diff --git a/etc/firefox/policies/README.md b/etc/firefox/policies/README.md
index 2c3ff0d6..25afb8db 100644
--- a/etc/firefox/policies/README.md
+++ b/etc/firefox/policies/README.md
@@ -13,6 +13,7 @@ per whatever I am doing.
 <!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
 
 - [WARNING TO LIBREWOLF USERS](#warning-to-librewolf-users)
+- [General warning](#general-warning)
 - [Extensions](#extensions)
   - [Privacy Badger](#privacy-badger)
     - [Duplicate](#duplicate)
@@ -33,6 +34,12 @@ This file takes priority over
 `/usr/share/librewolf/distribution/policies.json` so don't apply this or
 a lot of LibreWolf specific customizations stops being in force.
 
+## General warning
+
+This is meant for me and devices I maintain for self-dogfooding so there are
+opinions. Including those Firefox won't accept and will appear as warnings or
+errors in `about:config` depending on the release channel or even all of them.
+
 ## Extensions
 
 They are mostly self-explanatory.
diff --git a/etc/firefox/policies/policies.json b/etc/firefox/policies/policies.json
index b3ab62c9..c6ba8317 100644
--- a/etc/firefox/policies/policies.json
+++ b/etc/firefox/policies/policies.json
@@ -251,6 +251,16 @@
         "Type": "boolean",
         "Value": false
       },
+      "dom.block_download_insecure": {
+        "Status": "locked",
+        "Type": "boolean",
+        "Value": true
+      },
+      "dom.security.https_only_mode": {
+        "Status": "locked",
+        "Type": "boolean",
+        "Value": true
+      },
       "extensions.webextensions.restrictedDomains": {
         "Status": "locked",
         "Type": "string",
@@ -351,6 +361,26 @@
         "Type": "string",
         "Value": "#ffb700"
       },
+      "privacy.donottrackheader.enabled": {
+        "Status": "locked",
+        "Type": "boolean",
+        "Value": true
+      },
+      "privacy.donottrackheader.value": {
+        "Status": "locked",
+        "Type": "number",
+        "Value": 1
+      },
+      "privacy.globalprivacycontrol.enabled": {
+        "Status": "locked",
+        "Type": "boolean",
+        "Value": true
+      },
+      "privacy.globalprivacycontrol.functionality.enabled": {
+        "Status": "locked",
+        "Type": "boolean",
+        "Value": true
+      },
       "security.OCSP.require": {
         "Status": "locked",
         "Type": "boolean",
@@ -366,6 +396,11 @@
         "Type": "boolean",
         "Value": true
       },
+      "security.ssl.enable_ocsp_must_staple": {
+        "Status": "locked",
+        "Type": "boolean",
+        "Value": true
+      },
       "security.ssl.enable_ocsp_stapling": {
         "Status": "locked",
         "Type": "boolean",