Experimental features in Firefox
This page lists Firefox's experimental and partially-implemented features, including evolving or proposed web platform standards. Each entry below includes information about the builds in which a feature is included (Nightly, Beta, Developer Edition, or Release), whether it is activated by default or not, and the name of the preference you can use to activate or configure the feature. The description of each feature also includes links to relevant Bugzilla bugs that implement or enable the feature. This information allows you to try out experimental features and provide feedback before they are officially released.
In terms of lifecycle, new features usually appear first in Nightly, where they are often enabled by default for early feedback and testing. If no major problems are found, they are included in Beta and Developer Edition pre-release builds. Finally, approved features ship in the stable Release channel. When a feature is enabled by default in a release, it is no longer considered experimental and is removed from this page.
To enable these features, enter about:config in the Firefox address bar, search for the associated preference and change its value, which is usually a toggle between true and false.
Depending on the feature, you might need to restart the browser for the change to take effect.
Check the Firefox Configuration Editor support article for more information about managing preferences in Firefox.
HTML
Layout for input type="search"
Layout for input type="search" has been updated. This causes a search field to have a clear icon once someone starts typing in it, to match other browser implementations. (See Firefox bug 558594 for more details.)
| Release channel | Version added | Enabled by default? |
|---|---|---|
| Nightly | 81 | No |
| Developer Edition | 81 | No |
| Beta | 81 | No |
| Release | 81 | No |
layout.forms.input-type-search.enabled-
Set to
trueto enable.
Toggle password display
HTML password input elements (<input type="password">) include an "eye" icon that can be toggled to display or obscure the password text (Firefox bug 502258).
| Release channel | Version added | Enabled by default? |
|---|---|---|
| Nightly | 96 | No |
| Developer Edition | 96 | No |
| Beta | 96 | No |
| Release | 96 | No |
-
Set to
trueto enable.
Time picker for datetime-local input field
HTML datetime-local input elements (<input type="datetime-local">) now includes a time picker (Firefox bug 1726108).
| Release channel | Version added | Enabled by default? |
|---|---|---|
| Nightly | 144 | No |
| Developer Edition | 144 | No |
| Beta | 144 | No |
| Release | 144 | No |
dom.forms.datetime.timepicker-
Set to
trueto enable.
CSS
Hex boxes to display stray control characters
This feature renders control characters (Unicode category Cc) other than tab (U+0009), line feed (U+000A), form feed (U+000C), and carriage return (U+000D) as a hex box when they are not expected. (See Firefox bug 1099557 for more details.)
| Release channel | Version added | Enabled by default? |
|---|---|---|
| Nightly | 43 | Yes |
| Developer Edition | 43 | No |
| Beta | 43 | No |
| Release | 43 | No |
layout.css.control-characters.visible-
Set to
trueto enable.
initial-letter property
The initial-letter CSS property is part of the CSS Inline Layout specification and allows you to specify how dropped, raised, and sunken initial letters are displayed. (See Firefox bug 1223880 for more details.)
| Release channel | Version added | Enabled by default? |
|---|---|---|
| Nightly | 50 | No |
| Developer Edition | 50 | No |
| Beta | 50 | No |
| Release | 50 | No |
layout.css.initial-letter.enabled-
Set to
trueto enable.
fit-content() function
The fit-content() function as it applies to width and other sizing properties. This function is already well-supported for CSS Grid Layout track sizing. (See Firefox bug 1312588 for more details.)
| Release channel | Version added | Enabled by default? |
|---|---|---|
| Nightly | 91 | No |
| Developer Edition | 91 | No |
| Beta | 91 | No |
| Release | 91 | No |
layout.css.fit-content-function.enabled-
Set to
trueto enable.
Scroll-driven animations
Previously called "scroll-linked animations", a scroll-driven animation depends on the scroll position of a scrollbar instead of time or some other dimension.
The scroll-timeline-name and scroll-timeline-axis properties (and the scroll-timeline shorthand property) allow you to specify that a particular scrollbar in a particular named container can be used as the source for a scroll-driven animation.
The scroll timeline can then be associated with an animation by setting the animation-timeline property to the name value defined using scroll-timeline-name.
When using the scroll-timeline shorthand property, the order of the property values must be scroll-timeline-name followed by scroll-timeline-axis.
The longhand and shorthand properties are both available behind the preference.
You can alternatively use the scroll() functional notation with animation-timeline to indicate that a scrollbar axis in an ancestor element will be used for the timeline.
For more information, see Firefox bug 1807685, Firefox bug 1804573, Firefox bug 1809005, Firefox bug 1676791, Firefox bug 1754897, Firefox bug 1817303, and Firefox bug 1737918.
The timeline-scope, animation-range-start and animation-range-end properties (and the animation-range shorthand property) are not yet supported. For more information, see Firefox bug 1676779.
| Release channel | Version added | Enabled by default? |
|---|---|---|
| Nightly | 136 | Yes |
| Developer Edition | 110 | No |
| Beta | 110 | No |
| Release | 110 | No |
layout.css.scroll-driven-animations.enabled-
Set to
trueto enable.
@scope at-rule
The @scope CSS at-rule allows you to select specific child elements without having to overly increase the specificity of CSS selectors (Firefox bug 1886441).
| Release channel | Version added | Enabled by default? |
|---|---|---|
| Nightly | 137 | Yes |
| Developer Edition | 128 | No |
| Beta | 128 | No |
| Release | 128 | No |
layout.css.at-scope.enabled-
Set to
trueto enable.
prefers-reduced-transparency media feature
The CSS prefers-reduced-transparency media feature lets you detect if a user has enabled the setting to minimize the amount of transparent or translucent layer effects on their device.
See (Firefox bug 1736914) for more details.
| Release channel | Version added | Enabled by default? |
|---|---|---|
| Nightly | 113 | No |
| Developer Edition | 113 | No |
| Beta | 113 | No |
| Release | 113 | No |
layout.css.prefers-reduced-transparency.enabled-
Set to
trueto enable.
inverted-colors media feature
The CSS inverted-colors media feature lets you detect if a user agent or the underlying operating system is inverting colors.
See (Firefox bug 1794628) for more details.
| Release channel | Version added | Enabled by default? |
|---|---|---|
| Nightly | 114 | No |
| Developer Edition | 114 | No |
| Beta | 114 | No |
| Release | 114 | No |
layout.css.inverted-colors.enabled-
Set to
trueto enable.
Named view progress timelines property
The CSS view-timeline-name property lets you give a name to particular element, identifying that its ancestor scroller element is the source of a view progress timeline.
The name can then be assigned to the animation-timeline, which then animates the associated element as it moves through the visible area of its ancestor scroller.
See (Firefox bug 1737920) for more details.
| Release channel | Version added | Enabled by default? |
|---|---|---|
| Nightly | 114 | No |
| Developer Edition | 114 | No |
| Beta | 114 | No |
| Release | 114 | No |
layout.css.scroll-driven-animations.enabled-
Set to
trueto enable.
Anonymous view progress timelines function
The CSS view() function lets you specify that the animation-timeline for an element is a view progress timeline, which will animate the element as it moves through the visible area of its ancestor scroller.
The function defines the axis of the parent element that supplies the timeline, along with the inset within the visible area at which the animation starts and begins.
See (Firefox bug 1808410) for more details.
| Release channel | Version added | Enabled by default? |
|---|---|---|
| Nightly | 114 | No |
| Developer Edition | 114 | No |
| Beta | 114 | No |
| Release | 114 | No |
layout.css.scroll-driven-animations.enabled-
Set to
trueto enable.
Vendor-prefixed transform properties
The -moz- prefixed CSS transform properties can be disabled by setting the layout.css.prefixes.transforms preference to false. The intent is to disable these once the standard CSS zoom properties are well supported. (Firefox bug 1886134, Firefox bug 1855763).
Specifically, this preference will disable the following prefixed properties:
-moz-backface-visibility-moz-perspective-moz-perspective-origin-moz-transform-moz-transform-origin-moz-transform-style
| Release channel | Version added | Enabled by default? |
|---|---|---|
| Nightly | 120 | Yes |
| Developer Edition | 120 | Yes |
| Beta | 120 | Yes |
| Release | 120 | Yes |
layout.css.prefixes.transforms-
Set to
trueto enable.
shape() function
The CSS shape() function is a <basic-shape> data type that enables you to define a shape in the clip-path and offset-path properties using one or more "shape commands". These commands are very similar to the SVG path commands. The shape() function is similar in some respects to the path() function, but unlike path(), which uses the SVG path syntax, shape() uses standard CSS syntax. This enables you to easily create and edit shapes and also allows the use of CSS math functions.
For more details, see Firefox bug 1823463 for the shape() function support in clip-path, Firefox bug 1884424 for the function's support in offset-path, and Firefox bug 1884425 for its interpolation support.
| Release channel | Version added | Enabled by default? |
|---|---|---|
| Nightly | 126 | Yes |
| Developer Edition | 126 | No |
| Beta | 126 | No |
| Release | 126 | No |
layout.css.basic-shape-shape.enabled-
Set to
trueto enable.
Symmetrical letter-spacing
The CSS letter-spacing property now splits the specified letter spacing evenly on both sides of each character. This is unlike the current behavior where spacing is added primarily to one side. This approach can improve text spacing, especially in mixed-directional text Firefox bug 1891446.
| Release channel | Version added | Enabled by default? |
|---|---|---|
| Nightly | 128 | Yes |
| Developer Edition | 128 | Yes |
| Beta | 127 | No |
| Release | 127 | No |
layout.css.letter-spacing.model-
Set to
trueto enable.
calc() color channel support in relative colors
The CSS calc() function can now parse color channels in relative colors, allowing you to correctly calculate changes to colors in different color spaces or while using different functional notations Firefox bug 1889561.
| Release channel | Version added | Enabled by default? |
|---|---|---|
| Nightly | 127 | Yes |
| Developer Edition | 127 | No |
| Beta | 127 | No |
| Release | 127 | No |
layout.css.relative-color-syntax.enabled-
Set to
trueto enable.
CSS Anchor Positioning
The CSS Anchor Positioning module defines a number of features that allow elements to be defined as anchor elements, and for other elements to be positioned relative to anchor elements. This allows, for example, tooltips to be displayed alongside associated content as it scrolls through the viewport, moving as needed when it would overflow the viewport, and disappearing when the anchor moves offscreen. The set of features are being progressively rolled out behind a preference (Firefox bug 1838746).
The parts that have been implemented include CSSPositionTryRule and CSSPositionTryDescriptors (Firefox 131).
| Release channel | Version added | Enabled by default? |
|---|---|---|
| Nightly | 131 | No |
| Developer Edition | 131 | No |
| Beta | 131 | No |
| Release | 131 | No |
layout.css.anchor-positioning.enabled-
Set to
trueto enable.
Allow pseudo-elements after element-backed pseudo-elements
Work has started on allowing pseudo-elements such as ::first-letter and ::before to be appended to element-backed pseudo-elements such as ::details-content and ::file-selector-button.
This will allow users to, for example, style the first letter of the <details> element by using the CSS selector ::details-content::first-letter or add content before an <input> of type="file" using the CSS selector ::file-selector-button::before.
Currently, only support for ::details-content::first-letter can be parsed using @supports(::details-content::first-letter).
The ::file-selector-button pseudo-element is not yet marked as an element-based pseudo-element, so there is no way to test this.
(Firefox bug 1953557, Firefox bug 1941406).
| Release channel | Version added | Enabled by default? |
|---|---|---|
| Nightly | 138 | No |
| Developer Edition | 138 | No |
| Beta | 138 | No |
| Release | 138 | No |
anchor-size() function
The CSS anchor-size() function enables setting anchor-positioned element's size, position, and margins relative to the dimensions of anchor elements. (Firefox bug 1972610).
| Release channel | Version added | Enabled by default? |
|---|---|---|
| Nightly | 142 | No |
| Developer Edition | 142 | No |
| Beta | 142 | No |
| Release | 142 | No |
layout.css.anchor-positioning.enabled-
Set to
trueto enable.
:heading and :heading() pseudo-classes
The :heading pseudo-class allows you to style all heading elements (<h1>-<h6>) at once, rather than targeting them individually. The :heading() functional pseudo-class allows you to style heading elements that match the <An+B> notation. (Firefox bug 1974386).
| Release channel | Version added | Enabled by default? |
|---|---|---|
| Nightly | 142 | No |
| Developer Edition | 142 | No |
| Beta | 142 | No |
| Release | 142 | No |
layout.css.heading-selector.enabled-
Set to
trueto enable.
SVG
No experimental features in this release cycle.
JavaScript
No experimental features in this release cycle.
APIs
CloseWatcher Interface
Built-in web components with "open" and "close" semantics, such as modal dialogs and popovers, can be closed using device-native mechanisms.
For example, on Android you can close a dialog using the back button.
The CloseWatcher interface allows developers to implement UI components, such as custom sidebars, that can similarly be closed using native mechanisms.
(Firefox bug 1888729).
| Release channel | Version added | Enabled by default? |
|---|---|---|
| Nightly | 140 | Yes (Desktop). No (Android). |
| Developer Edition | 132 | No |
| Beta | 132 | No |
| Release | 132 | No |
dom.closewatcher.enabled-
Set to
trueto enable.
Trusted Types API
The Trusted Types API provides mechanisms to ensure that functions that can potentially be used as vectors for XSS attacks are only able to be called with data that has been validated or sanitized.
Note: At the time of writing not enough of the API has been implemented for it to be effectively testable. This note will be removed once it is ready.
This subset of the API has been implemented:
TrustedTypePolicyFactory:- The
write()andwriteln()methods of theDocumentinterface now acceptTrustedHTMLobjects as parameters, in addition to strings. (Firefox bug 1906301). - The
text,innerText, andtextContentproperties of theHTMLScriptElementinterface now acceptTrustedScriptobjects a value, whilesrcacceptsTrustedScriptURLvalues. (Firefox bug 1905706). - The
Window.setInterval()andWindow.setTimeout()methods can be called with aTrustedScript. (Firefox bug 1931290). - The global
trustedTypesproperty is available for accessing the Trusted Types API. - The properties
Element.innerHTMLandShadowRoot.innerHTMLcan be called with trusted types.
| Release channel | Version added | Enabled by default? |
|---|---|---|
| Nightly | 133 | No |
| Developer Edition | 133 | No |
| Beta | 133 | No |
| Release | 133 | No |
dom.security.trusted_types.enabled-
Set to
trueto enable.
HTML Sanitizer API
The HTML Sanitizer API allow developers to take untrusted strings of HTML and sanitize them for safe insertion into a document's DOM.
| Release channel | Version added | Enabled by default? |
|---|---|---|
| Nightly | 138 | No |
| Developer Edition | 138 | No |
| Beta | 138 | No |
| Release | 138 | No |
dom.security.sanitizer.enabled-
Set to
trueto enable.
Removal of beforescriptexecute and afterscriptexecute events
The non-standard events beforescriptexecute and afterscriptexecute on the Document interface, and afterscriptexecute and beforescriptexecute on the Element interface are on the path to removal. They have been disabled in Nightly.
(Firefox bug 1954685).
| Release channel | Version added | Enabled by default? |
|---|---|---|
| Nightly | 139 | No |
| Developer Edition | 139 | Yes |
| Beta | 139 | Yes |
| Release | 139 | Yes |
dom.events.script_execute.enable-
Set to
trueto enable.
Notification actions and maxActions properties
The actions read-only property and the maxActions static read-only property of the Notification interface are supported in Nightly on desktop.
These contain the notification actions set with ServiceWorkerRegistration.showNotification(), and the maximum number of actions that can be set, respectively.
(Firefox bug 1225110, Firefox bug 1963263).
| Release channel | Version added | Enabled by default? |
|---|---|---|
| Nightly | 138 | Yes (desktop only) |
| Developer Edition | 138 | No |
| Beta | 138 | No |
| Release | 138 | No |
dom.webnotifications.actions.enabled-
Set to
trueto enable.
Graphics: Canvas, WebGL, and WebGPU
WebGL: Draft extensions
When this preference is enabled, any WebGL extensions currently in "draft" status which are being tested are enabled for use. Currently, there are no WebGL extensions being tested by Firefox.
WebGPU API
The WebGPU API provides low-level support for performing computation and graphics rendering using the Graphics Processing Unit (GPU) of the user's device or computer. From version 142 this is enabled in on Windows in all contexts except service workers. For other platforms it is enabled in nightly. See Firefox bug 1602129 for our progress on this API.
| Release channel | Version added | Enabled by default? |
|---|---|---|
| Nightly | 141 | Yes |
| Developer Edition | 141 | No (Yes on Windows, not including service workers) |
| Beta | 141 | No (Yes on Windows, not including service workers) |
| Release | 141 | No (Yes on Windows, not including service workers) |
dom.webgpu.enabled-
Set to
trueto enable (enabled in Nightly and on Windows in all releases) dom.webgpu.service-workers.enabled-
Set to
trueto enable (enabled in Nightly)
Reporting API support for CSP Violations
The Reporting API now has support for reporting Content Security Policy (CSP) violations.
Report instances returned by the ReportingObserver interface can now have a type value of "csp-violation" and a body property that contains an instance of the CSPViolationReportBody interface.
This allows CSP violations to be reported within a web page.
CSP violation reports can also be sent to remote endpoints that are specified by name in the CSP report-to directive — endpoints names and corresponding URLs must first be defined in the Reporting-Endpoints or Report-To HTTP response headers.
The report is a serialization of the Report object described above, with a body property that is a serialization of an CSPViolationReportBody instance.
This violation report replaces a similar CSP-specific mechanism for sending violation reports, which uses the CSP report-uri directive to set the URL of the reporting endpoint, and has a CSP-specific JSON violation report format.
(Firefox bug 1391243).
| Release channel | Version added | Enabled by default? |
|---|---|---|
| Nightly | 130 | No |
| Developer Edition | 130 | No |
| Beta | 130 | No |
| Release | 130 | No |
dom.reporting.enabled-
Set to
trueto enable.
WebRTC and media
The following experimental features include those found in the WebRTC API, the Web Audio API, the Media Source Extensions API, the Encrypted Media Extensions API, and the Media Capture and Streams API.
Asynchronous SourceBuffer add and remove
This adds the promise-based methods appendBufferAsync() and removeAsync() for adding and removing media source buffers to the SourceBuffer interface. See Firefox bug 1280613 and Firefox bug 778617 for more information.
| Release channel | Version added | Enabled by default? |
|---|---|---|
| Nightly | 62 | No |
| Developer Edition | 62 | No |
| Beta | 62 | No |
| Release | 62 | No |
media.mediasource.experimental.enabled-
Set to
trueto enable.
AVIF compliance strictness
The image.avif.compliance_strictness preference can be used to control the strictness applied when processing AVIF images.
This allows Firefox users to display images that render on some other browsers, even if they are not strictly compliant.
| Release channel | Version added | Default value |
|---|---|---|
| Nightly | 92 | 1 |
| Developer Edition | 92 | 1 |
| Beta | 92 | 1 |
| Release | 92 | 1 |
image.avif.compliance_strictness-
Numeric value indicating a strictness level. Permitted values are:
0: Permissive. Accept images with specification violations in both recommendations ("should" language) and requirements ("shall" language), provided they can be safely or unambiguously interpreted.1(default): Mixed. Reject violations of requirements ("shall"), but allow violations of recommendations ("should").2: Strict. Reject any violations of specified requirements or recommendations.
JPEG XL support
Firefox supports JPEG XL images if this feature is enabled. See Firefox bug 1539075 for more details.
Note that, as shown below, the feature is only available on Nightly builds (irrespective of whether the preference is set).
| Release channel | Version added | Enabled by default? |
|---|---|---|
| Nightly | 90 | No |
| Developer Edition | — | — |
| Beta | — | — |
| Release | — | — |
image.jxl.enabled-
Set to
trueto enable.
WebVR API
WebVR API (Disabled)
The deprecated WebVR API is on the path for removal. It is disabled by default on all builds Firefox bug 1750902.
| Release channel | Version removed | Enabled by default? |
|---|---|---|
| Nightly | 98 | No |
| Developer Edition | 98 | No |
| Beta | 98 | No |
| Release | 98 | No |
dom.vr.enabled-
Set to
trueto enable.
HTMLMediaElement properties: audioTracks and videoTracks
Enabling this feature adds the HTMLMediaElement.audioTracks and HTMLMediaElement.videoTracks properties to all HTML media elements. However, because Firefox doesn't currently support multiple audio and video tracks, the most common use cases for these properties don't work, so they're both disabled by default. See Firefox bug 1057233 for more details.
| Release channel | Version added | Enabled by default? |
|---|---|---|
| Nightly | 33 | No |
| Developer Edition | 33 | No |
| Beta | 33 | No |
| Release | 33 | No |
media.track.enabled-
Set to
trueto enable.
GeometryUtils methods: convertPointFromNode(), convertRectFromNode(), and convertQuadFromNode()
The GeometryUtils methods convertPointFromNode(), convertRectFromNode(), and convertQuadFromNode() map the given point, rectangle, or quadruple from the Node on which they're called to another node. (See Firefox bug 918189 for more details.)
| Release channel | Version added | Enabled by default? |
|---|---|---|
| Nightly | 31 | Yes |
| Developer Edition | 31 | No |
| Beta | 31 | No |
| Release | 31 | No |
layout.css.convertFromNode.enable-
Set to
trueto enable.
GeometryUtils method: getBoxQuads()
The GeometryUtils method getBoxQuads() returns the CSS boxes for a Node relative to any other node or viewport. (See Firefox bug 917755 for more details.)
| Release channel | Version added | Enabled by default? |
|---|---|---|
| Nightly | 31 | Yes |
| Developer Edition | 31 | No |
| Beta | 31 | No |
| Release | 31 | No |
layout.css.getBoxQuads.enabled-
Set to
trueto enable.
Payment Request API
Primary payment handling
The Payment Request API provides support for handling web-based payments within web content or apps. Due to a bug that came up during testing of the user interface, we have decided to postpone shipping this API while discussions over potential changes to the API are held. Work is ongoing. (See Firefox bug 1318984 for more details.)
| Release channel | Version added | Enabled by default? |
|---|---|---|
| Nightly | 55 | No |
| Developer Edition | 55 | No |
| Beta | 55 | No |
| Release | 55 | No |
dom.payments.request.enabled-
Set to
trueto enable. dom.payments.request.supportedRegions-
Country codes as a comma-separated allowlist of regions (e.g.,
US,CA).
WebShare API
The Web Share API allows sharing of files, URLs and other data from a site. This feature is enabled on Android in all builds, but behind a preference on Desktop (unless specified below).
| Release channel | Version changed | Enabled by default? |
|---|---|---|
| Nightly | 71 | No (default). Yes (Windows from version 92) |
| Developer Edition | 71 | No |
| Beta | 71 | No |
| Release | 71 | No (Desktop). Yes (Android). |
-
Set to
trueto enable.
Screen Orientation API
ScreenOrientation.lock()
The ScreenOrientation.lock() method allows a device to be locked to a particular orientation, if supported by the device and allowed by browser pre-lock requirements.
Typically locking the orientation is only allowed on mobile devices when the document is being displayed full screen.
See Firefox bug 1697647 for more details.
| Release channel | Version changed | Enabled by default? |
|---|---|---|
| Nightly | 111 | Yes |
| Developer Edition | 97 | No |
| Beta | 97 | No |
| Release | 97 | No |
dom.screenorientation.allow-lock-
Set to
trueto enable.
Notifications API
Notifications have the requireInteraction property set to true by default on Windows systems and in the Nightly release (Firefox bug 1794475).
| Release channel | Version changed | Enabled by default? |
|---|---|---|
| Nightly | 117 | Yes |
| Developer Edition | 117 | No |
| Beta | 117 | No |
| Release | 117 | Windows only |
dom.webnotifications.requireinteraction.enabled-
Set to
trueto enable.
Security and privacy
Insecure page labeling
The two security.insecure_connection_text_* preferences add a "Not secure" text label in the address bar next to the traditional lock icon when a page is loaded insecurely (that is, using HTTP rather than HTTPS). The browser.urlbar.trimHttps preference trims the https: prefix from address bar URLs. See Firefox bug 1853418 for more details.
| Release channel | Version added | Enabled by default? |
|---|---|---|
| Nightly | 121 | Yes |
| Developer Edition | 60 | No |
| Beta | 60 | No |
| Release | 60 | No |
security.insecure_connection_text.enabled-
Set to
trueto enable the text label for normal browsing mode. security.insecure_connection_text.pbmode.enabled-
Set to
trueto enable the text label for private browsing mode. browser.urlbar.trimHttps-
Set to
trueto trim thehttps:prefix from address bar URLs.
Permissions Policy / Feature policy
Permissions Policy allows web developers to selectively enable, disable, and modify the behavior of certain features and APIs in the browser. It is similar to CSP but controls features instead of security behavior. This is implemented in Firefox as Feature Policy, the name used in an earlier version of the specification.
Note that supported policies can be set through the allow attribute on <iframe> elements even if the user preference is not set.
| Release channel | Version added | Enabled by default? |
|---|---|---|
| Nightly | 65 | No |
| Developer Edition | 65 | No |
| Beta | 65 | No |
| Release | 65 | No |
dom.security.featurePolicy.header.enabled-
Set to
trueto enable.
Privacy Preserving Attribution API (PPA)
PPA API provides an alternative to user tracking for ad attribution using the new navigator.privateAttribution object with saveImpression() and measureConversion() methods. Read more about PPA in the original explainer and the proposed spec. This experiment can be enabled for websites via origin trial or in the browser by setting the preference to 1. (Firefox bug 1900929).
| Release channel | Version added | Enabled by default? |
|---|---|---|
| Nightly | 128 | No |
| Developer Edition | 128 | No |
| Beta | 128 | No |
| Release | 128 | No |
dom.origin-trials.private-attribution.state-
Set to
trueto enable.
HTTP
Integrity policy for stylesheet resources
The Integrity-Policy and Integrity-Policy-Report-Only HTTP headers are now supported for style resources. These allow websites to either enforce subresource integrity guarantees for styles or only report violations of the policy, respectively.
Note that Firefox ignores reporting endpoints, and logs violations to the developer console.
When Integrity-Policy is used, the browser blocks the loading of styles referenced in a <link> element with rel="stylesheet" that either lack the integrity attribute or have an integrity hash that doesn't match the resource on the server.
(Firefox bug 1976656).
| Release channel | Version added | Enabled by default? |
|---|---|---|
| Nightly | 142 | No |
| Developer Edition | 142 | No |
| Beta | 142 | No |
| Release | 142 | No |
security.integrity_policy.stylesheet.enabled-
Set to
trueto enable.
Accept header with MIME type image/jxl
The HTTP Accept header in default requests and image requests can be configured via a preference to indicate support for the image/jxl MIME type.
| Release channel | Version added | Enabled by default? |
|---|---|---|
| Nightly | 128 | No |
| Developer Edition | 128 | No |
| Beta | 128 | No |
| Release | 128 | No |
image.jxl.enabled-
Set to
trueto enable.
SameSite=Lax by default
SameSite cookies have a default value of Lax.
With this setting, cookies are only sent when a user is navigating to the origin site, not for cross-site subrequests to load images or frames into a third party site and so on.
For more details see Firefox bug 1617609.
| Release channel | Version added | Enabled by default? |
|---|---|---|
| Nightly | 69 | No |
| Developer Edition | 69 | No |
| Beta | 69 | No |
| Release | 69 | No |
-
Set to
trueto enable.
Access-Control-Allow-Headers wildcard does not cover Authorization
The Access-Control-Allow-Headers is a response header to a CORS preflight request, that indicates which request headers may be included in the final request.
The response directive can contain a wildcard (*), which indicates that the final request may include all headers except the Authorization header.
By default, Firefox includes the Authorization header in the final request after receiving a response with Access-Control-Allow-Headers: *.
Set the preference to false to ensure Firefox does not include the Authorization header.
For more details see Firefox bug 1687364.
| Release channel | Version added | Enabled by default? |
|---|---|---|
| Nightly | 115 | Yes |
| Developer Edition | 115 | Yes |
| Beta | 115 | Yes |
| Release | 115 | Yes |
-
Set to
trueto enable.
Developer tools
Mozilla's developer tools are constantly evolving. We experiment with new ideas, add new features, and test them on the Nightly and Developer Edition channels before letting them go through to beta and release. The features below are the current crop of experimental developer tool features.
No experimental features in this release cycle.