The privacy.websites property contains privacy-related settings controlling the way to browser interacts with websites. Each property is a types.BrowserSetting object.

Default values for these properties tend to vary across browsers.



A types.BrowserSetting object whose underlying value is an object.

The object has two properties:

  • behavior: a string which may take any of the following values:
    • "allow_all": accept all cookies
    • "reject_all": reject all cookies
    • "reject_third_party": reject all third-party cookies
    • "allow_visited": accept a third-party cookie only if the cookie's top-level domain already has at least one cookie.
    • "reject_trackers": reject tracking cookies
    • "reject_trackers_and_partition_foreign": reject trackers and partition third-party cookies.
  • nonPersistentCookies Deprecated : a boolean. If true, all cookies will be treated as session cookies.

A types.BrowserSetting object whose underlying value is a boolean.

If true, the firstPartyIsolate preference makes the browser associate all data (including cookies, HSTS data, cached images, and more) for any third party domains with the domain in the address bar. This prevents third party trackers from using directly stored information to identify the user across different websites, but may break websites where the user logs in with a third party account (such as a Facebook or Google account).

Defaults to false.


A types.BrowserSetting object whose underlying value is a boolean. If true, the browser sends auditing pings when a website uses the ping attribute to request them.


A types.BrowserSetting object whose underlying value is a boolean. Available on Windows only. If true, the browser provides a unique ID to plugins in order to run protected content.


A types.BrowserSetting object whose underlying value is a boolean. If enabled, the browser sends referer headers with your requests.


A types.BrowserSetting object whose underlying value is a boolean.

Browser fingerprinting is the practice by which websites use Web APIs to collect status or configuration data associated with the browser or the device it's running on. By doing this, they can build up a digital fingerprint that they can use to identify and track a particular user.

If true, the resistFingerprinting preference makes the browser report generic spoofed information for data that's commonly used for fingerprinting. Such data includes the number of CPU cores, precision of JavaScript timers, and the local timezone. It will also disable features that are used in fingerprinting, such as GamePad support, and the WebSpeech and Navigator APIs.

Defaults to false.


A types.BrowserSetting object whose underlying value is a boolean. If false, the browser blocks third-party cookies.


"Tracking protection" is a browser feature that blocks requests made to domains that are known to engage in cross-site tracking of users. Sites that track users are most commonly third-party advertising and analytics sites. This setting is a types.BrowserSetting object that determines whether the browser should enable tracking protection. Its underlying value is a string that may take one of three values:

  • "always": tracking protection is on.
  • "never": tracking protection is off.
  • "private_browsing": tracking protection is on in private browsing windows only.

Browser compatibility

BCD tables only load in the browser


Set the hyperlinkAuditingEnabled property.

function onSet(result) {
  if (result) {
  } else {

browser.browserAction.onClicked.addListener(() => {
  let getting = browser.privacy.websites.hyperlinkAuditingEnabled.get({});
  getting.then((got) => {
    if (
      got.levelOfControl === "controlled_by_this_extension" ||
      got.levelOfControl === "controllable_by_this_extension"
    ) {
      let setting = browser.privacy.websites.hyperlinkAuditingEnabled.set({
        value: true,
    } else {
      console.log("Not able to set hyperlinkAuditingEnabled");

Note: This API is based on Chromium's chrome.privacy API. This documentation is derived from privacy.json in the Chromium code.