Firefox Enhanced Tracking Protection: How Mozilla Made Anti-Tracking the Default

Firefox 69, released in early September 2019, shipped with a change Mozilla had been building toward for two years: Enhanced Tracking Protection turned on for every new Firefox installation, by default, with no setup required. Existing users were migrated to the new default over subsequent releases. It was the most consequential privacy change any mainstream browser vendor had made up to that point, precisely because it didn’t ask anyone to opt in.

That distinction matters more than it might seem. As covered in our look at why the Do Not Track header failed, a privacy mechanism that depends on users finding a settings toggle and understanding what it does reaches a small fraction of the people it’s meant to protect. Mozilla’s bet with Enhanced Tracking Protection was the opposite: make the protection automatic, and only let sophisticated users turn it off or tune it, rather than requiring sophisticated users to turn it on.

What Enhanced Tracking Protection Actually Blocks

ETP is not a single mechanism. It’s a bundle of blocking behaviors layered on top of a curated list, and understanding what each layer does is the difference between using the feature effectively and assuming it does more than it does.

The foundation is the Disconnect tracking protection list, a maintained, categorized list of known tracking domains that Mozilla licenses and Firefox ships with. The list categorizes trackers by type — advertising, analytics, social, and more — and Firefox’s Standard mode blocks known trackers in the categories most associated with cross-site tracking, while allowing others through to avoid breaking site functionality.

Standard mode, the new 2019 default, blocks third-party tracking cookies from known trackers and cryptomining scripts, without blocking first-party cookies or breaking most site logins. This is the mode aimed at “works for everyone, protects most people.”

Strict mode extends this further: it blocks a broader set of tracking cookies, fingerprinting scripts, and social media trackers, at the cost of more frequent site breakage — some embedded widgets, single-sign-on flows, and comment systems rely on the exact cross-site cookie behavior Strict mode interferes with.

Custom mode exposes granular toggles for each category, useful for users who understand the tradeoffs and want to hand-tune the balance, but not something Mozilla expected — or wanted — most users to touch.

The design intent is explicit in Mozilla’s own engineering communications about the release: Standard mode was calibrated specifically to be safe as an automatic default, meaning the tracking categories it blocks were chosen because blocking them was judged very unlikely to break ordinary browsing, while the categories left unblocked in Standard mode were left there because blocking them broke a meaningful number of sites during testing.

The Feature ETP Actually Grew Out Of

Enhanced Tracking Protection wasn’t Firefox’s first attempt at this problem — it was the default-on evolution of a feature called Tracking Protection that Mozilla had already shipped, opt-in, in Private Browsing windows starting back in 2015. That earlier feature used the same Disconnect list and the same blocking mechanism, but it only applied automatically to private windows, on the theory that users deliberately choosing a private session were signaling heightened privacy expectations, while normal browsing sessions should remain unaffected until Mozilla was confident the feature was safe as a universal default.

The two years between that private-window rollout and the 2019 general default gave Mozilla’s engineering team a genuine testbed: usage data from the opt-in and private-window deployments fed directly into the tuning decisions that shaped what eventually became Standard mode. Categories of trackers that produced excessive breakage in the smaller-scale rollouts were held back from Standard mode’s default blocking list even after the 2019 change, while categories that tested cleanly were promoted. This incremental, data-driven path is part of why Firefox’s rollout is worth distinguishing from a vendor simply flipping a switch — the switch only got flipped once several years of real usage data supported doing so safely.

Why 2019, Specifically

The timing wasn’t arbitrary. Mozilla had spent the prior two years running Enhanced Tracking Protection as an opt-in feature and, later, as an experiment enrolled through Firefox’s Shield studies program, gathering real-world breakage data before flipping the default. That data mattered: shipping a default-on blocking feature to hundreds of millions of users without knowing how often it broke real sites would have been a serious risk to Firefox’s usability reputation.

There was also a competitive and narrative dimension. By mid-2019, the Cambridge Analytica fallout and a steady stream of tracking and data-broker reporting had shifted public sentiment meaningfully. Mozilla’s own public messaging around the Firefox 69 release leaned into “privacy by default” as a positioning statement distinct from Chrome, which at the time offered users manual controls but no automatic blocking of third-party trackers. Whatever the mix of principle and positioning behind the decision, the practical effect was that Firefox users’ default privacy posture changed meaningfully overnight, without any action required on their part — a sharp contrast with the DNT-era model of shipping a setting and hoping people both find it and that the other side respects it.

What ETP Does Not Do

The honest limits matter as much as the feature. Enhanced Tracking Protection is a cross-site cookie and script blocking system aimed at known tracking domains. It has real gaps:

It does not defend against browser fingerprinting by default in Standard mode. Fingerprinting resistance is a separate, much more invasive set of countermeasures that Firefox offers only through the privacy.resistFingerprinting preference, which is disabled by default because it breaks more sites than ETP does.

It does not protect against first-party tracking. A site you visit directly can still track you across your own visits to that site using its own first-party cookies and storage — ETP’s target is cross-site tracking infrastructure, not a site’s own analytics on itself.

It relies on a curated list, which means new or unlisted trackers slip through until the Disconnect list is updated to include them. This is a cat-and-mouse dynamic inherent to blocklist-based protection, distinct in approach from container-based site isolation, which sandboxes cookies and storage per-container rather than trying to identify tracking domains at all.

It does not anonymize network-layer signals. Your IP address, TLS handshake characteristics, and other network-level identifiers are unaffected by ETP — that’s a separate problem space addressed by VPNs, Tor, and similar tools, not by cookie and script blocking.

How This Compared to What Other Browsers Offered at the Time

It’s worth being precise about the competitive landscape in 2019, since “Firefox was first” claims in privacy marketing sometimes overstate how unique the move actually was. Apple’s Safari had already shipped Intelligent Tracking Prevention, its own cross-site tracking mitigation, starting in 2017, using a different mechanism based on on-device machine learning classification of tracking domains rather than a static curated list. Safari’s approach and Firefox’s ETP rollout arrived at broadly similar outcomes — default, automatic reduction of cross-site tracking — through genuinely different technical means, and both predated any equivalent default protection in Chrome by a meaningful margin.

What made Firefox’s move distinct wasn’t being first to block trackers by default in the abstract, but being the first browser to do so while explicitly building and publishing the underlying blocklist mechanism as an open, auditable system — the Disconnect list’s categorization criteria and update process were publicly documented, in contrast to Safari’s more opaque, proprietary classification approach. For a site operator trying to understand why their tracking script got blocked, or a researcher trying to audit false positives and false negatives in the blocking decision, that transparency difference was practically significant even when the end-user privacy outcome looked similar on paper.

The Practical Upshot for Firefox Users

If you’re running a reasonably current Firefox with default settings, you already have meaningful cross-site tracking protection without having done anything. That’s a genuinely different security posture from browsers that still require users to find and enable equivalent protections manually.

The decision most users actually face is whether Standard mode’s calibrated safety is worth the residual tracking exposure, or whether Strict mode’s stronger blocking is worth the occasional broken site. Neither answer is wrong; it depends on how much friction you’re willing to tolerate and how sensitive your particular threat model is. Sites that break under Strict mode are usually diagnosable — a shield icon in the address bar shows exactly what was blocked on the current page, and toggling protection off for that one site is a two-click fix rather than an all-or-nothing decision across your whole browsing session.

FAQ

Do I need to do anything to get Enhanced Tracking Protection? No. If you’re running Firefox 69 or later with default settings, Standard mode is already active. There’s no setup step, no extension to install, and no account to create.

Does Enhanced Tracking Protection replace the need for a content blocker extension? Not entirely. ETP blocks known cross-site trackers at the browser level, but dedicated content-blocking extensions often maintain more aggressive or more current filter lists and can block additional categories, like intrusive ad formats, that ETP’s tracking-focused lists don’t target.

Why does Standard mode allow some trackers through? Because Mozilla calibrated Standard mode specifically to avoid breaking sites during real-world testing. The tracking categories left unblocked in Standard mode were left there because blocking them caused meaningful breakage; Strict mode blocks more at the cost of more frequent site issues.

Can I tell what ETP blocked on a specific page? Yes. Firefox shows a shield icon in the address bar on pages where tracking protection took action; clicking it lists exactly what was blocked and lets you disable protection for that site specifically if something looks broken.

Is Enhanced Tracking Protection the same as fingerprinting protection? No, and this is a common point of confusion. ETP targets cookie and script-based cross-site tracking. Fingerprinting resistance is a separate, more aggressive mode, controlled by a dedicated preference, that Firefox does not enable by default because of its higher site-breakage rate.