diff --git a/4.1-Extensions.md b/4.1-Extensions.md
index 5fb9614..bdfc55f 100644
--- a/4.1-Extensions.md
+++ b/4.1-Extensions.md
@@ -27,7 +27,8 @@ These are all, where applicable, best configured to `deny-all` and whitelist.
* [Skip Redirect](https://addons.mozilla.org/firefox/addon/skip-redirect/) | [GitHub](https://github.com/sblask/webextension-skip-redirect)
* [ClearURLs](https://addons.mozilla.org/firefox/addon/clearurls/) ✔ Privacy (stated on AMO) | [GitHub](https://github.com/KevinRoebert/ClearUrls)
* [Violentmonkey](https://addons.mozilla.org/firefox/addon/violentmonkey/) | [GitHub](https://github.com/violentmonkey/violentmonkey) 1
- * Allows you to run [User Scripts](https://github.com/ghacksuserjs/ghacks-user.js/wiki/4.2.1-User-Scripts) which can do neat things
+ * Allows you to run [User Scripts](https://github.com/ghacksuserjs/ghacks-user.js/wiki/4.2.1-User-Scripts) which can do neat things. There are Web Extension API limitations, such as handling strict CSP and @run-at document-start. So TEST your scripts!
+* [window.opener be gone](https://github.com/earthlng/testpages/raw/master/windowopener_be_gone-1.0-an%2Bfx.xpi) | see [issue #401](https://github.com/ghacksuserjs/ghacks-user.js/issues/401)
* [Request Control](https://addons.mozilla.org/firefox/addon/requestcontrol/) | [GitHub](https://github.com/tumpio/requestcontrol) | [Manual](https://github.com/tumpio/requestcontrol/blob/master/_locales/en/manual.md) | [Testing links](https://github.com/tumpio/requestcontrol/wiki/Testing-links)
* [Redirector](https://addons.mozilla.org/firefox/addon/redirector/) ✔ [Privacy](https://github.com/einaregilsson/Redirector/blob/master/privacy.md) | [GitHub](https://github.com/einaregilsson/Redirector)
* [Cookie AutoDelete](https://addons.mozilla.org/firefox/addon/cookie-autodelete/) ✔ [Privacy](https://github.com/Cookie-AutoDelete/Cookie-AutoDelete/wiki/Privacy-Policy) | [GitHub](https://github.com/mrdokenny/Cookie-AutoDelete)
@@ -39,8 +40,6 @@ These are all, where applicable, best configured to `deny-all` and whitelist.
* This can achieve *almost* everything First Party Isolation (FPI) does without breaking cross-domain logins. And (with or without FPI), in a hardened TC setup, this can even isolate repeat visits to the same domain, which FPI alone cannot.
* Required reading: [1] [AMO description](https://addons.mozilla.org/firefox/addon/temporary-containers/) [2] [Article](https://medium.com/@stoically/enhance-your-privacy-in-firefox-with-temporary-containers-33925cd6cd21) [3] [TC's Wiki](https://github.com/stoically/temporary-containers/wiki)
-1 Note: There are Web Extension API limitations, such as handling strict CSP and @run-at document-start. So TEST your scripts!
-
### :small_orange_diamond: Recommended Legacy Extensions
* :green_heart: [NoScript 5.1.8.4](https://addons.mozilla.org/firefox/addon/noscript/versions/?page=1#version-5.1.8.4) ✔ [Privacy](https://addons.mozilla.org/firefox/addon/noscript/privacy/)