diff --git a/4.1-Extensions.md b/4.1-Extensions.md
index eea3acf..a290338 100644
--- a/4.1-Extensions.md
+++ b/4.1-Extensions.md
@@ -17,8 +17,6 @@ This list covers privacy and security related extensions only. While we believe
 
 ---
 ### :small_orange_diamond: Extensions (maybe)
-* [HTTPS Everywhere](https://addons.mozilla.org/firefox/addon/https-everywhere/) <sup>✔ [Privacy](https://www.eff.org/code/privacy/policy)</sup> | [GitHub](https://github.com/EFForg/https-everywhere)
-   - If you're using HTTPS-Only mode (usable since FF83), then this is basically redundant, especially as more of the web turns to secure context
 * [CanvasBlocker](https://addons.mozilla.org/firefox/addon/canvasblocker/) <sup>✔ [Privacy](https://addons.mozilla.org/firefox/addon/canvasblocker/privacy/)</sup> | [GitHub](https://github.com/kkapsner/CanvasBlocker)
    - `Canvas API`: great fallback if you allow an RFP canvas site exception
    - `Screen API` and `Navigator API`: don't use with RFP
@@ -47,9 +45,11 @@ These extensions will not mask or alter any data sent or received, but may be us
 ---
 
 ### :small_orange_diamond: Don't Bother...
-* [uMatrix](https://addons.mozilla.org/firefox/addon/umatrix/) <sup>✔ [Privacy](https://github.com/gorhill/uMatrix/wiki/Privacy-policy)</sup> | [GitHub](https://github.com/gorhill/uMatrix)
+* uMatrix
    - ⚠️ No longer maintained, the last commit was April 2020 except for a [one-off patch](https://github.com/gorhill/uMatrix/releases/tag/1.4.2) to fix a [vulnerability](https://github.com/vtriolet/writings/blob/main/posts/2021/ublock_origin_and_umatrix_denial_of_service.adoc)
    - Everything uMatrix did can be covered by prefs or other extensions: use uBlock Origin for any content blocking.
+* HTTPS Everywhere
+   - Scheduled for [deprecation](https://www.eff.org/deeplinks/2021/09/https-actually-everywhere) and redundant with [HTTPS-Only Mode](https://blog.mozilla.org/security/2020/11/17/firefox-83-introduces-https-only-mode/) 
 * Cookie extensions
    * ❗️ Functionality for extensions may be missing for clearing IndexedDB, Service Workers cache, or cache **by host**. Clearing cookies & localStorage on their own, and leaving orphaned persistent data is a false sense of privacy
       * see [1340511](https://bugzilla.mozilla.org/1340511) for progress on this