- Latest firefox Nightly builds (and maybe even mainline firefox) have support for DNS over HTTPS (so no DNS based blocking)
- Firefox has implemented the ESNI feature discussed in the drafts of TLS 1.3 (again, only available in Nightly build so far)
- Cloudflare has enabled ESNI.
I won’t retell the whole tale, here are quick links-
0. Get firefox nightly
1. Type about:config on the url bar.
2. Search for network.trr, change network.trr.mode to 2
3. Search for network.security.esni.enabled and set it to true
(These steps won’t work if you are in a workplace and the employer has installed his own certificate on the machines and uses a ssl proxy in conjunction with the firewall)