diff --git a/4.1-Extensions.md b/4.1-Extensions.md
index ceeeb01..ad7131d 100644
--- a/4.1-Extensions.md
+++ b/4.1-Extensions.md
@@ -8,13 +8,9 @@ This list covers privacy and security related extensions only. While we believe
 ### :small_orange_diamond: Extensions (in no particular order...)
 
 * [uBlock Origin](https://addons.mozilla.org/firefox/addon/ublock-origin/) <sup>✔ [Privacy](https://github.com/gorhill/uBlock/wiki/Privacy-policy)</sup> | [GitHub](https://github.com/gorhill/uBlock)
-* [uMatrix](https://addons.mozilla.org/firefox/addon/umatrix/) <sup>✔ [Privacy](https://github.com/gorhill/uMatrix/wiki/Privacy-policy)</sup> | [GitHub](https://github.com/gorhill/uMatrix)
-* [HTTPS Everywhere](https://addons.mozilla.org/firefox/addon/https-everywhere/) <sup>✔ [Privacy](https://www.eff.org/code/privacy/policy)</sup> | [GitHub](https://github.com/EFForg/https-everywhere)
-* [CanvasBlocker](https://addons.mozilla.org/firefox/addon/canvasblocker/) <sup>✔ [Privacy](https://addons.mozilla.org/firefox/addon/canvasblocker/privacy/)</sup> | [GitHub](https://github.com/kkapsner/CanvasBlocker)
 * [Temporary Containers](https://addons.mozilla.org/en-US/firefox/addon/temporary-containers/) <sup>✔ Privacy (stated on AMO)</sup> | [GitHub](https://github.com/stoically/temporary-containers)
    * This can achieve *almost* everything First Party Isolation (FPI) does without breaking cross-domain logins. And (with or without FPI), in a hardened TC setup, this can even isolate repeat visits to the same domain, which FPI alone cannot.
    * Required reading: [1] [AMO description](https://addons.mozilla.org/firefox/addon/temporary-containers/) [2] [Article](https://medium.com/@stoically/enhance-your-privacy-in-firefox-with-temporary-containers-33925cd6cd21) [3] [TC's Wiki](https://github.com/stoically/temporary-containers/wiki)
-* [CSS Exfil Protection](https://addons.mozilla.org/firefox/addon/css-exfil-protection/) | [GitHub](https://github.com/mlgualtieri/CSS-Exfil-Protection) | [Homepage + Test](https://www.mike-gualtieri.com/css-exfil-vulnerability-tester)
 * [Smart Referer](https://addons.mozilla.org/firefox/addon/smart-referer/) <sup>✔ [Privacy](https://addons.mozilla.org/firefox/addon/smart-referer/privacy/)</sup> | [GitLab](https://gitlab.com/smart-referer/smart-referer) | [GitHub <sup>Archive</sup>](https://github.com/meh/smart-referer)
 * [Header Editor](https://addons.mozilla.org/firefox/addon/header-editor/) | [GitHub](https://github.com/FirefoxBar/HeaderEditor)
   * Allows you to run [Rules](https://github.com/arkenfox/user.js/wiki/4.2.4-Header-Editor) to modify headers such as blocking ETags
@@ -26,7 +22,20 @@ This list covers privacy and security related extensions only. While we believe
 * [Redirector](https://addons.mozilla.org/firefox/addon/redirector/) <sup>✔ [Privacy](https://github.com/einaregilsson/Redirector/blob/master/privacy.md)</sup> | [GitHub](https://github.com/einaregilsson/Redirector)
 
 ---
+### :small_orange_diamond: Extensions (maybe)
+* [uMatrix](https://addons.mozilla.org/firefox/addon/umatrix/) <sup>✔ [Privacy](https://github.com/gorhill/uMatrix/wiki/Privacy-policy)</sup> | [GitHub](https://github.com/gorhill/uMatrix)
+   - No longer maintained. Everything uMatrix did can be covered by prefs or other extensions. However, it is/was already very stable. Use it as long as it works for you (assuming you know how to
+* [HTTPS Everywhere](https://addons.mozilla.org/firefox/addon/https-everywhere/) <sup>✔ [Privacy](https://www.eff.org/code/privacy/policy)</sup> | [GitHub](https://github.com/EFForg/https-everywhere)
+   - If you're using HTTPS-Only mode (usable since Firefox 83), then this is basically redundant, especially as more of the web turns to secure context
+* [CanvasBlocker](https://addons.mozilla.org/firefox/addon/canvasblocker/) <sup>✔ [Privacy](https://addons.mozilla.org/firefox/addon/canvasblocker/privacy/)</sup> | [GitHub](https://github.com/kkapsner/CanvasBlocker)
+   - **DO NOT** use `Screen API` or `Navigator API` protections with RFP
+   - `Window` is protected in the user.js since FF82+ (`privacy.window.name.update.enabled`)
+   - `Audio` is disabled in the user.js, and if enabled (e.g. with remote video conferencing), the entropy is low
+   - The rest is up to you
+* [CSS Exfil Protection](https://addons.mozilla.org/firefox/addon/css-exfil-protection/) | [GitHub](https://github.com/mlgualtieri/CSS-Exfil-Protection) | [Homepage + Test](https://www.mike-gualtieri.com/css-exfil-vulnerability-tester)
+   - Practically zero threat and if the platform's CSS was compromised, you'd have bigger problems to worry about
 
+---
 ### :small_orange_diamond: Extensions [Tools]
 
 These extensions will not mask or alter any data sent or received, but may be useful depending on your needs