diff --git a/user.js b/user.js
index 54742f7..bf50c91 100644
--- a/user.js
+++ b/user.js
@@ -421,7 +421,7 @@ user_pref("extensions.systemAddon.update.enabled", false); // [FF62+]
 user_pref("extensions.systemAddon.update.url", ""); // [FF44+]
 // -------------------------------------
 // Disable PingCentre telemetry (used in several System Add-ons) [FF57+]
-// Currently blocked by ''datareporting.healthreport.uploadEnabled''
+// Defense-in-depth
 user_pref("browser.ping-centre.telemetry", false);
 // -------------------------------------
 // Disable Screenshots
@@ -1039,30 +1039,7 @@ user_pref("privacy.userContext.enabled", true);
 // user_pref("privacy.userContext.newTabContainerOnLeftClick.enabled", true);
 //
 // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
-// PLUGINS ***/
-// >>>>>>>>>>>>>>>>>>>>>
-// Disable GMP (Gecko Media Plugins)
-// https://wiki.mozilla.org/GeckoMediaPlugins ***/
-user_pref("media.gmp-provider.enabled", false);
-// -------------------------------------
-// Disable downloading OpenH264 codec at the first start of Firefox
-user_pref("media.gmp-gmpopenh264.enabled", false);
-// -------------------------------------
-// Disable widevine CDM (Content Decryption Module)
-// [SETUP-WEB] e.g. Netflix, Amazon Prime, Hulu, HBO, Disney+, Showtime, Starz, DirectTV
-user_pref("media.gmp-widevinecdm.enabled", false);
-user_pref("media.gmp-manager.url", "");
-user_pref("media.gmp-manager.url.override", "");
-// -------------------------------------
-// Disable all DRM content (EME: Encryption Media Extension)
-// [SETUP-WEB] e.g. Netflix, Amazon Prime, Hulu, HBO, Disney+, Showtime, Starz, DirectTV
-// [SETTING] General>DRM Content>Play DRM-controlled content
-// [TEST] https://bitmovin.com/demos/drm
-// https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next ***/
-user_pref("media.eme.enabled", false);
-//
-// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
-// MEDIA / CAMERA / MIC ***/
+// PLUGINS / MEDIA / WEBRTC
 // >>>>>>>>>>>>>>>>>>>>>
 // Disable WebRTC (Web Real-Time Communication)
 // [SETUP-WEB] WebRTC can leak your IP address from behind your VPN, but if this is not
@@ -1092,8 +1069,21 @@ user_pref("media.getusermedia.audiocapture.enabled", false);
 user_pref("permissions.default.camera", 2);
 user_pref("permissions.default.microphone", 2);
 // -------------------------------------
+// Disable GMP (Gecko Media Plugins)
+// https://wiki.mozilla.org/GeckoMediaPlugins
+// user_pref("media.gmp-provider.enabled", false);
+// Disable widevine CDM (Content Decryption Module)
+// [NOTE] This is covered by the EME master switch
+// user_pref("media.gmp-widevinecdm.enabled", false);
+// Disable all DRM content (EME: Encryption Media Extension)
+// [SETUP-WEB] e.g. Netflix, Amazon Prime, Hulu, HBO, Disney+, Showtime, Starz, DirectTV
+// [SETTING] General>DRM Content>Play DRM-controlled content
+// [TEST] https://bitmovin.com/demos/drm
+// https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next
+user_pref("media.eme.enabled", false);
+// -------------------------------------   
 // Disable autoplay of HTML5 media [FF63+]
-// 0=Allow all, 1=Block non-muted media (default in FF67+), 2=Prompt (removed in FF66), 5=Block all (FF69+)
+// 0=Allow all, 1=Block non-muted media (default), 5=Block all
 // [NOTE] You can set exceptions under site permissions
 // [SETTING] Privacy & Security>Permissions>Autoplay>Settings>Default for all websites ***/
 // user_pref("media.autoplay.default", 5);
@@ -1108,33 +1098,6 @@ user_pref("media.autoplay.blocking_policy", 2);
 // user_pref("image.avif.enabled", false);
 //
 // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
-// WINDOW MEDDLING & LEAKS / POPUPS ***/
-// >>>>>>>>>>>>>>>>>>>>>
-// Prevent scripts from moving and resizing open windows ***/
-user_pref("dom.disable_window_move_resize", true);
-// -------------------------------------
-// Open links targeting new windows in a new tab instead
-// This stops malicious window sizes and some screen resolution leaks
-// You can still right-click a link and open in a new window
-// [TEST] https://arkenfox.github.io/TZP/tzp.html#screen
-// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/9881 ***/
-user_pref("browser.link.open_newwindow", 3); // 1=most recent window or tab 2=new window, 3=new tab
-user_pref("browser.link.open_newwindow.restriction", 0);
-// -------------------------------------
-// Disable Fullscreen API (requires user interaction) to prevent screen-resolution leaks
-// [NOTE] You can still manually toggle the browser's fullscreen state (F11),
-// but this pref will disable embedded video/game fullscreen controls, e.g. youtube
-// [TEST] https://arkenfox.github.io/TZP/tzp.html#screen ***/
-// user_pref("full-screen-api.enabled", false);
-// -------------------------------------
-// Block popup windows
-// [SETTING] Privacy & Security>Permissions>Block pop-up windows ***/
-user_pref("dom.disable_open_during_load", true);
-// -------------------------------------
-// Limit events that can cause a popup [SETUP-WEB]
-user_pref("dom.popup_allowed_events", "click dblclick mousedown pointerdown");
-//
-// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
 // WEB WORKERS
 // >>>>>>>>>>>>>>>>>>>>>
 // Disable service workers [FF32, FF44-compat]
@@ -1199,6 +1162,17 @@ user_pref("dom.allow_cut_copy", false);
 // https://developer.mozilla.org/docs/Web/Events/beforeunload
 user_pref("dom.disable_beforeunload", true);
 // -------------------------------------
+// Prevent scripts from moving and resizing open windows
+user_pref("dom.disable_window_move_resize", true);
+// Block popup windows
+// [SETTING] Privacy & Security>Permissions>Block pop-up windows
+user_pref("dom.disable_open_during_load", true);
+// Limit events that can cause a popup [SETUP-WEB]
+user_pref("dom.popup_allowed_events", "click dblclick mousedown pointerdown");
+// Enable (limited but sufficient) window.opener protection [FF65+]
+// Makes rel=noopener implicit for target=_blank in anchor and area elements when no rel attribute is set
+user_pref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: true FF79+]
+// -------------------------------------
 // Disable shaking the screen ***/
 user_pref("dom.vibrator.enabled", false);
 // -------------------------------------
@@ -1230,10 +1204,6 @@ user_pref("javascript.options.jit_trustedprincipals", true); // [FF75+] [HIDDEN
 // https://spectrum.ieee.org/tech-talk/telecom/security/more-worries-over-the-security-of-web-assembly
 // https://www.zdnet.com/article/half-of-the-websites-using-webassembly-use-it-for-malicious-purposes ***/
 user_pref("javascript.options.wasm", false);
-// -------------------------------------
-// Enable (limited but sufficient) window.opener protection [FF65+]
-// Makes rel=noopener implicit for target=_blank in anchor and area elements when no rel attribute is set ***/
-user_pref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: true FF79+]
 //
 // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
 // HARDWARE FINGERPRINTING ***/
@@ -1242,7 +1212,7 @@ user_pref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: true FF79+]
 // Initially a Linux issue (high precision readout) that was fixed.
 // However, it is still another metric for fingerprinting, used to raise entropy.
 // e.g. do you have a battery or not, current charging status, charge level, times remaining etc
-// [NOTE] From FF52+ Battery Status API is only available in chrome/privileged code
+// FF52+ Battery Status API is only available in chrome/privileged code
 // https://bugzilla.mozilla.org/1313580 ***/
 user_pref("dom.battery.enabled", false);
 // -------------------------------------
@@ -1281,6 +1251,23 @@ user_pref("webgl.enable-webgl2", false);
 // -------------------------------------
 // Limit WebGL ***/
 user_pref("webgl.disable-fail-if-major-performance-caveat", true); // [DEFAULT: true FF86+]
+// -------------------------------------
+// Enforce no system colors
+// [SETTING] General>Language and Appearance>Fonts and Colors>Colors>Use system colors
+user_pref("browser.display.use_system_colors", false); // [DEFAULT: false]
+// Open links targeting new windows in a new tab instead
+// Stops malicious window sizes and some screen resolution leaks.
+// You can still right-click a link and open in a new window
+// [TEST] https://arkenfox.github.io/TZP/tzp.html#screen
+// https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/9881
+user_pref("browser.link.open_newwindow", 3); // 1=most recent window or tab 2=new window, 3=new tab
+user_pref("browser.link.open_newwindow.restriction", 0);
+// Enforce non-native widget theme
+// Security: removes/reduces system API calls, e.g. win32k API
+// Fingerprinting: provides a uniform look and feel across platforms
+// https://bugzilla.mozilla.org/1381938
+// https://bugzilla.mozilla.org/1411425
+user_pref("widget.non-native-theme.enabled", true); // [DEFAULT: true FF89+]
 //
 // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
 // MISCELLANEOUS ***/
@@ -1372,10 +1359,6 @@ user_pref("pdfjs.enableScripting", false); // [FF86+]
 // Disable links launching Windows Store on Windows 8/8.1/10 [WINDOWS] ***/
 user_pref("network.protocol-handler.external.ms-windows-store", false);
 // -------------------------------------
-// Enforce no system colors; they can be fingerprinted
-// [SETTING] General>Language and Appearance>Fonts and Colors>Colors>Use system colors ***/
-user_pref("browser.display.use_system_colors", false); // [DEFAULT: false]
-// -------------------------------------
 // Disable permissions delegation [FF73+]
 // Currently applies to cross-origin geolocation, camera, mic and screen-sharing
 // permissions, and fullscreen requests. Disabling delegation means any prompts
@@ -1393,12 +1376,11 @@ user_pref("privacy.window.name.update.enabled", true);
 // https://bugzilla.mozilla.org/buglist.cgi?bug_id=1659530,1681331 ***/
 user_pref("extensions.postDownloadThirdPartyPrompt", false);
 // -------------------------------------
-// Enforce non-native widget theme
-// * Security: removes/reduces system API calls, e.g. win32k API
-// * Fingerprinting: provides a uniform look and feel across platforms
-// * https://bugzilla.mozilla.org/1381938
-// * https://bugzilla.mozilla.org/1411425 ***/
-user_pref("widget.non-native-theme.enabled", true); // [DEFAULT: true FF89+]
+// Disable Fullscreen API (requires user interaction)
+// [NOTE] You can still toggle fullscreen with F11
+// [WARNING] This is fingerprintable and will break embedded video/game FS controls, e.g. youtube
+// [TEST] https://arkenfox.github.io/TZP/tzp.html#screen
+// user_pref("full-screen-api.enabled", false);
 // 
 // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
 // DOWNLOADS ***/
@@ -1484,10 +1466,6 @@ user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true); // [FF58+]
 // [SETTING] Privacy & Security>Cookies and Site Data>Delete cookies and site data when Firefox is closed ***/
 user_pref("network.cookie.lifetimePolicy", 2);
 // -------------------------------------
-// Disable DOM (Document Object Model) Storage
-// [WARNING] This will break a LOT of sites and extensions!
-// user_pref("dom.storage.enabled", false);
-// -------------------------------------
 // Disable offline cache (appCache)
 // [NOTE] In FF90+ the storage capability has been removed.
 // [WARNING] The API is easily fingerprinted, do not disable ***/
@@ -1512,7 +1490,7 @@ user_pref("network.cookie.lifetimePolicy", 2);
 // user_pref("dom.storage_access.enabled", false);
 // -------------------------------------
 // Enable Local Storage Next Generation (LSNG) [FF65+] ***/
-user_pref("dom.storage.next_gen", true);
+user_pref("dom.storage.next_gen", true); // [DEFAULT: true FF92+]
 //
 // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
 // SHUTDOWN
@@ -1523,7 +1501,8 @@ user_pref("privacy.sanitize.sanitizeOnShutdown", true);
 // -------------------------------------
 // Set what items to clear on shutdown [SETUP-CHROME]
 // [NOTE] If "history" is true, downloads will also be cleared
-// [NOTE] Active Logins does not refer to logins via cookies, but rather HTTP Basic Authentication
+// [NOTE] Active Logins: does not refer to logins via cookies, but rather HTTP Basic Authentication
+// [NOTE] Offline Website Data: localStorage, service worker cache, QuotaManager (IndexedDB, asm-cache)
 // [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes>Settings ***/
 // https://en.wikipedia.org/wiki/Basic_access_authentication
 user_pref("privacy.clearOnShutdown.cache", true);
@@ -1596,7 +1575,7 @@ user_pref("privacy.partition.network_state", true);
 // RFP (RESIST FINGERPRINTING)
 // >>>>>>>>>>>>>>>>>>>>>
 // Enable privacy.resistFingerprinting [FF41+]
-// [SETUP-WEB] RFP can some cause website breakage: mainly canvas, use a site exception via the urlbar
+// [SETUP-WEB] RFP can cause some website breakage: mainly canvas, use a site exception via the urlbar
 // RFP also has a few side effects: mainly timezone is UTC0, and websites will prefer light theme
 user_pref("privacy.resistFingerprinting", true);
 // -------------------------------------