diff --git a/user.js b/user.js
index 0edb913..59a61e8 100644
--- a/user.js
+++ b/user.js
@@ -58,6 +58,7 @@
    1210: disable 1024-DH Encryption
    1211: disable SHA-1
    1212: disable SSL session tracking
+   1220: security.nocertdb
    1401 & 1406: browser.display.use_document_fonts <font color=#ff3333>[author blocked fonts]</font>
    1404: default fonts <font color=#ff3333>[author changed default fonts]</font>
    1805: plugin.scan.plid.all <font color=#ff3333>[author blocked all plugins]</font>
@@ -661,8 +662,9 @@ user_pref("security.mixed_content.use_hsts", false);
    // recommended left inactive and at default, unless you fully understand the risks and trade-offs
    // user_pref("network.stricttransportsecurity.preloadlist", false);
 // 1220: disable intermediate certificate caching (fingerprinting attack vector)
-   // NOTE: This affects login/cert/key dbs. AFAIK the only effect is all active logins start anew
-   // per session. This may be better handled under FPI (ticket 1323644, part of Tor Uplift)
+   // NOTE: This may be better handled under FPI (ticket 1323644, part of Tor Uplift)
+   // WARNING: This affects login/cert/key dbs You will lose all credentials as they are now
+   // session-only. To be clear, you will lose all your saved passwords and login user names
    // https://bugzilla.mozilla.org/show_bug.cgi?id=1334485 // related bug
    // https://bugzilla.mozilla.org/show_bug.cgi?id=1216882 // related bug (see comment 9)
    // user_pref("security.nocertdb", true); // (hidden pref)