From 6dea11d35e9de48513672412d54e41eaa951cc6e Mon Sep 17 00:00:00 2001
From: yokoffing <11689349+yokoffing@users.noreply.github.com>
Date: Tue, 16 Jul 2024 13:58:35 -0400
Subject: [PATCH] Updated Optional Hardening (markdown)

---
 Optional-Hardening.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Optional-Hardening.md b/Optional-Hardening.md
index e3a5092..6f38e6c 100644
--- a/Optional-Hardening.md
+++ b/Optional-Hardening.md
@@ -105,6 +105,8 @@ user_pref("browser.cache.disk.enable", false);
 ```javascript
 // PREF: enforce certificate pinning
 // [ERROR] MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE
+// 1 = allow user MiTM (such as your antivirus) (default)
+// 2 = strict
 user_pref("security.cert_pinning.enforcement_level", 2);
 ```
 
@@ -186,7 +188,7 @@ user_pref("network.dns.skipTRR-when-parental-control-enabled", false);
 ```
 
 #### Manage exceptions
-Add sites to the [exceptions list](https://support.mozilla.org/en-US/kb/dns-over-https#w_off).
+Add sites to the [exceptions list](https://support.mozilla.org/en-US/kb/dns-over-https#w_off). You shouldn't need this in most normal use cases.
 * `☰` *→ Settings → Privacy & Security → DNS over HTTPS → Manage Exceptions*
 
 ***