diff --git a/Optional-Hardening.md b/Optional-Hardening.md
index 93b7dbd..f1ab1eb 100644
--- a/Optional-Hardening.md
+++ b/Optional-Hardening.md
@@ -111,22 +111,6 @@ user_pref("security.cert_pinning.enforcement_level", 2);
***
-### Require Safe Negotiation
-
-Block connections to servers that don't support [RFC 5746](https://datatracker.ietf.org/doc/html/rfc5746) as they're potentially [vulnerable](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555) to a man-in-the-middle attack.
-
-A server without RFC 5746 can be safe from the attack if it disables renegotiations. However, the problem is that the browser can't know that. Setting this pref to `true` is the only way for the browser to ensure there will be no unsafe renegotiations on the channel between the browser and the server.
-
-:warning: Some sites, like `EA.com`, will not let you login due to their weak encryption.
-
-```javascript
-// PREF: require safe SSL negotiation
-// [ERROR] SSL_ERROR_UNSAFE_NEGOTIATION
-user_pref("security.ssl.require_safe_negotiation", true);
-```
-
-***
-
### Sanitize on close
#### Option 1: Clear browsing data on shutdown, except browser history
* `☰` *→ Settings → Privacy & Security → Cookies and Site Data → Delete cookies and site data when Firefox is closed*
@@ -186,6 +170,22 @@ user_pref("network.trr.uri", "https://dns.quad9.net/dns-query");
***
+### Require Safe Negotiation
+
+Block connections to servers that don't support [RFC 5746](https://datatracker.ietf.org/doc/html/rfc5746) as they're potentially [vulnerable](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555) to a man-in-the-middle attack.
+
+A server without RFC 5746 can be safe from the attack if it disables renegotiations. However, the problem is that the browser can't know that. Setting this pref to `true` is the only way for the browser to ensure there will be no unsafe renegotiations on the channel between the browser and the server.
+
+:warning: Some sites, like `EA.com`, will not let you login due to their weak encryption.
+
+```javascript
+// PREF: require safe SSL negotiation
+// [ERROR] SSL_ERROR_UNSAFE_NEGOTIATION
+user_pref("security.ssl.require_safe_negotiation", true);
+```
+
+***
+
### Fingerprinting
Fingerprinting is a high [threat model](https://thenewoil.org/en/guides/prologue/threatmodel/) issue that is only [addressed](https://github.com/arkenfox/user.js/wiki/3.3-Overrides-%5BTo-RFP-or-Not%5D#-fingerprinting) reasonably by Tor.[1](https://youtu.be/5NrbdO4yWek?t=4334) Please use the [Tor Browser](https://www.torproject.org) if your context calls for **anonymity** and not just reasonable **privacy**.^[*what's the difference?*](https://thenewoil.org/en/guides/prologue/secprivanon/)