Extension Workshop
Add-on Policies
Add-ons extend the core capabilities of Firefox, enabling users to modify and personalize their web experience. A healthy ecosystem, built on trust, is vital for developers to be successful and users to feel safe making Firefox their own. For these reasons, Mozilla requires all add-ons to comply with the following policies on acceptable practices. These policies are not intended to serve as legal advice, nor as a comprehensive list of terms to include in your add-on’s privacy policy.
All add-ons are subject to these policies, regardless of how they are distributed. When an add-on is given human review or otherwise assessed by Mozilla, these policies act as guiding principles for those reviews. Add-ons that do not comply with these policies may be rejected or disabled by Mozilla. Therefore, follow these policies when making add-on design and development decisions.
Contents
No Surprises
Content
Submission Guidelines
Development Practices
Data Disclosure, Collection and Management
Security Vulnerabilities
Monetization
Compliance & Blocking
No Surprises
Surprises can be appropriate in many situations, but they are not welcome when user security, privacy and control are at stake. It is extremely important to be as transparent as possible when submitting an add-on. The user should be able to easily discern what the functionality of your add-on is and not be presented with unexpected user experiences after installing it.
Unexpected features
“Unexpected” features are those that are unrelated to the add-on’s primary function, and are not likely from the add-on name or description to be expected by a user installing that add-on.
Should an add-on include any unexpected feature that falls into one of the following categories:
Then the “unexpected” feature(s) must adhere to all of the following requirements:
Content
Add-ons that make use of Mozilla trademarks must comply with the Mozilla Trademark Policy. If the add-on uses “Firefox” in its name, the naming standard the add-on is expected to follow is “<Add-on name> for Firefox”.
In addition, add-ons listed on addons.mozilla.org (AMO) must adhere to the following policies:
Submission Guidelines
Add-ons must function only as described, and should provide an appealing user experience. Based on the description of the add-on, a user must be able to understand and use the add-on’s features without requiring expert knowledge. Tips on how to create a good user experience for your add-on can be found here.
During review, the add-on undergoes basic testing in addition to code review. To facilitate the functional testing, the add-on author must provide testing information and, if applicable, testing credentials required to use the add-on if an account is needed for any part of the add-on’s functionality.
Issues brought up during review must be addressed using best efforts. If corrections have been requested, the new version should not contain unrelated changes, as this complicates the review process and can lead to further rejections.
Source Code Submission
Add-ons may contain transpiled, minified or otherwise machine-generated code, but Mozilla needs to review a copy of the human-readable source code. The author must provide this information to Mozilla during submission along with instructions on how to reproduce the build.
The provided source code will be reviewed by an administrator and will not be redistributed in any way. The code will only be used for the purpose of reviewing the add-on. Failure to provide this information will result in rejection.
Add-ons are not allowed to contain obfuscated code, nor code that hides the purpose of the functionality involved. If external resources are used in combination with add-on code, the functionality of the code must not be obscured. To the contrary, minification of code with the intent to reduce file size is permitted.
Please read our Source Code Submission guidelines to avoid unexpected rejections or blocks.
Development Practices
In general, developers are free to maintain their add-ons in the manner they choose. However, in order to maintain appropriate data security and effectively review code, we do have certain technical requirements that all add-ons must meet. In particular, potentially dangerous APIs may only be used in ways that are demonstrably safe, and code within add-ons that cannot be verified as behaving safely and correctly may need to be refactored.
While any code, method or practice in a submitted add-on is subject to review and rejection, the following requirements are of particular importance:
Data Disclosure, Collection and Management
You must disclose how the add-on collects, uses, stores and shares user data in the privacy policy field on AMO. Mozilla expects that the add-on limits data collection whenever possible, in keeping with Mozilla’s Lean Data Practices and Mozilla’s Data Privacy Principles, and uses the data only for the purpose for which it was originally collected.
User data includes all information the add-on collects, regardless of the manner. It can be personal data actively provided by the user (such as a name or email address), technical data (such as operating system, build ID, version numbers, crash reports, activation, updates), and interaction or activity data (add-on activity data, visited URLs, console logs), including interactions with Firefox.
The add-on’s privacy policy must be the full policy text; it cannot be a link to an externally hosted privacy policy. In addition, the privacy policy must:
A summary of this information must be included in the add-on’s listing description. Finally, you and your add-on must also comply with all applicable data privacy laws as well as any other laws that may apply to your specific add-on.
Please refer to our best practices for advice and examples on how to design and implement a data collection consent prompt.
User Interactions & Technical Data
Cookies
Personal Data
Additional Privacy Protocols
Security Vulnerabilities
Because add-ons run in an environment with elevated privileges relative to ordinary web pages, they present a very serious set of security considerations. They have the potential to open security holes not only in the add-ons themselves, but also in the browser, in web pages, and, in particularly distressing cases, the entire system the browser is running on.
As a result, we take our security policies very seriously and apply them to all add-ons, whether hosted on AMO or not. We expect all add-ons to be secure and well-maintained in handling both their own data and their user’s data. They must also securely manage all of their interactions with the web, the browser and the operating system.
Monetization
Compliance & Blocking
Mozilla may reject or block affected versions or entire add-ons that don’t meet these policies, depending on the extent of their non-compliance.
Mozilla may attempt to contact the add-on’s developer(s) and provide a reasonable time frame for the problems to be corrected before a block is deployed. If an add-on appears to intentionally violate the policies or its developers have proven unreachable, unresponsive, or uncooperative, or in case of repeat violations, blocking may be immediate.
Mozilla reserves the right to block or delete any developer’s account on addons.mozilla.org, thereby preventing further use of the service.
For information about how rejection and blocking affects users, see What does review rejection mean to users?
Tags:  add-ons  review-policy 
Contributors: kewisch rebloor wagnerand atsay jvillalobos wbamberg kmaglione 
Last update: wagnerand Dec 02, 2019
Up Next
Publish
Firefox Add-on Distribution Agreement
Publish
Add-ons Blocking Process
Publish
Third Party Library Usage
Documentation Topics
Develop
Publish
Manage
Enterprise
Themes
Connect With Us
Twitter
For developers:
@mozamo
For end users:
@rockyourfirefox
More
Matrix
Community forum
Extensions Developer Newsletter
Stay up-to-date on news and events for Firefox extension developers.
I’m okay with Mozilla handling my info as explained in this Privacy Notice.
Mozilla
Add-ons
About
Blog
Developer Hub
Developer Policies
Forum
Firefox
Download Firefox
Desktop
Mobile
Features
Beta, Nightly, Developer Edition
Website Privacy Notice
Cookies
Legal
Edit this page on GitHub
Portions of this content are ©1998–2021 by individual mozilla.org contributors. Content available under a Creative Commons license.
Extension BasicsGetting startedMozilla Developer NetworkDevelopFirefox ToolsUser ExperienceFirefox for AndroidPort to FirefoxTest and debugUnique Firefox CapabilitiesFirefox Workflow OverviewAbout the WebExtensions APIBrowser CompatibilityNamespaceAsynchronousAPI CoverageManifest keysMore informationBuild cross-browser extensionsBuild an extension in 5 minutesBrowser Extension Development ToolsBoilerplating toolsCoding toolsTesting and debugging toolsTranslation toolsTools for Firefox for AndroidChoosing a Firefox version for extension developmentFirefox editionsFirefox version and their web extension development capabilitiesGetting started with web-extInstallationUsing web-extSee alsoweb-ext command referenceCommandsGlobal optionsSetting option environment variablesSee alsoWeb-ext Webpack plug-inBrowser API PolyfillExtensions and the Add-on IDBasic workflow with no add-on IDWhen do you need an add-on ID?Build a secure extensionRequest the right permissionsIntroductionAdvised permissionsAvoid unnecessary permissionsRequest permissions at runtimeAdd information about permissions to your extensions AMO pageBest practices for collecting user data consentsKnow your privacy settingsGet preparedCreate a privacy policyPrompt after install or on first useDetermine your consent flowYour consent dialogsBuild an accessible extensionOnboard, upboard, offboard usersOnboardingUpboardingOffboardingUser experience best practices1. Keep it focused2. Give users what they need, where they need it3. Keep the user informed4. Be Firefoxy in look and feel5. Great onboarding experience6. Test, test, and then test againWhat’s great content and design?Create an appealing listingYour add-on’s nameCreate a captivating iconCreate a meaningful set of keywordsMake sure your summary is just long enoughFocus on key features in your screenshotsThe add-on description can be longer, but not too longMake it localMake it experimentalSelect the right platforms and versionsCategorize wellBe prepared to provide supportSet up a developer profileUse plain language in any privacy policy or license agreementGently ask for a reviewSome other pointsDifferences between desktop and Android extensionsIntroductionUser interfaceNative application interactionPermissionsOther notesUser experience guidelines for mobile extensionsIntroductionThe basicsThe extra mileThe last mileDeveloping extensions for Firefox for AndroidSet up your computer and Android emulator or deviceCheck for Firefox for Android compatibilityInstall and run your extension in Firefox for AndroidDebug your extensionDeveloping extensions for Firefox for Android (Fennec)Set up your computer and Android emulator or deviceSet up your computer and Android emulator or deviceCheck for Firefox for Android compatibilityInstall and run your extension in Firefox for AndroidDebug your extensionGeckoView Extensions (Android library)Extension compatibility testPorting a Google Chrome ExtensionPorting a legacy Firefox extensionQuick startMigration pathsDon't see the WebExtensions APIs you need?ToolsDocumentationContactComparison with the Add-on SDKManifest filesPersistent scriptsContent scriptsUI elementsSettingsInternationalizationCommand-line toolJavaScript APIsComparison with XUL/XPCOM extensionsManifestUIPrivileged APIsInteracting with web contentLocalizationSettingsDebuggingDeveloper tools toolboxDebugging background scriptsDebugging options pagesDebugging popupsDebugging content scriptsDebugging sidebarsDebugging storageDebugging developer tools pages and panelsDebug permission requestsDebugging browser restartsTemporary Installation in FirefoxReloading a temporary extensionUsing the command lineDetecting temporary installationLimitationsTesting persistent and restart featuresWhat is an add-on ID?What is a Firefox profile?Extension behavior in FirefoxWhat do I do to ensure I can test my extension?Test permission requestsPermission grant behavior during testingObserve or verify install time permission requestsRetest runtime permission grantsPublishGet your extension signedDistribute your signed extensionPromote your extensionAdd-on PoliciesNo SurprisesContentSubmission GuidelinesDevelopment PracticesData Disclosure, Collection and ManagementSecurity VulnerabilitiesMonetizationCompliance & BlockingFirefox Add-on Distribution Agreement1. Introduction2. Accounts3. Privacy Policy4. Distribution, certificates, & review process5. Your obligations6. Licenses; proprietary rights7. Content removal8. Disclaimer of warranties9. Limitation of liability10. Release; indemnification11. General legal termsAdd-ons Blocking ProcessSecurity Over ChoiceBlocking CriteriaDeveloper OutreachRequesting a BlockBlocking Other Types of Third Party SoftwareThird Party Library UsageWhen must links for third-party libraries be provided?How to determine the third-party library linkCommunicating third-party library links to reviewersWhat does review rejection mean to users?Review overviewImpact of review rejectionBlocklistingSigning and distribution overviewSigning your add-onsDistributing your add-onMore information about AMOPackage your extensionWindowsMac OSXLinux / Mac OSX TerminalDistribute pre-release versionsSubmitting an add-onListing on AMOSelf-distributionGet helpSource code submissionProvide your extension source codeUse of obfuscated codeSource code checklistAdd-on ownershipTransfer ownershipCode disputesDeveloper accountsSetting a display nameBlocked accountsSelf-DistributionSelf-distribution optionsSideloadingPreparing your add-onInstall add-on from fileInstallation using the standard extension foldersFor desktop appsPromoting your extensionPromote your add-on from your websiteFriends, family, and colleaguesEvents and meetupsCurrent usersSocial mediaEngage with your usersCreate a forum, user group, or similarEngage with bloggers and news mediaAdvertisingMake money from browser extensionsWill I ever be able to sell through AMO?What can't you doWhat can you doUnsolicited offersHow can I maximize my income?Recommended extensionsOverviewCriteria for Recommended extensionsDeveloper partnershipSelection processManageStay informed when Firefox changesPublish extension updatesManage authors of your extensionPromote your extensionRemoving your extension from distributionUpdating your extensionEnabling updates to your extensionManifest structureTesting automatic updatingBest practices for updating your extensionMonitoring extension usage statisticsAccessing the statistics dashboardTracking external sourcesAdd-on listing exampleResources for publishersRetiring your extensionReasons for withdrawing your extensionSteps to retiring an extensionSuggested retirement timetableEnterpriseDeveloping your enterprise extensionDistributing your enterprise extensionManage add-ons for Firefox for EnterpriseInstall system add-ons for Firefox for EnterpriseAdding policy support to your extensionHow to add policy supportDistributing your policyEnterprise policies that impact extensionsRelevant policiesOther relevant policiesEnterprise distributionSigned vs. unsigned extensionsSideloadingInstallation using the Windows registryFirefox settingsBundling add-ons with a custom FirefoxThemesUsing the AMO theme generatorGetting startedSubmitting your themeUpdating your themeStatic themesIntroductionCreate a simple static themeUpdating static themesSingle image themesMultiple image themesStatic animated themesDynamic themesIntroductionCreating dynamic themesPublishing dynamic themesCross-browser compatibilityCommunityWho is part of the community?Connect with the communityGet involved in the communityCommunity ForumAdd-ons BlogStack OverflowCommunication CalendarDev Mailing ListContribution opportunitiesOnboard to the WebExtensions codebaseHacking guide for WebExtensions code contributionsWebExtensions ExperimentsFind or create a bugExtension Basics OverviewGetting startedMozilla Developer NetworkDevelop OverviewFirefox ToolsUser ExperienceFirefox for AndroidPort to FirefoxTest and debugUnique Firefox CapabilitiesFirefox Workflow OverviewAbout the WebExtensions APIBrowser CompatibilityNamespaceAsynchronousAPI CoverageManifest keysMore informationBuild cross-browser extensionsBuild an extension in 5 minutesBrowser Extension Development ToolsBoilerplating toolsCoding toolsTesting and debugging toolsTranslation toolsTools for Firefox for AndroidChoosing a Firefox version for extension developmentFirefox editionsFirefox version and their web extension development capabilitiesGetting started with web-extInstallationUsing web-extSee alsoweb-ext command referenceCommandsGlobal optionsSetting option environment variablesSee alsoWeb-ext Webpack plug-inBrowser API PolyfillExtensions and the Add-on IDBasic workflow with no add-on IDWhen do you need an add-on ID?Build a secure extensionRequest the right permissionsIntroductionAdvised permissionsAvoid unnecessary permissionsRequest permissions at runtimeAdd information about permissions to your extensions AMO pageBest practices for collecting user data consentsKnow your privacy settingsGet preparedCreate a privacy policyPrompt after install or on first useDetermine your consent flowYour consent dialogsBuild an accessible extensionOnboard, upboard, offboard usersOnboardingUpboardingOffboardingUser experience best practices1. Keep it focused2. Give users what they need, where they need it3. Keep the user informed4. Be Firefoxy in look and feel5. Great onboarding experience6. Test, test, and then test againWhat’s great content and design?Create an appealing listingYour add-on’s nameCreate a captivating iconCreate a meaningful set of keywordsMake sure your summary is just long enoughFocus on key features in your screenshotsThe add-on description can be longer, but not too longMake it localMake it experimentalSelect the right platforms and versionsCategorize wellBe prepared to provide supportSet up a developer profileUse plain language in any privacy policy or license agreementGently ask for a reviewSome other pointsDifferences between desktop and Android extensionsIntroductionUser interfaceNative application interactionPermissionsOther notesUser experience guidelines for mobile extensionsIntroductionThe basicsThe extra mileThe last mileDeveloping extensions for Firefox for AndroidSet up your computer and Android emulator or deviceCheck for Firefox for Android compatibilityInstall and run your extension in Firefox for AndroidDebug your extensionDeveloping extensions for Firefox for Android (Fennec)Set up your computer and Android emulator or deviceSet up your computer and Android emulator or deviceCheck for Firefox for Android compatibilityInstall and run your extension in Firefox for AndroidDebug your extensionGeckoView Extensions (Android library)Extension compatibility testPorting a Google Chrome ExtensionPorting a legacy Firefox extensionQuick startMigration pathsDon't see the WebExtensions APIs you need?ToolsDocumentationContactComparison with the Add-on SDKManifest filesPersistent scriptsContent scriptsUI elementsSettingsInternationalizationCommand-line toolJavaScript APIsComparison with XUL/XPCOM extensionsManifestUIPrivileged APIsInteracting with web contentLocalizationSettingsDebuggingDeveloper tools toolboxDebugging background scriptsDebugging options pagesDebugging popupsDebugging content scriptsDebugging sidebarsDebugging storageDebugging developer tools pages and panelsDebug permission requestsDebugging browser restartsTemporary Installation in FirefoxReloading a temporary extensionUsing the command lineDetecting temporary installationLimitationsTesting persistent and restart featuresWhat is an add-on ID?What is a Firefox profile?Extension behavior in FirefoxWhat do I do to ensure I can test my extension?Test permission requestsPermission grant behavior during testingObserve or verify install time permission requestsRetest runtime permission grantsPublish OverviewGet your extension signedDistribute your signed extensionPromote your extensionAdd-on PoliciesNo SurprisesContentSubmission GuidelinesDevelopment PracticesData Disclosure, Collection and ManagementSecurity VulnerabilitiesMonetizationCompliance & BlockingFirefox Add-on Distribution Agreement1. Introduction2. Accounts3. Privacy Policy4. Distribution, certificates, & review process5. Your obligations6. Licenses; proprietary rights7. Content removal8. Disclaimer of warranties9. Limitation of liability10. Release; indemnification11. General legal termsAdd-ons Blocking ProcessSecurity Over ChoiceBlocking CriteriaDeveloper OutreachRequesting a BlockBlocking Other Types of Third Party SoftwareThird Party Library UsageWhen must links for third-party libraries be provided?How to determine the third-party library linkCommunicating third-party library links to reviewersWhat does review rejection mean to users?Review overviewImpact of review rejectionBlocklistingSigning and distribution overviewSigning your add-onsDistributing your add-onMore information about AMOPackage your extensionWindowsMac OSXLinux / Mac OSX TerminalDistribute pre-release versionsSubmitting an add-onListing on AMOSelf-distributionGet helpSource code submissionProvide your extension source codeUse of obfuscated codeSource code checklistAdd-on ownershipTransfer ownershipCode disputesDeveloper accountsSetting a display nameBlocked accountsSelf-DistributionSelf-distribution optionsSideloadingPreparing your add-onInstall add-on from fileInstallation using the standard extension foldersFor desktop appsPromoting your extensionPromote your add-on from your websiteFriends, family, and colleaguesEvents and meetupsCurrent usersSocial mediaEngage with your usersCreate a forum, user group, or similarEngage with bloggers and news mediaAdvertisingMake money from browser extensionsWill I ever be able to sell through AMO?What can't you doWhat can you doUnsolicited offersHow can I maximize my income?Recommended extensionsOverviewCriteria for Recommended extensionsDeveloper partnershipSelection processManage OverviewStay informed when Firefox changesPublish extension updatesManage authors of your extensionPromote your extensionRemoving your extension from distributionUpdating your extensionEnabling updates to your extensionManifest structureTesting automatic updatingBest practices for updating your extensionMonitoring extension usage statisticsAccessing the statistics dashboardTracking external sourcesAdd-on listing exampleResources for publishersRetiring your extensionReasons for withdrawing your extensionSteps to retiring an extensionSuggested retirement timetableEnterprise OverviewDeveloping your enterprise extensionDistributing your enterprise extensionManage add-ons for Firefox for EnterpriseInstall system add-ons for Firefox for EnterpriseAdding policy support to your extensionHow to add policy supportDistributing your policyEnterprise policies that impact extensionsRelevant policiesOther relevant policiesEnterprise distributionSigned vs. unsigned extensionsSideloadingInstallation using the Windows registryFirefox settingsBundling add-ons with a custom FirefoxThemes OverviewUsing the AMO theme generatorGetting startedSubmitting your themeUpdating your themeStatic themesIntroductionCreate a simple static themeUpdating static themesSingle image themesMultiple image themesStatic animated themesDynamic themesIntroductionCreating dynamic themesPublishing dynamic themesCross-browser compatibilityCommunity OverviewWho is part of the community?Connect with the communityGet involved in the communityCommunity ForumAdd-ons BlogStack OverflowCommunication CalendarDev Mailing ListContribution opportunitiesOnboard to the WebExtensions codebaseHacking guide for WebExtensions code contributionsWebExtensions ExperimentsFind or create a bug