diff --git a/browser/base/content/test/about/browser_aboutNetError_csp_iframe.js b/browser/base/content/test/about/browser_aboutNetError_csp_iframe.js
index c8028a4cf436..d245d0cd3c16 100644
--- a/browser/base/content/test/about/browser_aboutNetError_csp_iframe.js
+++ b/browser/base/content/test/about/browser_aboutNetError_csp_iframe.js
@@ -8,6 +8,10 @@ const BLOCKED_PAGE =
   "http://example.org:8000/browser/browser/base/content/test/about/csp_iframe.sjs";
 
 add_task(async function test_csp() {
+  await SpecialPowers.pushPrefEnv({
+    set: [["security.xfocsp.hideOpenInNewWindow", false]],
+  });
+
   let { iframePageTab, blockedPageTab } = await setupPage(
     "iframe_page_csp.html",
     BLOCKED_PAGE
diff --git a/browser/base/content/test/about/browser_aboutNetError_xfo_iframe.js b/browser/base/content/test/about/browser_aboutNetError_xfo_iframe.js
index f5fd2406434e..2373bd8b5059 100644
--- a/browser/base/content/test/about/browser_aboutNetError_xfo_iframe.js
+++ b/browser/base/content/test/about/browser_aboutNetError_xfo_iframe.js
@@ -8,6 +8,10 @@ const BLOCKED_PAGE =
   "http://example.org:8000/browser/browser/base/content/test/about/xfo_iframe.sjs";
 
 add_task(async function test_xfo_iframe() {
+  await SpecialPowers.pushPrefEnv({
+    set: [["security.xfocsp.hideOpenInNewWindow", false]],
+  });
+
   let { iframePageTab, blockedPageTab } = await setupPage(
     "iframe_page_xfo.html",
     BLOCKED_PAGE
diff --git a/modules/libpref/init/all.js b/modules/libpref/init/all.js
index 62c4e8f3622c..46f623bf51a0 100644
--- a/modules/libpref/init/all.js
+++ b/modules/libpref/init/all.js
@@ -39,6 +39,7 @@ pref("security.signed_app_signatures.policy", 2);
 
 pref("security.xfocsp.errorReporting.enabled", true);
 pref("security.xfocsp.errorReporting.automatic", false);
+pref("security.xfocsp.hideOpenInNewWindow", true);
 
 // Issuer we use to detect MitM proxies. Set to the issuer of the cert of the
 // Firefox update service. The string format is whatever NSS uses to print a DN.
diff --git a/toolkit/content/aboutNetError.mjs b/toolkit/content/aboutNetError.mjs
index 1c733d5dbba0..935111dccaf6 100644
--- a/toolkit/content/aboutNetError.mjs
+++ b/toolkit/content/aboutNetError.mjs
@@ -396,7 +396,8 @@ function initPage() {
       });
       longDesc = null;
 
-      document.getElementById("openInNewWindowContainer").hidden = false;
+      document.getElementById("openInNewWindowContainer").hidden =
+        RPMGetBoolPref("security.xfocsp.hideOpenInNewWindow");
 
       const openInNewWindowButton = document.getElementById(
         "openInNewWindowButton"
diff --git a/toolkit/modules/RemotePageAccessManager.sys.mjs b/toolkit/modules/RemotePageAccessManager.sys.mjs
index 61c00880cb72..838f6e9157d0 100644
--- a/toolkit/modules/RemotePageAccessManager.sys.mjs
+++ b/toolkit/modules/RemotePageAccessManager.sys.mjs
@@ -103,6 +103,7 @@ export let RemotePageAccessManager = {
         "security.certerror.hideAddException",
         "security.xfocsp.errorReporting.automatic",
         "security.xfocsp.errorReporting.enabled",
+        "security.xfocsp.hideOpenInNewWindow",
         "network.trr.display_fallback_warning",
       ],
       RPMSetPref: [