Hi, Following https://support.mozilla.org/en-US/questions/1199797 where I can't reply. The provided solution isn't enough (in my case, the certificate was already there, although there were intermediate certificates without websites allowed - I added that trust, as well as imported more corporate root certificates but I'm not sure any of this was necessary). Anyway, many web pages didn't work, as all http requests beyond the original one were redirected through zscaler proxy 2-factor auth. All js, css, images came back with a 307 and the corporate authentication page, immediately followed by a call to the redirection, coming back as 200 ... but with the same auth page. I saw that the original request (the base html) was always sent with "ssm_au_c" cookie but page resource requests were not. '''I did solve the issue. I had to change the tracking protection options from "Standard" to "Custom" and uncheck "Cookies". Now everything works.''' I don't really need an answer but, as others may have the issue and I can't post in the original thread (which is archived), I figured that I should post it somewhere. However, if there is a way to keep tracking protection in place and only add an exception for ZScaler, that'd be great. Adding "zscalerthree.net" in the exceptions didn't do the trick.