added Appendix C: Firefox Add-ons

Appendix-C:-Firefox-Add-ons.md

@@ -0,0 +1,44 @@
+Preferences alone are **not enough**. In fact, some of these are **mandatory** if you use the `ghacks user.js` in it's default state. For example
+- All tracking protection and safebrowsing is turned off by default. Unless you disable the relevant preferences (and reset them) or use a substitute (uBlock Origin), then you are putting yourself at risk
+- All cookies are denied by default. Unless you change the preference, or use an add-on you will never be able to login anywhere.
+
+Add-ons can be more powerful than a preference, such as offering whitelists/blacklists and more granular control. This allows you to set a preference at a `deny-all` level, but get back functionality on sites where you need it. An add-on can also solve issues where the browser itself has no current solution (such as canvas fingerprinting). Others listed offer a simple toggle for you to use with problem sites. This list will cover privacy and security related add-ons only, to enhance and work in tandem with the `ghacks user.js`. While we believe these are the very best of the best, this can be subjective depending on your needs.
+
+If you would like to submit a privacy or security related add-on to be added to this list, please post the details [here](https://github.com/ghacksuserjs/ghacks-user.js/issues/12) for consideration, thanks.
+
+### Recommended Add-ons
+These are all, where applicable, best configured to `deny-all` and whitelist.
+
+- [NoScript](https://addons.mozilla.org/en-US/firefox/addon/noscript/)
+- [uBlock Origin](https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/) - essential if you are not using Mozilla's Tracking Protection and Safe Browsing
+- [uMatrix](https://addons.mozilla.org/en-US/firefox/addon/umatrix/)
+- *[1] [Cookie Controller](https://addons.mozilla.org/en-US/firefox/addon/cookie-controller/)
+- *[1] [Self-Destructing Cookies](https://addons.mozilla.org/en-US/firefox/addon/self-destructing-cookies/)
+- [HTTPS Everywhere](https://addons.mozilla.org/en-US/firefox/addon/https-everywhere/)
+- [CanvasBlocker](https://addons.mozilla.org/en-US/firefox/addon/canvasblocker/)
+- [No Resource URI Leak](https://addons.mozilla.org/en-US/firefox/addon/no-resource-uri-leak/)
+- [Decentraleyes](https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/)
+- [NoRedirect](https://addons.mozilla.org/en-US/firefox/addon/noredirect/)
+- *[2] [UAControl](https://addons.mozilla.org/en-US/firefox/addon/uacontrol/)
+- *[2] [User-Agent JS Fixer](https://addons.mozilla.org/en-US/firefox/addon/user-agent-js-fixer/)
+- [Popup Blocker Ultimate](https://addons.mozilla.org/en-US/firefox/addon/popup-blocker-ultimate/) - still evaluating. I think it has a memory leak.
+- [Pure URL](https://addons.mozilla.org/en-US/firefox/addon/pure-url/)
+- [Google Privacy](https://addons.mozilla.org/en-US/firefox/addon/google-privacy/)
+- [Quick Java](https://addons.mozilla.org/en-US/firefox/addon/quickjava/) - configurable toggle buttons for JS, Java, Flash, Images and more. Suggest you don't use/enable anything that will conflict, such as the Cookies toggle.
+- [Disable IndexedDB](https://addons.mozilla.org/en-US/firefox/addon/disable-indexeddb/) - toggle button for indexedDB which is disabled by default.
+
+[1] Don't use multiple cookie add-ons
+
+[2] It's debatable if UA spoofing is worth it. UAControl offers whitelisting. User-Agent JS Fixer is only needed if your choice of add-on doesn't cover JS
+
+NOTE: At the time of publication the following are not e10s compatible:
+Google Privacy, NoRedirect, UAControl, User-Agent JS Fixer, Popup Blocker Ultimate
+
+### Still Looking For...
+- e10s compatible UA solution that allows whitelisting and covers JS
+- e10s compatible comprehensible solution that address tracking in URLs
+- e10s compatible popup blocker
+
+### Don't Bother Recommending These...
+- Ghostery
+