privacy.websites API

Hint

The privacy.websites API is inherited from Firefox, and its primary documentation is maintained by Mozilla at MDN. Thunderbird implements only the subset of functions, events, and types listed here. The MDN pages may provide further details and examples, but they may also reference features that are not supported in Thunderbird.

Use the browser.privacy API to control usage of the features in the browser that can affect a user’s privacy.

Permissions

The following permissions influence the behavior of the API. Depending on which permissions are requested, additional methods might be available, or certain data may be included in responses.

Hint

Request permissions only when needed. Unnecessary requests may result in rejection during ATN review.

privacy

privacy

Read and modify privacy settings.

Note

The permission privacy is required to use messenger.privacy.websites.*.

Types

CookieConfig

The settings for cookies.

object

behavior

[behavior]

(string, optional)

The type of cookies to allow.

Supported values:

allow_all

allow_all

allow_visited

allow_visited

reject_all

reject_all

reject_third_party

reject_third_party

reject_trackers

reject_trackers

reject_trackers_and_partition_foreign

reject_trackers_and_partition_foreign

nonPersistentCookies

[nonPersistentCookies]

(boolean, optional) Deprecated.

Whether to create all cookies as nonPersistent (i.e., session) cookies.

TrackingProtectionModeOption

The mode for tracking protection.

string

Supported values:

always

always

never

never

private_browsing

private_browsing

Properties

cookieConfig

Allow users to specify the default settings for allowing cookies, as well as whether all cookies should be created as non-persistent cookies. This setting’s value is of type CookieConfig.

Note

The behavior property value “reject_trackers_and_partition_foreign” was introduced in version 78.

Note

The behavior property value “reject_trackers” was introduced in version 64.

firstPartyIsolate

If enabled, the browser will associate all data (including cookies, HSTS data, cached images, and more) for any third party domains with the domain in the address bar. This prevents third party trackers from using directly stored information to identify you across different websites, but may break websites where you login with a third party account (such as a Facebook or Google login.) The value of this preference is of type boolean, and the default value is false.

hyperlinkAuditingEnabled

If enabled, the browser sends auditing pings when requested by a website (<a ping>). The value of this preference is of type boolean, and the default value is true.

referrersEnabled

If enabled, the browser sends referer headers with your requests. Yes, the name of this preference doesn’t match the misspelled header. No, we’re not going to change it. The value of this preference is of type boolean, and the default value is true.

resistFingerprinting

If enabled, the browser attempts to appear similar to other users by reporting generic information to websites. This can prevent websites from uniquely identifying users. Examples of data that is spoofed include number of CPU cores, precision of JavaScript timers, the local timezone, and disabling features such as GamePad support, and the WebSpeech and Navigator APIs. The value of this preference is of type boolean, and the default value is false.

trackingProtectionMode

Allow users to specify the mode for tracking protection. This setting’s value is of type TrackingProtectionModeOption, defaulting to private_browsing_only.