[[Firefox DNS-over-HTTPS|DNS over HTTPS (DoH)]] is a recommended feature that enhances privacy for everyone. When you type a web address into your address bar, Firefox sends a secure DNS request to look up the IP address for that website over the Internet. DNS over HTTPS protection can be configured in four different ways. __TOC__ =Configure DoH protection settings= Default Protection is automatically enabled in Firefox when DNS-over-HTTPS (DoH) is activated. If you would like to modify the settings or select a different level of protection, please follow these steps: #Click the menu [[Image:PhotonMenuButton]] button at the top right of the screen. #Click {menu Settings}. #Click {menu Privacy & Security} on the left. #Scroll down to the '''DNS ove HTTPS''' section. In this section, you can enable the following preferences for DNS-over-HTTPS: [[Image:DoH_protection_levels]] =Protection levels explained= ==Default Protection:== The Default Protection automatically enables secure DNS in available regions and falls back to the default resolvers if there are issues. Default protection allows you to use local providers when possible. It disables DoH when VPN, parental control or enterprise policies are active or when a network tells Firefox not to use secure DNS. ==Increased protection== When Increased Protection is on, you can select a provider and choose to only fallback to your default DNS resolver. ==Max Protection== Max protection will always use secure DNS and a security warning will show before falling back to your system DNS. ==Off== When secure DNS is off, you’ll use your default DNS resolver. Choose the desired level of protection you want to use. Once you select a protection level other than Default Protection, the status indicator will change to active, and you will see the corresponding provider for your selection. [[Image:DoH_status]] =Add sites to the Exceptions list= #Click the menu [[Image:PhotonMenuButton]] button at the top right of the screen. #Click {menu Settings}. #Click {menu Privacy & Security} on the left. #Scroll down to '''DNS over HTTPS'''. #Click the {menu Manage Exceptions} button. [[Image:doh_manage_exceptions]] =Frequently asked questions= ===What is a local provider?=== A local provider is a DNS resolver that is hosted within a user's local network or Internet Service Provider (ISP). It allows users to secure their DNS queries and access the internet securely. ===Why would a network tell Firefox not to use secure DNS?=== Some organizations restrict access to certain websites. If an organization has their own secure DNS, they will ask Firefox not to bypass it. For additional information on DNS-over-HTTPS, you can refer to some of the [[DNS-over-HTTPS (DoH) FAQs|commonly asked questions (FAQs)]].

DNS over HTTPS (DoH) is a recommended feature that enhances privacy for everyone. When you type a web address into your address bar, Firefox sends a secure DNS request to look up the IP address for that website over the Internet. DNS over HTTPS protection can be configured in four different ways.

Configure DoH protection settings

Default Protection is automatically enabled in Firefox when DNS-over-HTTPS (DoH) is activated. If you would like to modify the settings or select a different level of protection, please follow these steps:

1. Click the menu button at the top right of the screen.
2. Click Settings.
3. Click Privacy & Security on the left.
4. Scroll down to the DNS ove HTTPS section.

In this section, you can enable the following preferences for DNS-over-HTTPS:

Protection levels explained

Default Protection:

The Default Protection automatically enables secure DNS in available regions and falls back to the default resolvers if there are issues. Default protection allows you to use local providers when possible. It disables DoH when VPN, parental control or enterprise policies are active or when a network tells Firefox not to use secure DNS.

Increased protection

When Increased Protection is on, you can select a provider and choose to only fallback to your default DNS resolver.

Max Protection

Max protection will always use secure DNS and a security warning will show before falling back to your system DNS.

Off

When secure DNS is off, you’ll use your default DNS resolver.

Choose the desired level of protection you want to use. Once you select a protection level other than Default Protection, the status indicator will change to active, and you will see the corresponding provider for your selection.

Add sites to the Exceptions list

1. Click the menu button at the top right of the screen.
2. Click Settings.
3. Click Privacy & Security on the left.
4. Scroll down to DNS over HTTPS.
5. Click the Manage Exceptions button.

Frequently asked questions

What is a local provider?

A local provider is a DNS resolver that is hosted within a user's local network or Internet Service Provider (ISP). It allows users to secure their DNS queries and access the internet securely.

Why would a network tell Firefox not to use secure DNS?

Some organizations restrict access to certain websites. If an organization has their own secure DNS, they will ask Firefox not to bypass it.

For additional information on DNS-over-HTTPS, you can refer to some of the commonly asked questions (FAQs).