Mozilla announced plans to trim the referrer that the Firefox web browse sends when requests are made for all cross-origin requests today to improve privacy.
Requests made by the web browser, e.g. to load a webpage, image, CSS stylesheet, or advertisement, includes the referrer. The referrer is usually the URL that users see in the browser's address bar.
Up until now, Firefox and most other browsers, trimmed the referrer only when requests were made from secure sites, e.g. those using HTTPS, to non-secure sites, e.g. those using HTTP.
The URL may provide information to the servers the requests are made to that go beyond the domain name of a site. It may reveal the article title or page a user accessed, and may also include sensitive information such as search queries.
From Firefox 87 on, Mozilla will trim the referrer automatically for all cross-origin requests, e.g. requests from Site A (example.com) to Site B (secondexample.com).
Site B does not known the exact page the request originated anymore from, and other information, such as search queries, are not leaked either anymore to the site.
Instead of submitting the entire referrer, e.g. only the domain name is submitted. In technical terms, Firefox is moving from the referrer policy "no-referrer-when-downgrade" to "strict-origin-when-cross-origin".
Starting with Firefox 87, we set the default Referrer Policy to ‘strict-origin-when-cross-origin’ which will trim user sensitive information accessible in the URL. As illustrated in the example above, this new stricter referrer policy will not only trim information for requests going from HTTPS to HTTP, but will also trim path and query information for all cross-origin requests. With that update Firefox will apply the new default Referrer Policy to all navigational requests, redirected requests, and subresource (image, style, script) requests, thereby providing a significantly more private browsing experience.
The change is made silently in the background for all users of Firefox 87 or newer. Firefox 87 will be released on March 23, 2021 to the public.Advertisement
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.