How to enable Redirect Tracking Protection in Firefox

Martin Brinkmann
Aug 6, 2020
Updated • Oct 15, 2021
Firefox
|
13

Mozilla released Firefox 79.0 to the stable channel recently and one of the main changes of that release improved the browser's tracking protection feature.

Enhanced Tracking Protection 2.0 introduced support for preventing an advanced tracking technique called redirect tracking. Redirect Tracking is used to bypass a browser's mechanisms to block online tracking. While browser's may block third-party cookies, redirect tracking basically adds the tracker's site to the navigational event to make it first party in the context.

So, instead of visiting Site B from Site A right away, you would be taken to Site T as well (Site A > Site T > Site B) with T being the tracker site. Site T would just load briefly and then redirect to the actual target.

Mozilla notes on its developer site:

Redirect trackers work by forcing you to make an imperceptible and momentary stopover to their website as part of that journey. So instead of navigating directly from the review website to the retailer, you'll end up navigating to the redirect tracker first rather than to the retailer. This means that the tracker is loaded as a first party. The redirect tracker associates tracking data with the identifiers they have stored in their first-party cookies and then forwards you to the retailer.

firefox cookie behavior

Firefox's redirect tracking protection clears cookies and site data from trackers regularly provided that the preference network.cookie.cookieBehavior is set to the value 4 or 5.

You can check the value of the preference by loading about:config in the browser's address bar and searching for the preference. Mozilla will introduce support for the values 1 and 3 in Firefox 80. Firefox users may configure the browser's tracking protection feature on about:preferences#privacy.

Firefox will clear the following data associated with the tracking attempt:

  • Network cache and image cache
  • Cookies
  • AppCache
  • DOM Quota Storage (localStorage, IndexedDB, ServiceWorkers, DOM Cache, etc.)
  • DOM Push notifications
  • Reporting API Reports
  • Security Settings (i.e. HSTS)
  • EME Media Plugin Data
  • Plugin Data (e.g. Flash)
  • Media Devices
  • Storage Access permissions granted to the origin
  • HTTP Authentication Tokens
  • HTTP Authentication Cache

Origins will only be cleared if they met the following conditions:

  • If it stored or accessed site storage within the last 72 hours.
  • The origin is classified as a tracker by Mozilla's Tracking Protection list.
  • No origin with the same base domain has a user-interaction permission.
    • Permissions are granted for 45 days if a user interacts with the top-level document, e.g. by scrolling.

Data is cleared when the user has been idle for 1 minute (>48 hours after the last purge) or 3 minutes (24-48 hours after the last purge).

Manage Redirect Tracking Protection in Firefox

firefox redirect tracking protection

Redirect tracking protection is rolled out over the next two weeks to all Firefox users. The feature is controlled by a preference that Firefox users may set right away to enable the protection.

Enable Redirect Tracking Protection in Firefox:

  • Load about:config in the browser's address bar.
  • Search for privacy.purge_trackers.enabled.
  • Set the preference to TRUE to enable it, or FALSE to disable it.
  • Search for network.cookie.cookieBehavior.
  • Make sure it is set to 4 or 5 in Firefox 79, and 1,3,4 or 5 in Firefox 80).
  • Restart the web browser.

Check out the post on Mozilla's developer site for additional information.

Now You: If you are a Firefox user, do you use the Tracking Protection feature? (via Techdows)

Summary
How to enable Redirect Tracking Protection in Firefox
Article Name
How to enable Redirect Tracking Protection in Firefox
Description
Find out how to enable (or disable) Redirect Tracking, an advanced online tracking technique, in Firefox 79 Stable or later.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. KERR said on August 10, 2020 at 3:30 am
    Reply

    This is awesome. Seems so many sites these days intercept links. Google search results, facebook messenger, etc – it actually slows down your browsing a lot!

  2. Steve said on August 10, 2020 at 1:40 am
    Reply

    Forget about doing the blocking with Firefox itself. It could be a job for uMatrix.

    Now, the bad part of forbidding 1st-party cookies as default in uMatrix is that then you need to allow 1st-party cookies in a case by case basis.

    Other solution: maybe a good samaritan makes a full list of these POS companies so you can block them via HOSTS or uBlock.

  3. acs said on August 7, 2020 at 2:00 pm
    Reply

    @Rnk
    so in terms of strictness (most to least), it’ll go something like 2, 1, 3, 5, 4, 0? or is it 2,1,5,4,3,0?

  4. tuobraun said on August 7, 2020 at 2:22 am
    Reply

    It’s unclear what numbers mean for network.cookie.cookieBehavior.

  5. acs said on August 6, 2020 at 3:01 pm
    Reply

    totally unclear what all the numbers/options mean for
    network.cookie.cookieBehavior

    googling doesn’t really help as the articles are really old or have no details.
    eg..
    https://developer.mozilla.org/en-US/docs/Mozilla/Cookies_Preferences
    says 3 is for old browsers….
    http://kb.mozillazine.org/Network.cookie.p3p
    seems to suggest 3 works with another setting… network.cookie.p3plevel which no longers exist.

    yet if i were to go via the gui… and select custom->block cookies from unvisited sites.. it set it to 3 (whereas strict or custom ->cross media and social tracker is 4)…. what does block cookies from unvisited sites mean? is it stricter than just block cross media and social tracker?

    1. Rnk said on August 6, 2020 at 10:32 pm
      Reply

      @acs

      network.cookie.cookieBehavior

      Blocks:

      0 = Nothing (accept everything)
      1 = All third-party cookies
      2 = All cookies
      3 = Cookies from unvisited websites
      4 = Cross-site and social media trackers (less strict than 1, less breakage, uses Disconnect list, I think)
      5 = Cross-site and social media trackers, isolate remaining cookies (Dynamic First Party Isolation)

      Cookies from unvisited websites blocks all 3rd party cookies except for those from sites you have visited before, e.g: mysite.com contains cookies from unvisited.com and visited.net, firefox will block all cookies from unvisited.com but allow those from visited.net because you have visited it before (as first party).

  6. Anonymous said on August 6, 2020 at 2:18 pm
    Reply

    All right, thanks for the quick reply! Guess I’ll have to wait until 80 comes out or perhaps find another way to block 3rd-party cookies, so I can enable the redirect tracking protection :D

  7. Iron Heart said on August 6, 2020 at 2:09 pm
    Reply

    So basically the same thing the „Skip Redirect“ extension already does? Any deadline for a built-in adblocker, and for using more blocklists than weak Disconnect? To show their commitment…

    1. Rnk said on August 6, 2020 at 11:01 pm
      Reply

      @Iron Heart, Skip Redirect is only useful when the destination is included in the redirection URL, unfortunately.

    2. Klaas Vaak said on August 6, 2020 at 3:10 pm
      Reply
    3. Martin Brinkmann said on August 6, 2020 at 2:19 pm
      Reply

      I think the behavior of the extension is different (not 100% sure as I did not look at the code of the add-on), but it appears to skip URL redirects only and not this type of tracking redirects.

  8. Anonymous said on August 6, 2020 at 1:57 pm
    Reply

    Thank you for the article, Martin!

    I have a question: is it possible to have this new feature enabled along with blocking 3rd-party cookies? Changing the value of network.cookie.cookieBehavior from 1 to 4/5 opens the gate for 3rd party-cookies right now, if I understand things correctly.

    1. Martin Brinkmann said on August 6, 2020 at 2:06 pm
      Reply

      I think you need to wait until Firefox 80 is released for that to work.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.