Name Description Size
addthis-angular.js Bug 1713694 - Shim AddThis Angular module Sites using Angular with AddThis can break entirely if the module is blocked. This shim mitigates that breakage by loading an empty module. 524
adform.js Bug 1713695 - Shim Adform tracking Sites such as m.tim.it may gate content behind AdForm's trackpoint, breaking download links and such if blocked. This shim stubs out the script and its related tracking pixel, so the content still works. 787
adnexus-ast.js Bug 1734130 - Shim AdNexus AST Some sites expect AST to successfully load, or they break. This shim mitigates that breakage. 4636
adnexus-prebid.js Bug 1694401 - Shim Prebid.js Some sites rely on prebid.js to place content, perhaps in conjunction with other services like Google Publisher Tags and Amazon TAM. This shim prevents site breakage like image galleries breaking as the user browsers them, by allowing the content placement to succeed. 1593
adsafeprotected-ima.js Sites relying on Ad Safe Protected's adapter for Google IMA may have broken videos when the script is blocked. This shim stubs out the API to help mitigate major breakage. 524
apstag.js Bug 1713698 - Shim Amazon Transparent Ad Marketplace's apstag.js Some sites such as politico.com rely on Amazon TAM tracker to serve ads, breaking functionality like galleries if it is blocked. This shim helps mitigate major breakage in that case. 1586
blogger.js globals exportFunction 1995
bloggerAccount.js globals exportFunction 2189
bmauth.js 530
branch.js Bug 1716220 - Shim Branch Web SDK Sites such as TataPlay may not load properly if Branch Web SDK is blocked. This shim stubs out its script so the page still loads. 1806
chartbeat.js Bug 1713699 - Shim ChartBeat tracking Sites may rely on chartbeat's tracking as they might with Google Analytics, expecting it to be present for interactive site content to function. This shim mitigates related breakage. 527
crave-ca.js Bug 1746439 - crave.ca login broken with dFPI enabled Crave.ca relies upon a login page that is out-of-origin. That login page sets a cookie for https://www.crave.ca, which is then used as an proof of authentication on redirect back to the main site. This shim adds a request for storage access for https://www.crave.ca when the user tries to log in. 1612
criteo.js Bug 1713720 - Shim Criteo Sites relying on window.Criteo to be loaded can experience breakage if it is blocked. Stubbing out the API in a shim can mitigate this breakage. 1517
cxense.js Bug 1713721 - Shim Cxense Sites relying on window.cX can experience breakage if it is blocked. Stubbing out the API in a shim can mitigate this breakage. There are two versions of the API, one including window.cX.CCE, but both appear to be very similar so we use one shim for both. 16721
doubleverify.js Bug 1771557 - Shim DoubleVerify analytics Some sites such as Sports Illustrated expect DoubleVerify's analytics script to load, otherwise odd breakage may occur. This shim helps mitigate such breakage. 809
eluminate.js Bug 1606448 - Shim CoreMetrics Eluminate analytics Sites may rely on eluminate.js tracking in ways which cause breakage, which has been seen on shopping sites such as Vans.com, where the search filtering UX is broken. This shim mitigates such breakage. 2647
empty-script.js This script is intentionally empty 247
empty-shim.txt 0
everest.js Bug 1728114 - Shim Adobe EverestJS Sites assuming EverestJS will load can break if it is blocked. This shim mitigates that breakage. 4524
facebook-sdk.js Bug 1226498 - Shim Facebook SDK This shim provides functionality to enable Facebook's authenticator on third party sites ("continue/log in with Facebook" buttons). This includes rendering the button as the SDK would, if sites require it. This way, if users wish to opt into the Facebook login process regardless of the tracking consequences, they only need to click the button as usual. In addition, the shim also attempts to provide placeholders for Facebook videos, which users may click to opt into seeing the video (also despite the increased tracking risks). This is an experimental feature enabled that is only currently enabled on nightly builds. Finally, this shim also stubs out as much of the SDK as possible to prevent breaking on sites which expect that it will always successfully load. 17519
facebook.svg 480
fastclick.js Bug 1738220 - Shim Conversant FastClick Sites assuming FastClick will load can break if it is blocked. This shim mitigates that breakage. 1772
figshare.js Bug 1895990 - figshare login broken with dFPI enabled The websites that use figshare for login require unpartitioned third-party cookie access for https://figshare.com. The figshare login process sets a third-party cookie for https://figshare.com, which is used as an proof of authentication on redirect back to the main site. This shim adds a request for storage access for https://figshare.com when the user tries to log in. 2499
firebase.js Bug 1767407 - Shim Firebase Sites relying on firebase-messaging.js will break in Private browsing mode because it assumes that they require service workers and indexedDB, when they generally do not. 2343
google-ads.js Bug 1713726 - Shim Ads by Google Sites relying on window.adsbygoogle may encounter breakage if it is blocked. This shim provides a stub for that API to mitigate that breakage. 1648
google-analytics-and-tag-manager.js Bug 1713687 - Shim Google Analytics and Tag Manager Sites often rely on the Google Analytics window object and will break if it fails to load or is blocked. This shim works around such breakage. Sites also often use the Google Optimizer (asynchide) code snippet, only for it to cause multi-second delays if Google Analytics does not load. This shim also avoids such delays. They also rely on Google Tag Manager, which often goes hand-in- hand with Analytics, but is not always blocked by anti-tracking lists. Handling both in the same shim handles both cases. 4693
google-analytics-ecommerce-plugin.js 338
google-analytics-legacy.js 3362
google-ima.js Bug 1713690 - Shim Google Interactive Media Ads ima3.js Many sites use ima3.js for ad bidding and placement, often in conjunction with Google Publisher Tags, Prebid.js and/or other scripts. This shim provides a stubbed-out version of the API which helps work around related site breakage, such as black bxoes where videos ought to be placed. 13793
google-page-ad.js Bug 1713692 - Shim Google Page Ad conversion tracker This shim stubs out the simple API for converstion tracking with Google Page Ad, mitigating major breakage on pages which presume the API will always successfully load. 551
google-publisher-tags.js Bug 1713685 - Shim Google Publisher Tags Many sites rely on googletag to place content or drive ad bidding, and will experience major breakage if it is blocked. This shim provides enough of the API's frame To mitigate much of that breakage. 13108
history.js Bug 1624853 - Shim Storage Access API on history.com history.com uses Adobe as a necessary third party to authenticating with a TV provider. In order to accomodate this, we grant storage access to the Adobe domain via the Storage Access API when the login or logout buttons are clicked, then forward the click to continue as normal. 1583
iam.js Bug 1761774 - Shim INFOnline IAM tracker Sites using IAM can break if it is blocked. This shim mitigates that breakage by loading a stand-in module. 898
iaspet.js Bug 1713701 - Shim Integral Ad Science iaspet.js Some sites use iaspet to place content, often together with Google Publisher Tags. This shim prevents breakage when the script is blocked. 962
instagram-embed.js Colours match light/dark theme from https://searchfox.org/mozilla-central/source/browser/themes/addons/light/manifest.json https://searchfox.org/mozilla-central/source/browser/themes/addons/dark/manifest.json 6605
instagram.js Bug 1804445 - instagram login broken with dFPI enabled Instagram login with Facebook account requires Facebook to have the storage access under Instagram. This shim adds a request for storage access for Facebook when the user tries to log in with a Facebook account. 1541
instagram.svg 4418
kinja.js globals exportFunction 1740
live-test-shim.js globals browser 2244
maxmind-geoip.js Bug 1754389 - Shim Maxmind GeoIP library Some sites rely on Maxmind's GeoIP library which gets blocked by ETP's fingerprinter blocking. With the library window global not being defined functionality may break or the site does not render at all. This shim has it return the United States as the location for all users. 1574
microsoftLogin.js 1075
microsoftVirtualAssistant.js Bug 1801277 - Shim Microsoft virtual assistant. The microsoft virtual assistant will break when accessing the indexedDB that will throw a security error because the virtual assistant is under a third-party tracking domain 'liveperson.net'. The shim replaces the indexedDB with a fake interface that won't throw an error. 1477
moat.js Bug 1713704 - Shim Moat ad tracker Sites such as Forbes may gate content behind Moat ads, resulting in breakage like black boxes where videos should be placed. This shim helps mitigate that breakage by allowing the placement to succeed. 1351
mochitest-shim-1.js globals browser 2488
mochitest-shim-2.js globals browser 2384
mochitest-shim-3.js 259
nielsen.js Bug 1760754 - Shim Nielsen tracker Sites expecting the Nielsen tracker to load properly can break if it is blocked. This shim mitigates that breakage by loading a stand-in. 2327
optimizely.js Bug 1714431 - Shim Optimizely This shim stubs out window.optimizely for those sites which break when it is not successfully loaded. 4065
play.svg 617
rambler-authenticator.js 2991
rich-relevance.js Bug 1713725 - Shim Rich Relevance personalized shopping Sites may expect the Rich Relevance personalized shopping API to load, breaking if it is blocked. This shim attempts to limit breakage on those site to just the personalized shopping aspects, by stubbing out the APIs. 6364
salesforce.js Bug 1855139 - The pop-up for "Où trouver ma référence ?" option is blank at garantie30minutes.sncf.com with ETP set to STANDARD emeraude.my.salesforce.com is marked as a tracker, and it tries to access localstorage, but the script returned does not handle the error. The shim replaces localstorage with a fake interface to avoid the error. 1514
spotify-embed.js globals exportFunction 4269
tiktok-embed.js Colours match light/dark theme from https://searchfox.org/mozilla-central/source/browser/themes/addons/light/manifest.json https://searchfox.org/mozilla-central/source/browser/themes/addons/dark/manifest.json 6588
tiktok.svg 5018
tracking-pixel.png 70
tsn-ca.js Bug 1802340 - tsn.ca login broken with dFPI enabled tsn.ca relies upon a login page that is out-of-origin. That login page sets a cookie for https://www.tsn.ca, which is then used as an proof of authentication on redirect back to the main site. This shim adds a request for storage access for https://www.tsn.ca when the user tries to log in. 1603
vast2.xml 476
vast3.xml 476
vidible.js Bug 1713710 - Shim Vidible video player Sites relying on Vidible's video player may experience broken videos if that script is blocked. This shim allows users to opt into viewing those videos regardless of any tracking consequences, by providing placeholders for each. 12587
vmad.xml 478
webtrends.js Bug 1766414 - Shim WebTrends Core Tag and Advanced Link Tracking Sites using WebTrends Core Tag or Link Tracking can break if they are are blocked. This shim mitigates that breakage by loading an empty module. 992