Update 'user.js'

user.js

@@ -560,6 +560,7 @@ user_pref("security.remote_settings.crlite_filters.enabled", false);
 user_pref("security.remote_settings.crlite_filters.bucket", "");
 user_pref("security.remote_settings.crlite_filters.collection", "");
 user_pref("security.remote_settings.crlite_filters.signer", "");
+user_pref("security.pki.crlite_mode", 2);
 // -------------------------------------
 // Pref : Disable Default Browser Agent
 // https://firefox-source-docs.mozilla.org/main/latest/toolkit/mozapps/defaultagent/default-browser-agent/index.html
@@ -1458,15 +1459,26 @@ user_pref("network.negotiate-auth.allow-insecure-ntlm-v1", false); // [DESKTOP]
 // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
 // Section : HTTPS (SSL/TLS / OCSP / Certs / HPKP / Ciphers)
 // >>>>>>>>>>>>>>>>>>>>
-// Pref : Enable HTTPS-only-mode
-// * [WARNING] This is experimental, see [1] and you can't set exceptions if FPI is enabled, see [2]
-// https://www.ghacks.net/2020/03/24/firefox-76-gets-optional-https-only-mode/
-// * [1] https://bugzilla.mozilla.org/1613063 [META]
-// * [2] https://bugzilla.mozilla.org/1647829 ***/
-// user_pref("dom.security.https_only_mode", true);
+// Pref : Enable HTTPS-only-mode [FF76+]
+// [SETTING] to add site exceptions: Page Info>HTTPS-Only mode>On/Off/Off temporarily
+// [SETTING] Privacy & Security>HTTPS-Only Mode
+// [TEST] http://example.com [upgrade]
+// [TEST] http://neverssl.org/ [no upgrade]
+// https://bugzilla.mozilla.org/1613063 [META]
+// https://bugzilla.mozilla.org/1647829 ***/
+user_pref("dom.security.https_only_mode", true); [FF76+]
 // user_pref("dom.security.https_only_mode_pbm", true); // [FF80+]
+// -------------------------------------
+// Pref: Enable HTTPS-Only mode for local resources [FF77+] ***/
 // user_pref("dom.security.https_only_mode.upgrade_local", true);
 // -------------------------------------
+// Pref: Disable HTTP background requests [FF82+]
+// When attempting to upgrade, if the server doesn't respond within 3 seconds, firefox
+// sends HTTP requests in order to check if the server supports HTTPS or not.
+// This is done to avoid waiting for a timeout which takes 90 seconds
+// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1642387,1660945 ***/
+user_pref("dom.security.https_only_mode_send_http_background_request", false);
+// -------------------------------------
 // Pref : Require safe negotiation
 // Blocks connections to servers that don't support RFC 5746 as they're potentially vulnerable to a MiTM attack. A server *without* RFC 5746 can be safe from the attack if it disables renegotiations but the problem is that the browser can't know that.
 // Setting this pref to true is the only way for the browser to ensure there will be no unsafe renegotiations on the channel between the browser and the server.
@@ -2379,7 +2391,11 @@ user_pref("privacy.firstparty.isolate", true);
 // https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage
 user_pref("privacy.firstparty.isolate.restrict_opener_access", true);
 user_pref("privacy.firstparty.isolate.block_post_message", true);
-//
+// -------------------------------------
+// Pref: Enable scheme with FPI [FF78+]
+// [NOTE] Experimental: existing data and site permissions are incompatible
+// and some site exceptions may not work e.g. HTTPS-only mode ***/
+// user_pref("privacy.firstparty.isolate.use_site", true);
 // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
 // Section : RFP (Resist Fingerprinting) / RFP Alternatives (USER AGENT SPOOFING)
 // >>>>>>>>>>>>>>>>>>>>