I have a suggestion which can make the web much more secure in the long run. Add a setting in the about:config to enable the Obfs4 protocol on sites that support it. Obfs4 was developed by the Tor Project to circumvent censorship, but because it is super obfuscated I recommend adding it for security alone. 1. Obfs4 resists man in the middle attack because a secret for the key exchange is transmitted out-of-band. (In your case a longer URL) 2. Obfs4 resists active probing (an adversary could be monitoring someone's local connection, and to figure out what he's looking at, connect to the same IP he connected to speaking the same protocol). This attack is resisted for the same reason as point 1. Lastly 3. An adversary can't tell what someone is doing by their packet sizes and packet timings because Obfs4 randomizes them. If you implement this idea I'm pretty sure you can convince Cloudflare to support Obfs4 just like they did with ESNI.