Last updated: March 15, 2026

Choose Firefox’s Strict mode if you want maximum one-click tracker blocking and can tolerate occasional site breakage. Choose Custom mode if you need granular control over individual blocking categories, particularly useful for developers who must test their own sites while still blocking cross-site cookies, fingerprinters, and cryptominers. Below, we break down exactly what each approach blocks and provide ready-to-use about:config settings for power users.

Understanding Firefox’s Tracking Protection

Firefox’s Enhanced Tracking Protection (ETP) blocks known trackers across three levels: Standard, Strict, and Custom. The Strict setting provides one-click protection, while Custom mode lets you pick individual blocking categories.

The core technology uses Disconnect.me’s tracker lists, categorizing trackers into social media trackers, cross-site tracking cookies, fingerprinters, and cryptominers. Firefox maintains these lists and updates them regularly through Firefox Monitor.

Quick Comparison

Feature Firefox Strict Tracking Protection Custom
Privacy Policy Privacy-focused Privacy-focused
Security Audit See documentation See documentation
Data Collection Minimal Minimal
Platform Support Cross-platform Cross-platform
Pricing See current pricing See current pricing
Ease of Use Moderate learning curve Moderate learning curve

The Strict Setting

The Strict preset enables all tracking protections with a single click. Here’s what it blocks:

To enable Strict mode, navigate to Settings > Privacy & Security and select “Strict” under Enhanced Tracking Protection.

The Strict setting is the fastest path to improved privacy. However, it can break some websites. News sites, e-commerce platforms, and web applications that rely on third-party analytics or advertising scripts may malfunction. This is where Custom configuration becomes valuable.

Building a Custom Configuration

Custom mode lets you selectively enable protections. Access it by choosing “Custom” in the same settings location. You’ll see four toggleable categories:

For most developers and power users, a Custom configuration strikes the right balance. Here’s a practical starting point:

Recommended Custom Settings

Enable cross-site tracking cookie blocking
privacy.trackingprotection.cookies.enabled = true

Block tracking content in all windows (not just private)
privacy.trackingprotection.enabled = true

Enable fingerprinting protection
privacy.resistFingerprinting = true

Block cryptominers
privacy.trackingprotection.cryptomining.enabled = true

Navigate to about:config in your Firefox address bar to modify these values. Each setting has a boolean or integer value you can toggle.

Advanced about:config Settings

Beyond the basic toggles, Firefox exposes dozens of advanced preferences for fine-grained control. Here are the most useful for power users:

Enhanced Tracking Protection Overrides

Allow specific domains to bypass ETP
privacy.trackingprotection.annotate_channels = true

When enabled, Firefox adds a shield icon to the address bar showing blocked trackers. Clicking it reveals which domains were blocked, useful for debugging.

Cookie Management

Keep cookies until Firefox closes (session cookies)
network.cookie.cookieBehavior = 1

Block third-party cookies entirely
network.cookie.thirdparty.sessionOnly = true

Disable cookie jar partitioning (may break some sites)
privacy.partition.always_partition_third_party = false

Cookie partitioning isolates third-party cookies by the first-party site you visited. This prevents cross-site tracking but can break legitimate uses like embedded widgets.

Fingerprinting Resistance

Reduce fingerprinting surface
privacy.resistFingerprinting = true

Spoof timezone to generic value
privacy.resistFingerprinting.timezoneOverride = "UTC"

Reduce viewport variations reported to websites
privacy.resistFingerprinting.widthOverride = 1000

The privacy.resistFingerprinting setting is particularly powerful. It normalizes many browser characteristics that fingerprinting scripts use to create unique device identifiers.

Content Blocking Extensions

Enable uBlock Origin compatibility mode
extensions.webextensions.enabled = true

Allow content blocking extensions in private windows
privacy.webextensions.content.list = ["*"]

Firefox’s content blocking works alongside extensions like uBlock Origin. For developers testing both, understanding how they interact matters.

Testing Your Configuration

After configuring settings, verify they’re working. Firefox provides built-in tools:

Visit about:protections to see blocking statistics on the Protection Dashboard. Open Developer Tools (F12) and go to the Storage tab to examine cookies. Check for blocked requests using the Network tab.

Here’s a simple JavaScript snippet to check if fingerprinting protection is active:

// Check if fingerprinting resistance is enabled
const screenProps = [
  screen.colorDepth,
  screen.pixelDepth,
  screen.width,
  screen.height
];

// If these differ from expected, protection is working
console.log('Screen properties:', screenProps);
console.log('User agent:', navigator.userAgent);

Compare values between protected and unprotected Firefox instances to confirm protection is active.

Common Compatibility Issues

Custom configurations sometimes cause website issues. Here are typical problems and solutions:

Broken login sessions occur when third-party cookies are blocked; add the site to exceptions or temporarily allow third-party cookies. Embedded content such as videos or maps may fail to load. check which tracker category is blocking the resource. Some real-time applications use tracking domains, causing WebSocket connections to fail; examine WebSocket URLs in the Network tab to identify the culprit. Local development may also trigger tracking protection, so use http://localhost with appropriate exceptions during development.

Performance Considerations

Blocking trackers actually improves page load times. Third-party tracker scripts often add significant latency through additional DNS lookups, connections, and JavaScript execution. Strict protection typically reduces page weight by 20-50% on tracker-heavy sites.

However, aggressive fingerprinting protection can cause slight rendering delays as Firefox normalizes browser characteristics. The tradeoff is usually worthwhile for privacy-conscious users.

When to Use Strict vs Custom

Choose Strict mode when you want maximum protection with minimal configuration effort and can tolerate occasional website breakage.

Choose Custom mode when you need to maintain specific site functionality while still blocking trackers. Developers often need Custom mode to test their own sites properly.

The optimal configuration depends on your threat model and workflow. Most power users benefit from a Custom setup that enables cross-site cookie blocking and fingerprinting protection while allowing exceptions for development and critical web applications.

Deep-Dive - Tracker List Management

Firefox’s tracking protection relies on Disconnect.me’s curated blocklists. Understanding these lists helps you make informed choices:

Blocklist Categories

Advertising - Third-party ad networks (Google Ads, Facebook Pixel, AdRoll). These track you across sites to build behavioral profiles and target ads.

Analytics - Tracking services collecting visitor behavior (Google Analytics, Mixpanel, Heap). Even if you disable ads, these services analyze how you use websites.

Social Media - Embedded social widgets (Facebook Like button, Twitter Share, LinkedIn Tracking). These send information back to social networks even without interaction.

Content Delivery Networks (CDNs): Some CDNs bundle tracking. Blocking these breaks content delivery; this is why exceptions matter.

Updating Tracker Lists

Firefox updates blocklists periodically, but you can check the current list composition:

// Check tracker list in Firefox console (F12)
fetch('resource://url-classifier/content-track-digest256.json')
    .then(r => r.json())
    .then(data => console.log(data))

// Lists are stored locally:
// ~/.mozilla/firefox/profile/safebrowsing/

Fingerprinting Resistance in Detail

The privacy.resistFingerprinting setting normalizes dozens of browser properties:

Properties Normalized

// With resistFingerprinting enabled, these properties are spoofed:
// Screen dimensions: Normalized to 1000x1000
// Color depth: Set to 24-bit
// Timezone: Set to UTC (unless overridden)
// User agent: Simplified to generic version
// Canvas fingerprint: Randomized per-domain
// WebGL properties: Reduced precision
// Font list: Restricted to standard fonts
// Hardware info: Omitted or generalized

Testing Your Fingerprint

Verify your protection is working:

Visit fingerprinting test websites
Check results before/after enabling protection
firefox about:config

Search for - privacy.resistFingerprinting
Toggle true/false and revisit test sites

Browser fingerprinting tests like panopticlick.eff.org reveal your uniqueness across the web.

Cookie Handling Deep-Dive

Firefox’s cookie isolation is more sophisticated than simple blocking:

First-Party Isolation (FPI)

Enable first-party isolation
privacy.firstparty.isolate = true

This isolates all cookies, local storage, and cache by first-party domain. A tracking cookie set by Google cannot be read when you visit a different domain, even though Google might embed tracking code on both.

Storage Partitioning

Dynamic storage partitioning (Firefox 98+)
privacy.partition.always_partition_third_party_non_cookie_storage = true

This restricts IndexedDB, Web Storage (localStorage), and service worker data to the first-party context. Previously, a tracker could store persistent state across domains.

CookieJar Validation

// Check what cookies Firefox is storing
// Browser console
document.cookie  // Shows first-party cookies only

// Check storage usage
navigator.storage.estimate().then(estimate => {
    console.log(`Using ${estimate.usage} / ${estimate.quota} bytes`);
});

HTTPS-Only Mode Integration

Strict tracking protection works best with HTTPS enforcement:

Enable HTTPS-only mode
dom.security.https_only_mode = true

Log warnings when downgrading
dom.security.https_only_mode_ever_enabled = true

This prevents trackers from using unencrypted HTTP connections, which are easier to intercept and analyze.

Phishing and Malware Protection Interaction

Firefox integrates Safe Browsing protection alongside tracking protection:

Enable Safe Browsing
browser.safebrowsing.enabled = true
browser.safebrowsing.malware.enabled = true
browser.safebrowsing.phishing.enabled = true

These settings work independently from tracking protection but benefit from the same list updates.

Extension Interaction and Conflicts

Some extensions conflict with Firefox’s native tracking protection:

// Extensions that may conflict:
// - uBlock Origin (can bypass native protection)
// - Privacy Badger (duplicates some protections)
// - Disconnect (similar to Firefox's lists)
// - Ghostery (data-sharing concerns)

// Best combination: Strict + uBlock Origin (basic mode)
// uBlock Origin handles more granular filtering
// Firefox native protects against fingerprinting

Configure uBlock Origin to complement Firefox:

  1. Enable Medium or Hard mode in uBlock
  2. Disable redundant blocklists to reduce overhead
  3. Create exceptions for sites you trust

Performance Impact Analysis

Tracking protection affects page load times measurably:

// Measure page load impact
let start = performance.now();

// Simulate page load with tracking blocked
document.addEventListener('DOMContentLoaded', () => {
    let load_time = performance.now() - start;
    console.log(`Page load: ${load_time}ms`);

    // Compare with trackers disabled
});

Typical results show 15-40% faster loads with Strict protection due to eliminated tracker requests.

Custom Rules for Enterprise Environments

Organizations can deploy custom tracking protection policies:

{
  "policies": {
    "TrackingProtection": {
      "value": true,
      "locked": true,
      "exceptions": ["*.company-internal.local"]
    },
    "ContentBlocking": {
      "Strict": true,
      "Exceptions": ["trusted-partner.com"]
    }
  }
}

This configuration forces Strict tracking protection while allowing exceptions for specific trusted domains.

Frequently Asked Questions

Can I use the first tool and the second tool together?

Yes, many users run both tools simultaneously. the first tool and the second tool serve different strengths, so combining them can cover more use cases than relying on either one alone. Start with whichever matches your most frequent task, then add the other when you hit its limits.

Which is better for beginners, the first tool or the second tool?

It depends on your background. the first tool tends to work well if you prefer a guided experience, while the second tool gives more control for users comfortable with configuration. Try the free tier or trial of each before committing to a paid plan.

Is the first tool or the second tool more expensive?

Pricing varies by tier and usage patterns. Both offer free or trial options to start. Check their current pricing pages for the latest plans, since AI tool pricing changes frequently. Factor in your actual usage volume when comparing costs.

Can AI-generated tests replace manual test writing entirely?

Not yet. AI tools generate useful test scaffolding and catch common patterns, but they often miss edge cases specific to your business logic. Use AI-generated tests as a starting point, then add cases that cover your unique requirements and failure modes.

What happens to my data when using the first tool or the second tool?

Review each tool’s privacy policy and terms of service carefully. Most AI tools process your input on their servers, and policies on data retention and training usage vary. If you work with sensitive or proprietary content, look for options to opt out of data collection or use enterprise tiers with stronger privacy guarantees.

Related Articles

Built by theluckystrike. More at zovo.one