Configure DNS over HTTPS protection levels in Firefox

Note: this article applies to Firefox version 114 and above.

DNS over HTTPS (DoH) is a recommended feature that enhances privacy for everyone. When you type a web address into your address bar, Firefox sends a secure DNS request to look up the IP address for that website over the Internet. DNS over HTTPS protection can be configured in four different ways.

Configure DoH protection settings

Default Protection is automatically enabled in Firefox when DNS-over-HTTPS (DoH) is activated. If you would like to modify the settings or select a different level of protection, please follow these steps:

  1. Click the menu PhotonMenuButton button at the top right of the screen.
  2. Click Settings.
  3. Click Privacy & Security on the left.
  4. Scroll down to the DNS over HTTPS section.


Protection levels explained

Default Protection

The Default Protection automatically enables secure DNS in available regions and falls back to the default resolvers if there are issues. Default protection allows you to use local providers when possible. It disables DoH when VPN, parental control or enterprise policies are active or when a network tells Firefox not to use secure DNS.

Increased Protection

When Increased Protection is on, DoH is constantly active with the provider you select. We will only switch to a backup option if there are any issues with your chosen provider.

Max Protection

Max protection will always use secure DNS and a security warning will show if we can’t connect to the secure DNS resolver, or if the secure DNS resolver indicates there are no addresses for the domain you are trying to access. The warning page will give you an option of adding an exception for that domain if you want to use the system DNS resolver.


When secure DNS is off, you’ll use your default DNS resolver.

Add sites to the Exceptions list

  1. Click the menu PhotonMenuButton button at the top right of the screen.
  2. Click Settings.
  3. Click Privacy & Security on the left.
  4. Scroll down to the DNS over HTTPS section.
  5. Click the Manage Exceptions button.


Frequently asked questions

What is a local provider?

A local provider is a DNS resolver that is hosted within a user's local network or Internet Service Provider (ISP). It allows users to secure their DNS queries and access the internet securely.

Why would a network tell Firefox not to use secure DNS?

Some organizations restrict access to certain websites. If an organization has their own secure DNS, they will ask Firefox not to bypass it.

For additional information on DNS-over-HTTPS, you can refer to some of the commonly asked questions (FAQs).

What does my DoH status mean?

DoH status displays if Firefox is performing secure DNS queries. Based on the protection level you choose, the status indicator will reflect either Active, Not active, or Off. DoH_status

  • Active: When status is active, Firefox is securely sending DNS queries to ensure your online activities are protected.
  • Not active: Firefox detects errors or certain network conditions like VPN, parental controls, enterprise policies that tell Firefox not to use DoH.
  • Off: DoH has been disabled.

Why is the secure DNS status not showing as active?

If you have enabled secure DNS and the status is Not Active, common reasons are as follows:

  1. Firefox wasn't able to connect to the provider.
  2. The website won't load.
  3. The connection to the provider took longer than expected.
  4. You are not connected to the internet.
  5. There was a problem with the provider.
  6. This website doesn't exist.

Was this article helpful?

Please wait...

These fine people helped write this article:

Illustration of hands


Grow and share your expertise with others. Answer questions and improve our knowledge base.

Learn More