp.net,prod.data-ingestion.prod.dataops.mozgcp.net,prod.dataops.mozgcp.net,prod.experimenter.prod.webservices.mozgcp.net,prod.ingestion-edge.prod.dataops.mozgcp.net,prod.sentry.prod.cloudops.mozgcp.net,prod-classifyclient.normandy.prod.cloudops.mozgcp.net,sdk.iad-05.braze.com,search.r53-2.services.mozilla.com,search.services.mozilla.com,self-repair.mozilla.org,self-repair.r53-2.services.mozilla.com,sentry.gitlab.net,sentry.io,sentry.nonprod.cloudops.mozgcp.net,sentry.prod.cloudops.mozgcp.net,sentry.prod.mozaws.net,sitereview.zscaler.com,snippets.allizom.org,snippets.cdn.mozilla.net,snippets.mozilla.com,snippets-prod.frankfurt.moz.works,snippets-prod.moz.works,snippets-prod.oregon-b.moz.works,snippets-stage.moz.works,snippets-stage.oregon-b.moz.works,snowplow.trx.gitlab.net,snowplowalb-1011729428.us-east-1.elb.amazonaws.com,snowplowprd.trx.gitlab.net,snowplowprdnlb-1490493263.us-east-2.elb.amazonaws.com,socorro.nonprod.webservices.mozgcp.net,socorro.prod.webservices.mozgcp.net,socorro-collector.services.mozilla.com,socorro-webapp-allizom.stage.mozaws.net,socorro-webapp.services.mozilla.com,spocs.getpocket.com,spocs.getpocket.dev,spocs.mozilla.net,ssl.google-analytics.com,ssl-google-analytics.l.google.com,stage.sentry.nonprod.cloudops.mozgcp.net,start.fedoraproject.org,start.thunderbird.net,start.ubuntu.com,start-stage.thunderbird.net,survey.mozilla.com,tagmanager.google.com,talkback.mozilla.org,talkback-public.mozilla.org,talkback-reports.mozilla.org,telemetry-coverage.mozilla.org,telemetry-coverage.r53-2.services.mozilla.com,telemetry-experiment.cdn.mozilla.net,telemetry-incoming.r53-2.services.mozilla.com,telemetry-incoming-a.r53-2.services.mozilla.com,telemetry-incoming-b.r53-2.services.mozilla.com,telemetry-prod-1054754349.us-east-1.elb.amazonaws.com,tiles-cdn.prod.ads.prod.webservices.mozgcp.net,updates.thunderbird.net,updates-stage.thunderbird.net,use-application-dns.net,vf.startpage.com,widgets.getpocket.com,www.250analytics.com,www.anonymco.com,www.google-analytics.com,www.google-analytics-cn.com,www.googleanalytics.com,www.googlesyndication.com,www.googlesyndication-cn.com,www.googletagmanager.com,www.googletagmanager-cn.com,www.googletagservices.com,www.googletagservices-cn.com,www.sentry.io,www-google-analytics.l.google.com,www-googletagmanager.l.google.com"); // [ANDROID-ONLY]
} else {
    defaultPref("network.dns.localDomains", "250analytics.com,a.omappapi.com,activity-stream-icons.services.mozilla.com,ads.allizom.org,ads.mozilla.org,ads.nonprod.webservices.mozgcp.net,ads.prod.webservices.mozgcp.net,ads-img.mozilla.org,analytics.getpocket.com,analytics.google.com,analytics.withgoogle.com,anf1.fuzzing.mozilla.org,anonymco.com,api.divviup.org,asan-nightly-frontend-elb-1348905149.us-east-2.elb.amazonaws.com,braze.com,contile.services.mozilla.com,contile-images.services.mozilla.com,classify-client.nonprod.webservices.mozgcp.net,classify-client.prod.webservices.mozgcp.net,classify-client.services.mozilla.com,crash-reports.allizom.org,crash-reports.mozilla.com,crash-reports-xpsp2.mozilla.com,crash-stacks.mozilla.com,crash-stats.allizom.org,crash-stats.mozilla.com,crash-stats.mozilla.org,dap.services.mozilla.com,dap.nonprod.webservices.mozgcp.net,dap.prod.webservices.mozgcp.net,dap-09-3.api.divviup.org,data.mozilla.com,data-ingestion.prod.dataops.mozgcp.net,dataops.mozgcp.net,dataservices.mozgcp.net,debug-ping-preview.firebaseapp.com,discovery.addons.allizom.org,discovery.addons.mozilla.org,discovery.addons-dev.allizom.org,divviup.org,download-stats.mozilla.org,download-stats.r53-2.services.mozilla.com,experimenter.services.mozilla.com,experimenter.nonprod.webservices.mozgcp.net,experimenter.prod.webservices.mozgcp.net,fhr.data.mozilla.com,fhr.r53-2.services.mozilla.com,firefox-android-home-recommendations.getpocket.com,firefox-dns-perf-test.net,fuzzing.mozilla.org,google-analytics.com,google-analytics-cn.com,googleanalytics.com,googlesyndication.com,googlesyndication-cn.com,googletagmanager.com,googletagmanager-cn.com,googletagservices.com,googletagservices-cn.com,improving.duckduckgo.com,incoming.glean.example.com,incoming.telemetry.mozilla.org,incoming.thunderbird.net,incoming-telemetry.thunderbird.net,ingestion-edge.prod.dataops.mozgcp.net,location.services.mozilla.com,locprod1-elb-eu-west-1.prod.mozaws.net,locprod2-elb-us-west-2.prod.mozaws.net,metrics-content.duckduckgo.com,new-sentry.gitlab.net,nonprod.classify-client.nonprod.webservices.mozgcp.net,normandy.cdn.mozilla.net,normandy.nonprod.cloudops.mozgcp.net,normandy.prod.cloudops.mozgcp.net,normandy-cdn.services.mozilla.com,omappapi.com,pipeline-incoming-prod-elb-149169523.us-west-2.elb.amazonaws.com,prod.ads.prod.webservices.mozgcp.net,prod.classify-client.prod.webservices.mozgcp.net,prod.dap.prod.webservices.mozgcp.net,prod.data-ingestion.prod.dataops.mozgcp.net,prod.dataops.mozgcp.net,prod.experimenter.prod.webservices.mozgcp.net,prod.ingestion-edge.prod.dataops.mozgcp.net,prod.sentry.prod.cloudops.mozgcp.net,prod-classifyclient.normandy.prod.cloudops.mozgcp.net,sdk.iad-05.braze.com,search.r53-2.services.mozilla.com,search.services.mozilla.com,self-repair.mozilla.org,self-repair.r53-2.services.mozilla.com,sentry.gitlab.net,sentry.io,sentry.nonprod.cloudops.mozgcp.net,sentry.prod.cloudops.mozgcp.net,sentry.prod.mozaws.net,sitereview.zscaler.com,snippets.allizom.org,snippets.cdn.mozilla.net,snippets.mozilla.com,snippets-prod.frankfurt.moz.works,snippets-prod.moz.works,snippets-prod.oregon-b.moz.works,snippets-stage.moz.works,snippets-stage.oregon-b.moz.works,snowplow.trx.gitlab.net,snowplowalb-1011729428.us-east-1.elb.amazonaws.com,snowplowprd.trx.gitlab.net,snowplowprdnlb-1490493263.us-east-2.elb.amazonaws.com,socorro.nonprod.webservices.mozgcp.net,socorro.prod.webservices.mozgcp.net,socorro-collector.services.mozilla.com,socorro-webapp-allizom.stage.mozaws.net,socorro-webapp.services.mozilla.com,spocs.getpocket.com,spocs.getpocket.dev,spocs.mozilla.net,ssl.google-analytics.com,ssl-google-analytics.l.google.com,stage.sentry.nonprod.cloudops.mozgcp.net,start.fedoraproject.org,start.thunderbird.net,start.ubuntu.com,start-stage.thunderbird.net,survey.mozilla.com,tagmanager.google.com,talkback.mozilla.org,talkback-public.mozilla.org,talkback-reports.mozilla.org,telemetry-coverage.mozilla.org,telemetry-coverage.r53-2.services.mozilla.com,telemetry-experiment.cdn.mozilla.net,telemetry-incoming.r53-2.services.mozilla.com,telemetry-incoming-a.r53-2.services.mozilla.com,telemetry-incoming-b.r53-2.services.mozilla.com,telemetry-prod-1054754349.us-east-1.elb.amazonaws.com,tiles-cdn.prod.ads.prod.webservices.mozgcp.net,updates.thunderbird.net,updates-stage.thunderbird.net,use-application-dns.net,vf.startpage.com,widgets.getpocket.com,www.250analytics.com,www.anonymco.com,www.google-analytics.com,www.google-analytics-cn.com,www.googleanalytics.com,www.googlesyndication.com,www.googlesyndication-cn.com,www.googletagmanager.com,www.googletagmanager-cn.com,www.googletagservices.com,www.googletagservices-cn.com,www.sentry.io,www-google-analytics.l.google.com,www-googletagmanager.l.google.com,profile.accounts.firefox.com"); // [NO-ANDROID]
};

/// Disable automatic upload of profiler data (from `about:logging`) to Mozilla
// https://searchfox.org/firefox-main/rev/16707ce1/modules/libpref/init/all.js#3743
// https://searchfox.org/firefox-main/rev/16707ce1/modules/libpref/init/all.js#3753
// https://searchfox.org/firefox-main/rev/16707ce1/toolkit/content/aboutLogging/aboutLogging.mjs#616
// https://searchfox.org/firefox-main/rev/16707ce1/toolkit/content/aboutLogging/aboutLogging.mjs#642
// https://searchfox.org/firefox-main/rev/16707ce1/toolkit/content/aboutLogging/profileSaveUploadLogic.mjs#13
defaultPref("toolkit.aboutLogging.uploadProfileToCloud", false); // [DEFAULT - non-Android]
defaultPref("toolkit.aboutlogging.uploadProfileUrl", ""); // [HIDDEN]

/// Disable Browser Search/Usage Telemetry metrics
// https://searchfox.org/firefox-main/source/browser/docs/BrowserUsageTelemetry.rst
// https://searchfox.org/firefox-main/source/browser/components/search/BrowserSearchTelemetry.sys.mjs
// https://searchfox.org/firefox-main/source/browser/modules/BrowserUsageTelemetry.sys.mjs
// https://searchfox.org/firefox-main/source/toolkit/content/widgets/tabbox.js
lockPref("browser.engagement.ctrlTab.has-used", true); // [HIDDEN - Android/Thunderbird]
if (phoenixPlatform != "android" && phoenixMail == false) {
    lockPref("browser.engagement.downloads-button.has-used", true); // [NO-ANDROID] [NO-MAIL]
    lockPref("browser.engagement.fxa-toolbar-menu-button.has-used", true); // [NO-ANDROID] [NO-MAIL]
    lockPref("browser.engagement.home-button.has-used", true); // [NO-ANDROID] [NO-MAIL]
    lockPref("browser.engagement.library-button.has-used", true); // [NO-ANDROID] [NO-MAIL]
    lockPref("browser.engagement.sidebar-button.has-used", true) // [NO-ANDROID] [NO-MAIL]
    lockPref("browser.engagement.total_uri_count.pbm", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN] [DEFAULT]
    lockPref("browser.engagement.search_counts.pbm", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN] [DEFAULT]
    lockPref("browser.search.totalSearches", 100); // [NO-ANDROID] [NO-MAIL] https://searchfox.org/firefox-main/rev/a7d872e9/browser/components/urlbar/UrlbarInput.sys.mjs#3193
};

/// Disable Coverage
// https://blog.mozilla.org/data/2018/08/20/effectively-measuring-search-in-firefox/
// https://searchfox.org/firefox-main/source/toolkit/components/telemetry/pings/CoveragePing.sys.mjs
// https://bugzilla.mozilla.org/show_bug.cgi?id=1487578
lockPref("toolkit.coverage.enabled", false); // [HIDDEN - Android/Thunderbird] [DEFAULT]
lockPref("toolkit.coverage.endpoint.base", ""); // [HIDDEN - Android/Thunderbird] [DEFAULT - Android/Thunderbird]
defaultPref("toolkit.coverage.log-level", 70); // [HIDDEN] Limits logging to fatal only
lockPref("toolkit.coverage.opt-out", true); // [HIDDEN]

/// Disable Crash Reporting
// https://github.com/mozilla-services/socorro
// https://wiki.mozilla.org/Socorro
// https://firefox-source-docs.mozilla.org/tools/sanitizer/asan_nightly.html
// https://github.com/choller/firefox-asan-reporter
// https://searchfox.org/firefox-main/source/toolkit/modules/AsanReporter.sys.mjs
lockPref("asanreporter.apiurl", ""); // [HIDDEN - non-MOZ_ASAN_REPORTER builds] [DEFAULT - non-MOZ_ASAN_REPORTER builds]
lockPref("asanreporter.clientid", "unknown"); // [HIDDEN - non-MOZ_ASAN_REPORTER builds] [DEFAULT]
defaultPref("asanreporter.loglevel", 70); // [HIDDEN]
lockPref("breakpad.reportURL", "");
lockPref("browser.crashReports.onDemand", false); // Do not request crash reports for background processes from users https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/crash-reports-ondemand/changeset?_expected=0
lockPref("browser.crashReports.requestedNeverShowAgain", true); // Do not request crash reports for background processes from users https://searchfox.org/firefox-main/source/toolkit/components/crashes/RemoteSettingsCrashPull.sys.mjs
lockPref("dom.ipc.tabs.createKillHardCrashReports", false); // [DEFAULT - non-Nightly] Ensure we never try to generate minidumps/crash reports https://searchfox.org/firefox-main/rev/cc4a6379/dom/ipc/ContentParent.cpp#4347
lockPref("toolkit.crashreporter.include_context_heap", false); // [DEFAULT - non-Nightly]
if (phoenixESR == true) {
    lockPref("browser.crashReports.crashPull", false); // [NO-ANDROID] [ESR] [DEFAULT] Superseded by `browser.crashReports.onDemand`
};
if (phoenixPlatform != "android") {
    lockPref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); // [NO-ANDROID] [HIDDEN - Thunderbird] [DEFAULT]
    lockPref("browser.crashReports.unsubmittedCheck.enabled", false); // [NO-ANDROID] [HIDDEN - Thunderbird] [DEFAULT - non-Nightly]
};
if (phoenixPlatform != "android" && phoenixMail == false) {
    lockPref("browser.tabs.crashReporting.includeURL", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT] [DEFENSE IN DEPTH] (This is for `about:tabcrashed`)
    lockPref("browser.tabs.crashReporting.sendReport", false); // [NO-ANDROID] [NO-MAIL] (This is for `about:tabcrashed`)
};

/// Disable data reporting and telemetry
/// We also configure the "DisableTelemetry" and "ImproveSuggest" enterprise policies
// https://mozilla.github.io/policy-templates/#disabletelemetry 
// https://mozilla.github.io/policy-templates/#firefoxsuggest
// https://wiki.mozilla.org/QA/Telemetry
// https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/internals/preferences.html
// https://searchfox.org/firefox-release/source/toolkit/components/glean/xpcom/FOG.cpp
// https://searchfox.org/firefox-release/source/toolkit/components/telemetry/app/TelemetryUtils.sys.mjs
clearPref("app.update.lastUpdateTime.glean-addons-daily"); // Deregister the Glean add-on ping scheduler
lockPref("browser.safebrowsing.features.emailtracking.datacollection.update", false); // [HIDDEN] https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/url-classifier/SafeBrowsing.sys.mjs#264
lockPref("captchadetection.actor.enabled", false); // Disable CAPTCHA Detection Pings https://searchfox.org/firefox-main/source/toolkit/components/captchadetection/CaptchaDetectionPingUtils.sys.mjs
lockPref("captchadetection.hasUnsubmittedData", false); // [HIDDEN] Disable CAPTCHA Detection Pings https://searchfox.org/firefox-main/source/toolkit/components/captchadetection/CaptchaDetectionPingUtils.sys.mjs
defaultPref("captchadetection.loglevel", "Off");
lockPref("datareporting.dau.cachedUsageProfileID", "beefbeef-beef-beef-beef-beeefbeefbee"); // [HIDDEN] https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/telemetry/app/ClientID.sys.mjs#45
lockPref("datareporting.dau.cachedUsageProfileGroupID", "b0bacafe-b0ba-cafe-b0ba-cafeb0bacafe"); // [HIDDEN] https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/telemetry/app/ClientID.sys.mjs#46
lockPref("datareporting.healthreport.uploadEnabled", false); // [DEFAULT - Android] Required for Firefox Labs on Desktop
lockPref("datareporting.policy.dataSubmissionEnabled", false);
lockPref("datareporting.policy.dataSubmissionPolicyBypassNotification", true); // [DEFAULT - non-MOZILLA_OFFICIAL builds]
lockPref("datareporting.policy.firstRunURL", "");
lockPref("datareporting.usage.uploadEnabled", false); // [HIDDEN - ANDROID] [DEFAULT - Android] Disables "daily usage pings" https://support.mozilla.org/kb/usage-ping-settings
lockPref("dom.security.unexpected_system_load_telemetry_enabled", false); // [DEFAULT - non-Nightly]
lockPref("extensions.dataCollectionPermissions.enabled", false); // https://support.mozilla.org/kb/extension-data-collection https://extensionworkshop.com/documentation/develop/firefox-builtin-data-consent/
lockPref("extensions.gleanPingAddons.daily.interval", 2147483647); // [HIDDEN] Disable the Glean add-on ping scheduler https://searchfox.org/firefox-main/rev/e5219f2a/toolkit/mozapps/extensions/extensions.manifest#1
lockPref("extensions.gleanPingAddons.updated.delay", 2147483647); // [HIDDEN] https://searchfox.org/firefox-main/rev/e5219f2a/toolkit/mozapps/extensions/AddonManager.sys.mjs#116
lockPref("extensions.gleanPingAddons.updated.idleTimeout", 2147483647); // [HIDDEN] https://searchfox.org/firefox-main/source/toolkit/mozapps/extensions/AddonManager.sys.mjs#124
lockPref("extensions.gleanPingAddons.updated.testing", false); // [HIDDEN] [DEFAULT] https://searchfox.org/firefox-main/source/toolkit/mozapps/extensions/AddonManager.sys.mjs#132
lockPref("extensions.telemetry.EnvironmentAddonBuilder", false); // [HIDDEN - non-Android] [NIGHTLY] Do not use Glean for add-on telemetry https://bugzilla.mozilla.org/show_bug.cgi?id=1981496 https://searchfox.org/firefox-main/rev/d285a4fb/toolkit/mozapps/extensions/AddonManager.sys.mjs#4801
lockPref("network.jar.record_failure_reason", false); // [DEFAULT - non-Nightly] https://searchfox.org/firefox-release/rev/9d94f5e3/modules/libpref/init/StaticPrefList.yaml#15576
lockPref("network.traffic_analyzer.enabled", false); // https://searchfox.org/firefox-release/rev/9d94f5e3/modules/libpref/init/StaticPrefList.yaml#14262
lockPref("nimbus.telemetry.targetingContextEnabled", false); // [HIDDEN - ANDROID/THUNDERBIRD] [DEFAULT - Artifact builds] Targeting context telemetry - https://searchfox.org/firefox-release/rev/9d94f5e3/browser/app/profile/firefox.js#2139
lockPref("privacy.trackingprotection.emailtracking.data_collection.enabled", false);
lockPref("telemetry.fog.artifact_build", false); // [DEFAULT - non-Artifact builds] Disable JOG to prevent runtime registration of metrics https://firefox-source-docs.mozilla.org/toolkit/components/glean/dev/jog.html https://firefox-source-docs.mozilla.org/toolkit/components/glean/dev/preferences.html#internal-preferences
lockPref("telemetry.fog.test.activity_limit", -1); // Disable activity-based ping submission - ex. https://mozilla.github.io/glean/book/user/pings/baseline.html#scheduling
lockPref("telemetry.fog.test.inactivity_limit", -1); // Disable inactivity-based ping submission - ex. https://mozilla.github.io/glean/book/user/pings/baseline.html#scheduling
lockPref("telemetry.fog.init_on_shutdown", false); // Prevent Glean from initializing on shutdown https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/glean/docs/dev/preferences.md#49
lockPref("telemetry.fog.test.localhost_port", 70000); // Force telemetry pings to be sent to localhost instead of Mozilla's servers, if they're somehow enabled... (port just has to be higher than 0, I chose 70000 as its invalid) - https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/glean/docs/dev/preferences.md#15
lockPref("telemetry.glean.internal.finalInactive", false); // [HIDDEN] [DEFAULT] Disable early shutdown pings https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/glean/xpcom/FOG.cpp#148
lockPref("telemetry.glean.internal.maxPingsPerMinute", 0); // [HIDDEN] Prevent Glean from sending pings https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/glean/xpcom/FOG.cpp#133
lockPref("telemetry.number_of_site_origin.min_interval", 2147483647);
lockPref("toolkit.content-background-hang-monitor.disabled", true); // BHR https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/backgroundhangmonitor/BackgroundHangMonitor.cpp#597
lockPref("toolkit.profiles.newProfileSubmitted", true); // [HIDDEN] Prevent submitting the new profile ping https://searchfox.org/firefox-main/rev/cc4a6379/toolkit/profile/nsToolkitProfileService.cpp#790
lockPref("toolkit.telemetry.archive.enabled", false); // [HIDDEN - Android]
lockPref("toolkit.telemetry.bhrPing.enabled", false); // [HIDDEN - Android]
lockPref("toolkit.telemetry.cachedClientID", "c0ffeec0-ffee-c0ff-eec0-ffeec0ffeec0"); // [HIDDEN]
lockPref("toolkit.telemetry.cachedProfileGroupID", "decafdec-afde-cafd-ecaf-decafdecafde"); // [HIDDEN]
lockPref("toolkit.telemetry.collectInterval", 2147483647); // [HIDDEN]
lockPref("toolkit.telemetry.dap.helper.hpke", "");
lockPref("toolkit.telemetry.dap.helper.url", "");
lockPref("toolkit.telemetry.dap.leader.hpke", "");
lockPref("toolkit.telemetry.dap.leader.url", "");
defaultPref("toolkit.telemetry.dap.logLevel", "Off");
lockPref("toolkit.telemetry.dap_enabled", false); // [DEFAULT]
lockPref("toolkit.telemetry.dap_task1_enabled", false); // [DEFAULT]
lockPref("toolkit.telemetry.dap_task1_taskid", ""); // [DEFAULT]
lockPref("toolkit.telemetry.dap_visit_counting_enabled", false); // [DEFAULT]
lockPref("toolkit.telemetry.dap_visit_counting_experiment_list", "[]"); // [DEFAULT]
defaultPref("toolkit.telemetry.debugSlowSql", false); // [DEFAULT]
lockPref("toolkit.telemetry.enabled", false);  // [DEFAULT - non-Nightly]
lockPref("toolkit.telemetry.eventping.maximumFrequency", 2147483647); // [HIDDEN] Disable `event` pings
lockPref("toolkit.telemetry.eventping.minimumFrequency", 2147483647); // [HIDDEN] Disable `event` pings
lockPref("toolkit.telemetry.firstShutdownPing.enabled", false); // [HIDDEN - Android]
lockPref("toolkit.telemetry.healthping.enabled", false); // [HIDDEN]
lockPref("toolkit.telemetry.initDelay", 2147483647); // [HIDDEN] Prevent the Telemetry component from initializing
defaultPref("toolkit.telemetry.log.dump", false); // [HIDDEN] [DEFAULT] - To expose via the `about:config`
defaultPref("toolkit.telemetry.log.level", "Fatal"); // [HIDDEN] [Default: Warn]
lockPref("toolkit.telemetry.minSubsessionLength", 2147483647); // [HIDDEN]
lockPref("toolkit.telemetry.newProfilePing.delay", 2147483647); // [HIDDEN]
lockPref("toolkit.telemetry.newProfilePing.enabled", false); // [HIDDEN - Android]
lockPref("toolkit.telemetry.overrideUpdateChannel", "release"); // [HIDDEN] [DEFENSE IN DEPTH] Always report channel as `release`, regardless of actual value https://docs.telemetry.mozilla.org/concepts/channels/channel_normalization
lockPref("toolkit.telemetry.previousBuildID", ""); // [HIDDEN]
lockPref("toolkit.telemetry.reportingpolicy.firstRun", false); // [HIDDEN]
lockPref("toolkit.telemetry.scheduler.idleTickInterval", 2147483647); // [HIDDEN]
lockPref("toolkit.telemetry.scheduler.tickInterval", 2147483647); // [HIDDEN]
lockPref("toolkit.telemetry.send.overrideOfficialCheck", false); // [HIDDEN] [DEFAULT] Never send pings on unofficial builds - https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/internals/preferences.html
lockPref("toolkit.telemetry.server", "data;");
lockPref("toolkit.telemetry.server_owner", "");
lockPref("toolkit.telemetry.shutdownPingSender.backgroundtask.enabled", false); // [HIDDEN - Android/Thunderbird] [DEFAULT - Desktop Firefox]
lockPref("toolkit.telemetry.shutdownPingSender.enabled", false); // [HIDDEN - Android]
lockPref("toolkit.telemetry.shutdownPingSender.enabledFirstSession", false); // [HIDDEN - Android] [DEFAULT]
lockPref("toolkit.telemetry.testing.disableFuzzingDelay", false); // [HIDDEN] [DEFAULT] [DEFENSE IN DEPTH] Always delay sending pings between 0-1 AM
lockPref("toolkit.telemetry.testing.overridePreRelease", false); // [HIDDEN] [DEFAULT] Never record extended/prelease data on release channels - https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/internals/preferences.html
lockPref("toolkit.telemetry.testing.overrideProductsCheck", false); // [DEFAULT] Limit probes to only what is supported on the current product - https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/internals/preferences.html
lockPref("toolkit.telemetry.testing.suppressPingsender", true); // [HIDDEN]
defaultPref("toolkit.telemetry.translations.logLevel", "Off");
lockPref("toolkit.telemetry.unified", false); // [DEFAULT - Android]
lockPref("toolkit.telemetry.untrustedModulesPing.frequency", 2147483647); // [HIDDEN]
lockPref("toolkit.telemetry.updatePing.enabled", false); // [HIDDEN - Android]
lockPref("toolkit.telemetry.user_characteristics_ping.current_version", 0); // [DEFAULT]
lockPref("toolkit.telemetry.user_characteristics_ping.last_version_sent", 0); // [DEFAULT]
defaultPref("toolkit.telemetry.user_characteristics_ping.logLevel", "Off");
lockPref("toolkit.telemetry.user_characteristics_ping.opt-out", true);
lockPref("toolkit.telemetry.user_characteristics_ping.send-once", false); // [DEFAULT]
lockPref("toolkit.telemetry.user_characteristics_ping.uuid", ""); // [DEFAULT]
lockPref("urlclassifier.features.emailtracking.datacollection.allowlistTables", ""); // https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/url-classifier/SafeBrowsing.sys.mjs#264
lockPref("urlclassifier.features.emailtracking.datacollection.blocklistTables", ""); // https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/url-classifier/SafeBrowsing.sys.mjs#264
if (phoenixESR == true) {
    lockPref("network.trr.confirmation_telemetry_enabled", false); // [NO-ANDROID] [ESR]
};
if (phoenixPlatform != "android") {
    lockPref("telemetry.fog.aboutGlean.debugTag", ""); // [NO-ANDROID] [HIDDEN] Do not set a debug ping tag https://searchfox.org/firefox-main/rev/4258ca07/toolkit/content/aboutGlean.js#122
};
if (phoenixPlatform != "android" && phoenixMail == false) {
    lockPref("browser.aboutwelcome.entrypoint", ""); // [NO-ANDROID] [NO-MAIL] [HIDDEN] [DEFAULT] Ensure entrypoint to `about:welcome` is not recorded and ex. submitted for telemetry https://searchfox.org/firefox-main/rev/a7d872e9/browser/components/aboutwelcome/actors/AboutWelcomeChild.sys.mjs#266
};

/// Disable Default Browser Agent
// (Windows-specific telemetry service)
// https://firefox-source-docs.mozilla.org/toolkit/mozapps/defaultagent/default-browser-agent/index.html
if (phoenixPlatform == "windows" && phoenixMail == false) {
    lockPref("default-browser-agent.enabled", false); // [WINDOWS-ONLY] [NO-MAIL]
};

/// Disable experimentation and A/B testing
// (Covers Shield/Nimbus/Normandy)
// https://support.mozilla.org/kb/shield
// https://support.mozilla.org/kb/how-stop-firefox-making-automatic-connections#w_experiments-or-studies
// https://experimenter.info/
// https://wiki.mozilla.org/Firefox/Shield/Shield_Studies
// https://mozilla.github.io/normandy/
// https://wiki.mozilla.org/Advocacy/heartbeat
// resource://nimbus/ExperimentAPI.sys.mjs
// https://searchfox.org/firefox-main/source/toolkit/components/backgroundtasks/defaults/backgroundtasks_browser.js
lockPref("app.normandy.run_interval_seconds", 0); // [HIDDEN - Android/Thunderbird] Prevent fetching experiments - This pref is also used by Nimbus https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/nimbus/lib/RemoteSettingsExperimentLoader.sys.mjs#801
lockPref("app.shield.optoutstudies.enabled", false); // [HIDDEN - Android/Thunderbird] Required for Firefox Labs on Desktop
defaultPref("messaging-system.rsexperimentloader.collection_id", ""); // [DEFAULT: `nimbus-desktop-experiments`] Required for Firefox Labs on Desktop
defaultPref("nimbus.appId", ""); // [HIDDEN] [DEFAULT: `firefox-desktop`] Required for Firefox Labs on Desktop
lockPref("nimbus.firstUpdateComplete", true); // [HIDDEN - non-Firefox Desktop] Ensure we skip Nimbus enrollment/set-up https://bugzilla.mozilla.org/show_bug.cgi?id=2032544 https://searchfox.org/firefox-main/rev/90143df1/toolkit/components/nimbus/lib/ExperimentManager.sys.mjs#235
pref("nimbus.profileId", "");
lockPref("nimbus.profileId", ""); // [HIDDEN] https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/nimbus/ExperimentAPI.sys.mjs#80 - We also set this as a "user" pref to ensure that Firefox properly uses/recognizes it
lockPref("nimbus.profilesdatastoreservice.enabled", false); // Disable writing to the NimbusEnrollments table database https://searchfox.org/firefox-main/rev/16707ce1/toolkit/components/nimbus/lib/Enrollments.sys.mjs#617
lockPref("nimbus.profilesdatastoreservice.read.enabled", false); // Disable reading from the NimbusEnrollments table database https://searchfox.org/firefox-main/rev/16707ce1/toolkit/components/nimbus/lib/Enrollments.sys.mjs#628
lockPref("nimbus.profilesdatastoreservice.sync.enabled", false); // Disable syncing NimbusEnrollments data https://searchfox.org/firefox-main/rev/16707ce1/toolkit/components/nimbus/lib/RemoteSettingsExperimentLoader.sys.mjs#425 https://searchfox.org/firefox-main/rev/16707ce1/toolkit/components/nimbus/lib/Enrollments.sys.mjs#638
lockPref("nimbus.rollouts.enabled", false); // [HIDDEN - non-Firefox Desktop] Nimbus rollouts/"remote improvements" (A/B Testing) https://support.mozilla.org/kb/remote-improvements
if (phoenixPlatform != "android" && phoenixMail == false) {
    lockPref("app.normandy.api_url", ""); // [NO-ANDROID] [NO-MAIL]
    lockPref("app.normandy.enabled", false); // [NO-ANDROID] [NO-MAIL]
    lockPref("app.normandy.experiments.lazy_classify", true); // [NO-ANDROID] [NO-MAIL] [HIDDEN] [DEFENSE IN DEPTH] Prevent making client classification requests on every startup https://mozilla.github.io/normandy/dev/feature-experiments.html
    lockPref("app.normandy.first_run", false); // [NO-ANDROID] [NO-MAIL]
    lockPref("app.normandy.last_seen_buildid", ""); // [NO-ANDROID] [NO-MAIL]
    defaultPref("app.normandy.logging.level", 70); // [NO-ANDROID] [NO-MAIL] Limit logging to fatal only
    lockPref("app.normandy.user_id", ""); // [NO-ANDROID] [NO-MAIL] [HIDDEN]
    lockPref("browser.aboutwelcome.experimentsGate.enabled", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN - non-OS X] [DEFAULT - non-OS X] https://searchfox.org/firefox-main/rev/cdf7090f/browser/app/profile/firefox.js#2091 https://searchfox.org/firefox-main/rev/cdf7090f/browser/components/aboutwelcome/actors/AboutWelcomeParent.sys.mjs#61 Do not have `about:welcome` depend on Nimbus
    lockPref("browser.aboutwelcome.experimentsGate.skipSplashIfLoaded", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT] https://searchfox.org/firefox-main/rev/cdf7090f/browser/app/profile/firefox.js#2098 https://searchfox.org/firefox-main/rev/92e193f9/browser/components/asrouter/modules/OnboardingMessageProvider.sys.mjs#3173
};

/// Disable Firefox Labs (`about:preferences#experimental`)
// Firefox Labs requires experiments and telemetry to be enabled (see specific prefs below)
// When experiments and telemetry are not enabled, this seems to cause a broken/empty "Firefox Labs" section to appear at the bottom of pages at `about:preferences`
// From my testing, the following prefs specifically are required for Firefox Labs to work (these are also indicated above): [NO-ANDROID] [NO-MAIL]
// `app.shield.optoutstudies.enabled` -> `true`
// `datareporting.healthreport.uploadEnabled` -> `true`
// `messaging-system.rsexperimentloader.collection_id` -> `nimbus-desktop-experiments`
// `nimbus.appId` -> `firefox-desktop`
// You'll also need to remove the `DisableFirefoxStudies` and `DisableTelemetry` policies
if (phoenixESR == true && phoenixMail == false) {
    defaultPref("browser.preferences.experimental", false); // [NO-ANDROID] [NO-MAIL] [ESR]
    defaultPref("browser.preferences.experimental.hidden", true); // [NO-ANDROID] [NO-MAIL] [ESR] Avoids the "Firefox Labs" section from shortly appearing on first launch https://searchfox.org/firefox-main/rev/93aad2a6615f670b1279c229dd37f7397236131a/browser/components/preferences/experimental.js#185
};

/// Disable Glean redesign/navigation category at `about:glean`
// This isn't really a major issue for us, but we don't want or support Glean, so I see no reason not to set this
// https://searchfox.org/firefox-main/rev/cd6acbe9/toolkit/content/aboutGlean.js#215
if (phoenixPlatform != "android") {
    lockPref("about.glean.redesign.enabled", false); // [NO-ANDROID] [HIDDEN - non-Desktop Firefox] [DEFAULT]
};

/// Disable OHTTP Telemetry
// https://searchfox.org/firefox-main/rev/82e2435f/widget/android/OhttpHelper.cpp#110
if (phoenixPlatform == "android") {
    lockPref("network.ohttp.configURL", ""); // [ANDROID-ONLY]
    lockPref("network.ohttp.relayURL", ""); // [ANDROID-ONLY]
};

/// Disable notification permission telemetry
// https://searchfox.org/firefox-main/rev/28328852/browser/app/profile/firefox.js#938
// https://searchfox.org/firefox-main/rev/28328852/browser/modules/PermissionUI.sys.mjs#79
if (phoenixPlatform != "android") {
    lockPref("permissions.desktop-notification.telemetry.siteCategories", "{}"); // [NO-ANDROID]
};

/// Disable Origin Trials
// https://wiki.mozilla.org/Origin_Trials
defaultPref("dom.origin-trials.enabled", false);

/// Remove partner attribution
// These are *only* used for telemetry, and could potentially be used for fingerprinting
lockPref("app.distributor", ""); // [HIDDEN] [DEFAULT]
lockPref("app.distributor.channel", ""); // [HIDDEN] [DEFAULT]
lockPref("mozilla.partner.id", ""); // [HIDDEN] [DEFAULT]

defaultPref("browser.phoenix.status", "001");

/*** 002 MOZILLA CRAP™ ***/

// Some of these also provide Attack Surface Reduction

/// Clear unnecessary/undesired Mozilla URLs
defaultPref("extensions.recommendations.privacyPolicyUrl", ""); // [DEFAULT - Android]
if (phoenixPlatform == "android") {
    defaultPref("extensions.getAddons.langpacks.url", ""); // [ANDROID-ONLY] Functionality isn't supported on Android, so no need to connect there - ex. https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=android&type=language&appversion=138.0.1
} else {
    defaultPref("app.feedback.baseURL", ""); // [NO-ANDROID]
    defaultPref("datareporting.healthreport.infoURL", ""); // [NO-ANDROID]
    defaultPref("toolkit.datacollection.infoURL", ""); // [NO-ANDROID]
};
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("app.normandy.shieldLearnMoreUrl", ""); // [NO-ANDROID] [NO-MAIL]
    defaultPref("browser.newtabpage.activity-stream.privacyInfo.url", ""); // [NO-ANDROID] [NO-MAIL]
};

/// Disable `about:welcome`/onboarding
// Privacy concerns - unsolicited connections
// Also just annoying and undesired for our use case :/
// https://searchfox.org/firefox-main/source/browser/components/BrowserContentHandler.sys.mjs
pref("browser.preonboarding.enabled", false); // [HIDDEN - Android/Thunderbird] [DEFAULT - Linux] Disable the preonboarding modal https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/nimbus/FeatureManifest.yaml#874 https://searchfox.org/firefox-main/rev/643d7328/toolkit/components/telemetry/app/TelemetryReportingPolicy.sys.mjs#638
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.aboutwelcome.enabled", false); // [NO-ANDROID] [NO-MAIL]
    defaultPref("browser.aboutwelcome.log", "off"); // [NO-ANDROID] [NO-MAIL] [HIDDEN] Disable logging
    defaultPref("browser.rights.3.shown", true); // [NO-ANDROID] [NO-MAIL] [HIDDEN]
    defaultPref("browser.startup.firstrunSkipsHomepage", false); // [NO-ANDROID] [NO-MAIL] Ensure we never skip the homepage (ex. upon update/in favor of the onboarding) https://searchfox.org/firefox-release/rev/9d94f5e3/browser/app/profile/firefox.js#323
    lockPref("browser.startup.homepage_override.buildID", "20100101"); // [NO-ANDROID] [NO-MAIL] [HIDDEN] Ex. matches what Tor Browser uses
    lockPref("browser.startup.homepage_override.mstone", "ignore"); // [NO-ANDROID] [NO-MAIL] [HIDDEN]
    defaultPref("browser.startup.upgradeDialog.enabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT] https://searchfox.org/firefox-main/rev/82e2435f/browser/components/asrouter/docs/first-run.md#69
    defaultPref("browser.suppress_first_window_animation", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    defaultPref("startup.homepage_override_nimbus_disable_wnp", true); // [NO-ANDROID] [NO-MAIL] "What's New" Pages
    defaultPref("startup.homepage_override_url", ""); // [NO-ANDROID] [NO-MAIL]
    defaultPref("startup.homepage_override_url_nimbus", ""); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    defaultPref("startup.homepage_welcome_url", ""); // [NO-ANDROID] [NO-MAIL]
    defaultPref("startup.homepage_welcome_url.additional", ""); // [NO-ANDROID] [NO-MAIL]
};

/// Disable add-on/feature recommendations
// https://support.mozilla.org/kb/recommendations-firefox
// https://searchfox.org/firefox-main/source/toolkit/mozapps/extensions/content/aboutaddons.js
// https://searchfox.org/firefox-main/source/browser/components/enterprisepolicies/Policies.sys.mjs
lockPref("browser.discovery.enabled", false); // [HIDDEN - Android/Thunderbird] [DEFAULT - Android/Thunderbird]
defaultPref("browser.translations.mostRecentTargetLanguages", "en-US"); // https://searchfox.org/firefox-main/rev/4258ca07/browser/components/enterprisepolicies/Policies.sys.mjs#2829
lockPref("browser.translations.panelShown", true); // [HIDDEN]
defaultPref("extensions.getAddons.browseAddons", ""); // [HIDDEN - non-Android]
defaultPref("extensions.getAddons.discovery.api_url", "data;");
defaultPref("extensions.getAddons.showPane", false); // [HIDDEN]
defaultPref("extensions.htmlaboutaddons.recommendations.enabled", false);
lockPref("extensions.recommendations.hideNotice", true); // [HIDDEN] "Some of these recommendations are personalized..." banner
defaultPref("extensions.recommendations.themeRecommendationUrl", "");
defaultPref("extensions.ui.lastCategory", "addons://list/extension"); // [HIDDEN] [DEFAULT = `addons://discover/`] Ensure default view of `about:addons` is always local/installed extensions
defaultPref("extensions.webservice.discoverURL", ""); // [HIDDEN - non-Thunderbird]
if (phoenixPlatform != "android" && phoenixMail == false) {
    lockPref("browser.dataFeatureRecommendations.enabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    defaultPref("browser.discovery.sites", ""); // [NO-ANDROID] [NO-MAIL]
    lockPref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false); // [NO-ANDROID] [NO-MAIL]
    lockPref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false); // [NO-ANDROID] [NO-MAIL]
};

/// Disable DoH Rollout/heuristics/steering
// This helps ensure Firefox doesn't override our/the user's DoH settings...
// https://searchfox.org/firefox-main/source/toolkit/components/doh/DoHConfig.sys.mjs
// https://searchfox.org/firefox-main/source/toolkit/components/doh/DoHController.sys.mjs
// https://searchfox.org/firefox-main/source/toolkit/components/doh/DoHHeuristics.sys.mjs
// https://searchfox.org/firefox-main/source/netwerk/docs/dns/dns-over-https-trr.md
defaultPref("doh-rollout._testing", false); // [HIDDEN] [DEFAULT]
lockPref("doh-rollout.disable-heuristics", true); // [HIDDEN]
lockPref("doh-rollout.doneFirstRun", true); // [HIDDEN]
lockPref("doh-rollout.enabled", false); // [HIDDEN]
lockPref("doh-rollout.provider-steering.enabled", false); // [HIDDEN]
lockPref("doh-rollout.provider-steering.provider-list", ""); // [HIDDEN]
lockPref("doh-rollout.self-enabled", false); // [HIDDEN]
lockPref("doh-rollout.skipHeuristicsCheck", true); // [HIDDEN]
lockPref("doh-rollout.trr-selection.enabled", false); // [HIDDEN]
lockPref("doh-rollout.trr-selection.provider-list", ""); // [HIDDEN]
if (phoenixPlatform == "android") {
    lockPref("network.android_doh.autoselect_enabled", false); // [ANDROID-ONLY] https://searchfox.org/firefox-main/rev/82e2435f/mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoRuntimeSettings.java#1773
};

/// Disable DoH performance measurements
// https://searchfox.org/firefox-main/rev/82e2435f/browser/components/BrowserGlue.sys.mjs#1155
// https://searchfox.org/firefox-main/source/toolkit/components/doh/TRRPerformance.sys.mjs
defaultPref("doh-rollout.trrRace.canonicalDomain", ""); // [HIDDEN] [Default = firefox-dns-perf-test.net]
defaultPref("doh-rollout.trrRace.complete", true); // [HIDDEN]
defaultPref("doh-rollout.trrRace.enabled", false); // [HIDDEN]
defaultPref("doh-rollout.trrRace.popularDomains", ""); // [HIDDEN]
defaultPref("doh-rollout.trrRace.randomSubdomainCount", 0); // [HIDDEN]

/// Disable 'Essential Domains Fallback'
// My concern here is the fact that this is fetched from Remote Settings - this could potentially be used to bypass our internal domain blocklist above + the firewall of users if they themselves choose to block specific domains for whatever reason
// I don't have a problem with this being a local dump though, as I can understand the usefulness of this (and being local would mitigate my concerns here) - but I'm not comfortable with the remote part
// This is currently unused anyways...
// https://searchfox.org/firefox-main/source/netwerk/base/EssentialDomainsRemoteSettings.sys.mjs
// https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/moz-essential-domain-fallbacks/changeset?_expected=0
defaultPref("network.essential_domains_fallback", false); // [DEFAULT]

/// Disable Fakespot
defaultPref("toolkit.shopping.ohttpConfigURL", "");
defaultPref("toolkit.shopping.ohttpRelayURL", "");

/// Disable "Feature Tours"
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.firefox-view.feature-tour", '{"screen":"","complete":true}'); // [NO-ANDROID] [NO-MAIL]
    defaultPref("browser.newtab.feature-tour", '{"screen":"","complete":true}'); // [NO-ANDROID] [NO-MAIL] [HIDDEN]
    defaultPref("browser.pdfjs.feature-tour", '{"screen":"","complete":true}'); // [NO-ANDROID] [NO-MAIL]
};

/// Disable fetching Firefox Relay's "allowlist" and "denylist"
// Should reduce network activity, and also allows users of Relay to use it anywhere if desired (+ should reduce nags from the browser about it in general)
// https://bugzilla.mozilla.org/show_bug.cgi?id=1926974
// https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/fxrelay-allowlist/changeset?_expected=0
// https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/fxrelay-denylist/changeset?_expected=0
// https://searchfox.org/firefox-main/rev/c82adde5/toolkit/components/satchel/integrations/FirefoxRelay.sys.mjs#42
defaultPref("signon.firefoxRelay.allowListRemoteSettingsCollection", ""); // [HIDDEN] [DEFAULT: fxrelay-allowlist]
defaultPref("signon.firefoxRelay.denyListRemoteSettingsCollection", ""); // [HIDDEN] [DEFAULT: fxrelay-denylist]

/// Disable fetching Password Manager rules remotely by default
// (Used for identifying password forms on websites)
// Last update was January 2023... also included locally as a dump anyways (resource://app/defaults/settings/main/password-recipes.json), so I don't see a reason to fetch these remotely
// https://bugzilla.mozilla.org/show_bug.cgi?id=1134852
// https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/password-recipes/changeset?_expected=0
defaultPref("signon.recipes.remoteRecipes.enabled", false);

/// Disable Firefox Bridge
// Uses native messaging to share browsing data with other browsers (Chromium)
// Interesting concept, but due to the obvious potential privacy and security concerns, I feel that this is something that should be left to the user to enable
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/nimbus/FeatureManifest.yaml#948
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.firefoxbridge.enabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
};

/// Disable the Firefox Messaging System
// https://firefox-source-docs.mozilla.org/browser/components/asrouter/docs/index.html
// https://searchfox.org/firefox-main/rev/ac83682a/browser/components/asrouter/modules/ASRouter.sys.mjs#1863
// https://searchfox.org/firefox-main/rev/ac83682a/browser/components/asrouter/modules/ASRouterPreferences.sys.mjs#200
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/backgroundtasks/defaults/backgroundtasks_browser.js#26
if (phoenixPlatform != "android") {
    defaultPref("app.update.background.messaging.targeting.snapshot.intervalSec", -1); // [NO-ANDROID] Disable targeting information background updates: https://searchfox.org/firefox-main/rev/82e2435f/toolkit/mozapps/update/BackgroundUpdate.sys.mjs#827
};
if (phoenixPlatform != "android" && phoenixMail == false) {
    lockPref("browser.newtabpage.activity-stream.asrouter.providers.cfr", "null"); // [NO-ANDROID] [NO-MAIL]
    lockPref("browser.newtabpage.activity-stream.asrouter.providers.cfr-fxa", "null"); // [NO-ANDROID] [NO-MAIL]
    lockPref("browser.newtabpage.activity-stream.asrouter.providers.message-groups", "null"); // [NO-ANDROID] [NO-MAIL]
    lockPref("browser.newtabpage.activity-stream.asrouter.providers.messaging-experiments", "null"); // [NO-ANDROID] [NO-MAIL]
    lockPref("browser.newtabpage.activity-stream.asrouter.providers.onboarding", "null"); // [NO-ANDROID] [NO-MAIL]
    lockPref("browser.newtabpage.activity-stream.asrouter.providers.snippets", "null"); // [NO-ANDROID] [NO-MAIL]
    lockPref("browser.newtabpage.activity-stream.feeds.newtabmessaging", false); // [NO-ANDROID] [NO-MAIL] https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/ActivityStream.sys.mjs#1569 https://searchfox.org/firefox-main/source/browser/extensions/newtab/lib/NewTabMessaging.sys.mjs
    lockPref("messaging-system.askForFeedback", false); // [NO-ANDROID] [NO-MAIL]
    defaultPref("messaging-system.log", "off"); // [NO-ANDROID] [NO-MAIL] Disables logging
    lockPref("messaging-system.profile.messagingProfileId", -1); // [NO-ANDROID] [NO-MAIL] [HIDDEN] Firefox thinks this is the only profile it can send targetting messages to. As this profile ID does not exist, it tricks Firefox into never sending targetting messages.
    defaultPref("messaging-system.profile.singleProfileMessaging.disable", false); // [NO-ANDROID] [NO-MAIL] This makes Firefox only send targetting messages to the profile defined by `messaging-system.profile.messagingProfileId`
};


/// Disable Firefox Relay by default
defaultPref("signon.firefoxRelay.feature", "disabled"); // [HIDDEN - Thunderbird]

/// Disable import of Mozilla's default bookmarks
// We also disable the default bookmarks via the `NoDefaultBookmarks` policy
// https://searchfox.org/firefox-main/rev/268969d4/browser/components/places/PlacesBrowserStartup.sys.mjs#63
if (phoenixPlatform != "android" && phoenixMail == false) {
    lockPref("browser.bookmarks.restore_default_bookmarks", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN] [DEFAULT] Ensure the browser never tries to restore/import the default bookmarks
    lockPref("browser.bookmarks.testing.skipDefaultBookmarksImport", true); // [NO-ANDROID] [NO-MAIL] [HIDDEN] NOTE: This only appears to work in automation, but doesn't hurt to set anyways https://searchfox.org/firefox-main/rev/82e2435f/browser/components/places/PlacesBrowserStartup.sys.mjs#210
    defaultPref("browser.places.importBookmarksHTML", true); // [NO-ANDROID] [NO-MAIL] [HIDDEN] This is a clever hack that effectively tricks Firefox into skipping the process of importing default bookmarks - instead it will try to import bookmarks from a HTML file that doesn't exist by default, hence, Firefox will import nothing - This is also nice to set here to expose this pref via `about:config`, as its hidden
};

/// Disable import of Mozilla's default protocol handlers
// (ex. Gmail, Outlook, and friends)
// https://searchfox.org/firefox-main/rev/881a9b31/uriloader/exthandler/ExtHandlerService.sys.mjs#94
// https://searchfox.org/firefox-main/rev/881a9b31/uriloader/exthandler/HandlerList.sys.mjs
lockPref("gecko.handlerService.defaultHandlersVersion", 2147483647); // [HIDDEN]

/// Disable "Interest-based Content Relevance Ranking and Personalization"
// https://bugzilla.mozilla.org/show_bug.cgi?id=1886207
lockPref("toolkit.contentRelevancy.enabled", false); // [HIDDEN - Android/Thunderbird] [DEFAULT]
lockPref("toolkit.contentRelevancy.ingestEnabled", false); // [HIDDEN - Android/Thunderbird] [DEFAULT]
defaultPref("toolkit.contentRelevancy.log", false); // [HIDDEN - Android/Thunderbird] [DEFAULT]

/// Disable Mozilla nags/promotions
lockPref("browser.promo.cookiebanners.enabled", false); // [HIDDEN - Android/Thunderbird] [DEFAULT - Desktop] https://searchfox.org/firefox-main/rev/dc1c78e9/toolkit/modules/BrowserUtils.sys.mjs#756
defaultPref("browser.promo.focus.disallowed_regions", "xx");
lockPref("browser.promo.focus.enabled", false); // [HIDDEN - Android/Thunderbird] https://searchfox.org/firefox-main/rev/dc1c78e9/toolkit/modules/BrowserUtils.sys.mjs#722
lockPref("browser.promo.pin.enabled", false); // [HIDDEN - Android/Thunderbird] https://searchfox.org/firefox-main/rev/dc1c78e9/toolkit/modules/BrowserUtils.sys.mjs#734
lockPref("browser.send_to_device_locales", ""); // [HIDDEN - Android/Thunderbird] Disables "Send to Device" email promotions https://searchfox.org/firefox-main/rev/dc1c78e9/browser/app/profile/firefox.js#2503 https://searchfox.org/firefox-main/rev/dc1c78e9/toolkit/modules/BrowserUtils.sys.mjs#789 https://searchfox.org/firefox-main/rev/dc1c78e9/browser/components/preferences/moreFromMozilla.js#273
defaultPref("browser.vpn_promo.disallowed_regions", "xx");
lockPref("browser.vpn_promo.enabled", false); // [HIDDEN - Android/Thunderbird] https://searchfox.org/firefox-main/rev/dc1c78e9/toolkit/modules/BrowserUtils.sys.mjs#692
lockPref("pdfjs.enableNewBadge", false); // https://searchfox.org/firefox-main/rev/cdf7090f/toolkit/components/pdfjs/content/web/viewer.mjs#9012
lockPref("privacy.trackingprotection.allow_list.hasUserInteractedWithETPSettings", true); // Disables nag/onboarding to configure ETP exception lists https://searchfox.org/firefox-main/rev/dc1c78e9/modules/libpref/init/all.js#3342 https://searchfox.org/firefox-main/rev/dc1c78e9/netwerk/url-classifier/UrlClassifierExceptionListService.sys.mjs#200
if (phoenixPlatform != "android" && phoenixMail == false) {
    lockPref("browser.contentsharing.newBadge.enabled", false); // [NO-ANDROID] [NO-MAIL] https://searchfox.org/firefox-main/rev/cdf7090f/browser/app/profile/firefox.js#3603
    lockPref("browser.contentblocking.report.hide_vpn_banner", true); // [NO-ANDROID] [NO-MAIL]
    lockPref("browser.contentblocking.report.lockwise.enabled", false); // [NO-ANDROID] [NO-MAIL]
    lockPref("browser.contentblocking.report.mobile-android.url", ""); // [NO-ANDROID] [NO-MAIL]
    lockPref("browser.contentblocking.report.mobile-ios.url", ""); // [NO-ANDROID] [NO-MAIL]
    lockPref("browser.contentblocking.report.monitor.enabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    lockPref("browser.contentblocking.report.proxy.enabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    lockPref("browser.contentblocking.report.proxy_extension.url", ""); // [NO-ANDROID] [NO-MAIL]
    lockPref("browser.contentblocking.report.show_mobile_app", false); // [NO-ANDROID] [NO-MAIL]
    lockPref("browser.contentblocking.report.vpn.url", ""); // [NO-ANDROID] [NO-MAIL]
    lockPref("browser.contentblocking.report.vpn-android.url", ""); // [NO-ANDROID] [NO-MAIL]
    lockPref("browser.contentblocking.report.vpn-ios.url", ""); // [NO-ANDROID] [NO-MAIL]
    lockPref("browser.contentblocking.report.vpn-promo.url", ""); // [NO-ANDROID] [NO-MAIL]
    lockPref("browser.ipProtection.locationButtonBadgeDismissed", true); // [NO-ANDROID] [NO-MAIL] https://searchfox.org/firefox-main/rev/cdf7090f/browser/components/ipprotection/IPProtectionPanel.sys.mjs#273
    lockPref("browser.ipProtection.openedPanelWithLocation", true); // [NO-ANDROID] [NO-MAIL] https://searchfox.org/firefox-release/rev/21080ed2/browser/components/ipprotection/IPProtectionToolbarButton.sys.mjs#315
    lockPref("browser.ipProtection.productVpn.endpoint", ""); // [NO-ANDROID] [NO-MAIL] [HIDDEN] Used for Mozilla VPN upgrade nags/promotions https://searchfox.org/firefox-main/source/browser/components/ipprotection/content/ipprotection-constants.mjs
    lockPref("browser.ipProtection.upgradeNotAvailable", true); // [NO-ANDROID] [NO-MAIL] Disables Mozilla VPN ads/promotions (ex. at `about:preferences#privacy`) https://searchfox.org/firefox-main/rev/ada2ab81/toolkit/components/ipprotection/docs/Preferences.rst#58
    lockPref("browser.protections_panel.infoMessage.seen", true); // [NO-ANDROID] [NO-MAIL] Disables ETP Banner
    lockPref("browser.tabs.notes.newBadge.enabled", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN] [DEFAULT] https://searchfox.org/firefox-main/rev/cdf7090f/browser/components/tabbrowser/content/tabbrowser.js#10457
    lockPref("browser.tabs.splitview.hasUsed", true); // [NO-ANDROID] [NO-MAIL] https://searchfox.org/firefox-main/rev/cdf7090f/browser/components/tabbrowser/content/tabbrowser.js#10510
    lockPref("cookiebanners.ui.desktop.showCallout", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    lockPref("identity.fxaccounts.toolbar.accessed", true); // [NO-ANDROID] [NO-MAIL] Used for Activity Stream/onboarding targeting https://searchfox.org/firefox-main/rev/a7d872e9/browser/components/asrouter/modules/ASRouterTargeting.sys.mjs#98 https://searchfox.org/firefox-main/rev/a7d872e9/browser/components/asrouter/modules/OnboardingMessageProvider.sys.mjs#2506
    lockPref("sidebar.verticalTabs.dragToPinPromo.dismissed", true); // [NO-ANDROID] [NO-MAIL] Promo card for dragging tabs when vertical tabs are enabled (sidebar.verticalTabs) https://searchfox.org/firefox-main/rev/839a8725/browser/components/sidebar/SidebarManager.sys.mjs#158
    lockPref("trailhead.firstrun.didHandleCampaignAction", true); // [NO-ANDROID] [NO-MAIL] [HIDDEN] Disable marketing/attribution/"campaign" actions on first run https://searchfox.org/firefox-main/rev/a7d872e9/browser/components/asrouter/modules/ASRouterTargeting.sys.mjs#269 https://searchfox.org/firefox-main/rev/a7d872e9/browser/components/aboutwelcome/actors/AboutWelcomeParent.sys.mjs#271
};
if (phoenixESR == true && phoenixMail == false) {
    lockPref("browser.privatebrowsing.vpnpromourl", ""); // [NO-ANDROID] [NO-MAIL] [ESR]
};

/// Disable Mozilla.UITour
// https://mozilla.github.io/bedrock/uitour/#ui-tour
// https://firefox-source-docs.mozilla.org/browser/components/uitour/docs/index.html
// https://searchfox.org/firefox-main/source/browser/components/uitour/UITourUtils.sys.mjs
if (phoenixPlatform != "android" && phoenixMail == false) {
    lockPref("browser.uitour.enabled", false); // [NO-ANDROID] [NO-MAIL]
    defaultPref("browser.uitour.loglevel", "Off"); // [NO-ANDROID] [NO-MAIL]
    lockPref("browser.uitour.requireSecure", true); // [NO-ANDROID] [NO-MAIL] [HIDDEN] [DEFAULT]
    lockPref("browser.uitour.surveyDuration", 0); // [NO-ANDROID] [NO-MAIL]
    lockPref("browser.uitour.testingOrigins", ""); // [NO-ANDROID] [NO-MAIL] [HIDDEN] [DEFAULT]
    lockPref("browser.uitour.url", ""); // [NO-ANDROID] [NO-MAIL]
};

/// Disable "Privacy-Preserving Attribution"
// https://support.mozilla.org/kb/privacy-preserving-attribution
lockPref("dom.origin-trials.private-attribution.state", 2); // [DEFAULT]
lockPref("dom.private-attribution.submission.enabled", false); // [DEFAULT]

/// Disable Remote Permissions
// This currently only allows overriding behavior for HTTPS-First + localhost
// In general, I don't think there should be remote/default overrides for a feature like this (or permissions in general...), best left up to the user
// https://searchfox.org/firefox-main/source/extensions/permissions/docs/remote.rst
// https://searchfox.org/firefox-main/source/extensions/permissions/RemotePermissionService.sys.mjs
// https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/remote-permissions/changeset?_expected=0
defaultPref("permissions.manager.remote.enabled", false);

/// Disable Remote Settings 'Preview' Buckets
// Nice to expose via about:config
defaultPref("services.settings.preview_enabled", false); // [HIDDEN] [DEFAULT]

/// Disable search attribution
// https://searchfox.org/comm-central/source/mozilla/toolkit/components/search/AppProvidedSearchEngine.sys.mjs
if (phoenixPlatform != "android" && phoenixMail == false) {
    lockPref("browser.search.param.search_rich_suggestions", ""); // [NO-ANDROID] [NO-MAIL]
};

/// Disable the Web Compatibility Reporter
// Harmless - We just don't want to waste Mozilla's time due to our custom set-up...
// Also acts as a potential performance improvement
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/nimbus/FeatureManifest.yaml#4511
defaultPref("extensions.webcompat-reporter.enabled", false); // [DEFAULT - Release/ESR]
defaultPref("extensions.webcompat-reporter.newIssueEndpoint", "https://phoenix.celenity.dev/issues"); // Temporarily override to our URL instead of Mozilla's to work-around upstream bug - https://bugzilla.mozilla.org/show_bug.cgi?id=1963764
defaultPref("media.decoder-doctor.new-issue-endpoint", "https://phoenix.celenity.dev/issues"); // For decoding errors https://searchfox.org/firefox-main/rev/82e2435f/browser/actors/DecoderDoctorParent.sys.mjs#83
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("ui.new-webcompat-reporter.enabled", false); // [NO-ANDROID] [NO-MAIL]
    defaultPref("ui.new-webcompat-reporter.new-report-endpoint", "https://phoenix.celenity.dev/issues"); // [NO-ANDROID] [NO-MAIL] [HIDDEN] Temporarily override to our URL instead of Mozilla's to work-around upstream bug - https://bugzilla.mozilla.org/show_bug.cgi?id=1963764
};

/// Hide the "More from Mozilla" settings tab (`about:preferences#moreFromMozilla`)
if (phoenixPlatform != "android" && phoenixMail == false) {
    lockPref("browser.preferences.moreFromMozilla", false); // [NO-ANDROID] [NO-MAIL]
};

/// Opt out of add-on metadata updates
// Note: This prevents themes from displaying previews in `about:addons`
// https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/
defaultPref("extensions.getAddons.cache.enabled", false);

/// Prevent checking if Firefox is the default browser
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.shell.checkDefaultBrowser", false); // [NO-ANDROID] [NO-MAIL]
    defaultPref("browser.shell.skipDefaultBrowserCheckOnFirstRun", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
};

/// Prevent checking if Firefox is the default `mailto:` handler
// https://bugzilla.mozilla.org/show_bug.cgi?id=1864216
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.mailto.dualPrompt", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
};

/// Prevent checking if Firefox is the default PDF viewer
// https://searchfox.org/firefox-main/rev/82e2435f/browser/app/profile/firefox.js#284
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.shell.checkDefaultPDF", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN - non-Windows]
    defaultPref("browser.shell.checkDefaultPDF.silencedByUser", true); // [NO-ANDROID] [NO-MAIL] [HIDDEN - non-Windows]
    defaultPref("browser.shell.setDefaultPDFHandler.onlyReplaceBrowsers", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN - non-Windows] If the browser is set as the default PDF viewer, always replace the existing default PDF viewer, regardless of whether it's a browser
};

/// Remove special privileges from Mozilla domains
// https://firefox-source-docs.mozilla.org/dom/ipc/process_model.html#privileged-mozilla-content
lockPref("browser.tabs.remote.separatePrivilegedMozillaWebContentProcess", false); // [DEFAULT - non-Firefox Desktop]
lockPref("browser.tabs.remote.separatedMozillaDomains", "");
lockPref("dom.ipc.processCount.privilegedmozilla", 0);
defaultPref("extensions.webextensions.restrictedDomains", "");
defaultPref("permissions.manager.defaultsUrl", ""); // [HIDDEN - Android] [DEFAULT - Android]
lockPref("svg.context-properties.content.allowed-domains", ""); // [DEFAULT - Android/Thunderbird]

/// Remove tracking parameters from Mozilla URLs + prevent exposing locale and unnecessary information
// For info on the extension update (`extensions.update.`) URL parameters, see https://devdoc.net/web/developer.mozilla.org/en-US/docs/Install_Manifests.html + https://mozilla-balrog.readthedocs.io/en/latest/database.html
defaultPref("browser.backup.template.fallback-download.aurora", "https://www.mozilla.org/firefox/channel/desktop/#developer");
defaultPref("browser.backup.template.fallback-download.beta", "https://www.mozilla.org/firefox/channel/desktop/#beta");
defaultPref("browser.backup.template.fallback-download.esr", "https://www.mozilla.org/firefox/enterprise/#download");
defaultPref("browser.backup.template.fallback-download.nightly", "https://www.mozilla.org/firefox/channel/desktop/#nightly");
defaultPref("browser.backup.template.fallback-download.release", "https://www.mozilla.org/firefox/download/thanks/?s=direct");
defaultPref("extensions.abuseReport.amoFormURL", "https://addons.mozilla.org/feedback/addon/%addonID%/");
defaultPref("extensions.blocklist.addonItemURL", "https://addons.mozilla.org/blocked-addon/%addonID%/%addonVersion%/");
defaultPref("pdfjs.altTextLearnMoreUrl", "https://support.mozilla.org/kb/pdf-alt-text");
defaultPref("pdfjs.commentLearnMoreUrl", "https://support.mozilla.org/kb/view-pdf-files-firefox-or-choose-another-viewer#w_add-a-comment-to-a-pdf");
defaultPref("signon.firefoxRelay.learn_more_url", "https://support.mozilla.org/kb/relay-integration#w_frequently-asked-questions");
defaultPref("signon.firefoxRelay.manage_url", "https://relay.firefox.com/accounts/profile/");
defaultPref("signon.firefoxRelay.privacy_policy_url", "https://www.mozilla.org/privacy/subscription-services/");
defaultPref("signon.firefoxRelay.terms_of_service_url", "https://www.mozilla.org/about/legal/terms/subscription-services/");
if (phoenixMail == false) {
    defaultPref("extensions.update.background.url", "https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID%&version=%ITEM_VERSION%&status=%ITEM_STATUS%&appID=%APP_ID%&appVersion=%APP_VERSION%&currentAppVersion=%CURRENT_APP_VERSION%&updateType=%UPDATE_TYPE%"); // [NO-MAIL] Removes maximum app/browser version (maxAppVersion), operating system (appOS), ABI (appABI), locale (locale), and compatibility mode (compatMode)
    defaultPref("extensions.update.url", "https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID%&version=%ITEM_VERSION%&status=%ITEM_STATUS%&appID=%APP_ID%&appVersion=%APP_VERSION%&currentAppVersion=%CURRENT_APP_VERSION%&updateType=%UPDATE_TYPE%"); // [NO-MAIL] Removes maximum app/browser version (maxAppVersion), operating system (appOS), ABI (appABI), locale (locale), and compatibility mode (compatMode)
};
if (phoenixPlatform == "android") {
    defaultPref("extensions.getAddons.search.browseURL", "https://addons.mozilla.org/android/search?q=%TERMS%"); // [ANDROID-ONLY]
};
if (phoenixPlatform != "android" && phoenixMail == false) {
    lockPref("app.releaseNotesURL", "https://www.mozilla.org/firefox/%VERSION%/releasenotes"); // [NO-ANDROID] [NO-MAIL]
    lockPref("app.releaseNotesURL.aboutDialog", "https://www.mozilla.org/firefox/%VERSION%/releasenotes"); // [NO-ANDROID] [NO-MAIL]
    lockPref("app.releaseNotesURL.prompt", "https://www.mozilla.org/firefox/%VERSION%/releasenotes"); // [NO-ANDROID] [NO-MAIL]
    lockPref("app.update.url.details", "https://www.mozilla.org/firefox/notes"); // [NO-ANDROID] [NO-MAIL]
    lockPref("app.update.url.manual", "https://www.mozilla.org/firefox/new"); // [NO-ANDROID] [NO-MAIL]
    defaultPref("browser.contentblocking.report.cookie.url", "https://support.mozilla.org/kb/trackers-and-scripts-firefox-blocks-enhanced-track#w_cross-site-tracking-cookies"); // [NO-ANDROID] [NO-MAIL]
    defaultPref("browser.contentblocking.report.cryptominer.url", "https://support.mozilla.org/kb/trackers-and-scripts-firefox-blocks-enhanced-track#w_cryptominers"); // [NO-ANDROID] [NO-MAIL]
    defaultPref("browser.contentblocking.report.fingerprinter.url", "https://support.mozilla.org/kb/trackers-and-scripts-firefox-blocks-enhanced-track#w_fingerprinters"); // [NO-ANDROID] [NO-MAIL]
    defaultPref("browser.contentblocking.report.lockwise.how_it_works.url", "https://support.mozilla.org/kb/password-manager-remember-delete-edit-logins"); // [NO-ANDROID] [NO-MAIL]
    defaultPref("browser.contentblocking.report.monitor.sign_in_url", "https://monitor.firefox.com/oauth/init"); // [NO-ANDROID] [NO-MAIL]
    defaultPref("browser.contentblocking.report.monitor.url", "https://monitor.firefox.com/"); // [NO-ANDROID] [NO-MAIL]
    defaultPref("browser.contentblocking.report.social.url", "https://support.mozilla.org/kb/trackers-and-scripts-firefox-blocks-enhanced-track#w_social-media-trackers"); // [NO-ANDROID] [NO-MAIL]
    defaultPref("browser.contentblocking.report.tracker.url", "https://support.mozilla.org/kb/trackers-and-scripts-firefox-blocks-enhanced-track#w_tracking-content"); // [NO-ANDROID] [NO-MAIL]
    defaultPref("browser.dictionaries.download.url", "https://addons.mozilla.org/language-tools/"); // [NO-ANDROID] [NO-MAIL]
    defaultPref("browser.lna.warning.infoURL", "https://support.mozilla.org/kb/control-personal-device-local-network-permissions-firefox"); // [NO-ANDROID] [NO-MAIL]
    defaultPref("browser.newtabpage.activity-stream.support.url", "https://support.mozilla.org/kb/new-tab"); // [NO-ANDROID] [NO-MAIL]
    defaultPref("browser.xr.warning.infoURL", "https://support.mozilla.org/kb/webxr-permission-info-page"); // [NO-ANDROID] [NO-MAIL]
    defaultPref("extensions.getAddons.link.url", "https://addons.mozilla.org/"); // [NO-ANDROID] [NO-MAIL]
    defaultPref("extensions.getAddons.search.browseURL", "https://addons.mozilla.org/search?q=%TERMS%"); // [NO-ANDROID] [NO-MAIL]
};

/// Skip Mozilla's `Privacy Notice` and `Terms of Use`
// https://github.com/mozilla/policy-templates/pull/1212
// https://searchfox.org/firefox-main/rev/82e2435f/browser/components/enterprisepolicies/Policies.sys.mjs#2806
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/telemetry/docs/internals/preferences.rst#208
lockPref("datareporting.policy.dataSubmissionPolicyAcceptedVersion", 999);
lockPref("datareporting.policy.dataSubmissionPolicyNotifiedTime", "32503679999000");
lockPref("termsofuse.acceptedDate", "32503679999000"); // [HIDDEN - Android/Thunderbird]
lockPref("termsofuse.acceptedVersion", 999); // [HIDDEN - Android/Thunderbird]
lockPref("termsofuse.bypassNotification", true); // [HIDDEN - Android/Thunderbird] [DEFAULT - builds without MOZILLA_OFFICIAL]

defaultPref("browser.phoenix.status", "002");

/*** 003 TRACKING PROTECTION ***/

/// Allow users to add URLs to ETP via the `about:config`
// Typically hidden, but can be useful useful, so we can expose this via the `about:config` to make it easier for users to find/add entries
// https://developer.mozilla.org/docs/Web/Privacy/Guides/Storage_Access_Policy#adding_custom_domains_to_the_tracking_protection_list
defaultPref("urlclassifier.trackingAnnotationTable.testEntries", ""); // [HIDDEN] [DEFAULT]

/// Allow users to exclude URLs from ETP via the `about:config`
// These are typically hidden, but very useful (especially for testing/working around breakage), so we can expose these via the `about:config` to make it easier for users to find/add exclusions
defaultPref("privacy.rejectForeign.allowList", ""); // [DEFAULT]
defaultPref("urlclassifier.features.consentmanager.annotate.skipURLs", ""); // [HIDDEN] [DEFAULT]
defaultPref("urlclassifier.features.cryptomining.skipURLs", ""); // [HIDDEN] [DEFAULT]
defaultPref("urlclassifier.features.emailtracking.skipURLs", ""); // [HIDDEN] [DEFAULT]
defaultPref("urlclassifier.features.fingerprinting.skipURLs", ""); // [HIDDEN] [DEFAULT]
defaultPref("urlclassifier.features.socialtracking.skipURLs", ""); // [HIDDEN] [DEFAULT]
defaultPref("urlclassifier.trackingSkipURLs", ""); // [HIDDEN] [DEFAULT]

/// Disable exceptions for minor issues by default
defaultPref("privacy.trackingprotection.allow_list.convenience.enabled", false);

/// Enable ETP Strict
// https://support.mozilla.org/kb/enhanced-tracking-protection-firefox-desktop#w_strict-enhanced-tracking-protection
lockPref("browser.contentblocking.category", "strict"); // [HIDDEN]

/// Manually enable ETP/Strict protections...
// These are typically configured by ETP Strict - but unfortunately Firefox doesn't set ETP Strict on the browser's first run :/
// So we need to also manually configure them. We still also use ETP Strict (not 'Custom') due to our enforcement of it, so we should be covered by Mozilla changes/updates for protections.
// Manually specifying these is also useful for cases like Android: where all protections aren't enabled with ETP Strict, and on Thunderbird: where ETP Strict doesn't exist at all...
// We're also configuring the 'CookieBehavior' and 'EnableTrackingProtection' policies on desktop.

//// Block harmful add-on URLs
defaultPref("privacy.trackingprotection.harmfuladdon.enabled", true); // [DEFAULT - Desktop Firefox] https://searchfox.org/firefox-main/rev/93aad2a6615f670b1279c229dd37f7397236131a/browser/app/profile/firefox.js#2434

//// Block known consent managers (CMPs)
defaultPref("privacy.trackingprotection.consentmanager.annotate_channels", true); // [DEFAULT]
defaultPref("privacy.trackingprotection.consentmanager.skip.enabled", false); // [DEFAULT]
defaultPref("privacy.trackingprotection.consentmanager.skip.pbmode.enabled", false);

//// Block known cryptominers
defaultPref("privacy.trackingprotection.cryptomining.enabled", true); // [DEFAULT - non-Thunderbird]

//// Block known email trackers
defaultPref("privacy.trackingprotection.emailtracking.enabled", true);
defaultPref("privacy.trackingprotection.emailtracking.pbmode.enabled", true); // [DEFAULT]

//// Block known fingerprinters
// Including ones classified as "anti-fraud": https://bugzilla.mozilla.org/show_bug.cgi?id=1962092
defaultPref("privacy.trackingprotection.antifraud.annotate_channels", true); // [DEFAULT] [NIGHTLY]
defaultPref("privacy.trackingprotection.antifraud.skip.enabled", false); // [DEFAULT] [NIGHTLY]
defaultPref("privacy.trackingprotection.antifraud.skip.pbmode.enabled", false); // [NIGHTLY]
defaultPref("privacy.trackingprotection.fingerprinting.enabled", true); // [DEFAULT - non-Thunderbird]

//// Block known social trackers
defaultPref("privacy.trackingprotection.socialtracking.enabled", true);

//// Block known trackers
defaultPref("privacy.trackingprotection.annotate_channels", true); // [DEFAULT]
defaultPref("privacy.trackingprotection.enabled", true);
defaultPref("privacy.trackingprotection.pbmode.enabled", true); // [DEFAULT - non-Android]

//// Block known trackers using the `strict` (Level 2) list
/// https://searchfox.org/firefox-main/rev/dc1c78e9/modules/libpref/init/StaticPrefList.yaml#16075
/// https://searchfox.org/firefox-main/rev/dc1c78e9/toolkit/components/nimbus/FeatureManifest.yaml#3609
defaultPref("privacy.annotate_channels.strict_list.enabled", true); // [DEFAULT - Android]
defaultPref("privacy.annotate_channels.strict_list.pbmode.enabled", true); // [DEFAULT]

//// Block known tracking cookies
defaultPref("network.cookie.cookieBehavior.trackerCookieBlocking", true); // [HIDDEN - Android/Thunderbird] [DEFAULT - Desktop]
defaultPref("privacy.socialtracking.block_cookies.enabled", true); // [DEFAULT]

//// Enable Bounce Tracking Protection
/// https://support.mozilla.org/kb/enhanced-tracking-protection-firefox-desktop#w_bounce-tracking-protection
/// https://searchfox.org/firefox-main/rev/dc1c78e9/toolkit/components/antitracking/bouncetrackingprotection/nsIBounceTrackingProtection.idl#10
defaultPref("privacy.bounceTrackingProtection.mode", 1); // [DEFAULT - Nightly]
defaultPref("privacy.bounceTrackingProtection.requireStatefulBounces", false); // [DEFAULT] Protect against all bounce trackers, instead of just those who access cookies/storage https://searchfox.org/firefox-main/rev/dc1c78e9/toolkit/components/nimbus/FeatureManifest.yaml#4930

//// Enable Query Parameter Stripping
/// https://firefox-source-docs.mozilla.org/toolkit/components/antitracking/anti-tracking/query-stripping/index.html
defaultPref("privacy.query_stripping.enabled", true);
defaultPref("privacy.query_stripping.enabled.pbmode", true);
defaultPref("privacy.query_stripping.redirect", true); // [DEFAULT]

//// Enable SmartBlock and Web Compatibility interventions by default
defaultPref("extensions.webcompat.enable_interventions", true); // [HIDDEN] [DEFAULT - non-Thunderbird]
defaultPref("extensions.webcompat.enable_shims", true); // [HIDDEN] [DEFAULT - non-Thunderbird]
defaultPref("extensions.webcompat.perform_injections", true); // [HIDDEN] [DEFAULT - non-Thunderbird]
defaultPref("extensions.webcompat.perform_ua_overrides", true); // [HIDDEN] [DEFAULT - non-Thunderbird]
defaultPref("extensions.webcompat.smartblockEmbeds.enabled", true); // [HIDDEN - Android/Thunderbird] [DEFAULT - Desktop] - Enables Embeds/Placeholders to make certain resources click to load
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("extensions.pictureinpicture.enable_picture_in_picture_overrides", true); // [NO-ANDROID] [NO-MAIL] [HIDDEN] [DEFAULT] https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/pictureinpicture/lib/picture_in_picture_overrides.js#19 https://searchfox.org/firefox-main/source/browser/extensions/pictureinpicture/data/picture_in_picture_overrides.js Controls PiP overrides
};

//// Enable State Partitioning
defaultPref("network.fetch.cache_partition_cross_origin", true); // [DEFAULT] Cross origin fetch/XHR requests
defaultPref("privacy.partition.always_partition_third_party_non_cookie_storage", true); // [DEFAULT]
defaultPref("privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage", false); // [DEFAULT]
defaultPref("privacy.partition.bloburl_per_partition_key", true); // [DEFAULT]
defaultPref("privacy.partition.network_state", true); // [DEFAULT]
defaultPref("privacy.partition.network_state.ocsp_cache", true); // [DEFAULT]
defaultPref("privacy.partition.network_state.ocsp_cache.pbmode", true); // [DEFAULT]
defaultPref("privacy.partition.serviceWorkers", true); // [DEFAULT]

//// Enable Suspected Fingerprinters Protection (FPP)
/// https://support.mozilla.org/kb/firefox-protection-against-fingerprinting#w_suspected-fingerprinters
defaultPref("privacy.fingerprintingProtection", true);
defaultPref("privacy.fingerprintingProtection.pbmode", true); // [DEFAULT]
defaultPref("privacy.reduceTimerPrecision", true); // [DEFAULT]

//// Enable TCP/dFPI
/// https://support.mozilla.org/kb/introducing-total-cookie-protection-standard-mode
/// https://searchfox.org/firefox-main/rev/dc1c78e9/toolkit/components/nimbus/FeatureManifest.yaml#3633
defaultPref("network.cookie.cookieBehavior", 5); // [DEFAULT - non-Thunderbird]
defaultPref("network.cookie.cookieBehavior.optInPartitioning", true);
defaultPref("network.cookie.cookieBehavior.optInPartitioning.pbmode", true);
defaultPref("network.cookie.cookieBehavior.pbmode", 5); // [DEFAULT - non-Thunderbird]

//// Ignore less restricted referer policies (than the default)
/// https://searchfox.org/firefox-main/rev/dc1c78e9/modules/libpref/init/StaticPrefList.yaml#13615
defaultPref("network.http.referer.disallowCrossSiteRelaxingDefault", true); // [DEFAULT] - for cross-site requests
defaultPref("network.http.referer.disallowCrossSiteRelaxingDefault.pbmode", true); // [DEFAULT] - for cross-site requests in Private Browsing
defaultPref("network.http.referer.disallowCrossSiteRelaxingDefault.pbmode.top_navigation", true); // [DEFAULT] - for top navigations in Private Browsing
defaultPref("network.http.referer.disallowCrossSiteRelaxingDefault.top_navigation", true); // for top navigations

/// Enable exceptions required to avoid major breakage by default
defaultPref("privacy.trackingprotection.allow_list.baseline.enabled", true); // [DEFAULT]
lockPref("privacy.trackingprotection.allow_list.hasMigratedCategoryPrefs", true); // Skip migration, so that `privacy.trackingprotection.allow_list.baseline.enabled` isn't overriden to `false` https://searchfox.org/firefox-main/rev/dc1c78e9/netwerk/url-classifier/UrlClassifierExceptionListService.sys.mjs#254

/// Lower the network priority of known trackers (if not blocked for whatever reason...)
defaultPref("privacy.trackingprotection.lower_network_priority", true);

defaultPref("browser.phoenix.status", "003");

/*** 004 FINGERPRINTING PROTECTION ***/

/// Add notes to help prevent users from making themselves unnecessarily fingerprintable
// We need to keep Android notes under ~50 characters to prevent them from being cut off/un-readable; isn't an issue on Desktop
defaultPref("dom.webmidi.enabled.0.NOTE", "Changing this value is unnecessary...");
defaultPref("dom.webmidi.enabled.1.NOTE", "and WILL aid fingerprinting.");
defaultPref("dom.webmidi.enabled.2.NOTE", "Set 'dom.sitepermsaddon-provider.enabled' to 'false'...");
defaultPref("dom.webmidi.enabled.3.NOTE", "and 'dom.webmidi.gated' to 'true' instead.");
defaultPref("geo.enabled.0.NOTE", "Changing this value is unnecessary...");
defaultPref("geo.enabled.1.NOTE", "and WILL aid fingerprinting.");
if (phoenixESR == true) {
    defaultPref("pdfjs.disabled.0.NOTE", "Changing this value is unnecessary, and it WILL aid fingerprinting. To disable PDF.js, set 'browser.helperApps.showOpenOptionForPdfJS' to 'false' instead."); // [NO-ANDROID] [ESR]
};
if (phoenixPlatform == "android") { 
    defaultPref("geo.enabled.2.NOTE", "Use the 'Location' site setting instead."); // [ANDROID-ONLY]
} else if (phoenixMail == false) { 
    defaultPref("geo.enabled.2.NOTE", "To block Geolocation, set 'permissions.default.geo' to '2' instead."); // [NO-ANDROID] [NO-MAIL]
};

/// Always load fonts bundled with Firefox
// The default is -1 - which loads bundled fonts, EXCEPT on "low-memory" devices
// Hence, this could add extra entropy/add an extra fingerprinting vector for users on "low-memory" devices
// In general, this will ensure all users have the same standard behavior here
// https://bugzilla.mozilla.org/show_bug.cgi?id=1686274
// https://searchfox.org/firefox-main/rev/82e2435f/gfx/thebes/gfxFT2FontList.cpp#1625
defaultPref("gfx.bundled-fonts.activate", 1);

/// Disable the ability to switch locales without requiring a restart
// Currently appears to be buggy and inconsistent - and thus could be potentially fingerprintable, so I think it's best to leave off to be safe
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42349#note_3057563
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42771#note_3057587
if (phoenixPlatform != "android") {
    defaultPref("intl.multilingual.liveReload", false); // [NO-ANDROID] [DEFAULT - non-Firefox release/beta]
    defaultPref("intl.multilingual.liveReloadBidirectional", false); // [NO-ANDROID] [DEFAULT]
};

/// Disable failIfMajorPerformanceCaveat in WebGL contexts
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/18603
defaultPref("webgl.disable-fail-if-major-performance-caveat", true); // [DEFAULT]

/// Disable VP9 Benchmark
// This means that VP9 will always be enabled regardless of performance benchmarks (unless on a plaform where this isn't supported)
// This likely also results in a performance improvement, so that's nice
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/22548
defaultPref("media.benchmark.vp9.threshold", 0);

/// Do not use the theme's toolbar color scheme for in-content pages by default
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/modules/LightweightThemeConsumer.sys.mjs#17
defaultPref("browser.theme.unified-color-scheme", false); // [HIDDEN - non-Thunderbird] [DEFAULT - non-Thunderbird]

/// Enable fdlibm for Math.sin, Math.cos, and Math.tan
// https://searchfox.org/firefox-main/rev/82e2435f/modules/libpref/init/StaticPrefList.yaml#9422
// https://groups.google.com/a/mozilla.org/g/dev-platform/c/0dxAO-JsoXI/m/eEhjM9VsAgAJ
defaultPref("javascript.options.use_fdlibm_for_sin_cos_tan", true); // [DEFAULT - non-Windows]

/// Enable light mode by default
// Matches with RFP & prevents exposing system theme
defaultPref("layout.css.prefers-color-scheme.content-override", 1);

/// Ensure user agent is always set to Firefox
// NOTE: This appears to be broken on Thunderbird; it causes both Thunderbird AND Firefox to be reported in the user agent...
// Primarily useful for ex. users of forks, and serves as defense in depth regardless
// Prevents fingerprinting and ensures we avoid compatibility issues
// https://searchfox.org/firefox-main/rev/83d1a08d/netwerk/protocol/http/nsHttpHandler.cpp#1059
if (phoenixMail == false) {
    defaultPref("general.useragent.compatMode.firefox", true); // [NO-MAIL]
};

/// Ensure we use the standard Noto Color Emoji font by default (instead of ex. Samsung's if available)
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/43023
if (phoenixPlatform == "android") {
    defaultPref("font.name-list.emoji", "Noto Color Emoji"); // [ANDROID-ONLY]
};

/// Expose dynamic rounding of content dimensions (`privacy.resistFingerprinting.letterboxing`) in the `about:config`, but do not enable by default (except for Android: see note below) [NO-MAIL]
// https://bugzilla.mozilla.org/show_bug.cgi?id=1407366 [NO-MAIL]
if (phoenixPlatform == "android") {
    defaultPref("privacy.resistFingerprinting.letterboxing", true); // [ANDROID-ONLY] [HIDDEN] This doesn't have a noticeable effect on Android - but it's still referenced by toolkit code, so let's just ensure it's enabled/active for good measure
} else if (phoenixMail == false) {
    defaultPref("privacy.resistFingerprinting.letterboxing", false); // [NO-EXTENDED] [NO-ANDROID] [NO-MAIL] [HIDDEN] [DEFAULT]
};
if (phoenixExtended == true) {
    defaultPref("privacy.resistFingerprinting.letterboxing", true); // [EXTENDED-ONLY]
};

/// Harden FPP (which we enable at `003` above) to match RFP with a few exceptions...
// As explained here: https://codeberg.org/celenity/Phoenix/wiki/Android#fingerprinting [ANDROID-ONLY]
// This also improves security - Attack Surface Reduction, reduced timer precision
// List of targets: https://searchfox.org/firefox-main/source/toolkit/components/resistfingerprinting/RFPTargets.inc
// Easily build your own (global) override list: https://raw.githack.com/rindeal/Firefox-FPP-Override-List-Editor/master/FirefoxFPPOverrideListEditor.html
// (We're setting -EfficientCanvasRandomization for now to work-around an upstream bug that prevents randomization from applying everywhere as expected: https://bugzilla.mozilla.org/show_bug.cgi?id=2013976)

// The values set below are unused, they're just set here to support the standard prefs .js format
if (false) {
    defaultPref("privacy.fingerprintingProtection.overrides", "+AllTargets,-CanvasExtractionBeforeUserInputIsBlocked,-CSSPrefersColorScheme,-EfficientCanvasRandomization,-FrameRate,-CanvasImageExtractionPrompt"); // [EXTENDED-ONLY] [ANDROID-ONLY]
    defaultPref("privacy.fingerprintingProtection.overrides", "+AllTargets,-CanvasExtractionBeforeUserInputIsBlocked,-CSSPrefersColorScheme,-EfficientCanvasRandomization,-FrameRate,-CanvasImageExtractionPrompt,-JSDateTimeUTC"); // [NO-EXTENDED] [ANDROID-ONLY]
    defaultPref("privacy.fingerprintingProtection.overrides", "+AllTargets,-CanvasExtractionBeforeUserInputIsBlocked,-CSSPrefersColorScheme,-EfficientCanvasRandomization,-FrameRate"); // [EXTENDED-ONLY] [NO-ANDROID] [NO-MAIL]
    defaultPref("privacy.fingerprintingProtection.overrides", "+AllTargets,-CanvasExtractionBeforeUserInputIsBlocked,-CSSPrefersColorScheme,-EfficientCanvasRandomization,-FrameRate,-JSDateTimeUTC"); // [NO-EXTENDED] [NO-ANDROID] [NO-MAIL]
};

// Allow users to append their own global FPP overrides (with the `browser.phoenix.fingerprintingProtection.global.userOverrides` preference) instead of overriding our defaults

/// First, if users have previously set overrides with privacy.fingerprintingProtection.overrides, we need to migrate them to our new pref
//// (browser.phoenix.fingerprintingProtection.global.userOverrides)
defaultPref("browser.phoenix.fingerprintingProtection.global.migration.completed", false); // [FN]
defaultPref("privacy.fingerprintingProtection.overrides", ""); // [FN]
if (getPref("browser.phoenix.fingerprintingProtection.global.migration.completed") == false && getPref("privacy.fingerprintingProtection.overrides") != "") {
    let legacyGlobalUserFppTargets = getPref("privacy.fingerprintingProtection.overrides");
    pref("browser.phoenix.fingerprintingProtection.global.userOverrides", `${legacyGlobalUserFppTargets}`); // [FN]
    clearPref("privacy.fingerprintingProtection.overrides");
    pref("browser.phoenix.fingerprintingProtection.global.migration.completed", true); // [FN]
};

/// Now, set our default FPP targets
if (phoenixPlatform == "android") {
    if (phoenixExtended == true) {
        defaultGlobalFppTargets = "+AllTargets,-CanvasExtractionBeforeUserInputIsBlocked,-CSSPrefersColorScheme,-EfficientCanvasRandomization,-FrameRate,-CanvasImageExtractionPrompt";
    } else {
        defaultGlobalFppTargets = "+AllTargets,-CanvasExtractionBeforeUserInputIsBlocked,-CSSPrefersColorScheme,-EfficientCanvasRandomization,-FrameRate,-CanvasImageExtractionPrompt,-JSDateTimeUTC";
    };
} else {
    if (phoenixExtended == true) {
        defaultGlobalFppTargets = "+AllTargets,-CanvasExtractionBeforeUserInputIsBlocked,-CSSPrefersColorScheme,-EfficientCanvasRandomization,-FrameRate";
    } else {
        defaultGlobalFppTargets = "+AllTargets,-CanvasExtractionBeforeUserInputIsBlocked,-CSSPrefersColorScheme,-EfficientCanvasRandomization,-FrameRate,-JSDateTimeUTC";
    };
};

/// Set user-specified targets
if (getPref("browser.phoenix.fingerprintingProtection.global.userOverrides") != "") {
    userGlobalFppTargets = "," + getPref("browser.phoenix.fingerprintingProtection.global.userOverrides");
} else {
    userGlobalFppTargets = ""
};

/// If `browser.phoenix.fingerprintingProtection.global.consumerOverrides` is set by a consuming project, add those targets as well
// (This lets them customize the default overrides without needing to hijack the pref for user-specified ones)
if (getPref("browser.phoenix.fingerprintingProtection.global.consumerOverrides") != "") {
    globalFppTargets = defaultGlobalFppTargets + "," + getPref("browser.phoenix.fingerprintingProtection.global.consumerOverrides") + userGlobalFppTargets;
} else {
    globalFppTargets = defaultGlobalFppTargets + userGlobalFppTargets;
};
lockPref("privacy.fingerprintingProtection.overrides", `${globalFppTargets}`); // [FN]

/// If FPP/RFP is disabled, limit font visibility to base system fonts + fonts from optional language packs
// We could set this to 1 to only allow base system fonts - but this is already covered by FPP/RFP. So if one disables RFP/FPP or adds an override, I think it's reasonable to allow fonts from language packs - as that may be the reason they've disabled it. I see no reason to ever expose user-installed fonts though.
// https://searchfox.org/firefox-main/rev/82e2435f/modules/libpref/init/StaticPrefList.yaml#10128
defaultPref("layout.css.font-visibility", 2);

/// Never expose the device model in the user agent
// FPP/RFP take precedence over this - so it's mainly for defense in depth/if FPP is disabled per-site
// https://searchfox.org/firefox-main/rev/83d1a08d/netwerk/protocol/http/nsHttpHandler.cpp#152
// https://searchfox.org/firefox-main/rev/83d1a08d/netwerk/protocol/http/nsHttpHandler.cpp#1156
if (phoenixPlatform == "android") {
    defaultPref("general.useragent.use_device", false); // [ANDROID-ONLY] [HIDDEN] [DEFAULT]
};

/// Prevent enumeration of media devices
// Exceptions can be set via the `media.devices.enumerate.legacy.allowlist` pref
// https://bugzilla.mozilla.org/show_bug.cgi?id=1528042
defaultPref("media.devices.enumerate.legacy.enabled", false); // [DEFAULT]

/// Prevent exposing WebGL Renderer Info
// This is equivalent to the RFP/FPP 'WebGLRenderInfo' target
// Useful to ensure users are protected if they disable FPP for whatever reason, or if they just disable ETP/Strict for a specific site/add an exception
// https://searchfox.org/firefox-main/source/dom/canvas/SanitizeRenderer.cpp
defaultPref("webgl.enable-renderer-query", false); // Spoofs "Vendor" and "Renderer" to "Mozilla" (Like the `WebGLRenderInfo` target does)
defaultPref("webgl.override-unmasked-renderer", "Mozilla"); // Spoofs "Unmasked Renderer" Debug info to "Mozilla" (like FPP/RFP does for the WebGL renderer query)
defaultPref("webgl.override-unmasked-vendor", "Mozilla"); // Spoofs "Unmasked Vendor" Debug info to "Mozilla" (like FPP/RFP does for the WebGL renderer query)
defaultPref("webgl.sanitize-unmasked-renderer", false); // Prevents the "Unmasked Renderer" under Debug Info from being set to "Generic Renderer"; we instead set it to "Mozilla" to always match FPP/RFP

/// Prevent pre-allocating content processes
// These can cause certain values/settings to persist, even after a user changes them - which could result in leakage/fingerprinting concerns
// https://firefox-source-docs.mozilla.org/dom/ipc/process_model.html#preallocated-content
defaultPref("dom.ipc.processPrelaunch.enabled", false);
defaultPref("dom.ipc.processPrelaunch.fission.number", 0);

/// Prevent using system accent colors
defaultPref("widget.non-native-theme.use-theme-accent", false); // [DEFAULT - non-Thunderbird Windows]

/// Prevent using system colors
// The `ui.use_standins_for_native_colors` pref does the same thing as the 'UseStandinsForNativeColors' RFP/FPP target (so it shouldn't interfere with FPP/RFP)
// But I also want to set this here to ensure users are protected if they disable FPP for whatever reason, or if they disable ETP/Strict for a specific site/add an exception
// https://searchfox.org/firefox-main/rev/82e2435f/layout/style/PreferenceSheet.cpp#69
defaultPref("browser.display.document_color_use", 1); // [DEFAULT - non-Windows] Contrast Control, supersedes `browser.display.use_system_colors` https://github.com/arkenfox/user.js/issues/1965
defaultPref("browser.display.use_system_colors", false); // [DEFAULT - non-Windows]
defaultPref("ui.use_standins_for_native_colors", true);

/// Prompt to spoof locale to en-US
defaultPref("privacy.spoof_english", 0); // [DEFAULT]

/// Provide example templates to make it easier for users to set custom FPP overrides if needed
if (getPref("browser.phoenix.fingerprintingProtection.granular.functionality.enabled") == true) {
    lockPref("browser.phoenix.fingerprintingProtection.granular.userOverrides.0.example", '{"firstPartyDomain":"example1.invalid","overrides":"+ProtectionIWantToEnableOnThisWebsite,-ProtectionIWantToDisableOnThisWebsite"},{"firstPartyDomain":"*","thirdPartyDomain":"example2.invalid","overrides":"+ThirdPartyDomainsAreSupportedToo"}'); // [FN]
} else {
    lockPref("privacy.fingerprintingProtection.granularOverrides.0.example", '[{"firstPartyDomain":"example1.invalid","overrides":"+ProtectionIWantToEnableOnThisWebsite,-ProtectionIWantToDisableOnThisWebsite"},{"firstPartyDomain":"*","thirdPartyDomain":"example2.invalid","overrides":"+ThirdPartyDomainsAreSupportedToo"}]');
};

// (The values set below are unused, they're just set here to support the standard prefs .js format)
if (false) {
    lockPref("privacy.fingerprintingProtection.overrides.0.example", "+ProtectionIWantToEnableGlobally,-ProtectionIWantToDisableGlobally");
} else {
    lockPref("browser.phoenix.fingerprintingProtection.global.userOverrides.0.example", "+ProtectionIWantToEnableGlobally,-ProtectionIWantToDisableGlobally"); // [FN]
};

/// Reset the fingerprinting randomization key daily (in addition to per-session/when the browser restarts)
// https://bugzilla.mozilla.org/show_bug.cgi?id=1816064
defaultPref("privacy.resistFingerprinting.randomization.daily_reset.enabled", true);
defaultPref("privacy.resistFingerprinting.randomization.daily_reset.private.enabled", true);

/// Round window sizes
// Also ensure we always skip earlyBlankFirstPaint to ensure windows are properly sized: https://bugzilla.mozilla.org/show_bug.cgi?id=1448423
defaultPref("browser.startup.blankWindow", false); // [DEFAULT - non-Windows, non-Linux Nightly]
defaultPref("privacy.window.maxInnerHeight", 900); // [DEFAULT - non-Android/Thunderbird]
defaultPref("privacy.window.maxInnerWidth", 1600);
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("privacy.resistFingerprinting.skipEarlyBlankFirstPaint", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
};

/// Set a fixed temporary storage limit
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41065
// https://bugzilla.mozilla.org/show_bug.cgi?id=1781277
defaultPref("dom.quotaManager.temporaryStorage.fixedLimit", 52428800); // Ex. matches what Tor Browser uses & what Firefox uses by default in most cases

/// Set FPP granular overrides (if the related target is enabled...)
// See here for details: https://codeberg.org/celenity/Phoenix/wiki/FPP-Overrides

// The values set below are unused, they're just set here to support the standard prefs .js format
if (false) {
    defaultPref("privacy.fingerprintingProtection.granularOverrides", '[{"firstPartyDomain":"google.ad","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.ae","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.al","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.am","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.as","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.at","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.az","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.ba","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.be","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.bf","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.bg","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.bi","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.bj","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.bs","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.bt","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.by","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.ca","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.cat","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.cd","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.cf","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.cg","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.ch","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.ci","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.cl","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.cm","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.cn","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.ao","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.bw","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.ck","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.cr","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.id","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.il","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.in","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.jp","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.ke","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.kr","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.ls","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.ma","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.mz","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.nz","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.th","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.tz","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.ug","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.uk","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.uz","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.ve","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.vi","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.za","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.zm","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.zw","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.af","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.ag","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.ar","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.au","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.bd","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.bh","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.bn","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.bo","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.br","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.bz","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.co","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.cu","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.cy","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.do","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.ec","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.eg","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.et","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.fj","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.gh","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.gi","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.gt","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.hk","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.jm","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.kh","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.kw","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.lb","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.ly","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.mm","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.mt","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.mx","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.my","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.na","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.ng","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.ni","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.np","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.om","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.pa","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.pe","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.pg","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.ph","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.pk","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.pr","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.py","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.qa","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.sa","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.sb","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.sg","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.sl","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.sv","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.tj","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.tr","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.tw","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.ua","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.uy","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.vc","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.vn","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.cv","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.cz","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.de","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.dj","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.dk","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.dm","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.dz","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.ee","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.es","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.fi","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.fm","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.fr","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.ga","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.ge","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.gg","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.gl","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.gm","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.gr","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.gy","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.hn","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.hr","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.ht","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.hu","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.ie","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.im","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.iq","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.is","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.it","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.je","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.jo","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.kg","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.ki","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.kz","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.la","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.li","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.lk","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.lt","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.lu","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.lv","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.md","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.me","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.mg","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.mk","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.ml","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.mn","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.mu","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.mv","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.mw","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.ne","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.nl","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.no","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.nr","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.nu","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.pl","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.pn","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.ps","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.pt","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.ro","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.rs","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.ru","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.rw","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.sc","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.se","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.sh","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.si","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.sk","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.sn","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.so","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.sm","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.sr","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.st","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.td","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.tg","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.tl","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.tm","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.tn","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.to","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.tt","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.vu","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.ws","overrides":"+CanvasRandomization"},{"firstPartyDomain":"amazon.ae","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.ca","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.cn","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.co.jp","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.co.uk","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.co.za","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.com.au","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.com.be","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.com.br","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.com.mx","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.com.tr","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.de","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.eg","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.es","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.fr","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.ie","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.in","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.it","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.nl","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.pl","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.sa","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.se","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.sg","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"animepahe.ru","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"annas-archive.org","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"apple.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"apple.com.cn","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"apple.news","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt,+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC"},{"firstPartyDomain":"cloudflare.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt,+JSDateTimeUTC"},{"firstPartyDomain":"cvs.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"discord.gg","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt,+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC"},{"firstPartyDomain":"dropbox.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"enza.fun","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"epicgames.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"favicon.io","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"goo.gl","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt,+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC,+JSLocale"},{"firstPartyDomain":"hoyoverse.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"imdb.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"klippy.pro","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"kroger.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"medium.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"mega.nz","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"porkbun.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"reddit.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"redditmedia.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"rezka-ua.in","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"riverside.fm","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"salespanel.io","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"southwest.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"stacksocial.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"starlink.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"svgrepo.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"t.co","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt,+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC,+JSLocale"},{"firstPartyDomain":"thunderbird.net","overrides":"+CSSPrefersColorScheme"},{"firstPartyDomain":"tiktok.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"tileman.io","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt,+JSDateTimeUTC"},{"firstPartyDomain":"usnews.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"usps.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"vhlcentral.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"yahoo.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"youtu.be","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt,+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC,+JSLocale"},{"firstPartyDomain":"youtube-nocookie.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"zoho.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"zoho.com.au","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"zoho.eu","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"zoho.in","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"zoho.jp","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"zoho.sa","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"*","thirdPartyDomain":"apple.com","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"apple.news","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"bsky.app","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"cdn-apple.com","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"cdninstagram.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"cloudflare.com","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"discord.gg","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC,+JSLocale"},{"firstPartyDomain":"*","thirdPartyDomain":"favicon.io","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"goo.gl","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC,+JSLocale"},{"firstPartyDomain":"*","thirdPartyDomain":"googlevideo.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC,+JSLocale"},{"firstPartyDomain":"*","thirdPartyDomain":"gravatar.com","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC,+JSLocale"},{"firstPartyDomain":"*","thirdPartyDomain":"instagram.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"licdn.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"linkedin.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"loginwithamazon.com","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"moviezapiya.fun","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"pinimg.com","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"pinterest.com","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"recaptcha.net","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"recaptcha.net.cn","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"recaptcha-cn.net","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"redd.it","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"reddit.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"redditmedia.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"redditstatic.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"t.co","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC,+JSLocale"},{"firstPartyDomain":"*","thirdPartyDomain":"tileman.io","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"tiktok.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"twitter.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"twimg.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC,+JSLocale"},{"firstPartyDomain":"*","thirdPartyDomain":"vimeo.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"vimeocdn.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"x.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"youtu.be","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC,+JSLocale"},{"firstPartyDomain":"*","thirdPartyDomain":"youtube.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"youtube-nocookie.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"google.ad","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.ae","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.al","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.am","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.as","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.at","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.az","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.ba","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.be","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.bf","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.bg","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.bi","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.bj","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.bs","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.bt","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.by","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.ca","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.cat","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.cd","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.cf","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.cg","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.ch","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.ci","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.cl","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.cm","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.cn","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.ao","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.bw","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.ck","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.cr","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.id","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.il","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.in","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.jp","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.ke","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.kr","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.ls","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.ma","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.mz","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.nz","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.th","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.tz","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.ug","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.uk","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.uz","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.ve","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.vi","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.za","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.zm","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.zw","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.af","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.ag","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.ar","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.au","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.bd","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.bh","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.bn","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.bo","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.br","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.bz","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.co","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.cu","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.cy","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.do","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.ec","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.eg","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.et","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.fj","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.gh","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.gi","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.gt","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.hk","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.jm","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.kh","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.kw","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.lb","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.ly","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.mm","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.mt","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.mx","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.my","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.na","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.ng","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.ni","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.np","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.om","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.pa","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.pe","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.pg","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.ph","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.pk","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.pr","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.py","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.qa","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.sa","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.sb","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.sg","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.sl","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.sv","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.tj","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.tr","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.tw","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.ua","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.uy","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.vc","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.vn","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.cv","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.cz","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.de","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.dj","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.dk","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.dm","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.dz","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.ee","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.es","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.fi","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.fm","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.fr","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.ga","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.ge","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.gg","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.gl","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.gm","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.gr","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.gy","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.hn","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.hr","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.ht","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.hu","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.ie","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.im","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.iq","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.is","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.it","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.je","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.jo","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.kg","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.ki","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.kz","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.la","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.li","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.lk","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.lt","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.lu","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.lv","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.md","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.me","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.mg","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.mk","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.ml","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.mn","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.mu","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.mv","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.mw","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.ne","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.nl","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.no","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.nr","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.nu","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.pl","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.pn","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.ps","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.pt","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.ro","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.rs","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.ru","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.rw","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.sc","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.se","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.sh","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.si","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.sk","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.sn","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.so","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.sm","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.sr","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.st","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.td","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.tg","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.tl","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.tm","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.tn","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.to","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.tt","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.vu","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.ws","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"arcticfoxes.net","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"aria.im","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"bahn.expert","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"bitcoinist.org","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"calendly.com","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"chatwave.org","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"chipotle.com","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"cinny.in","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"citybbq.com","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"discord.com","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"doordash.com","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"duesen.chat","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"element.io","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"flieger.chat","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"g24.at","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"gemeinsam.jetzt","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"gnulinux.club","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"hot-chilli.im","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"kosmikdog.eu","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"mtrx.nz","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"neat.chat","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"nitro.chat","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"nope.chat","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"oblak.be","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"pcriot.org","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"pendora.io","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"proton.me","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"rollenspiel.chat","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"socialnetwork24.com","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"studichat.de","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"synod.im","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"temoos.app","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"the-apothecary.club","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"unredacted.org","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"utwente.io","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"we2.ee","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"yatrix.org","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"abeto.co","overrides":"-WebGLRenderCapability"},{"firstPartyDomain":"cryptpad.fr","thirdPartyDomain":"cryptpad.info","overrides":"-CanvasExtractionFromThirdPartiesIsBlocked"},{"firstPartyDomain":"figma.com","overrides":"-WebGLRenderCapability"},{"firstPartyDomain":"pogo.com","thirdPartyDomain":"pogospike.com","overrides":"-CanvasExtractionFromThirdPartiesIsBlocked"},{"firstPartyDomain":"vsynctester.com","overrides":"-ReduceTimerPrecision"},{"firstPartyDomain":"zennioptical.com","thirdPartyDomain":"fittingbox.com","overrides":"-CanvasExtractionFromThirdPartiesIsBlocked"},{"firstPartyDomain":"*","thirdPartyDomain":"megacloud.blog","overrides":"-CanvasExtractionFromThirdPartiesIsBlocked"},{"firstPartyDomain":"*","thirdPartyDomain":"megacloud.store","overrides":"-CanvasExtractionFromThirdPartiesIsBlocked"},{"firstPartyDomain":"*","thirdPartyDomain":"pornhub.com","overrides":"-CanvasExtractionFromThirdPartiesIsBlocked"},{"firstPartyDomain":"brave.com","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"bsky.app","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"cryptpad.fr","thirdPartyDomain":"cryptpad.info","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"discord.com","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"favicon.io","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"figma.com","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"fittingbox.com","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"gitlab.com","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"gsi.go.jp","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"harkins.com","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"icloud.com","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"icloud.com.cn","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"jerseymikes.com","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"jspaint.app","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"letterboxd.com","overrides":"-ScreenRect"},{"firstPartyDomain":"mapple.com","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"megacloud.blog","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"megacloud.store","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"mit.edu","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"namemc.com","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"nperf.com","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"photopea.com","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"piskelapp.com","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"pogo.com","thirdPartyDomain":"pogospike.com","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"pogospike.com","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"pornhub.com","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"siapre.pl","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"ttc.com.ge","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"usgs.gov","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"viliusle.github.io","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"watchduty.org","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"x.com","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"zennioptical.com","thirdPartyDomain":"fittingbox.com","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"*","thirdPartyDomain":"megacloud.blog","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"*","thirdPartyDomain":"megacloud.store","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"*","thirdPartyDomain":"pornhub.com","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"}]'); // [ANDROID-ONLY]
    defaultPref("privacy.fingerprintingProtection.granularOverrides", '[{"firstPartyDomain":"google.ad","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.ae","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.al","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.am","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.as","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.at","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.az","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.ba","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.be","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.bf","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.bg","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.bi","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.bj","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.bs","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.bt","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.by","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.ca","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.cat","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.cd","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.cf","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.cg","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.ch","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.ci","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.cl","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.cm","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.cn","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.ao","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.bw","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.ck","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.cr","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.id","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.il","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.in","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.jp","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.ke","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.kr","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.ls","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.ma","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.mz","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.nz","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.th","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.tz","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.ug","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.uk","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.uz","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.ve","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.vi","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.za","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.zm","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.zw","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.af","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.ag","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.ar","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.au","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.bd","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.bh","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.bn","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.bo","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.br","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.bz","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.co","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.cu","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.cy","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.do","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.ec","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.eg","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.et","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.fj","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.gh","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.gi","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.gt","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.hk","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.jm","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.kh","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.kw","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.lb","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.ly","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.mm","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.mt","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.mx","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.my","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.na","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.ng","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.ni","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.np","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.om","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.pa","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.pe","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.pg","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.ph","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.pk","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.pr","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.py","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.qa","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.sa","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.sb","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.sg","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.sl","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.sv","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.tj","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.tr","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.tw","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.ua","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.uy","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.vc","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.vn","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.cv","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.cz","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.de","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.dj","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.dk","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.dm","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.dz","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.ee","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.es","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.fi","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.fm","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.fr","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.ga","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.ge","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.gg","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.gl","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.gm","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.gr","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.gy","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.hn","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.hr","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.ht","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.hu","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.ie","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.im","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.iq","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.is","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.it","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.je","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.jo","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.kg","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.ki","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.kz","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.la","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.li","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.lk","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.lt","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.lu","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.lv","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.md","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.me","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.mg","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.mk","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.ml","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.mn","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.mu","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.mv","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.mw","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.ne","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.nl","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.no","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.nr","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.nu","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.pl","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.pn","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.ps","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.pt","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.ro","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.rs","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.ru","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.rw","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.sc","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.se","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.sh","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.si","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.sk","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.sn","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.so","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.sm","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.sr","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.st","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.td","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.tg","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.tl","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.tm","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.tn","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.to","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.tt","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.vu","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.ws","overrides":"+CanvasRandomization"},{"firstPartyDomain":"amazon.ae","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.ca","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.cn","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.co.jp","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.co.uk","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.co.za","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.com.au","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.com.be","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.com.br","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.com.mx","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.com.tr","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.de","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.eg","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.es","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.fr","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.ie","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.in","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.it","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.nl","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.pl","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.sa","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.se","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.sg","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"animepahe.ru","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"annas-archive.org","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"apple.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"apple.com.cn","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"apple.news","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt,+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC"},{"firstPartyDomain":"cloudflare.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt,+JSDateTimeUTC"},{"firstPartyDomain":"cvs.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"discord.gg","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt,+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC"},{"firstPartyDomain":"dropbox.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"enza.fun","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"epicgames.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"favicon.io","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"goo.gl","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt,+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC,+JSLocale"},{"firstPartyDomain":"hoyoverse.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"imdb.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"klippy.pro","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"kroger.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"medium.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"mega.nz","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"porkbun.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"reddit.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"redditmedia.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"rezka-ua.in","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"riverside.fm","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"salespanel.io","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"southwest.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"stacksocial.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"starlink.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"svgrepo.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"t.co","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt,+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC,+JSLocale"},{"firstPartyDomain":"thunderbird.net","overrides":"+CSSPrefersColorScheme"},{"firstPartyDomain":"tiktok.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"tileman.io","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt,+JSDateTimeUTC"},{"firstPartyDomain":"usnews.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"usps.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"vhlcentral.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"yahoo.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"youtu.be","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt,+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC,+JSLocale"},{"firstPartyDomain":"youtube-nocookie.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"zoho.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"zoho.com.au","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"zoho.eu","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"zoho.in","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"zoho.jp","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"zoho.sa","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"*","thirdPartyDomain":"apple.com","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"apple.news","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"bsky.app","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"cdn-apple.com","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"cdninstagram.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"cloudflare.com","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"discord.gg","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC,+JSLocale"},{"firstPartyDomain":"*","thirdPartyDomain":"favicon.io","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"goo.gl","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC,+JSLocale"},{"firstPartyDomain":"*","thirdPartyDomain":"googlevideo.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC,+JSLocale"},{"firstPartyDomain":"*","thirdPartyDomain":"gravatar.com","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC,+JSLocale"},{"firstPartyDomain":"*","thirdPartyDomain":"instagram.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"licdn.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"linkedin.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"loginwithamazon.com","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"moviezapiya.fun","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"pinimg.com","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"pinterest.com","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"recaptcha.net","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"recaptcha.net.cn","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"recaptcha-cn.net","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"redd.it","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"reddit.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"redditmedia.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"redditstatic.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"t.co","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC,+JSLocale"},{"firstPartyDomain":"*","thirdPartyDomain":"tileman.io","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"tiktok.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"twitter.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"twimg.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC,+JSLocale"},{"firstPartyDomain":"*","thirdPartyDomain":"vimeo.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"vimeocdn.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"x.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"youtu.be","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC,+JSLocale"},{"firstPartyDomain":"*","thirdPartyDomain":"youtube.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"youtube-nocookie.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"google.ad","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.ae","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.al","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.am","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.as","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.at","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.az","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.ba","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.be","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.bf","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.bg","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.bi","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.bj","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.bs","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.bt","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.by","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.ca","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.cat","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.cd","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.cf","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.cg","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.ch","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.ci","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.cl","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.cm","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.cn","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.ao","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.bw","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.ck","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.cr","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.id","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.il","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.in","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.jp","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.ke","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.kr","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.ls","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.ma","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.mz","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.nz","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.th","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.tz","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.ug","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.uk","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.uz","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.ve","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.vi","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.za","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.zm","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.zw","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.af","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.ag","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.ar","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.au","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.bd","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.bh","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.bn","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.bo","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.br","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.bz","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.co","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.cu","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.cy","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.do","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.ec","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.eg","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.et","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.fj","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.gh","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.gi","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.gt","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.hk","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.jm","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.kh","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.kw","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.lb","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.ly","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.mm","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.mt","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.mx","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.my","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.na","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.ng","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.ni","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.np","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.om","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.pa","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.pe","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.pg","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.ph","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.pk","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.pr","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.py","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.qa","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.sa","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.sb","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.sg","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.sl","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.sv","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.tj","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.tr","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.tw","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.ua","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.uy","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.vc","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.vn","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.cv","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.cz","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.de","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.dj","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.dk","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.dm","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.dz","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.ee","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.es","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.fi","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.fm","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.fr","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.ga","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.ge","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.gg","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.gl","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.gm","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.gr","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.gy","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.hn","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.hr","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.ht","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.hu","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.ie","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.im","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.iq","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.is","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.it","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.je","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.jo","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.kg","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.ki","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.kz","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.la","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.li","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.lk","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.lt","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.lu","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.lv","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.md","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.me","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.mg","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.mk","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.ml","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.mn","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.mu","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.mv","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.mw","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.ne","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.nl","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.no","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.nr","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.nu","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.pl","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.pn","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.ps","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.pt","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.ro","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.rs","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.ru","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.rw","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.sc","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.se","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.sh","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.si","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.sk","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.sn","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.so","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.sm","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.sr","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.st","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.td","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.tg","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.tl","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.tm","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.tn","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.to","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.tt","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.vu","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.ws","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"arcticfoxes.net","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"aria.im","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"bahn.expert","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"bitcoinist.org","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"calendly.com","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"chatwave.org","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"chipotle.com","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"cinny.in","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"citybbq.com","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"discord.com","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"doordash.com","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"duesen.chat","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"element.io","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"flieger.chat","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"g24.at","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"gemeinsam.jetzt","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"gnulinux.club","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"hot-chilli.im","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"kosmikdog.eu","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"mtrx.nz","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"neat.chat","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"nitro.chat","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"nope.chat","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"oblak.be","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"pcriot.org","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"pendora.io","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"proton.me","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"rollenspiel.chat","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"socialnetwork24.com","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"studichat.de","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"synod.im","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"temoos.app","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"the-apothecary.club","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"unredacted.org","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"utwente.io","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"we2.ee","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"yatrix.org","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"abeto.co","overrides":"-WebGLRenderCapability"},{"firstPartyDomain":"cryptpad.fr","thirdPartyDomain":"cryptpad.info","overrides":"-CanvasExtractionFromThirdPartiesIsBlocked"},{"firstPartyDomain":"figma.com","overrides":"-WebGLRenderCapability"},{"firstPartyDomain":"pogo.com","thirdPartyDomain":"pogospike.com","overrides":"-CanvasExtractionFromThirdPartiesIsBlocked"},{"firstPartyDomain":"vsynctester.com","overrides":"-ReduceTimerPrecision"},{"firstPartyDomain":"zennioptical.com","thirdPartyDomain":"fittingbox.com","overrides":"-CanvasExtractionFromThirdPartiesIsBlocked"},{"firstPartyDomain":"*","thirdPartyDomain":"megacloud.blog","overrides":"-CanvasExtractionFromThirdPartiesIsBlocked"},{"firstPartyDomain":"*","thirdPartyDomain":"megacloud.store","overrides":"-CanvasExtractionFromThirdPartiesIsBlocked"},{"firstPartyDomain":"*","thirdPartyDomain":"pornhub.com","overrides":"-CanvasExtractionFromThirdPartiesIsBlocked"},{"firstPartyDomain":"barnesandnoble.com","overrides":"-ScreenRect"}]'); //  [NO-ANDROID] [NO-MAIL]
};

// Allow users to append their own granular overrides (with the `browser.phoenix.fingerprintingProtection.granular.userOverrides` preference) instead of overriding our defaults, and let them choose which types of our default overrides they'd like to enable

/// First, if users have previously set overrides with privacy.fingerprintingProtection.granularOverrides, we need to migrate them to our new pref
//// (browser.phoenix.fingerprintingProtection.granular.userOverrides)
//// (This isn't necessary for global overrides because the format matches/doesn't require brackets, and duplicates are just ignored)
if (getPref("browser.phoenix.fingerprintingProtection.granular.functionality.enabled") == true) {
    defaultPref("browser.phoenix.fingerprintingProtection.granular.legacyUserOverrides", ""); // [FN]
    defaultPref("browser.phoenix.fingerprintingProtection.granular.migration.completed", false); // [FN]
    defaultPref("privacy.fingerprintingProtection.granularOverrides", ""); // [FN]
    if (getPref("browser.phoenix.fingerprintingProtection.granular.migration.completed") == false && getPref("privacy.fingerprintingProtection.granularOverrides") != "") {
        let legacyGranularUserFppOverrides = getPref("privacy.fingerprintingProtection.granularOverrides");
        pref("browser.phoenix.fingerprintingProtection.granular.legacyUserOverrides", `${legacyGranularUserFppOverrides}`); // [FN]
        clearPref("privacy.fingerprintingProtection.granularOverrides");
        pref("browser.phoenix.fingerprintingProtection.granular.migration.completed", true); // [FN]
    };

    if (getPref("browser.phoenix.fingerprintingProtection.granular.enabled") == false) {
        lockPref("browser.phoenix.fingerprintingProtection.granular.hardenOverrides.enabled", false); // [FN]
        lockPref("browser.phoenix.fingerprintingProtection.granular.unbreakOverrides.enabled", false); // [FN]
        lockPref("browser.phoenix.fingerprintingProtection.granular.unbreakTimezoneOverrides.enabled", false); // [FN]
        lockPref("privacy.fingerprintingProtection.remoteOverrides.enabled", false); // [FN]

        lockPref("browser.phoenix.fingerprintingProtection.granular.hardenOverrides.enabled.0.NOTE", "Locked in favor of the preference:"); // [FN]
        lockPref("browser.phoenix.fingerprintingProtection.granular.hardenOverrides.enabled.1.NOTE", "'browser.phoenix.fingerprintingProtection.granular.enabled'"); // [FN]
        lockPref("browser.phoenix.fingerprintingProtection.granular.unbreakOverrides.enabled.0.NOTE", "Locked in favor of the preference:"); // [FN]
        lockPref("browser.phoenix.fingerprintingProtection.granular.unbreakOverrides.enabled.1.NOTE", "'browser.phoenix.fingerprintingProtection.granular.enabled'"); // [FN]
        lockPref("browser.phoenix.fingerprintingProtection.granular.unbreakTimezoneOverrides.enabled.0.NOTE", "Locked in favor of the preference:"); // [FN]
        lockPref("browser.phoenix.fingerprintingProtection.granular.unbreakTimezoneOverrides.enabled.1.NOTE", "'browser.phoenix.fingerprintingProtection.granular.enabled'"); // [FN]
        lockPref("privacy.fingerprintingProtection.remoteOverrides.enabled.0.NOTE", "Locked in favor of the preference:"); // [FN]
        lockPref("privacy.fingerprintingProtection.remoteOverrides.enabled.1.NOTE", "'browser.phoenix.fingerprintingProtection.granular.enabled'"); // [FN]
    };

    let defaultHardenFppOverrides = '{"firstPartyDomain":"google.ad","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.ae","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.al","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.am","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.as","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.at","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.az","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.ba","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.be","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.bf","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.bg","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.bi","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.bj","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.bs","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.bt","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.by","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.ca","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.cat","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.cd","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.cf","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.cg","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.ch","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.ci","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.cl","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.cm","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.cn","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.ao","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.bw","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.ck","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.cr","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.id","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.il","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.in","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.jp","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.ke","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.kr","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.ls","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.ma","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.mz","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.nz","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.th","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.tz","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.ug","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.uk","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.uz","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.ve","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.vi","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.za","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.zm","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.co.zw","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.af","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.ag","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.ar","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.au","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.bd","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.bh","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.bn","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.bo","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.br","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.bz","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.co","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.cu","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.cy","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.do","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.ec","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.eg","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.et","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.fj","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.gh","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.gi","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.gt","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.hk","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.jm","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.kh","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.kw","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.lb","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.ly","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.mm","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.mt","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.mx","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.my","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.na","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.ng","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.ni","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.np","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.om","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.pa","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.pe","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.pg","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.ph","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.pk","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.pr","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.py","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.qa","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.sa","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.sb","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.sg","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.sl","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.sv","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.tj","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.tr","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.tw","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.ua","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.uy","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.vc","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.com.vn","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.cv","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.cz","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.de","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.dj","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.dk","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.dm","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.dz","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.ee","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.es","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.fi","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.fm","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.fr","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.ga","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.ge","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.gg","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.gl","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.gm","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.gr","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.gy","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.hn","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.hr","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.ht","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.hu","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.ie","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.im","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.iq","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.is","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.it","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.je","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.jo","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.kg","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.ki","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.kz","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.la","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.li","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.lk","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.lt","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.lu","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.lv","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.md","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.me","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.mg","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.mk","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.ml","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.mn","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.mu","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.mv","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.mw","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.ne","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.nl","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.no","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.nr","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.nu","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.pl","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.pn","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.ps","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.pt","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.ro","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.rs","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.ru","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.rw","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.sc","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.se","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.sh","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.si","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.sk","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.sn","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.so","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.sm","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.sr","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.st","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.td","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.tg","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.tl","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.tm","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.tn","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.to","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.tt","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.vu","overrides":"+CanvasRandomization"},{"firstPartyDomain":"google.ws","overrides":"+CanvasRandomization"},{"firstPartyDomain":"amazon.ae","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.ca","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.cn","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.co.jp","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.co.uk","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.co.za","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.com.au","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.com.be","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.com.br","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.com.mx","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.com.tr","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.de","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.eg","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.es","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.fr","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.ie","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.in","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.it","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.nl","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.pl","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.sa","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.se","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"amazon.sg","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"animepahe.ru","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"annas-archive.org","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"apple.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"apple.com.cn","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"apple.news","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt,+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC"},{"firstPartyDomain":"cloudflare.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt,+JSDateTimeUTC"},{"firstPartyDomain":"cvs.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"discord.gg","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt,+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC"},{"firstPartyDomain":"dropbox.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"enza.fun","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"epicgames.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"favicon.io","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"goo.gl","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt,+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC,+JSLocale"},{"firstPartyDomain":"hoyoverse.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"imdb.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"klippy.pro","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"kroger.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"medium.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"mega.nz","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"porkbun.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"reddit.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"redditmedia.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"rezka-ua.in","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"riverside.fm","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"salespanel.io","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"southwest.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"stacksocial.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"starlink.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"svgrepo.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"t.co","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt,+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC,+JSLocale"},{"firstPartyDomain":"thunderbird.net","overrides":"+CSSPrefersColorScheme"},{"firstPartyDomain":"tiktok.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"tileman.io","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt,+JSDateTimeUTC"},{"firstPartyDomain":"usnews.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"usps.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"vhlcentral.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"yahoo.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"youtu.be","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt,+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC,+JSLocale"},{"firstPartyDomain":"youtube-nocookie.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"zoho.com","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"zoho.com.au","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"zoho.eu","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"zoho.in","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"zoho.jp","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"zoho.sa","overrides":"+CanvasExtractionBeforeUserInputIsBlocked,+CanvasImageExtractionPrompt"},{"firstPartyDomain":"*","thirdPartyDomain":"apple.com","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"apple.news","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"bsky.app","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"cdn-apple.com","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"cdninstagram.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"cloudflare.com","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"discord.gg","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC,+JSLocale"},{"firstPartyDomain":"*","thirdPartyDomain":"favicon.io","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"goo.gl","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC,+JSLocale"},{"firstPartyDomain":"*","thirdPartyDomain":"googlevideo.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC,+JSLocale"},{"firstPartyDomain":"*","thirdPartyDomain":"gravatar.com","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC,+JSLocale"},{"firstPartyDomain":"*","thirdPartyDomain":"instagram.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"licdn.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"linkedin.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"loginwithamazon.com","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"moviezapiya.fun","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"pinimg.com","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"pinterest.com","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"recaptcha.net","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"recaptcha.net.cn","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"recaptcha-cn.net","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"redd.it","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"reddit.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"redditmedia.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"redditstatic.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"t.co","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC,+JSLocale"},{"firstPartyDomain":"*","thirdPartyDomain":"tileman.io","overrides":"+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"tiktok.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"twitter.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"twimg.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC,+JSLocale"},{"firstPartyDomain":"*","thirdPartyDomain":"vimeo.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"vimeocdn.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"x.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"youtu.be","overrides":"+CSSPrefersColorScheme,+FrameRate,+JSDateTimeUTC,+JSLocale"},{"firstPartyDomain":"*","thirdPartyDomain":"youtube.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"},{"firstPartyDomain":"*","thirdPartyDomain":"youtube-nocookie.com","overrides":"+CSSPrefersColorScheme,+JSDateTimeUTC"}';
    let defaultTimezoneFppOverrides = '{"firstPartyDomain":"google.ad","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.ae","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.al","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.am","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.as","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.at","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.az","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.ba","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.be","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.bf","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.bg","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.bi","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.bj","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.bs","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.bt","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.by","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.ca","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.cat","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.cd","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.cf","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.cg","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.ch","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.ci","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.cl","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.cm","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.cn","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.ao","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.bw","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.ck","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.cr","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.id","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.il","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.in","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.jp","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.ke","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.kr","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.ls","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.ma","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.mz","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.nz","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.th","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.tz","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.ug","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.uk","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.uz","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.ve","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.vi","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.za","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.zm","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.co.zw","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.af","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.ag","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.ar","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.au","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.bd","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.bh","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.bn","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.bo","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.br","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.bz","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.co","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.cu","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.cy","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.do","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.ec","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.eg","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.et","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.fj","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.gh","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.gi","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.gt","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.hk","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.jm","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.kh","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.kw","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.lb","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.ly","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.mm","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.mt","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.mx","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.my","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.na","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.ng","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.ni","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.np","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.om","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.pa","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.pe","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.pg","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.ph","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.pk","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.pr","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.py","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.qa","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.sa","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.sb","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.sg","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.sl","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.sv","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.tj","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.tr","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.tw","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.ua","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.uy","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.vc","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.com.vn","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.cv","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.cz","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.de","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.dj","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.dk","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.dm","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.dz","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.ee","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.es","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.fi","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.fm","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.fr","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.ga","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.ge","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.gg","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.gl","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.gm","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.gr","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.gy","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.hn","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.hr","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.ht","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.hu","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.ie","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.im","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.iq","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.is","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.it","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.je","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.jo","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.kg","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.ki","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.kz","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.la","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.li","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.lk","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.lt","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.lu","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.lv","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.md","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.me","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.mg","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.mk","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.ml","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.mn","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.mu","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.mv","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.mw","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.ne","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.nl","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.no","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.nr","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.nu","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.pl","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.pn","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.ps","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.pt","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.ro","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.rs","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.ru","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.rw","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.sc","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.se","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.sh","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.si","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.sk","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.sn","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.so","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.sm","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.sr","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.st","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.td","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.tg","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.tl","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.tm","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.tn","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.to","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.tt","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.vu","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"google.ws","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"arcticfoxes.net","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"aria.im","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"bahn.expert","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"bitcoinist.org","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"calendly.com","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"chatwave.org","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"chipotle.com","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"cinny.in","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"citybbq.com","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"discord.com","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"doordash.com","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"duesen.chat","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"element.io","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"flieger.chat","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"g24.at","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"gemeinsam.jetzt","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"gnulinux.club","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"hot-chilli.im","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"kosmikdog.eu","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"mtrx.nz","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"neat.chat","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"nitro.chat","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"nope.chat","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"oblak.be","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"pcriot.org","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"pendora.io","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"proton.me","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"rollenspiel.chat","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"socialnetwork24.com","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"studichat.de","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"synod.im","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"temoos.app","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"the-apothecary.club","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"unredacted.org","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"utwente.io","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"we2.ee","overrides":"-JSDateTimeUTC"},{"firstPartyDomain":"yatrix.org","overrides":"-JSDateTimeUTC"}';

    let defaultUnbreakFppOverrides = '{"firstPartyDomain":"abeto.co","overrides":"-WebGLRenderCapability"},{"firstPartyDomain":"cryptpad.fr","thirdPartyDomain":"cryptpad.info","overrides":"-CanvasExtractionFromThirdPartiesIsBlocked"},{"firstPartyDomain":"figma.com","overrides":"-WebGLRenderCapability"},{"firstPartyDomain":"pogo.com","thirdPartyDomain":"pogospike.com","overrides":"-CanvasExtractionFromThirdPartiesIsBlocked"},{"firstPartyDomain":"vsynctester.com","overrides":"-ReduceTimerPrecision"},{"firstPartyDomain":"zennioptical.com","thirdPartyDomain":"fittingbox.com","overrides":"-CanvasExtractionFromThirdPartiesIsBlocked"},{"firstPartyDomain":"*","thirdPartyDomain":"megacloud.blog","overrides":"-CanvasExtractionFromThirdPartiesIsBlocked"},{"firstPartyDomain":"*","thirdPartyDomain":"megacloud.store","overrides":"-CanvasExtractionFromThirdPartiesIsBlocked"},{"firstPartyDomain":"*","thirdPartyDomain":"pornhub.com","overrides":"-CanvasExtractionFromThirdPartiesIsBlocked"}';
    let androidDefaultUnbreakFppOverrides = '{"firstPartyDomain":"brave.com","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"bsky.app","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"cryptpad.fr","thirdPartyDomain":"cryptpad.info","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"discord.com","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"favicon.io","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"figma.com","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"fittingbox.com","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"gitlab.com","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"gsi.go.jp","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"harkins.com","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"icloud.com","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"icloud.com.cn","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"jerseymikes.com","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"jspaint.app","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"letterboxd.com","overrides":"-ScreenRect"},{"firstPartyDomain":"mapple.com","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"megacloud.blog","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"megacloud.store","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"mit.edu","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"namemc.com","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"nperf.com","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"photopea.com","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"piskelapp.com","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"pogo.com","thirdPartyDomain":"pogospike.com","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"pogospike.com","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"pornhub.com","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"siapre.pl","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"ttc.com.ge","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"usgs.gov","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"viliusle.github.io","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"watchduty.org","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"x.com","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"zennioptical.com","thirdPartyDomain":"fittingbox.com","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"*","thirdPartyDomain":"megacloud.blog","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"*","thirdPartyDomain":"megacloud.store","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"},{"firstPartyDomain":"*","thirdPartyDomain":"pornhub.com","overrides":"-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"}';
    let desktopDefaultUnbreakFppOverrides = '{"firstPartyDomain":"barnesandnoble.com","overrides":"-ScreenRect"}';

    if (getPref("browser.phoenix.fingerprintingProtection.granular.enabled") == true && getPref("browser.phoenix.fingerprintingProtection.granular.hardenOverrides.enabled") == true) {
        hardenFppOverrides = defaultHardenFppOverrides
    } else {
        hardenFppOverrides = ""
    };

    if (getPref("browser.phoenix.fingerprintingProtection.granular.enabled") == true && getPref("browser.phoenix.fingerprintingProtection.granular.unbreakOverrides.enabled") == true) {
        if (phoenixPlatform == "android") {
            if (getPref("browser.phoenix.fingerprintingProtection.granular.hardenOverrides.enabled") == true) {
                unbreakFppOverrides = "," + defaultUnbreakFppOverrides + "," + androidDefaultUnbreakFppOverrides
            } else {
                unbreakFppOverrides = defaultUnbreakFppOverrides + "," + androidDefaultUnbreakFppOverrides
            };
        } else {
            if (getPref("browser.phoenix.fingerprintingProtection.granular.hardenOverrides.enabled") == true) {
                unbreakFppOverrides = "," + defaultUnbreakFppOverrides + "," + desktopDefaultUnbreakFppOverrides
            } else {
                unbreakFppOverrides = defaultUnbreakFppOverrides + "," + desktopDefaultUnbreakFppOverrides
            };
        };
    } else {
        unbreakFppOverrides = ""
    };

    if (getPref("browser.phoenix.fingerprintingProtection.granular.enabled") == true && getPref("browser.phoenix.fingerprintingProtection.granular.unbreakTimezoneOverrides.enabled") == true) {
        if (getPref("browser.phoenix.fingerprintingProtection.granular.hardenOverrides.enabled") == true || getPref("browser.phoenix.fingerprintingProtection.granular.unbreakOverrides.enabled") == true) {
            timezoneFppOverrides = "," + defaultTimezoneFppOverrides
        } else {
            timezoneFppOverrides = defaultTimezoneFppOverrides
        };
    } else {
        timezoneFppOverrides = ""
    };

    /// Now, set our FPP granular overrides
    defaultGranularFppOverrides = "[" + hardenFppOverrides + timezoneFppOverrides + unbreakFppOverrides

    /// Set user-specified granular overrides
    if (getPref("browser.phoenix.fingerprintingProtection.granular.userOverrides") != "") {
        if (getPref("browser.phoenix.fingerprintingProtection.granular.enabled") == true && (getPref("browser.phoenix.fingerprintingProtection.granular.hardenOverrides.enabled") == true || getPref("browser.phoenix.fingerprintingProtection.granular.unbreakOverrides.enabled") == true || getPref("browser.phoenix.fingerprintingProtection.granular.unbreakTimezoneOverrides.enabled") == true)) {
            userGranularFppOverrides = "," + getPref("browser.phoenix.fingerprintingProtection.granular.userOverrides") + "]"
        } else {
            userGranularFppOverrides = getPref("browser.phoenix.fingerprintingProtection.granular.userOverrides") + "]"
        };
    } else {
        userGranularFppOverrides = "]"
    };

    if (getPref("browser.phoenix.fingerprintingProtection.granular.legacyUserOverrides", "") != "") {
        // This is messy and complicated, but I'm not aware of a better way to migrate existing overrides
        /// Once users migrate their overrides to the new preference (browser.phoenix.fingerprintingProtection.granular.userOverrides), the new mechanism will take over
        granularFppOverrides = getPref("browser.phoenix.fingerprintingProtection.granular.legacyUserOverrides");
    } else if (getPref("browser.phoenix.fingerprintingProtection.granular.consumerOverrides") != "") {
            /// If `browser.phoenix.fingerprintingProtection.granular.consumerOverrides` is set by a consuming project, add those targets as well
            // (This lets them customize the default overrides without needing to hijack the pref for user-specified ones)
            granularFppOverrides = defaultGranularFppOverrides + "," + getPref("browser.phoenix.fingerprintingProtection.granular.consumerOverrides") + userGranularFppOverrides;
    } else {
        granularFppOverrides = defaultGranularFppOverrides + userGranularFppOverrides;
    };
    lockPref("privacy.fingerprintingProtection.granularOverrides", `${granularFppOverrides}`); // [FN]
} else {
    // Since the functionality is disabled, lock relevant prefs to avoid confusion
    lockPref("browser.phoenix.fingerprintingProtection.granular.consumerOverrides", ""); // [FN]
    lockPref("browser.phoenix.fingerprintingProtection.granular.enabled", false); // [FN]
    lockPref("browser.phoenix.fingerprintingProtection.granular.hardenOverrides.enabled", false); // [FN]
    lockPref("browser.phoenix.fingerprintingProtection.granular.unbreakOverrides.enabled", false); // [FN]
    lockPref("browser.phoenix.fingerprintingProtection.granular.unbreakTimezoneOverrides.enabled", false); // [FN]
    lockPref("browser.phoenix.fingerprintingProtection.granular.userOverrides", ""); // [FN]
};

/// Set target video resolution to 1080p
defaultPref("privacy.resistFingerprinting.target_video_res", 1080); // [DEFAULT]

/// Set zoom levels on a per-site basis
// Changing the zoom level globally can be fingerprintable
// Note: We also set the "SiteSpecificZoom" FPP/RFP target
defaultPref("browser.zoom.siteSpecific", true); // [DEFAULT - non-Android]

/// So people don't freak out when they see RFP isn't enabled...
// We need to keep Android notes under ~50 characters to prevent them from being cut off/un-readable; isn't an issue on Desktop
lockPref("privacy.resistFingerprinting.0.NOTE", "RFP is disabled on purpose.");
lockPref("privacy.resistFingerprinting.1.NOTE", "We use a hardened configuration of FPP instead.");
lockPref("privacy.resistFingerprinting.2.NOTE", "Using RFP is not recommended or supported.");

defaultPref("browser.phoenix.status", "004");

/*** 005 DISK AVOIDANCE ***/

/// Allow permission manager to write to disk
// This is already Firefox's default - but it's hidden, so this exposes it via the `about:config`
// https://searchfox.org/firefox-main/rev/82e2435f/extensions/permissions/PermissionManager.cpp#765
defaultPref("permissions.memory_only", false); // [HIDDEN] [DEFAULT]

/// Allow users to automatically delete files downloaded in Private Browsing
// (browser.download.deletePrivate controls the functionality itself)
// https://bugzilla.mozilla.org/show_bug.cgi?id=1790641
defaultPref("browser.download.enableDeletePrivate", true); // [DEFAULT] https://bugzilla.mozilla.org/show_bug.cgi?id=1981504

/// Check the boxes for clearing browsing data when navigating to `about:preferences#privacy` -> `Cookies and Site Data` -> `Manage Data...` by default
if (phoenixPlatform != "android") {
    defaultPref("privacy.clearHistory.browsingHistoryAndDownloads", true); // [NO-ANDROID] [HIDDEN - Thunderbird] [DEFAULT]
    defaultPref("privacy.clearHistory.cache", true); // [NO-ANDROID] [HIDDEN - Thunderbird] [DEFAULT]
    defaultPref("privacy.clearHistory.formdata", true); // [NO-ANDROID] [HIDDEN - Thunderbird]
    defaultPref("privacy.clearSiteData.browsingHistoryAndDownloads", true); // [NO-ANDROID] [HIDDEN - Thunderbird]
    defaultPref("privacy.clearSiteData.cache", true); // [NO-ANDROID] [HIDDEN - Thunderbird] [DEFAULT]
    defaultPref("privacy.clearSiteData.formdata", true); // [NO-ANDROID] [HIDDEN - Thunderbird]
    defaultPref("privacy.clearSiteData.historyFormDataAndDownloads", true); // [NO-ANDROID] [HIDDEN - Thunderbird]
    defaultPref("privacy.cpd.cache", true); // [NO-ANDROID] [DEFAULT]
    defaultPref("privacy.cpd.downloads", true); // [NO-ANDROID] [HIDDEN - Thunderbird] [DEFAULT]
    defaultPref("privacy.cpd.formdata", true); // [NO-ANDROID] [HIDDEN - Thunderbird] [DEFAULT]
    defaultPref("privacy.cpd.history", true); // [NO-ANDROID] [DEFAULT]
    defaultPref("privacy.cpd.sessions", true); // [NO-ANDROID] [HIDDEN - Thunderbird] [DEFAULT]
};

//// Except for cookies... (as this ignores `Allow` exceptions)
if (phoenixPlatform != "android") {
    defaultPref("privacy.clearHistory.cookiesAndStorage", false); // [NO-ANDROID]
    defaultPref("privacy.clearSiteData.cookiesAndStorage", false); // [NO-ANDROID]
    defaultPref("privacy.cpd.cookies", false); // [NO-ANDROID]
    defaultPref("privacy.cpd.offlineApps", false); // [NO-ANDROID] [HIDDEN - Thunderbird] [DEFAULT]
};

//// and passwords...
if (phoenixPlatform != "android") {
    defaultPref("privacy.cpd.passwords", false); // [NO-ANDROID] [HIDDEN - Thunderbird] [DEFAULT]
};

/// Clear browsing history, download history, and sessions on exit by default
if (phoenixPlatform != "android") { 
    defaultPref("privacy.clearOnShutdown.downloads", true); // [NO-ANDROID] [HIDDEN - Thunderbird]
    defaultPref("privacy.clearOnShutdown.history", true); // [NO-ANDROID] [HIDDEN - Thunderbird]
    defaultPref("privacy.clearOnShutdown.sessions", true); // [NO-ANDROID] [HIDDEN - Thunderbird]
};
if (phoenixPlatform != "android" && phoenixMail == false) { 
    defaultPref("privacy.clearOnShutdown_v2.browsingHistoryAndDownloads", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    defaultPref("privacy.clearOnShutdown_v2.downloads", true); // [NO-ANDROID] [NO-MAIL] [HIDDEN]
    defaultPref("privacy.clearOnShutdown_v2.formdata", true); // [NO-ANDROID] [NO-MAIL]
};


/// Clear cache on exit by default
// We also disable disk cache entirely below...
defaultPref("privacy.clearOnShutdown.cache", true);
defaultPref("privacy.clearOnShutdown_v2.cache", true); // [DEFAULT - Desktop Firefox]
defaultPref("privacy.sanitize.sanitizeOnShutdown", true);

/// Decrease the number of tabs saved in Session Store
// Also improves performance
// (Default = 10 for Android, 25 elsewhere)
if (phoenixMail == false) {
    defaultPref("browser.sessionstore.max_tabs_undo", 7); // [NO-MAIL]
};

/// Disable back/forward cache (bfcache)
// This helps ensure that sensitive data/user state is discarded as soon as possible
// https://web.dev/articles/bfcache
// https://github.com/uazo/cromite/blob/master/docs/FEATURES.md
// https://github.com/uazo/cromite/issues/1649
// https://kb.mozillazine.org/Browser.sessionhistory.max_total_viewers#Possible_values_and_their_effects
defaultPref("browser.sessionhistory.max_total_viewers", 0); // (Default = -1 (Automatic) - which is 8 unless you're using a device with under 1GB of RAM)
defaultPref("fission.bfcacheInParent", false);

/// Disable collection/generation of background thumbnails
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/thumbnails/PageThumbs.sys.mjs#631
defaultPref("browser.pagethumbnails.capturing_disabled", true); // [HIDDEN]

/// Disable collection/generation of wireframes
// https://searchfox.org/firefox-main/source/browser/components/sessionstore/PageWireframes.sys.mjs
defaultPref("browser.history.collectWireframes", false); // [DEFAULT]

/// Disable coloring visited links
defaultPref("layout.css.visited_links_enabled", false);

/// Disable disk cache
defaultPref("browser.cache.disk.enable", false);
defaultPref("browser.cache.disk_cache_ssl", true); // [DEFAULT] Controls disk cache for secure (HTTPS) resources, depends on `browser.cache.disk.enable` (which is why we're keeping this on by default)

/// Disable favicons in shortcuts
// Prevents .ico files from persisting, even after deletion
if (phoenixPlatform != "android") { 
    defaultPref("browser.shell.shortcutFavicons", false); // [NO-ANDROID] [HIDDEN - Thunderbird]
};

/// Disable frecency
// This also prevents random recently visited sites from being pinned to the homepage on Desktop
// https://firefox-source-docs.mozilla.org/browser/urlbar/ranking.html#frecency-implementation
// https://devdoc.net/web/developer.mozilla.org/en-US/docs/The_Places_frecency_algorithm.html
// NOTE: `places.frecency.unvisitedBookmarkBonus` is required for bookmark URL bar suggestions on Desktop:
// https://codeberg.org/celenity/Phoenix/issues/218
// https://www.labnol.org/software/browsers/prevent-firefox-showing-bookmarks-address-location-bar/3636#:~:text=Option%20C%3A%20Remove%20Bookmarks%20Completely%20from%20Address%20Bar
defaultPref("places.frecency.bookmarkVisitBonus", 0); // [HIDDEN - Android/Thunderbird] [Default: 75]
defaultPref("places.frecency.defaultVisitBonus", 0); // [HIDDEN - Android/Thunderbird] [DEFAULT]
defaultPref("places.frecency.downloadVisitBonus", 0); // [HIDDEN - Android/Thunderbird] [DEFAULT]
defaultPref("places.frecency.embedVisitBonus", 0); // [HIDDEN - Android/Thunderbird] [DEFAULT]
defaultPref("places.frecency.framedLinkVisitBonus", 0); // [HIDDEN - Android/Thunderbird] [DEFAULT]
defaultPref("places.frecency.linkVisitBonus", 0); // [HIDDEN - Android/Thunderbird] [Default: 100]
defaultPref("places.frecency.permRedirectVisitBonus", 0); // [HIDDEN - Android/Thunderbird] [DEFAULT - non-Firefox Desktop] [Default on Firefox Desktop: 50]
defaultPref("places.frecency.redirectSourceVisitBonus", 0); // [HIDDEN - Android/Thunderbird] [DEFAULT]
defaultPref("places.frecency.reloadVisitBonus", 0); // [HIDDEN - Android/Thunderbird] [Default on Firefox Desktop: 0]
defaultPref("places.frecency.tempRedirectVisitBonus", 0); // [HIDDEN - Android/Thunderbird] [DEFAULT - non-Firefox Desktop] [Default on Firefox Desktop: 40]
defaultPref("places.frecency.typedVisitBonus", 0); // [HIDDEN - Android/Thunderbird] [Default: 2000]
defaultPref("places.frecency.unvisitedTypedBonus", 0); // [HIDDEN - Android/Thunderbird] [Default: 200]
if (phoenixPlatform == "android") { 
    defaultPref("places.frecency.unvisitedBookmarkBonus", 0); // [ANDROID-ONLY] [HIDDEN - Android/Thunderbird] [Default: 140]
};

/// Disable "frequent"/"recent" taskbar lists by default
if (phoenixPlatform == "windows" && phoenixMail == false) {
    defaultPref("browser.taskbar.lists.frequent.enabled", false); // [WINDOWS-ONLY] [NO-MAIL]
    defaultPref("browser.taskbar.lists.recent.enabled", false); // [WINDOWS-ONLY] [NO-MAIL] [DEFAULT]
};

/// Disable LaterRun
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41568
// https://bugzilla.mozilla.org/show_bug.cgi?id=1200639
if (phoenixPlatform != "android" && phoenixMail == false) {
    lockPref("browser.laterrun.enabled", false); // [NO-ANDROID] [DEFAULT]
};

/// Disable logging blocked domains to `about:protections`
defaultPref("browser.contentblocking.database.enabled", false); // [DEFAULT - Android/Thunderbird]
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.contentblocking.cfr-milestone.enabled", false); // [NO-ANDROID] [NO-MAIL]
    defaultPref("browser.contentblocking.cfr-milestone.milestone-shown-time", "999999999"); // [NO-ANDROID] [NO-MAIL] [HIDDEN]
    defaultPref("browser.contentblocking.cfr-milestone.update-interval", 0); // [NO-ANDROID] [NO-MAIL]
    defaultPref("browser.contentblocking.report.privacy_metrics.enabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT - non-Nightly]
};

/// Disable Search & Form History
// Can be leaked to sites...
// https://blog.mindedsecurity.com/2011/10/autocompleteagain.html
defaultPref("browser.formfill.enable", false);

/// Disable taskbar previews
// https://searchfox.org/firefox-main/source/browser/modules/WindowsPreviewPerTab.sys.mjs
if (phoenixPlatform == "windows" && phoenixMail == false) {
    defaultPref("browser.taskbar.previews.enable", false); // [WINDOWS-ONLY] [NO-MAIL] [DEFAULT]
};

/// Disable WebRTC history
// History will still gather when `about:webrtc` is open
// Also likely improves performance...
defaultPref("media.aboutwebrtc.hist.enabled", false); // [DEFAULT - non-Nightly]

/// Disable window state restoration
// https://searchfox.org/firefox-main/rev/16707ce1/xpfe/appshell/AppWindow.cpp#2404
defaultPref("browser.restoreWindowState.disabled", true);

/// Enable a fire button in Private Browsing Windows to reset the session
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.privatebrowsing.resetPBM.enabled", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
};

/// Enable the "Forget" button by default
// https://searchfox.org/firefox-main/rev/4258ca07/browser/components/customizableui/CustomizableWidgets.sys.mjs#576
// https://searchfox.org/firefox-main/rev/4258ca07/browser/components/enterprisepolicies/Policies.sys.mjs#950
// https://searchfox.org/firefox-main/rev/4258ca07/browser/locales/en-US/browser/policies/policies-descriptions.ftl#81
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("privacy.panicButton.enabled", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
};

/// Increase the interval between between Session Store save operations
// Also improves performance
// (Default = 10000 (10 secs) for Android, 15000 (15 secs) elsewhere)
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/sessionstore/docs/utils.rst#20
defaultPref("browser.sessionstore.interval", 60000); // 1 minute

/// Prevent automatically starting Firefox and restoring session after reboot
if (phoenixPlatform == "windows") {
    defaultPref("toolkit.winRegisterApplicationRestart", false); // [WINDOWS-ONLY] [HIDDEN - Thunderbird]
};

/// Prevent clearing cookies by default
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("privacy.clearOnShutdown.cookies", false); // [NO-ANDROID] [NO-MAIL]
    defaultPref("privacy.clearOnShutdown.offlineApps", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    defaultPref("privacy.clearOnShutdown_v2.cookiesAndStorage", false); // [NO-ANDROID] [NO-MAIL]
};

/// Prevent clearing passwords & site settings by default
defaultPref("privacy.clearOnShutdown.siteSettings", false); // [HIDDEN - Android/Thunderbird] [DEFAULT]
defaultPref("privacy.clearOnShutdown_v2.siteSettings", false); // [HIDDEN - Android/Thunderbird] [DEFAULT]

/// Prevent clearing site settings at `about:preferences#privacy` -> `Cookies and Site Data` -> `Manage Data...` by default [NO-ANDROID] [NO-MAIL]
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("privacy.clearHistory.siteSettings", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    defaultPref("privacy.clearSiteData.siteSettings", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    defaultPref("privacy.cpd.siteSettings", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
};

/// Prevent exposing content in the window title for Private Browsing windows
// https://searchfox.org/firefox-main/rev/82e2435f/browser/app/profile/firefox.js#2619
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("privacy.exposeContentTitleInWindow.pbm", false); // [NO-ANDROID] [NO-MAIL]
};

/// Prevent storing unnecessary extra session data
defaultPref("browser.sessionstore.privacy_level", 2); // [HIDDEN - Thunderbird]

/// Prevent writing media cache (ex. for video streaming) to disk in private windows
defaultPref("browser.privatebrowsing.forceMediaMemoryCache", true);

/// Remove cached files from browser windows opened with external applications
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=302433,1738574
defaultPref("browser.download.start_downloads_in_tmp_dir", true);
defaultPref("browser.helperApps.deleteTempFileOnExit", true); // [DEFAULT - Thunderbird]

/// Remove files from session list & history when deleted in Firefox
// https://searchfox.org/firefox-main/rev/82e2435f/browser/app/profile/firefox.js#833
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.download.clearHistoryOnDelete", 2); // [NO-ANDROID] [NO-MAIL]
};

/// Set default time range when manually clearing data to "everything"
if (phoenixPlatform != "android") {
    defaultPref("privacy.sanitize.timeSpan", 0); // [NO-ANDROID]
};

/// Use `Custom settings' for history at `about:preferences#privacy` -> `History` by default
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("privacy.history.custom", true); // [NO-ANDROID] [NO-MAIL]
};

defaultPref("browser.phoenix.status", "005");

/*** 006 DOWNLOADS ***/

/// Block insecure downloads
defaultPref("dom.block_download_insecure", true); // [DEFAULT]

/// Notify when downloading files
defaultPref("browser.download.alwaysOpenPanel", true); // [DEFAULT - Desktop] [HIDDEN - Android/Thunderbird]

/// Prevent adding downloads to "recent documents"...
defaultPref("browser.download.manager.addToRecentDocs", false);

/// Prompt before downloading files
defaultPref("browser.download.always_ask_before_handling_new_types", true);
defaultPref("browser.download.useDownloadDir", false); // [DEFAULT - Thunderbird]

defaultPref("browser.phoenix.status", "006");

/*** 007 HTTP(S) ***/

/// Allow users to bypass invalid certificate errors by default
// (To expose the preference via the `about:config`)
defaultPref("security.certerror.hideAddException", false); // [HIDDEN] [DEFAULT]

/// Always attempt to resolve HTTPS resource records, regardless of connectivity checks/other factors
// https://searchfox.org/firefox-main/rev/62066911/netwerk/protocol/http/nsHttpChannel.cpp#987
// https://developer.mozilla.org/docs/Glossary/HTTPS_RR
defaultPref("network.dns.force_use_https_rr", true);

/// Always preload intermediates
// https://wiki.mozilla.org/Security/CryptoEngineering/Intermediate_Preloading
defaultPref("security.remote_settings.intermediates.enabled", true); // [DEFAULT]

/// Always warn on insecure webpages
defaultPref("security.insecure_connection_text.enabled", true);
defaultPref("security.insecure_connection_text.pbmode.enabled", true);
defaultPref("security.ssl.treat_unsafe_negotiation_as_broken", true);

/// Always warn when submitting a form from HTTP to HTTPS, even on local IP addresses
defaultPref("security.insecure_field_warning.ignore_local_ip_address", false);
defaultPref("security.warn_submit_secure_to_insecure", true); // [DEFAULT]

/// Disable the automatic import of OS client authentication certificates
// (Ex. smart cards)
// This prevents loading Mozilla's PKCS#11 module (which then loads these certificates from the OS store).
// AFAICT this functionality is quite obscure, use is seemingly nonexistent outside of very specific environments (ex. enterprise/government).
// Those who do actually use this functionality may also not want the browser to automatically import/expose these certificates, as they have many other uses.
// These certificates can also still be imported in browser settings anyways, so those who do need to use this functionality still can that way.
// So, I see no reason to leave this enabled by default - disabling it reduces attack surface and gives more control to users.
// (For reference, Tor Browser also disables this)
// https://blog.mozilla.org/security/2020/04/14/expanding-client-certificates-in-firefox-75/
// https://bugzilla.mozilla.org/show_bug.cgi?id=1637807
defaultPref("security.osclientcerts.autoload", false); // [DEFAULT - Thunderbird]

/// Disable downgrades to insecure TLS 1.0/1.1
defaultPref("security.tls.insecure_fallback_hosts", ""); // [DEFAULT]
lockPref("security.tls.version.enable-deprecated", false); // [DEFAULT]

/// Disable insecure ciphers (Like Chromium & Tor Browser)
// https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/issues/361#note_3089049
// https://bugzilla.mozilla.org/show_bug.cgi?id=1600437
// https://bugzilla.mozilla.org/show_bug.cgi?id=1036765
defaultPref("security.ssl3.dhe_rsa_aes_128_sha", false); // [DEFAULT]
defaultPref("security.ssl3.dhe_rsa_aes_256_sha", false); // [DEFAULT]
defaultPref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); // [DEFAULT] TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
defaultPref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false); // [DEFAULT - Nightly] TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

/// Disable OCSP revocation checks
//
// So, my current understanding:
// According to Mozilla blog: "With CRLite, Firefox periodically downloads a compact encoding of the set of all revoked certificates that appear in Certificate Transparency logs. Firefox stores this encoding locally, updates it every 12 hours, and queries it privately every time a new TLS connection is created."
// and: "Of course, no browser is performing daily downloads of all CRLs. For a more meaningful comparison, we can consider Chrome’s CRLSets. These are hand-picked sets of revocations that are delivered to Chrome users daily. Recent CRLSets weigh in at 600 kB and include about 1% of all revocations (thirty-five thousand of the four million total). Firefox’s CRLite implementation uses half the bandwidth, updates twice as frequently, and includes all revocations."
// According to MDN: "Firefox desktop from version 135 requires CT log inclusion for all certificates issued by certificate authorities in Mozilla's Root CA Program".
//
// What this means for us:
// 1. We enforce Certificate Transparency (CT) below (security.pki.certificate_transparency.mode -> 2)
// 2. Mozilla requires CAs in their program to implement CT, and we disable using the system's root CAs below (security.certerrors.mitm.auto_enable_enterprise_roots + security.enterprise_roots.enabled)
// 3. We enable + enforce CRLite below (security.pki.crlite_mode -> 2, security.remote_settings.crlite_filters.enabled -> true)
// 4. CRLite works by using CT logs, AND includes ALL revocations from those logs
// 5. Therefore, since we're only trusting CAs that use CT, and since CRLite is covering ALL revocations from CT, we can reasonably conclude that CRLite is covering all revocatons, and thus, OCSP should be superfluous
// So, I'm comfortable finally retiring OCSP... :) - Great to see how far this has come
// https://wikipedia.org/wiki/Online_Certificate_Status_Protocol
// https://hacks.mozilla.org/2025/08/crlite-fast-private-and-comprehensive-certificate-revocation-checking-in-firefox/
// https://developer.mozilla.org/docs/Web/Security/Certificate_Transparency#browser_requirements
// https://github.com/arkenfox/user.js/issues/1576
if (phoenixMail == false) {
    defaultPref("security.OCSP.enabled", 0); // [NO-MAIL]
    defaultPref("security.OCSP.require", false); // [NO-MAIL] [DEFAULT]
};

/// Disable Parental Controls
// https://searchfox.org/firefox-main/source/toolkit/components/parentalcontrols/nsIParentalControlsService.idl
// https://searchfox.org/firefox-main/rev/cb527813/netwerk/protocol/http/nsHttpHandler.cpp#537
// https://searchfox.org/firefox-main/rev/cb527813/docshell/base/CanonicalBrowsingContext.cpp#3696
// https://searchfox.org/firefox-main/source/toolkit/locales-preview/aboutRestricted.ftl
lockPref("network.parental_controls_cached_state", false); // [DEFAULT]
lockPref("security.restrict_to_adults.always", false); // [DEFAULT]
lockPref("security.restrict_to_adults.respect_platform", false); // [DEFAULT]

/// Disable sending background HTTP requests to websites that do not respond quickly to check if they support HTTPS
defaultPref("dom.security.https_only_mode_send_http_background_request", false);

/// Disable third-party/OS-level root certificates
// I've been torn on how to handle this, but IMO the safest way forward is disabling this functionality in Firefox
// This is commonly abused by malware/etc. and it's even overriden by certain software/garbage AV's...
// Ex. https://support.kaspersky.com/common/compatibility/14620#block3
// Since this is something programs actively try to override, I don't see a safe way to support this, so we'll lock it
// We still allow users to manually import certificates into Firefox... 
// So we can ensure users are aware of certificates they add and are making this decision consciously
// This is also important to ensure that Certificate Transparency is properly enforced, since it (`security.pki.certificate_transparency.mode`) only covers roots issued by Mozilla
// https://wiki.mozilla.org/SecurityEngineering/Certificate_Transparency#Certificate_Transparency_Support_in_Firefox
// We also set "ImportEnterpriseRoots" in policies [NO-ANDROID]
// https://mozilla.github.io/policy-templates/#certificates--importenterpriseroots [NO-ANDROID]
defaultPref("security.certerrors.mitm.auto_enable_enterprise_roots", false); // [HIDDEN - Android/Thunderbird] [DEFAULT]
defaultPref("security.enterprise_roots.enabled", false); // [DEFAULT]
if (phoenixPlatform != "android") {
    lockPref("security.certerrors.mitm.auto_enable_enterprise_roots", false); // [NO-ANDROID]
    lockPref("security.enterprise_roots.enabled", false); // [NO-ANDROID]
};

//// Ensure HTTP/3 isn't disabled when/if third-party/OS-level root certificates are found
defaultPref("network.http.http3.disable_when_third_party_roots_found", false);

/// Disable TLS 1.3 0-RTT
// Not forward secret
// https://github.com/tlswg/tls13-spec/issues/1001
defaultPref("network.http.http3.enable_0rtt", false); // For HTTP3 https://bugzilla.mozilla.org/show_bug.cgi?id=1689550
defaultPref("security.tls.enable_0rtt_data", false);

/// Enable (+ enforce) Certificate Transparency
// https://wiki.mozilla.org/SecurityEngineering/Certificate_Transparency
defaultPref("security.pki.certificate_transparency.disable_for_hosts", ""); // [DEFAULT]
defaultPref("security.pki.certificate_transparency.disable_for_spki_hashes", ""); // [DEFAULT]
defaultPref("security.pki.certificate_transparency.mode", 2); // [DEFAULT - non-Nightly Android]

/// Enable CRLite revocation checks (and prioritize over OCSP)
// https://blog.mozilla.org/security/2020/01/09/crlite-part-1-all-web-pki-revocations-compressed/
defaultPref("security.pki.crlite_channel", "default"); // [DEFAULT - non-Android] Use CRLite clubcards that contain all revocations, instead of just "priority" revocations
defaultPref("security.pki.crlite_mode", 2); // [DEFAULT - Nightly]
defaultPref("security.remote_settings.crlite_filters.enabled", true); // [DEFAULT - non-Android]

/// Enable Delegated Credentials
// https://wikipedia.org/wiki/Delegated_credential
defaultPref("security.tls.enable_delegated_credentials", true); // [DEFAULT]

/// Enable HTTPS-First
// This is a less-aggressive alternative to HTTPS-Only Mode
// Sets the browser to attempt to use HTTPS for connections first, but silently fall-back if HTTPS is unavailable
// Used if HTTPS-Only Mode is disabled
// https://support.mozilla.org/kb/https-first
defaultPref("dom.security.https_first", true); // [DEFAULT]
defaultPref("dom.security.https_first_add_exception_on_failure", false); // Prevent automatically exempting domains, so that HTTPS-First is always tried no matter what
defaultPref("dom.security.https_first_for_custom_ports", true);
defaultPref("dom.security.https_first_for_local_addresses", true);
defaultPref("dom.security.https_first_for_unknown_suffixes", true);
defaultPref("dom.security.https_first_pbm", true); // [DEFAULT]
defaultPref("dom.security.https_first_schemeless", true); // [DEFAULT]

/// Enable HTTPS-Only Mode
// Enforces the use of HTTPS for connections, and warns the user if HTTPS is unavailable
// https://support.mozilla.org/kb/https-only-prefs
// NOTE: Locked on Desktop due to being a critical privacy and security feature,
// but we won't lock it for Android/Thunderbird, as it's unfortunately not possible to add exceptions there
// https://codeberg.org/ironfox-oss/bugs/issues/48
defaultPref("dom.security.https_only_mode", true);
defaultPref("dom.security.https_only_mode.upgrade_local", true); // Enforce HTTPS-Only Mode for local requests
defaultPref("dom.security.https_only_mode_pbm", true);
defaultPref("dom.security.https_only_mode_error_page_user_suggestions", true); // Show suggestions when an HTTPS page can not be found - ex. if 'example.com' is insecure, the browser may suggest trying to connect to 'www.example.com' instead
if (phoenixPlatform != "android" && phoenixMail == false) {
    lockPref("dom.security.https_only_mode", true); // [NO-ANDROID] [NO-MAIL]
    lockPref("dom.security.https_only_mode_pbm", true); // [NO-ANDROID] [NO-MAIL]
};

/// Enable MITM Detection
// https://github.com/arkenfox/user.js/issues/740
// https://bugzilla.mozilla.org/show_bug.cgi?id=1529643
defaultPref("security.certerrors.mitm.priming.enabled", true); // [HIDDEN - Android/Thunderbird] [DEFAULT - non-Android/Thunderbird]
defaultPref("security.certerrors.mitm.priming.endpoint", "https://mitmdetection.services.mozilla.com/"); // [HIDDEN - Android/Thunderbird] [DEFAULT - non-Android/Thunderbird]

/// Enable OCSP stapling
// https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/
// https://blog.cloudflare.com/high-reliability-ocsp-stapling/#ocsp-must-staple
defaultPref("security.ssl.enable_ocsp_must_staple", true); // [DEFAULT]
defaultPref("security.ssl.enable_ocsp_stapling", true); // [DEFAULT]

/// Enable Post Quantum Key Agreement (Kyber)
defaultPref("media.webrtc.enable_pq_hybrid_kex", true); // [DEFAULT]
defaultPref("media.webrtc.send_mlkem_keyshare", true); // [DEFAULT]
defaultPref("network.http.http3.enable_kyber", true); // [DEFAULT]
defaultPref("security.tls.client_hello.send_p256_keyshare", true); // [DEFAULT]
defaultPref("security.tls.enable_kyber", true); // [DEFAULT]
if (phoenixESR == true) { 
    defaultPref("media.webrtc.enable_pq_dtls", true); // [NO-ANDROID] [ESR] [DEFAULT]
};

/// Enable prompts for unsafe HTTP redirects
// https://searchfox.org/firefox-main/rev/16707ce1/modules/libpref/init/all.js#1189
// https://bugzilla.mozilla.org/show_bug.cgi?id=677754
// https://searchfox.org/firefox-main/rev/16707ce1/netwerk/protocol/http/nsHttpChannel.cpp#3687
defaultPref("network.http.prompt-temp-redirect", true);

/// Enforce Strict Certificate Pinning
// https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning#How_to_use_pinning
// The list of domains currently covered can be found here: https://searchfox.org/firefox-main/source/security/manager/ssl/StaticHPKPins.h
// Some are also displayed in a prettier format here: https://searchfox.org/firefox-main/source/security/manager/tools/PreloadedHPKPins.json
// For values/modes, see: https://searchfox.org/firefox-main/rev/19539767/security/manager/ssl/PublicKeyPinningService.cpp#32
//    Disabled             = 0
//    AllowUserCAMITM      = 1
//    Strict               = 2
//    EnforceTestMode      = 3
// Strict excludes certain domains that Mozilla wants to collect telemetry for/labels as "testing", while EnforceTestMode
// includes all domains/enforces everything
defaultPref("security.cert_pinning.enforcement_level", 3);

/// Enforce TLS 1.3 downgrade protection
// https://bugzilla.mozilla.org/show_bug.cgi?id=1576790
defaultPref("security.tls.hello_downgrade_check", true); // [DEFAULT]

/// Ensure that the browser omits credentials when making network requests by default
// https://searchfox.org/firefox-main/rev/4dad4a9a/modules/libpref/init/StaticPrefList.yaml#13568
defaultPref("network.fetch.systemDefaultsToOmittingCredentials", true); // [DEFAULT]

/// Ensure we use the HSTS preload list
// https://searchfox.org/firefox-main/rev/82e2435f/security/manager/ssl/nsSiteSecurityService.cpp#799
defaultPref("network.stricttransportsecurity.preloadlist", true); // [DEFAULT]

/// Only allow certificate error exceptions per-session
defaultPref("security.certerrors.permanentOverride", false); // [HIDDEN - Android/Thunderbird]

/// Only load secure websockets from HTTPS pages
defaultPref("network.websocket.allowInsecureFromHTTPS", false); // [DEFAULT]

/// Require safe renegotiations
// Disables connections to servers without RFC 5746
// https://wiki.mozilla.org/Security:Renegotiation
defaultPref("security.ssl.require_safe_negotiation", true);

/// Show detailed information on insecure warning pages
defaultPref("browser.xul.error_pages.expert_bad_cert", true);

/// Upgrade Mixed Content
// These pertain to handling insecure (HTTP) content in secure (HTTPS) contexts
// https://blog.mozilla.org/security/2024/06/05/firefox-will-upgrade-more-mixed-content-in-version-127/
defaultPref("dom.securecontext.allowlist", ""); // [HIDDEN] [DEFAULT] This can be used for adding exceptions: https://searchfox.org/firefox-main/rev/82e2435f/dom/security/nsMixedContentBlocker.cpp#270
defaultPref("security.mixed_content.block_active_content", true); // [DEFAULT - non-Thunderbird]
defaultPref("security.mixed_content.block_display_content", false); // [DEFAULT] Unnecessary with the "security.mixed_content.upgrade_display_content" pref - that pref tries to upgrade mixed content by default and still blocks it if fails, this pref just blocks all mixed content entirely, causing unnecessary breakage for users: https://github.com/mozilla/policy-templates/issues/1141
defaultPref("security.mixed_content.upgrade_display_content", true); // [DEFAULT]

defaultPref("browser.phoenix.status", "007");

/*** 008 IMPLICIT CONNECTIONS ***/

/// Disable Early Hints
// https://developer.mozilla.org/docs/Web/HTTP/Status/103
// https://github.com/bashi/early-hints-explainer/blob/main/explainer.md
// (ex. like Cromite: https://github.com/uazo/cromite/blob/master/build/patches/Client-hints-overrides.patch)
defaultPref("network.early-hints.enabled", false);
defaultPref("network.early-hints.over-http-v1-1.enabled", false);
defaultPref("network.early-hints.preconnect.enabled", false);
defaultPref("network.early-hints.preconnect.max_connections", 0);

/// Disable network prefetching
// https://developer.mozilla.org/docs/Glossary/Prefetch
defaultPref("dom.prefetch_dns_for_anchor_http_document", false); // https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42684
defaultPref("dom.prefetch_dns_for_anchor_https_document", false); // [DEFAULT] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42684
defaultPref("network.dns.disablePrefetch", true);
defaultPref("network.dns.disablePrefetchFromHTTPS", true);
defaultPref("network.dns.prefetch_via_proxy", false); // [DEFAULT]
defaultPref("network.http.speculative-parallel-limit", 0); // [DEFAULT - Thunderbird]
defaultPref("network.predictor.enable-hover-on-ssl", false); // [DEFAULT] https://searchfox.org/firefox-main/rev/3c918058/docshell/base/nsDocShell.cpp#14207
defaultPref("network.prefetch-next", false);
if (phoenixESR == true) {
    defaultPref("network.predictor.enabled", false); // [NO-ANDROID] [ESR]
};

/// Disable preconnect
// https://github.com/uBlockOrigin/uBlock-issues/issues/2913
// https://developer.mozilla.org/docs/Web/HTML/Attributes/rel/preconnect
defaultPref("network.preconnect", false);

/// Disable speculative pre-connections
// https://support.mozilla.org/kb/how-stop-firefox-making-automatic-connections#w_speculative-pre-connections
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.places.speculativeConnect.enabled", false); // [NO-ANDROID] [NO-MAIL]
    defaultPref("browser.urlbar.speculativeConnect.enabled", false); // [NO-ANDROID] [NO-MAIL]
};

/// Prevent leaking single word searches to DNS provider
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.fixup.dns_first_for_single_words", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    defaultPref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
};

/// Prevent middle mouse clicks from pasting clipboard contents by default
// Way too easy to accidentally press...
defaultPref("middlemouse.paste", false);

/// Prevent middle mouse clicks on new tab button opening URLs or searches from clipboard
defaultPref("browser.tabs.searchclipboardfor.middleclick", false);
defaultPref("middlemouse.contentLoadURL", false); // [DEFAULT]

defaultPref("browser.phoenix.status", "008");

/*** 009 SEARCH & URL BAR ***/

/// Allow using a different search engine in normal vs. private Windows
if (phoenixMail == false) {
    defaultPref("browser.search.separatePrivateDefault.ui.enabled", true); // [NO-MAIL]
};

/// Always show Punycode
// Protects against phishing & IDN Homograph Attacks
// https://wikipedia.org/wiki/IDN_homograph_attack
defaultPref("network.IDN_show_punycode", true);

/// Disable autofill/autocompletion of URLs by default
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.urlbar.autoFill", false); // [NO-ANDROID] [NO-MAIL]
};

/// Disable the button to switch search engines when `browser.urlbar.scotchBonnet.enableOverride` is `false` by default
// Currently broken
// https://windowsreport.com/firefox-tests-dedicated-address-bar-button-for-easier-search-engine-switching/
// https://searchfox.org/firefox-main/rev/82e2435f/browser/themes/shared/identity-block/identity-block.css#33
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.urlbar.searchModeSwitcher.featureGate", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN] [DEFAULT]
};

/// Disable clipboard suggestions by default, but allow users to enable them if desired
// https://searchfox.org/firefox-main/source/browser/components/urlbar/UrlbarProviderClipboard.sys.mjs
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.urlbar.clipboard.featureGate", true); // [NO-ANDROID] [NO-MAIL]
    defaultPref("browser.urlbar.suggest.clipboard", false); // [NO-ANDROID] [NO-MAIL]
};

/// Disable Firefox's new 'Unified Trust Panel' by default
// This prevents setting per-site exceptions for the built-in cookie banner blocker
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.urlbar.trustPanel.featureGate", false); // [NO-ANDROID] [NO-MAIL]
};

/// Disable history suggestions by default
// https://searchfox.org/firefox-main/source/browser/components/urlbar/UrlbarProviderInputHistory.sys.mjs
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.urlbar.suggest.history", false); // [NO-ANDROID] [NO-MAIL]
};

/// Disable quick actions by default, but allow users to enable them if desired
// (Ex. When searching "settings", this causes a "Manage settings" result to appear)
// https://support.mozilla.org/kb/quick-actions-firefox-search-bar
// https://searchfox.org/firefox-main/source/browser/components/urlbar/ActionsProviderQuickActions.sys.mjs
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.urlbar.quickactions.showPrefs", true); // [NO-ANDROID] [NO-MAIL] [HIDDEN] UI
    defaultPref("browser.urlbar.secondaryActions.featureGate", true); // [NO-ANDROID] [NO-MAIL] [HIDDEN]
    defaultPref("browser.urlbar.shortcuts.actions", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN] `@actions` shortcut
    defaultPref("browser.urlbar.suggest.quickactions", false); // [NO-ANDROID] [NO-MAIL] suggestions
};

/// Disable the quick actions onboarding
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/nimbus/FeatureManifest.yaml#222
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.urlbar.quickactions.timesToShowOnboardingLabel", 0); // [NO-ANDROID] [NO-MAIL] [HIDDEN]
};

/// Disable recent search suggestions by default, but allow users to enable them if desired
// https://searchfox.org/firefox-main/source/browser/components/urlbar/UrlbarProviderRecentSearches.sys.mjs
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.urlbar.recentsearches.featureGate", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    defaultPref("browser.urlbar.suggest.recentsearches", false); // [NO-ANDROID] [NO-MAIL]
};

/// Disable search engine suggestions (Tab to search) by default
// https://searchfox.org/firefox-main/source/browser/components/urlbar/UrlbarProviderTabToSearch.sys.mjs
// Way too obnoxious...
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.urlbar.suggest.engines", false); // [NO-ANDROID] [NO-MAIL]
};

/// Disable search engine suggestion (Tab to search) onboarding results
// https://searchfox.org/firefox-main/rev/82e2435f/browser/components/urlbar/UrlbarPrefs.sys.mjs#574
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.urlbar.tabToSearch.onboard.interactionsLeft", 0); // [NO-ANDROID] [NO-MAIL] [HIDDEN]
};

/// Disable search suggestions by default
// https://searchfox.org/firefox-main/source/browser/components/urlbar/UrlbarProviderSearchSuggestions.sys.mjs
// `browser.search.suggest.enabled` and `browser.search.suggest.enabled.private` appear to have no impact on Android & Thunderbird, but they're still defined there by default.. so we can set them anyways
defaultPref("browser.search.suggest.enabled", false); // [DEFAULT - Android]
defaultPref("browser.search.suggest.enabled.private", false); // [DEFAULT]
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.urlbar.showSearchSuggestionsFirst", false); // [NO-ANDROID] [NO-MAIL] UI
    defaultPref("browser.urlbar.suggest.searches", false); // [NO-ANDROID] [NO-MAIL]
};

/// Disable search tips
// https://searchfox.org/firefox-main/source/browser/components/urlbar/UrlbarProviderSearchTips.sys.mjs
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.urlbar.searchTips.test.ignoreShowLimits", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN] [DEFAULT] Ensure we don't bypass checks that prevent tips from being shown https://searchfox.org/firefox-main/rev/82e2435f/browser/components/urlbar/UrlbarPrefs.sys.mjs#406
    lockPref("browser.urlbar.tipShownCount.searchTip_onboard", 999); // [NO-ANDROID] [NO-MAIL] [HIDDEN] Onboarding search tip https://searchfox.org/firefox-main/rev/82e2435f/browser/components/urlbar/UrlbarPrefs.sys.mjs#578
    lockPref("browser.urlbar.tipShownCount.searchTip_redirect", 999); // [NO-ANDROID] [NO-MAIL] [HIDDEN] Redirect search tip https://searchfox.org/firefox-main/rev/82e2435f/browser/components/urlbar/UrlbarPrefs.sys.mjs#581
};

/// Disable trending searches by default, but allow users to enable them if desired
// https://support.mozilla.org/kb/use-google-trending-search-firefox-address-bar
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.urlbar.suggest.trending", false); // [NO-ANDROID] [NO-MAIL]
    defaultPref("browser.urlbar.trending.featureGate", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
};

/// Disable URL trimming
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.urlbar.trimHttps", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    defaultPref("browser.urlbar.trimURLs", false); // [NO-ANDROID] [NO-MAIL]
};

/// Enable bookmark suggestions by default
// https://searchfox.org/firefox-main/source/browser/components/urlbar/UrlbarProviderBookmarkKeywords.sys.mjs
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.urlbar.suggest.bookmark", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
};

/// Enable the calculator by default
// https://searchfox.org/firefox-main/source/browser/components/urlbar/UrlbarProviderCalculator.sys.mjs
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.urlbar.suggest.calculator", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
};

/// Enable the new URL bar/search UI by default
// Adds Unified Search button to easily switch search engines in URL Bar, among other tweaks
// https://windowsreport.com/firefox-tests-dedicated-address-bar-button-for-easier-search-engine-switching/
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.urlbar.scotchBonnet.enableOverride", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
};

/// Enable local keyword shortcuts by default
// (ex. `@bookmarks` for searching bookmarks)
// https://searchfox.org/firefox-main/source/browser/components/urlbar/UrlbarProviderRestrictKeywords.sys.mjs
// https://searchfox.org/firefox-main/rev/82e2435f/browser/components/urlbar/UrlbarView.sys.mjs#3107
// https://searchfox.org/firefox-main/rev/82e2435f/browser/components/urlbar/UrlbarPrefs.sys.mjs#403
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.urlbar.searchRestrictKeywords.featureGate", true); // [NO-ANDROID] [NO-MAIL] [HIDDEN] [DEFAULT]
};

/// Enable open tab suggestions by default
// https://searchfox.org/firefox-main/source/browser/components/urlbar/UrlbarProviderOpenTabs.sys.mjs
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.urlbar.suggest.openpage", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
};

/// Enable rich suggestions by default
// (Ex. this displays images and additional info alongside suggestions from Google)
// https://searchfox.org/firefox-main/rev/82e2435f/browser/components/urlbar/UrlbarPrefs.sys.mjs#386
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.urlbar.richSuggestions.featureGate", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
};

/// Enable the Rust-based Search Engine Selector
// https://bugzilla.mozilla.org/show_bug.cgi?id=1914143
defaultPref("browser.search.rustSelector.featureGate", true); // [DEFAULT]

/// Enable the "Search in Private Window" result by default [NO-MAIL]
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/search/SearchService.sys.mjs#1228 [NO-MAIL]
if (phoenixMail == false) {
    defaultPref("browser.search.separatePrivateDefault.urlbarResult.enabled", true); // [NO-MAIL] [HIDDEN]
};

/// Enable shortcut suggestions by default
// https://searchfox.org/firefox-main/source/browser/components/urlbar/UrlbarProviderTopSites.sys.mjs
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.urlbar.suggest.topsites", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
};

/// Enable suggestions to add/use search engines on OpenSearch-compatible sites by default
// https://searchfox.org/firefox-main/rev/82e2435f/browser/components/urlbar/UrlbarPrefs.sys.mjs#83
// https://searchfox.org/firefox-main/source/browser/components/urlbar/ActionsProviderContextualSearch.sys.mjs
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.urlbar.contextualSearch.enabled", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
};

/// Enable unit conversion by default
// https://searchfox.org/firefox-main/source/browser/components/urlbar/UrlbarProviderUnitConversion.sys.mjs
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.urlbar.unitConversion.enabled", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
};

/// Ensure UI reflects that the default search engine is set to DuckDuckGo
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.urlbar.placeholderName", "DuckDuckGo"); // [NO-ANDROID] [NO-MAIL]
    defaultPref("browser.urlbar.placeholderName.private", "DuckDuckGo"); // [NO-ANDROID] [NO-MAIL]
};

/// Exclude JavaScript URLS from results
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.urlbar.filter.javascript", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
};

/// Expose the pref to enable debug badges in the `about:config`, but do not enable by default
// (Ex. labels adaptive history results with "A" and semantic history results with "S")
// https://searchfox.org/firefox-main/rev/82e2435f/browser/themes/shared/urlbarView.css#361
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.urlbar.showDebuggingIcons", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN] [DEFAULT]
};

/// Expose the UI to switch search engines for individual searches
// "This time, search with..."
// https://searchfox.org/firefox-main/source/browser/components/urlbar/UrlbarSearchOneOffs.sys.mjs
// https://searchfox.org/firefox-main/rev/82e2435f/browser/components/urlbar/UrlbarPrefs.sys.mjs#392
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.urlbar.scotchBonnet.disableOneOffs", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN]
};

/// Highlight domains and other styling
// Protects against phishing
// https://searchfox.org/firefox-main/rev/82e2435f/browser/components/urlbar/docs/preferences.rst#138
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.urlbar.formatting.enabled", true); // [NO-ANDROID] [NO-MAIL] [HIDDEN] [DEFAULT]
};

/// If URL trimming is enabled, untrim on user interaction
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.urlbar.untrimOnUserInteraction.featureGate", true); // [NO-ANDROID] [NO-MAIL]
};

/// Notify users if their default search engine has been removed
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/search/SearchService.sys.mjs#2030
defaultPref("browser.search.removeEngineInfobar.enabled", true); // [DEFAULT]

/// Show full URLs instead of search terms
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.urlbar.restyleSearches", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN] [DEFAULT]
    defaultPref("browser.urlbar.showSearchTerms.enabled", false); // [NO-ANDROID] [NO-MAIL]
    defaultPref("browser.urlbar.showSearchTerms.featureGate", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
};

/// Use the same search engine in normal and private browsing windows by default
// (DuckDuckGo for us)
defaultPref("browser.search.separatePrivateDefault", false);

defaultPref("browser.phoenix.status", "009");

/*** 010 DNS ***/

/// Customize list of built-in DoH resolvers
defaultPref("doh-rollout.provider-list", '[{"uri":"https://base.dns.mullvad.net/dns-query","UIName":"Mullvad (Base) 🇸🇪","autoDefault":true},{"uri":"https://mozilla.cloudflare-dns.com/dns-query","UIName":"Cloudflare 🇺🇸","autoDefault":false},{"uri":"https://security.cloudflare-dns.com/dns-query","UIName":"Cloudflare (Malware Protection) 🇺🇸","autoDefault":false},{"uri":"https://noads.joindns4.eu/dns-query","UIName":"DNS4EU (Ad Blocking) 🇨🇿","autoDefault":false},{"uri":"https://protective.joindns4.eu/dns-query","UIName":"DNS4EU (Protective) 🇨🇿","autoDefault":false},{"uri":"https://unfiltered.joindns4.eu/dns-query","UIName":"DNS4EU (Unfiltered) 🇨🇿","autoDefault":false},{"uri":"https://dns.mullvad.net/dns-query","UIName":"Mullvad (Unfiltered) 🇸🇪","autoDefault":false}]'); // [HIDDEN]
defaultPref("network.trr.default_provider_uri", "https://base.dns.mullvad.net/dns-query"); // Set the default DoH Provider to Mullvad (Base)

/// Disable DoH Connectivity Checks
defaultPref("network.connectivity-service.DNS_HTTPS.domain", "");
defaultPref("network.trr.attempt-when-retrying-confirmation", true); // Ensure we always attempt to use DoH no matter what, regardless of the confirmation connectivity check https://searchfox.org/firefox-main/rev/e535ba2b/netwerk/dns/TRRService.cpp#286
defaultPref("network.trr.confirmationNS", "skip"); // https://searchfox.org/firefox-main/rev/e535ba2b/netwerk/dns/TRRService.cpp#273
defaultPref("network.trr.skip-check-for-blocked-host", true); // https://searchfox.org/firefox-main/rev/82e2435f/netwerk/dns/TRRService.cpp#1062
defaultPref("network.trr.wait-for-confirmation", false); // [DEFAULT] Ensure we always attempt to use DoH no matter what, regardless of the confirmation connectivity check https://searchfox.org/firefox-main/rev/e535ba2b/netwerk/dns/TRRService.cpp#282

/// Disable DoH GET
defaultPref("network.trr.useGET", false); // https://bugzilla.mozilla.org/show_bug.cgi?id=1699759

/// Disable EDNS Client Subnet (ECS) to prevent leaking general location data to authoritative DNS servers...
// https://wikipedia.org/wiki/EDNS_Client_Subnet
defaultPref("network.trr.disable-ECS", true); // [DEFAULT]

/// Disable nsNotifyAddrListener
// (Ex. used for disabling DoH if certain conditions are met)
// https://searchfox.org/firefox-main/source/netwerk/system/win32/nsNotifyAddrListener.cpp
defaultPref("network.notify.changed", false);
defaultPref("network.notify.checkForNRPT", false);
defaultPref("network.notify.checkForProxies", false);
defaultPref("network.notify.dnsSuffixList", false);
defaultPref("network.notify.initial_call", false);
defaultPref("network.notify.IPv6", false); // [DEFAULT - Windows]
defaultPref("network.notify.resolvers", false);

/// Enable DNS Rebinding Protection
// https://bugzilla.mozilla.org/show_bug.cgi?id=1672528
defaultPref("network.trr.allow-rfc1918", false); // [DEFAULT]

/// Enable DoH without fallback by default
defaultPref("network.trr.mode", 3);

/// Enable EncryptedClientHello
// https://blog.cloudflare.com/announcing-encrypted-client-hello
defaultPref("network.dns.echconfig.enabled", true); // [DEFAULT]
defaultPref("network.dns.http3_echconfig.enabled", true); // [DEFAULT]

/// Enable native DNS over HTTPS lookups
// NOTE: Native DNS over HTTPS is currently broken on Windows 10, but can be toggled anyways with the
// `network.dns.native_https_query_win10` pref: https://bugzilla.mozilla.org/show_bug.cgi?id=1873461
defaultPref("network.dns.native_https_query", true); // [DEFAULT - non-macOS]
defaultPref("network.dns.native_https_query_in_automation", true); // Used in automation

/// Enable TLS SNI Slicing
// Useful for circumenting certain forms of censorship, ex. from the Great Firewall of China
// https://github.com/uazo/cromite/issues/2403
// https://github.com/net4people/bbs/issues/505
// https://searchfox.org/firefox-main/diff/cb527813/modules/libpref/init/StaticPrefList.yaml#15350
defaultPref("network.http.http3.sni-slicing", true); // [DEFAULT]

/// Ensure we clear cache upon changing DoH prefs
// https://searchfox.org/firefox-main/rev/82e2435f/netwerk/dns/TRRService.cpp#440
defaultPref("network.trr.clear-cache-on-pref-change", true); // [DEFAULT]

/// Expose the DoH bootstrap pref, but don't configure by default
// This is the DNS server Firefox uses to resolve the address of your DoH server
// By default, Firefox just uses the system DNS
// This value MUST match the address of the DoH server you're using
// Ex. you could set this to "9.9.9.9" for Quad9
// We won't configure this by default to prevent unexpected breakage for users when switching DNS providers, but it's hidden - so we can at least expose it in the about:config
// https://searchfox.org/firefox-main/rev/82e2435f/netwerk/dns/TRRService.cpp#903
defaultPref("network.trr.bootstrapAddr", ""); // [HIDDEN] [DEFAULT]

if (getPref("browser.phoenix.trr.autoBootstrap") == true) {
    if (getPref("network.trr.uri") == "https://base.dns.mullvad.net/dns-query" ||
     getPref("network.trr.uri") == "https://base.dns.mullvad.net:443/dns-query" ||
     getPref("network.trr.uri") == "") {
        lockPref("network.trr.bootstrapAddr", "194.242.2.4"); // [FN]
    } else if (getPref("network.trr.uri") == "https://dns.mullvad.net/dns-query" ||
     getPref("network.trr.uri") == "https://dns.mullvad.net:443/dns-query") {
        lockPref("network.trr.bootstrapAddr", "194.242.2.2"); // [FN]
    } else if (getPref("network.trr.uri") == "https://mozilla.cloudflare-dns.com/dns-query" ||
     getPref("network.trr.uri") == "https://mozilla.cloudflare-dns.com:443/dns-query" ||
     getPref("network.trr.uri") == "https://cloudflare-dns.com/dns-query" ||
     getPref("network.trr.uri") == "https://cloudflare-dns.com:443/dns-query" ||
     getPref("network.trr.uri") == "https://dns.cloudflare.com/dns-query" ||
     getPref("network.trr.uri") == "https://dns.cloudflare.com:443/dns-query") {
        if (getPref("browser.phoenix.trr.autoBootstrap.useFallback") == true) {
            lockPref("network.trr.bootstrapAddr", "1.0.0.1"); // [FN]
        } else {
            lockPref("network.trr.bootstrapAddr", "1.1.1.1"); // [FN]
        };
    } else if (getPref("network.trr.uri") == "https://security.cloudflare-dns.com/dns-query" ||
     getPref("network.trr.uri") == "https://security.cloudflare-dns.com:443/dns-query") {
        if (getPref("browser.phoenix.trr.autoBootstrap.useFallback") == true) {
            lockPref("network.trr.bootstrapAddr", "1.0.0.2"); // [FN]
        } else {
            lockPref("network.trr.bootstrapAddr", "1.1.1.2"); // [FN]
        };
    } else if (getPref("network.trr.uri") == "https://noads.joindns4.eu/dns-query" ||
     getPref("network.trr.uri") == "https://noads.joindns4.eu:443/dns-query") {
        lockPref("network.trr.bootstrapAddr", "86.54.11.13"); // [FN]
    } else if (getPref("network.trr.uri") == "https://protective.joindns4.eu/dns-query" ||
     getPref("network.trr.uri") == "https://protective.joindns4.eu:443/dns-query") {
        lockPref("network.trr.bootstrapAddr", "86.54.11.1"); // [FN]
    } else if (getPref("network.trr.uri") == "https://unfiltered.joindns4.eu/dns-query" ||
     getPref("network.trr.uri") == "https://unfiltered.joindns4.eu:443/dns-query") {
        lockPref("network.trr.bootstrapAddr", "86.54.11.100"); // [FN]
    };
    lockPref("network.trr.bootstrapAddr.0.NOTE", "Locked in favor of the preference:"); // [FN]
    lockPref("network.trr.bootstrapAddr.1.NOTE", "'browser.phoenix.trr.autoBootstrap'"); // [FN]
};

/// Fix IPv6 connectivity when DoH is enabled
// https://codeberg.org/divested/brace/pulls/5
defaultPref("network.dns.preferIPv6", true);

/// Prevent bypassing DoH for /etc/HOSTS entries by default
// Protects against HOSTS file hijacking
// https://www.malwarebytes.com/blog/news/2016/09/hosts-file-hijacks
// https://www.microsoft.com/wdsi/threats/malware-encyclopedia-description?Name=SettingsModifier:Win32/HostsFileHijack
// https://www.microcenter.com/tech_center/article/6472/how-to-clean-the-windows-hosts-file-if-malware-has-tampered-with-it
// https://searchfox.org/firefox-main/rev/82e2435f/netwerk/dns/TRRServiceBase.cpp#359
defaultPref("network.trr.exclude-etc-hosts", false);

/// Prevent sending headers for DoH requests
defaultPref("network.trr.send_accept-language_headers", false); // [DEFAULT]
defaultPref("network.trr.send_empty_accept-encoding_headers", true); // [DEFAULT]
defaultPref("network.trr.send_user-agent_headers", false); // [DEFAULT]

/// Prioritize HTTP/3
// https://searchfox.org/firefox-main/rev/62066911/netwerk/dns/nsIDNSService.idl#354
defaultPref("network.trr.allow_default_http3_first", true); // [DEFAULT - Nightly]
defaultPref("network.trr.force_http3_first", true);

/// Temporarily exclude certain captive portal domains from DNS over HTTPS by default
// Android unfortunately doesn't currently prompt users to fallback from DNS over HTTPS when a site can't be found (like desktop does), which causes unexpected breakage for users, as it leaves them without a clear explanation of the issue and a way to add the exceptions
// I don't love the idea of doing this... so again, to clarify: these are temporary will be removed once Firefox adds the fallback UI
// Domains taken from: https://badblock.celenity.dev/#captive-whitelist
// https://codeberg.org/celenity/Phoenix/issues/174
if (phoenixPlatform == "android") {
    defaultPref("network.trr.builtin-excluded-domains", "localhost,local,aa.entertainment.viasat.com,aa.viasat.com,aafes.wifi.viasat.com,aainflight.com,account.network-auth.com,acwifi.com,aerlingus-wifi.com,airborne.gogoinflight.com,airbornemedia.inflightinternet.com,airbornesecure.inflightinternet.com,aircanadawifi.com,airtime.geemedia.com,alaskawifi.com,amtrakconnect.com,amtrakwifi.com,ana-inflight-wifi.com,ap1.cloudguest.central.arubanetworks.com,ap1-elb.cloudguest.central.arubanetworks.com,apaceast.cloudguest.central.arubanetworks.com,apaceast-elb.cloudguest.central.arubanetworks.com,apacsouth.cloudguest.central.arubanetworks.com,apacsouth-elb.cloudguest.central.arubanetworks.com,api.airtime.geemedia.com,app.central.arubanetworks.com,app.central.arubanetworks.com.cn,app-apaceast.central.arubanetworks.com,app-apacsouth.central.arubanetworks.com,app-ca.central.arubanetworks.com,app-prod2.central.arubanetworks.com,app-yoda.arubathena.com,app1.central.arubanetworks.com,app1-ap.central.arubanetworks.com,app1-ap-h2.central.arubanetworks.com,app1-h2.central.arubanetworks.com,app2-ap.central.arubanetworks.com,app2-ap-ofc.central.arubanetworks.com,app2-eu.central.arubanetworks.com,app2-eu-ofc.central.arubanetworks.com,app2-ofc.central.arubanetworks.com,aruba.odyssys.net,arubanetworks.com,arubanetworks.com.cn,asset-acms.anuvu.cloud,atlanta-airport.com,atlwifi.atlanta-airport.com,atlwifi0.atlanta-airport.com,atlwifi1.atlanta-airport.com,atlwifi2.atlanta-airport.com,atlwifi3.atlanta-airport.com,atlwifi4.atlanta-airport.com,atlwifi5.atlanta-airport.com,atlwifi6.atlanta-airport.com,atlwifi7.atlanta-airport.com,atlwifi8.atlanta-airport.com,atlwifi9.atlanta-airport.com,atlwifi10.atlanta-airport.com,atlwifi11.atlanta-airport.com,atlwifi12.atlanta-airport.com,atlwifi13.atlanta-airport.com,atlwifi14.atlanta-airport.com,atlwifi15.atlanta-airport.com,atlwifi16.atlanta-airport.com,atlwifi17.atlanta-airport.com,auth.hotspotportals.com,auth.hpe.com,awn.wifi.viasat.com,bap.aws.opennetworkexchange.net,bsas.wifi.viasat.com,buy.gogoinflight.com,bwiam.cust.blueprintrf.com,btwifi.com,ca.cloudguest.central.arubanetworks.com,ca-elb.cloudguest.central.arubanetworks.com,captive.gogoinflight.com,captive.inflightinternet.com,captive.o2wifi.co.uk,captive-2020.aio.cloudauth.net,captive-2022.aio.cloudauth.net,captivemgr.o2wifi.net.uk,captiveportal-login.belex.com,carnivalwifi.com,cbp-guest.cbp.dhs.gov,cdnhotspot.afd.azureedge.net,cdnhotspot.azureedge.net,central.access.network,charter.guestinternet.com,cfr-mprtuam-01.cops.us1.pr.anuvu.cloud,cloud.imedia.ie,cms.airtime.geemedia.com,cms-scdn.airtime.geemedia.com,connect.edge.ihg.com,connect.klm.com,connect.klm.com-01.edgekey.net,connect.viasat.com,connect-edge.ihg.com,connected.southwestwifi.com,connected.xfinity.com,controller.access.network,cp-app.wifi.connected.xfinity.com,cp-app.wifi-dev.connected.xfinity.com,cp-app.wifi-stage.connected.xfinity.com,cp-app-east.wifi.connected.xfinity.com,cp-app-east.wifi-dev.connected.xfinity.com,cp-app-east.wifi-stage.connected.xfinity.com,cp-webapp.wifi.connected.xfinity.com,cp-webapp.wifi-dev.connected.xfinity.com,cp-webapp.wifi-stage.connected.xfinity.com,cust.blueprintrf.com,dalan.cust.blueprintrf.com,deltawifi.com,device.arubanetworks.com,device.central.arubanetworks.com.cn,device-apaceast.central.arubanetworks.com,device-apaceast-h2.central.arubanetworks.com,device-apacsouth.central.arubanetworks.com,device-apacsouth-h2.central.arubanetworks.com,device-ca.central.arubanetworks.com,device-ca-h2.central.arubanetworks.com,device-eu.central.arubanetworks.com,device-eu-h2.central.arubanetworks.com,device-h2.central.arubanetworks.com.cn,device-prod2.central.arubanetworks.com,device-prod2-h2.central.arubanetworks.com,device-yoda2.arubadev.cloud.hpe.com,devices-v2.arubanetworks.com,directaccess.viasat.com,dlrguest-captive.disney.com,doubletree.hiltonwifi.com,ee-wifi.ee.co.uk,esaconnect.extendedstayamerica.com,etihadwi-fly.com,euw1.cloudguest.central.arubanetworks.com,euw1-elb.cloudguest.central.arubanetworks.com,fedsso.yum.com,files.aa.entertainment.viasat.com,flyfi.com,foo.cust.blueprintrf.com,freewlan.sbb.ch,getconnected.southwestwifi.com,guestinternet.com,guestinternet.com.s3-website-us-east-1.amazonaws.com,gogoinair.com,gogoinflight.com,gp1.wendys.com,hamptoninn.hiltonwifi.com,hilton.hiltonwifi.com,hiltongardeninn.hiltonwifi.com,hiltonwifi.com,hotspotportals.com,hs.imedia.ie,hs1ga.wanderingwifi.com,httpforever.com,iceportal.de,inflight.pacwisp.net,inflight-wifi.com,inflightinternet.com,initial.southwestwifi.com,internal.central.arubanetworks.com,internal2.central.arubanetworks.com,internal2-public-device-nc-nlb-b71ba3c951b09682.elb.us-west-2.amazonaws.com,internal2-public-device-nlb-2e2273d4267c0682.elb.us-west-2.amazonaws.com,internetupgrade.marriott.com,kong-gtw-portal-apse2prod5-lb-1386339370.ap-southeast-2.elb.amazonaws.com,kong-gtw-portal-eu-lb-1104785228.eu-central-1.elb.amazonaws.com,kong-gtw-portal-mec1prod6-lb-2104849938.me-central-1.elb.amazonaws.com,kong-gtw-portal-production-lb-686216184.us-west-1.elb.amazonaws.com,kong-gtw-portal-use1prod2-lb-291057632.us-east-1.elb.amazonaws.com,krisworld.singaporeair.com,kw.sq.com,landing.sbb.ch,live.virginwifi.com,loggedin.wifigem.it,login.amtrakwifi.com,login.attwifi.com,login.cloud5.com,login.cloudi-fi.net,login.innflux.com,login.wifigem.com,login.wifionice.de,login.windstream.com,login-awe-cluster.attwifi.com,login-federated.windstream.com,loginportal1.wanderingwifi.com,loginportal3.wanderingwifi.com,loginportal5.wanderingwifi.com,loginportal5ga.wanderingwifi.com,loginportal8.wanderingwifi.com,lounge.aa.com,lpv.attwifi.com,lufthansa-flynet.com,managedwifi.xfinity.com,marriottwifi.com,massportwifi.com,mcita.cust.blueprintrf.com,medallionclass.com,media.southwestwifi.com,mscwifi.com,msftguest-virtual.partners.extranet.microsoft.com,mt1.datavalet.io,n143.network-auth.com,na.network-auth.com,nacportal.massportwifi.com,nae1.cloudguest.central.arubanetworks.com,nae1-elb.cloudguest.central.arubanetworks.com,naw2.cloudguest.central.arubanetworks.com,naw2-elb.cloudguest.central.arubanetworks.com,network-auth.com,neverssl.com,nossl.com,ofc.central.arubanetworks.com.cn,ofc-apaceast.central.arubanetworks.com,ofc-apacsouth.central.arubanetworks.com,ofc-ca.central.arubanetworks.com,ofc-prod2.central.arubanetworks.com,ofc-yoda2.arubadev.cloud.hpe.com,onboard.eurostar.com,onboard.sbb.ch,onboardicafe.com,pay.viasat.com,pay.viasat.com.00d70000000k0rweak.live.siteforce.com,portal.ac2.mist.com,portal.ac5.mist.com,portal.ac6.mist.com,portal.arubainstanton.com,portal.central.arubanetworks.com,portal.central.arubanetworks.com.cn,portal.eu.mist.com,portal.gc1.mist.com,portal.gc2.mist.com,portal.gc3.mist.com,portal.inflight-wifi.com,portal.live.virginwifi.com,portal.massportwifi.com,portal.mist.com,portal.moovmanage.com,portal-apac.central.arubanetworks.com,portal-apaceast.central.arubanetworks.com,portal-apacsouth.central.arubanetworks.com,portal-ca.central.arubanetworks.com,portal-eu.central.arubanetworks.com,portal-eucentral3.central.arubanetworks.com,portal-prod2.central.arubanetworks.com,portal-prodf1.acf.aruba-central.com,portal-uswest4.central.arubanetworks.com,qa-connect-edge.ihg.com,rcs.arubathena.com,rcs-m.arubathena.com,rcs-ng-yoda2.arubadev.cloud.hpe.com,regio-guide.de,register.onboard.eurostar.com,rougewifi.com,rsc.att.com,rsc.wayport.net,sbahnstuttgart.zugportal.de,sbux-j3.datavalet.io,sbux-portal.globalreachtech.com,sbux-portal.odyssys.net,secure.11os.com,secure.datavalet.io,secure.guestinternet.com,secure.wayport.net,secure-login.attwifi.com,securelogin.arubanetworks.com,secureprofile.wifi.connected.xfinity.com,service.thecloud.net,shop.ba.com,singaporeair-krisworld.com,southwestwifi.com,sponsoredaccess.viasat.com,sso.app.arubanetworks.com,sso.arubanetworks.com,sso.wendys.com,stage.connect.edge.ihg.com,starbucks-east.datavalet.io,stay.marriottbonvoy.com,swa.mychasecreditcards.com,test-crm.southwestwifi.com,thalysnet.com,thd.cloudauth.net,timhortonswifi.com,tvgreyhound.com,unitedprivatescreening.com,unitedwifi.com,universal-orlando.ampthink.com,upt.wifi.viasat.com,us.timhortonswifi.com,utils.gogoinflight.com,uucp.wifi.viasat.com,vgw1-03.phl-philly-iap.lpv.attwifi.com,viasat.com,viasat.com.00d70000000k0rweak.live.siteforce.com,virginwifi.com,wanderingwifi.com,we.windstream.com,weconnect.wendys.com,wifi.airasia.com,wifi.bahn.de,wifi.cathaypacific.com,wifi.connected.xfinity.com,wifi.delta.com,wifi.esa.com,wifi.gogoinflight.com,wifi.inflightinternet.com,wifi.kfc.com,wifi.panerabread.com,wifi.singaporeair.com,wifi.sncf,wifi.starbucks.com,wifi.tgv-lyria.com,wifi.tgvlyria.com,wifi.united.com,wifi.united.com.edgekey.net,wifi.we.co,wifi.xfinity.com,wifi-dev.connected.xfinity.com,wifi-stage.connected.xfinity.com,wifi-viarail.ca,wifi-xdb.boingohotspot.net,wifi1.kfc.com,wifi1.viasat.com,wifi2.kfc.com,wifihotspot.io,wifilauncher.com,wifilauncher.com.s3-website.us-east-1.amazonaws.com,wifilrn-ch2-1p.xfinity.com,wifionboard.com,wingsconnect.aero,wirelessportal.americanexpress.com,wirelessportal.americanexpress.com.akadns.net,wirelessportal2.americanexpress.com.akadns.net,wlb1.us-east-1.sbux-portal.globalreachtech.com,wlb1-1579773356.us-east-1.elb.amazonaws.com,www.aainflight.com,www.acwifi.com,www.aerlingus-wifi.com,www.aircanadawifi.com,www.alaskawifi.com,www.amtrakconnect.com,www.ana-inflight-wifi.com,www.btwifi.com,www.carnivalwifi.com,www.deltawifi.com,www.directaccess.viasat.com,www.flyfi.com,www.gogoinair.com,www.gogoinflight.com,www.guestinternet.com,www.guestinternet.com.s3-website-us-east-1.amazonaws.com,www.hiltonwifi.com,www.httpforever.com,www.iceportal.de,www.inflight-wifi.com,www.lufthansa-flynet.com,www.marriottwifi.com,www.medallionclass.com,www.nossl.com,www.neverssl.com,www.onboardicafe.com,www.rougewifi.com,www.secure.datavalet.io,www.singaporeair-krisworld.com,www.southwestwifi.com,www.sponsoredaccess.viasat.com,www.thalysnet.com,www.timhortonswifi.com,www.unitedprivatescreening.com,www.unitedwifi.com,www.wifi.singaporeair.com,www.wifilauncher.com,www.wifilauncher.com.s3-website.us-east-1.amazonaws.com,www.wifionboard.com,www.wingsconnect.aero,www.zugportal.de,yoda-cgqa.arubathena.com,yoda-cgqa-elb.arubathena.com,yoda2-ofc-nlb-f4f923213a2189c7.elb.us-west-2.amazonaws.com,yoda2-public-device-nlb-8343995ce4714f6f.elb.us-west-2.amazonaws.com,yoda2-rcs-nlb-0c9df3882f3f7416.elb.us-west-2.amazonaws.com,zugportal.de"); // [ANDROID-ONLY] [DEFAULT: localhost, local]
};

defaultPref("browser.phoenix.status", "010");

/*** 011 PROXIES ***/

/// Prevent Firefox from automatically using the system's proxy configuration by default
// This is commonly abused by content filtering/monitoring/MITM software & malware (just like third-party/OS-level root certificates...)
// There are of course legitimate use cases for proxies, but those require manual set-up anyways... let's ensure the user is always in control and making the conscious decision to use a proxy (if at all)
// Also helps with performance as a bonus
// https://bugzilla.mozilla.org/show_bug.cgi?id=500983
// https://bugzilla.mozilla.org/show_bug.cgi?id=500983#c7
// https://superuser.com/questions/169303/why-are-my-browsers-suddenly-configured-to-use-a-proxy
// BITS usage currently requires 5 (default) https://searchfox.org/firefox-main/rev/ba7a7a320649794a9948b32156f5b438fef5ce7a/toolkit/mozapps/update/UpdateService.sys.mjs#861 [WINDOWS-ONLY]
// The proxy type. See nsIProtocolProxyService.idl
//    PROXYCONFIG_DIRECT   = 0
//    PROXYCONFIG_MANUAL   = 1
//    PROXYCONFIG_PAC      = 2
//    PROXYCONFIG_WPAD     = 4
//    PROXYCONFIG_SYSTEM   = 5 (default)
defaultPref("network.proxy.type", 0);

// Prevent bypasses/leakage

/// Always start proxy extensions (if installed) as soon as possible, instead of waiting for the first browser window to open
defaultPref("extensions.webextensions.early_background_wakeup_on_request", true); // [HIDDEN - non-Android] [DEFAULT - Android]

/// Disable automatic failover from the proxy (if configured) to direct connections when certain system requests fail
// https://bugzilla.mozilla.org/show_bug.cgi?id=1720221
defaultPref("network.proxy.failover_direct", false);

/// Disable file:///net
// https://bugzilla.mozilla.org/show_bug.cgi?id=1412081
// (This unfortunately breaks file upload on Android ATM)
if (phoenixPlatform == "android") {
    defaultPref("network.file.path_blacklist", ""); // [ANDROID-ONLY] [HIDDEN] [DEFAULT]
} else {
    defaultPref("network.file.path_blacklist", "/net"); // [NO-ANDROID] [HIDDEN]
};

/// Disable GIO
// https://bugzilla.mozilla.org/1433507
defaultPref("network.gio.supported-protocols", ""); // [HIDDEN]

/// Disable Uniform Naming Convention (UNC) file paths
// https://bugzilla.mozilla.org/1413868
defaultPref("network.file.disable_unc_paths", true); // [HIDDEN]

/// Disable Wi-Fi Tickler
// Ex. disabled by the Proxy Bypass Protection build argument
// https://searchfox.org/firefox-main/source/netwerk/base/Tickler.h
// https://searchfox.org/firefox-main/rev/82e2435f/netwerk/base/Tickler.cpp#127
defaultPref("network.tickle-wifi.enabled", false); // [DEFAULT - non-Android]

/// Prevent bypassing the proxy (if configured) for system connections that include the `bypassProxy` flag
// https://bugzilla.mozilla.org/show_bug.cgi?id=1732792
defaultPref("network.proxy.allow_bypass", false);

/// Use the proxy (if configured) for remote DNS lookups
defaultPref("network.proxy.socks_remote_dns", true);
defaultPref("network.proxy.socks5_remote_dns", true); // [DEFAULT]

defaultPref("browser.phoenix.status", "011");

/*** 012 WEBRTC ***/

/// Allow user to silence notifications when screen sharing
// https://searchfox.org/firefox-main/rev/82e2435f/browser/app/profile/firefox.js#2590
defaultPref("privacy.webrtc.allowSilencingNotifications", true); // [HIDDEN - Android/Thunderbird] [DEFAULT]
defaultPref("privacy.webrtc.hideGlobalIndicator", false); // [HIDDEN - Android/Thunderbird] [DEFAULT]

/// Always exclude local IP addresses, even in trusted scenarios
// This will likely break WebRTC...
if (phoenixExtended == true) {
    defaultPref("media.peerconnection.ice.no_host", true); // [EXTENDED-ONLY]
};

/// Always sandbox Media Transport
// https://searchfox.org/firefox-main/rev/82e2435f/security/sandbox/common/SandboxSettings.cpp#185
defaultPref("media.peerconnection.mtransport_process", true); // [HIDDEN - Android/Thunderbird] [DEFAULT]

/// Disable RTP Control Protocol (RTCP) reception
// https://wikipedia.org/wiki/RTP_Control_Protocol
// Used for quality monitoring and statistics
// https://searchfox.org/firefox-main/rev/874c5779/dom/media/webrtc/transportbridge/MediaPipeline.cpp#651
defaultPref("media.webrtc.net.force_disable_rtcp_reception", true);

/// Enable global toggles for muting the camera/microphone
// https://searchfox.org/firefox-main/rev/82e2435f/browser/app/profile/firefox.js#2595
defaultPref("privacy.webrtc.globalMuteToggles", true); // [HIDDEN - Android]

/// Enable mDNS Host Obfuscation to prevent leaking local IP addresses
// https://bugzilla.mozilla.org/show_bug.cgi?id=1588817
defaultPref("media.peerconnection.ice.obfuscate_host_addresses", true); // [DEFAULT - non-Android]

/// Force a single candidate for ICE generation
// This will likely break WebRTC...
if (phoenixExtended == true) {
    defaultPref("media.peerconnection.ice.default_address_only", true); // [EXTENDED-ONLY]
};

/// Only use TURN servers/relays (No P2P)
// https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/issues/40#note_2884663
// This will likely break WebRTC...
if (phoenixExtended == true) {
    defaultPref("media.peerconnection.ice.relay_only", true); // [EXTENDED-ONLY]
};

/// Prevent WebRTC from bypassing the proxy (if configured)
// https://bugzilla.mozilla.org/show_bug.cgi?id=1790270
defaultPref("media.peerconnection.ice.proxy_only_if_behind_proxy", true);

/// Warn users when attempting to switch tabs in a window being shared over WebRTC
// https://searchfox.org/firefox-main/rev/82e2435f/browser/app/profile/firefox.js#2599
defaultPref("privacy.webrtc.sharedTabWarning", true); // [HIDDEN - Android/Thunderbird]

defaultPref("browser.phoenix.status", "012");

/*** 013 MEDIA ***/

/// Add DRM notes
defaultPref("media.eme.enabled.0.NOTE", "DRM/EME is NOT supported or recommended.");
defaultPref("media.eme.enabled.1.NOTE", "Enabling it WILL compromise your privacy/security.");
defaultPref("media.eme.enabled.2.NOTE", "Proceed at your own caution.");
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("media.eme.enabled.3.NOTE", "Disable media.eme.require-app-approval if you haven't already."); // [NO-ANDROID] [NO-MAIL]
    defaultPref("media.eme.enabled.4.NOTE", "You will also need to enable GMP and a CDM."); // [NO-ANDROID] [NO-MAIL]
    defaultPref("media.eme.enabled.5.NOTE", "See media.gmp-manager.updateEnabled & media.gmp-widevinecdm.enabled."); // [NO-ANDROID] [NO-MAIL]
};
if (phoenixPlatform == "android") {
    defaultPref("media.eme.enabled.3.NOTE", "You will also need to enable a CDM."); // [ANDROID-ONLY]
    defaultPref("media.eme.enabled.4.NOTE", "See media.mediadrm-widevinecdm.visible."); // [ANDROID-ONLY]
};
if (phoenixPlatform == "windows" && phoenixMail == false) {
    defaultPref("media.eme.enabled.6.NOTE", "WINDOWS USERS: ALSO see media.eme.playready.enabled & media.gmp-widevinecdm-l1.enabled."); // [WINDOWS-ONLY] [NO-MAIL]
};

/// Block media autoplay by default
// https://support.mozilla.org/kb/block-autoplay
// `media.geckoview.autoplay.request.testing` is used when `media.geckoview.autoplay.request` is set to `true` (ex. on GeckoView/Fenix) - when `media.geckoview.autoplay.request` is false, `media.autoplay.default` appears to be used instead
// https://searchfox.org/firefox-main/rev/82e2435f/modules/libpref/init/StaticPrefList.yaml#12909
defaultPref("media.autoplay.default", 5);
defaultPref("media.geckoview.autoplay.request.testing", 2); // [DEFAULT: 0 - Follows the Autoplay site permission]

/// Configure the media autoplay blocking policy
// https://wiki.mozilla.org/Media/block-autoplay#What_strategy_does_Firefox_use_for_blocking_autoplay?
// Values are:
// 0 (Default): Sticky - Autoplay is blocked until the user interacts with a page, and is allowed indefinitely (until the user refreshes the page or navigates to a different page)
// 1: Transient - Autoplay is blocked until the user interacts with a page, BUT it is only allowed until a certain amount of time passes (controlled by `dom.user_activation.transient.timeout`)
// 2: Click-to-play - Autoplay is always blocked; media will only play on user interaction of the desired media
// 2 is ideal on paper (and we used to use that value, at least on Phoenix Extended), but it unfortunately causes breakage and prevents media from playing at all on certain websites - so I believe 1 is a nice balance/compromise
defaultPref("media.autoplay.blocking_policy", 1);

/// Disable Encrypted Media Extensions (EME) (DRM)
// Garbage technology with privacy, security, and freedom concerns
// https://www.w3.org/TR/encrypted-media/
// https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next
// https://celenity.dev/posts/thoughts/drm/
// (For testing: https://bitmovin.com/demos/drm)
// NOTE: EME also requires Content Decryption Modules (CDMs) to function
// By default, when EME is enabled, Firefox automatically enables/installs Google Widevine on all platforms, in addition to Microsoft PlayReady on Windows
// Unlike Firefox, when EME is enabled, we don't automatically enable any CDMs (see prefs below) - instead, we allow the user to decide which CDM they prefer to use with EME, instead of making that choice for them - allowing the user to remain in control
// NOTE: The standard "media.eme.enabled" pref only disables PROPRIETARY CDMs - Firefox on Desktop also enables an additional CDM (Clear Key: https://www.w3.org/TR/encrypted-media-2/#clear-key), which is ALWAYS active, even when the EME pref is disabled... (For reference, Clear Key has previously had security vulnerabilities: https://www.mozilla.org/security/advisories/mfsa2016-77/ (Tor Browser disables Clear Key FWIW) - and while Clear Key is open source, it still implements basic content protection (such as preventing users from downloading videos... https://bugzilla.mozilla.org/show_bug.cgi?id=1136707#c18))
// BUT: To work around this, we leverage the `media.eme.require-app-approval` pref. This pref was originally intended for Android to block EME unless the user grants permission. However, when this pref is set on Desktop, since there's no way for users to grant permission to use EME like on Android, it ends up blocking EME entirely - INCLUDING Clear Key
// (For testing Clear Key: https://cpearce.github.io/mse-eme/ + https://reference.dashif.org/dash.js/latest/samples/drm/clearkey.html)
// So essentially:
// On Desktop: want to use EME, but ONLY with an open source CDM (Clear Key)? Set `media.eme.require-app-approval` to `false` and don't touch anything else. Otherwise, set `media.eme.enabled` to `true` AND `media.eme.require-app-approval` to `false`, and enable your preferred CDM(s) below
// On Android: want to use EME at all? Set `media.eme.enabled` to `true` (Do NOT touch `media.eme.require-app-approval`), and enable your preferred CDM below (Currently Android only supports Widevine)
defaultPref("media.eme.enabled", false);
defaultPref("media.eme.require-app-approval", true); // [DEFAULT - Android] https://bugzilla.mozilla.org/show_bug.cgi?id=1620102 https://searchfox.org/firefox-main/rev/82e2435f/dom/media/eme/MediaKeySystemAccessPermissionRequest.h#17
defaultPref("media.eme.require-app-approval.prompt.testing", true); // [HIDDEN] https://searchfox.org/firefox-main/rev/881a9b31/dom/media/eme/MediaKeySystemAccessPermissionRequest.h#21
defaultPref("media.eme.require-app-approval.prompt.testing.allow", false); // [HIDDEN] https://searchfox.org/firefox-main/rev/881a9b31/dom/media/eme/MediaKeySystemAccessPermissionRequest.h#21
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.eme.ui.enabled", false); // [NO-ANDROID] [NO-MAIL] UI settings/toggle
};

//// Disable the Google Widevine CDM by default (if EME is enabled)
/// https://developers.google.com/widevine/drm/overview
/// NOTE: Widevine on Desktop requires Gecko Media Plugins (GMP) - which we also disable by default, see below
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("media.gmp-widevinecdm.enabled", false); // [NO-ANDROID] [NO-MAIL]
};
if (phoenixPlatform == "android") {
    defaultPref("media.mediadrm-widevinecdm.visible", false); // [ANDROID-ONLY] Android's MediaDrm API - https://developer.android.com/reference/android/media/MediaDrm https://bugzilla.mozilla.org/show_bug.cgi?id=1306219
};
if (phoenixPlatform == "windows" && phoenixMail == false) {
    defaultPref("media.gmp-widevinecdm-l1.enabled", false); // [WINDOWS-ONLY] [NO-MAIL] [DEFAULT - non-Nightly]
};

//// Disable the Microsoft PlayReady CDM by default (if EME is enabled) [WINDOWS-ONLY]
/// https://learn.microsoft.com/playready/overview/overview [WINDOWS-ONLY]
if (phoenixPlatform == "windows") {
    defaultPref("media.eme.playready.enabled", false); // [WINDOWS-ONLY]
};

/// Disable Gecko Media Plugins (GMP)
// This is currently only used for DRM and OpenH264 (both of which we disable)
// So this helps reduce attack surface (and unwanted network activity...)
// https://wiki.mozilla.org/GeckoMediaPlugins
// https://blog.pearce.org.nz/2019/06/firefoxs-gecko-media-plugin-eme.html
// NOTE: We previously set `media.gmp-provider.enabled` to `false`, but it turns out that pref is essentially useless... all it does is hide installed plug-ins from `about:addons` (and prevents manually triggered add-on updates from checking for GMP updates); it doesn't actually disable GMP or plug-ins installed by it, it doesn't prevent the installation or update of GMP plug-ins, etc...
// The `media.gmp-manager.updateEnabled` pref is a better fit, as it (combined with the `media.gmp-manager.allowLocalSources` pref) effectively block all GMP downloads/updates
// https://github.com/arkenfox/user.js/issues/709
defaultPref("media.gmp-manager.updateEnabled", false); // [HIDDEN]

/// Disable GMP decoding [ANDROID-ONLY]
// GMP isn't supported Android, so we can set this to reduce attack surface and ensure we never try to use it for decoding [ANDROID-ONLY]
if (phoenixPlatform == "android") {
    defaultPref("media.gmp.decoder.enabled", false); // [ANDROID-ONLY]
};

/// Disable GMP encoding
// GMP only makes sense for decoding/media *consumption*
defaultPref("media.gmp.encoder.enabled", false); // [DEFAULT]

/// Disable GMP local sources
// When combined with `media.gmp-manager.updateEnabled`, this blocks all GMP downloads/updates
// When GMP is enabled (`media.gmp-manager.updateEnabled` set to `true`), this is still useful - as it ensures the GMP plug-ins that Firefox installs are always the latest versions available (instead of being outdated/potentially vulnerable), directly from Mozilla
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/modules/GMPInstallManager.sys.mjs#53
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/modules/GMPUtils.sys.mjs#180
defaultPref("media.gmp-manager.allowLocalSources", false);

/// Disable GMP logging by default (to expose via the `about:config`)
defaultPref("media.gmp.log.dump", false); // [HIDDEN] [DEFAULT]
defaultPref("media.gmp.log.level", 70); // [HIDDEN] Limits logging to fatal only

/// Disable HLS [ANDROID-ONLY]
// This uses an additional external library (ExoPlayer), and poses privacy & security concerns [ANDROID-ONLY]
// This is already the default for all platforms except Android [ANDROID-ONLY]
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/29859 [ANDROID-ONLY]
if (phoenixPlatform == "android") {
    defaultPref("media.hls.enabled", false); // [ANDROID-ONLY]
};

/// Disable OpenH264 (in favor of hardware decoding)
// Mozilla has previously shipped outdated versions of OpenH264 - ex. 2.3.2, which was ~2 years out of date... https://github.com/cisco/openh264/releases/tag/v2.3.1
// The outdated version shipped by Mozilla was subject to a high severity CVE: https://www.cve.org/CVERecord?id=CVE-2025-27091
// https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2025-27091
// Downloads were also still distributed over standard, unencrypted HTTP for a very long time, but thankfully now do appear to be distributed over HTTPS, so at least there's that
// https://searchfox.org/firefox-main/source/toolkit/content/gmp-sources/openh264.json
defaultPref("media.ffmpeg.allow-openh264", false); // [DEFAULT - Nightly]
defaultPref("media.gmp-gmpopenh264.enabled", false);
defaultPref("media.gmp-gmpopenh264.visible", false); // Don't display in UI/`about:addons`
defaultPref("media.webrtc.hw.h264.enabled", true); // [DEFAULT - Android] Enables H264 hardware decoding https://bugzilla.mozilla.org/show_bug.cgi?id=1717679

/// Enable click to play UI for certain CSS skins by default
// https://github.com/black7375/Firefox-UI-Fix/blob/master/css/leptonContent.css#L223
// https://github.com/black7375/Firefox-UI-Fix/wiki/Options#defaults-6
if (phoenixPlatform != "android") {
    defaultPref("userContent.player.click_to_play", true); // [NO-ANDROID] [HIDDEN]
};

/// Enable the Data Decoder (RDD) process
// https://firefox-source-docs.mozilla.org/dom/ipc/process_model.html#data-decoder-rdd-process
// NOTE: Required for media playback on certain sites (ex. rumble.com, x.com) when isolated content processes
// are enabled on Android: https://bugzilla.mozilla.org/show_bug.cgi?id=1810736
// https://phabricator.services.mozilla.com/D260149
defaultPref("media.rdd-ffmpeg.enabled", true); // [DEFAULT]
defaultPref("media.rdd-ffvpx.enabled", true); // [DEFAULT - non-Android]
defaultPref("media.rdd-opus.enabled", true); // [DEFAULT - non-Android]
defaultPref("media.rdd-vorbis.enabled", true); // [DEFAULT - non-Android]
defaultPref("media.rdd-vpx.enabled", true); // [DEFAULT - non-Android]
defaultPref("media.rdd-wav.enabled", true); // [DEFAULT - non-Android]
if (phoenixPlatform != "android") {
    defaultPref("media.rdd-process.enabled", true); // [NO-ANDROID] [DEFAULT] NOTE: This currently appears to cause memory safety issues on Android (detected via memory tagging), so for now this needs to remain disabled
};
if (phoenixPlatform == "osx") {
    defaultPref("media.rdd-applemedia.enabled", true); // [OSX-ONLY] [DEFAULT]
} else if (phoenixPlatform == "windows") {
    defaultPref("media.rdd-wmf.enabled", true); // [WINDOWS-ONLY] [DEFAULT]
};

/// Enable hardware/platform media decoding
// https://searchfox.org/firefox-main/source/dom/media/platforms/PDMFactory.cpp
// NOTE: Required for media playback on certain sites (ex. rumble.com, x.com) when isolated content processes
// are enabled on Android: https://bugzilla.mozilla.org/show_bug.cgi?id=1810736
// https://phabricator.services.mozilla.com/D260149
defaultPref("media.ffvpx-hw.enabled", true); // [DEFAULT - Linux, Windows Nightly]
defaultPref("media.gmp.decoder.preferred", false); // [DEFAULT]
defaultPref("media.hardware-video-decoding.enabled", true); // [DEFAULT]
if (phoenixPlatform == "android") {
    // defaultPref("media.android-media-codec.enabled", false); // [ANDROID-ONLY] Currently required for media playback :(
    defaultPref("media.android-media-codec.preferred", false); // [ANDROID-ONLY]
};

/// Enable hardware/platform media encoding
// https://searchfox.org/firefox-main/source/dom/media/platforms/PEMFactory.cpp
// NOTE: Required for media playback on certain sites (ex. rumble.com, x.com) when isolated content processes
// are enabled on Android: https://bugzilla.mozilla.org/show_bug.cgi?id=1810736
// https://phabricator.services.mozilla.com/D260149
defaultPref("media.ffmpeg.encoder.enabled", true); // [DEFAULT - non-Android]
defaultPref("media.gmp.encoder.preferred", false); // [DEFAULT]
defaultPref("media.hardware-video-encoding.enabled", true); // [DEFAULT]
defaultPref("media.use-remote-encoder.audio", true);
if (phoenixPlatform != "windows") {
    defaultPref("media.use-remote-encoder.video", true); // [NO-WINDOWS] Do not set on Windows for now, due to performance/stability issues: https://codeberg.org/celenity/Phoenix/issues/253#issuecomment-12472035
};

/// Enable multi-threaded media decoding
// (Improves performance...)
defaultPref("media.gmp.decoder.multithreaded", true);

/// Enable multi-threaded media encoding
// (Improves performance...)
defaultPref("media.gmp.encoder.multithreaded", true);

/// If GMP is enabled (via `media.gmp-manager.updateEnabled`), ensure that installed plug-ins are visible/exposed in `about:addons`
defaultPref("media.gmp-provider.enabled", true); // [DEFAULT - non-Thunderbird]

/// Sandbox GMP [LINUX-ONLY]
// https://searchfox.org/firefox-main/rev/82e2435f/dom/media/gmp/GMPServiceParent.cpp#1039 [LINUX-ONLY]
if (phoenixPlatform == "linux") {
    defaultPref("media.gmp.insecure.allow", false); // [LINUX-ONLY] [DEFAULT]
};

/// Use the more confined utility process for media decoding
// https://firefox-source-docs.mozilla.org/dom/ipc/process_model.html#data-decoder-rdd-process
// https://docs.google.com/document/d/1WDEY5fQetK_YE5oxGxXK9BzC1A8kJP3q6F1gAPc2UGE/edit
defaultPref("media.allow-audio-non-utility", false); // [DEFAULT - non-iOS]
defaultPref("media.utility-process.enabled", true); // [DEFAULT]
if (phoenixPlatform == "android") {
    defaultPref("media.utility-android-media-codec.enabled", true); // [ANDROID-ONLY] For the Android MediaCodec PlatformDecoderModule
};

defaultPref("browser.phoenix.status", "013");

/*** 014 ATTACK SURFACE REDUCTION ***/

/// Disable ASM.JS
// https://rh0dev.github.io/blog/2017/the-return-of-the-jit/
defaultPref("javascript.options.asmjs", false); // [DEFAULT] https://bugzilla.mozilla.org/show_bug.cgi?id=2002635

/// Disable Graphite & SVG OpenType fonts
// https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=firefox+graphite
// https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=firefox+svg
defaultPref("gfx.font_rendering.graphite.enabled", false);
defaultPref("gfx.font_rendering.opentype_svg.enabled", false);

/// Disable JavaScript Just-in-time Compilation (JIT)
// https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/
// https://firefox-source-docs.mozilla.org/js/index.html#javascript-jits
// https://codeberg.org/rusty-snake/firefox-config/src/commit/c8c157b28aad9a52d3bca63b3152b4d11fd62093/assets/user-overrides.js#L46
// https://codeberg.org/celenity/Phoenix/issues/93
// NOTE: Unfortunately, for WebAssembly (WASM) to function, either WASM-Baseline (javascript.options.wasm_baselinejit) OR WASM-Ion (javascript.options.wasm_optimizingjit) MUST be enabled. I've chosen to disable WASM-Ion here, as I think that's the safer bet, due to it having a larger attack surface than WASM-Baseline.
defaultPref("javascript.options.baselinejit", false); // Baseline Compiler
defaultPref("javascript.options.ion", false); // WarpMonkey
defaultPref("javascript.options.jithints", false); // Eager baseline hints https://bugzilla.mozilla.org/show_bug.cgi?id=1831572
// Disabling main process jit breaks translations https://bugzilla.mozilla.org/show_bug.cgi?id=2019140#c31
// defaultPref("javascript.options.main_process_disable_jit", true); // [DEFAULT - iOS] Disable all JITs for the (critical/especially sensitive) parent process https://searchfox.org/firefox-main/rev/1c6a8b56/xpcom/build/XPCOMInit.cpp#239 https://firefox-source-docs.mozilla.org/dom/ipc/process_model.html#parent-process
defaultPref("javascript.options.native_regexp", false); // irregexp JIT, for regex evaluation https://searchfox.org/firefox-main/rev/dc1c78e9/modules/libpref/init/StaticPrefList.yaml#8741 https://searchfox.org/firefox-main/rev/dc1c78e9/js/xpconnect/src/XPCJSContext.cpp#901
defaultPref("javascript.options.wasm_optimizingjit", false); // WASM-Ion (BaldrMonkey)

//// Disabling main process JIT breaks translations in some cases, so, for now, we're only setting it for Phoenix Extended
/// https://bugzilla.mozilla.org/show_bug.cgi?id=2019140#c31
if (phoenixExtended == true) {
    defaultPref("javascript.options.main_process_disable_jit", true); // [EXTENDED-ONLY]
};

/// Disable JPEG-XL
// https://github.com/mozilla/standards-positions/pull/1064
defaultPref("image.jxl.enabled", false); // [DEFAULT] [HIDDEN (Undefined) - non-MOZ_JXL builds]

/// Disable MathML
// https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=mathml 
defaultPref("mathml.disabled", true);

/// Disable shared memory allocation from the parent process to content processes
// https://searchfox.org/firefox-main/rev/dc1c78e9/modules/libpref/init/StaticPrefList.yaml#9130
// https://searchfox.org/firefox-main/rev/dc1c78e9/dom/ipc/ContentParent.cpp#2415
// (For reference, Firefox disables this alongside other JITs in Safe mode: https://searchfox.org/firefox-main/rev/dc1c78e9/js/xpconnect/src/XPCJSContext.cpp#904)
defaultPref("javascript.options.self_hosted.use_shared_memory", false);

/// Disable SharedArrayBuffer using window.postMessage
// https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/SharedArrayBuffer
// https://developer.mozilla.org/docs/Web/API/Window/postMessage
// https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
// https://github.com/tc39/ecma262/issues/1435
// By default, Firefox restricts the use of SharedArrayBuffer - this fully disables it.
defaultPref("dom.postMessage.sharedArrayBuffer.bypassCOOP_COEP.insecure.enabled", false); // [DEFAULT]
if (phoenixMail == false) {
    defaultPref("dom.postMessage.sharedArrayBuffer.withCOOP_COEP", false); // [NO-MAIL]
};

/// Disable WebAssembly (WASM)
// https://spectrum.ieee.org/more-worries-over-the-security-of-web-assembly
if (phoenixExtended == true) {
    defaultPref("javascript.options.wasm", false); // [EXTENDED-ONLY]
};
if (getPref("browser.phoenix.reset.javascript.options.wasm") == true) {
    pref("javascript.options.wasm", false); // [FN]
};

/// Disable WebGL
// PRIVACY: Fingerprinting concerns
// SECURITY: Attack Surface Reduction
// https://blog.browserscan.net/docs/webgl-fingerprinting
// https://security.stackexchange.com/questions/13799/is-webgl-a-security-concern
// On desktop we're no longer setting/recommending this in favor of the built-in `Block WebGL` filterlist in uBlock Origin, but on Android, we can't necessarily control uBlock Origin/set policies, so let's just make sure this is disabled
if (phoenixExtended == true && phoenixPlatform == "android") {
    defaultPref("webgl.disabled", true); // [EXTENDED-ONLY] [ANDROID-ONLY]
};
if (getPref("browser.phoenix.reset.webgl.disabled") == true) {
    pref("webgl.disabled", false); // [FN]
};

/// Disable WebVR/WebXR
// https://developer.mozilla.org/docs/Web/API/WebXR_Device_API
defaultPref("permissions.default.xr", 2); // [HIDDEN - Android/Thunderbird]

/// Disable XSLT
// https://bugzilla.mozilla.org/show_bug.cgi?id=1998002
defaultPref("dom.xslt.enabled", false);

/// If JIT (Ion/WarpMonkey) is disabled, also disable it for extensions
// This is the default, but it's hidden - so setting it here lets us expose it...
// https://bugzilla.mozilla.org/show_bug.cgi?id=1599226
defaultPref("javascript.options.jit_trustedprincipals", false); // [HIDDEN] [DEFAULT]

defaultPref("browser.phoenix.status", "014");

/*** 015 PASSWORDS & AUTHENTICATION ***/

/// Allow filling passwords on all websites, even if they try to block it...
// https://bugzilla.mozilla.org/show_bug.cgi?id=956906
// https://blog.0xbadc0de.be/archives/124
defaultPref("signon.storeWhenAutocompleteOff", true); // [DEFAULT]

/// Always display a `reveal password` button in `password` `<input>` types 
// https://developer.mozilla.org/docs/Web/HTML/Element/input/password
defaultPref("layout.forms.reveal-password-button.enabled", true);

/// Always prompt for access to "extended information" (direct attestation) of security keys
// https://bugzilla.mozilla.org/show_bug.cgi?id=1981587
defaultPref("security.webauthn.always_allow_direct_attestation", false); // [DEFAULT]
if (phoenixMail == false) {
    lockPref("security.webauthn.always_allow_direct_attestation", false); // [NO-MAIL] [DEFAULT]
};

/// Crash on insecure password input
if (phoenixPlatform == "osx") {
    defaultPref("intl.allow-insecure-text-input", false); // [OSX-ONLY] [DEFAULT - non-Firefox release/beta/Debug] https://searchfox.org/firefox-main/rev/93aad2a6615f670b1279c229dd37f7397236131a/modules/libpref/init/all.js#3454
};

/// Disable autofill
defaultPref("signon.autofillForms", false);
defaultPref("signon.autofillForms.http", false); // [DEFAULT]

/// Disable Basic authentication over HTTP
// This makes it require secure HTTPS
// https://chromeenterprise.google/policies/#BasicAuthOverHttpEnabled
// https://bugzilla.mozilla.org/show_bug.cgi?id=1763671
defaultPref("network.http.basic_http_auth.enabled", false);

/// Disable formless capture of log-in credentials
// This gets very complicated very fast, and there's very little documentation on this - but TL;DR:
// Firefox's built-in password manager has historically prompted users to save passwords by detecting standard <form> elements and waiting for specific events (ex. `onsubmit`)
// The problem is that not all websites use <form> elements for password fields, meaning Firefox can't always use this standard method.
// So, in order to detect these "formless" password entries (to ask users whether they want to save the password), Firefox uses a heuristic that temporarily monitors & stores user keystrokes...
// Note that with this disabled, Firefox will still show a password icon in the URL bar that allows you to store credentials, this only impacts the actual pop-up (for sites with these "formless" password entires)
// Unfortunately, it appears that Fenix doesn't support showing a password icon in the URL bar like Firefox on desktop does - so we're going to override this (`signon.formlessCapture.enabled`) for Android (but we'll still keep formless capture disabled in private browsing with `signon.privateBrowsingCapture.enabled`, and we still disable the password manager itself by default anyways...)
// https://bugzilla.mozilla.org/show_bug.cgi?id=1119035#c2
// https://bugzilla.mozilla.org/show_bug.cgi?id=1166947
// https://bugzilla.mozilla.org/show_bug.cgi?id=1119077#c1
// https://codeberg.org/ironfox-oss/bugs/issues/11 [ANDROID-ONLY]
defaultPref("signon.privateBrowsingCapture.enabled", false);
if (phoenixPlatform != "android") {
    defaultPref("signon.formlessCapture.enabled", false); // [NO-ANDROID]
};

/// Disable Microsoft SSO
// https://www.microsoft.com/security/business/identity-access/microsoft-entra-single-sign-on
// https://support.mozilla.org/kb/windows-sso
defaultPref("network.http.microsoft-entra-sso.container-enabled.0", false);
defaultPref("network.http.microsoft-entra-sso.enabled", false); // [DEFAULT]
defaultPref("network.http.windows-sso.container-enabled.0", false);
defaultPref("network.http.windows-sso.enabled", false); // [DEFAULT]
defaultPref("network.microsoft-sso-authority-list", ""); // DEFENSE IN DEPTH

/// Disable NTLM
// https://www.silverfort.com/blog/understanding-the-security-risks-of-ntlm/
// https://htmlpreview.github.io/?https://github.com/mdn/archived-content/blob/main/files/en-us/mozilla/integrated_authentication/raw.html
// https://mozilla.github.io/policy-templates/#authentication
defaultPref("network.auth.force-generic-ntlm", false); // [DEFAULT]
defaultPref("network.auth.force-generic-ntlm-v1", false); // [DEFAULT]
defaultPref("network.automatic-ntlm-auth.allow-non-fqdn", false); // [DEFAULT]
defaultPref("network.automatic-ntlm-auth.allow-proxies", false);
defaultPref("network.automatic-ntlm-auth.trusted-uris", ""); // [DEFAULT]

/// Disable NTLM/SPNEGO SSO in Private Browsing
// https://htmlpreview.github.io/?https://github.com/mdn/archived-content/blob/main/files/en-us/mozilla/integrated_authentication/raw.html
// https://mozilla.github.io/policy-templates/#authentication
defaultPref("network.auth.private-browsing-sso", false); // [DEFAULT] [DEFENSE IN DEPTH]

/// Disable Password Manager by default - Insecure & unencrypted
// You should instead use a proper solution (ex. Bitwarden)
// https://www.wired.com/2016/08/browser-password-manager-probably-isnt-enough/
// https://support.mozilla.org/kb/manage-your-logins-firefox-password-manager
// https://wiki.mozilla.org/Firefox/Features/Form_Autofill
defaultPref("extensions.formautofill.addresses.enabled", false);
defaultPref("extensions.formautofill.addresses.supported", "on"); // This feature is currently only exposed in certain regions by default. We set the browser's region to a dummy value ("XX"), so we need to skip that region check and ensure this is always available.
defaultPref("extensions.formautofill.creditCards.enabled", false);
defaultPref("extensions.formautofill.creditCards.supported", "on"); // [DEFAULT]
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.preferences.config_warning.warningPasswordManager.dismissed", true); // [NO-ANDROID] [NO-MAIL] [HIDDEN] By default, when `privacy.ui.status_card` is enabled, Firefox displays a warning (at `about:preferences#privacy`) when the password manager is disabled, and encourages users to re-enable it due to it affecting "privacy and security". This warning is inaccurate/questionable; we disable this intentionally, and shouldn't nag users to re-enable it.
};
if (phoenixMail == false) {
    defaultPref("signon.rememberSignons", false); // [NO-MAIL]
};

/// Disable password truncation
// https://www.ghacks.net/2020/05/18/firefox-77-wont-truncate-text-exceeding-max-length-to-address-password-pasting-issues/
defaultPref("editor.truncate_user_pastes", false);

/// Disable SPNEGO
// https://www.ibm.com/think/x-force/critical-remote-code-execution-vulnerability-spnego-extended-negotiation-security-mechanism
// https://htmlpreview.github.io/?https://github.com/mdn/archived-content/blob/main/files/en-us/mozilla/integrated_authentication/raw.html
// https://people.redhat.com/mikeb/negotiate/
// https://mozilla.github.io/policy-templates/#authentication
defaultPref("network.negotiate-auth.allow-non-fqdn", false); // [DEFAULT]
defaultPref("network.negotiate-auth.allow-proxies", false);
defaultPref("network.negotiate-auth.delegation-uris", ""); // [DEFAULT]
defaultPref("network.negotiate-auth.trusted-uris", ""); // [DEFAULT] Modified by ex. RedHat/Fedora

/// Enable alerts for breached and vulnerable passwords (if the Password Manager is enabled) by default
// Harmless, never sends passwords or sensitive data to Mozilla
// https://support.mozilla.org/kb/firefox-password-manager-alerts-breached-websites
// https://support.mozilla.org/kb/mozilla-monitor-faq#w_does-mozilla-monitor-know-my-passwords
// https://blog.mozilla.org/security/2018/06/25/scanning-breached-accounts-k-anonymity/
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.urlbar.trustPanel.breachAlerts", true); // [NO-ANDROID] [NO-MAIL] [HIDDEN] Warn if a site has had a breach from the Unified Trust Panel (if enabled) https://searchfox.org/firefox-main/rev/d81da5ef/browser/base/content/browser-trustPanel.js#533
    defaultPref("signon.management.page.breach-alerts.enabled", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    defaultPref("signon.management.page.vulnerable-passwords.enabled", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
};

/// Enable anti-spoof confirmation prompts
if (phoenixESR == true) {
    defaultPref("network.auth.confirmAuth.enabled", true); // [NO-ANDROID] [ESR]
};

/// Enable strong password generation (if the Password Manager is enabled) by default
defaultPref("signon.generation.enabled", true); // [DEFAULT]

/// If the PaymentRequest API is enabled, ensure we always require user interaction...
defaultPref("dom.payments.request.user_interaction_required", true); // [DEFAULT]

/// Prevent cross-origin sub-resources from opening HTTP authentication dialogs to protect against phishing
// (Meaning dialogs for embedded items are only presented when originating from the same site)
// https://support.mozilla.org/questions/1245144
defaultPref("network.auth.subresource-img-cross-origin-http-auth-allow", false); // [DEFAULT - non-Thunderbird]
if (phoenixMail == false) {
    defaultPref("network.auth.non-web-content-triggered-resources-http-auth-allow", false); // [NO-MAIL] [DEFAULT - non-Thunderbird]
    defaultPref("network.auth.subresource-http-auth-allow", 1); // [NO-MAIL]
};

/// Protect against password spoofing for cross-domain auth requests
// https://bugzilla.mozilla.org/show_bug.cgi?id=791594
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("privacy.authPromptSpoofingProtection", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
};

defaultPref("browser.phoenix.status", "015");

/*** 016 EXTENSIONS ***/

/// Allow enabling/disabling extensions per-container (if containers are enabled)
// This could allow for some extremely useful use-cases...
// Ex. With the Multi-Account Containers extension, you could use this to only allow certain extensions to access certain websites, regardless of the extension's permissions
defaultPref("extensions.userContextIsolation.defaults.restricted", "[]"); // [HIDDEN] [DEFAULT]
defaultPref("extensions.userContextIsolation.enabled", true); // [HIDDEN]

/// Allow certain trustworthy extensions to run on restricted/quarantined domains by default
defaultPref("extensions.quarantineIgnoredByUser.{290ce447-2abb-4d96-8384-7256dd4a1c43}", true); // Runet Censorship Bypass
defaultPref("extensions.quarantineIgnoredByUser.{446900e4-71c2-419f-a6a7-df9c091e268b}", true); // Bitwarden
defaultPref("extensions.quarantineIgnoredByUser.{5d0d1f87-5991-42d3-98c3-54878ead1ed1}", true); // Censor Tracker
defaultPref("extensions.quarantineIgnoredByUser.{6c00218c-707a-4977-84cf-36df1cef310f}", true); // Port Authority
defaultPref("extensions.quarantineIgnoredByUser.{73a6fe31-595d-460b-a920-fcc0f8843232}", true); // NoScript
defaultPref("extensions.quarantineIgnoredByUser.{b86e4813-687a-43e6-ab65-0bde4ab75758}", true); // LocalCDN
defaultPref("extensions.quarantineIgnoredByUser.{d19a89b9-76c1-4a61-bcd4-49e8de916403}", true); // Mullvad
defaultPref("extensions.quarantineIgnoredByUser.78272b6fa58f4a1abaac99321d503a20@proton.me", true); // Proton Pass
defaultPref("extensions.quarantineIgnoredByUser.adguard-vpn@adguard.com", true); // AdGuard VPN
defaultPref("extensions.quarantineIgnoredByUser.adguardadblocker@adguard.com", true); // AdGuard
defaultPref("extensions.quarantineIgnoredByUser.crxviewer-firefox@robwu.nl", true); // Extension source viewer - important since we add AMO (`addons.mozilla.org`) to our restricted/quarantined domain list
defaultPref("extensions.quarantineIgnoredByUser.foxyproxy@eric.h.jung", true); // FoxyProxy
defaultPref("extensions.quarantineIgnoredByUser.foxyproxy-basic@eric.h.jung", true); // FoxyProxy Basic
defaultPref("extensions.quarantineIgnoredByUser.idcac-pub@guus.ninja", true); // I still don't care about cookies
defaultPref("extensions.quarantineIgnoredByUser.jid1-BoFifL9Vbdl2zQ@jetpack", true); // Decentraleyes
defaultPref("extensions.quarantineIgnoredByUser.jid1-KtlZuoiikVfFew@jetpack", true); // GNU LibreJS
defaultPref("extensions.quarantineIgnoredByUser.jid1-MnnxcxisBPnSXQ@jetpack", true); // Privacy Badger
defaultPref("extensions.quarantineIgnoredByUser.jid1-MnnxcxisBPnSXQ-eff@jetpack", true); // Privacy Badger (from eff.org)
defaultPref("extensions.quarantineIgnoredByUser.keepassxc-browser@keepassxc.org", true); // KeePassXC-Browser
defaultPref("extensions.quarantineIgnoredByUser.skipredirect@sblask", true); // Skip Redirect
defaultPref("extensions.quarantineIgnoredByUser.uBlock0@raymondhill.net", true); // uBlock Origin
defaultPref("extensions.quarantineIgnoredByUser.uBOLiteRedux@raymondhill.net", true); // uBlock Origin Lite
defaultPref("extensions.quarantineIgnoredByUser.vpn@proton.ch", true); // Proton VPN
defaultPref("extensions.quarantineIgnoredByUser.@testpilot-containers", true); // Firefox Multi-Account Containers

/// Always allow installing "incompatible" add-ons
// Especially useful on Android & Thunderbird...
defaultPref("extensions.strictCompatibility", false); // [DEFAULT - non-Thunderbird Release/Beta]

/// Always run extensions OOP (out of process...)
// https://bugzilla.mozilla.org/show_bug.cgi?id=1613141
// https://bugzilla.mozilla.org/show_bug.cgi?id=1880856
// https://groups.google.com/g/tb-planning/c/p4MUTMNYBVo
defaultPref("extensions.webextensions.remote", true); // [DEFAULT]

/// Block extensions signed with weak signature algorithms
if (phoenixMail == false) {
    defaultPref("xpinstall.signatures.weakSignaturesTemporarilyAllowed", false); // [NO-MAIL] [HIDDEN] [DEFAULT]
};

/// Clear default list of sites allowed to install add-ons
lockPref("xpinstall.whitelist.add", ""); // [HIDDEN - non-Android] [DEFAULT - non-Android]

/// Disable add-on sideloading
// Only allows installing extensions from profile & application directories (Prevents extensions being installed from the system/via other software)
// https://web.archive.org/web/20220608121322/https://mike.kaply.com/2012/02/21/understanding-add-on-scopes/
// https://support.mozilla.org/kb/deploying-firefox-with-extensions
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/mozapps/extensions/internal/AddonSettings.sys.mjs#125
defaultPref("extensions.autoDisableScopes", 15); // [DEFAULT - non-Thunderbird] Defense in depth, ensures sideloaded extensions are always disabled by default... (Not locked for desktop because it can be useful in certain instances, ex. for those who use impermanence)
defaultPref("extensions.enabledScopes", 5); // [HIDDEN]
defaultPref("extensions.installDistroAddons", false); // [HIDDEN - non-Android] [DEFAULT - Android]
defaultPref("extensions.sideloadScopes", 0); // [HIDDEN]
defaultPref("extensions.startupScanScopes", 0); // [HIDDEN - Android] [DEFAULT - non-Thunderbird]
if (phoenixPlatform == "android") {
    lockPref("extensions.autoDisableScopes", 15); // [ANDROID-ONLY] Locked for Android because this isn't needed/supported or wanted at all there
};

/// Disable the AMO Abuse Report API (`navigator.mozAddonManager.reportAbuse`)
// This depends on mozAddonManager anyways, which we disable below
// Users can still report add-ons from within Firefox using the standard form (`extensions.addonAbuseReport.url`), this just prevents using the API from the browser itself directly
// https://mozilla.github.io/addons-server/topics/api/abuse.html
defaultPref("extensions.addonAbuseReport.url", "");

/// Disable arbitrary content script execution for extension (moz-extension) documents by default
// https://bugzilla.mozilla.org/show_bug.cgi?id=2011234
// https://searchfox.org/firefox-main/rev/da6c7924/toolkit/components/extensions/WebExtensionPolicy.cpp#959
// https://searchfox.org/firefox-main/rev/da6c7924/toolkit/components/extensions/WebExtensionPolicy.cpp#999
defaultPref("extensions.webextensions.allow_executeScript_in_moz_extension", false); // [DEFAULT - Nightly]

/// Disable installation of add-ons by default
// (Includes extensions and themes, and does not impact already installed add-ons and add-ons installed by policies)
// We also reset this per-session by setting it as a user pref 
// This is nice from a security perspective - as it allows users to enable this functionality only when it's necessary...
// (Ex: A user attempts to install an extension, sees the extra prompt/warning, and selects `Enable` (which temporarily sets this pref to `true`...)
// The user then proceeds to install the extension. On the next launch of Firefox/Thunderbird, this pref is reset back to `false`, meaning
// the ability to install extensions is fully disabled without them even thinking about it).
// We don't want to disable this by default for Android and Thunderbird, because, unlike Firefox (on Desktop), they unfortunately don't
// don't usually display a prompt to re-enable this functionality when necessary :(
// NOTE: This does NOT impact Android's `Recommended` extensions (collections) (found at `Settings` -> `Advanced` -> `Extensions`)
if (phoenixPlatform == "android" || phoenixMail == true) {
    defaultPref("xpinstall.enabled", true); // [ANDROID-ONLY] [HIDDEN] [DEFAULT]
} else {
    defaultPref("xpinstall.enabled", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN] So the default is `false`
};
if (getPref("browser.phoenix.reset.xpinstall.enabled") == true) {
    pref("xpinstall.enabled", false); // [NO-ANDROID] [NO-MAIL]
};

/// Disable mozAddonManager
// mozAddonManager has various privacy (fingerprinting) and security (added attack surface) concerns.
// It also bypasses the permission prompt to install add-ons, and prevents add-ons (like uBlock Origin) from working on `addons.mozilla.org` (`addons.thunderbird.net` for Thunderbird).
// Note that disabling mozAddonManager unfortunately breaks installation of extensions from `addons.mozilla.org` on Android. It also typically breaks installation of extensions from `addons.thunderbird.net` on Thunderbird as well, but we have a clever work-around for Dove.
// https://bugzilla.mozilla.org/show_bug.cgi?id=1952390#c4
// https://bugzilla.mozilla.org/show_bug.cgi?id=1384330
// https://github.com/thunderbird/addons-server/issues/332
defaultPref("extensions.webapi.testing", false); // [DEFAULT] Disables mozAddonManager on Mozilla testing domains
defaultPref("extensions.webapi.testing.http", false); // [DEFAULT] Disables mozAddonManager on Mozilla testing domains using insecure protocols
if (phoenixPlatform == "android") {
    defaultPref("extensions.webapi.enabled", true); // [ANDROID-ONLY] [DEFAULT]
    defaultPref("privacy.resistFingerprinting.block_mozAddonManager", false); // [ANDROID-ONLY] [DEFAULT]
} else if (phoenixMail == false) {
    defaultPref("extensions.webapi.enabled", false); // [NO-ANDROID] [NO-MAIL]
    defaultPref("privacy.resistFingerprinting.block_mozAddonManager", true); // [NO-ANDROID] [NO-MAIL]
};

/// Enable Add-on Distribution Control (Install Origins)
// Prevents extensions being installed from websites that they don't specify in their manifest
// https://groups.google.com/g/firefox-dev/c/U7GpHE4R-ZY
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs#341
defaultPref("extensions.install_origins.enabled", true);

/// Enable optional permission prompts
// https://bugzilla.mozilla.org/show_bug.cgi?id=1392176
defaultPref("extensions.webextOptionalPermissionPrompts", true); // [DEFAULT]

/// Enable Mozilla's Extension Blocklist
defaultPref("extensions.blocklist.enabled", true); // [DEFAULT]

/// Enable restricted/quarantined domains by default, and use our own list instead of Mozilla's
// Mozilla's list unfortunately hasn't been updated in ~2 years (FWIW: Our list includes all of their entries in addition to our own)
// We can use this to prevent less trustworthy add-ons from running on sensitive websites, while still allowing important/legitimate ones and content blockers (like uBlock Origin) to run on them
// Also useful, since we disable Mozilla's restrictions on certain domains that prevent ALL extensions from running on them (like AMO) - so we can add back some level of protection there
// Domains we add here can include downloads for add-ons/software, payment/banking, medical/health, password managers, sign-in pages, file storage, etc.
// Firefox on Desktop also shows a UI when the user is on a restricted domain, and to indicate which add-ons can't run
// https://support.mozilla.org/kb/quarantined-domains
// Mozilla's current list: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/addons-manager-settings/changeset?_expected=0
defaultPref("extensions.remoteSettings.disabled", true); // [HIDDEN] Used for downloading/updating Mozilla's list https://searchfox.org/firefox-main/source/toolkit/mozapps/extensions/docs/AMRemoteSettings-overview.rst
defaultPref("extensions.quarantinedDomains.enabled", true); // [DEFAULT]
defaultPref("extensions.quarantinedDomains.list", "autoatendimento.bb.com.br,ibpf.sicredi.com.br,ibpj.sicredi.com.br,internetbanking.caixa.gov.br,www.ib12.bradesco.com.br,www2.bancobrasil.com.br,10.0.0.1,192.168.1.1,192.168.50.1,1password.ca,1password.com,1password.eu,365online.com,account.amd.com,account.apple.com,account.asus.com,account.brave.com,account.collegeboard.org,account.live.com,account.microcenter.com,account.microsoft.com,account.nordpass.com,account.proton.me,account.sony.com,account.t-mobile.com,account-api.proton.me,accounts.1password.ca,accounts.1password.com,accounts.1password.eu,accounts.ent.1password.com,accounts.fedoraproject.org,accounts.firefox.com,accounts.google.com,accounts.nintendo.com,accounts.pixiv.net,accounts.scdn.co,accounts.snapchat.com,accounts.spotify.com,acs-home-prod-login-fde-hhd4d2h9drbfg7hy.a02.azurefd.net,addons.allizom.org,addons.mozilla.org,addons.thunderbird.net,admin.google.com,adyen.com,agrd.io,agreementexpress.net,alipay.com,alipayobjects.com,alipayplus.com,amazon.syf.com,amazonpay.in,amp.pandora.com,anz.com,anz.com.au,ap.www.namecheap.com,apay-us.amazon.com,api.pnc.com,api.stripe.com,api-auth.soundcloud.com,app.1password.ca,app.1password.com,app.1password.eu,app.advancedmd.com,app.dashlane.com,app.privacy.com,app.tuta.com,appleconnect.apple.com,appleid.apple.com,appleid.cdn-apple.com,applepay.cdn-apple.com,apply.commonapp.org,apps.apple.com,apps.microsoft.com,apps.obtainium.imranr.dev,api-dashboard.search.brave.com,apt.izzysoft.de,archive.mozilla.org,archlinux.org,argenta.be,artists.soundcloud.com,artists.spotify.com,asrock.com,asrockchina.com.cn,assets.loginwithamazon.com,att-yahoo.att.net,attestation.app,aur.archlinux.org,auth.adguard.io,auth.adguardaccount.com,auth.calibour.com,auth.hulu.com,auth.meta.com,auth.max.com,auth.mozilla.auth0.com,auth.openai.com,auth.services.adobe.com,auth.sharefile.io,auth.synchronybank.com,auth.uber.com,auth.wikimedia.org,auth.zennioptical.com,b.stripecdn.com,bancogalicia.com.ar,bank99.at,bankaust.com.au,bankaustria.at,bankdirekt.at,bankeasy.com,bankofamerica.com,bankofireland.com,bankvic.com.au,belfius.be,belkart.by,belveb.by,bendigobank.com.au,binance.com,binance.us,bisq.network,bitpay.com,bitwarden.com,bkash.com,bnpparibasfortis.be,bobpony.com,braintree-api.com,braintreegateway.com,brave.com,brave-browser-apk-beta.s3.brave.com,brave-browser-apk-nightly.s3.brave.com,brave-browser-apk-release.s3.brave.com,build.opensuse.org,businessaccess.citibank.citigroup.com,businessonline-boi.com,cakepay.com,cakewallet.com,calendar.proton.me,calyxos.org,cardcomplete.com,cash.app,cbaccount.collegeboard.org,cbzsecure.com,cdn.akamai.steamstatic.com,cdn.mullvad.net,cdn.plaid.com,cdn.sso.mozilla.com,cdimage.debian.org,checkout.com,checkout.stripe.com,coinspot.com.au,commbank.com.au,console.accrescent.app,console.aws.amazon.com,console.calibour.com,console.cloud.google.com,consumer.intel.com,copr.fedorainfracloud.org,creditcall.com,crelan.be,cromite.org,dash.cloudflare.com,developer.apple.com,developer.nvidia.com,discord.gg,dist.torproject.org,dl.google.com,donate.torproject.org,download.cdn.mozilla.net,download.fedoraproject.org,download.gigabyte.com,download.lineageos.org,download.mozilla.org,download-installer.cdn.mozilla.net,download-installer-origin.cdn.mozilla.net,download-origin.cdn.mozilla.net,drive.google.com,drive.proton.me,dsadata.intel.com,easybanking.unifi-digitalbanking.com,easybankint.com,ebanking.easybank.at,eff.org,ente.io,epicmychart.nychhc.org,epicmychart.optum.com,etoro.com,f-droid.org,fdroid.ironfoxoss.org,fdroid.link,fedoraproject.org,flatex.at,flathub.org,flex.okta.com,franciscanmychart.org,franklincollege.okta.com,ftp.eu.mozilla.org,ftp.mozilla.org,ftp.prod.mozaws.net,ftp.prod.mozilla.org,ftp-ssl.mozilla.org,ftp-test.mozilla.org,galicia.ar,gateway.bank,gatewaybank.bank,gatewaybank.com.au,gatewayfirst.com,gds.google.com,geogroup.okta.com,george.sparkasse.at,george-business.sparkasse.at,gfgsa.com,google-admin.corp.google.com,grapheneos.org,greasyfork.org,guardarian.com,heartland.us,heartlandpaymentsystems.com,heartlandportico.com,hellobank.be,hendrick.okta.com,hpc.freedompay.com,hsbc.com,hsbc.com.au,icard.com,id.fedoraproject.org,id.sonyentertainmentnetwork.com,id.spectrum.net,identity.corp.google.com,identity.doordash.com,identity.eset.com,identity.gtm.eset.com,identity.kde.org,identity.lego.com,identity.walmart.com,idmsa.apple.com,idmsa.apple.com.cn,idmsac.apple.com,idp.ddp.akoya.com,idp.iam.mozilla.com,iforgot.apple.com,ing.com,ing.com.au,ingwb.com,iparitet.by,ironfoxoss.org,itsme-id.com,js.stripe.com,kairoscope.org,kbc.be,kdrp.okta.com,keytradebank.be,klarna.com,kraken.com,laptop-updates.brave.com,lastpass.com,lineageos.org,login.aa.com,login.advancedmd.com,login.amd.com,login.aol.com,login.corp.google.com,login.disney.com,login.eset.com,login.gov,login.kroger.com,login.live.com,login.mailbox.org,login.microsoftonline.com,login.nvgs.nvidia.com,login.okta.com,login.sparkasse.at,login.tailscale.com,login.wikimedia.org,login.yahoo.com,login.yahoo.net,login.xfinity.com,login-app.advancedmd.com,login-dev.advancedmd.com,login-no1a.www.tiktok.com,login3.id.hp.com,login4.fisglobal.com,lowes.syf.com,m.stripe.com,m.stripe.network,magic.falcon-2-eu.veriff.me,magic.veriff.me,mail.proton.me,mailbox.org,marmon.okta.com,matrix.to,mblogin.verizonwireless.com,mebank.com.au,merchant-ui-api.stripe.com,microg.org,mirrorbits.lineageos.org,linuxmint.com,login.pnc.com,molly.im,monero.com,mpay24.com,msauth.net,msauthimages.net,msdl.gravesoft.dev,msftauth.net,msftauthimages.net,msp.nordpass.com,mt-bank.net,mtb.com,mullvad.net,my.calibour.com,my.collegeboard.org,my.dish.com,my.disney.com,my.eir.ie,myaccount.google.com,myaccount.microsoft.com,myaccounts.wizards.com,mychart.albanymed.org,mychart.asante.org,mychart.atlantichealth.org,mychart.austinregionalclinic.com,mychart.azacp.com,mychart.bmc.org,mychart.carolinaeasthealth.com,mychart.ccf.org,mychart.centracare.com,mychart.childrenscolorado.org,mychart.clevelandclinic.org,mychart.crmcwy.org,mychart.duly.com,mychart.ecommunity.com,mychart.hopkinsmedicine.org,mychart.inova.org,mychart.kansashealthsystem.com,mychart.lovelace.com,mychart.mainehealth.org,mychart.med.utah.edu,mychart.metrohealth.net,mychart.multicare.org,mychart.mwhc.com,mychart.nghs.com,mychart.nortonhealthcare.org,mychart.ohiohealth.com,mychart.orlandohealth.com,mychart.premierhealthpartners.org,mychart.selfregional.org,mychart.sfdph.org,mychart.sih.net,mychart.stcharleshealthcare.org,mychart.texashealth.org,mychart.tmcaz.com,mychart.uchospitals.edu,mychart.uconn.edu,mychart.uihealthcare.org,mychart.uillinois.edu,mychart.upstate.edu,mychart.urmc.rochester.edu,mychartonline.umassmemorial.org,myhealthchart.com,mysignins.microsoft.com,mysinaichicago.org,mystate.com.au,nab.com.au,nmi.com,nordaccount.com,nordpass.com,nordstrom.okta.com,noscript.net,novantmychart.org,nrc.okta.com,oauth.xfinity.com,oidc.idp.clogin.att.com,ok1static.oktacdn.com,ok2static.oktacdn.com,ok7static.oktacdn.com,okta.jumbo.com,oldsecond.com,onedrive.com,onedrive.live.com,online.citi.com,open-banking.pnc.com,openuserjs.org,outlook.com,outlook.office365.com,ow2-cqm-01.advancedmd.com,panel.nordpass.com,paritetbank.by,pass.proton.me,passwordreset.microsoftonline.com,passwords.google,passwords.google.com,patientportal.advancedmd.com,pay.amazon.co.jp,pay.amazon.co.uk,pay.amazon.com,pay.amazon.de,pay.amazon.es,pay.amazon.eu,pay.amazon.fr,pay.amazon.it,pay.google.com,pay.viasat.com,paybox.com,paybox.com.co,payconiq.be,payeezystrg.z19.web.core.windows.net,payments.amazon.com,payments-amazon.com,payoneer.com,payscout.com,paysend.com,payu.com,paywire.com,play.google.com,plex.direct,portal.corp.google.com,poste.dz,pp-wfe-100.advancedmd.com,ppixiv.org,privacybadger.org,probo.ddp.akoya.com,prod.idp.collegeboard.org,productdelivery.mozilla-backup.org,production.plaid.com,profile.theguardian.com,proton.me,protonapps.com,psendbank.com,qdoba-prod.us.auth0.com,raiffeisen.at,rb.okta.com,register.gitlab.gnome.org,register.mailbox.org,registerdisney.go.com,release.calyxinstitute.org,releases.celenity.dev,releases.ironfoxoss.org,releases.mozilla.org,renault-bank-direkt.de,renaultbank.es,renaultbank.fr,retoswap.com,revolut.com,rh.okta.com,rpmfusion.org,secure.chase.com,secure.informaction.com,secure.login.gov,secure.myvirtua.org,secure.pnc.com,secure.sndcdn.com,secure.soundcloud.com,secure.verizon.com,secure-api.pnc.com,secure-qa.pnc.com,securelogin.synchronybank.com,secureonline.pnc.com,secureonline.yourstatebank.com,send.vis.ee,signal.org,signin.att.com,signin.aws.amazon.com,signin.costco.com,signin.ebay.com,signin-static-js.att.com,signup.ebay.com,skydrive.com,smartpay.profitstars.com,sso.canvaslms.com,sso.fachschaften.org,sso.kroger.com,sso.mozilla.com,sso.redhat.com,start.1password.ca,start.1password.com,start.1password.eu,static.adguard.com,static.adtidy.org,stgeorge.com.au,store.epicgames.com,store.nintendo.com.hk,studio.youtube.com,tam.onecampus.com,tpeweb.paybox.com,tuta.com,u.bank,ubank.bank,ubank.com.au,ubuntu.com,unbelgin.com,unionpayintl.com,unzer.com,up.com.au,us.download.nvidia.com,usaepay.com,usbank.com,vault.bitwarden.com,vault.bitwarden.eu,venmo.com,verifone.com,viewmychart.com,vpn.proton.me,wallet.google,wallet.google.com,wallet.proton.me,wero-wallet.eu,westpac.co.nz,westpac.com.au,wiki.lineageos.org,wise.com,www.365online.com,www.chase.com,www.citi.com,www.citidirect.com,www.cromite.org,www.dashlane.com,www.debian.org,www.easybank.at,www.easybanking.net,www.eff.org,www.epicgames.com,www.firefox.com,www.franciscanmychart.org,www.gigabyte.com,www.icloud.com,www.icloud.com.cn,www.intel.com,www.lineageos.org,www.linuxmint.com,www.macquarie.com.au,www.mozilla.org,www.mychart.org,www.noscript.net,www.onlinebanking.pnc.com,www.paypal.com,www.paypalobjects.com,www.pnc.com,www.privacy.com,www.privatebank.citibank.com,www.sparkasse.at,www.synchrony.com,www.synchronymastercard.com,www.thunderbird.net,www.torproject.org,www.virustotal.com,www.wintrustbank.com,www.wintrustdigitalbanking.com,www.xmrbazaar.com,www.yourstatebank.com,xmrbazaar.com");
defaultPref("extensions.quarantinedDomains.uiDisabled", false); // [HIDDEN] [DEFAULT] UI

/// Enable userScripts
// userScripts ran this way run in separate isolated sandboxes
// https://wiki.mozilla.org/WebExtensions/UserScripts
// https://bugzilla.mozilla.org/show_bug.cgi?id=1875475
defaultPref("extensions.userScripts.mv3.enabled", true); // [DEFAULT]
defaultPref("extensions.webextensions.userScripts.enabled", true); // [DEFAULT]

/// Ensure Firefox Multi-Account Containers can access all containers by default (if installed)
defaultPref("extensions.userContextIsolation.@testpilot-container.restricted", "[]"); // [HIDDEN]

/// Ensure uBlock Origin can access all containers by default (if installed)
defaultPref("extensions.userContextIsolation.uBlock0@raymondhill.net.restricted", "[]"); // [HIDDEN]

/// Harden CSP policy
// Compared to Firefox's default, this:
// Blocks scripts unless they're loaded from the same origin
// Blocks unsafe eval() - including WebAssembly (WASM)
// Upgrades network requests to HTTPS
// Etc...
if (phoenixPlatform == "android") {
    defaultPref("extensions.webextensions.base-content-security-policy", "script-src 'self' 'wasm-unsafe-eval' 'unsafe-inline'; upgrade-insecure-requests;"); // [ANDROID-ONLY] 'wasm-unsafe-eval' appears to be required here for Translations on Android - doesn't seem to impact other platforms
} else {
    defaultPref("extensions.webextensions.base-content-security-policy", "script-src 'self' 'unsafe-inline'; upgrade-insecure-requests;"); // [NO-ANDROID] `unsafe-inline` is required for Web Compatibility interventions (`about:compat`)
};
defaultPref("extensions.webextensions.base-content-security-policy.v3", "script-src 'self'; upgrade-insecure-requests;");
defaultPref("extensions.webextensions.base-content-security-policy.v3-with-localhost", "script-src 'self'; upgrade-insecure-requests;");
defaultPref("extensions.webextensions.default-content-security-policy", "script-src 'self'; upgrade-insecure-requests;");
defaultPref("extensions.webextensions.default-content-security-policy.v3", "script-src 'self'; upgrade-insecure-requests;"); // [DEFAULT]

/// Never allow installing extensions without first prompting the user
lockPref("extensions.postDownloadThirdPartyPrompt", false); // [HIDDEN - Android/Thunderbird] https://github.com/arkenfox/user.js/issues/1090
defaultPref("xpinstall.whitelist.directRequest", false); // [HIDDEN] For direct URL requests https://searchfox.org/firefox-main/rev/82e2435f/toolkit/mozapps/extensions/internal/XPIInstall.sys.mjs#4488
defaultPref("xpinstall.whitelist.fileRequest", false); // [HIDDEN - non-Android] [DEFAULT - Android] For `file://` requests https://searchfox.org/firefox-main/rev/82e2435f/toolkit/mozapps/extensions/internal/XPIInstall.sys.mjs#4500
lockPref("xpinstall.whitelist.required", true); // [DEFAULT] This is the `Warn you when websites try to install add-ons` setting at `about:preferences#privacy`

/// Only allow installation and updates of extensions using Firefox's built-in certificates by default
defaultPref("extensions.install.requireBuiltInCerts", true); // [HIDDEN]
defaultPref("extensions.update.requireBuiltInCerts", true); // [HIDDEN]

/// Only allow installation of signed extensions by default
// Unfortunately not supported on Thunderbird :(
if (phoenixMail == false) {
    defaultPref("extensions.langpacks.signatures.required", true); // [NO-MAIL] [DEFAULT]
    defaultPref("xpinstall.signatures.required", true); // [NO-MAIL] [DEFAULT]
};

/// Prevent automatically granting MV3 extensions optional host permissions by default
// These permissions can still be enabled manually at `about:addons`, from the 'Permissions' tab at the extension's settings page
defaultPref("extensions.originControls.grantByDefault", false);

/// Prevent certain undesired extensions from running on restricted/quarantined domains
// By default, Mozilla allows all add-ons they "recommend" to run on restricted/quarantined domains: https://support.mozilla.org/kb/add-on-badges#w_recommended-extensions
// This prevents some of those add-ons from running on our list of sensitive domains
defaultPref("extensions.quarantineIgnoredByUser.{00000f2a-7cde-4f20-83ed-434fcb420d71}", false); // Imagus
defaultPref("extensions.quarantineIgnoredByUser.{1018e4d6-728f-4b20-ad56-37578a4de76b}", false); // Flagfox
defaultPref("extensions.quarantineIgnoredByUser.{154cddeb-4c8b-4627-a478-c7e5b427ffdf}", false); // PopUpOFF - Popup and overlay blocker
defaultPref("extensions.quarantineIgnoredByUser.{2e5ff8c8-32fe-46d0-9fc8-6b8986621f3c}", false); // Search by Image
defaultPref("extensions.quarantineIgnoredByUser.{32af1358-428a-446d-873e-5f8eb5f2a72e}", false); // Download All Images
defaultPref("extensions.quarantineIgnoredByUser.{3c078156-979c-498b-8990-85f7987dd929}", false); // Sidebery
defaultPref("extensions.quarantineIgnoredByUser.{4a313247-8330-4a81-948e-b79936516f78}", false); // Image Search Options
defaultPref("extensions.quarantineIgnoredByUser.{506e023c-7f2b-40a3-8066-bc5deb40aebe}", false); // Gesturefy
defaultPref("extensions.quarantineIgnoredByUser.{52bda3fd-dc48-4b3d-a7b9-58af57879f1e}", false); // Stylebot
defaultPref("extensions.quarantineIgnoredByUser.{531906d3-e22f-4a6c-a102-8057b88a1a63}", false); // SingleFile
defaultPref("extensions.quarantineIgnoredByUser.{5384767E-00D9-40E9-B72F-9CC39D655D6F}", false); // EPUBReader
defaultPref("extensions.quarantineIgnoredByUser.{54e2eb33-18eb-46ad-a4e4-1329c29f6e17}", false); // Block Site
defaultPref("extensions.quarantineIgnoredByUser.{63d150c4-394c-4275-bc32-c464e76a891c}", false); // Audio Equalizer
defaultPref("extensions.quarantineIgnoredByUser.{79b2e4de-8fb4-4ccc-b9f6-362ac2fb74b2}", false); // Measure-it
defaultPref("extensions.quarantineIgnoredByUser.{7a7a4a92-a2a0-41d1-9fd7-1e92480d612d}", false); // Stylus
defaultPref("extensions.quarantineIgnoredByUser.{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}", false); // YouTube High Definition
defaultPref("extensions.quarantineIgnoredByUser.{91aa5abe-9de4-4347-b7b5-322c38dd9271}", false); // Clippings
defaultPref("extensions.quarantineIgnoredByUser.{a6c4a591-f1b2-4f03-b3ff-767e5bedf4e7}", false); // User-Agent Switcher and Manager
defaultPref("extensions.quarantineIgnoredByUser.{a9c2ad37-e940-4892-8dce-cd73c6cbbc0c}", false); // Feedbro
defaultPref("extensions.quarantineIgnoredByUser.{b9acf540-acba-11e1-8ccb-001fd0e08bd4}", false); // Easy Youtube Video Downloader Express
defaultPref("extensions.quarantineIgnoredByUser.{b9db16a4-6edc-47ec-a1f4-b86292ed211d}", false); // Video DownloadHelper
defaultPref("extensions.quarantineIgnoredByUser.{c2c003ee-bd69-42a2-b0e9-6f34222cb046}", false); // Auto Tab Discard
defaultPref("extensions.quarantineIgnoredByUser.{c5867acc-54c9-4074-9574-04d8818d53e8}", false); // Livemarks
defaultPref("extensions.quarantineIgnoredByUser.{d07ccf11-c0cd-4938-a265-2a4d6ad01189}", false); // Web Archives
defaultPref("extensions.quarantineIgnoredByUser.{d37dc5d0-431d-44e5-8c91-49419370caa1}", false); // FoxClocks
defaultPref("extensions.quarantineIgnoredByUser.{DDC359D1-844A-42a7-9AA1-88A850A938A8}", false); // DownThemAll!
defaultPref("extensions.quarantineIgnoredByUser.{de22fd49-c9ab-4359-b722-b3febdc3a0b0}", false); // Popup Blocker (strict)
defaultPref("extensions.quarantineIgnoredByUser.{e839c3f9-298e-4cd0-99e0-464431cb7c34}", false); // Foxy Gestures
defaultPref("extensions.quarantineIgnoredByUser.{e90f5de4-8510-4515-9f67-3b6654e1e8c2}", false); // Dictionary Anywhere
defaultPref("extensions.quarantineIgnoredByUser.addon@darkreader.org", false); // Dark Reader
lockPref("extensions.quarantineIgnoredByUser.adb@mozilla.org", false); // Firefox DevTools ADB Extension
lockPref("extensions.quarantineIgnoredByUser.ads@mozac.org", false); // Mozilla Android Components - Ads Telemetry
defaultPref("extensions.quarantineIgnoredByUser.ATBC@EasonWong", false); // Adaptive Tab Bar Color
lockPref("extensions.quarantineIgnoredByUser.cookies@mozac.org", false); // Mozilla Android Components - Search Telemetry
defaultPref("extensions.quarantineIgnoredByUser.copyplaintext@eros.man", false); // Copy PlainText
defaultPref("extensions.quarantineIgnoredByUser.customscrollbars@computerwhiz", false); // Custom Scrollbars
defaultPref("extensions.quarantineIgnoredByUser.dont-track-me-google@robwu.nl", false); // Don't track me Google
lockPref("extensions.quarantineIgnoredByUser.ddg@search.mozilla.org", false); // DuckDuckGo - search engine
defaultPref("extensions.quarantineIgnoredByUser.deArrow@ajay.app", false); // DeArrow
defaultPref("extensions.quarantineIgnoredByUser.emoji@saveriomorelli.com", false); // Emoji
defaultPref("extensions.quarantineIgnoredByUser.firefox@ghostery.com", false); // Ghostery
defaultPref("extensions.quarantineIgnoredByUser.foxytab@eros.man", false); // Ghostery
defaultPref("extensions.quarantineIgnoredByUser.jid0-dsq67mf5kjjhiiju2dfb6kk8dfw@jetpack", false); // FoxyTab
defaultPref("extensions.quarantineIgnoredByUser.jid1-KdTtiCj6wxVAFA@jetpack", false); // Swift Selection Search
defaultPref("extensions.quarantineIgnoredByUser.jid1-q4sG8pYhq8KGHs@jetpack", false); // AdBlocker for YouTube™
defaultPref("extensions.quarantineIgnoredByUser.jid1-QoFqdK4qzUfGWQ@jetpack", false); // Dark Background and Light Text
defaultPref("extensions.quarantineIgnoredByUser.juraj.masiar@gmail.com_ScrollAnywhere", false); // ScrollAnywhere
defaultPref("extensions.quarantineIgnoredByUser.languagetool-webextension@languagetool.org", false); // LanguageTool
defaultPref("extensions.quarantineIgnoredByUser.leechblockng@proginosko.com", false); // LeechBlock NG
defaultPref("extensions.quarantineIgnoredByUser.linkgopher@oooninja.com", false); // Link Gopher
defaultPref("extensions.quarantineIgnoredByUser.printedit-we@DW-dev", false); // Print Edit WE
defaultPref("extensions.quarantineIgnoredByUser.s3download@statusbar", false); // Download Manager (S3)
defaultPref("extensions.quarantineIgnoredByUser.simple-tab-groups@drive4ik", false); // Simple Tab Groups
defaultPref("extensions.quarantineIgnoredByUser.snaplinks@snaplinks.mozdev.org", false); // Snap Links
defaultPref("extensions.quarantineIgnoredByUser.soundfixer@unrelenting.technology", false); // SoundFixer
defaultPref("extensions.quarantineIgnoredByUser.sponsorBlocker@ajay.app", false); // SponsorBlock
defaultPref("extensions.quarantineIgnoredByUser.stefanvandamme@stefanvd.net", false); // Turn Off the Lights
defaultPref("extensions.quarantineIgnoredByUser.tabby@whatsyouridea.com", false); // Tabby - Window and Tab Manager
defaultPref("extensions.quarantineIgnoredByUser.tranquility@ushnisha.com", false); // Tranquility Reader
defaultPref("extensions.quarantineIgnoredByUser.treestyletab@piro.sakura.ne.jp", false); // Tree Style Tabs
lockPref("extensions.quarantineIgnoredByUser.wikipedia@search.mozilla.org", false); // Wikipedia (en) - search engine
defaultPref("extensions.quarantineIgnoredByUser.worldwide@radio", false); // Worldwide Radio
defaultPref("extensions.quarantineIgnoredByUser.zoompage-we@DW-dev", false); // Zoom Page WE

/// Prevent certain undesired websites from prompting to install add-ons by default
defaultPref("xpinstall.blacklist.add.GNU", "gnuzilla.gnu.org"); // Mozzarella - Hosts very outdated versions of extensions...

/// Prevent extensions from opening pop-ups to remote websites
// https://bugzilla.mozilla.org/show_bug.cgi?id=1760608
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/extensions/ExtensionActions.sys.mjs#286
defaultPref("extensions.manifestV2.actionsPopupURLRestricted", true); // [DEFAULT - Android]

/// Prevent extensions from opening pop-ups without user interaction
// https://searchfox.org/firefox-main/rev/82e2435f/browser/components/extensions/parent/ext-browserAction.js#1071
// https://searchfox.org/firefox-main/rev/82e2435f/mobile/shared/components/extensions/ext-browserAction.js#184
defaultPref("extensions.openPopupWithoutUserGesture.enabled", false);

/// Prevent extensions from using the Gecko Profiler
// Includes certain Mozilla extensions by default
// https://firefox-source-docs.mozilla.org/tools/profiler/index.html
defaultPref("extensions.geckoProfiler.acceptedExtensionIds", ""); // [HIDDEN - Android] [DEFAULT - Android]

/// Prevent recommending search extensions
// This is the "Find more search engines" link at `about:preferences#search`
// If users want to add more search engines, they should add them manually using the `Add` button - or directly from the URL bar on the desired search engine. Let's not encourage them to install add-ons that are both unnecessary, and will directly compromise their privacy and security in most cases.
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.search.searchEnginesURL", ""); // [NO-ANDROID] [NO-MAIL]
};

/// Prevent unprivileged extensions from accessing experimental APIs by default
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/extensions/docs/basics.rst#142
defaultPref("extensions.experiments.enabled", false); // [DEFAULT - non-Thunderbird]

/// Prevent hiding extensions
if (phoenixPlatform != "android") {
    lockPref("devtools.aboutdebugging.showHiddenAddons", true); // [NO-ANDROID]
};

/// Require resources loaded by MV2 extensions to be specified under web_accessible_resources in the extension's manifest
// (This is the default for MV3)
// https://developer.chrome.com/docs/extensions/reference/manifest/web-accessible-resources
// https://searchfox.org/firefox-main/rev/82e2435f/modules/libpref/init/StaticPrefList.yaml#6013
// https://searchfox.org/firefox-main/rev/82e2435f/caps/nsScriptSecurityManager.cpp#723
defaultPref("extensions.content_web_accessible.enabled", true);

/// Require secure origins to install add-ons
defaultPref("extensions.install.requireSecureOrigin", true); // [HIDDEN]

defaultPref("browser.phoenix.status", "016");

/*** 017 AI ***/

/// Disable all AI functionality by default
defaultPref("browser.ai.control.default", "blocked");
defaultPref("browser.ai.control.linkPreviewKeyPoints", "blocked");
defaultPref("browser.ai.control.pdfjsAltText", "blocked");
defaultPref("browser.ai.control.sidebarChatbot", "blocked");
defaultPref("browser.ai.control.smartTabGroups", "blocked");
defaultPref("browser.ai.control.smartWindow", "blocked");
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.preferences.aiControls", false); // [NO-ANDROID] [NO-MAIL] Hides the AI Controls UI settings panel (about:preferences#ai)
};

/// Allow managing models from `about:addons`
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/mozapps/extensions/internal/ModelHubProvider.sys.mjs#18
defaultPref("extensions.htmlaboutaddons.local_model_management", true); // [DEFAULT]

/// Allow typing a custom AI chat prompt based on your selection (if pop-up when highlighting text is enabled)
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.ml.chat.shortcuts.custom", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
};

/// Disable the Firefox "AI" (Local machine learning) Runtime
// https://firefox-source-docs.mozilla.org/toolkit/components/ml/index.html
// Note that, even when this is enabled, we don't actually enable/install any AI models/functionality by default
defaultPref("browser.ml.enable", false);

/// Disable AI Chat
// https://support.mozilla.org/kb/ai-chatbot
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.ml.chat.enabled", false); // [NO-ANDROID] [NO-MAIL]
    defaultPref("browser.ml.chat.menu", false); // [NO-ANDROID] [NO-MAIL] Same issue as `browser.ml.chat.page`, this also doesn't seem to be covered by `browser.ml.chat.enabled` :/ https://github.com/mozilla/policy-templates/issues/1230#issuecomment-3412973906
    defaultPref("browser.ml.chat.page", false); // [NO-ANDROID] [NO-MAIL] This disables the "Ask AI Chatbot" context menu item - for some reason this isn't covered by `browser.ml.chat.enabled`, and I'm only seeing it on my YouTube specialized config profile? https://bugzilla.mozilla.org/show_bug.cgi?id=1994785
    defaultPref("browser.ml.chat.sidebar", false); // [NO-ANDROID] [NO-MAIL]
};

/// Disable AI/ML Autofill
// https://searchfox.org/firefox-esr140/source/toolkit/components/formautofill/MLAutofill.sys.mjs
if (phoenixESR == true) {
    defaultPref("extensions.formautofill.ml.experiment.enabled", false); // [NO-ANDROID] [ESR]
};

/// Disable AI "smart" windows
// Relies on OpenAI/ChatGPT...
// https://searchfox.org/firefox-main/source/browser/components/aiwindow/ui/modules/AIWindow.sys.mjs
// https://searchfox.org/firefox-main/rev/28d9e40f/browser/components/aiwindow/models/Utils.sys.mjs#32
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.smartwindow.apiKey", ''); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    defaultPref("browser.smartwindow.enabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    defaultPref("browser.smartwindow.endpoint", ""); // [NO-ANDROID] [NO-MAIL]
    defaultPref("browser.smartwindow.firstrun.explainerURL", ""); // [NO-ANDROID] [NO-MAIL]
    defaultPref("browser.smartwindow.memories.generateFromConversation", false); // [NO-ANDROID] [NO-MAIL]
    defaultPref("browser.smartwindow.memories.generateFromHistory", false); // [NO-ANDROID] [NO-MAIL]
    defaultPref("browser.smartwindow.model", ""); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    defaultPref("browser.smartwindow.preferences.endpoint", ""); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    lockPref("browser.smartwindow.userFeedbackCollection", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT] Disable feedback collection
};

/// Disable Link Preview "Key Points"
// Currently no-op anyways - requires `dom.postMessage.sharedArrayBuffer.withCOOP_COEP` set to `true`: https://codeberg.org/celenity/Phoenix/issues/151
// https://blog.mozilla.org/mozilla/ai/ai-tech/ai-link-previews-firefox/
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.ml.linkPreview.collapsed", true); // [NO-ANDROID] [NO-MAIL] Ensure we don't prompt users to enable AI "key points" - https://codeberg.org/librewolf/settings/pulls/98#issuecomment-9002205
    defaultPref("browser.ml.linkPreview.enabled", false); // [NO-ANDROID] [NO-MAIL] This disables Link Preview itself by default - if this alone is re-enabled, it'll still provide basic previews without AI
    defaultPref("browser.ml.linkPreview.longPress", false); // [NO-ANDROID] [NO-MAIL]
    defaultPref("browser.ml.linkPreview.optin", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    defaultPref("browser.ml.linkPreview.supportedLocales", "null"); // [NO-ANDROID] [NO-MAIL] This hides the UI toggle at `about:preferences#general`
};

/// Disable Page Assist
// https://searchfox.org/firefox-main/source/browser/components/genai/PageAssist.sys.mjs
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.ml.pageAssist.enabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
};

/// Disable Perplexity URL bar promotion
// https://searchfox.org/firefox-main/rev/82e2435f/browser/components/urlbar/UrlbarPrefs.sys.mjs#229
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.urlbar.perplexity.hasBeenInSearchMode", true); // [NO-ANDROID] [NO-MAIL]
};

/// Disable semantic history
// https://searchfox.org/firefox-main/source/toolkit/components/places/PlacesSemanticHistoryManager.sys.mjs
defaultPref("places.semanticHistory.featureGate", false); // [HIDDEN - Android/Thunderbird] [DEFAULT - non-Nightly/Dev Firefox Desktop]

/// Disable the WebExtensions AI API
// https://firefox-source-docs.mozilla.org/toolkit/components/ml/extensions.html#webextensions-ai-api
defaultPref("extensions.ml.enabled", false);

/// Do not use AI to "suggest tabs and a name for tab groups" by default
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.tabs.groups.smart.enabled", false); // [NO-ANDROID] [NO-MAIL] UI
    defaultPref("browser.tabs.groups.smart.optin", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    defaultPref("browser.tabs.groups.smart.userEnabled", false); // [NO-ANDROID] [NO-MAIL]
};

/// If Link Preview is enabled, do not censor results
// https://searchfox.org/firefox-main/rev/82e2435f/browser/components/genai/LinkPreviewModel.sys.mjs#529
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.ml.linkPreview.blockListEnabled", false); // [NO-ANDROID] [NO-MAIL]
};

/// Remove privacy-invasive AI Chatbot providers
// (Anthropic Claude, ChatGPT, Google Gemini, Le Chat Mistral, and Microsoft Copilot)
// Unfortunately, at the moment, this includes all of them...
// https://searchfox.org/firefox-main/rev/82e2435f/browser/components/genai/GenAI.sys.mjs#74
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.ml.chat.providers", ""); // [NO-ANDROID] [NO-MAIL] [HIDDEN]
};

/// Set the default AI Chatbot (if enabled) to DuckDuckGo
// Unfortunately this is not compatible with the pop-up when selecting text
// Also AFAICT currently not possible to add this as a persistent option
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.ml.chat.provider", "https://duck.ai/"); // [NO-ANDROID] [NO-MAIL] 
};

defaultPref("browser.phoenix.status", "017");

/*** 018 GEOLOCATION ***/

/// Block websites from prompting to access geolocation by default
// `geo.prompt.testing.allow` is used when `geo.prompt.testing` is set to `true` - when `geo.prompt.testing` is set to false, the site permissions are followed like normal instead
// https://searchfox.org/firefox-main/rev/82e2435f/dom/base/nsContentPermissionHelper.h#144
// https://searchfox.org/firefox-main/rev/82e2435f/dom/base/nsContentPermissionHelper.cpp#493
if (phoenixPlatform == "android") {
    defaultPref("geo.prompt.testing", true); // [ANDROID-ONLY] [HIDDEN]
    defaultPref("geo.prompt.testing.allow", false); // [ANDROID-ONLY] [HIDDEN]
} else if (phoenixMail == false) {
    defaultPref("permissions.default.geo", 2); // [NO-ANDROID] [NO-MAIL]
};

/// Disable logging network geolocation requests by default
// This is already Firefox's default setting - but setting it here exposes it in the `about:config` since it's hidden
// https://searchfox.org/firefox-main/rev/83d1a08db47b91a4d53341a799745caac9c38bde/dom/system/NetworkGeolocationProvider.sys.mjs#18
defaultPref("geo.provider.network.loglevel", "Off"); // [HIDDEN] [DEFAULT] 

/// Disable Microsoft Location Services
// https://searchfox.org/firefox-main/rev/82e2435f/dom/geolocation/Geolocation.cpp#769
if (phoenixPlatform == "windows") {
    defaultPref("geo.prompt.open_system_prefs", false); // [WINDOWS-ONLY] Ensure users aren't prompted to open settings and enable it - https://searchfox.org/firefox-main/rev/82e2435f/modules/libpref/init/StaticPrefList.yaml#6616
    defaultPref("geo.provider.ms-windows-location", false); // [WINDOWS-ONLY]
    defaultPref("geo.provider.use_winrt", false); // [WINDOWS-ONLY] Windows Runtime Geolocator https://searchfox.org/firefox-main/source/dom/system/windows/WindowsUtilsChild.cpp
};

/// Disable Mozilla's GeoIP/Region Service
// Prevents Firefox from monitoring the user's region/general location
// Note: Firefox will still use different regional search engines based on the browser/system locale (ex. tested with Wikipedia), but this prevents using geolocation
// https://firefox-source-docs.mozilla.org/toolkit/modules/toolkit_modules/Region.html
// https://searchfox.org/firefox-main/source/toolkit/modules/Region.sys.mjs
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16254
defaultPref("browser.region.local-geocoding", false); // [HIDDEN] [DEFAULT]
defaultPref("browser.region.network.scan", false); // [DEFAULT] [DEFENSE IN DEPTH] Disable Wi-Fi scanning for these requests
defaultPref("browser.region.network.url", "");
defaultPref("browser.region.update.enabled", false);
defaultPref("browser.search.region", "XX"); // [HIDDEN]
defaultPref("doh-rollout.home-region", "XX"); // [HIDDEN]

/// Do not force the use of the network geolocation provider by default
// When either of these preferences are set to `true`, Firefox will ALWAYS use the network geolocation provider (BeaconDB in our case), instead of OS geolocation providers
// We're just setting these here to expose via the `about:config`
// https://searchfox.org/firefox-main/rev/82e2435f/dom/geolocation/Geolocation.cpp#774
// https://searchfox.org/firefox-main/rev/82e2435f/dom/geolocation/Geolocation.cpp#778
defaultPref("geo.provider.testing", false); // [HIDDEN] [DEFAULT]
defaultPref("geo.provider.use_mls", false); // [HIDDEN] [DEFAULT]

/// Enable Apple Location Services for macOS by default
if (phoenixPlatform == "linux" && phoenixMail == false) {
    defaultPref("geo.provider.use_corelocation", true); // [OSX-ONLY] [NO-MAIL] [DEFAULT]
};

/// Enable Geoclue for GNU/Linux distros by default
if (phoenixPlatform == "linux" && phoenixMail == false) {
    defaultPref("geo.provider.use_geoclue", true); // [LINUX-ONLY] [NO-MAIL] [DEFAULT]
};

/// Enable network request cache for the network geolocation provider by default
// This is already Firefox's default setting - but setting it here exposes it in the `about:config` since it's hidden
// https://searchfox.org/firefox-main/rev/82e2435f/dom/system/NetworkGeolocationProvider.sys.mjs#69
defaultPref("geo.provider.network.debug.requestCache.enabled", true); // [HIDDEN] [DEFAULT]

/// Prevent unconditionally providing high location accuracy
// By default, Firefox provides all websites with high location accuracy, even if they don't request it...
// https://searchfox.org/firefox-main/rev/82e2435f/dom/system/linux/GeoclueLocationProvider.cpp#308
if (phoenixPlatform == "linux") {
    defaultPref("geo.provider.geoclue.always_high_accuracy", false); // [LINUX-ONLY]
};

/// Set BeaconDB as the default network geolocation provider
// Default is Google :/
// https://searchfox.org/firefox-main/rev/82e2435f/dom/system/NetworkGeolocationProvider.sys.mjs#341
defaultPref("geo.provider.network.url", "https://api.beacondb.net/v1/geolocate");

/// Update info URL to ours so that users receive accurate information
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.geolocation.warning.infoURL", "https://phoenix.celenity.dev/geo"); // [NO-ANDROID] [NO-MAIL]
};

defaultPref("browser.phoenix.status", "018");

/*** 019 PDF.js ***/

/// Disable Automatic Alt Text by default
// This is generated by a local machine learning model
// Setting these ensures that the inference model is only downloaded if the user opts in (by enabling the toggle to "Create alt text automatically" from "Image alt text settings" when viewing a PDF)
// https://support.mozilla.org/kb/pdf-alt-text#w_add-alt-text-automatically
// https://hacks.mozilla.org/2024/05/experimenting-with-local-alt-text-generation-in-firefox-nightly/
defaultPref("pdfjs.enableAltTextModelDownload", false); // [DEFAULT - non-Android]
defaultPref("pdfjs.enableGuessAltText", false); // [DEFAULT - non-Android]

/// Disable automatic hyperlinks
// By default, PDF.js automatically creates hyperlinks for URLs - and clicking on or attempting to select a Hyperlink immediately navigates the user to the link, without warning or prior indication
// So this prevents that - but users can still easily select and navigate to links if desired
defaultPref("pdfjs.enableAutoLinking", false);

/// Disable JavaScript
defaultPref("pdfjs.enableScripting", false);

/// Disable WebGPU
defaultPref("pdfjs.enableWebGPU", false);

/// Disable XFA
// Not even a standard...
// https://learn.microsoft.com/deployedge/microsoft-edge-policies#viewxfapdfiniemodeallowedorigins
// https://insert-script.blogspot.com/2019/01/adobe-reader-pdf-callback-via-xslt.html
// https://www.sentinelone.com/blog/malicious-pdfs-revealing-techniques-behind-attacks/
// https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=xfa
// https://wikipedia.org/wiki/XFA
// https://deepwiki.com/mozilla/pdfjs-dist/6.2-advanced-configuration#security-considerations
defaultPref("pdfjs.enableXfa", false);

/// Enable the ability to add signatures
defaultPref("pdfjs.enableSignatureEditor", true); // [DEFAULT - non-Android]

/// Enable the ability to add comments
defaultPref("pdfjs.enableComment", true); // [DEFAULT - non-Android]

/// Enable Alt Text creation
// This does NOT enable "Automatic Alt Text", we disable that separately above
// https://support.mozilla.org/kb/pdf-alt-text
defaultPref("pdfjs.enableAltText", true); // [DEFAULT - non-Android]
defaultPref("pdfjs.enableAltTextForEnglish", true);
defaultPref("pdfjs.enableNewAltTextWhenAddingImage", true); // [DEFAULT] Enables the Alt Text Editor after adding an image
defaultPref("pdfjs.enableUpdatedAddImage", true); // [DEFAULT]

/// Enable hardware acceleration by default
// This should help improve performance, which is especially notable for us since we disable JIT
defaultPref("pdfjs.enableHWA", true); // [DEFAULT]

/// Enable optimized partial rendering by default
// In my testing, this appears to make a *significant* performance improvement
// https://github.com/mozilla/pdf.js/blob/010e52e15db0cb534774cdf92e20c03bcd13d735/web/pdf_page_view.js#L93
defaultPref("pdfjs.enableOptimizedPartialRendering", true); // [DEFAULT]

/// Enforce using the internal font renderer
// This disable the CSS Font Loading API
// https://mozilla.github.io/pdf.js/api/draft/module-pdfjsLib.html
// https://developer.mozilla.org/docs/Web/API/CSS_Font_Loading_API
defaultPref("pdfjs.disableFontFace", true);

/// Ensure users can select and interact with text
defaultPref("pdfjs.textLayerMode", 1); // [DEFAULT]

/// Force PDFs to be downloaded/viewed locally, and prompt before opening the PDF Viewer
// So by default, if Firefox encounters a PDF file, it'll just automatically open it in most cases, and will load them from remote origins
// But thanks to the "Handlers" policy on Desktop (https://mozilla.github.io/policy-templates/#handlers), we force Firefox to prompt users before opening the file - and additionally, with the `browser.download.start_downloads_in_tmp_dir` & `browser.helperApps.deleteTempFileOnExit` prefs, when the users chooses to "Open" the PDF, it downloads the PDF to a temporary directory and loads it locally (from a `file://` URL), instead of from remote origins like the normal behavior
// This is also beneficial because it also allows users to effectively disable PDF.js (via the `browser.helperApps.showOpenOptionForPdfJS` pref), without being fingerprintable (like is the case with the standard `pdfjs.disabled` pref)
// The prefs below are to further ensure we don't automatically open PDFs, and that we don't try to fetch anything remotely
// As a bonus, these likely also improve performance in many cases...
// https://deepwiki.com/mozilla/pdfjs-dist/6.2-advanced-configuration#network-options
// https://deepwiki.com/mozilla/pdfjs-dist/6.2-advanced-configuration#performance-optimization-configurations
// (For testing: https://emk.name/test/bug1790641.html)
defaultPref("browser.download.open_pdf_attachments_inline", false); // [DEFAULT - non-Android] https://bugzilla.mozilla.org/show_bug.cgi?id=1772569
defaultPref("pdfjs.disableRange", true);
defaultPref("pdfjs.disableStream", true);
if (phoenixPlatform == "android") {
    defaultPref("browser.download.force_save_internally_handled_attachments", true); // [ANDROID-ONLY] https://bugzilla.mozilla.org/show_bug.cgi?id=1811830 Ensures user is prompted and that PDFs are downloaded locally, though doesn't apply for opening PDFs - we don't need this on Desktop due to our use of the "Handlers" policy (as described above) - hopefully can find a better solution here for Android
};

/// Never allow documents to prevent copying text
defaultPref("pdfjs.enablePermissions", false); // [DEFAULT]

/// Open external links in new tabs/windows
// https://github.com/mozilla/pdf.js/blob/master/extensions/chromium/preferences_schema.json
defaultPref("pdfjs.externalLinkTarget", 2);

/// Prevent attempting to load/convert unknown binary files
// https://developer.mozilla.org/docs/Web/HTTP/Guides/MIME_types#applicationoctet-stream
defaultPref("pdfjs.handleOctetStream", false);

/// Show sidebar by default when viewing PDFs
defaultPref("pdfjs.sidebarViewOnLoad", 2);

/// Update URL when changing pages
// ex. Typically, if I load "https://example.invalid/example.pdf", and navigate to Page 27, the URL stays the same as "https://example.invalid/example.pdf"
// When this is set to "true", if I loaded "https://example.invalid/example.pdf", and navigated to Page 27, the URL would instead update to "https://example.invalid/example.pdf#page=27"
// So this is an incredibly useful feature that allows easy bookmarking/sharing of PDFs, keeping track of what you've read, etc.
// (We also still nuke browsing history by default on exit)
// This currently doesn't seem to work properly on Android
if (phoenixPlatform != "android") {
    defaultPref("pdfjs.historyUpdateUrl", true); // [NO-ANDROID]
};

defaultPref("browser.phoenix.status", "019");

/*** 020 SAFE BROWSING ***/

/// Block notifications for websites on Safe Browsing lists
defaultPref("dom.webnotifications.block_if_on_safebrowsing", true); // [DEFAULT]

/// By default, when you report a Safe Browsing false positive, it sends the URL to both Mozilla and Google (NOT PROXIED), as well as your locale to Mozilla
// (ex. https://en-us.phish-error.mozilla.com/?url=example.org - which redirects directly to https://safebrowsing.google.com/safebrowsing/report_error/?tpl=mozilla&url=example.org)
// We can improve privacy and speed by sending the domain *only* to Google & without sending your locale to anyone
// We could also potentially strip tpl=mozilla which tells Google the request is from Firefox - though it looks like there is a different page for Firefox users with a better privacy policy, so we will leave it for now
// Unclear whether 'MalwareMistake' is used, but we can set it anyways
defaultPref("browser.safebrowsing.provider.google.reportMalwareMistakeURL", "https://safebrowsing.google.com/safebrowsing/report_error/?tpl=mozilla&url=");
defaultPref("browser.safebrowsing.provider.google.reportPhishMistakeURL", "https://safebrowsing.google.com/safebrowsing/report_error/?tpl=mozilla&url=");
defaultPref("browser.safebrowsing.provider.google4.reportMalwareMistakeURL", "https://safebrowsing.google.com/safebrowsing/report_error/?tpl=mozilla&url=");
defaultPref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", "https://safebrowsing.google.com/safebrowsing/report_error/?tpl=mozilla&url=");
defaultPref("browser.safebrowsing.provider.google5.reportMalwareMistakeURL", "https://safebrowsing.google.com/safebrowsing/report_error/?tpl=mozilla&url=");
defaultPref("browser.safebrowsing.provider.google5.reportPhishMistakeURL", "https://safebrowsing.google.com/safebrowsing/report_error/?tpl=mozilla&url=");

//// Similar behavior also appears to happen when you report a URL to Safe Browsing
defaultPref("browser.safebrowsing.reportPhishURL", "https://safebrowsing.google.com/safebrowsing/report_phish/?tpl=mozilla&url=");

/// Disable extra logging by default
// These are currently the default values, but we can set them here to expose at about:config
defaultPref("browser.safebrowsing.debug", false); // [DEFAULT]
defaultPref("browser.safebrowsing.realTime.debug", false); // [HIDDEN] [DEFAULT] [NIGHTLY] https://searchfox.org/firefox-main/rev/83d1a08d/toolkit/components/url-classifier/RealTimeRequestSimulator.cpp#31

/// Disable the legacy (v2.2) Safe Browsing API
// https://code.google.com/archive/p/google-safe-browsing/wikis/Protocolv2Spec.wiki
// Has been nonfunctional since October 2018
// https://security.googleblog.com/2018/01/announcing-turndown-of-deprecated.html
// Let's make sure it's not used for defense in depth (and attack surface reduction...)
defaultPref("browser.safebrowsing.provider.google.advisoryName", "Google Safe Browsing (Legacy)"); // Label it so it's clearly distinguishable if it is ever enabled for whatever reason...
defaultPref("browser.safebrowsing.provider.google.lists", "disabled");
defaultPref("browser.safebrowsing.provider.google.lists.default", "goog-badbinurl-shavar,goog-downloadwhite-digest256,goog-phish-shavar,googpub-phish-shavar,goog-malware-shavar,goog-unwanted-shavar"); // [HIDDEN] This pref does nothing, just makes it easier for users to re-enable this Safe Browsing provider if desired by copying and pasting the value of this pref as the value for `browser.safebrowsing.provider.google.lists`

/// Disable Real Time Mode (1) (2) [NIGHTLY]
// This sets Safe Browsing to use Local List Mode instead (3)
// Real Time Mode results in hashes for every URL being submitted to Google,
// while Local List Mode works more like V4 and only submits hashes if there's a match with the local threat list
// 1: https://developers.google.com/safe-browsing/reference/Real.Time.Mode
// 2: https://bugzilla.mozilla.org/show_bug.cgi?id=2010020
// 3: https://developers.google.com/safe-browsing/reference/Local.List.Mode
defaultPref("browser.safebrowsing.realTime.enabled", false); // [DEFAULT - non-Nightly]

/// Disable the Real Time Request Simulator (1) (2) [NIGHTLY]
// This is just used for data collection/telemetry and testing...
// 1: https://phabricator.services.mozilla.com/D280931
// 2: https://bugzilla.mozilla.org/show_bug.cgi?id=2010022
defaultPref("browser.safebrowsing.realTime.simulation.enabled", false); // [DEFAULT - non-Nightly]

/// Enable an additional plug-in blocklist from Mozilla
defaultPref("urlclassifier.blockedTable", "moztest-block-simple,mozplugin-block-digest256"); // [DEFAULT - Nightly]

/// Enable the Potentially Harmful Application list (when Safe Browsing is enabled)
// This contains threats that are specific to Mobile/Android (of the `POTENTIALLY_HARMFUL_APPLICATION` type)
// Firefox on non-Android devices will just silently ignore/disregard this list
// https://bugzilla.mozilla.org/show_bug.cgi?id=1980046
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/url-classifier/nsUrlClassifierUtils.cpp#176
// https://developers.google.com/safe-browsing/reference/Local.Database
defaultPref("urlclassifier.malwareTable", "goog-malware-proto,goog-unwanted-proto,moztest-harmful-simple,moztest-malware-simple,moztest-unwanted-simple,goog-harmful-proto");

/// Enable Safe Browsing by default
// This won't do anything if you don't have an API key from Google, though doesn't hurt...
// Harmless from a privacy perspective due to the below changes, also effective at preventing real-time malicious domains and downloads.
// We will of course **ALWAYS** give users the ability to disable.
// https://searchfox.org/firefox-main/source/toolkit/components/url-classifier/SafeBrowsing.sys.mjs
defaultPref("browser.safebrowsing.blockedURIs.enabled", true); // [DEFAULT]
defaultPref("browser.safebrowsing.downloads.enabled", true); // [DEFAULT - non-Android]
defaultPref("browser.safebrowsing.id", "navclient-auto-ffox"); // [DEFAULT - Official] Ensure we use Mozilla's ID
defaultPref("browser.safebrowsing.malware.enabled", true); // [DEFAULT]
defaultPref("browser.safebrowsing.phishing.enabled", true); // [DEFAULT]
defaultPref("browser.safebrowsing.provider.google5.enabled", true); // [DEFAULT]
defaultPref("browser.safebrowsing.provider.mozilla.gethashURL", "https://shavar.services.mozilla.com/gethash?client=navclient-auto-ffox&appver=%MAJOR_VERSION%&pver=2.2"); // Ensure we always use Mozilla's official ID
defaultPref("browser.safebrowsing.update.enabled", true); // [HIDDEN] [DEFAULT] Also covers Mozilla's tracking protection lists
defaultPref("urlclassifier.downloadAllowTable", "goog-downloadwhite-proto"); // [DEFAULT - non-Android]
defaultPref("urlclassifier.downloadBlockTable", "goog-badbinurl-proto"); // [DEFAULT - non-Android]
defaultPref("urlclassifier.enabled_mode", 3); // [DEFAULT] Ensure we enable classification for ETP and Safe Browsing https://searchfox.org/firefox-main/rev/4dad4a9a/netwerk/base/nsNetUtil.cpp#3332 https://searchfox.org/firefox-main/rev/ac83682a/modules/libpref/init/StaticPrefList.yaml#18483
defaultPref("urlclassifier.phishTable", "goog-phish-proto,moztest-phish-simple"); // [DEFAULT - Official] Ensure we're using Google's full/private phishing list https://bugzilla.mozilla.org/show_bug.cgi?id=1288840

/// Ensure users can override Safe Browsing warnings by default
defaultPref("browser.safebrowsing.allowOverride", true); // [DEFAULT]

/// Prevent sending metadata of downloaded files to Safe Browsing providers
// NOTE: If this is enabled, we proxy this (via the `browser.safebrowsing.downloads.remote.url` pref)
// https://support.mozilla.org/kb/how-does-phishing-and-malware-protection-work#w_how-does-phishing-and-malware-protection-work-in-firefox
// https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/
defaultPref("browser.safebrowsing.downloads.remote.enabled", false);

/// Prevent sharing data/telemetry with Safe Browsing providers
// https://searchfox.org/mozilla-central/source/netwerk/url-classifier/nsChannelClassifier.cpp#364
// https://searchfox.org/mozilla-central/source/toolkit/components/url-classifier/nsUrlClassifierDBService.cpp#1964
// https://bugzilla.mozilla.org/show_bug.cgi?id=1351147
// (Known providers taken from here: https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/url-classifier/nsUrlClassifierUtils.cpp#444)
lockPref("browser.safebrowsing.provider.google.dataSharing.enabled", false); // [HIDDEN - non-Android] [DEFAULT]
lockPref("browser.safebrowsing.provider.google.dataSharingURL", ""); // [HIDDEN] [DEFAULT]
lockPref("browser.safebrowsing.provider.google4.dataSharing.enabled", false); // [DEFAULT]
lockPref("browser.safebrowsing.provider.google4.dataSharingURL", "");
lockPref("browser.safebrowsing.provider.google5.dataSharing.enabled", false); // [HIDDEN] [DEFAULT]
lockPref("browser.safebrowsing.provider.google5.dataSharingURL", ""); // [HIDDEN] [DEFAULT]
lockPref("browser.safebrowsing.provider.mozilla.dataSharing.enabled", false); // [HIDDEN] [DEFAULT]
lockPref("browser.safebrowsing.provider.mozilla.dataSharingURL", ""); // [HIDDEN] [DEFAULT]
lockPref("browser.safebrowsing.provider.test.dataSharing.enabled", false); // [HIDDEN] [DEFAULT]
lockPref("browser.safebrowsing.provider.test.dataSharingURL", ""); // [HIDDEN] [DEFAULT]

/// Proxy Safe Browsing
// This sets up a new Safe Browsing "provider", using the servers we've set up for IronFox, hosted on our Cloudflare storage bucket (in EU jurisdiction)
defaultPref("browser.safebrowsing.downloads.remote.url", "https://safebrowsing.ironfoxoss.org/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%");
defaultPref("browser.safebrowsing.provider.google4.advisoryName", "Google Safe Browsing (Proxied by IronFox) - v4");
defaultPref("browser.safebrowsing.provider.google4.gethashURL", "https://safebrowsing.ironfoxoss.org/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSING_API_KEY%&$httpMethod=POST");
defaultPref("browser.safebrowsing.provider.google4.nextupdatetime", "1"); // [HIDDEN]
defaultPref("browser.safebrowsing.provider.google4.updateURL", "https://safebrowsing.ironfoxoss.org/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSING_API_KEY%&$httpMethod=POST");
defaultPref("browser.safebrowsing.provider.google5.advisoryName", "Google Safe Browsing (Proxied by IronFox) - v5");
defaultPref("browser.safebrowsing.provider.google5.gethashURL", "https://safebrowsing.ironfoxoss.org/v5/hashes:search?key=%GOOGLE_SAFEBROWSING_API_KEY%");
defaultPref("browser.safebrowsing.provider.google5.nextupdatetime", "1"); // [HIDDEN]
defaultPref("browser.safebrowsing.provider.google5.updateURL", "https://safebrowsing.ironfoxoss.org/v5/hashLists:batchGet?key=%GOOGLE_SAFEBROWSING_API_KEY%");

/// Show advanced details on pages blocked by Safe Browsing by default
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.xul.error_pages.show_safe_browsing_details_on_load", true); // [NO-ANDROID] [NO-MAIL]
};

/// Unbreak Google's download protection and legacy Safe Browsing provider (if enabled via the `browser.safebrowsing.provider.google.lists` pref)
//  Some (ex. LibreWolf) override these for no reason
defaultPref("browser.safebrowsing.provider.google.gethashURL", "https://safebrowsing.google.com/safebrowsing/gethash?client=navclient-auto-ffox&appver=%MAJOR_VERSION%&pver=2.2"); // [DEFAULT]
defaultPref("browser.safebrowsing.provider.google.updateURL", "https://safebrowsing.google.com/safebrowsing/downloads?client=navclient-auto-ffox&appver=%MAJOR_VERSION%&pver=2.2&key=%GOOGLE_SAFEBROWSING_API_KEY%"); // [DEFAULT]

/// Unclear whether these are actually used or not, but looks like Firefox has some kind of functionality to view a "report" from Safe Browsing about the safety, history, and general status of a site
// By default, it unnecessarily redirects from ex. https://safebrowsing.google.com/safebrowsing/diagnostic?site=example.org to https://transparencyreport.google.com/safe-browsing/search?url=example.org
// We can skip the redirect to improve performance
defaultPref("browser.safebrowsing.provider.google.reportURL", "https://transparencyreport.google.com/safe-browsing/search?url=");
defaultPref("browser.safebrowsing.provider.google4.reportURL", "https://transparencyreport.google.com/safe-browsing/search?url=");
defaultPref("browser.safebrowsing.provider.google5.reportURL", "https://transparencyreport.google.com/safe-browsing/search?url=");

defaultPref("browser.phoenix.status", "020");

/*** 021 MISC. PRIVACY + SECURITY ***/

/// Block background tabs from opening file pickers
// https://searchfox.org/firefox-main/rev/62066911/modules/libpref/init/StaticPrefList.yaml#2210
// https://searchfox.org/firefox-main/rev/62066911/docshell/base/CanonicalBrowsingContext.cpp#3705
defaultPref("browser.disable_pickers_background_tabs", true); // [DEFAULT]

/// Block background/hidden extension pages from opening file pickers
// https://searchfox.org/firefox-main/rev/62066911/modules/libpref/init/StaticPrefList.yaml#2216
// https://searchfox.org/firefox-main/rev/62066911/docshell/base/CanonicalBrowsingContext.cpp#3719
defaultPref("browser.disable_pickers_in_hidden_extension_pages", true); // [DEFAULT - Nightly]

/// Disable Accessibility Services
// PRIVACY: Can be used to monitor users by design
// SECURITY: Can be easily abused by bad actors, Attack Surface Reduction
// "Firefox Accessibility Service is a technology built into Firefox that provides 3rd party applications running on the same device the ability to inspect, monitor, visualize, and alter web page content hosted within Firefox."
// We need to ensure we're still accomodating for impaired users, but I feel this is something that must be handled by the browser instead of external software
// https://web.archive.org/web/20240608190300/support.mozilla.org/en-US/kb/accessibility-services
// Values are -1 always on. 1 always off, 0 (default) is auto as some platform perform further checks.
// This pref is checked only once, and the browser needs a restart to pick up any changes.
defaultPref("accessibility.force_disabled", 1);
if (phoenixPlatform != "android") {
    defaultPref("devtools.accessibility.enabled", false); // [NO-ANDROID] - Disables the Accessibility Inspector/context menu item by default - https://firefox-source-docs.mozilla.org/devtools-user/accessibility_inspector/
};

/// Disable automatic updates for OpenSearch engines
// PRIVACY: Unsolicited connections to search providers
// SECURITY: Could be abused to alter a user's search engine(s) without consent
// Doesn't appear to impact Mozilla's built-in search engines
// https://firefox-source-docs.mozilla.org/toolkit/search/Preferences.html#hidden
// https://developer.mozilla.org/docs/Web/XML/Guides/OpenSearch#supporting_automatic_updates_for_opensearch_plugins
defaultPref("browser.search.update", false); // [DEFAULT - Android]

/// Disable Battery API (Navigator.getBattery)
// PRIVACY: Fingerprinting concerns, just plain creepy...
// SECURITY: Attack Surface Reduction
// NOTE: This only impacts chrome/certain privileged code; this is thankfully never exposed to websites
// I'm still not convinced that there's a legitimate use/need for this functionality though...
// https://developer.mozilla.org/docs/Web/API/Battery_Status_API
// https://developer.mozilla.org/docs/Web/API/Navigator/getBattery
// https://bugzilla.mozilla.org/show_bug.cgi?id=1313580
defaultPref("dom.battery.enabled", false);

/// Disable Beacon API (Navigator.sendBeacon)
// PRIVACY: Used for analytics/tracking by design, see explanation below
// SECURITY: Attack Surface Reduction
// I was originally against disabling this, but after careful consideration, I've changed my position.
// The explicit, stated purpose/use case of this API is for analytics/tracking.
// Websites *can* obtain the data shared from this API through other means; though the other ways to obtain it are more disruptive and less reliable.
// Analytics/tracking is also evidently not a use case that we, as the user agent, should support or assist with.
// I don't see a justification for adding APIs/features to support this hostile behavior. We are the user agent and must act in the best interest of users...
// Also disabled by ex. Cromite: https://github.com/uazo/cromite/blob/master/docs/FEATURES.md https://github.com/uazo/cromite/issues/1454
// https://developer.mozilla.org/docs/Web/API/Beacon_API
// https://developer.mozilla.org/docs/Web/API/Navigator/sendBeacon
// https://udn.realityripple.com/docs/Web/API/Navigator/sendBeacon
// https://w3c.github.io/beacon/#privacy-and-security
// https://bugzilla.mozilla.org/show_bug.cgi?id=1454252
defaultPref("beacon.enabled", false);

/// Disable Clipboard API
// PRIVACY: Fingerprinting concerns, prevents monitoring users' clipboards without their consent
// SECURITY: Prevents leaking sensitive information (ex. passwords), Attack Surface Reduction
// NOTE: This only impacts extensions; this is thankfully never exposed to websites
// I'm still not convinced extensions need or should have access to this data though (While there are currently other ways for extensions to access clipboard data, those are deprecated and will presumably not be around for much longer)
// https://developer.mozilla.org/docs/Web/API/Clipboard
lockPref("dom.events.testing.asyncClipboard", false); // [DEFAULT]

/// Disable Content Analysis SDK
// PRIVACY: Used for monitoring users by design
// SECURITY: Can be easily abused by bad actors, Attack Surface Reduction
// DESKTOP: We also set "ContentAnalysis" in policies
// https://mozilla.github.io/policy-templates/#contentanalysis
// https://github.com/chromium/content_analysis_sdk
lockPref("browser.contentanalysis.default_result", 0); // [DEFAULT]
lockPref("browser.contentanalysis.enabled", false); // [DEFAULT]
lockPref("browser.contentanalysis.interception_point.clipboard.enabled", false);
lockPref("browser.contentanalysis.interception_point.drag_and_drop.enabled", false);
lockPref("browser.contentanalysis.interception_point.file_upload.enabled", false);
lockPref("browser.contentanalysis.interception_point.print.enabled", false);
lockPref("browser.contentanalysis.max_connections", 0); // Sets maximum number of allowed connections to 0
lockPref("browser.contentanalysis.show_blocked_result", true); // [DEFAULT] Always notify users when Content Analysis blocks access to something...
lockPref("browser.contentanalysis.silent_notifications", false); // [DEFAULT] If Content Analysis is enabled, ensure notifications aren't silenced so that users are fully aware

/// Disable Federated Credential Management (FedCM) API
// PRIVACY: Provides support for "identity federation services"/third party sign-in - which can be used for tracking by design
// SECURITY: Attack Surface Reduction
// https://developer.mozilla.org/docs/Web/API/FedCM_API
// https://w3c-fedid.github.io/FedCM/
defaultPref("dom.security.credentialmanagement.identity.enabled", false); // [DEFAULT - non-Nightly]
defaultPref("dom.security.credentialmanagement.identity.heavyweight.enabled", false); // [DEFAULT - non-Nightly]
defaultPref("dom.security.credentialmanagement.identity.lightweight.enabled", false); // [DEFAULT]

/// Disable Microsoft's Cloud Clipboard/Clipboard History
// https://docs.microsoft.com/windows/win32/dataxchg/clipboard-formats#cloud-clipboard-and-clipboard-history-formats
// https://searchfox.org/firefox-main/rev/82e2435f/widget/windows/nsClipboard.cpp#323
if (phoenixPlatform == "windows") {
    lockPref("clipboard.copyPrivateDataToClipboardCloudOrHistory", false); // [WINDOWS-ONLY] [DEFAULT]
};

/// Disable Native Messaging
// This functionality is used to allow browser extensions to communicate with external apps/programs
// Naturally, this raises various privacy and security concerns
// NOTE: Android requires native messaging for certain functionality - ex. it's used for obtaining favicons, sync, etc.
// So we won't disable it by default there, but we'll set it to the defaults to expose at `about:config`
// https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/Native_messaging
// https://developer.chrome.com/docs/extensions/develop/concepts/native-messaging
// https://searchfox.org/firefox-main/rev/af0f713f/toolkit/components/extensions/NativeMessaging.sys.mjs#12
if (phoenixPlatform == "android") {
    defaultPref("webextensions.native-messaging.max-input-message-bytes", 1048576); // [ANDROID-ONLY] [HIDDEN] [DEFAULT]
    defaultPref("webextensions.native-messaging.max-output-message-bytes", 2147483647); // [ANDROID-ONLY] [HIDDEN] [DEFAULT: -1]
    lockPref("webextensions.native-messaging.0.NOTE", "To disable Native Messaging..."); // [ANDROID-ONLY]
    lockPref("webextensions.native-messaging.1.NOTE", "Set 'webextensions.native-messaging.max-input-message-bytes'"); // [ANDROID-ONLY]
    lockPref("webextensions.native-messaging.2.NOTE", "AND 'webextensions.native-messaging.max-output-message-bytes'"); // [ANDROID-ONLY]
    lockPref("webextensions.native-messaging.3.NOTE", "to 0"); // [ANDROID-ONLY]
} else {
    defaultPref("webextensions.native-messaging.max-input-message-bytes", 0); // [NO-ANDROID] [HIDDEN] [DEFAULT: 1048576]
    defaultPref("webextensions.native-messaging.max-output-message-bytes", 0); // [NO-ANDROID] [HIDDEN] [DEFAULT: -1, but, to override: set to 2147483647]
    lockPref("webextensions.native-messaging.max-input-message-bytes.default", 1048576); // [NO-ANDROID]
    lockPref("webextensions.native-messaging.max-output-message-bytes.default", 2147483647); // [NO-ANDROID]
    lockPref("webextensions.native-messaging.0.NOTE", "To re-enable Native Messaging..."); // [NO-ANDROID]
    lockPref("webextensions.native-messaging.1.NOTE", "Set 'webextensions.native-messaging.max-input-message-bytes'"); // [NO-ANDROID]
    lockPref("webextensions.native-messaging.2.NOTE", "AND 'webextensions.native-messaging.max-output-message-bytes'"); // [NO-ANDROID]
    lockPref("webextensions.native-messaging.3.NOTE", "to their default values"); // [NO-ANDROID]
};
if (phoenixPlatform == "linux") {
    defaultPref("widget.use-xdg-desktop-portal.native-messaging", 0); // [LINUX-ONLY] [DEFAULT] For Flatpak/Snap https://searchfox.org/firefox-main/source/toolkit/components/extensions/docs/native-messaging-portal-design.rst
};

/// Disable Reporting API
// PRIVACY: Fingerprinting concerns, used for analytics by design
// SECURITY: Attack Surface Reduction
// https://w3c.github.io/reporting/
// https://bugzilla.mozilla.org/show_bug.cgi?id=1492036
defaultPref("dom.reporting.crash.enabled", false); // [DEFAULT]
defaultPref("dom.reporting.enabled", false);
defaultPref("dom.reporting.featurePolicy.enabled", false); // [DEFAULT]
defaultPref("dom.reporting.header.enabled", false);
defaultPref("dom.reporting.testing.enabled", false); // [DEFAULT]

/// Disable tab hover previews by default
// PRIVACY: Reduces disk activity
// SECURITY: Attack Surface Reduction
// As a bonus, also boosts performance...
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.tabs.hoverPreview.enabled", false); // [NO-ANDROID] [NO-MAIL]
    defaultPref("browser.tabs.hoverPreview.showThumbnails", false); // [NO-ANDROID] [NO-MAIL]
};

/// Disable Web Serial API
// PRIVACY: Fingerprinting concerns
// SECURITY: Attack Surface Reduction
// https://developer.mozilla.org/docs/Web/API/Web_Serial_API
// Toggling 'dom.webserial.enabled' itself could be fingerprintable, but setting these instead just causes the permission to be automatically denied
defaultPref("dom.webserial.gated", true); // [DEFAULT]
defaultPref("permissions.default.serial", 2); // [HIDDEN]

/// Disable Web Share API
// This API allows websites to share data directly to system applications...
// PRIVACY: Could result in leakage/unexpected behavior
// SECURITY: "The data passed to {{Navigator/share()}} might be used to exploit buffer overflow or other remote code execution vulnerabilities in the [=share target=] that receive shares. There is no general way to guard against this, but implementors will want to be aware that it is a possibility (particularly when sharing files).", Attack Surface Reduction
// https://developer.mozilla.org/docs/Web/API/Web_Share_API
defaultPref("dom.webshare.enabled", false); // [DEFAULT - non-Android/non-Nightly Windows]
defaultPref("dom.webshare.requireinteraction", true); // [DEFAULT] If enabled, ensure we always require interaction...

/// Disable WebGPU
// PRIVACY: Fingerprinting concerns
// SECURITY: Attack Surface Reduction
// https://gpuweb.github.io/gpuweb/#privacy-considerations
// https://gpuweb.github.io/gpuweb/#security-considerations
// https://browserleaks.com/webgpu
defaultPref("dom.webgpu.enabled", false); // [DEFAULT - non-Windows/non-Silicon-OSX/non-Nightly]

/// Disable WebMIDI
// PRIVACY: Fingerprinting concerns
// SECURITY: Attack Surface Reduction
// See "Privacy Considerations" & "Security Considerations": https://webaudio.github.io/web-midi-api
// Toggling 'dom.webmidi.enabled' itself could be fingerprintable, but setting these instead just causes the permission to be automatically denied at a random interval
// https://searchfox.org/firefox-main/rev/82e2435f/dom/midi/MIDIPermissionRequest.cpp#120
// Test: https://permission.site/
defaultPref("dom.sitepermsaddon-provider.enabled", false); // [DEFAULT - non-Android]
defaultPref("dom.webmidi.gated", true); // [DEFAULT]
defaultPref("permissions.default.midi", 2); // [HIDDEN]
defaultPref("permissions.default.midi-sysex", 2); // [HIDDEN]

/// Disable the Windows UI Automation API
// Similar privacy and security concerns as with Accessibility Services (accessibility.force_disabled) above
// https://wikipedia.org/wiki/Microsoft_UI_Automation 
// https://searchfox.org/firefox-main/rev/87a1e2a5/modules/libpref/init/StaticPrefList.yaml#298
// 0: Never.
// 1: Always.
// 2: Enable unless incompatible accessibility clients are detected. (default)
defaultPref("accessibility.uia.enable", 0); // [Windows]

/// Enable Local Network Access Restrictions
// https://wicg.github.io/local-network-access/
// https://searchfox.org/firefox-main/rev/7f33a0cc/netwerk/protocol/http/nsHttpTransaction.cpp#3735
// NOTE: `network.localhost.prompt.testing.allow` is used when `network.localhost.prompt.testing` is set to `true`, same applies for `network.localnetwork.prompt.testing.allow` and  `network.localnetwork.prompt.testing`
// when `network.localhost.prompt.testing`/`network.localnetwork.prompt.testing.allow` are set to false, the site permissions are followed like normal instead
defaultPref("network.lna.allow_top_level_navigation", false); // Enforce LNA for top-level document navigation https://searchfox.org/firefox-main/rev/8e6b6cb1/modules/libpref/init/StaticPrefList.yaml#14619
defaultPref("network.lna.benchmarking-is-local", true); // Enable LNA for IP addresses in the 192.18.X.X range https://searchfox.org/firefox-main/rev/28328852/modules/libpref/init/StaticPrefList.yaml#14678
defaultPref("network.lna.block_trackers", true); // https://searchfox.org/firefox-main/rev/7f33a0cc/modules/libpref/init/StaticPrefList.yaml#14469
defaultPref("network.lna.enabled", true); // [DEFAULT]
defaultPref("network.lna.etp.enabled", false); // [DEFAULT] Enable LNA, regardless of ETP/ETP Strict https://searchfox.org/firefox-main/rev/7f33a0cc/browser/components/protections/ContentBlockingPrefs.sys.mjs#265
defaultPref("network.lna.local-network-to-localhost.skip-checks", false); // Enforce LNA for requests from local network to your device https://searchfox.org/firefox-main/rev/8e6b6cb1/modules/libpref/init/StaticPrefList.yaml#14641
defaultPref("network.lna.websocket.enabled", true); // Enforce LNA for WebSocket connections https://searchfox.org/firefox-main/rev/7f33a0cc/modules/libpref/init/StaticPrefList.yaml#14490
if (phoenixESR == false) {
    // We don't want to st this for ESR until the next ESR cycle is over, because this functionality was still very early in development there,
    // so setting this pref causes breakage/issues - we also set this pref to true by via policies
    defaultPref("network.lna.blocking", true); // [ANDROID-ONLY] [DEFAULT - Nightly]
};
if (phoenixPlatform == "android") {
    defaultPref("network.localhost.prompt.testing", true); // [ANDROID-ONLY] [HIDDEN]
    defaultPref("network.localhost.prompt.testing.allow", false); // [ANDROID-ONLY] [HIDDEN] Blocks websites from prompting to access apps and services (outside of the browser) on your device
    defaultPref("network.localnetwork.prompt.testing", true); // [ANDROID-ONLY] [HIDDEN]
    defaultPref("network.localnetwork.prompt.testing.allow", false); // [ANDROID-ONLY] [HIDDEN] Blocks websites from prompting to access the local network
} else {
    defaultPref("permissions.default.local-network", 2); // [NO-ANDROID] Blocks websites from prompting to access the local network by default - 0: Always ask, 1: Allow, 2: Block
    defaultPref("permissions.default.localhost", 0); // [NO-ANDROID] [DEFAULT] Blocks websites from prompting to access apps and services (outside of the browser) on your device - 0: Always ask, 1: Allow, 2: Block
};

/// Enable Messaging Layer Security (MLS)
// PRIVACY: Ensures messages are only received by the intended recipient
// SECURITY: Protects the authenticity and integrity of messages
// Security layer for E2EE messaging
// https://wikipedia.org/wiki/Messaging_Layer_Security
// https://blog.mozilla.org/mozilla/messaging-layer-security-is-now-an-internet-standard/
// https://bugzilla.mozilla.org/show_bug.cgi?id=1876002
defaultPref("dom.origin-trials.mls.state", 1);

/// Enable unused permission expiration
// Automatically removes permissions that haven't been used recently
// Improves privacy and security by resetting no longer necessary/possibly unwanted permissions
defaultPref("permissions.expireUnused.enabled", true); // [DEFAULT - Nightly]

/// Only send cross-origin referers if hosts match
// https://wiki.mozilla.org/Security/Referrer
if (phoenixExtended == true) {
    defaultPref("network.http.referer.XOriginPolicy", 2); // [EXTENDED-ONLY]
};
if (getPref("browser.phoenix.reset.network.http.referer.XOriginPolicy") == true) {
    pref("network.http.referer.XOriginPolicy", 2); // [FN]
};

/// Prevent exposing XPCOM Components.interfaces to websites
// PRIVACY: Fingerprinting concerns
// SECURITY: Attack Surface Reduction
// (For reference, this is also set by ex. Tor Browser)
// https://bugzilla.mozilla.org/show_bug.cgi?id=429070
// https://devdoc.net/web/developer.mozilla.org/en-US/docs/Components.interfaces.html
defaultPref("dom.use_components_shim", false); // [DEFAULT - Nightly]

/// Warn users upon potentially misconfigured/problematic settings (at `about:preferences#privacy`)
// https://searchfox.org/firefox-main/rev/82e2435f/browser/components/preferences/privacy.js#772
// On Linux, this currently breaks `about:preferences#privacy`...
if (phoenixPlatform != "android" && phoenixPlatform != "linux" && phoenixMail == false) {
    defaultPref("privacy.ui.status_card", true); // [NO-ANDROID] [NO-LINUX] [NO-MAIL] [HIDDEN]
};

defaultPref("browser.phoenix.status", "021");

/*** 022 MISC. PRIVACY ***/

/// Block ports currently known to be abused by Android apps for tracking/fingerprinting
// Previously blocked by default on Android - and assuming they don't cause issues, I'd also like to keep these blocked for other platforms (for defense in depth and in case this method of tracking is also being used elsewhere...)
// https://localmess.github.io/
// https://bugzilla.mozilla.org/show_bug.cgi?id=1970141
defaultPref("network.security.ports.banned", "29009, 29010, 30102, 30103, 12387, 12388, 12580, 12581, 12582, 12583, 12584, 12585, 12586, 12587, 12588, 12589, 12590, 12591");

/// Disable CSP reporting
// Fingerprinting concerns, Used for analytics by design
// Also reduces unsolicited network activity and bandwidth consumption
// Glad we managed to convince Mozilla to add this :)
// https://bugzilla.mozilla.org/show_bug.cgi?id=1964249
defaultPref("security.csp.reporting.enabled", false);

/// Disable Hyperlink Auditing (Click Tracking)
// https://www.bleepingcomputer.com/news/software/major-browsers-to-prevent-disabling-of-click-tracking-privacy-risk/
// https://searchfox.org/firefox-main/rev/82e2435f/docshell/base/nsPingListener.cpp#32
defaultPref("browser.send_pings", false); // [DEFAULT]
defaultPref("browser.send_pings.max_per_link", 1); // [DEFAULT] Ensure max number of pings are limited to 1 if Hyperlink Auditing is enabled
defaultPref("browser.send_pings.require_same_host", true); // [DEFENSE IN DEPTH]

/// Disable Network Error Logging
// Fingerprinting concerns, Used for analytics by design
// https://developer.mozilla.org/docs/Web/HTTP/Network_Error_Logging
// https://w3c.github.io/network-error-logging/
// https://bugzilla.mozilla.org/show_bug.cgi?id=1145235
// https://searchfox.org/firefox-main/rev/82e2435f/modules/libpref/init/StaticPrefList.yaml#13696
defaultPref("network.http.network_error_logging.enabled", false); // [DEFAULT]

/// Disable online speech recognition
// https://searchfox.org/firefox-main/rev/82e2435f/dom/media/webspeech/recognition/OnlineSpeechRecognitionService.cpp#41
// https://searchfox.org/firefox-main/source/dom/media/webspeech/recognition/SpeechRecognition.cpp
defaultPref("media.webspeech.service.endpoint", "data;"); // [HIDDEN]

/// Disable referers when leaving .onion domains
// NOTE: Please use TOR BROWSER for accessing .onion domains...
defaultPref("network.http.referer.hideOnionSource", true); // [DEFAULT]

/// Disable storage access heuristics
// https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning#storage_access_heuristics
defaultPref("dom.storage_access.auto_grants", false); // Automatic storage access grants
defaultPref("privacy.restrict3rdpartystorage.heuristic.navigation", false); // [DEFAULT - Android] 
defaultPref("privacy.restrict3rdpartystorage.heuristic.opened_window_after_interaction", false);
defaultPref("privacy.restrict3rdpartystorage.heuristic.recently_visited", false); // [DEFAULT - non-Android]
defaultPref("privacy.restrict3rdpartystorage.heuristic.redirect", false); // [DEFAULT]
defaultPref("privacy.restrict3rdpartystorage.heuristic.window_open", false); // [DEFAULT]
defaultPref("privacy.restrict3rdpartystorage.heuristic.recently_visited_time", 0);

/// Disable TLS session identifiers
// Fingerprinting/tracking concerns
// Especially important for Android, where users likely leave the app open (and by extension: keep their browsing session active) for days at a time, much longer than on Desktop
// Even on Desktop, this can be used as a vector to detect whether Private Browsing is active: https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/44187
// For reference, this is also disabled by ex. Cromite
// https://arxiv.org/abs/1810.07304
defaultPref("security.ssl.disable_session_identifiers", true);

/// Enable Containers
// https://support.mozilla.org/kb/how-use-firefox-containers
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/contextualidentity/ContextualIdentityService.sys.mjs#9
defaultPref("privacy.userContext.enabled", true); // [HIDDEN - Android] [DEFAULT - Firefox Desktop Nightly]

/// Enable Cookie Banner Reduction
// https://support.mozilla.org/kb/cookie-banner-reduction
defaultPref("cookiebanners.bannerClicking.enabled", true); // [DEFAULT]
defaultPref("cookiebanners.cookieInjector.enabled", true); // [DEFAULT]
defaultPref("cookiebanners.service.mode", 1);
defaultPref("cookiebanners.service.mode.privateBrowsing", 1);
defaultPref("cookiebanners.service.enableGlobalRules", true); // [DEFAULT]
defaultPref("cookiebanners.service.enableGlobalRules.subFrames", true); // [DEFAULT]

/// Enable Cookies Having Independent Partitioned State (CHIPS)
// This allows websites to set cookies with a 'Partitioned' attribute, meaning they're limited in scope
// We still use ETP Strict for partioning anyways, so this could be useful as a defense in depth if a user decides to allow a specific domain (or domains) to access a third party cookie
// https://developer.mozilla.org/docs/Web/Privacy/Privacy_sandbox/Partitioned_cookies
// https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie#partitioned
// https://github.com/privacycg/CHIPS
defaultPref("network.cookie.CHIPS.enabled", true); // [DEFAULT]
defaultPref("network.cookie.chips.partitionLimitDryRun", false); // [DEFAULT]

/// Enable Do Not Track
// https://wikipedia.org/wiki/Do_Not_Track
// Has legal backing in certain regions, such as Germany (1)
// Also still respected by a surprising number of sites - including Mozilla's own
// (ex. addons.mozilla.org disables Google Analytics if DNT is enabled)
// 1: https://vivaldi.com/blog/do-no-track-gets-legal-backing-in-germany/
defaultPref("privacy.donottrackheader.enabled", true);
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.preferences.config_warning.donottrackheader.dismissed", true); // [NO-ANDROID] [NO-MAIL] [HIDDEN] Hide notice that DNT is no longer supported at `about:preferences#privacy` (when `privacy.ui.status_card` is enabled)
};

/// Enable Global Privacy Control
// https://globalprivacycontrol.org/
defaultPref("privacy.globalprivacycontrol.enabled", true);
defaultPref("privacy.globalprivacycontrol.functionality.enabled", true); // [DEFAULT - non-Thunderbird]
defaultPref("privacy.globalprivacycontrol.pbmode.enabled", true); // [DEFAULT - non-Thunderbird]

/// Enable support for Mozilla IP Protection
// Free to use (unlike ex. Mozilla VPN)
// https://connect.mozilla.org/t5/discussions/introducing-firefox-s-built-in-vpn-ip-protection-now-in-the/td-p/120550
// https://searchfox.org/firefox-main/source/browser/components/ipprotection/docs/Preferences.rst
// https://codeberg.org/celenity/Phoenix/issues/284
defaultPref("browser.ipProtection.enabled", true); // [DEFAULT - Android] https://searchfox.org/firefox-main/rev/ada2ab81/mobile/android/app/geckoview-prefs.js#387
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.ipProtection.added", true); // [NO-ANDROID] [NO-MAIL] Prevent pinning the VPN button to the toolbar for users with existing installs/set-ups
    defaultPref("browser.ipProtection.features.siteExceptions", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT] If IP Protection is enabled, enable support for site exceptions https://searchfox.org/firefox-main/rev/aee7c0f2/browser/app/profile/firefox.js#3547
};

/// Enable the (new) UI for browser profiles by default
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.profiles.enabled", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
};

/// Enable the UI for containers at `about:preferences#general` (`about:preferences#containers`)
// We also include the Firefox Multi-Account Containers extension by default
// https://support.mozilla.org/kb/how-use-firefox-containers
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("privacy.userContext.ui.enabled", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT - Nightly]
};

/// Enable the UI for Cookie Banner Reduction at `about:preferences#privacy`
// https://support.mozilla.org/kb/cookie-banner-reduction
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("cookiebanners.ui.desktop.enabled", true); // [NO-ANDROID] [NO-MAIL]
};

/// Exclude third party trackers from storage access heuristics (if enabled)
// https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning#storage_access_heuristics
defaultPref("dom.storage_access.auto_grants.exclude_third_party_trackers", true); // [DEFAULT] Automatic storage access grants
defaultPref("privacy.restrict3rdpartystorage.heuristic.exclude_third_party_trackers", true); // [DEFAULT]

/// Improve built-in query stripping to be on par with LibreWolf and Brave
// See Mozilla's defaults here: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/query-stripping/changeset?_expected=0
// https://github.com/brave/brave-core/blob/3dcdad4c8a5cf62f83ca4f893fc7f0c4d3d086bc/components/query_filter/browser/utils.cc#L33-L138
// For discussion around gbraid, see: https://codeberg.org/celenity/Phoenix/pulls/289
defaultPref("privacy.query_stripping.strip_list", "__hsfp __hssc __hstc __s _bhlid _branch_match_id _branch_referrer _gl _hsenc _openstat at_recipient_id at_recipient_list bbeml bsft_clkid bsft_uid dclid et_rid fb_action_ids fb_comment_id fbclid gbraid gclid guce_referrer guce_referrer_sig hsCtaTracking irclickid mc_eid ml_subscriber ml_subscriber_hash msclkid mtm_cid oft_c oft_ck oft_d oft_id oft_ids oft_k oft_lk oft_sk oly_anon_id oly_enc_id pk_cid rb_clickid s_cid sc_customer sc_eh sc_uid sfmc_activityid sfmc_id sms_click sms_source sms_uph srsltid ss_email_id syclid ttclid twclid unicorn_click_id vero_conv vero_id vgo_ee wbraid wickedid yclid ymclid ysclid");

//// Unbreak urldefense.com redirects
/// (ex. https://urldefense.com/v3/__https://www.portainer.io/hs/preferences-center/en/direct?data=W2nXS-N30h-M1W45lXqV2nFX8ZW3SzKNq3gnnN0W4cQh6C1Bnn1kW1VjfB24fr2-BW4mm3dy3T2wkqW2MWfBj49z9PPW4mqs512qWTfrW4px5K71Nn7N2W32DKbz1V7s-qW21bSln2KWpS4W1SdHmq2YwgS9W3P8RNt2r6W8pW49QSSt1_tcPsW3GSrf749CfyJW2PPdX33JPrgmW4hcHf84hm-NmW2FS2pd2sMKL-W2YGYkz43RS-9W4pjpV52t0rxlW3SB_f94psLW2W3_Sm6w2FGVTjW3K2-cG4fzZLWW2qDSdB3bzPyBW3j8X_q2PMxWzW36CtK22MvcXrW4hNdFB3DLWP3W3VMWNy3SYMyvW1Vs-MC43NZJNW4hLsTd2B1T2JW2sB9wk3DMh2mW2D0QS-2t04tYW43Cpv42Tz6SwW32rgcB3_SfvDW4mq1yB36nnnkW3BNLQw2YfSH9W49sKsP3z4zKPW3zd1YL1Zm6S3W4kmj3Z2sQ7WVW36xkSD2RSm5hW1Q0SqC30sK9ZW2-kSbQ2nH5KcW36fNc_2RjGNjW36pblN43qsbhW2CCNvJ3_SL29W1_sQHx4fqK9NW3Sy1cb4mpD3h0&utm_campaign=XNF&utm_source=hs_automation&utm_medium=email&utm_content=264158909&_hsenc=p2ANqtz--9JvIgI266aB1UVizENwYNYREZSotsXOhWcMNeKjZLJO9ZwmR9xlyfsQN2orbT25IymZ_vKUNTANMKQMVQBnzowi2339ExVoOKMJaHx0t2yn5esgg&_hsmi=264158909__;!!MlclJBHn!0eDf-zTf69h-IhFT9WDu2GIXAtCy6RENwguPVpTF1k2K-Nbnzy1NXix2Gj7azc8yDFyI2z3Tz4nTFuGe2hlLzsBl$)
/// https://github.com/brave/brave-browser/issues/41134
defaultPref("privacy.query_stripping.allow_list", "urldefense.com");

/// Isolate permissions per container (if containers are enabled)
// https://support.mozilla.org/kb/how-use-firefox-containers
defaultPref("permissions.isolateBy.userContext", true);

/// Isolate resources (ex. referrers and cookies) injected by extensions
// (ex. https://searchfox.org/mozilla-central/source/toolkit/components/extensions/test/xpcshell/test_ext_contentscript_antitracking.js)
defaultPref("privacy.antitracking.isolateContentScriptResources", true); // [DEFAULT - Nightly]

/// Limit maximum cookie lifetime to 6 months/180 days (Like Brave)
// Firefox's default is currently 400 days (34560000)
// https://github.com/brave/brave-browser/issues/3443
// https://github.com/fmarier/brave-core/commit/4d222df50a8dfaaabb31e9f2c5070c4db5ba8fd5
// For testing: https://setcookie.net/
defaultPref("network.cookie.maxageCap", 15552000);

/// Prevent Firefox from automatically guessing which container to open an external link in (if containers are enabled)
// Instead, stick to the default
// This can lead to cross contamination for those who keep separate containers exclusively for specific websites
// https://bugzilla.mozilla.org/show_bug.cgi?id=1874599#c8
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.link.force_default_user_context_id_for_external_opens", true); // [NO-ANDROID] [NO-MAIL]
};

/// Prevent sharing identifying information if a remote AutoConfig is being used
// https://searchfox.org/firefox-main/rev/82e2435f/extensions/pref/autoconfig/src/nsAutoConfig.cpp#213
lockPref("autoadmin.append_emailaddr", false); // [HIDDEN] [DEFAULT]

/// Prevent third parties from setting cookies unless the third party already has cookies as a first party (Like Safari)
// https://webkit.org/tracking-prevention/#the-default-cookie-policy
// https://bugzilla.mozilla.org/show_bug.cgi?id=1587182
defaultPref("privacy.dynamic_firstparty.limitForeign", true);

/// Restrict tracking referers
// 0=no-referrer, 1=same-origin, 2=strict-origin-when-cross-origin (default),
// 3=no-referrer-when-downgrade.
// Setting to 1 currently breaks various functionality https://codeberg.org/celenity/Phoenix/pulls/228#issuecomment-10051167
// defaultPref("network.http.referer.defaultPolicy.trackers", 1); // [DEFAULT]
// defaultPref("network.http.referer.defaultPolicy.trackers.pbmode", 1); // [DEFAULT]

/// Strip tracking parameters from URLs when shared by default
defaultPref("privacy.query_stripping.strip_on_share.enabled", true); // [DEFAULT - non-Android/Thunderbird]

/// Trim cross-origin referers (Like Safari)
// https://wiki.mozilla.org/Security/Referrer
defaultPref("network.http.referer.XOriginTrimmingPolicy", 2);

defaultPref("browser.phoenix.status", "022");

/*** 023 MISC. SECURITY ***/

/// Always prompt users for a certificate when websites request one, rather than automatically selecting one...
// https://www.stigviewer.com/stig/mozilla_firefox/2023-06-05/finding/V-251547
lockPref("security.default_personal_cert", "Ask Every Time"); // [DEFAULT]

/// Apply CSP to internal browser.xhtml
defaultPref("security.browser_xhtml_csp.enabled", true); // [DEFAULT]

/// Block privileged `about:` pages from loading remote scripts
// https://searchfox.org/firefox-main/rev/82e2435f/dom/security/nsContentSecurityManager.cpp#1102
defaultPref("security.disallow_privilegedabout_remote_script_loads", true);

/// Configure protocol handling
// This can get very confusing, very fast - so here's a basic explanation:
// If a protocol is "exposed", it can be opened/used by the browser in all contexts
// If a protocol is "external", it can not be opened/used by the browser directly, and the protocol will instead open in an external application
// If a protocol is "external" and set to "warn-external", the user will be warned/prompted before the protocol is opened in an external application
// By default, Firefox on Desktop "exposes" ALL protocols (network.protocol-handler.expose-all), and allows ALL protocols to be opened externally (network.protocol-handler.external-default) - though it does require prompting before all of them (network.protocol-handler.warn-external-default), except for `mailto:` (network.protocol-handler.external.mailto), and it does manually block several protocols from being opened externally
// Android is similar, except, in addition to `mailto`, it also disables prompting before opening `sms`, `tel`, and YouTube
// https://bugzilla.mozilla.org/show_bug.cgi?id=819554
// https://bugzilla.mozilla.org/show_bug.cgi?id=589403
// https://bugzilla.mozilla.org/show_bug.cgi?id=630364
// Instead of "exposing" all protocols, we can reduce attack surface by limiting them to only the ones we actually need/use/want
// We can also ensure that the user is always warned before opening a protocol externally, and we can block protocols ourselves if desired
defaultPref("network.protocol-handler.expose.about", true); // [DEFAULT - Thunderbird]
defaultPref("network.protocol-handler.expose.blob", true); // [DEFAULT - Thunderbird]
defaultPref("network.protocol-handler.expose.chrome", true); // [DEFAULT - Thunderbird]
defaultPref("network.protocol-handler.expose.data", true); // [DEFAULT - Thunderbird]
defaultPref("network.protocol-handler.expose.file", true); // [DEFAULT - Thunderbird]
defaultPref("network.protocol-handler.expose.http", true); // [DEFAULT - Thunderbird]
defaultPref("network.protocol-handler.expose.https", true); // [DEFAULT - Thunderbird]
defaultPref("network.protocol-handler.expose.javascript", true); // [DEFAULT - Thunderbird]
defaultPref("network.protocol-handler.expose.moz-extension", true); // [DEFAULT - Thunderbird] [HIDDEN - non-Thunderbird]
defaultPref("network.protocol-handler.expose.resource", true); // [HIDDEN]
defaultPref("network.protocol-handler.expose-all", false); // [DEFAULT - Thunderbird]
defaultPref("network.protocol-handler.external.about", false); // [HIDDEN]
defaultPref("network.protocol-handler.external.afp", false); // [DEFAULT]
defaultPref("network.protocol-handler.external.bankid", true); // [HIDDEN] Ensure we do not try to handle BankID authentication internally...
defaultPref("network.protocol-handler.external.blob", false); // [HIDDEN]
defaultPref("network.protocol-handler.external.chrome", false); // [HIDDEN]
defaultPref("network.protocol-handler.external.data", false); // [DEFAULT]
defaultPref("network.protocol-handler.external.disk", false); // [DEFAULT]
defaultPref("network.protocol-handler.external.disks", false); // [DEFAULT]
defaultPref("network.protocol-handler.external.hcp", false); // [DEFAULT]
defaultPref("network.protocol-handler.external.help", false); // [HIDDEN - non-macOS] [DEFAULT - macOS]
defaultPref("network.protocol-handler.external.htp", false); // [DEFAULT]
defaultPref("network.protocol-handler.external.htps", false); // [DEFAULT]
defaultPref("network.protocol-handler.external.ie.http", false); // [DEFAULT]
defaultPref("network.protocol-handler.external.iehistory", false); // [DEFAULT]
defaultPref("network.protocol-handler.external.ierss", false); // [DEFAULT]
defaultPref("network.protocol-handler.external.ile", false); // [DEFAULT]
defaultPref("network.protocol-handler.external.javascript", false); // [DEFAULT]
defaultPref("network.protocol-handler.external.le", false); // [DEFAULT]
defaultPref("network.protocol-handler.external.mk", false); // [DEFAULT]
defaultPref("network.protocol-handler.external.moz", false); // [HIDDEN]
defaultPref("network.protocol-handler.external.moz-extension", false); // [HIDDEN]
defaultPref("network.protocol-handler.external.moz-icon", false); // [DEFAULT]
defaultPref("network.protocol-handler.external.moz-sbrs", false); // [HIDDEN]
defaultPref("network.protocol-handler.external.ms-cxh", false); // [DEFAULT]
defaultPref("network.protocol-handler.external.ms-cxh-full", false); // [DEFAULT]
defaultPref("network.protocol-handler.external.ms-help", false); // [DEFAULT]
defaultPref("network.protocol-handler.external.ms-msdt", false); // [DEFAULT]
defaultPref("network.protocol-handler.external.obtainium", true); // [HIDDEN] Ensure we do not try to handle Obtainium app installation internally...
defaultPref("network.protocol-handler.external.ps", false); // [DEFAULT]
defaultPref("network.protocol-handler.external.res", false); // [DEFAULT]
defaultPref("network.protocol-handler.external.resource", false); // [HIDDEN]
defaultPref("network.protocol-handler.external.search", false); // [DEFAULT]
defaultPref("network.protocol-handler.external.search-ms", false); // [DEFAULT]
lockPref("network.protocol-handler.external.shell", false); // [DEFAULT] Never expose shell access https://www.stigviewer.com/stig/mozilla_firefox/2019-12-12/finding/V-15771
defaultPref("network.protocol-handler.external.tel", true); // [HIDDEN] Ensure we do not try to handle tel (Phone) links internally...
defaultPref("network.protocol-handler.external.tps", false); // [DEFAULT]
defaultPref("network.protocol-handler.external.ttp", false); // [DEFAULT]
defaultPref("network.protocol-handler.external.ttps", false); // [DEFAULT]
defaultPref("network.protocol-handler.external.vbscript", false); // [DEFAULT]
defaultPref("network.protocol-handler.external.view-source", false); // [HIDDEN]
defaultPref("network.protocol-handler.external.vnd.ms.radio", false); // [DEFAULT]
defaultPref("network.protocol-handler.warn-external.file", true); // [DEFAULT - non-Android]
defaultPref("network.protocol-handler.warn-external.ftp", true); // [HIDDEN - non-Thunderbird] [DEFAULT - non-Thunderbird]
defaultPref("network.protocol-handler.warn-external.mailto", true); // [HIDDEN - Thunderbird] [DEFAULT - non-Android/Firefox Desktop]
lockPref("network.protocol-handler.warn-external.shell", true); // [HIDDEN] [DEFAULT]
defaultPref("network.protocol-handler.warn-external.sms", true); // [HIDDEN - non-Android] [DEFAULT - non-Android]
defaultPref("network.protocol-handler.warn-external.tel", true); // [HIDDEN - non-Android] [DEFAULT - non-Android]
defaultPref("network.protocol-handler.warn-external.vnd.youtube", true); // [HIDDEN - non-Android] [DEFAULT - non-Android]
defaultPref("network.protocol-handler.warn-external-default", true); // [DEFAULT]
if (phoenixMail == false) {
    defaultPref("network.protocol-handler.external.http", false); // [NO-MAIL] [HIDDEN]
    defaultPref("network.protocol-handler.external.https", false); // [NO-MAIL] [HIDDEN]
};
if (phoenixPlatform == "android") {
    defaultPref("network.protocol-handler.expose.bankid", true); // [ANDROID-ONLY] [HIDDEN] Needed for BankID authentication on Android - see https://codeberg.org/ironfox-oss/bugs/issues/213
    defaultPref("network.protocol-handler.expose.obtainium", true); // [ANDROID-ONLY] [HIDDEN] Needed for installing apps from Obtainium - https://apps.obtainium.imranr.dev/
    defaultPref("network.protocol-handler.expose.tel", true); // [ANDROID-ONLY] [HIDDEN] Needed for opening links in the Phone app - https://codeberg.org/ironfox-oss/bugs/issues/231
} else if (phoenixMail == false) {
    defaultPref("network.protocol-handler.expose.view-source", true); // [NO-ANDROID] [NO-MAIL]
};

/// Decrease the lifetime of extension processes
// https://bugzilla.mozilla.org/show_bug.cgi?id=1847608
defaultPref("dom.ipc.keepProcessesAlive.extension", 0); // [HIDDEN - non-Android] [DEFAULT - non-Android]

/// Decrease the lifetime of privileged processes for `about:` pages
defaultPref("dom.ipc.keepProcessesAlive.privilegedabout", 0);

/// Decrease the lifetime of web content processes
// https://bugzilla.mozilla.org/show_bug.cgi?id=1447393
defaultPref("dom.ipc.keepProcessesAlive.web", 0); // [HIDDEN - non-Android] [DEFAULT - non-Android]

/// Disable the Document Picture-in-Picture API
// "The Document Picture-in-Picture API makes it possible to open an always-on-top window that can be populated with arbitrary HTML content — for example a video with custom controls or a set of streams showing the participants of a video conference call" (1)
// In addition to being obnoxious/unwanted and unnecessary, also reduces attack surface
// In general, if users wants to use PiP, they should remain in control and use the standard/existing browser functionality - 
// we shouldn't let websites attempt to override that/implement it themselves
// Also especially concerning because this API isn't just limited to media, it supports any arbitrary HTML content...
// 1: https://developer.mozilla.org/docs/Web/API/Document_Picture-in-Picture_API
// https://codeberg.org/celenity/Phoenix/issues/291
defaultPref("dom.documentpip.enabled", false); // [DEFAULT - Android]

/// Disable GNOME Integration
// https://searchfox.org/firefox-main/rev/82e2435f/browser/components/shell/nsGNOMEShellService.cpp#77
if (phoenixPlatform == "linux") {
    defaultPref("browser.gnome-search-provider.enabled", false); // [LINUX-ONLY] [HIDDEN]
};

/// Disable Navigator Media Objects and getUserMedia Support in insecure contexts
// https://developer.mozilla.org/docs/Web/API/Navigator/mediaDevices
// https://searchfox.org/firefox-main/rev/82e2435f/modules/libpref/init/StaticPrefList.yaml#12475
defaultPref("media.devices.insecure.enabled", false); // [DEFAULT]
defaultPref("media.getusermedia.insecure.enabled", false); // [DEFAULT]

/// Disable Win32k System Calls
// https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html
// https://docs.google.com/document/d/1gJDlk-9xkh6_8M_awrczWCaUuyr0Zd2TKjNBCiPO_G4/edit
if (phoenixPlatform == "windows") {
    defaultPref("security.sandbox.content.win32k-disable", true); // [WINDOWS-ONLY] [DEFAULT]
    defaultPref("security.sandbox.gmp.win32k-disable", true); // [WINDOWS-ONLY] [DEFAULT]
    defaultPref("security.sandbox.socket.win32k-disable", true); // [WINDOWS-ONLY] [DEFAULT]
};

/// Do not allow additional ports by default
// This is just to expose the preference via the `about:config`
defaultPref("network.security.ports.banned.override", ""); // [HIDDEN] [DEFAULT]

/// Enable Arbitrary Code Guard (ACG)
// https://medium.com/@boutnaru/the-windows-security-journey-acg-arbitrary-code-guard-74b08a8bd1e5
if (phoenixPlatform == "windows") {
    defaultPref("security.sandbox.gmp.acg.enabled", true); // [WINDOWS-ONLY] [DEFAULT]
    defaultPref("security.sandbox.rdd.acg.enabled", true); // [WINDOWS-ONLY] [DEFAULT]
    defaultPref("security.sandbox.utility-wmf.acg.enabled", true); // [WINDOWS-ONLY] [DEFAULT]
};

/// Enable Code Integrity Guard (CIG) for pre-spawn
// https://medium.com/@boutnaru/the-windows-security-journey-cig-code-integrity-guard-7e410c8d2304
if (phoenixPlatform == "windows") {
    defaultPref("security.sandbox.cig.prespawn.enabled", true); // [WINDOWS-ONLY] [DEFAULT - Nightly]
};

/// Enable content process sandboxing
// These are especially useful for ex. Thunderbird, which seems to disable sandboxing by default...
// Sandboxing is obviously critical from a security perspective as well, so doesn't hurt IMO to explicitly enable here
if (phoenixPlatform == "linux") {
    defaultPref("security.sandbox.content.level", 6); // [LINUX-ONLY] [DEFAULT] https://searchfox.org/firefox-main/rev/82e2435f/browser/app/profile/firefox.js#1596
} else if (phoenixPlatform == "osx") {
    defaultPref("security.sandbox.content.level", 3); // [OSX-ONLY] [DEFAULT] https://searchfox.org/firefox-main/rev/82e2435f/browser/app/profile/firefox.js#1567
} else if (phoenixPlatform == "windows") {
    defaultPref("security.sandbox.content.level", 9); // [WINDOWS-ONLY] [DEFAULT] https://searchfox.org/firefox-main/rev/82e2435f/browser/app/profile/firefox.js#1555
};

/// Enable the Cross-Origin-Embedder Policy Header
// https://developer.mozilla.org/docs/Web/HTTP/Reference/Headers/Cross-Origin-Embedder-Policy
defaultPref("browser.tabs.remote.coep.credentialless", true); // [DEFAULT - non-Android stable] 'credentialless' 
defaultPref("browser.tabs.remote.useCrossOriginEmbedderPolicy", true); // [DEFAULT]
defaultPref("dom.origin-trials.coep-credentialless.state", 1); // 'credentialless' 

/// Enable the Cross-Origin-Opener Policy Header
// https://developer.mozilla.org/docs/Web/HTTP/Reference/Headers/Cross-Origin-Opener-Policy
defaultPref("browser.tabs.remote.useCrossOriginOpenerPolicy", true); // [DEFAULT]

/// Enable GPU Sandboxing
// https://www.ghacks.net/2023/01/17/firefox-110-will-launch-with-gpu-sandboxing-on-windows/
// https://searchfox.org/firefox-main/rev/82e2435f/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp#1293
// https://searchfox.org/firefox-main/rev/82e2435f/security/sandbox/chromium/sandbox/win/src/security_level.h#38
// For macOS, any level >= 1 enables the sandbox and setting a higher level has no effect. (default 1)
defaultPref("security.sandbox.gpu.level", 2); // [1 = USER_RESTRICTED_NON_ADMIN (Default: Windows), 2 = USER_LIMITED (Stricter)]

/// Enable the Integrity-Policy header
// https://developer.mozilla.org/docs/Web/HTTP/Reference/Headers/Integrity-Policy
defaultPref("security.integrity_policy.enabled", true); // [DEFAULT]
defaultPref("security.integrity_policy.stylesheet.enabled", true); // [DEFAULT]

/// Enable Opaque Response Blocking
// https://github.com/annevk/orb
defaultPref("browser.opaqueResponseBlocking", true); // [DEFAULT - non-Android]
defaultPref("browser.opaqueResponseBlocking.javascriptValidator", true); // [DEFAULT]

/// Enable Origin-keyed agent clustering by default (Like Chromium)
// https://chromeenterprise.google/policies/#OriginAgentClusterDefaultEnabled
// https://developer.chrome.com/blog/immutable-document-domain/
defaultPref("dom.origin_agent_cluster.default", true);
defaultPref("dom.origin_agent_cluster.enabled", true); // [DEFAULT]

/// Enforce Per-site Process Isolation + isolate all websites
// https://wiki.mozilla.org/Project_Fission
defaultPref("browser.sessionstore.disable_platform_collection", false); // [DEFAULT - non-Thunderbird]
defaultPref("fission.autostart", true); // [DEFAULT]
defaultPref("fission.autostart.session", true); // [DEFAULT]
defaultPref("fission.disableSessionHistoryInParent", false); // [DEFAULT] SHIP, required for Fission
defaultPref("fission.highValue.login.monitor", true); // [DEFAULT - Android] Ensure that we are always marking log-in attempts as "high value", even if Fission is disabled - for if/when users decide to enable it later https://searchfox.org/firefox-main/rev/d88792ab/dom/ipc/LoginDetectionService.cpp#64
defaultPref("fission.webContentIsolationStrategy", 1); // [DEFAULT] Isolate everything https://searchfox.org/firefox-main/rev/d88792ab/dom/ipc/ProcessIsolation.cpp#50
defaultPref("gfx.webrender.all", true);

/// Enable the Sanitizer API
// https://github.com/WICG/sanitizer-api
defaultPref("dom.security.sanitizer.enabled", true); // [DEFAULT]

/// Enable Shadow Stacks
// https://wikipedia.org/wiki/Shadow_stack
if (phoenixPlatform == "windows") {
    defaultPref("security.sandbox.gmp.shadow-stack.enabled", true); // [WINDOWS-ONLY] [DEFAULT]
    defaultPref("security.sandbox.gpu.shadow-stack.enabled", true); // [WINDOWS-ONLY] [DEFAULT]
    defaultPref("security.sandbox.rdd.shadow-stack.enabled", true); // [WINDOWS-ONLY] [DEFAULT]
    defaultPref("security.sandbox.socket.shadow-stack.enabled", true); // [WINDOWS-ONLY] [DEFAULT]
    // defaultPref("security.sandbox.content.shadow-stack.enabled", false); // [WINDOWS-ONLY] [DEFAULT] https://codeberg.org/celenity/Phoenix/issues/110
};

/// Enable socket process sandboxing
// https://bugzilla.mozilla.org/show_bug.cgi?id=1608558
defaultPref("security.sandbox.socket.process.level", 2); // [DEFAULT - Linux, non-Thunderbird]

/// Enable Spectre mitigations for isolated content
// Also enabled by ex. Tor Browser
defaultPref("javascript.options.spectre.disable_for_isolated_content", false);

/// Enable Trusted Types
// https://developer.mozilla.org/docs/Web/API/Trusted_Types_API
defaultPref("dom.security.trusted_types.enabled", true); // [DEFAULT]

/// Enable WebAssembly Memory Control
// https://github.com/WebAssembly/memory-control/blob/main/proposals/memory-control/Overview.md
defaultPref("javascript.options.wasm_memory_control", true);

/// Enforce strict file:// Origin Policy
// https://stuffandnonsense.co.uk/blog/firefoxs_file_uri_origin_policy_and_web_fonts
// https://stackoverflow.com/questions/2856502/css-font-face-not-working-with-firefox-but-working-with-chrome-and-ie
defaultPref("security.fileuri.strict_origin_policy", true); // [DEFAULT]

/// Enforce various important security-related prefs
defaultPref("dom.block_external_protocol_in_iframes", true); // [DEFAULT]
defaultPref("security.all_resource_uri_content_accessible", false); // [DEFAULT]
defaultPref("security.allow_eval_in_parent_process", false); // [DEFAULT - non-Android/Thunderbird]
defaultPref("security.allow_eval_with_system_principal", false); // [DEFAULT - non-Android]
defaultPref("security.allow_parent_unrestricted_js_loads", false); // [DEFAULT - non-Android/Thunderbird]
defaultPref("security.allow_unsafe_parent_loads", false); // [DEFAULT]
defaultPref("security.data_uri.block_toplevel_data_uri_navigations", true); // [DEFAULT]

/// Ensure we block old/obsolete libavcodec libraries
// https://searchfox.org/firefox-main/rev/82e2435f/dom/media/platforms/ffmpeg/FFmpegLibWrapper.cpp#61
defaultPref("media.libavcodec.allow-obsolete", false); // [DEFAULT]

/// If WebGL is enabled, force it to be loaded out of process
defaultPref("webgl.out-of-process", true); // [DEFAULT]
defaultPref("webgl.out-of-process.force", true);
defaultPref("webgl.out-of-process.worker", true); // [DEFAULT]

/// Increase the number of processes
// This improves the effectiveness of fission/site isolation, and based on testing, we've also heard from users that this improves performance
// For reference, this matches what Firefox on Desktop is using
if (phoenixPlatform == "android") {
    defaultPref("dom.ipc.processCount", 8); // [ANDROID-ONLY]
    defaultPref("dom.ipc.processCount.webIsolated", 4); // [ANDROID-ONLY]
};

/// Never skip the assertion that about:pages don't have content security policies (CSP)
// This is default on Standard Firefox releases, but not on ex. Thunderbird & other builds
defaultPref("dom.security.skip_about_page_has_csp_assert", false); // [DEFAULT - non-Thunderbird]

/// Prefer to create new content processes, instead of re-using existing ones
// https://searchfox.org/firefox-main/rev/82e2435f/modules/libpref/init/StaticPrefList.yaml#2034
defaultPref("browser.tabs.remote.subframesPreferUsed", false);

/// Prevent marking JIT code pages as both writable and executable, only one or the other...
// Might cause issues in certain specific set-ups
// https://bugzilla.mozilla.org/show_bug.cgi?id=1876632
defaultPref("javascript.options.content_process_write_protect_code", true); // [DEFAULT - OpenBSD?]

/// Prevent AutoConfig files (if being used) from gaining privileged browser access...
// https://www.mozilla.org/firefox/62.0/releasenotes/
// https://searchfox.org/firefox-main/rev/82e2435f/extensions/pref/autoconfig/src/nsReadConfig.cpp#148
lockPref("general.config.sandbox_enabled", true); // [HIDDEN] [DEFAULT - Release/Beta]

/// Prevent remoteTypes from triggering process switches they shouldn't be able to...
// https://searchfox.org/firefox-main/rev/82e2435f/dom/ipc/ContentParent.cpp#5535
// https://searchfox.org/firefox-main/rev/82e2435f/modules/libpref/init/all.js#1917
defaultPref("browser.tabs.remote.enforceRemoteTypeRestrictions", true); // [DEFAULT - Nightly Desktop]

/// Protect against CSRF Attacks (Like Chromium)
// https://groups.google.com/a/mozilla.org/g/dev-platform/c/6PZtLH7c6JQ
// https://hacks.mozilla.org/2020/08/changes-to-samesite-cookie-behavior/
// https://web.dev/articles/samesite-cookies-explained
// https://help.salesforce.com/s/articleView?id=000389944&type=1
// https://portswigger.net/web-security/csrf/bypassing-samesite-restrictions
// https://web.dev/articles/schemeful-samesite
defaultPref("network.cookie.sameSite.laxByDefault", true);
defaultPref("network.cookie.sameSite.laxByDefaultWarningsForBeta", true); // If `network.cookie.sameSite.laxByDefault` is disabled, ensure we still display a warning in the web console
defaultPref("network.cookie.sameSite.noneRequiresSecure", true); // [DEFAULT]
defaultPref("network.cookie.sameSite.schemeful", true); // [DEFAULT - Nightly]

/// Protect against MIME Exploits
// https://www.pcmag.com/encyclopedia/term/mime-exploit
defaultPref("network.sniff.use_extension", false); // [DEFAULT] Only use file extensions to sniff content for `file://` URLs - https://searchfox.org/firefox-main/rev/0fa53bd1/netwerk/streamconv/converters/nsUnknownDecoder.cpp#489 https://bugzilla.mozilla.org/show_bug.cgi?id=1948543
defaultPref("security.block_fileuri_script_with_wrong_mime", true);
defaultPref("security.block_Worker_with_wrong_mime", true); // [DEFAULT]

/// Sandbox AudioIPC (cubeb)
// https://searchfox.org/firefox-main/rev/82e2435f/modules/libpref/init/StaticPrefList.yaml#11215
defaultPref("media.cubeb.sandbox", true); // [DEFAULT]

/// Use a separate content process for `file://` URLs
defaultPref("browser.tabs.remote.separateFileUriProcess", true); // [DEFAULT - non-Android]

/// Warn on unprivileged namespaces [LINUX-ONLY]
if (phoenixPlatform == "android") {
    defaultPref("security.sandbox.warn_unprivileged_namespaces", true); // [LINUX-ONLY] [DEFAULT]
};

/// Yes, this is a real pref... 
// https://searchfox.org/firefox-main/rev/82e2435f/js/xpconnect/src/nsXPConnect.cpp#1167
lockPref("security.turn_off_all_security_so_that_viruses_can_take_over_this_computer", false); // [HIDDEN] [DEFAULT]

defaultPref("browser.phoenix.status", "023");

/*** 024 MISC. ***/

/// Block pop-ups by default
defaultPref("dom.disable_open_during_load", true); // [DEFAULT - non-Thunderbird]

/// Block third-party redirects by default
defaultPref("dom.security.framebusting_intervention.enabled", true); // [DEFAULT]

/// Block websites from prompting to display notifications by default
// I have yet to see a legitimate use-case for websites using push notifications...
// but I see them constantly abused for malicious purposes & spam :/
// `notification.prompt.testing.allow` is used when `notification.prompt.testing` is set to `true` - when `notification.prompt.testing` is set to false, the site permissions are followed like normal instead
// https://searchfox.org/firefox-main/rev/82e2435f/dom/base/nsContentPermissionHelper.h#144
// https://searchfox.org/firefox-main/rev/82e2435f/dom/base/nsContentPermissionHelper.cpp#493
if (phoenixPlatform == "android") {
    defaultPref("notification.prompt.testing", true); // [ANDROID-ONLY] [HIDDEN]
    defaultPref("notification.prompt.testing.allow", false); // [ANDROID-ONLY] [HIDDEN]
} else if (phoenixMail == false) {
    defaultPref("permissions.default.desktop-notification", 2); // [NO-ANDROID] [NO-MAIL]
};

/// Disable Captive Portal Detection & Connectivity Checks
// Privacy & security concerns, and in general best handled by the OS.
// https://support.mozilla.org/kb/how-stop-firefox-making-automatic-connections#w_network-detection
// https://www.eff.org/deeplinks/2017/08/how-captive-portals-interfere-wireless-security-and-privacy
defaultPref("captivedetect.canonicalURL", "");
defaultPref("network.captive-portal-service.enabled", false); // [DEFAULT - Android/Thunderbird]
defaultPref("network.connectivity-service.DNSv4.domain", "");
defaultPref("network.connectivity-service.DNSv6.domain", "");
defaultPref("network.connectivity-service.enabled", false);
defaultPref("network.connectivity-service.IPv4.url", "");
defaultPref("network.connectivity-service.IPv6.url", "");
defaultPref("network.trr.wait-for-portal", false); // [DEFAULT] Do not wait for captive portal to enable DoH https://searchfox.org/firefox-main/rev/82e2435f/modules/libpref/init/StaticPrefList.yaml#14839

/// Disable Firefox's "Reset/Refresh Profile" prompt
// This could cause Phoenix users serious issues, especially those with custom configs/user.js files...
// We also configure the "DisableProfileRefresh" policy
// https://mozilla.github.io/policy-templates/#disableprofilerefresh
if (phoenixPlatform != "android" && phoenixMail == false) {
    lockPref("browser.disableResetPrompt", true); // [NO-ANDROID] [NO-MAIL] [HIDDEN]
};

/// Disable input (editable field) auto-zoom by default
// https://bugzilla.mozilla.org/show_bug.cgi?id=834613
// https://searchfox.org/firefox-main/rev/62066911/mobile/android/geckoview/src/main/java/org/mozilla/geckoview/GeckoRuntimeSettings.java#464
// This is the default value for desktop, but it's typically hidden - so we're just setting it here to expose at `about:config`
// https://searchfox.org/firefox-main/rev/62066911/dom/base/nsDOMWindowUtils.cpp#3018
if (phoenixPlatform != "android") {
    defaultPref("formhelper.autozoom", false); // [NO-ANDROID] [HIDDEN] [DEFAULT]
};

/// Disable keyboard locking
// Prevents websites from being able to hijack browser/OS-level key combinations
// "Keyboard locking allows a fullscreen application to intercept and handle some keys and key combinations that would otherwise be exclusively handled by the browser or the underlying OS" (1)
// 1: https://developer.mozilla.org/docs/Web/API/Element/requestFullscreen#keyboard_locking
// https://codeberg.org/celenity/Phoenix/issues/291
defaultPref("dom.fullscreen.keyboard_lock.enabled", false); // [DEFAULT - Android]

/// Disable network connectivity status monitoring
// (Ex. used for automatically switching between offline & online mode)
// https://bugzilla.mozilla.org/show_bug.cgi?id=620472
defaultPref("network.manage-offline-status", false);
defaultPref("network.offline-mirrors-connectivity", false); // [DEFAULT]

/// Disable network requests to 0.0.0.0
// Appears to mitigate a (potentially severe?) privacy/security issue, but bug is confidential so I'm unable to find actual details...
// This is also being set by Tor Browser
// https://bugzilla.mozilla.org/show_bug.cgi?id=1889130
defaultPref("network.socket.ip_addr_any.disabled", true); // [DEFAULT]

/// Disable profiler integration/icons at about:processes
// Improves UI/UX - we don't really support the Gecko Profiler
// Also useful for hardened forks that remove the Gecko Profiler entirely (ex. IronFox)
// https://searchfox.org/firefox-main/rev/83d1a08d/modules/libpref/init/all.js#3722
defaultPref("toolkit.aboutProcesses.showProfilerIcons", false);

/// Disable WebVTT Testing Events
// https://searchfox.org/firefox-main/rev/82e2435f/dom/media/webvtt/HTMLTrackElement.cpp#530
defaultPref("media.webvtt.testing.events", false); // [DEFAULT]

/// Enable Firefox's newer 'Felt privacy' design for Certificate Errors
defaultPref("security.certerrors.felt-privacy-v1", true); // [HIDDEN - Android/Thunderbird] [DEFAULT - Firefox Desktop]

/// Enable Firefox's newer 'Felt privacy' design for Private Browsing
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.privatebrowsing.felt-privacy-v1", true); // [NO-ANDROID] [NO-MAIL]
};

/// Enable GREASE (Generate Random Extensions And Sustain Extensibility)
// This indirectly improves security for users, by ensuring that future TLS extensions/implementations are properly supported by websites
// For reference, this is enabled/always enforced by Chromium
// https://groups.google.com/a/chromium.org/g/security-dev/c/d_f6higCJzc
defaultPref("security.tls.ech.disable_grease_on_fallback", false); // [DEFAULT]
defaultPref("security.tls.ech.grease_http3", true); // [DEFAULT]
defaultPref("security.tls.ech.grease_probability", 100); // [DEFAULT] Sets probability of using GREASE for ECH to 100%
defaultPref("security.tls.grease_http3_enable", true);

/// Enable more detailed property error messages
defaultPref("javascript.options.property_error_message_fix", true); // [DEFAULT]

/// Ensure that holding shift bypasses context menu events
// (When holding shift, this prevents websites from hijacking the right click/context menu)
// https://developer.mozilla.org/docs/Web/API/Element/contextmenu_event
defaultPref("dom.event.contextmenu.shift_suppresses_event", true); // [DEFAULT]

/// Force pop-up windows to open in new tabs instead
defaultPref("browser.link.open_newwindow", 3); // [DEFAULT]
defaultPref("browser.link.open_newwindow.restriction", 0); // [DEFAULT - Android/Thunderbird]

/// If a connection with HTTP/3 fails, allow retrying it with a different IP address
// https://searchfox.org/firefox-main/rev/62066911/netwerk/protocol/http/ConnectionEntry.cpp#1031
defaultPref("network.http.http3.retry_different_ip_family", true); // [DEFAULT - Nightly]

/// If a connection to a primary or back-up half-open network socket fails while the other is still connecting,
// retry the connection with the one that is still connecting
// https://searchfox.org/firefox-main/rev/62066911/modules/libpref/init/StaticPrefList.yaml#16190
defaultPref("network.http.retry_with_another_half_open", true); // [DEFAULT - Nightly]

/// Limit what events can cause pop-ups
defaultPref("dom.popup_allowed_events", "click dblclick");

/// Notify on Pop-up blocking by default [NO-ANDROID] [NO-MAIL]
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("privacy.popups.showBrowserMessage", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
};

/// Open links from external programs in new tabs by default [NO-ANDROID] [NO-MAIL]
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.link.open_newwindow.override.external", 3); // [NO-ANDROID] [NO-MAIL]
};

/// Prevent Safe Mode from automatically starting by default
// This causes ex. all extensions (such as uBlock Origin) to be disabled
// Users can still manually start Safe Mode from the command line if needed
// https://searchfox.org/firefox-main/rev/82e2435f/browser/app/profile/firefox.js#2142
defaultPref("toolkit.startup.max_resumed_crashes", -1); // [HIDDEN - non-Firefox Desktop]

/// Prevent scripts from moving, resizing, and messing with windows
defaultPref("dom.allow_scripts_to_close_windows", false); // [DEFAULT]
defaultPref("dom.disable_window_flip", true); // [DEFAULT - non-Android]
defaultPref("dom.disable_window_move_resize", true); // [DEFAULT - Android]

/// Prevent websites from automatically refreshing
defaultPref("browser.meta_refresh_when_inactive.disabled", true); // [DEFAULT - Android]
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("accessibility.blockautorefresh", true); // [NO-ANDROID] [NO-MAIL]
};

/// Show 'Always ask' for camera & microphone in the permissions drop-down (when that's what the user chose...)
// https://searchfox.org/firefox-main/rev/82e2435f/browser/app/profile/firefox.js#933
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("permissions.media.show_always_ask.enabled", true); // [NO-ANDROID] [NO-MAIL]
};

/// Show an error page/details instead of a blank page for HTTP responses with certain error codes (ex. 4xx, 5xx, & Content-Length: 0)
// ex. https://ozuma.sakura.ne.jp/httpstatus/400
defaultPref("browser.http.blank_page_with_error_response.enabled", false); // [DEFAULT - non-Android]

/// Set certain default site permissions
// These match Firefox's default settings, but, the prefs are hidden by default - so this exposes them at `about:config`
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("permissions.default.focus-tab-by-prompt", 0); // [NO-ANDROID] [NO-MAIL] [HIDDEN] [DEFAULT] Tab focus/switching - 0: Always ask, 1: Allow
    defaultPref("permissions.default.persistent-storage", 0); // [NO-ANDROID] [NO-MAIL] [HIDDEN] [DEFAULT] Persistent storage - 0: Always ask, 1: Allow, 2: Block
    defaultPref("permissions.default.screen", 0); // [NO-ANDROID] [NO-MAIL] [HIDDEN] [DEFAULT] Screensharing - 0: Always ask, 2: Block
    defaultPref("permissions.default.speaker", 0); // [NO-ANDROID] [NO-MAIL] [HIDDEN] [DEFAULT] Speaker Selection - 0: Always ask, 2: Block
};

defaultPref("browser.phoenix.status", "024");

/*** 025 DEBUGGING ***/

/// Allow inspecting the browser chrome by default
defaultPref("devtools.chrome.enabled", true); // [DEFAULT - Thunderbird]

/// Allow inspecting the DOM by default
if (phoenixPlatform != "android") {
    defaultPref("devtools.dom.enabled", true); // [NO-ANDROID]
};

/// Allow inspecting/debugging local tabs from `about:debugging` by default
// Useful, especially for Thunderbird, as it gives us a URL bar...
// On Thunderbird, you can use it by navigating to `Tools` -> `Developer Tools` -> `Debug Add-ons` (`about:debugging`), and choosing `Inspect` next to any tab...
if (phoenixPlatform != "android") {
    defaultPref("devtools.aboutdebugging.local-tab-debugging", true); // [NO-ANDROID] [DEFAULT - non-MOZILLA_OFFICIAL builds]
};

/// Allow inspecting/debugging processes from `about:debugging` by default
if (phoenixPlatform != "android") {
    defaultPref("devtools.aboutdebugging.process-debugging", true); // [NO-ANDROID] [DEFAULT]
};

/// Always prompt before connecting to Remote Debugging...
lockPref("devtools.debugger.prompt-connection", true); // [DEFAULT - non-Nightly]

/// "Beautify" HTML content upon copy to the clipboard by default
if (phoenixPlatform != "android") {
    defaultPref("devtools.markup.beautifyOnCopy", true); // [NO-ANDROID]
};

/// Disable annoying "A simpler highlighter can be enabled in the settings..." banner when using developer tools
if (phoenixPlatform != "android") {
    defaultPref("devtools.inspector.simple-highlighters.message-dismissed", true); // [NO-ANDROID] [HIDDEN]
};

/// Disable annoying "Firefox Profiler is now integrated into Developer Tools" banner when opening the performance panel
if (phoenixPlatform != "android") {
    defaultPref("devtools.performance.new-panel-onboarding", false); // [NO-ANDROID] [HIDDEN]
};

/// Disable automatic bracket/quote closing by default
if (phoenixPlatform != "android") {
    defaultPref("devtools.editor.autoclosebrackets", false); // [NO-ANDROID]
};

/// Disable editor onboarding
if (phoenixPlatform != "android") {
    defaultPref("devtools.webconsole.input.editorOnboarding", false); // [NO-ANDROID]
};

/// Disable gecko-trace
// https://searchfox.org/firefox-main/rev/83d1a08d/toolkit/components/gecko-trace/GeckoTrace.cpp#251
// https://searchfox.org/firefox-main/rev/83d1a08d/modules/libpref/init/StaticPrefList.yaml#18411
defaultPref("toolkit.gecko-trace.enable", false); // [DEFAULT]

/// Disable JS dump()
// https://searchfox.org/firefox-main/rev/82e2435f/modules/libpref/init/all.js#602
defaultPref("browser.dom.window.dump.enabled", false); // [DEFAULT - non-Android, desktop `MOZILLA_OFFICIAL` builds]

/// Disable network monitoring by default
if (phoenixPlatform != "android") {
    defaultPref("devtools.browserconsole.enableNetworkMonitoring", false); // [NO-ANDROID] [DEFAULT]
};

/// Disable pausing on debugger statements by default
if (phoenixPlatform != "android") {
    defaultPref("devtools.debugger.pause-on-debugger-statement", false); // [NO-ANDROID]
};

/// Disable the performance panel intro
if (phoenixPlatform != "android") {
    defaultPref("devtools.performance.popup.intro-displayed", true); // [NO-ANDROID]
};

/// Disable Remote Debugging by default
// We also reset this per-session by setting it as a user pref
// https://firefox-source-docs.mozilla.org/devtools/backend/protocol.html
defaultPref("devtools.debugger.remote-enabled", false); // [DEFAULT - non-Thunderbird]
if (phoenixForceResetRemoteDebugging == true || getPref("browser.phoenix.reset.devtools.debugger.remote-enabled") == true) {
    pref("devtools.debugger.remote-enabled", false);
};

/// Disable the Remote Debugging Web Socket
lockPref("devtools.debugger.remote-websocket", false); // [DEFAULT]

/// Disable sending console output to logcat by default
// https://bugzilla.mozilla.org/show_bug.cgi?id=1415318
if (phoenixPlatform == "android") {
    defaultPref("consoleservice.logcat", false); // [ANDROID-ONLY]
    defaultPref("geckoview.console.enabled", false); // [ANDROID-ONLY]
};

/// Display content scripts injected by extensions when debugging by default
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("devtools.debugger.show-content-scripts", true); // [NO-ANDROID] [NO-MAIL]
};

/// Display Web Console timestamps by default
// https://searchfox.org/firefox-main/rev/82e2435f/devtools/client/webconsole/constants.js#81
if (phoenixPlatform != "android") {
    defaultPref("devtools.webconsole.timestampMessages", true); // [NO-ANDROID]
};

/// Disable WebDriver BiDi experimental commands and events
// https://wiki.mozilla.org/WebDriver/RemoteProtocol/WebDriver_BiDi
// https://searchfox.org/firefox-main/rev/82e2435f/remote/doc/Prefs.md#25
lockPref("remote.experimental.enabled", false); // [DEFAULT - non-Nightly]

/// Display responses in the "raw" format in the network monitor by default
if (phoenixPlatform != "android") {
    defaultPref("devtools.netmonitor.ui.default-raw-response", true); // [NO-ANDROID]
};

/// Enable the Anti tracking debug panel by default
// https://searchfox.org/firefox-main/rev/644f0db1/devtools/client/definitions.js#485
if (phoenixPlatform != "android") {
    defaultPref("devtools.anti-tracking.enabled", true); // [NO-ANDROID]
};

/// Enable DevTools buttons by default
if (phoenixPlatform != "android") {
    defaultPref("devtools.command-button-errorcount.enabled", true); // [NO-ANDROID] [DEFAULT] Error Count - https://searchfox.org/firefox-main/rev/82e2435f/devtools/client/framework/toolbox.js#2209
    defaultPref("devtools.command-button-frames.enabled", true); // [NO-ANDROID] [DEFAULT] Frame Target - https://searchfox.org/firefox-main/rev/82e2435f/devtools/client/framework/toolbox.js#2189
    defaultPref("devtools.command-button-measure.enabled", true); // [NO-ANDROID] Measure - https://searchfox.org/firefox-main/rev/82e2435f/devtools/client/themes/toolbox.css#541
    defaultPref("devtools.command-button-noautohide.enabled", true); // [NO-ANDROID] No Pop-up Autohide - https://searchfox.org/mozilla-central/rev/f1e32fa7/devtools/client/framework/components/ToolboxToolbar.js#118
    defaultPref("devtools.command-button-pick.enabled", true); // [NO-ANDROID] [DEFAULT] Element picker https://searchfox.org/firefox-main/rev/82e2435f/devtools/client/framework/toolbox.js#2333
    defaultPref("devtools.command-button-responsive.enabled", true); // [NO-ANDROID] [DEFAULT] Responsive - https://searchfox.org/firefox-main/rev/82e2435f/devtools/client/definitions.js#557
    defaultPref("devtools.command-button-rulers.enabled", true); // [NO-ANDROID] Ruler - https://searchfox.org/firefox-main/rev/82e2435f/devtools/client/themes/toolbox.css#537
    defaultPref("devtools.command-button-screenshot.enabled", true); // [NO-ANDROID] Screenshot - https://searchfox.org/firefox-main/rev/82e2435f/devtools/client/definitions.js#588
};

/// Enable experimental DevTools preferences by default
// https://searchfox.org/firefox-main/rev/82e2435f/devtools/client/definitions.js#550
if (phoenixPlatform != "android") {
    defaultPref("devtools.command-button-experimental-prefs.enabled", true); // [NO-ANDROID] [HIDDEN - non-MOZILLA_OFFICIAL builds] [DEFAULT - non-MOZILLA_OFFICIAL builds]
};

/// Enable the Web Console sidebar toggle
// https://searchfox.org/firefox-main/rev/82e2435f/devtools/client/webconsole/webconsole-ui.js#46
if (phoenixPlatform != "android") {
    defaultPref("devtools.webconsole.sidebarToggle", true); // [NO-ANDROID] [DEFAULT - Nightly]
};

/// Enforce local debugging only
lockPref("devtools.debugger.force-local", true); // [DEFAULT]
if (phoenixPlatform != "android") {
    lockPref("devtools.inspector.remote", false); // [NO-ANDROID] [DEFAULT]
};

/// Enforce system access checks for WebDriver
// https://searchfox.org/firefox-esr140/rev/ba1d416c/remote/marionette/driver.sys.mjs#65
// https://searchfox.org/firefox-main/rev/82e2435f/remote/doc/Prefs.md#61
// https://bugzilla.mozilla.org/show_bug.cgi?id=1955007
if (phoenixESR == true) {
    lockPref("remote.system-access-check.enabled", true); // [NO-ANDROID] [ESR] [HIDDEN] [DEFAULT]
};

/// Highlight syntax when viewing the source of webpages (via `view-source:`)
defaultPref("view_source.syntax_highlight", true); // [DEFAULT - non-Thunderbird]

/// Limit GeckoView's log level to "Warn" by default
if (phoenixPlatform == "android") {
    defaultPref("geckoview.logging", "Warn"); // [ANDROID-ONLY] [DEFAULT - non-Debug]
};

/// Pretty print code when debugging by default
if (phoenixPlatform != "android") {
    defaultPref("devtools.debugger.auto-pretty-print", true); // [NO-ANDROID]
};

/// Prevent automatically clearing log messages after page reloads/navigation
if (phoenixPlatform != "android") {
    defaultPref("devtools.netmonitor.persistlog", true); // [NO-ANDROID]
    defaultPref("devtools.webconsole.persistlog", true); // [NO-ANDROID]
};

/// Prevent console API from writing to `stdout` when used by chrome content
defaultPref("devtools.console.stdout.chrome", false); // [DEFAULT - non-Android, `MOZILLA_OFFICIAL` builds]

/// Prevent filter queries/searches and recent selections from persisting across restarts
// (For this to be effective, these prefs must be set as "user" prefs)
if (phoenixPlatform != "android") {
    defaultPref("devtools.debugger.pending-selected-location", "{}"); // [NO-ANDROID] [DEFAULT]
    defaultPref("devtools.netmonitor.requestfilter", ""); // [NO-ANDROID] [DEFAULT]
    pref("devtools.debugger.pending-selected-location", "{}"); // [NO-ANDROID]
    pref("devtools.netmonitor.requestfilter", ""); // [NO-ANDROID]
};

/// Prevent logging URLs in Reader errors
defaultPref("reader.errors.includeURLs", false); // [DEFAULT - Android/Thunderbird]

/// Prevent WebDriver from overriding preferences by default
// https://searchfox.org/firefox-main/rev/82e2435f/remote/doc/Prefs.md#41
defaultPref("remote.prefs.recommended", false);

/// Significantly reduce input history
if (phoenixPlatform != "android") {
    defaultPref("devtools.webconsole.inputHistoryCount", 10); // [NO-ANDROID] [DEFAULT: 300]
};

/// Set Browser/Error Console scope to "Multiprocess" instead of "Parent process only" by default
// https://searchfox.org/firefox-main/rev/82e2435f/devtools/client/webconsole/webconsole-ui.js#47
if (phoenixPlatform != "android") {
    defaultPref("devtools.browsertoolbox.scope", "everything"); // [NO-ANDROID] [DEFAULT - Thunderbird] 
};

// Show default/browser styles in the Inspector by default
if (phoenixPlatform != "android") {
    defaultPref("devtools.inspector.showUserAgentStyles", true); // [NO-ANDROID]
};

/// Unbreak debugging if `localhost` can't be looked up via DNS
// (Ex. for Tor Browser)
// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16523
if (phoenixPlatform != "android") {
    defaultPref("devtools.debugger.chrome-debugging-host", "127.0.0.1"); // [NO-ANDROID]
};

/// Wrap lines when debugging by default
// https://discourse.mozilla.org/t/long-line-wrapping-in-developer-tools-css-editor-and-debugger-code-views/47058
if (phoenixPlatform != "android") {
    defaultPref("devtools.debugger.ui.editor-wrapping", true); // [NO-ANDROID]
};

/// Wrap lines when viewing the source of webpages (via `view-source:`)
defaultPref("view_source.wrap_long_lines", true); // [DEFAULT - Android]

defaultPref("browser.phoenix.status", "025");

/*** 026 PERFORMANCE ***/

// Some of these are taken from https://github.com/yokoffing/Betterfox/blob/main/Fastfox.js

/// Compress cached JavaScript bytecode
// https://github.com/yokoffing/Betterfox/issues/247
// https://searchfox.org/firefox-main/rev/82e2435f/dom/script/ScriptCompression.cpp#99
// (Default = 0, which means it's off)
defaultPref("browser.cache.jsbc_compression_level", 3);

/// Disable async stack tracing by default
// https://searchfox.org/firefox-main/rev/52e25e8b/modules/libpref/init/all.js#891
defaultPref("javascript.options.asyncstack", false);
defaultPref("javascript.options.asyncstack_capture_debuggee_only", true); // [DEFAULT] If async stack tracing (javascript.options.asyncstack) is enabled, only capture data when devtools are open

/// Disable certain UI animations by default
// https://searchfox.org/firefox-main/rev/82e2435f/widget/nsXPLookAndFeel.cpp#87
// https://searchfox.org/firefox-main/rev/82e2435f/widget/LookAndFeel.h#48
if (phoenixPlatform != "android") {
    defaultPref("ui.panelAnimations", 0); // [NO-ANDROID] [HIDDEN]
    defaultPref("ui.prefersReducedMotion", 1); // [NO-ANDROID] [HIDDEN] 
    defaultPref("ui.swipeAnimationEnabled", 0); // [NO-ANDROID] [HIDDEN]
};
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("sidebar.animation.enabled", false); // [NO-ANDROID] [NO-MAIL] https://searchfox.org/firefox-main/rev/82e2435f/browser/components/sidebar/browser-sidebar.js#2439
};

/// Disable CSS error reporting by default
// https://bugzilla.mozilla.org/show_bug.cgi?id=831123
defaultPref("layout.css.report_errors", false); // [DEFAULT - Android]

/// Disable extra extension logging by default
// https://searchfox.org/firefox-main/rev/82e2435f/browser/app/profile/firefox.js#29
defaultPref("extensions.logging.enabled", false); // [DEFAULT]

/// Disable pacing requests
// https://codeberg.org/celenity/Phoenix/issues/84
defaultPref("network.http.pacing.requests.enabled", false);

/// Display advanced performance settings at `about:preferences#general`
// Despite what the name suggests, Firefox will remain at the default/recommended performance settings - all this does is expose the UI settings...
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.preferences.defaultPerformanceSettings.enabled", false); // [NO-ANDROID] [NO-MAIL]
};

/// Enable Advanced Vector Extensions (AVX)
// https://wikipedia.org/wiki/Advanced_Vector_Extensions
// https://www.supportyourtech.com/articles/how-to-enable-avx-support-in-windows-11-a-step-by-step-guide/
defaultPref("javascript.options.wasm_simd_avx", true); // [DEFAULT]

/// Enable Branch Hinting
// https://github.com/WebAssembly/branch-hinting/blob/main/proposals/branch-hinting/Overview.md
defaultPref("javascript.options.wasm_branch_hinting", true); // [DEFAULT]

/// Enable Canvas2D acceleration (if supported)
// `gfx.canvas.accelerated.force-enabled` can be used to forcefully enable this acceleration, regardless of platform support
defaultPref("gfx.canvas.accelerated", true); // [DEFAULT]
defaultPref("gfx.canvas.accelerated.cache-items", 32768); // [Default = 8192, Chromium = 4096]
defaultPref("gfx.canvas.accelerated.cache-size", 4096); // Increase cache size (Default = 256, Chromium = 512)

/// Enable CSS Masonry Layout
// https://www.smashingmagazine.com/native-css-masonry-layout-css-grid/
// (For testing: https://codepen.io/rachelandrew/pen/wvWmZWB)
defaultPref("layout.css.grid-template-masonry-value.enabled", true); // [DEFAULT - Nightly/Thunderbird] 

/// Enable dynamic reflow roots
// https://bugzilla.mozilla.org/show_bug.cgi?id=1159042
defaultPref("layout.dynamic-reflow-roots.enabled", true); // [DEFAULT - Nightly]

/// Enable the "fetchpriority" attribute
// https://web.dev/articles/fetch-priority
defaultPref("network.fetchpriority.enabled", true); // [DEFAULT]

/// Enable hardware acceleration by default
defaultPref("layers.acceleration.disabled", false); // [DEFAULT]

/// Enable JS GC Parallel Marking
defaultPref("javascript.options.mem.gc_parallel_marking", true); // [DEFAULT - non-Android]

/// Enable SIMD
// https://stackoverflow.blog/2020/07/08/improving-performance-with-simd-intrinsics-in-three-use-cases/
defaultPref("javascript.options.wasm_relaxed_simd", true); // [DEFAULT]

/// Enable the WebRender native compositor (if supported)
// `gfx.webrender.compositor.force-enabled` can be used to forcefully enable this acceleration, regardless of platform support
defaultPref("gfx.webrender.compositor", true); // [DEFAULT - macOS/Windows]

/// Enable Window Occlusion
// https://chromeenterprise.google/policies/#WindowOcclusionEnabled
// https://searchfox.org/firefox-main/rev/82e2435f/gfx/thebes/gfxPlatform.cpp#3271
if (phoenixPlatform == "windows") {
    defaultPref("widget.windows.window_occlusion_tracking.enabled", true); // [WINDOWS-ONLY] [DEFAULT]
};

/// Increase buffering for video playback
// This doesn't apply to videos delivered via Media Source Extensions
// https://www.cloudflare.com/learning/video/what-is-buffering/
// https://bugzilla.mozilla.org/show_bug.cgi?id=1540573
// https://searchfox.org/firefox-main/rev/82e2435f/dom/media/ChannelMediaDecoder.cpp#467
defaultPref("media.cache_readahead_limit", 600); // (Default = 60)
defaultPref("media.cache_readahead_limit.cellular", 600); // (Default = 30)
defaultPref("media.cache_resume_threshold", 300); // (Default = 30)
defaultPref("media.cache_resume_threshold.cellular", 300); // (Default = 10)
defaultPref("media.throttle-cellular-regardless-of-download-rate", false); // [HIDDEN - non-Android] [DEFAULT - non-Android]

/// Increase the chunk size for calls to image decoders
// (Default = 16384)
defaultPref("image.mem.decode_bytes_at_a_time", 65536);

/// Increase DNS caching
defaultPref("network.dnsCacheExpiration", 3600); // (Default = 60)
defaultPref("network.dnsCacheEntries", 10000); // (Default = 1600)

/// Increase the file-backed media cache size for cellular connections
// (Default = 32768)
// This is set to match the value of "media.cache_size"
defaultPref("media.cache_size.cellular", 512000);

/// Increase the image cache size
// (Default = 5242880 - non-Android, 1048576 - Android)
defaultPref("image.cache.size", 10485760);

/// Increase the memory-backed media cache size
defaultPref("media.memory_cache_max_size", 262144); // (Default = 8192)
defaultPref("media.memory_caches_combined_limit_kb", 1048576); // (Default = 524288)

/// Increase memory cache
defaultPref("browser.cache.memory.capacity", 131072); // (Default = -1)
defaultPref("browser.cache.memory.max_entry_size", 20480); // (Default = 5120)

/// Increase the skia font cache size (Similar to Chromium)
// https://bugzilla.mozilla.org/show_bug.cgi?id=1239151#c2
// (Default = 5, Chromium = 20)
defaultPref("gfx.content.skia-font-cache-size", 32);

/// Increase the maximum number of HTTP connections
defaultPref("network.http.max-connections", 1800); // (Default = 128 for Android, 900 elsewhere)
defaultPref("network.http.max-persistent-connections-per-proxy", 48); // (Default = 20 for Android, 32 elsewhere)
defaultPref("network.http.max-persistent-connections-per-server", 10); // (Default = 6)
defaultPref("network.http.max-urgent-start-excessive-connections-per-host", 5); // (Default = 3)
defaultPref("network.http.request.max-start-delay", 5); // (Default = 10)

/// Increase TLS token caching
// https://codeberg.org/celenity/Phoenix/issues/84
// https://searchfox.org/firefox-main/rev/82e2435f/netwerk/base/SSLTokensCache.cpp#491
// (Default = 2048)
defaultPref("network.ssl_tokens_cache_capacity", 10240);

/// Use higher performance pinch-zoom
// https://searchfox.org/firefox-main/rev/82e2435f/modules/libpref/init/StaticPrefList.yaml#8039
defaultPref("gfx.webrender.low-quality-pinch-zoom", true); // [DEFAULT - Android Nightly]

defaultPref("browser.phoenix.status", "026");

/*** 027 Personal Touch 💜 ***/

/// Things that are nice to have™
// Not directly privacy & security related

/// Allow downloading and switching locales
if (phoenixPlatform != "android") {
    defaultPref("app.update.langpack.enabled", true); // [NO-ANDROID] [DEFAULT]
    defaultPref("intl.multilingual.downloadEnabled", true); // [NO-ANDROID] [DEFAULT - non-Developer/Nightly]
    defaultPref("intl.multilingual.enabled", true); // [NO-ANDROID] [DEFAULT - non-Developer/Nightly]
};

/// Allow Picture-in-Picture on all websites, even if they try to block it...
defaultPref("media.videocontrols.picture-in-picture.respect-disablePictureInPicture", false);

/// Allow zoom by default...
defaultPref("apz.allow_zooming", true); // [DEFAULT]

/// Allow zoom on all websites, even if the website tries to block it...
// (This is the `Zoom on all websites` UI setting for Android)
defaultPref("browser.ui.zoom.force-user-scalable", true);

/// Allow zooming out beyond the initial scale of websites by default
// https://searchfox.org/firefox-main/rev/82e2435f/gfx/layers/apz/src/AsyncPanZoomController.cpp#155
defaultPref("apz.allow_zooming_out", true);

/// Allow the use of custom CSS by default
if (phoenixPlatform != "android") {
    defaultPref("toolkit.legacyUserProfileCustomizations.stylesheets", true); // [NO-ANDROID]
};

/// Always display the Bookmarks toolbar by default
// https://support.mozilla.org/kb/bookmarks-toolbar-display-favorite-websites
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.toolbars.bookmarks.visibility", "always"); // [NO-ANDROID] [NO-MAIL]
};

/// Always load bookmarks in new tabs by default
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.tabs.loadBookmarksInTabs", true); // [NO-ANDROID] [NO-MAIL]
};

/// Clean-up default UI
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.uiCustomization.state", '{"placements":{"widget-overflow-fixed-list":["fxa-toolbar-menu-button","ipprotection-button"],"unified-extensions-area":[],"nav-bar":["sidebar-button","screenshot-button","back-button","forward-button","vertical-spacer","stop-reload-button","urlbar-container","_testpilot-containers-browser-action","reset-pbm-toolbar-button","developer-button","ublock0_raymondhill_net-browser-action","downloads-button","unified-extensions-button"],"TabsToolbar":["tabbrowser-tabs","new-tab-button"],"vertical-tabs":[],"PersonalToolbar":["personal-bookmarks"],"toolbar-menubar":["menubar-items"]},"dirtyAreaCache":["widget-overflow-fixed-list","nav-bar","TabsToolbar","vertical-tabs","PersonalToolbar"],"currentVersion":24,"newElementCount":19}'); // [NO-ANDROID] [NO-MAIL]
};

/// Disable annoying Web Speech API error pop-ups, especially relevant on Linux
// https://searchfox.org/firefox-main/rev/82e2435f/browser/actors/SpeechDispatcherParent.sys.mjs#7
if (phoenixPlatform != "android") {
    defaultPref("media.webspeech.synth.dont_notify_on_error", true); // [NO-ANDROID] [HIDDEN]
};

/// Disable fullscreen delay
defaultPref("full-screen-api.transition-duration.enter", "0 0"); // [Default = 200 200]
defaultPref("full-screen-api.transition-duration.leave", "0 0"); // [Default = 200 200]

/// Display an icon to clear search boxes (for `search` `<input>` types)
// https://bugzilla.mozilla.org/show_bug.cgi?id=1654288
// https://developer.mozilla.org/docs/Web/HTML/Reference/Elements/input/search
defaultPref("layout.forms.input-type-search.enabled", true);

/// Display "More settings" on print previews by default
// https://searchfox.org/firefox-main/rev/643d7328/modules/libpref/init/all.js#761
defaultPref("print.more-settings.open", true);

/// Display the option to enable `Compact` mode at `Customize toolbar...`
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.compactmode.show", true); // [NO-ANDROID] [NO-MAIL]
};

/// Display a spinning animation while websites are loading
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.spin_cursor_while_busy", true); // [NO-ANDROID] [NO-MAIL]
};

/// Display supported media codecs/capabilities at `about:support` by default
// https://searchfox.org/firefox-release/rev/70f5597c/toolkit/content/aboutSupport.js#1044
defaultPref("media.mediacapabilities.from-database", true); // [DEFAULT - Nightly]

/// Do not close the browser window if all tabs are closed by default
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.tabs.closeWindowWithLastTab", false); // [NO-ANDROID] [NO-MAIL]
};

/// Enable autoscrolling by default
defaultPref("apz.autoscroll.enabled", true); // [DEFAULT]
defaultPref("general.autoScroll", true); // [HIDDEN - Android] [DEFAULT - non-Android/Unix (excluding macOS, where it is on by default)]

/// Enable Backup settings (at `about:preferences#general`) by default
if (phoenixESR == true && phoenixMail == false) {
    defaultPref("browser.backup.preferences.ui.enabled", true); // [NO-ANDROID] [NO-MAIL] [ESR]
};

/// Enable + customize the new Sidebar by default
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.toolbarbuttons.introduced.sidebar-button", false); // [NO-ANDROID] [NO-MAIL] Prevents Sidebar from automatically opening and closing on first launch - also needs `browser.uiCustomization.state`
    defaultPref("sidebar.backupState", '{"command":"","launcherWidth":0,"launcherExpanded":false,"launcherVisible":false}'); // [NO-ANDROID] [NO-MAIL] Hide by default
    defaultPref("sidebar.main.tools", "bookmarks,syncedtabs,history"); // [NO-ANDROID] [NO-MAIL] Removes AI Chat, adds Bookmarks
    defaultPref("sidebar.revamp", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT - Nightly]
    defaultPref("sidebar.visibility", "hide-sidebar"); // [NO-ANDROID] [NO-MAIL] Hide by default
};

/// Enable developer options for `about:profiling`
defaultPref("devtools.performance.aboutprofiling.has-developer-options", true);

/// Enable display of in-process subframes at `about:processes` by default
defaultPref("toolkit.aboutProcesses.showAllSubframes", true);

/// Enable image/table resizing (for text input) by default
// https://bugzilla.mozilla.org/show_bug.cgi?id=1449564
// https://bugzilla.mozilla.org/show_bug.cgi?id=1604144
defaultPref("editor.inline_table_editing.enabled_by_default", true);
defaultPref("editor.positioning.enabled_by_default", true);
defaultPref("editor.resizing.enabled_by_default", true);

/// Enable taskbar lists/tasks by default
// https://codeberg.org/celenity/Phoenix/pulls/228
if (phoenixPlatform == "windows" && phoenixMail == false) {
    defaultPref("browser.taskbar.lists.enabled", true); // [WINDOWS-ONLY] [NO-MAIL] [DEFAULT]
    defaultPref("browser.taskbar.lists.tasks.enabled", true); // [WINDOWS-ONLY] [NO-MAIL] [DEFAULT]
};

/// Enable display of thread information at `about:processes` by default
defaultPref("toolkit.aboutProcesses.showThreads", true); // [DEFAULT - Nightly]

/// Enable Firefox Translations (+ the pop-up) by default
// Translations are done locally - very nice to have
// https://support.mozilla.org/kb/website-translation
// Currently broken on Thunderbird :(
if (phoenixMail == false) {
    defaultPref("browser.ai.control.translations", "enabled"); // [NO-MAIL]
    defaultPref("browser.translations.automaticallyPopup", true); // [NO-MAIL] [DEFAULT]
    defaultPref("browser.translations.enable", true); // [NO-MAIL] [DEFAULT - non-Thunderbird]
    defaultPref("browser.translations.select.enable", true); // [NO-MAIL] [DEFAULT - non-Android/Thunderbird]
    defaultPref("browser.translations.simulateUnsupportedEngine", false); // [NO-MAIL] [DEFAULT]
};
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("extensions.translations.disabled", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN] Enables `Exceptions` UI at `about:preferences#general`
};
if (phoenixESR == true && phoenixMail == false) {
    defaultPref("browser.translations.newSettingsUI.enable", true); // [NO-ANDROID] [NO-MAIL] [ESR] Enables the new UI at `about:preferences#general`
};

/// Enable IPv6
// Important, nice to have
defaultPref("network.dns.disableIPv6", false); // [DEFAULT]

/// Enable overscrolling by default
// https://www.omgubuntu.co.uk/2024/09/mozilla-firefox-130-new-features
defaultPref("apz.overscroll.enabled", true); // [DEFAULT]

/// Enable the "Page Setup.." menu by default (under `File` - ex. on the menu bar)
// https://searchfox.org/firefox-main/rev/643d7328/modules/libpref/init/all.js#729
// https://searchfox.org/firefox-main/rev/643d7328/toolkit/components/printing/content/printUtils.js#82
defaultPref("print.show_page_setup_menu", true);

/// Enable the `Share` (URL) context menu item by default
// (ex. appears when right-clicking a tab)
// https://searchfox.org/firefox-main/rev/d81da5ef/browser/modules/SharingUtils.sys.mjs#45
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.menu.share_url.allow", true); // [NO-ANDROID] [NO-MAIL] [HIDDEN - non-MOZ_PROXY_BYPASS_PROTECTION builds] [DEFAULT - non-MOZ_PROXY_BYPASS_PROTECTION builds]
};

/// Enable QR code creation (from the `Share` (URL) menu)
// https://searchfox.org/firefox-main/rev/d81da5ef/browser/modules/SharingUtils.sys.mjs#352
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.shareqrcode.enabled", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT - OS X Nightly]
};

/// Enable smooth scrolling by default
// This currently appears to be overriden by `ui.prefersReducedMotion` on Desktop
defaultPref("general.smoothScroll", true); // [DEFAULT]

/// Enable Spellcheck for both multi-line and single-line boxes
// [Default = 1, only checks multi-line boxes]
// https://codeberg.org/celenity/Phoenix/issues/33
if (phoenixPlatform != "android") {
    defaultPref("layout.spellcheckDefault", 2); // [NO-ANDROID]
};

/// Enable support for web applications manifests
// Ex. required for PWAs (& PWA inspection on desktop)
// https://developer.mozilla.org/docs/Web/Progressive_web_apps/Manifest
// https://bugzilla.mozilla.org/show_bug.cgi?id=1603673
// https://bugzilla.mozilla.org/show_bug.cgi?id=1647858
if (phoenixMail == false) {
    defaultPref("dom.manifest.enabled", true); // [NO-MAIL] [DEFAULT]
};

/// Enable Tab Groups
// https://www.ghacks.net/2024/12/03/how-to-enable-tab-groups-in-firefox/
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.tabs.groups.enabled", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
};

/// Enable Taskbar Tabs (PWAs) by default
// https://bugzilla.mozilla.org/show_bug.cgi?id=1915736
// https://windowsreport.com/firefox-is-bringing-web-apps-to-windows-11-with-taskbar-tabs-first-look/
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.taskbarTabs.enabled", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT - Windows]
};

/// Enable the `Unload Tab` context menu item by default
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.tabs.unloadTabInContextMenu", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
};

/// Enable the `View Image Info` context menu item by default
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.menu.showViewImageInfo", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT - Developer Edition]
};

/// Ensure the escape key exits fullscreen by default...
if (phoenixPlatform == "osx") {
    defaultPref("browser.fullscreen.exit_on_escape", true); // [OSX-ONLY] [DEFAULT]
};

/// Ensure users can always control Nimbus recipes
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/nimbus/lib/RemoteSettingsExperimentLoader.sys.mjs#692
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/nimbus/lib/RemoteSettingsExperimentLoader.sys.mjs#952
defaultPref("nimbus.debug", true); // [HIDDEN - non-Firefox Desktop]
defaultPref("nimbus.validation.enabled", false); // [HIDDEN - non-Firefox Desktop]

/// Export bookmarks to a `bookmarks.html` file by default
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.bookmarks.autoExportHTML", true); // [NO-ANDROID] [NO-MAIL]
};

/// Expose hidden UI preferences at about:config
// https://searchfox.org/firefox-main/rev/82e2435f/widget/nsXPLookAndFeel.cpp#87
// https://searchfox.org/firefox-main/rev/82e2435f/widget/LookAndFeel.h#48
if (phoenixPlatform != "android") {
    defaultPref("ui.hideCursorWhileTyping", 1); // [NO-ANDROID] [HIDDEN] [DEFAULT]
    defaultPref("ui.prefersReducedTransparency", 0); // [NO-ANDROID] [HIDDEN] [DEFAULT]
    defaultPref("ui.scrollToClick", 1); // [NO-ANDROID] [HIDDEN]
    defaultPref("ui.useAccessibilityTheme", 0); // [NO-ANDROID] [HIDDEN] [DEFAULT]
};

/// Fade out unloaded tabs in the tab bar
// By default, Firefox only fades tabs unloaded explicitly (`browser.tabs.fadeOutExplicitlyUnloadedTabs`), but, with `browser.tabs.fadeOutUnloadedTabs`, we can fade all unloaded tabs, regardless of the reason they're unloaded
// https://searchfox.org/firefox-main/rev/1a8c62b8/browser/app/profile/firefox.js#2650
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.tabs.fadeOutExplicitlyUnloadedTabs", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    defaultPref("browser.tabs.fadeOutUnloadedTabs", true); // [NO-ANDROID] [NO-MAIL]
};

/// Hide the Title Bar by default
defaultPref("browser.tabs.inTitlebar", 1);

/// Highlight all Findbar (Ctrl + F) results by default
defaultPref("findbar.highlightAll", true);

/// Prevent automatically closing the Bookmarks menu after selecting a bookmark
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.bookmarks.openInTabClosesMenu", false); // [NO-ANDROID] [NO-MAIL]
};

/// Prevent displaying Private Browsing windows as separate icons on the Windows Taskbar by default
if (phoenixPlatform != "android" && phoenixMail == false) {
    defaultPref("browser.privateWindowSeparation.enabled", false); // [NO-ANDROID] [NO-MAIL]
};

/// Prevent including the space next to words when double-clicking/selecting text
// https://codeberg.org/celenity/Phoenix/issues/84#issuecomment-3097957
defaultPref("layout.word_select.eat_space_to_next_word", false); // [DEFAULT - non-Windows]

/// Set the default log level for Background Tasks
// This is usually hidden, so set here to the default value to expose it at `about:config`
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/backgroundtasks/BackgroundTasksManager.sys.mjs#18
defaultPref("toolkit.backgroundtasks.loglevel", "error"); // [HIDDEN] [DEFAULT]

/// Set the default log level for enterprise policies
// This is usually hidden, so set here to the default value to expose it at `about:config`
// https://searchfox.org/firefox-main/rev/16707ce1/browser/components/enterprisepolicies/Policies.sys.mjs#35
if (phoenixMail == false) {
    defaultPref("browser.policies.loglevel", "error"); // [NO-MAIL] [HIDDEN] [DEFAULT]
};

/// Set the default log level for Remote Settings
// This is usually hidden, so set here to the default value to expose it at `about:config`
defaultPref("services.settings.loglevel", "warn"); // [HIDDEN] [DEFAULT]

/// Set the default log level for Rust Components
// This is usually hidden outside of Firefox for Desktop, so set here to the default value to
// expose it at `about:config`
// https://searchfox.org/firefox-main/source/toolkit/modules/AppServicesTracing.sys.mjs
// https://searchfox.org/firefox-main/rev/18e5fb40/browser/app/profile/firefox.js#3601
defaultPref("toolkit.rust-components.logging.crates", ""); // [HIDDEN - non-Firefox Desktop] [DEFAULT]
defaultPref("toolkit.rust-components.logging.internal-level", "Warn"); // [HIDDEN - non-Firefox Desktop] [DEFAULT]

/// Set default URL to load when navigating to `moz://a`
// Default is https://www.mozilla.org/about/manifesto/
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/mozprotocol/MozProtocolHandler.sys.mjs#10
defaultPref("toolkit.mozprotocol.url", "about:mozilla"); // [HIDDEN]

/// Toggle the menu bar with the alt key by default
if (phoenixPlatform != "osx") {
    defaultPref("ui.key.menuAccessKeyFocuses", true); // [NO-OSX] [DEFAULT - Windows/Linux]
};

defaultPref("browser.phoenix.status", "027");

/*** 028 UPDATES ***/

// Ensure the browser's binary is always old enough to check for browser updates
if (phoenixPlatform != "android") {
    defaultPref("app.update.checkInstallTime.days", 0); // [NO-ANDROID]
};

/// Alert users of browser updates ASAP
if (phoenixPlatform != "android") {
    defaultPref("app.update.badgeWaitTime", 0); // [NO-ANDROID] Immediately show badge on hamburger menu when an update is available
    defaultPref("app.update.notifyDuringDownload", true); // [NO-ANDROID] Ensure that users are notified when an update is downloaded
    defaultPref("app.update.promptWaitTime", 0); // [NO-ANDROID] Immediately prompt users to update when an update is ready
};

/// (Attempt to) Allow background browser updates without BITS
// (For info on BITS: https://bugzilla.mozilla.org/show_bug.cgi?id=1540193)
// NOTE: This only appears to work in automation, and doesn't apply outside of Windows, but doesn't hurt to set here
// https://searchfox.org/firefox-main/rev/881a9b31/toolkit/mozapps/update/UpdateService.sys.mjs#6414
if (phoenixPlatform != "android") {
    defaultPref("app.update.background.allowDownloadsWithoutBITS", true); // [NO-ANDROID] [HIDDEN]
};

/// Automatically update extensions by default
defaultPref("extensions.systemAddon.update.enabled", true); // [DEFAULT] https://searchfox.org/firefox-main/rev/82e2435f/toolkit/mozapps/extensions/AddonManager.sys.mjs#1317
defaultPref("extensions.systemAddon.update.url", "https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml"); // [HIDDEN - Thunderbird] [DEFAULT - non-Thunderbird]
defaultPref("extensions.update.autoUpdateDefault", true); // [HIDDEN - ANDROID] [DEFAULT] https://searchfox.org/firefox-main/rev/82e2435f/toolkit/mozapps/extensions/AddonManager.sys.mjs#4580
defaultPref("extensions.update.enabled", true); // [DEFAULT] https://searchfox.org/firefox-main/rev/82e2435f/toolkit/mozapps/extensions/AddonManager.sys.mjs#1348

/// Check for browser updates hourly
if (phoenixPlatform != "android") {
    defaultPref("app.update.background.interval", 3600); // [NO-ANDROID] (Default: 25200 (7 hours))
    defaultPref("app.update.interval", 3600); // [NO-ANDROID] (Default: 21600 (6 hours))
};

/// Check for extension/theme updates hourly
// Default is once every 24 hours
defaultPref("extensions.update.interval", 3600);

/// Check for GMP plug-in updates hourly (assuming GMP is enabled)
// Default is once every 24 hours
// https://searchfox.org/firefox-main/rev/d81da5ef/toolkit/modules/GMPInstallManager.sys.mjs#574
defaultPref("media.gmp-manager.secondsBetweenChecks", 3600); // [HIDDEN]

/// Disable insecure extension updates
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/mozapps/extensions/internal/AddonUpdateChecker.sys.mjs#66
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs#2707
defaultPref("extensions.checkUpdateSecurity", true); // [HIDDEN] [DEFAULT]

/// Ensure that another browser instance isn't running before applying browser updates
// (This is the default, but it's usually hidden, so this exposes it at `about:config`, as it can be useful to disable in certain cases)
// https://searchfox.org/firefox-main/rev/0ea834f7/toolkit/mozapps/update/UpdateService.sys.mjs#436
defaultPref("app.update.checkOnlyInstance.enabled", true); // [HIDDEN] [DEFAULT]

/// Ensure we do not throttle background update checks
// This typically occurs after the browser hasn't been used for a set number of days (ex. 2 weeks)
defaultPref("app.update.background.checkPolicy.throttleEnabled", false); // [HIDDEN] [DEFAULT - ESR]

/// Sync with Remote Settings hourly, rather than the default of only once a day
// This is used for delivering lots of security-critical databases (Ex. CRLite/revocation checks, malicious add-on blocklists, etc...)
// So let's make sure our users are up to date as quick as possible
defaultPref("services.settings.poll_interval", 3600);

defaultPref("browser.phoenix.status", "028");

/*** 029 FIREFOX HOME ***/
if (phoenixPlatform != "android" && phoenixMail == false) {
    /// Allow users to enable widgets, but disable by default to provide a cleaner homepage
    defaultPref("browser.newtabpage.activity-stream.widgets.enabled", false); // [NO-ANDROID] [NO-MAIL]
    defaultPref("browser.newtabpage.activity-stream.widgets.focusTimer.enabled", false); // [NO-ANDROID] [NO-MAIL] Timer
    defaultPref("browser.newtabpage.activity-stream.widgets.focusTimer.showSystemNotifications", true); // [NO-ANDROID] [NO-MAIL] Display timer notifications
    defaultPref("browser.newtabpage.activity-stream.widgets.lists.enabled", false); // [NO-ANDROID] [NO-MAIL] Task list
    defaultPref("browser.newtabpage.activity-stream.widgets.system.enabled", true); // [NO-ANDROID] [NO-MAIL] UI
    defaultPref("browser.newtabpage.activity-stream.widgets.system.focusTimer.enabled", true); // [NO-ANDROID] [NO-MAIL] Timer (UI)
    defaultPref("browser.newtabpage.activity-stream.widgets.system.lists.enabled", true); // [NO-ANDROID] [NO-MAIL] Task list (UI)

    /// Disable AccuWeather by default, but allow users to enable it if desired
    // NOTE: This depends on Merino: `browser.urlbar.merino.endpointURL`, and the AccuWeather provider must be allowed: `browser.urlbar.merino.providers`)
    // NOTE: We also warn users before navigating to AccuWeather if they select the widget, via uBlock Origin, so that this feature can be used safely without directly navigating to AccuWeather's website (which includes ads/tracking/etc.)
    defaultPref("browser.newtabpage.activity-stream.showWeather", false); // [NO-ANDROID] [NO-MAIL]
    defaultPref("browser.newtabpage.activity-stream.system.showWeather", true); // [NO-ANDROID] [NO-MAIL] UI
    defaultPref("browser.newtabpage.activity-stream.widgets.system.weather.enabled", true); // [NO-ANDROID] [NO-MAIL] UI
    defaultPref("browser.newtabpage.activity-stream.widgets.system.weatherForecast.enabled", true); // [NO-ANDROID] [NO-MAIL] UI
    defaultPref("browser.newtabpage.activity-stream.widgets.weather.enabled", false); // [NO-ANDROID] [NO-MAIL]
    defaultPref("browser.newtabpage.activity-stream.widgets.weatherForecast.enabled", false); // [NO-ANDROID] [NO-MAIL]

    /// Disable adult content filtering by default
    // https://searchfox.org/firefox-main/source/browser/modules/FilterAdult.sys.mjs
    defaultPref("browser.newtabpage.activity-stream.filterAdult", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN]

    /// Disable Contile (Sponsored tiles)
    // https://mozilla-services.github.io/contile/
    // https://searchfox.org/firefox-main/source/browser/extensions/newtab/lib/TopSitesFeed.sys.mjs
    lockPref("browser.newtabpage.activity-stream.sov.enabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT] https://searchfox.org/firefox-main/rev/e5219f2a/browser/extensions/newtab/lib/TopSitesFeed.sys.mjs#534
    lockPref("browser.newtabpage.activity-stream.sov.frecency.exposure", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    lockPref("browser.newtabpage.activity-stream.sov.name", ""); // [NO-ANDROID] [NO-MAIL]
    lockPref("browser.topsites.contile.enabled", false); // [NO-ANDROID] [NO-MAIL] https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/nimbus/FeatureManifest.yaml#993
    lockPref("browser.topsites.contile.endpoint", ""); // [NO-ANDROID] [NO-MAIL]
    lockPref("browser.topsites.contile.sov.enabled", false); // [NO-ANDROID] [NO-MAIL] https://searchfox.org/firefox-release/rev/9d94f5e3/toolkit/components/nimbus/FeatureManifest.yaml#2007

    /// Disable Fakespot
    defaultPref("browser.newtabpage.activity-stream.discoverystream.contextualContent.feeds", "need_to_know"); // [NO-ANDROID] [NO-MAIL] [DEFAULT = "need_to_know, fakespot"] https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/nimbus/FeatureManifest.yaml#1094
    if (phoenixESR == true) {
        defaultPref("browser.newtabpage.activity-stream.discoverystream.contextualContent.fakespot.enabled", false); // [NO-ANDROID] [NO-MAIL] [ESR] https://searchfox.org/firefox-release/rev/9d94f5e3/browser/extensions/newtab/lib/ActivityStream.sys.mjs#1338
    };

    /// Disable fetching favicons remotely from Mozila's remote Tippy Top service
    // https://superuser.com/questions/1358289/how-are-the-icons-for-top-sites-in-the-firefox-new-tab-rendered/1495054#1495054
    // https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/ActivityStream.sys.mjs#1507
    defaultPref("browser.newtabpage.activity-stream.feeds.favicon", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN]

    /// Disable fetching the layout remotely
    // https://searchfox.org/firefox-release/rev/db5de899/browser/extensions/newtab/lib/SectionsLayoutFeed.sys.mjs#455
    // https://searchfox.org/firefox-main/rev/cdf7090f/browser/extensions/newtab/lib/ActivityStream.sys.mjs#1761
    defaultPref("browser.newtabpage.activity-stream.discoverystream.sections.clientLayout.enabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    defaultPref("browser.newtabpage.activity-stream.feeds.sectionslayoutfeed", false); // [NO-ANDROID] [NO-MAIL]

    /// Disable fetching locale/fluent files remotely
    // https://searchfox.org/firefox-main/rev/82e2435f/browser/components/asrouter/docs/remote_cfr.md#60
    // https://searchfox.org/firefox-main/source/browser/components/asrouter/modules/RemoteL10n.sys.mjs
    defaultPref("browser.newtabpage.activity-stream.asrouter.useRemoteL10n", false); // [NO-ANDROID] [NO-MAIL]

    /// Disable fetching top sites remotely
    // https://searchfox.org/firefox-main/rev/82e2435f/browser/components/topsites/TopSites.sys.mjs#359
    defaultPref("browser.topsites.useRemoteSetting", false); // [NO-ANDROID] [NO-MAIL]

    /// Disable hiding URLs with certain parameters from Top Sites by default
    // https://searchfox.org/firefox-main/rev/82e2435f/toolkit/modules/NewTabUtils.sys.mjs#1001
    defaultPref("browser.newtabpage.activity-stream.hideTopSitesWithSearchParam", ""); // [NO-ANDROID] [NO-MAIL] [Default: mfadid=adm]

    /// Disable Firefox Sync first run/promotion and metrics
    // https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/PrefsFeed.sys.mjs#268
    defaultPref("browser.newtabpage.activity-stream.fxaccounts.endpoint", ""); // [NO-ANDROID] [NO-MAIL]

    /// Disable impression stats
    // https://searchfox.org/firefox-main/source/browser/components/urlbar/private/ImpressionCaps.sys.mjs
    lockPref("browser.urlbar.quicksuggest.impressionCaps.nonSponsoredEnabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    lockPref("browser.urlbar.quicksuggest.impressionCaps.sponsoredEnabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

    /// Disable MARS (Mozilla Ad Routing Service)
    // https://ads.mozilla.org/assets/docs/openapi/mars-api.html
    // https://searchfox.org/firefox-main/source/browser/extensions/newtab/lib/AdsFeed.sys.mjs
    lockPref("browser.newtabpage.activity-stream.discoverystream.reportAds.enabled", false); // [NO-ANDROID] [NO-MAIL]
    lockPref("browser.newtabpage.activity-stream.discoverystream.sections.contextualAds.enabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    lockPref("browser.newtabpage.activity-stream.discoverystream.sections.contextualAds.locale-config", ""); // [NO-ANDROID] [NO-MAIL]
    lockPref("browser.newtabpage.activity-stream.discoverystream.sections.contextualAds.region-config", ""); // [NO-ANDROID] [NO-MAIL]
    lockPref("browser.newtabpage.activity-stream.feeds.adsfeed", false); // [NO-ANDROID] [NO-MAIL]
    lockPref("browser.newtabpage.activity-stream.unifiedAds.adsFeed.enabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    lockPref("browser.newtabpage.activity-stream.unifiedAds.adsFeed.spocs.enabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    lockPref("browser.newtabpage.activity-stream.unifiedAds.adsFeed.tiles.enabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    lockPref("browser.newtabpage.activity-stream.unifiedAds.enabled", false); // [NO-ANDROID] [NO-MAIL]
    lockPref("browser.newtabpage.activity-stream.unifiedAds.endpoint", ""); // [NO-ANDROID] [NO-MAIL]
    lockPref("browser.newtabpage.activity-stream.unifiedAds.spocs.enabled", false); // [NO-ANDROID] [NO-MAIL]
    lockPref("browser.newtabpage.activity-stream.unifiedAds.tiles.enabled", false); // [NO-ANDROID] [NO-MAIL]

    /// Disable mobile promotions
    // https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/ActivityStream.sys.mjs#271
    lockPref("browser.newtabpage.activity-stream.mobileDownloadModal.enabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    lockPref("browser.newtabpage.activity-stream.mobileDownloadModal.variant-a", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    lockPref("browser.newtabpage.activity-stream.mobileDownloadModal.variant-b", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    lockPref("browser.newtabpage.activity-stream.mobileDownloadModal.variant-c", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

    /// Disable new tab attribution
    // https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/ActivityStream.sys.mjs#781
    // https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/ActivityStream.sys.mjs#1563
    // https://searchfox.org/firefox-main/source/browser/extensions/newtab/lib/NewTabAttributionFeed.sys.mjs
    // https://searchfox.org/firefox-main/source/browser/extensions/newtab/lib/NewTabAttributionService.sys.mjs
    lockPref("browser.newtabpage.activity-stream.discoverystream.attribution.enabled", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN] [DEFAULT]
    lockPref("browser.newtabpage.activity-stream.feeds.newtabattributionfeed", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN]
    lockPref("dap.ohttp.hpke", ""); // [NO-ANDROID] [NO-MAIL]
    lockPref("dap.ohttp.relayURL", ""); // [NO-ANDROID] [NO-MAIL]

    /// Disable onboarding
    // https://searchfox.org/mozilla-central/rev/7d68baf8/browser/app/profile/firefox.js#1972
    lockPref("browser.newtabpage.activity-stream.discoverystream.topicSelection.onboarding.enabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    lockPref("browser.newtabpage.activity-stream.discoverystream.topicSelection.onboarding.maybeDisplay", false); // [NO-ANDROID] [NO-MAIL]
    if (phoenixESR == true) {
        lockPref("browser.newtabpage.activity-stream.discoverystream.onboardingExperience.dismissed", true); // [NO-ANDROID] [NO-MAIL] [ESR]
        lockPref("browser.newtabpage.activity-stream.discoverystream.onboardingExperience.enabled", false); // [NO-ANDROID] [NO-MAIL] [ESR]
    };

    /// Disable Pocket
    if (phoenixESR == true) {
        defaultPref("browser.newtabpage.activity-stream.discoverystream.saveToPocketCard.enabled", false); // [NO-ANDROID] [NO-MAIL] [ESR]
        defaultPref("browser.newtabpage.activity-stream.discoverystream.sendToPocket.enabled", false); // [NO-ANDROID] [NO-MAIL] [ESR]
        defaultPref("browser.newtabpage.activity-stream.section.highlights.includePocket", false); // [NO-ANDROID] [NO-MAIL] [ESR]
        defaultPref("browser.newtabpage.activity-stream.showRecentSaves", false); // [NO-ANDROID] [NO-MAIL] [ESR]
    };

    /// Disable Pocket sponsored stories
    // https://support.mozilla.org/kb/pocket-sponsored-stories-new-tabs
    // https://github.com/Pocket/proxy-server
    // https://searchfox.org/mozilla-central/rev/7d68baf8/browser/extensions/newtab/lib/AboutPreferences.sys.mjs#135
    // https://searchfox.org/mozilla-central/rev/16a9e4fb/browser/app/profile/firefox.js#1864
    // https://searchfox.org/mozilla-central/rev/16a9e4fb/toolkit/components/nimbus/FeatureManifest.yaml#1115
    lockPref("browser.newtabpage.activity-stream.discoverystream.ctaButtonSponsors", ""); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    lockPref("browser.newtabpage.activity-stream.discoverystream.placements.spocs", ""); // [NO-ANDROID] [NO-MAIL]
    lockPref("browser.newtabpage.activity-stream.discoverystream.placements.spocs.counts", ""); // [NO-ANDROID] [NO-MAIL]
    lockPref("browser.newtabpage.activity-stream.discoverystream.spocs-endpoint", "data;"); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    lockPref("browser.newtabpage.activity-stream.discoverystream.spocs-endpoint-query", ""); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    lockPref("browser.newtabpage.activity-stream.discoverystream.spocAdTypes", ""); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    lockPref("browser.newtabpage.activity-stream.discoverystream.spocSiteId", ""); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    lockPref("browser.newtabpage.activity-stream.discoverystream.sponsored-collections.enabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    lockPref("browser.newtabpage.activity-stream.discoverystream.endpointSpocsClear", ""); // [NO-ANDROID] [NO-MAIL] Ensure we don't try to send a deletion request, as there's no data to delete... and we block the endpoint anyways https://searchfox.org/mozilla-central/rev/7d68baf8/browser/extensions/newtab/docs/v2-system-addon/preferences.md#128
    lockPref("browser.newtabpage.activity-stream.discoverystream.region-spocs-config", ""); // [NO-ANDROID] [NO-MAIL] Don't show sponsored content to any region by default... https://searchfox.org/mozilla-central/rev/96296f9d/toolkit/components/nimbus/FeatureManifest.yaml#1769
    lockPref("browser.newtabpage.activity-stream.discoverystream.spoc-positions", ""); // [NO-ANDROID] [NO-MAIL]
    lockPref("browser.newtabpage.activity-stream.showSponsored", false); // [NO-ANDROID] [NO-MAIL]
    lockPref("browser.newtabpage.activity-stream.system.showSponsored", false); // [NO-ANDROID] [NO-MAIL]

    /// Disable the promotion card
    // https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/ActivityStream.sys.mjs#685
    lockPref("browser.newtabpage.activity-stream.discoverystream.promoCard.enabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    lockPref("browser.newtabpage.activity-stream.discoverystream.promoCard.visible", false); // [NO-ANDROID] [NO-MAIL]

    /// Disable recent activity by default
    defaultPref("browser.newtabpage.activity-stream.feeds.section.highlights", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    defaultPref("browser.newtabpage.activity-stream.section.highlights.includeBookmarks", false); // [NO-ANDROID] [NO-MAIL] Bookmarks
    defaultPref("browser.newtabpage.activity-stream.section.highlights.includeDownloads", false); // [NO-ANDROID] [NO-MAIL] Downloads
    defaultPref("browser.newtabpage.activity-stream.section.highlights.includeVisited", false); // [NO-ANDROID] [NO-MAIL] Visited websites

    /// Disable "smart" shortcut personalization
    // https://searchfox.org/firefox-main/rev/cdf7090f/browser/extensions/newtab/lib/ActivityStream.sys.mjs#1792
    defaultPref("browser.newtabpage.activity-stream.feeds.smartshortcutsfeed", false); // [NO-ANDROID] [NO-MAIL]

    /// Disable sponsored shortcuts
    // https://support.mozilla.org/kb/sponsor-privacy
    lockPref("browser.newtabpage.activity-stream.discoverystream.spocZoneIds", ""); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    lockPref("browser.newtabpage.activity-stream.showSponsoredTopSites", false); // [NO-ANDROID] [NO-MAIL] https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/AboutPreferences.sys.mjs#69
    if (phoenixESR == true) {
        lockPref("browser.newtabpage.activity-stream.discoverystream.spoc-topsites-positions", ""); // [NO-ANDROID] [NO-MAIL] [ESR]
        lockPref("browser.newtabpage.activity-stream.discoverystream.spocTopsitesPlacement.enabled", false); // [NO-ANDROID] [NO-MAIL] [ESR]
    };

    /// Disable stories
    defaultPref("browser.newtabpage.activity-stream.feeds.section.topstories", false); // [NO-ANDROID] [NO-MAIL]
    defaultPref("browser.newtabpage.activity-stream.feeds.system.topstories", false); // [NO-ANDROID] [NO-MAIL] Hides the UI setting

    /// Disable telemetry
    // https://searchfox.org/firefox-main/source/browser/components/newtab/pings.yaml
    // https://searchfox.org/firefox-main/source/browser/extensions/newtab/lib/TelemetryFeed.sys.mjs
    lockPref("browser.contextual-services.contextId", "{foo-123-foo}"); // [NO-ANDROID] [NO-MAIL] https://searchfox.org/firefox-main/source/browser/modules/ContextId.sys.mjs
    lockPref("browser.newtabpage.activity-stream.feeds.telemetry", false); // [NO-ANDROID] [NO-MAIL] https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/ActivityStream.sys.mjs#1501
    lockPref("browser.newtabpage.activity-stream.telemetry", false); // [NO-ANDROID] [NO-MAIL] https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/ActivityStream.sys.mjs#494
    lockPref("browser.newtabpage.activity-stream.telemetry.privatePing.enabled", false); // [NO-ANDROID] [NO-MAIL] https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/ActivityStream.sys.mjs#517
    lockPref("browser.newtabpage.activity-stream.telemetry.privatePing.inferredInterests.enabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT] Ensure we never submit "inferred" New Tab interests with new tab pings https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/ActivityStream.sys.mjs#537
    lockPref("browser.newtabpage.activity-stream.telemetry.privatePing.redactNewtabPing.enabled", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT] Redact information from new tab pings https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/ActivityStream.sys.mjs#530 https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/TelemetryFeed.sys.mjs#386
    lockPref("browser.newtabpage.activity-stream.telemetry.structuredIngestion.endpoint", ""); // [NO-ANDROID] [NO-MAIL] https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/ActivityStream.sys.mjs#510
    lockPref("browser.newtabpage.activity-stream.telemetry.surfaceId", ""); // [NO-ANDROID] [NO-MAIL] [DEFAULT] https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/ActivityStream.sys.mjs#524
    lockPref("browser.newtabpage.activity-stream.telemetry.ut.events", false); // [NO-ANDROID] [NO-MAIL] https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/ActivityStream.sys.mjs#502
    lockPref("browser.newtabpage.ping.enabled", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN] https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/TelemetryFeed.sys.mjs#501 https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/TelemetryFeed.sys.mjs#1254
    lockPref("browser.places.interactions.enabled", false); // [NO-ANDROID] [NO-MAIL] Disable interaction measurements https://searchfox.org/firefox-main/source/browser/components/places/Interactions.sys.mjs
    defaultPref("browser.places.interactions.log", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN] [DEFAULT] Disable logging https://searchfox.org/firefox-main/rev/82e2435f/browser/components/places/Interactions.sys.mjs#20
    lockPref("browser.privacySegmentation.preferences.show", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    lockPref("browser.search.serpEventTelemetryCategorization.enabled", false); // [NO-ANDROID] [NO-MAIL]
    lockPref("browser.search.serpEventTelemetryCategorization.regionEnabled", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN] [DEFAULT]
    lockPref("browser.search.serpMetricsRecordedCounter", 0); // [NO-ANDROID] [NO-MAIL] [DEFAULT] Ensure we never try to submit SERP categorization event metrics https://searchfox.org/firefox-main/rev/82e2435f/browser/components/search/SERPCategorization.sys.mjs#546

    /// Disable wallpaper promotions
    // https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/ActivityStream.sys.mjs#910
    defaultPref("browser.newtabpage.activity-stream.newtabWallpapers.highlightDismissed", true); // [NO-ANDROID] [NO-MAIL]
    defaultPref("browser.newtabpage.activity-stream.newtabWallpapers.highlightEnabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

    /// Disable the widgets feedback link
    // https://searchfox.org/firefox-main/rev/cdf7090f/browser/extensions/newtab/lib/ActivityStream.sys.mjs#1289
    // https://searchfox.org/firefox-main/rev/cdf7090f/browser/extensions/newtab/content-src/components/Widgets/Widgets.jsx#126
    lockPref("browser.newtabpage.activity-stream.widgets.feedback.enabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

    /// Enable Firefox Home
    lockPref("browser.newtabpage.activity-stream.testing.shouldInitializeFeeds", true); // [DEFAULT] [HIDDEN] https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/ActivityStream.sys.mjs#150
    lockPref("browser.newtabpage.disableNewTabAsAddon", false); // [DEFAULT] [HIDDEN] https://searchfox.org/firefox-main/rev/82e2435f/browser/components/newtab/AboutNewTabResourceMapping.sys.mjs#186
    lockPref("browser.newtabpage.enabled", true); // [DEFAULT]

    /// Enable publisher favicons (if stories are enabled) by default
    defaultPref("browser.newtabpage.activity-stream.discoverystream.publisherFavicon.enabled", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

    /// Enable shortcuts by default
    // https://searchfox.org/firefox-main/source/browser/components/urlbar/UrlbarProviderTopSites.sys.mjs
    defaultPref("browser.newtabpage.activity-stream.feeds.places", true);// [NO-ANDROID] [NO-MAIL] [DEFAULT] Required to click shortcuts...
    defaultPref("browser.newtabpage.activity-stream.feeds.system.topsites", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    defaultPref("browser.newtabpage.activity-stream.feeds.topsites", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

    /// Enable wallpapers, but disable fetching them remotely by default
    // By default, Firefox to connect to ex. `https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/newtab-wallpapers-v2/...` on every browser launch after the user navigates to `about:home` :/
    // This is a work-around that enables *partial* support for custom wallpapers, but without hitting the network
    // Currently, only colors are supported, no built-in wallpapers or custom files work yet sadly
    // To apply a color wallpaper, set the value of `browser.newtabpage.activity-stream.newtabWallpapers.wallpaper` to `solid-color-picker-`, followed by your desired color hex (ex: `solid-color-picker-#ffffff` for white)
    // https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/data/content/activity-stream.bundle.js#14257
    // https://searchfox.org/firefox-main/source/browser/extensions/newtab/lib/Wallpapers/WallpaperFeed.sys.mjs
    // https://bugzilla.mozilla.org/show_bug.cgi?id=1972944
    defaultPref("browser.newtabpage.activity-stream.feeds.wallpaperfeed", false); // [NO-ANDROID] [NO-MAIL]
    defaultPref("browser.newtabpage.activity-stream.newtabWallpapers.customColor.enabled", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    defaultPref("browser.newtabpage.activity-stream.newtabWallpapers.customWallpaper.enabled", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    defaultPref("browser.newtabpage.activity-stream.newtabWallpapers.customWallpaper.uploadedPreviously", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    defaultPref("browser.newtabpage.activity-stream.newtabWallpapers.customWallpaper.uuid", ""); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    defaultPref("browser.newtabpage.activity-stream.newtabWallpapers.enabled", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    defaultPref("browser.newtabpage.activity-stream.newtabWallpapers.user.enabled", true); // [NO-ANDROID] [NO-MAIL] https://searchfox.org/firefox-main/rev/ada2ab81/browser/extensions/newtab/lib/ActivityStream.sys.mjs#714
    defaultPref("browser.newtabpage.activity-stream.newtabWallpapers.wallpaper", "solid-color-picker-#f4dbe9"); // [NO-ANDROID] [NO-MAIL]

    /// Ensure default homepage is `about:home`
    // This is typically the default, but overriden by some distro-packaged versions of Firefox (ex. Fedora)
    defaultPref("browser.startup.homepage", "about:home"); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    defaultPref("browser.startup.page", 1); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

    /// Ensure we isolate content with containers
    defaultPref("browser.discovery.containers.enabled", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

    /// Expose debug prefs to the `about:config`
    defaultPref("browser.newtabpage.activity-stream.asrouter.debugLogLevel", "error"); // [NO-ANDROID] [NO-MAIL] [HIDDEN] [DEFAULT] To expose via the `about:config` - https://searchfox.org/firefox-main/rev/82e2435f/browser/components/asrouter/modules/ASRouterPreferences.sys.mjs#95
    defaultPref("browser.newtabpage.activity-stream.debug", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN - non-Nightly] [DEFAULT] To expose via the `about:config`

    /// Hide checkboxes to enable sponsored shortcuts and Pocket sponsored stories
    // https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/ActivityStream.sys.mjs#1386
    lockPref("browser.newtabpage.activity-stream.showSponsoredCheckboxes", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN]

    /// Hide the Firefox logo
    defaultPref("browser.newtabpage.activity-stream.logowordmark.alwaysVisible", false); // [NO-ANDROID] [NO-MAIL]

    /// If ads are somehow enabled, use OHTTP for superior privacy
    // https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/nimbus/FeatureManifest.yaml#1158
    // https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/AdsFeed.sys.mjs#366
    defaultPref("browser.newtabpage.activity-stream.unifiedAds.ohttp.enabled", true); // [NO-ANDROID] [NO-MAIL] [DEFENSE IN DEPTH]

    /// If Merino is enabled, disable experimentation
    // https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/DiscoveryStreamFeed.sys.mjs#1924
    defaultPref("browser.newtabpage.activity-stream.discoverystream.merino-feed-experiment", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

    /// If Merino is enabled, use OHTTP for superior privacy
    // https://searchfox.org/firefox-main/rev/82e2435f/toolkit/components/nimbus/FeatureManifest.yaml#1171
    // https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/DiscoveryStreamFeed.sys.mjs#1727
    // https://searchfox.org/firefox-main/rev/c2646728/browser/components/urlbar/MerinoClient.sys.mjs#75
    defaultPref("browser.newtabpage.activity-stream.discoverystream.merino-provider.ohttp.enabled", true); // [NO-ANDROID] [NO-MAIL]
    defaultPref("browser.newtabpage.activity-stream.discoverystream.ohttp.configURL", "https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs"); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    defaultPref("browser.newtabpage.activity-stream.discoverystream.ohttp.relayURL", "https://mozilla-ohttp.fastly-edge.com/"); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    defaultPref("browser.urlbar.merino.ohttpConfigURL", "https://prod.merino.prod.webservices.mozgcp.net/ohttp-configs"); // [NO-ANDROID] [NO-MAIL] [DEFAULT - Nightly]
    defaultPref("browser.urlbar.merino.ohttpRelayURL", "https://ohttp-merino.mozilla.fastly-edge.com"); // [NO-ANDROID] [NO-MAIL] [DEFAULT - Nightly]

    /// If sponsored content is somehow enabled, ensure that privacy protections are enabled
    defaultPref("browser.newtabpage.sponsor-protection.debug", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN] [DEFAULT]
    defaultPref("browser.newtabpage.sponsor-protection.enabled", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

    /// If stories are enabled, allow customization and following/unfollowing interests/topics
    defaultPref("browser.newtabpage.activity-stream.discoverystream.sections.customizeMenuPanel.enabled", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT] https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/ActivityStream.sys.mjs#714
    defaultPref("browser.newtabpage.activity-stream.discoverystream.sections.interestPicker.enabled", true); // [NO-ANDROID] [NO-MAIL] https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/ActivityStream.sys.mjs#831
    defaultPref("browser.newtabpage.activity-stream.discoverystream.sections.personalization.enabled", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT] https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/ActivityStream.sys.mjs#706
    defaultPref("browser.newtabpage.activity-stream.discoverystream.topicSelection.enabled", true); // [NO-ANDROID] [NO-MAIL] https://searchfox.org/firefox-main/rev/82e2435f/browser/extensions/newtab/lib/ActivityStream.sys.mjs#1236

    /// If stories are enabled, disable "personalization"
    // https://searchfox.org/mozilla-central/source/browser/extensions/newtab/lib/RecommendationProvider.sys.mjs
    // https://searchfox.org/mozilla-central/rev/7d68baf8/browser/app/profile/firefox.js#1967
    // https://searchfox.org/mozilla-central/source/browser/extensions/newtab/lib/InferredPersonalizationFeed.sys.mjs
    lockPref("browser.newtabpage.activity-stream.discoverystream.sections.personalization.inferred.enabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    lockPref("browser.newtabpage.activity-stream.discoverystream.sections.personalization.inferred.locale-config", ""); // [NO-ANDROID] [NO-MAIL]
    lockPref("browser.newtabpage.activity-stream.discoverystream.sections.personalization.inferred.region-config", ""); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    lockPref("browser.newtabpage.activity-stream.discoverystream.sections.personalization.inferred.user.enabled", false); // [NO-ANDROID] [NO-MAIL]
    lockPref("browser.newtabpage.activity-stream.discoverystream.shortcuts.personalization.enabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    lockPref("browser.newtabpage.activity-stream.feeds.inferredpersonalizationfeed", false); // [NO-ANDROID] [NO-MAIL]
    if (phoenixESR == true) {
        lockPref("browser.newtabpage.activity-stream.discoverystream.personalization.enabled", false); // [NO-ANDROID] [NO-MAIL] [ESR]
        lockPref("browser.newtabpage.activity-stream.discoverystream.recs.personalized", false); // [NO-ANDROID] [NO-MAIL] [ESR] [DEFAULT]
        lockPref("browser.newtabpage.activity-stream.discoverystream.spocs.personalized", false); // [NO-ANDROID] [NO-MAIL] [ESR]
    };

    /// If stories are enabled, disable impression tracking
    lockPref("browser.newtabpage.activity-stream.impressionId", "{some-fake-impression-ID}"); // [NO-ANDROID] [NO-MAIL] https://searchfox.org/mozilla-central/source/browser/extensions/newtab/test/xpcshell/test_TelemetryFeed.js
    lockPref("browser.newtabpage.activity-stream.discoverystream.rec.impressions", "{}"); // [NO-ANDROID] [NO-MAIL] [DEFAULT] https://searchfox.org/mozilla-central/rev/cc4985b7/browser/extensions/newtab/lib/ActivityStream.sys.mjs#978
    lockPref("browser.newtabpage.activity-stream.discoverystream.spoc.impressions", "{}"); // [NO-ANDROID] [NO-MAIL] [DEFAULT] https://searchfox.org/mozilla-central/rev/cc4985b7/browser/extensions/newtab/lib/ActivityStream.sys.mjs#962
    lockPref("browser.newtabpage.activity-stream.feeds.section.topstories.rec.impressions", "{}"); // [NO-ANDROID] [NO-MAIL] [HIDDEN] https://searchfox.org/mozilla-central/rev/cc4985b7/browser/extensions/newtab/lib/TopStoriesFeed.sys.mjs#33
    lockPref("browser.newtabpage.activity-stream.feeds.section.topstories.spoc.impressions", "{}"); // [NO-ANDROID] [NO-MAIL] [HIDDEN] https://searchfox.org/mozilla-central/rev/cc4985b7/browser/extensions/newtab/lib/TopStoriesFeed.sys.mjs#27

    /// If stories are enabled, enable the new sections UI by default
    defaultPref("browser.newtabpage.activity-stream.discoverystream.sections.cards.enabled", true); // [NO-ANDROID] [NO-MAIL]
    defaultPref("browser.newtabpage.activity-stream.discoverystream.sections.enabled", true); // [NO-ANDROID] [NO-MAIL]

    /// If stories are enabled, fetch content from Merino (instead of Pocket and friends)
    // Newer, more private (ex. OHTTP), etc.
    defaultPref("browser.newtabpage.activity-stream.discoverystream.config", '{"collapsible":true,"enabled":true}'); // [NO-ANDROID] [NO-MAIL] [DEFAULT] https://searchfox.org/mozilla-central/rev/7d68baf8/browser/extensions/newtab/lib/ActivityStream.sys.mjs#886
    defaultPref("browser.newtabpage.activity-stream.discoverystream.enabled", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    defaultPref("browser.newtabpage.activity-stream.discoverystream.endpoints", "https://merino.services.mozilla.com/"); // [NO-ANDROID] [NO-MAIL]
    defaultPref("browser.newtabpage.activity-stream.discoverystream.merino-provider.endpoint", "merino.services.mozilla.com"); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    defaultPref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    if (phoenixESR == true) {
        defaultPref("browser.newtabpage.activity-stream.feeds.recommendationprovider", true); // [NO-ANDROID] [NO-MAIL] [ESR] [DEFAULT]
        defaultPref("browser.newtabpage.activity-stream.feeds.section.topstories.options", '{"hidden":true,"show_spocs":false}'); // [NO-ANDROID] [NO-MAIL] [ESR] https://searchfox.org/firefox-esr140/rev/8c69555d/browser/extensions/newtab/lib/ActivityStream.sys.mjs#187 (Hides the toggle at `about:preferences#home`)
    };

    /// Prevent searches from jumping to the URL bar
    // https://www.reddit.com/r/firefox/comments/oxwvbo/firefox_start_page_search_options/
    if (phoenixESR == true) {
        defaultPref("browser.newtabpage.activity-stream.improvesearch.handoffToAwesomebar", false); // [NO-ANDROID] [NO-MAIL] [ESR]
    };

    /// Proxy images
    // https://searchfox.org/firefox-main/rev/aee7c0f2/browser/extensions/newtab/lib/ActivityStream.sys.mjs#921
    defaultPref("browser.newtabpage.activity-stream.discoverystream.imageProxy.enabled", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

    /// Remove default shortcuts
    defaultPref("browser.newtabpage.activity-stream.default.sites", ""); // [NO-ANDROID] [NO-MAIL] https://searchfox.org/mozilla-central/rev/7d68baf8/browser/extensions/newtab/lib/ActivityStream.sys.mjs#181
    defaultPref("browser.newtabpage.activity-stream.improvesearch.noDefaultSearchTile", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT] https://searchfox.org/mozilla-central/rev/7d68baf8/browser/extensions/newtab/lib/ActivityStream.sys.mjs#831
    defaultPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts", false); // [NO-ANDROID] [NO-MAIL]
    defaultPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.havePinned", ""); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    defaultPref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.searchEngines", ""); // [NO-ANDROID] [NO-MAIL]
    defaultPref("browser.newtabpage.pinned", '[{"url":"","label":"! Placeholder"}]'); // [NO-ANDROID] [NO-MAIL] [HIDDEN] https://searchfox.org/mozilla-central/rev/7d68baf8/toolkit/modules/NewTabUtils.sys.mjs#147 - Set as a placeholder to allow easily adding custom shortcuts/pins

    defaultPref("browser.phoenix.status", "029");
};

/*** 030 FIREFOX SUGGEST ***/
if (phoenixPlatform != "android" && phoenixMail == false) {
    /// Disable AccuWeather suggestions by default, but allow users to enable them if desired
    // NOTE: This requires `browser.urlbar.suggest.quicksuggest.sponsored` set to `true` (when that pref is true, we still prevent the standard sponsored content from showing and disable the standard ad providers, thanks to `browser.urlbar.merino.providers`)
    // NOTE: We also warn users before navigating to AccuWeather if they select a result, via uBlock Origin, so that this feature can be used safely without directly navigating to AccuWeather's website (which includes ads/tracking/etc.)
    defaultPref("browser.urlbar.suggest.weather", false); // [NO-ANDROID] [NO-MAIL]
    defaultPref("browser.urlbar.weather.featureGate", true); // [NO-ANDROID] [NO-MAIL]

    /// Disable adMarketplace (AMP) suggestions
    // https://searchfox.org/mozilla-central/source/browser/components/urlbar/private/AmpSuggestions.sys.mjs
    lockPref("browser.urlbar.amp.featureGate", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    lockPref("browser.urlbar.suggest.amp", false); // [NO-ANDROID] [NO-MAIL]

    /// Disable AMO suggestions by default, but allow users to enable them if desired
    // https://searchfox.org/mozilla-central/source/browser/components/urlbar/private/AddonSuggestions.sys.mjs
    defaultPref("browser.urlbar.addons.featureGate", true); // [NO-ANDROID] [NO-MAIL]
    defaultPref("browser.urlbar.suggest.addons", false); // [NO-ANDROID] [NO-MAIL]

    /// Disable "Exposure" telemetry
    // https://searchfox.org/mozilla-central/rev/cc4985b7/toolkit/components/nimbus/FeatureManifest.yaml#281
    // https://searchfox.org/mozilla-central/rev/cc4985b7/toolkit/components/nimbus/FeatureManifest.yaml#326
    lockPref("browser.urlbar.exposureResults", ""); // [NO-ANDROID] [NO-MAIL] [HIDDEN]
    lockPref("browser.urlbar.keywordExposureResults", ""); // [NO-ANDROID] [NO-MAIL] [HIDDEN]
    lockPref("browser.urlbar.showExposureResults", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN]

    /// Disable Fakespot suggestions
    // https://searchfox.org/mozilla-central/source/browser/components/urlbar/private/FakespotSuggestions.sys.mjs
    defaultPref("browser.urlbar.fakespot.featureGate", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    defaultPref("browser.urlbar.suggest.fakespot", false); // [NO-ANDROID] [NO-MAIL]

    /// Disable fetching minimum keyword lengths from Nimbus and/or Remote Settings
    // We also set these as "user" prefs to ensure that Firefox properly uses/recognizes them
    defaultPref("browser.urlbar.addons.minKeywordLength", 4); // [NO-ANDROID] [NO-MAIL] https://searchfox.org/firefox-main/rev/16707ce1/browser/app/profile/firefox.js#736
    defaultPref("browser.urlbar.flightStatus.minKeywordLength", 4); // [NO-ANDROID] [NO-MAIL] [HIDDEN] https://searchfox.org/firefox-main/rev/16707ce1/browser/components/urlbar/UrlbarPrefs.sys.mjs#143
    defaultPref("browser.urlbar.market.minKeywordLength", 4); // [NO-ANDROID] [NO-MAIL] https://searchfox.org/firefox-main/rev/16707ce1/browser/components/urlbar/UrlbarPrefs.sys.mjs#181
    defaultPref("browser.urlbar.weather.minKeywordLength", 4); // [NO-ANDROID] [NO-MAIL] https://searchfox.org/firefox-main/rev/16707ce1/browser/components/urlbar/UrlbarPrefs.sys.mjs#627
    defaultPref("browser.urlbar.yelp.minKeywordLength", 4); // [NO-ANDROID] [NO-MAIL] [DEFAULT] https://searchfox.org/firefox-main/rev/16707ce1/browser/components/urlbar/UrlbarPrefs.sys.mjs#642
    defaultPref("browser.urlbar.yelpRealtime.minKeywordLength", 4); // [NO-ANDROID] [NO-MAIL] https://searchfox.org/firefox-main/rev/16707ce1/browser/components/urlbar/UrlbarPrefs.sys.mjs#666
    pref("browser.urlbar.addons.minKeywordLength", 4); // [NO-ANDROID] [NO-MAIL]
    pref("browser.urlbar.flightStatus.minKeywordLength", 4); // [NO-ANDROID] [NO-MAIL]
    pref("browser.urlbar.market.minKeywordLength", 4); // [NO-ANDROID] [NO-MAIL]
    pref("browser.urlbar.weather.minKeywordLength", 4); // [NO-ANDROID] [NO-MAIL]
    pref("browser.urlbar.yelp.minKeywordLength", 4); // [NO-ANDROID] [NO-MAIL]
    pref("browser.urlbar.yelpRealtime.minKeywordLength", 4); // [NO-ANDROID] [NO-MAIL]

    /// Disable Firefox Suggest by default
    /// I'd rather not set this, but unfortunately, when it's on, it causes Firefox to connect to `https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/quicksuggest-amp/changeset?_expected=*` and `https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/quicksuggest-other/changeset?_expected=*` on every launch, EVEN IF no suggestions are enabled :/
    // This also gives us a cleaner UI, and I highly doubt that this is something most of our users want anyways
    // NOTE: This usually gets ignored and set to `true` anyways (unless we lock it), but we also set the region to a dummy one ("XX"), which prevents that from happening - https://searchfox.org/firefox-main/source/browser/components/urlbar/QuickSuggest.sys.mjs
    defaultPref("browser.urlbar.quicksuggest.enabled", false); // [NO-ANDROID] [NO-MAIL]

    /// Disable FlightAware (flight status) suggestions by default, but allow users to enable them if desired
    // https://searchfox.org/firefox-main/source/browser/components/urlbar/private/FlightStatusSuggestions.sys.mjs
    // https://searchfox.org/firefox-main/rev/16707ce1/browser/app/profile/firefox.js#788
    // https://searchfox.org/firefox-main/rev/16707ce1/browser/components/urlbar/UrlbarPrefs.sys.mjs#489
    defaultPref("browser.urlbar.flightStatus.featureGate", true); // [NO-ANDROID] [NO-MAIL]
    defaultPref("browser.urlbar.suggest.flightStatus", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN]

    /// Disable machine learning
    // https://searchfox.org/mozilla-central/source/browser/components/urlbar/private/MLSuggest.sys.mjs
    defaultPref("browser.urlbar.quicksuggest.mlEnabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    defaultPref("browser.urlbar.yelp.mlEnabled", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

    /// Disable MDN suggestions by default, but allow users to enable them if desired
    // https://searchfox.org/mozilla-central/source/browser/components/urlbar/private/MDNSuggestions.sys.mjs
    defaultPref("browser.urlbar.mdn.featureGate", true); // [NO-ANDROID] [NO-MAIL]
    defaultPref("browser.urlbar.suggest.mdn", false); // [NO-ANDROID] [NO-MAIL]

    /// Disable nags to opt-in to "real-time suggestions"
    // https://searchfox.org/firefox-main/rev/4258ca07/browser/components/urlbar/UrlbarPrefs.sys.mjs#489
    // https://searchfox.org/firefox-main/rev/4258ca07/browser/app/profile/firefox.js#758
    lockPref("browser.urlbar.suggest.realtimeOptIn", false); // [NO-ANDROID] [NO-MAIL]

    /// Disable online suggestions
    // https://searchfox.org/firefox-main/rev/16707ce1/browser/app/profile/firefox.js#470
    // https://searchfox.org/firefox-main/rev/16707ce1/browser/app/profile/firefox.js#492
    // https://searchfox.org/firefox-main/rev/16707ce1/browser/app/profile/firefox.js#499
    defaultPref("browser.urlbar.quicksuggest.online.available", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT] Hides UI at `about:preferences#search`
    defaultPref("browser.urlbar.quicksuggest.online.enabled", false); // [NO-ANDROID] [NO-MAIL]
    defaultPref("browser.urlbar.quicksuggest.settingsUi", 2); // [NO-ANDROID] [NO-MAIL] Hides UI at `about:preferences#search`
    defaultPref("browser.urlbar.suggest.quicksuggest.all", false); // [NO-ANDROID] [NO-MAIL]
    defaultPref("browser.urlbar.suggest.quicksuggest.nonsponsored", false); // [NO-ANDROID] [NO-MAIL]

    /// Disable partner links/attribution
    // https://searchfox.org/mozilla-central/source/browser/modules/PartnerLinkAttribution.sys.mjs
    // https://searchfox.org/mozilla-central/rev/7d68baf8/browser/app/profile/firefox.js#1745
    lockPref("browser.partnerlink.attributionURL", ""); // [NO-ANDROID] [NO-MAIL]
    lockPref("browser.partnerlink.campaign.topsites", ""); // [NO-ANDROID] [NO-MAIL]

    /// Disable Polygon (stock market) suggestions by default, but allow users to enable them if desired
    // https://searchfox.org/firefox-main/source/browser/components/urlbar/private/MarketSuggestions.sys.mjs
    // https://searchfox.org/firefox-main/rev/4258ca07/browser/app/profile/firefox.js#761
    // https://searchfox.org/firefox-main/rev/4258ca07/browser/components/urlbar/UrlbarPrefs.sys.mjs#470
    defaultPref("browser.urlbar.market.featureGate", true); // [NO-ANDROID] [NO-MAIL]
    defaultPref("browser.urlbar.suggest.market", false); // [NO-ANDROID] [NO-MAIL] [HIDDEN]

    /// Disable row labels by default
    // Provides a cleaner UI, and removes Firefox Suggest branding from results
    // https://searchfox.org/firefox-main/rev/16707ce1/browser/components/urlbar/UrlbarPrefs.sys.mjs#159
    defaultPref("browser.urlbar.groupLabels.enabled", false); // [NO-ANDROID] [NO-MAIL]

    /// Disable sponsored suggestions
    // NOTE: `browser.urlbar.suggest.quicksuggest.sponsored` is required for weather suggestions; due to `browser.urlbar.merino.providers` though, when `browser.urlbar.suggest.quicksuggest.sponsored` is on, the only thing it does is allow weather suggestions - so we won't lock this
    // https://searchfox.org/mozilla-central/rev/7d68baf8/browser/components/urlbar/UrlbarPrefs.sys.mjs#415
    // https://searchfox.org/mozilla-central/rev/10ecded0/browser/app/profile/firefox.js#495
    lockPref("browser.urlbar.sponsoredTopSites", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    defaultPref("browser.urlbar.suggest.quicksuggest.sponsored", false); // [NO-ANDROID] [NO-MAIL]

    /// Disable sports suggestions by default, but allow users to enable them if desired
    // https://searchfox.org/firefox-main/source/browser/components/urlbar/private/SportsSuggestions.sys.mjs
    // https://searchfox.org/firefox-main/rev/70425199/browser/app/profile/firefox.js#795
    // https://searchfox.org/firefox-main/rev/70425199/browser/components/urlbar/UrlbarPrefs.sys.mjs#532
    defaultPref("browser.urlbar.sports.featureGate", true); // [NO-ANDROID] [NO-MAIL]
    defaultPref("browser.urlbar.suggest.sports", false); // [NO-ANDROID] [NO-MAIL]

    /// Disable telemetry
    // https://searchfox.org/mozilla-central/source/browser/components/urlbar/docs/firefox-suggest-telemetry.rst
    lockPref("browser.urlbar.quicksuggest.contextualOptIn", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]
    if (phoenixESR == true) {
        lockPref("browser.urlbar.quicksuggest.dataCollection.enabled", false); // [NO-ANDROID] [NO-MAIL] [ESR] [DEFAULT]
    };

    /// Disable Wikipedia suggestions by default, but allow users to enable them if desired
    // https://searchfox.org/mozilla-central/source/browser/components/urlbar/private/WikipediaSuggestions.sys.mjs
    defaultPref("browser.urlbar.suggest.wikipedia", false); // [NO-ANDROID] [NO-MAIL] [NIGHTLY]
    defaultPref("browser.urlbar.wikipedia.featureGate", true); // [NO-ANDROID] [NO-MAIL] [NIGHTLY]

    /// Disable Yelp suggestions
    // https://searchfox.org/firefox-main/source/browser/components/urlbar/private/YelpSuggestions.sys.mjs
    // https://searchfox.org/firefox-main/source/browser/components/urlbar/private/YelpRealtimeSuggestions.sys.mjs
    defaultPref("browser.urlbar.suggest.yelp", false); // [NO-ANDROID] [NO-MAIL]
    defaultPref("browser.urlbar.suggest.yelpRealtime", false); // [NO-ANDROID] [NO-MAIL]
    defaultPref("browser.urlbar.yelp.featureGate", false); // [NO-ANDROID] [NO-MAIL]
    defaultPref("browser.urlbar.yelpRealtime.featureGate", false); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

    /// Enable important date suggestions by default
    // (If these are set and Firefox Suggest (browser.urlbar.quicksuggest.enabled) is enabled, ex. searching "Christmas" shows "Thursday, December 25, 2025")
    // https://searchfox.org/firefox-main/source/browser/components/urlbar/private/ImportantDatesSuggestions.sys.mjs
    // https://searchfox.org/firefox-main/rev/16707ce1/browser/app/profile/firefox.js#769
    // https://searchfox.org/firefox-main/rev/16707ce1/browser/app/profile/firefox.js#772
    defaultPref("browser.urlbar.importantDates.featureGate", true); // [NO-ANDROID] [NO-MAIL]
    defaultPref("browser.urlbar.suggest.importantDates", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

    /// Ensure that we're using the newer Rust backend
    // https://searchfox.org/mozilla-central/rev/cc4985b7/browser/components/urlbar/UrlbarPrefs.sys.mjs#317
    defaultPref("browser.urlbar.quicksuggest.rustEnabled", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

    /// If Merino is enabled, only allow fetching content from AccuWeather, AMO, MDN, Polygon (stock market), and Wikipedia (if the corresponding prefs are enabled)
    // https://searchfox.org/mozilla-central/rev/cc4985b7/browser/components/urlbar/MerinoClient.sys.mjs#123
    // NOTE: These are also required for displaying Weather on Firefox Home (`about:home`)
    defaultPref("browser.urlbar.merino.endpointURL", "https://prod.merino.prod.webservices.mozgcp.net/api/v1/suggest"); // [NO-ANDROID] [NO-MAIL] [DEFAULT - Nightly]
    defaultPref("browser.urlbar.merino.providers", "accuweather,amo,flightaware,market,mdn,sports,wikipedia"); // [NO-ANDROID] [NO-MAIL]

    /// If Yelp suggestions are enabled, show subject/title for results
    // https://searchfox.org/mozilla-central/rev/cc4985b7/browser/app/profile/firefox.js#706
    defaultPref("browser.urlbar.yelp.serviceResultDistinction", true); // [NO-ANDROID] [NO-MAIL]

    defaultPref("browser.phoenix.status", "030");
};

/*** 031 SYNC ***/
if (phoenixPlatform != "android") {
    /// Disable display of favicons for remote tabs by default
    // When enabled (and Sync is set-up/active), Firefox will attempt to fetch and display favicons for tabs opened on other devices
    // This is problematic because these connections are unsolicited, and are made regardless of whether the user actually decides to navigate to the site
    // So this ensures that these unsolicited connections are not made
    // https://searchfox.org/firefox-main/rev/9c267d0a/services/sync/modules/SyncedTabs.sys.mjs#78
    defaultPref("services.sync.syncedTabs.showRemoteIcons", false); // [NO-ANDROID]

    /// Disable Firefox Sync by default
    // When signing in to Firefox Sync, this controls the items (checkboxes) that are set to sync (under `about:preferences#sync`)
    // This allows the user to control and choose for themselves what they'd like to sync, rather than automatically syncing everything (like the default)
    defaultPref("services.sync.engine.addons", false); // [NO-ANDROID]
    defaultPref("services.sync.engine.addresses", false); // [NO-ANDROID] [DEFAULT]
    defaultPref("services.sync.engine.bookmarks", false); // [NO-ANDROID]
    defaultPref("services.sync.engine.creditcards", false); // [NO-ANDROID] [DEFAULT]
    defaultPref("services.sync.engine.history", false); // [NO-ANDROID]
    defaultPref("services.sync.engine.passwords", false); // [NO-ANDROID]
    defaultPref("services.sync.engine.prefs", false); // [NO-ANDROID]
    defaultPref("services.sync.engine.tabs", false); // [NO-ANDROID]

    /// Disable sending the user agent with Firefox Sync requests
    // https://searchfox.org/firefox-main/rev/af0f713f/services/sync/modules/resource.sys.mjs#38
    // https://searchfox.org/firefox-main/rev/af0f713f/services/sync/modules/resource.sys.mjs#99
    defaultPref("services.sync.sendVersionInfo", false); // [NO-ANDROID]

    /// Disable telemetry
    lockPref("identity.fxaccounts.account.telemetry.sanitized_uid", ""); // [NO-ANDROID]
    lockPref("identity.fxaccounts.telemetry.clientAssociationPing.enabled", false); // [NO-ANDROID]
    defaultPref("services.sync.log.logger.telemetry", "Fatal"); // [NO-ANDROID] [HIDDEN]
    lockPref("services.sync.telemetry.maxEventsCount", 0); // [NO-ANDROID] [HIDDEN] Disable `sync` ping https://searchfox.org/mozilla-central/source/toolkit/components/telemetry/docs/data/sync-ping.rst
    lockPref("services.sync.telemetry.maxPayloadCount", 0); // [NO-ANDROID] Disable `sync` ping https://searchfox.org/mozilla-central/source/toolkit/components/telemetry/docs/data/sync-ping.rst
    lockPref("services.sync.telemetry.submissionInterval", 2147483647); // [NO-ANDROID] Disable `sync` ping https://searchfox.org/mozilla-central/source/toolkit/components/telemetry/docs/data/sync-ping.rst

    /// If Firefox sync is enabled, disable avatar fetching
    // See "network.dns.localDomains" above, we need to block "profile.accounts.firefox.com"
    // The pref below just prevents Firefox from complaining and generating log files/errors when that domain can't be reached (even though it's unnecessary for Sync to function AFAICT...)
    defaultPref("services.sync.log.appender.file.level", "Fatal"); // [NO-ANDROID]

    /// Improve the reliability of extension storage sync
    defaultPref("services.sync.extension-storage.skipPercentageChance", 0); // [NO-ANDROID]
};
if (phoenixPlatform != "android" && phoenixMail == false) {
    /// Disable promotions
    lockPref("identity.fxaccounts.toolbar.pxiToolbarEnabled", false); // [NO-ANDROID] [NO-MAIL]
    lockPref("identity.fxaccounts.toolbar.pxiToolbarEnabled.monitorEnabled", false); // [NO-ANDROID] [NO-MAIL]
    lockPref("identity.fxaccounts.toolbar.pxiToolbarEnabled.relayEnabled", false); // [NO-ANDROID] [NO-MAIL]
    lockPref("identity.fxaccounts.toolbar.pxiToolbarEnabled.vpnEnabled", false); // [NO-ANDROID] [NO-MAIL]
    lockPref("identity.mobilepromo.android", ""); // [NO-ANDROID] [NO-MAIL]
    lockPref("identity.mobilepromo.ios", ""); // [NO-ANDROID] [NO-MAIL]
    lockPref("identity.sendtabpromo.url", ""); // [NO-ANDROID] [NO-MAIL]

    /// Disable set-up/feature recommendation
    // https://searchfox.org/mozilla-central/source/browser/base/content/browser-sync.js
    lockPref("identity.fxaccounts.toolbar.syncSetup.panelAccessed", true); // [NO-ANDROID] [NO-MAIL]

    /// Enable support for Firefox Sync by default
    // Harmless, useful - ex. uses E2EE
    // We disable the actual sync engines by default above, this simply allows users to enable/use Sync if desired
    // This is useful especially because some (ex. LibreWolf) disable it by default
    defaultPref("identity.fxaccounts.enabled", true); // [NO-ANDROID] [NO-MAIL] [DEFAULT]

    /// Set the Firefox Sync AutoConfig URL to its default value
    // This tricks Firefox into thinking we're self-hosting Sync (even though we aren't), because there's usually no value set here
    // This is beneficial because it A: effectively disables all Sync telemetry and B: also prevents other unwanted behavior
    // (ex. this prevents Firefox from connecting to `relay.firefox.com` on every launch, even when Firefox Relay is disabled :/)
    // Also prevents Relay promotions: https://searchfox.org/firefox-main/rev/ada2ab81/toolkit/modules/BrowserUtils.sys.mjs#943
    // https://searchfox.org/firefox-main/rev/ada2ab81/services/fxaccounts/FxAccountsConfig.sys.mjs#238
    // https://searchfox.org/firefox-main/rev/ada2ab81/services/sync/modules/telemetry.sys.mjs#800
    // https://searchfox.org/firefox-main/rev/ada2ab81/toolkit/components/satchel/integrations/FirefoxRelay.sys.mjs#1118
    // (ex. https://accounts.firefox.com/.well-known/fxa-client-configuration)
    defaultPref("identity.fxaccounts.autoconfig.uri", "https://accounts.firefox.com/"); // [NO-ANDROID] [NO-MAIL]

    /// Sync additional preferences...
    defaultPref("services.sync.prefs.sync.browser.bookmarks.autoExportHTML", true); // [NO-ANDROID] [NO-MAIL]
    defaultPref("services.sync.prefs.sync.browser.bookmarks.openInTabClosesMenu", true); // [NO-ANDROID] [NO-MAIL]
    defaultPref("services.sync.prefs.sync.browser.compactmode.show", true); // [NO-ANDROID] [NO-MAIL]
    defaultPref("services.sync.prefs.sync.browser.download.open_pdf_attachments_inline", true); // [NO-ANDROID] [NO-MAIL]
    defaultPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.showWeather", true); // [NO-ANDROID] [NO-MAIL]
    defaultPref("services.sync.prefs.sync.browser.privatebrowsing.resetPBM.enabled", true); // [NO-ANDROID] [NO-MAIL]
    defaultPref("services.sync.prefs.sync.browser.privateWindowSeparation.enabled", true); // [NO-ANDROID] [NO-MAIL]
    defaultPref("services.sync.prefs.sync.browser.search.openintab", true); // [NO-ANDROID] [NO-MAIL]
    defaultPref("services.sync.prefs.sync.browser.search.separatePrivateDefault.urlbarResult.enabled", true); // [NO-ANDROID] [NO-MAIL]
    defaultPref("services.sync.prefs.sync.browser.spin_cursor_while_busy", true); // [NO-ANDROID] [NO-MAIL]
    defaultPref("services.sync.prefs.sync.browser.tabs.groups.enabled", true); // [NO-ANDROID] [NO-MAIL]
    defaultPref("services.sync.prefs.sync.browser.tabs.loadBookmarksInTabs", true); // [NO-ANDROID] [NO-MAIL]
    defaultPref("services.sync.prefs.sync.browser.toolbars.bookmarks.visibility", true); // [NO-ANDROID] [NO-MAIL]
    defaultPref("services.sync.prefs.sync.browser.urlbar.openintab", true); // [NO-ANDROID] [NO-MAIL]
    defaultPref("services.sync.prefs.sync.browser.urlbar.suggest.calculator", true); // [NO-ANDROID] [NO-MAIL]
    defaultPref("services.sync.prefs.sync.browser.urlbar.suggest.clipboard", true); // [NO-ANDROID] [NO-MAIL]
    defaultPref("services.sync.prefs.sync.browser.urlbar.unitConversion.enabled", true); // [NO-ANDROID] [NO-MAIL]
    defaultPref("services.sync.prefs.sync.browser.xul.error_pages.expert_bad_cert", true); // [NO-ANDROID] [NO-MAIL]
    defaultPref("services.sync.prefs.sync.browser.xul.error_pages.show_safe_browsing_details_on_load", true); // [NO-ANDROID] [NO-MAIL]
    defaultPref("services.sync.prefs.sync.devtools.chrome.enabled", true); // [NO-ANDROID] [NO-MAIL]
    defaultPref("services.sync.prefs.sync.devtools.command-button-measure.enabled", true); // [NO-ANDROID] [NO-MAIL]
    defaultPref("services.sync.prefs.sync.devtools.command-button-rulers.enabled", true); // [NO-ANDROID] [NO-MAIL]
    defaultPref("services.sync.prefs.sync.devtools.command-button-screenshot.enabled", true); // [NO-ANDROID] [NO-MAIL]
    defaultPref("services.sync.prefs.sync.devtools.dom.enabled", true); // [NO-ANDROID] [NO-MAIL]
    defaultPref("services.sync.prefs.sync.devtools.debugger.ui.editor-wrapping", true); // [NO-ANDROID] [NO-MAIL]
    defaultPref("services.sync.prefs.sync.dom.security.https_only_mode_error_page_user_suggestions", true); // [NO-ANDROID] [NO-MAIL]
    defaultPref("services.sync.prefs.sync.dom.security.https_only_mode_send_http_background_request", true); // [NO-ANDROID] [NO-MAIL]
    defaultPref("services.sync.prefs.sync.extensions.quarantineIgnoredByUser.{b86e4813-687a-43e6-ab65-0bde4ab75758}", true); // [NO-ANDROID] [NO-MAIL]
    defaultPref("services.sync.prefs.sync.extensions.quarantineIgnoredByUser.{d19a89b9-76c1-4a61-bcd4-49e8de916403}", true); // [NO-ANDROID] [NO-MAIL]
    defaultPref("services.sync.prefs.sync.findbar.highlightAll", true); // [NO-ANDROID] [NO-MAIL]
    defaultPref("services.sync.prefs.sync.layout.forms.reveal-password-button.enabled", true); // [NO-ANDROID] [NO-MAIL]
    defaultPref("services.sync.prefs.sync.media.autoplay.blocking_policy", true); // [NO-ANDROID] [NO-MAIL]
    defaultPref("services.sync.prefs.sync.middlemouse.paste", true); // [NO-ANDROID] [NO-MAIL]
    defaultPref("services.sync.prefs.sync.network.IDN_show_punycode", true); // [NO-ANDROID] [NO-MAIL]
    defaultPref("services.sync.prefs.sync.pdfjs.sidebarViewOnLoad", true); // [NO-ANDROID] [NO-MAIL]
    defaultPref("services.sync.prefs.sync.privacy.webrtc.globalMuteToggles", true); // [NO-ANDROID] [NO-MAIL]
    defaultPref("services.sync.prefs.sync.sidebar.main.tools", true); // [NO-ANDROID] [NO-MAIL]
    defaultPref("services.sync.prefs.sync.sidebar.revamp", true); // [NO-ANDROID] [NO-MAIL]
    defaultPref("services.sync.prefs.sync.startup.homepage_override_nimbus_disable_wnp", true); // [NO-ANDROID] [NO-MAIL]
    defaultPref("services.sync.prefs.sync.view_source.wrap_long_lines", true); // [NO-ANDROID] [NO-MAIL]
    if (phoenixESR == true) {
        defaultPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.discoverystream.recentSaves.enabled", true); // [NO-ANDROID] [NO-MAIL] [ESR]
        defaultPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.improvesearch.handoffToAwesomebar", true); // [NO-ANDROID] [NO-MAIL] [ESR]
        defaultPref("services.sync.prefs.sync.browser.newtabpage.activity-stream.showRecentSaves", true); // [NO-ANDROID] [NO-MAIL] [ESR]
    };
};
if (phoenixPlatform != "android") {
    defaultPref("browser.phoenix.status", "031"); // [NO-ANDROID]
};

/*** 032 LIBREWOLF ***/
if (phoenixPlatform != "android" && phoenixMail == false) {
    /// The following prefs are specific to LibreWolf and its derivatives, you can safely ignore them if you're not using LibreWolf
    // While we don't officially support LibreWolf, I am aware of people using Phoenix with LibreWolf - and these are nice to have anyways, especially if we do support them in the future
    // https://codeberg.org/librewolf/settings/src/branch/master/librewolf.cfg

    /// Enable update checks when navigating to `About LibreWolf`
    defaultPref("librewolf.aboutMenu.checkVersion", true); // [NO-ANDROID] [NO-MAIL]

    /// Set the uBlock Origin config to our own by default
    // https://phoenix.celenity.dev/content-blocking
    defaultPref("librewolf.uBO.assetsBootstrapLocation", "https://assets.celenity.dev/ublock/phoenix/assets.json"); // [NO-ANDROID] [NO-MAIL]

    defaultPref("browser.phoenix.status", "032"); // [NO-ANDROID] [NO-MAIL]
};

/*** 033 WATERFOX ***/
if (phoenixPlatform != "android" && phoenixMail == false) {
    /// The following prefs are specific to Waterfox and its derivatives, you can safely ignore them if you're not using Waterfox
    // Note that we definitely do NOT support or recommend using Waterfox...

    /// Do not allow ads/tracking on "partner" sites
    // (Currently includes Startpage)
    // https://github.com/BrowserWorks/waterfox/issues/4182
    lockPref("waterfox.blocker.allowSearchPartnerAds", false); // [NO-ANDROID] [NO-MAIL]

    defaultPref("browser.phoenix.status", "033"); // [NO-ANDROID] [NO-MAIL]
};

/*** 034 FIREFOX UI-FIX ***/
if (phoenixPlatform != "android" && phoenixMail == false) {
    if (getPref("browser.phoenix.FFUIFix") == true) {
        // Set prefs necessary for Firefox-UI-Fix
        /// https://github.com/black7375/Firefox-UI-Fix
        /// (see: https://raw.githubusercontent.com/black7375/Firefox-UI-Fix/master/user.js)
        defaultPref("userChrome.tab.connect_to_window", true); // [NO-ANDROID] [NO-MAIL] [FN]
        defaultPref("userChrome.tab.color_like_toolbar", true); // [NO-ANDROID] [NO-MAIL] [FN]

        defaultPref("userChrome.tab.lepton_like_padding", true); // [NO-ANDROID] [NO-MAIL] [FN]
        defaultPref("userChrome.tab.photon_like_padding", false); // [NO-ANDROID] [NO-MAIL] [FN]

        defaultPref("userChrome.tab.dynamic_separator", true); // [NO-ANDROID] [NO-MAIL] [FN]
        defaultPref("userChrome.tab.static_separator", false); // [NO-ANDROID] [NO-MAIL] [FN]
        defaultPref("userChrome.tab.static_separator.selected_accent", false); // [NO-ANDROID] [NO-MAIL] [FN]
        defaultPref("userChrome.tab.bar_separator", false); // [NO-ANDROID] [NO-MAIL] [FN]

        defaultPref("userChrome.tab.newtab_button_like_tab", true); // [NO-ANDROID] [NO-MAIL] [FN]
        defaultPref("userChrome.tab.newtab_button_smaller", false); // [NO-ANDROID] [NO-MAIL] [FN]
        defaultPref("userChrome.tab.newtab_button_proton", false); // [NO-ANDROID] [NO-MAIL] [FN]

        defaultPref("userChrome.icon.panel_full", true); // [NO-ANDROID] [NO-MAIL] [FN]
        defaultPref("userChrome.icon.panel_photon", false); // [NO-ANDROID] [NO-MAIL] [FN]

        defaultPref("userChrome.tab.box_shadow", true); // [NO-ANDROID] [NO-MAIL] [FN]
        defaultPref("userChrome.tab.bottom_rounded_corner", true); // [NO-ANDROID] [NO-MAIL] [FN]

        defaultPref("userChrome.tab.photon_like_contextline", false); // [NO-ANDROID] [NO-MAIL] [FN]
        defaultPref("userChrome.rounding.square_tab", false); // [NO-ANDROID] [NO-MAIL] [FN]

        defaultPref("userChrome.compatibility.theme", true); // [NO-ANDROID] [NO-MAIL] [FN]
        defaultPref("userChrome.compatibility.os", true); // [NO-ANDROID] [NO-MAIL] [FN]

        defaultPref("userChrome.theme.built_in_contrast", true); // [NO-ANDROID] [NO-MAIL] [FN]
        defaultPref("userChrome.theme.system_default", true); // [NO-ANDROID] [NO-MAIL] [FN]
        defaultPref("userChrome.theme.proton_color", true); // [NO-ANDROID] [NO-MAIL] [FN]
        defaultPref("userChrome.theme.proton_chrome", true); // [NO-ANDROID] [NO-MAIL] [FN]
        defaultPref("userChrome.theme.fully_color", true); // [NO-ANDROID] [NO-MAIL] [FN]
        defaultPref("userChrome.theme.fully_dark", true); // [NO-ANDROID] [NO-MAIL] [FN]

        defaultPref("userChrome.decoration.cursor", true); // [NO-ANDROID] [NO-MAIL] [FN]
        defaultPref("userChrome.decoration.field_border", true); // [NO-ANDROID] [NO-MAIL] [FN]
        defaultPref("userChrome.decoration.download_panel", true); // [NO-ANDROID] [NO-MAIL] [FN]
        defaultPref("userChrome.decoration.animate", true); // [NO-ANDROID] [NO-MAIL] [FN]

        defaultPref("userChrome.padding.tabbar_width", true); // [NO-ANDROID] [NO-MAIL] [FN]
        defaultPref("userChrome.padding.tabbar_height", true); // [NO-ANDROID] [NO-MAIL] [FN]
        defaultPref("userChrome.padding.toolbar_button", true); // [NO-ANDROID] [NO-MAIL] [FN]
        defaultPref("userChrome.padding.navbar_width", true); // [NO-ANDROID] [NO-MAIL] [FN]
        defaultPref("userChrome.padding.urlbar", true); // [NO-ANDROID] [NO-MAIL] [FN]
        defaultPref("userChrome.padding.bookmarkbar", true); // [NO-ANDROID] [NO-MAIL] [FN]
        defaultPref("userChrome.padding.infobar", true); // [NO-ANDROID] [NO-MAIL] [FN]
        defaultPref("userChrome.padding.menu", true); // [NO-ANDROID] [NO-MAIL] [FN]
        defaultPref("userChrome.padding.bookmark_menu", true); // [NO-ANDROID] [NO-MAIL] [FN]
        defaultPref("userChrome.padding.global_menubar", true); // [NO-ANDROID] [NO-MAIL] [FN]
        defaultPref("userChrome.padding.panel", true); // [NO-ANDROID] [NO-MAIL] [FN]
        defaultPref("userChrome.padding.popup_panel", true); // [NO-ANDROID] [NO-MAIL] [FN]

        defaultPref("userChrome.tab.multi_selected", true); // [NO-ANDROID] [NO-MAIL] [FN]
        defaultPref("userChrome.tab.unloaded", true); // [NO-ANDROID] [NO-MAIL] [FN]
        defaultPref("userChrome.tab.letters_cleary", true); // [NO-ANDROID] [NO-MAIL] [FN]
        defaultPref("userChrome.tab.close_button_at_hover", true); // [NO-ANDROID] [NO-MAIL] [FN]
        defaultPref("userChrome.tab.sound_hide_label", true); // [NO-ANDROID] [NO-MAIL] [FN]
        defaultPref("userChrome.tab.sound_with_favicons", true); // [NO-ANDROID] [NO-MAIL] [FN]
        defaultPref("userChrome.tab.pip", true); // [NO-ANDROID] [NO-MAIL] [FN]
        defaultPref("userChrome.tab.container", true); // [NO-ANDROID] [NO-MAIL] [FN]
        defaultPref("userChrome.tab.crashed", true); // [NO-ANDROID] [NO-MAIL] [FN]

        defaultPref("userChrome.fullscreen.overlap", true); // [NO-ANDROID] [NO-MAIL] [FN]
        defaultPref("userChrome.fullscreen.show_bookmarkbar", true); // [NO-ANDROID] [NO-MAIL] [FN]

        defaultPref("userChrome.icon.library", true); // [NO-ANDROID] [NO-MAIL] [FN]
        defaultPref("userChrome.icon.panel", true); // [NO-ANDROID] [NO-MAIL] [FN]
        defaultPref("userChrome.icon.menu", true); // [NO-ANDROID] [NO-MAIL] [FN]
        defaultPref("userChrome.icon.context_menu", true); // [NO-ANDROID] [NO-MAIL] [FN]
        defaultPref("userChrome.icon.global_menu", true); // [NO-ANDROID] [NO-MAIL] [FN]
        defaultPref("userChrome.icon.global_menubar", true); // [NO-ANDROID] [NO-MAIL] [FN]
        defaultPref("userChrome.icon.1-25px_stroke", true); // [NO-ANDROID] [NO-MAIL] [FN]

        defaultPref("userContent.player.ui", true); // [NO-ANDROID] [NO-MAIL] [FN]
        defaultPref("userContent.player.icon", true); // [NO-ANDROID] [NO-MAIL] [FN]
        defaultPref("userContent.player.noaudio", true); // [NO-ANDROID] [NO-MAIL] [FN]
        defaultPref("userContent.player.size", true); // [NO-ANDROID] [NO-MAIL] [FN]
        defaultPref("userContent.player.animate", true); // [NO-ANDROID] [NO-MAIL] [FN]

        defaultPref("userContent.newTab.full_icon", true); // [NO-ANDROID] [NO-MAIL] [FN]
        defaultPref("userContent.newTab.animate", true); // [NO-ANDROID] [NO-MAIL] [FN]
        defaultPref("userContent.newTab.pocket_to_last", true); // [NO-ANDROID] [NO-MAIL] [FN]
        defaultPref("userContent.newTab.searchbar", true); // [NO-ANDROID] [NO-MAIL] [FN]

        defaultPref("userContent.page.field_border", true); // [NO-ANDROID] [NO-MAIL] [FN]
        defaultPref("userContent.page.illustration", true); // [NO-ANDROID] [NO-MAIL] [FN]
        defaultPref("userContent.page.proton_color", true); // [NO-ANDROID] [NO-MAIL] [FN]
        defaultPref("userContent.page.dark_mode", true); // [NO-ANDROID] [NO-MAIL] [FN]
        defaultPref("userContent.page.proton", true); // [NO-ANDROID] [NO-MAIL] [FN]
    };

    defaultPref("browser.phoenix.status", "034"); // [NO-ANDROID] [NO-MAIL] [FN]
};

/*** 035 SPECIALIZED/CUSTOM CONFIGS ***/

// Configure remote AutoConfig files (if active)
if (phoenixPlatform != "android") {
    defaultPref("autoadmin.failover_to_cached", true); // [NO-ANDROID]
    defaultPref("autoadmin.offline_failover", true); // [NO-ANDROID]
    defaultPref("autoadmin.refresh_interval", 60); // [NO-ANDROID]
};

// Handle migration for existing users with specialized configs
/// This is necessary to prevent Firefox from falling back to a cached version of the old specialized config,
/// which could prevent Phoenix from applying properly in certain cases
if (phoenixPlatform != "android" && phoenixMail == false && phoenixNoSpec != true) {
    defaultPref("browser.phoenix.usingLegacySpecConfig", false); // [NO-ANDROID] [NO-MAIL] [FN]
    if (getPref("browser.phoenix.usingLegacySpecConfig") != false) {
        clearPref("autoadmin.global_config_url");
    };
};

// Apply Phoenix's specialized config (if necessary)
if (phoenixPlatform != "android" && phoenixMail == false && phoenixNoSpec == false && phoenixSpec == true) {
    if (phoenixPlatform == "linux") {
        lockPref("autoadmin.global_config_url", "file:///etc/firefox/phoenix/specs/phoenix-specialized.cfg"); // [NO-ANDROID] [NO-MAIL] [FN]
    } else if (phoenixPlatform == "osx") {
        if (phoenixOSX == "intel") {
            lockPref("autoadmin.global_config_url", "file:///usr/local/opt/phoenix-intel/specs/phoenix-specialized.cfg"); // [NO-ANDROID] [NO-MAIL] [FN]
        } else {
            lockPref("autoadmin.global_config_url", "file:///opt/homebrew/opt/phoenix-osx/specs/phoenix-specialized.cfg"); // [NO-ANDROID] [NO-MAIL] [FN]
        };
    } else if (phoenixPlatform == "windows") {
        lockPref("autoadmin.global_config_url", "file:///C:/phoenix/specs/phoenix-specialized.cfg"); // [NO-ANDROID] [NO-MAIL] [FN]
    } else {
        lockPref("autoadmin.global_config_url", "file:///app/etc/firefox/phoenix/specs/phoenix-specialized.cfg"); // [NO-ANDROID] [NO-MAIL] [FN]
    };
    lockPref("autoadmin.global_config_url.0.NOTE", "Locked in favor of the preference:"); // [FN]
    lockPref("autoadmin.global_config_url.1.NOTE", "'browser.phoenix.specConfig'"); // [FN]
};

if (phoenixPlatform != "android") {
    defaultPref("browser.phoenix.status", "035"); // [NO-ANDROID]
};

lockPref("browser.phoenix.status", "successfully applied :D");
lockPref("browser.phoenix.applied.cfg", true);
