Name Description Size
addthis-angular.js Bug 1713694 - Shim AddThis Angular module Sites using Angular with AddThis can break entirely if the module is blocked. This shim mitigates that breakage by loading an empty module. 524
adform.js Bug 1713695 - Shim Adform tracking Sites such as may gate content behind AdForm's trackpoint, breaking download links and such if blocked. This shim stubs out the script and its related tracking pixel, so the content still works. 787
adnexus-prebid.js Bug 1694401 - Shim Prebid.js Some sites rely on prebid.js to place content, perhaps in conjunction with other services like Google Publisher Tags and Amazon TAM. This shim prevents site breakage like image galleries breaking as the user browsers them, by allowing the content placement to succeed. 1592
adsafeprotected-ima.js Sites relying on Ad Safe Protected's adapter for Google IMA may have broken videos when the script is blocked. This shim stubs out the API to help mitigate major breakage. 524
apstag.js Bug 1713698 - Shim Amazon Transparent Ad Marketplace's apstag.js Some sites such as rely on Amazon TAM tracker to serve ads, breaking functionality like galleries if it is blocked. This shim helps mitigate major breakage in that case. 1545
bmauth.js 530
chartbeat.js Bug 1713699 - Shim ChartBeat tracking Sites may rely on chartbeat's tracking as they might with Google Analytics, expecting it to be present for interactive site content to function. This shim mitigates related breakage. 527
crave-ca.js Bug 1746439 - login broken with dFPI enabled relies upon a login page that is out-of-origin. That login page sets a cookie for, which is then used as an proof of authentication on redirect back to the main site. This shim adds a request for storage access for when the user tries to log in. 1612
criteo.js Bug 1713720 - Shim Criteo Sites relying on window.Criteo to be loaded can experience breakage if it is blocked. Stubbing out the API in a shim can mitigate this breakage. 1517
cxense.js Bug 1713721 - Shim Cxense Sites relying on window.cX can experience breakage if it is blocked. Stubbing out the API in a shim can mitigate this breakage. There are two versions of the API, one including window.cX.CCE, but both appear to be very similar so we use one shim for both. 16721
eluminate.js Bug 1606448 - Shim CoreMetrics Eluminate analytics Sites may rely on eluminate.js tracking in ways which cause breakage, which has been seen on shopping sites such as, where the search filtering UX is broken. This shim mitigates such breakage. 1731
empty-script.js This script is intentionally empty 247
empty-shim.txt 0
facebook-sdk.js Bug 1226498 - Shim Facebook SDK This shim provides functionality to enable Facebook's authenticator on third party sites ("continue/log in with Facebook" buttons). This includes rendering the button as the SDK would, if sites require it. This way, if users wish to opt into the Facebook login process regardless of the tracking consequences, they only need to click the button as usual. In addition, the shim also attempts to provide placeholders for Facebook videos, which users may click to opt into seeing the video (also despite the increased tracking risks). This is an experimental feature enabled that is only currently enabled on nightly builds. Finally, this shim also stubs out as much of the SDK as possible to prevent breaking on sites which expect that it will always successfully load. 16638
facebook.svg 480
google-ads.js Bug 1713726 - Shim Ads by Google Sites relying on window.adsbygoogle may encounter breakage if it is blocked. This shim provides a stub for that API to mitigate that breakage. 1553
google-analytics-and-tag-manager.js Bug 1713687 - Shim Google Analytics and Tag Manager Sites often rely on the Google Analytics window object and will break if it fails to load or is blocked. This shim works around such breakage. Sites also often use the Google Optimizer (asynchide) code snippet, only for it to cause multi-second delays if Google Analytics does not load. This shim also avoids such delays. They also rely on Google Tag Manager, which often goes hand-in- hand with Analytics, but is not always blocked by anti-tracking lists. Handling both in the same shim handles both cases. 4445
google-analytics-ecommerce-plugin.js 338
google-analytics-legacy.js 3362
google-ima.js Bug 1713690 - Shim Google Interactive Media Ads ima3.js Many sites use ima3.js for ad bidding and placement, often in conjunction with Google Publisher Tags, Prebid.js and/or other scripts. This shim provides a stubbed-out version of the API which helps work around related site breakage, such as black bxoes where videos ought to be placed. 10765
google-page-ad.js Bug 1713692 - Shim Google Page Ad conversion tracker This shim stubs out the simple API for converstion tracking with Google Page Ad, mitigating major breakage on pages which presume the API will always successfully load. 551
google-publisher-tags.js Bug 1713685 - Shim Google Publisher Tags Many sites rely on googletag to place content or drive ad bidding, and will experience major breakage if it is blocked. This shim provides enough of the API's frame To mitigate much of that breakage. 10935
google-safeframe.html SafeFrame Container 839
hamropatro.js Hamropatro's oauth logins with Google and Facebook redirect through a different subdomain, and so require the use of the Storage Access API for dFPI. This shim calls requestStorageAccess on behalf of the site when a user logs in using Google or Facebook. 1529
history.js Bug 1624853 - Shim Storage Access API on uses Adobe as a necessary third party to authenticating with a TV provider. In order to accomodate this, we grant storage access to the Adobe domain via the Storage Access API when the login or logout buttons are clicked, then forward the click to continue as normal. 1583
humblebundle.js Humblebundle's oauth logins with Google and Facebook redirect through a different subdomain, and so require the use of the Storage Access API for dFPI. This shim calls requestStorageAccess on behalf of the site when a user logs in using Google or Facebook. 1760
iaspet.js Bug 1713701 - Shim Integral Ad Science iaspet.js Some sites use iaspet to place content, often together with Google Publisher Tags. This shim prevents breakage when the script is blocked. 875
kinja.js globals exportFunction 1740
live-test-shim.js globals browser 2225
maxmind-geoip.js Bug 1754389 - Shim Maxmind GeoIP library Some sites rely on Maxmind's GeoIP library which gets blocked by ETP's fingerprinter blocking. With the library window global not being defined functionality may break or the site does not render at all. This shim adds a dummy object which returns errors for any request to mitigate the breakage. 762
microsoftLogin.js 1010
moat.js Bug 1713704 - Shim Moat ad tracker Sites such as Forbes may gate content behind Moat ads, resulting in breakage like black boxes where videos should be placed. This shim helps mitigate that breakage by allowing the placement to succeed. 1351
mochitest-shim-1.js globals browser 2445
mochitest-shim-2.js globals browser 2339
mochitest-shim-3.js 259
optimizely.js Bug 1714431 - Shim Optimizely This shim stubs out window.optimizely for those sites which break when it is not successfully loaded. 4065
play.svg 617
rambler-authenticator.js 2605
rich-relevance.js Bug 1713725 - Shim Rich Relevance personalized shopping Sites may expect the Rich Relevance personalized shopping API to load, breaking if it is blocked. This shim attempts to limit breakage on those site to just the personalized shopping aspects, by stubbing out the APIs. 6318
stackblitz.js Bug 1668408 - Disable service workers on StackBlitz StackBlitz does not function correctly with Total Cookie Protection because it does not request storage access permissions before trying to register service workers. Until this is addressed, service workers are disabled for StackBlitz to mitigate the breakage. 795
tracking-pixel.png 70
vast2.xml 476
vast3.xml 476
vidible.js Bug 1713710 - Shim Vidible video player Sites relying on Vidible's video player may experience broken videos if that script is blocked. This shim allows users to opt into viewing those videos regardless of any tracking consequences, by providing placeholders for each. 12114
vmad.xml 478
webtrends.js Bug 1766414 - Shim WebTrends Core Tag and Advanced Link Tracking Sites using WebTrends Core Tag or Link Tracking can break if they are are blocked. This shim mitigates that breakage by loading an empty module. 991