addthis-angular.js |
Bug 1713694 - Shim AddThis Angular module
Sites using Angular with AddThis can break entirely if the module is
blocked. This shim mitigates that breakage by loading an empty module.
|
524 |
adform.js |
Bug 1713695 - Shim Adform tracking
Sites such as m.tim.it may gate content behind AdForm's trackpoint,
breaking download links and such if blocked. This shim stubs out the
script and its related tracking pixel, so the content still works.
|
787 |
adnexus-ast.js |
Bug 1734130 - Shim AdNexus AST
Some sites expect AST to successfully load, or they break.
This shim mitigates that breakage.
|
4636 |
adnexus-prebid.js |
Bug 1694401 - Shim Prebid.js
Some sites rely on prebid.js to place content, perhaps in conjunction with
other services like Google Publisher Tags and Amazon TAM. This shim prevents
site breakage like image galleries breaking as the user browsers them, by
allowing the content placement to succeed.
|
1593 |
adsafeprotected-ima.js |
Sites relying on Ad Safe Protected's adapter for Google IMA may
have broken videos when the script is blocked. This shim stubs
out the API to help mitigate major breakage.
|
524 |
apstag.js |
Bug 1713698 - Shim Amazon Transparent Ad Marketplace's apstag.js
Some sites such as politico.com rely on Amazon TAM tracker to serve ads,
breaking functionality like galleries if it is blocked. This shim helps
mitigate major breakage in that case.
|
1586 |
blogger.js |
globals exportFunction |
1995 |
bloggerAccount.js |
globals exportFunction |
2189 |
bmauth.js |
|
530 |
branch.js |
Bug 1716220 - Shim Branch Web SDK
Sites such as TataPlay may not load properly if Branch Web SDK is
blocked. This shim stubs out its script so the page still loads.
|
1806 |
chartbeat.js |
Bug 1713699 - Shim ChartBeat tracking
Sites may rely on chartbeat's tracking as they might with Google Analytics,
expecting it to be present for interactive site content to function. This
shim mitigates related breakage.
|
527 |
crave-ca.js |
Bug 1746439 - crave.ca login broken with dFPI enabled
Crave.ca relies upon a login page that is out-of-origin. That login page
sets a cookie for https://www.crave.ca, which is then used as an proof of
authentication on redirect back to the main site. This shim adds a request
for storage access for https://www.crave.ca when the user tries to log in.
|
1612 |
criteo.js |
Bug 1713720 - Shim Criteo
Sites relying on window.Criteo to be loaded can experience
breakage if it is blocked. Stubbing out the API in a shim can
mitigate this breakage.
|
1517 |
cxense.js |
Bug 1713721 - Shim Cxense
Sites relying on window.cX can experience breakage if it is blocked.
Stubbing out the API in a shim can mitigate this breakage. There are
two versions of the API, one including window.cX.CCE, but both appear
to be very similar so we use one shim for both.
|
16721 |
doubleverify.js |
Bug 1771557 - Shim DoubleVerify analytics
Some sites such as Sports Illustrated expect DoubleVerify's
analytics script to load, otherwise odd breakage may occur.
This shim helps mitigate such breakage.
|
809 |
eluminate.js |
Bug 1606448 - Shim CoreMetrics Eluminate analytics
Sites may rely on eluminate.js tracking in ways which cause breakage,
which has been seen on shopping sites such as Vans.com, where the
search filtering UX is broken. This shim mitigates such breakage.
|
2647 |
empty-script.js |
This script is intentionally empty |
247 |
empty-shim.txt |
|
0 |
everest.js |
Bug 1728114 - Shim Adobe EverestJS
Sites assuming EverestJS will load can break if it is blocked.
This shim mitigates that breakage.
|
4524 |
facebook-sdk.js |
Bug 1226498 - Shim Facebook SDK
This shim provides functionality to enable Facebook's authenticator on third
party sites ("continue/log in with Facebook" buttons). This includes rendering
the button as the SDK would, if sites require it. This way, if users wish to
opt into the Facebook login process regardless of the tracking consequences,
they only need to click the button as usual.
In addition, the shim also attempts to provide placeholders for Facebook
videos, which users may click to opt into seeing the video (also despite
the increased tracking risks). This is an experimental feature enabled
that is only currently enabled on nightly builds.
Finally, this shim also stubs out as much of the SDK as possible to prevent
breaking on sites which expect that it will always successfully load.
|
17519 |
facebook.svg |
|
480 |
fastclick.js |
Bug 1738220 - Shim Conversant FastClick
Sites assuming FastClick will load can break if it is blocked.
This shim mitigates that breakage.
|
1772 |
figshare.js |
Bug 1895990 - figshare login broken with dFPI enabled
The websites that use figshare for login require unpartitioned third-party
cookie access for https://figshare.com. The figshare login process sets a
third-party cookie for https://figshare.com, which is used as an proof of
authentication on redirect back to the main site. This shim adds a request
for storage access for https://figshare.com when the user tries to log in.
|
2499 |
firebase.js |
Bug 1767407 - Shim Firebase
Sites relying on firebase-messaging.js will break in Private
browsing mode because it assumes that they require service
workers and indexedDB, when they generally do not.
|
2343 |
google-ads.js |
Bug 1713726 - Shim Ads by Google
Sites relying on window.adsbygoogle may encounter breakage if it is blocked.
This shim provides a stub for that API to mitigate that breakage.
|
1648 |
google-analytics-and-tag-manager.js |
Bug 1713687 - Shim Google Analytics and Tag Manager
Sites often rely on the Google Analytics window object and will
break if it fails to load or is blocked. This shim works around
such breakage.
Sites also often use the Google Optimizer (asynchide) code snippet,
only for it to cause multi-second delays if Google Analytics does
not load. This shim also avoids such delays.
They also rely on Google Tag Manager, which often goes hand-in-
hand with Analytics, but is not always blocked by anti-tracking
lists. Handling both in the same shim handles both cases.
|
4693 |
google-analytics-ecommerce-plugin.js |
|
338 |
google-analytics-legacy.js |
|
3362 |
google-ima.js |
Bug 1713690 - Shim Google Interactive Media Ads ima3.js
Many sites use ima3.js for ad bidding and placement, often in conjunction
with Google Publisher Tags, Prebid.js and/or other scripts. This shim
provides a stubbed-out version of the API which helps work around related
site breakage, such as black bxoes where videos ought to be placed.
|
13793 |
google-page-ad.js |
Bug 1713692 - Shim Google Page Ad conversion tracker
This shim stubs out the simple API for converstion tracking with
Google Page Ad, mitigating major breakage on pages which presume
the API will always successfully load.
|
551 |
google-publisher-tags.js |
Bug 1713685 - Shim Google Publisher Tags
Many sites rely on googletag to place content or drive ad bidding,
and will experience major breakage if it is blocked. This shim provides
enough of the API's frame To mitigate much of that breakage.
|
13108 |
history.js |
Bug 1624853 - Shim Storage Access API on history.com
history.com uses Adobe as a necessary third party to authenticating
with a TV provider. In order to accomodate this, we grant storage access
to the Adobe domain via the Storage Access API when the login or logout
buttons are clicked, then forward the click to continue as normal.
|
1583 |
iam.js |
Bug 1761774 - Shim INFOnline IAM tracker
Sites using IAM can break if it is blocked. This shim mitigates that
breakage by loading a stand-in module.
|
898 |
iaspet.js |
Bug 1713701 - Shim Integral Ad Science iaspet.js
Some sites use iaspet to place content, often together with Google Publisher
Tags. This shim prevents breakage when the script is blocked.
|
962 |
instagram-embed.js |
Colours match light/dark theme from
https://searchfox.org/mozilla-central/source/browser/themes/addons/light/manifest.json
https://searchfox.org/mozilla-central/source/browser/themes/addons/dark/manifest.json |
6605 |
instagram.js |
Bug 1804445 - instagram login broken with dFPI enabled
Instagram login with Facebook account requires Facebook to have the storage
access under Instagram. This shim adds a request for storage access for
Facebook when the user tries to log in with a Facebook account.
|
1541 |
instagram.svg |
|
4418 |
kinja.js |
globals exportFunction |
1740 |
live-test-shim.js |
globals browser |
2244 |
maxmind-geoip.js |
Bug 1754389 - Shim Maxmind GeoIP library
Some sites rely on Maxmind's GeoIP library which gets blocked by ETP's
fingerprinter blocking. With the library window global not being defined
functionality may break or the site does not render at all. This shim
has it return the United States as the location for all users.
|
1574 |
microsoftLogin.js |
|
1075 |
microsoftVirtualAssistant.js |
Bug 1801277 - Shim Microsoft virtual assistant.
The microsoft virtual assistant will break when accessing the indexedDB that
will throw a security error because the virtual assistant is under a
third-party tracking domain 'liveperson.net'. The shim replaces the indexedDB
with a fake interface that won't throw an error.
|
1477 |
moat.js |
Bug 1713704 - Shim Moat ad tracker
Sites such as Forbes may gate content behind Moat ads, resulting in
breakage like black boxes where videos should be placed. This shim
helps mitigate that breakage by allowing the placement to succeed.
|
1351 |
mochitest-shim-1.js |
globals browser |
2488 |
mochitest-shim-2.js |
globals browser |
2384 |
mochitest-shim-3.js |
|
259 |
nielsen.js |
Bug 1760754 - Shim Nielsen tracker
Sites expecting the Nielsen tracker to load properly can break if it
is blocked. This shim mitigates that breakage by loading a stand-in.
|
2327 |
optimizely.js |
Bug 1714431 - Shim Optimizely
This shim stubs out window.optimizely for those sites which
break when it is not successfully loaded.
|
4065 |
play.svg |
|
617 |
rambler-authenticator.js |
|
2991 |
rich-relevance.js |
Bug 1713725 - Shim Rich Relevance personalized shopping
Sites may expect the Rich Relevance personalized shopping API to load,
breaking if it is blocked. This shim attempts to limit breakage on those
site to just the personalized shopping aspects, by stubbing out the APIs.
|
6364 |
salesforce.js |
Bug 1855139 - The pop-up for "Où trouver ma référence ?" option is blank at
garantie30minutes.sncf.com with ETP set to STANDARD
emeraude.my.salesforce.com is marked as a tracker, and it tries to access localstorage, but the
script returned does not handle the error. The shim replaces localstorage with a fake
interface to avoid the error.
|
1514 |
spotify-embed.js |
globals exportFunction |
4269 |
tiktok-embed.js |
Colours match light/dark theme from
https://searchfox.org/mozilla-central/source/browser/themes/addons/light/manifest.json
https://searchfox.org/mozilla-central/source/browser/themes/addons/dark/manifest.json |
6588 |
tiktok.svg |
|
5018 |
tracking-pixel.png |
|
70 |
tsn-ca.js |
Bug 1802340 - tsn.ca login broken with dFPI enabled
tsn.ca relies upon a login page that is out-of-origin. That login page
sets a cookie for https://www.tsn.ca, which is then used as an proof of
authentication on redirect back to the main site. This shim adds a request
for storage access for https://www.tsn.ca when the user tries to log in.
|
1603 |
vast2.xml |
|
476 |
vast3.xml |
|
476 |
vidible.js |
Bug 1713710 - Shim Vidible video player
Sites relying on Vidible's video player may experience broken videos if that
script is blocked. This shim allows users to opt into viewing those videos
regardless of any tracking consequences, by providing placeholders for each.
|
12587 |
vmad.xml |
|
478 |
webtrends.js |
Bug 1766414 - Shim WebTrends Core Tag and Advanced Link Tracking
Sites using WebTrends Core Tag or Link Tracking can break if they are
are blocked. This shim mitigates that breakage by loading an empty module.
|
992 |