Experimental features in Firefox
This page lists Firefox's experimental and partially implemented features, including those for proposed or cutting-edge web platform standards, along with information on the builds in which they are present, whether or not they are activated "by default", and which preference can be used to activate or deactivate them. This allows you to test the features before they are released.
New features appear first in the Firefox Nightly build, where they are often enabled by default. They later propagate though to Firefox Developer Edition and eventually to the release build. After a feature is enabled by default in a release build, it is no longer considered experimental and should be removed from the topic.
Experimental features can be enabled or disabled using the Firefox Configuration Editor (enter about:config
in the Firefox address bar) by modifying the associated preference listed below.
Note:
For editors - when adding features to these tables, please try to include a link to the relevant bug or bugs using [Firefox bug <number>](https://bugzil.la/<number>)
.
HTML
Autocorrection of editable text elements
The HTML autocorrect
attribute (and corresponding HTMLElement.autocorrect
property) allow autocorrection in editable text elements including: most kinds of text <input>
elements, <textarea>
elements, and elements that have the contenteditable
attribute set (Firefox bug 1725806).
Release channel | Version added | Enabled by default? |
---|---|---|
Nightly | 134 | Yes |
Developer Edition | 134 | No |
Beta | 134 | No |
Release | 134 | No |
Preference name | dom.forms.autocorrect |
Layout for input type="search"
Layout for input type="search"
has been updated. This causes a search field to have a clear icon once someone starts typing in it, to match other browser implementations. (See Firefox bug 558594 for more details.)
Release channel | Version added | Enabled by default? |
---|---|---|
Nightly | 81 | No |
Developer Edition | 81 | No |
Beta | 81 | No |
Release | 81 | No |
Preference name | layout.forms.input-type-search.enabled |
Toggle password display
HTML password input elements (<input type="password">
) include an "eye" icon that can be toggled to display or obscure the password text (Firefox bug 502258).
Release channel | Version added | Enabled by default? |
---|---|---|
Nightly | 96 | No |
Developer Edition | 96 | No |
Beta | 96 | No |
Release | 96 | No |
Preference name | layout.forms.reveal-password-button.enabled |
Plaintext-only contenteditable mode
The plaintext-only
value of the contenteditable
global attribute indicates that the element is editable; rich text formatting is disabled and any formatting in pasted text is automatically stripped. (See Firefox bug 1922723 for more details.)
Release channel | Version added | Enabled by default? |
---|---|---|
Nightly | 133 | yes |
Developer Edition | 133 | No |
Beta | 133 | No |
Release | 133 | No |
Preference name | dom.element.contenteditable.plaintext-only.enabled |
CSS
Hex boxes to display stray control characters
This feature renders control characters (Unicode category Cc) other than tab (U+0009
), line feed (U+000A
), form feed (U+000C
), and carriage return (U+000D
) as a hex box when they are not expected. (See Firefox bug 1099557 for more details.)
Release channel | Version added | Enabled by default? |
---|---|---|
Nightly | 43 | Yes |
Developer Edition | 43 | No |
Beta | 43 | No |
Release | 43 | No |
Preference name |
layout.css.control-characters.visible
|
initial-letter property
The initial-letter
CSS property is part of the CSS Inline Layout specification and allows you to specify how dropped, raised, and sunken initial letters are displayed. (See Firefox bug 1223880 for more details.)
Release channel | Version added | Enabled by default? |
---|---|---|
Nightly | 50 | No |
Developer Edition | 50 | No |
Beta | 50 | No |
Release | 50 | No |
Preference name | layout.css.initial-letter.enabled |
fit-content() function
The fit-content()
function as it applies to width
and other sizing properties. This function is already well-supported for CSS Grid Layout track sizing. (See Firefox bug 1312588 for more details.)
Release channel | Version added | Enabled by default? |
---|---|---|
Nightly | 91 | No |
Developer Edition | 91 | No |
Beta | 91 | No |
Release | 91 | No |
Preference name | layout.css.fit-content-function.enabled |
Scroll-driven animations
Earlier called "scroll-linked animations", a scroll-driven animation depends on the scroll position of a scrollbar instead of time or some other dimension.
The scroll-timeline-name
and scroll-timeline-axis
properties (and the scroll-timeline
shorthand property) allow you to specify that a particular scrollbar in a particular named container can be used as the source for a scroll-driven animation.
The scroll timeline can then be associated with an animation by setting the animation-timeline
property to the name value defined using scroll-timeline-name
.
When using the scroll-timeline
shorthand property, the order of the property values must be scroll-timeline-name
followed by scroll-timeline-axis
. The longhand and shorthand properties are both available behind the preference.
You can alternatively use the scroll()
functional notation with animation-timeline
to indicate that a scrollbar axis in an ancestor element will be used for the timeline.
For more information, see Firefox bug 1807685, Firefox bug 1804573, Firefox bug 1809005, Firefox bug 1676791, Firefox bug 1754897, and Firefox bug 1737918.
Release channel | Version added | Enabled by default? |
---|---|---|
Nightly | 110 | No |
Developer Edition | 110 | No |
Beta | 110 | No |
Release | 110 | No |
Preference name | layout.css.scroll-driven-animations.enabled |
@scope at-rule
The @scope CSS at-rule allows you to select specific child elements without having to overly increase the specificity of CSS selectors (Firefox bug 1886441).
Release channel | Version added | Enabled by default? |
---|---|---|
Nightly | 128 | No |
Developer Edition | 128 | No |
Beta | 128 | No |
Release | 128 | No |
Preference name | layout.css.at-scope.enabled |
font-variant-emoji property
The CSS font-variant-emoji
property allows you to set a default presentation style for displaying emojis.
See (Firefox bug 1461589) for more details.
Release channel | Version added | Enabled by default? |
---|---|---|
Nightly | 108 | Yes |
Developer Edition | 108 | No |
Beta | 108 | No |
Release | 108 | No |
Preference name | layout.css.font-variant-emoji.enabled |
prefers-reduced-transparency media feature
The CSS prefers-reduced-transparency
media feature lets you detect if a user has enabled the setting to minimize the amount of transparent or translucent layer effects on their device.
See (Firefox bug 1736914) for more details.
Release channel | Version added | Enabled by default? |
---|---|---|
Nightly | 113 | No |
Developer Edition | 113 | No |
Beta | 113 | No |
Release | 113 | No |
Preference name | layout.css.prefers-reduced-transparency.enabled |
inverted-colors media feature
The CSS inverted-colors
media feature lets you detect if a user agent or the underlying operating system is inverting colors.
See (Firefox bug 1794628) for more details.
Release channel | Version added | Enabled by default? |
---|---|---|
Nightly | 114 | No |
Developer Edition | 114 | No |
Beta | 114 | No |
Release | 114 | No |
Preference name | layout.css.inverted-colors.enabled |
Named view progress timelines property
The CSS view-timeline-name
property lets you give a name to particular element, identifying that its ancestor scroller element is the source of a view progress timeline.
The name can then be assigned to the animation-timeline
, which then animates the associated element as it moves through the visible area of its ancestor scroller.
See (Firefox bug 1737920) for more details.
Release channel | Version added | Enabled by default? |
---|---|---|
Nightly | 114 | No |
Developer Edition | 114 | No |
Beta | 114 | No |
Release | 114 | No |
Preference name | layout.css.scroll-driven-animations.enabled |
Anonymous view progress timelines function
The CSS view()
function lets you specify that the animation-timeline
for an element is a view progress timeline, which will animate the element as it moves through the visible area of its ancestor scroller.
The function defines the axis of the parent element that supplies the timeline, along with the inset within the visible area at which the animation starts and begins.
See (Firefox bug 1808410) for more details.
Release channel | Version added | Enabled by default? |
---|---|---|
Nightly | 114 | No |
Developer Edition | 114 | No |
Beta | 114 | No |
Release | 114 | No |
Preference name | layout.css.scroll-driven-animations.enabled |
Vendor-prefixed transform properties
The -moz-
prefixed CSS transform properties can be disabled by setting the layout.css.prefixes.transforms
preference to false
. The intent is to disable these once the standard CSS zoom properties are well supported. (Firefox bug 1886134, Firefox bug 1855763).
Specifically, this preference will disable the following prefixed properties:
-moz-backface-visibility
-moz-perspective
-moz-perspective-origin
-moz-transform
-moz-transform-origin
-moz-transform-style
Release channel | Version added | Enabled by default? |
---|---|---|
Nightly | 120 | Yes |
Developer Edition | 120 | Yes |
Beta | 120 | Yes |
Release | 120 | Yes |
Preference name |
layout.css.prefixes.transforms
|
UA styles for <h1>
nested in sectioning elements
The <h1>
heading doesn't decrease in font size now when nested within sectioning elements <article>
, <aside>
, <nav>
, and <section>
. The UA styles for <h1>
nested within sectioning elements are no longer relevant since the outline algorithm has been removed from the HTML specification. (Firefox bug 1883896).
Note:
The preference for this feature works in reverse: it's set to false
in the Nightly build, which removes the UA styling for headings nested in sectioning elements. It's set to true
in all other channels, which retains the existing UA styling for the nested headings.
Release channel | Version added | Enabled by default? |
---|---|---|
Nightly | 125 | No |
Developer Edition | 125 | Yes |
Beta | 125 | Yes |
Release | 125 | Yes |
Preference name |
layout.css.h1-in-section-ua-styles.enabled
|
shape()
function
The CSS shape()
function is a <basic-shape>
data type that enables you to define a shape in the clip-path
and offset-path
properties using one or more "shape commands". These commands are very similar to the SVG path commands. The shape()
function is similar in some respects to the
function, but unlike path()
path()
, which uses the SVG path syntax, shape()
uses standard CSS syntax. This enables you to easily create and edit shapes and also allows the use of CSS math functions.
For more details, see Firefox bug 1823463 for the shape()
function support in clip-path
, Firefox bug 1884424 for the function's support in offset-path
, and Firefox bug 1884425 for its interpolation support.
Release channel | Version added | Enabled by default? |
---|---|---|
Nightly | 126 | Yes |
Developer Edition | 126 | No |
Beta | 126 | No |
Release | 126 | No |
Preference name | layout.css.basic-shape-shape.enabled |
Symmetrical letter-spacing
The CSS letter-spacing
property now splits the specified letter spacing evenly on both sides of each character. This is unlike the current behavior where spacing is added primarily to one side. This approach can improve text spacing, especially in mixed-directional text Firefox bug 1891446.
Release channel | Version added | Enabled by default? |
---|---|---|
Nightly | 128 | Yes |
Developer Edition | 128 | Yes |
Beta | 127 | No |
Release | 127 | No |
Preference name | layout.css.letter-spacing.model |
calc()
color channel support in relative colors
The CSS calc()
function can now parse color channels in relative colors, allowing you to correctly calculate changes to colors in different color spaces or while using different functional notations Firefox bug 1889561.
Release channel | Version added | Enabled by default? |
---|---|---|
Nightly | 127 | Yes |
Developer Edition | 127 | No |
Beta | 127 | No |
Release | 127 | No |
Preference name | layout.css.relative-color-syntax.enabled |
CSS Anchor Positioning
The CSS Anchor Positioning module defines a number of features that allow elements to be defined as anchor elements, and for other elements to be positioned relative to anchor elements. This allows, for example, tooltips to be displayed alongside associated content as it scrolls through the viewport, moving as needed when it would overflow the viewport, and disappearing when the anchor moves offscreen. The set of features are being progressively rolled out behind a preference (Firefox bug 1838746).
The parts that have been implemented include:
CSSPositionTryRule
andCSSPositionTryDescriptors
(Firefox 131).
Release channel | Version added | Enabled by default? |
---|---|---|
Nightly | 131 | No |
Developer Edition | 131 | No |
Beta | 131 | No |
Release | 131 | No |
Preference name | layout.css.anchor-positioning.enabled |
:has-slotted pseudo-class
The :has-slotted
pseudo-class is used to style elements in <template>
that have content added to a <slot>
element when rendering a web component (Firefox bug 1921747).
Release channel | Version added | Enabled by default? |
---|---|---|
Nightly | 133 | No |
Developer Edition | 133 | No |
Beta | 133 | No |
Release | 133 | No |
Preference name | layout.css.has-slotted-selector.enabled |
SVG
None.
JavaScript
Intl.DurationFormat
Intl.DurationFormat
enables locale-sensitive formatting of durations. (Firefox bug 1648139).
Release channel | Version added | Enabled by default? |
---|---|---|
Nightly | 134 | Yes |
Developer Edition | 134 | No |
Beta | 134 | No |
Release | 134 | No |
Preference name | NA |
JSON.parse with source
The JSON.parse
source text access proposal extends JSON.parse
behavior to provide features to mitigate issues around loss of precision when converting values such as large floats and date values between JavaScript values and JSON text. (Firefox bug 1913085, Firefox bug 1925334).
Release channel | Version added | Enabled by default? |
---|---|---|
Nightly | 132 | No |
Developer Edition | 132 | No |
Beta | 132 | No |
Release | 132 | No |
Preference name | javascript.options.experimental.json_parse_with_source |
APIs
Cookie Store API
The Cookie Store API is a modern, Promise
-based method of managing cookies that does not block the event loop and does not rely on Document
(it can therefore be made available to service workers). A subset of the Cookie Store API has been implemented (Firefox bug 1800882). This includes:
- The
CookieStore
interface, butpartitioned
is not included in return values. - The
CookieChangeEvent
interface, excludingpartitioned
properties. - The
Window.cookieStore
property. - The
ServiceWorkerGlobalScope.cookieStore
property.
Release channel | Version added | Enabled by default? |
---|---|---|
Nightly | 132 | Yes |
Developer Edition | 132 | No |
Beta | 132 | No |
Release | 132 | No |
Preference name | dom.cookieStore.enabled |
CloseWatcher Interface
Built-in web components with "open" and "close" semantics, such as modal dialogs and popovers, can be closed using device-native mechanisms.
For example, on Android you can close a dialog using the back button.
The CloseWatcher
interface allows developers to implement UI components, such as custom sidebars, that can similarly be closed using native mechanisms.
(Firefox bug 1888729).
Release channel | Version added | Enabled by default? |
---|---|---|
Nightly | 132 | No |
Developer Edition | 132 | Yes |
Beta | 132 | Yes |
Release | 132 | No |
Preference name | dom.closewatcher.enabled |
Trusted Types API
The Trusted Types API provides mechanisms to ensure that functions that can potentially be used as vectors for XSS attacks are only able to be called with data that has been validated or sanitized.
Note: At the time of writing not enough of the API has been implemented for it to be effectively testable. This note will be removed once it is ready.
This subset of the API has been implemented:
Release channel | Version added | Enabled by default? |
---|---|---|
Nightly | 133 | No |
Developer Edition | 133 | No |
Beta | 133 | No |
Release | 133 | No |
Preference name | dom.security.trusted_types.enabled |
Graphics: Canvas, WebGL, and WebGPU
WebGL: Draft extensions
When this preference is enabled, any WebGL extensions currently in "draft" status which are being tested are enabled for use. Currently, there are no WebGL extensions being tested by Firefox.
WebGPU API
The WebGPU API provides low-level support for performing computation and graphics rendering using the Graphics Processing Unit (GPU) of the user's device or computer. See Firefox bug 1602129 for our progress on this API.
Release channel | Version added | Enabled by default? |
---|---|---|
Nightly | 113 | Yes |
Developer Edition | 73 | No |
Beta | 73 | No |
Release | 73 | No |
Preference name | dom.webgpu.enabled |
Reporting API support for CSP Violations
The Reporting API now has support for reporting Content Security Policy (CSP) violations.
Report
instances returned by the ReportingObserver
interface can now have a type
value of "csp-violation"
and a body
property that contains an instance of the CSPViolationReportBody
interface.
This allows CSP violations to be reported within a web page.
CSP violation reports can also be sent to remote endpoints that are specified by name in the CSP report-to
directive — endpoints names and corresponding URLs must first be defined in the Reporting-Endpoints
or Report-To
HTTP response headers.
The report is a serialization of the Report
object described above, with a body
property that is a serialization of an CSPViolationReportBody
instance.
This violation report replaces a similar CSP-specific mechanism for sending violation reports, which uses the CSP report-uri
directive to set the URL of the reporting endpoint, and has a CSP-specific JSON violation report format.
(Firefox bug 1391243).
Release channel | Version added | Enabled by default? |
---|---|---|
Nightly | 130 | No |
Developer Edition | 130 | No |
Beta | 130 | No |
Release | 130 | No |
Preference name | dom.reporting.enabled |
WebRTC and media
The following experimental features include those found in the WebRTC API, the Web Audio API, the Media Source Extensions API, the Encrypted Media Extensions API, and the Media Capture and Streams API.
Asynchronous SourceBuffer add and remove
This adds the promise-based methods appendBufferAsync()
and removeAsync()
for adding and removing media source buffers to the SourceBuffer
interface. See Firefox bug 1280613 and Firefox bug 778617 for more information.
Release channel | Version added | Enabled by default? |
---|---|---|
Nightly | 62 | No |
Developer Edition | 62 | No |
Beta | 62 | No |
Release | 62 | No |
Preference name | media.mediasource.experimental.enabled |
AVIF compliance strictness
The image.avif.compliance_strictness
preference can be used to control the strictness applied when processing AVIF images.
This allows Firefox users to display images that render on some other browsers, even if they are not strictly compliant.
Permitted values are:
0
: Accept images with specification violations in both recommendations ("should" language) and requirements ("shall" language), provided they can be safely or unambiguously interpreted.1
(default): Reject violations of requirements, but allow violations of recommendations.2
: Strict. Reject any violations in requirements or recommendations.
Release channel | Version added | Default value |
---|---|---|
Nightly | 92 | 1 |
Developer Edition | 92 | 1 |
Beta | 92 | 1 |
Release | 92 | 1 |
Preference name | image.avif.compliance_strictness |
JPEG XL support
Firefox supports JPEG XL images if this feature is enabled. See Firefox bug 1539075 for more details.
Note that, as shown below, the feature is only available on Nightly builds (irrespective of whether the preference is set).
Release channel | Version added | Enabled by default? |
---|---|---|
Nightly | 90 | No |
Developer Edition | — | — |
Beta | — | — |
Release | — | — |
Preference name | image.jxl.enabled |
CSS Custom Highlight API
The CSS Custom Highlight API provides a mechanism for styling arbitrary text ranges in a document (generalizing the behavior of other highlight pseudo-elements such as ::selection
, ::spelling-error
, ::grammar-error
, and ::target-text
).
The ranges are defined in JavaScript using Range
instances grouped in a Highlight
, and then registered with a name using HighlightRegistry
.
The CSS ::highlight
pseudo-element is used to apply styles to a registered highlight.
See Firefox bug 1703961 for more details.
Release channel | Version added | Enabled by default? |
---|---|---|
Nightly | 117 | Yes |
Developer Edition | 117 | No |
Beta | 117 | No |
Release | 117 | No |
Preference name | dom.customHighlightAPI.enabled |
WebVR API
WebVR API (Disabled)
The deprecated WebVR API is on the path for removal. It is disabled by default on all builds Firefox bug 1750902.
Release channel | Version removed | Enabled by default? |
---|---|---|
Nightly | 98 | No |
Developer Edition | 98 | No |
Beta | 98 | No |
Release | 98 | No |
Preference name | dom.vr.enabled |
HTML DOM API
Selections crossing shadow DOM boundary
The Selection.getComposedRanges()
method can be used to get an array of StaticRange
objects representing the current selected range or ranges.
Unlike Selection.getRangeAt()
, this method can return ranges with anchor or focus nodes inside a shadow DOM, but only if it is passed the ShadowRoot
objects that contain those nodes.
Otherwise, it will return a range that has been re-scoped to include the host node of the shadow root that contains the node.
The Selection
methods setBaseAndExtent()
, collapse()
, and extend()
have also been modified to accept nodes inside a shadow root.
User selection via mouse, keyboard, and so on, can start and end anywhere in the document, including inside any open or closed shadow trees. (Firefox bug 1867058).
Release channel | Version added | Enabled by default? |
---|---|---|
Nightly | 126 | Yes |
Developer Edition | 126 | No |
Beta | 126 | No |
Release | 126 | No |
Preference name | dom.shadowdom.selection_across_boundary.enabled |
HTMLMediaElement properties: audioTracks and videoTracks
Enabling this feature adds the HTMLMediaElement.audioTracks
and HTMLMediaElement.videoTracks
properties to all HTML media elements. However, because Firefox doesn't currently support multiple audio and video tracks, the most common use cases for these properties don't work, so they're both disabled by default. See Firefox bug 1057233 for more details.
Release channel | Version added | Enabled by default? |
---|---|---|
Nightly | 33 | No |
Developer Edition | 33 | No |
Beta | 33 | No |
Release | 33 | No |
Preference name | media.track.enabled |
GeometryUtils methods: convertPointFromNode(), convertRectFromNode(), and convertQuadFromNode()
The GeometryUtils
methods convertPointFromNode()
, convertRectFromNode()
, and convertQuadFromNode()
map the given point, rectangle, or quadruple from the Node
on which they're called to another node. (See Firefox bug 918189 for more details.)
Release channel | Version added | Enabled by default? |
---|---|---|
Nightly | 31 | Yes |
Developer Edition | 31 | No |
Beta | 31 | No |
Release | 31 | No |
Preference name | layout.css.convertFromNode.enable |
GeometryUtils method: getBoxQuads()
The GeometryUtils
method getBoxQuads()
returns the CSS boxes for a Node
relative to any other node or viewport. (See Firefox bug 917755 for more details.)
Release channel | Version added | Enabled by default? |
---|---|---|
Nightly | 31 | Yes |
Developer Edition | 31 | No |
Beta | 31 | No |
Release | 31 | No |
Preference name | layout.css.getBoxQuads.enabled |
Payment Request API
Primary payment handling
The Payment Request API provides support for handling web-based payments within web content or apps. Due to a bug that came up during testing of the user interface, we have decided to postpone shipping this API while discussions over potential changes to the API are held. Work is ongoing. (See Firefox bug 1318984 for more details.)
Release channel | Version added | Enabled by default? |
---|---|---|
Nightly | 55 | No |
Developer Edition | 55 | No |
Beta | 55 | No |
Release | 55 | No |
Preference name |
dom.payments.request.enabled anddom.payments.request.supportedRegions
|
WebShare API
The Web Share API allows sharing of files, URLs and other data from a site. This feature is enabled on Android in all builds, but behind a preference on Desktop (unless specified below).
Release channel | Version changed | Enabled by default? |
---|---|---|
Nightly | 71 | No (default). Yes (Windows from version 92) |
Developer Edition | 71 | No |
Beta | 71 | No |
Release | 71 | No (Desktop). Yes (Android). |
Preference name | dom.webshare.enabled |
Screen Orientation API
ScreenOrientation.lock()
The ScreenOrientation.lock()
method allows a device to be locked to a particular orientation, if supported by the device and allowed by browser pre-lock requirements.
Typically locking the orientation is only allowed on mobile devices when the document is being displayed full screen.
See Firefox bug 1697647 for more details.
Release channel | Version changed | Enabled by default? |
---|---|---|
Nightly | 111 | Yes |
Developer Edition | 97 | No |
Beta | 97 | No |
Release | 97 | No |
Preference name | dom.screenorientation.allow-lock |
Prioritized Task Scheduling API
The Prioritized Task Scheduling API provides a standardized way to prioritize all tasks belonging to an application, whether they defined in a website developer's code, or in third party libraries and frameworks. (Firefox bug 1734997)
This feature was enabled on Firefox Nightly in Firefox 101. Support in Firefox Nightly 135 has been temporarily disabled in order to avoid breakage in-the-wild.
Release channel | Version changed | Enabled by default? |
---|---|---|
Nightly | 101 | No |
Developer Edition | 101 | No |
Beta | 101 | No |
Release | 101 | No |
Preference name | dom.enable_web_task_scheduling |
Notifications API
Notifications have the requireInteraction
property set to true by default on Windows systems and in the Nightly release (Firefox bug 1794475).
Release channel | Version changed | Enabled by default? |
---|---|---|
Nightly | 117 | Yes |
Developer Edition | 117 | No |
Beta | 117 | No |
Release | 117 | Windows only |
Preference name | dom.webnotifications.requireinteraction.enabled |
Security and privacy
Block plain text requests from Flash on encrypted pages
In order to help mitigate man-in-the-middle (MitM) attacks caused by Flash content on encrypted pages, a preference has been added to treat OBJECT_SUBREQUEST
s as active content. See Firefox bug 1190623 for more details.
Release channel | Version added | Enabled by default? |
---|---|---|
Nightly | 59 | No |
Developer Edition | 59 | No |
Beta | 59 | No |
Release | 59 | No |
Preference name |
security.mixed_content.block_object_subrequest
|
Insecure page labeling
The two security.insecure_connection_text_*
preferences add a "Not secure" text label in the address bar next to the traditional lock icon when a page is loaded insecurely (that is, using HTTP rather than HTTPS). The browser.urlbar.trimHttps
preference trims the https:
prefix from address bar URLS. See Firefox bug 1853418 for more details.
Release channel | Version added | Enabled by default? |
---|---|---|
Nightly | 121 | Yes |
Developer Edition | 60 | No |
Beta | 60 | No |
Release | 60 | No |
Preference name |
security.insecure_connection_text.enabled for normal browsing mode;
security.insecure_connection_text.pbmode.enabled for private browsing mode
browser.urlbar.trimHttps for trimming https prefix
|
Permissions Policy / Feature policy
Permissions Policy allows web developers to selectively enable, disable, and modify the behavior of certain features and APIs in the browser. It is similar to CSP but controls features instead of security behavior. This is implemented in Firefox as Feature Policy, the name used in an earlier version of the specification.
Note that supported policies can be set through the allow
attribute on <iframe>
elements even if the user preference is not set.
Release channel | Version added | Enabled by default? |
---|---|---|
Nightly | 65 | No |
Developer Edition | 65 | No |
Beta | 65 | No |
Release | 65 | No |
Preference name |
dom.security.featurePolicy.header.enabled
|
Privacy Preserving Attribution API (PPA)
PPA API provides an alternative to user tracking for ad attribution using the new navigator.privateAttribution
object with saveImpression()
and measureConversion()
methods. Read more about PPA in the explainer. This experiment can be enabled for websites via origin trial or in the browser by setting the preference to 1
. (Firefox bug 1900929).
Release channel | Version added | Enabled by default? |
---|---|---|
Nightly | 128 | No |
Developer Edition | 128 | No |
Beta | 128 | No |
Release | 128 | No |
Preference name |
dom.origin-trials.private-attribution.state
|
HTTP
Accept header with MIME type image/jxl
The HTTP Accept
header in default requests and image requests can be configured via a preference to indicate support for the image/jxl
MIME type.
Release channel | Version added | Enabled by default? |
---|---|---|
Nightly | 128 | No |
Developer Edition | 128 | No |
Beta | 128 | No |
Release | 128 | No |
Preference name |
image.jxl.enabled
|
SameSite=Lax by default
SameSite
cookies have a default value of Lax
.
With this setting, cookies are only sent when a user is navigating to the origin site, not for cross-site subrequests to load images or frames into a third party site and so on.
For more details see Firefox bug 1617609.
Release channel | Version added | Enabled by default? |
---|---|---|
Nightly | 69 | No |
Developer Edition | 69 | No |
Beta | 69 | No |
Release | 69 | No |
Preference name | network.cookie.sameSite.laxByDefault |
Access-Control-Allow-Headers wildcard does not cover Authorization
The Access-Control-Allow-Headers
is a response header to a CORS preflight request, that indicates which request headers may be included in the final request.
The response directive can contain a wildcard (*
), which indicates that the final request may include all headers except the Authorization
header.
By default, Firefox includes the Authorization
header in the final request after receiving a response with Access-Control-Allow-Headers: *
.
Set the preference to false
to ensure Firefox does not include the Authorization
header.
For more details see Firefox bug 1687364.
Release channel | Version added | Enabled by default? |
---|---|---|
Nightly | 115 | Yes |
Developer Edition | 115 | Yes |
Beta | 115 | Yes |
Release | 115 | Yes |
Preference name | network.cors_preflight.authorization_covered_by_wildcard |
Developer tools
Mozilla's developer tools are constantly evolving. We experiment with new ideas, add new features, and test them on the Nightly and Developer Edition channels before letting them go through to beta and release. The features below are the current crop of experimental developer tool features.