_includes/sections/browser-tweaks.html

@@ -118,6 +118,24 @@
   </ul>
   </dd>
 
+  <dt>network.trr.mode = 2</dt>
+  <dd>
+  Use Trusted Recursive Resolver (DNS-over-HTTPS) first and if it fails, use the system resolver <a href="https://wiki.mozilla.org/Trusted_Recursive_Resolver">Source</a>
+  <ul>
+    <li>0 = disabled by default, may change in the future</li>
+    <li>1 = use the faster resolver</li>
+    <li>2 = use DoH first, fallback to system resolver</li>
+    <li>3 = only use DoH. This may require <code>network.trr.bootstrapAddress</code> or using an IP address in <code>network.trr.uri</code>.</li>
+    <li>5 = explicitly disable DoH</li>
+  </ul>
+  </dd>
+
+  <dt>network.trr.uri = CHANGEME</dt>
+  <dd>The address of your DNS-over-HTTPS provider, if you don't have one, <a href="/providers/dns/#icanndns">check our encrypted DNS recommendations</a>. It can also be changed in <em>Settings, Network Settings, Enable DNS over HTTPS, Use Provider, Custom</em>.</dd>
+
+  <dt>network.security.esni.enabled = true</dt>
+  <dd>Hide the address which you are requesting SSL certificate for if the server supports it. This <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1500289">requires DoH/TRR to be enabled</a> even <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1542754">on Android 9+ when Private DNS is enabled</a>.</dd>
+
   <dt>webgl.disabled = true</dt>
   <dd>WebGL is a potential security risk. <a href="https://security.stackexchange.com/questions/13799/is-webgl-a-security-concern">Source</a></dd>