Submit or Manage Extensions

Firefox built-in consent for data collection and transmission

Firefox supports built-in consent for data collection and transmission in Firefox for desktop 140 and later, and Firefox for Android 142 and later.

From November 3, 2025, all new extensions must adopt the Firefox built-in data collection consent system. Extensions must state if and what data they collect or transmit. New versions and updates for add-ons created before November 3 don’t need to use this feature, but will have to at a later date.

For updates on the rollout and the timeline for AMO accepting submissions using this feature and for tips on how to take advantage of it, see the community blog.

To use Firefox's built-in consent experience, you have to specify what data your extension collects or transmits in the extension’s manifest.json file. This information is shown to the user when they first install the extension. A user can then choose to accept or reject the data collection, just as they do with extension permissions. You can also specify that the extension collects no data.

Taxonomy

Firefox uses categories to standardize data collection information for developers and users. In line with the policies, there are two types of data: Personal data and Technical and Interaction data.

Personal data

Personally identifiable information can be actively provided by the user or obtained through extension APIs. It includes, but isn’t limited to, names, email addresses, search terms, and browsing activity data, as well as access to and placement of cookies.

Data type
visible during install		 Data collection permission
used in the manifest		 Definition and examples Eligible for implicit consent?
Personally identifying information personallyIdentifyingInfo Examples: contact information such as name and address, email, and phone number, as well as other identifying data such as ID numbers, voice or video recordings, age, demographic information, or biometric data. no
Health information healthInfo Examples: medical history, symptoms, diagnoses, treatments, procedures, or heart rate data. no
Financial and payment information financialAndPaymentInfo Examples: credit card numbers, transactions, credit ratings, financial statements, or payment history. no
Authentication information authenticationInfo Examples: passwords, usernames, personal identification numbers (PINs), security questions, and registration information for extensions that offer account-based services. no
Personal communications personalCommunications Examples: emails, text or chat messages, social media posts, and data from phone calls and conference calls. no
Location locationInfo Examples: region, GPS coordinates, or information about things near a user’s device. yes
Browsing activity browsingActivity Information about the websites users visit, such as specific URLs, domains, or categories of pages users view. yes
Website content websiteContent Covers anything visible on a website — such as text, images, videos, and links — and anything embedded, such as cookies, audio, page headers, and request and response information. yes
Website activity websiteActivity Examples: interactions and mouse and keyboard activity, such as scrolling, clicking, typing, and actions, such as saving and downloading. yes
Search terms searchTerms Search terms entered into search engines or the browser. yes
Bookmarks bookmarksInfo Information about Firefox bookmarks, including specific websites, bookmark names, and folder names. yes

Technical and interaction data

Technical data describes the environment the user is running, such as browser settings, platform information, and hardware properties. User interaction data includes how the user interacts with Firefox and the installed add-on, metrics for product improvement, and error information.

Data type
visible during install		 Data collection permission
used in the manifest		 Definition and examples
Technical and interaction data technicalAndInteraction Examples: Device and browser info, extension usage and settings data, crash and error reports.

Specifying data types

You specify the data types your extension transmits in the browser_specific_settings.gecko.data_collection_permissions key in the manifest.json file. As a reminder, the policies state that data transmission refers to any data collected, used, transferred, shared, or handled outside the add-on or the local browser.

Personal data

Personal data permissions can be required or optional, except for technicalAndInteraction that cannot be required:

"browser_specific_settings": {
  "gecko": {
    "data_collection_permissions": {
      "required": [...],
      "optional": [...]
    }
  }
}

The rest of this section describes each key in the data_collection_permissions object.

Required data

When you specify data types in the required list, users must accept this data collection to use the extension; they cannot opt out. So the user can review the data-collection requirements of an extension before installing it, data collection information is presented to the user in the installation prompt, like this:

The extension installation prompt shows data types as specified in the manifest.

If the user doesn’t agree to data collection, they can cancel the extension installation.

This installation prompt is the result of a manifest.json file that specifies one required data type, locationInfo, and one optional data type, technicalAndInteraction.

{
  "manifest_version": 2,
  "name": "Example - Data collection with fallback",
  "version": "1.0.0",
  "permissions": [
    "storage",
    "management"
  ],
  "browser_specific_settings": {
    "gecko": {
        "id": "@example-data-collection-with-fallback",
        "data_collection_permissions": {
          "required": [
             "locationInfo"
          ],
          "optional": [
             "technicalAndInteraction"
          ]
         }
      }
  },
  "background": {
    "scripts": [
      "background.js"
    ]
  },
  "browser_action": {},
  "options_ui": {
     "page": "options/page.html"
  }
}

This adds the "required" data collection paragraph to the installation prompt. The data permissions are also listed in about:addons like this:

The about:addons page shows details of required and optional data collection permissions.

Optional data

Optional data collection permissions are specified using the optional list. These aren’t presented during installation (except for technicalAndInteraction), and they aren’t granted by default. The extension can request that the user opts in to this data collection after installation by calling permissions.request() in a user-activated event handler, and the user can turn this optional data collection on or off in about:addons in the Permissions and data section of the extension settings.

Technical and interaction data

The technicalAndInteraction data type behaves differently from all other data types. This data permission must be optional, but unlike other optional data collection options, the user can turn this permission on or off during the installation flow. This choice is available in the optional settings section of the extension installation prompt.

No data collection

If your extension doesn’t collect or transmit any data, you indicate that by specifying the none required permission in the manifest, as follows:

{
  "manifest_version": 2,
  "name": "extension without data collection",
  "version": "1.0.0",
  "browser_specific_settings": {
    "gecko": {
      "id": "@extension-without-data-collection",
      "data_collection_permissions": {
        "required": ["none"]
      }
    }
  },
  "permissions": [
    "bookmarks",
    "<all_urls>"
  ]
}

When a user attempts to install this extension, Firefox shows the usual installation prompt with the description of the required (API) permissions and a description to indicate that the extension doesn’t collect any data, like this:

The extension installation prompt shows the no data transmission ar defined in the manifest

The "no data collected" type is also listed in the Permissions and data tab of the extension in about:addons, like this:

The about:addons page shows the "no data collected" permission.

Accessing the data collection permissions programmatically

You use the browser.permissions API to interact with the optional data permissions. Specifically, the getAll() method returns the list of granted optional data permissions, as follows:

await browser.permissions.getAll()

{
  origins: ["<all_urls>"],
  permissions: ["bookmarks"],
  // In this case, the permission is granted.
​  data_collection: ["technicalAndInteraction"]
}

You use the presence or absence of the data_collection key in the getAll() method’s response to feature-detect the built-in data collection consent experience in Firefox at runtime.

const perms = await browser.permissions.getAll();
if (!perms.data_collection) {
  // no built-in data consent in Firefox
}

You use the browser.permissions.request() API method to get consent from users for ancillary data collection (defined in the optional list):

await browser.permissions.request({ data_collection: ["healthInfo"] });

This call displays a message to the user, giving them the choice to opt in to this data collection, like this:

The prompt for requesting data collection permissions programmatically.

Updates

When an extension is updated, Firefox only shows the added required data permissions, unless it’s the special none data type, because when the extension doesn’t collect any data, that doesn’t need to be notified to the user.

Testing

To see how the data collection prompts appear to a user for a new install or upgrade, follow the process described in Test permission requests.