Comment by sleevi

Firefox has historically checked OCSP by default everywhere but for Firefox mobile, where it was only checked for EV certs.

With the introduction of CRLite, the default is disabled, but those using Firefox with internal-use private CAs on local networks can renable via preferences, which can also be controlled by enterprise policies and tooling.