From 4ed9d7787fec9b5a2520d33e5d94b559900a8ab9 Mon Sep 17 00:00:00 2001
From: HJ <11689349+yokoffing@users.noreply.github.com>
Date: Mon, 21 Aug 2023 19:42:58 -0400
Subject: [PATCH] Updated Optional Hardening (markdown)

---
 Optional-Hardening.md | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/Optional-Hardening.md b/Optional-Hardening.md
index ce9f31a..98eccc0 100644
--- a/Optional-Hardening.md
+++ b/Optional-Hardening.md
@@ -67,12 +67,16 @@ user_pref("browser.sessionstore.privacy_level", 2);
 ***
 
 ### Secure DNS (DoH setup)
-Mode 3 has site-exceptions with a nice UI on the error page.
+Mode 3 has site-exceptions with a nice UI on the error page:
+* Go to `☰` *→ Settings → Privacy & Security → DNS over HTTPS → Manage Exceptions*
 
-You can also go to `☰` *→ Settings → Privacy & Security → DNS over HTTPS → Manage Exceptions*
+For `network.trr.uri`: use the one provided, or customize how DoH protects you:
+1) [Create a profile](https://nextdns.io/?from=xujj63g5) with NextDNS and follow our [configuration guide](https://github.com/yokoffing/NextDNS-Config).
+2) Add your endpoint to `network.trr.uri`.
 ```
+// PREF: enforce DNS-over-HTTPS (DoH)
 user_pref("network.trr.mode", 3); // Max Protection
-user_pref("network.trr.uri", "https://freedns.controld.com/x-hagezi-proplus"); // PASTE_YOUR_DOH_ADDRESS_HERE
+user_pref("network.trr.uri", "https://freedns.controld.com/x-hagezi-proplus"); // custom endpoint
 user_pref("network.dns.skipTRR-when-parental-control-enabled", false);
 ```