diff --git a/Optional-Hardening.md b/Optional-Hardening.md
index 84d9acd..db81105 100644
--- a/Optional-Hardening.md
+++ b/Optional-Hardening.md
@@ -242,6 +242,49 @@ user_pref("browser.eme.ui.enabled", false);
 
 ***
 
+### JIT Optimization
+#### How JavaScript Compilers Work
+Browsers use a tiered system to process JavaScript. It is a trade-off between speed (performance) and safety (attack surface).
+1. **Interpreter**: reads the code line-by-line. It is the safest but slowest.
+2. **Baseline JIT (Just-In-Time)**: Compiles code that runs frequently into simple machine code. It provides a good speed boost without complex logic that is easily exploitable.
+3. **Optimizing JIT** (Ion/TurboFan): Takes frequently run code and aggressively optimizes it based on assumptions (e.g., "this variable is always an integer"). This is where the massive speed gains come from, but the complex logic required to guess and optimize creates a massive "attack surface" for exploits. Roughly half [1](https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/#:~:text=roughly%2045%25%20of%20CVEs%20issued%20for%20V8%20were%20related%20to%20the%20JIT%20engine) [2](https://security.googleblog.com/2025/07/advancing-protection-in-chrome-on.html#:~:text=Of%20all%20the%20patched%20security%20bugs%20in%20V8%20with%20known%20exploitation%2C%20disabling%20the%20optimizers%20would%20have%20mitigated%20~50%25) of V8 engine vulnerabilities are found in this [optimizing tier](https://www.zellic.io/blog/pwning-v8ctf/#v8-and-just-in-time-compilation).
+
+#### Disable JIT optimization
+When you disable [V8 Optimization](https://www.youtube.com/watch?v=i7qlZeDt9o4) in Chrome, you are disabling Maglev (mid-tier optimizing compiler) and Turbofan (top-tier optimizer), but keeping Sparkplug (baseline compiler) and Ignition (interpreter).
+
+With modern CPUs and typical sites, you’ll rarely notice; some workloads may even be faster when avoiding JIT overhead for simple scripts. You won't notice any speed downsides and will have much better security without breaking most websites.
+
+Sites may break. A few JS/WASM-heavy web apps (e.g., complex editors, games, dashboards) may feel slower or misbehave. 
+
+```javascript
+// PREF: disable IonMonkey (JIT optimization)
+// This is the equivalent of disabling Chrome's "Turbofan" optimizer.
+// It removes the complex attack surface while keeping basic JIT performance.
+user_pref("javascript.options.ion", false);
+```
+
+#### WASM mitigations
+Disabling the optimization layer provides hardening without turning off WebAssembly entirely. You effectively remove most of the "zero-day" prone logic while allowing modern web apps to run smoothly.
+
+```javascript
+// PREF: harden WASM
+user_pref("javascript.options.wasm_optimizingjit", false);
+```
+
+#### Disable WASM
+
+In Edge's version of disabling V8 Optimization ("[Enhance your security on the web](https://support.microsoft.com/en-us/microsoft-edge/enhance-your-security-on-the-web-with-microsoft-edge-b8199f13-b21b-4a08-a806-daed31a1929d)"), Edge is more likely to break websites because it disables WASM entirely and not just V8 optimization.
+
+If you disable WASM in Firefox, you might see similar breakage on sites that rely on it.
+
+```javascript
+// PREF: disable WebAssembly
+// WARNING: This will break web-based games or heavy applications (like Google Earth).
+user_pref("javascript.options.wasm", false);
+```
+
+***
+
 ### Fingerprinting
 Fingerprinting is a high [threat model](https://thenewoil.org/en/guides/prologue/threat-model/) issue that is only [addressed](https://github.com/arkenfox/user.js/wiki/3.3-Overrides-%5BTo-RFP-or-Not%5D#-fingerprinting) reasonably by Tor.<sup>[1](https://youtu.be/5NrbdO4yWek?t=4334)</sup> Please use the [Tor Browser](https://www.torproject.org) if your context calls for **anonymity** and not just reasonable **privacy**.<sup>^[*what's the difference?*](https://thenewoil.org/en/guides/prologue/secprivanon/)</sup>