Firefox 87 will have a shorter Referrer string by default

With Firefox 87, Mozilla is making the next privacy enhancement to its browser. From now on, the Referrer value will be shortened by default and gives less information about where the visitor to a website comes from.

Advertisement

Browsers send the HTTP Referrer header (note: original specification name is ‘HTTP Referer’) to signal to a website which location “referred” the user to that website’s server. More precisely, browsers have traditionally sent the full URL of the referring document (typically the URL in the address bar) in the HTTP Referrer header with virtually every navigation or subresource (image, style, script) request. Websites can use referrer information for many fairly innocent uses, including analytics, logging, or for optimizing caching.

On the other hand, the HTTP Referrer header may include private and sensitive user data. The original URL may include some user profile data, profile options, etc which are not supposed to be shared. In the worst case, the referrer can expose users age, date of birth, or even income. Also, this information can be retrieved by embedded resources on the destination web page, including ad units and social media widgets.

You may already know that Firefox uses a short referrer value in Private Browsing since version 59, which doesn't include the source site's path and all HTTP GET parameters. The only shared value is the domain itself. For example, for this site it will look as follows.

https://winaero.com/

While the regular mode referrer would include extra details like these.

https://winaero.com/path/?param1=value&param2=value

Starting with Firefox 87, which is due to be released tomorrow, this is now the default behavior of Firefox, not just in private mode.

Firefox New Referrer Policy

Mozilla has changed the default Referrer Policy to 'strict-origin-when-cross-origin' that will be trimming user sensitive information like path and query string to protect privacy. Additionally, it will trim information for requests going from HTTPS to HTTP. Finally, the new default Referrer Policy applies to all navigational requests, redirected requests, and subresource (image, style, script) requests.

The new HTTP Referrer behavior is definitely a welcome change in the browser, as it reduces way that can be used to track your activity on the Internet.

Support us

Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options:

Leave a Reply

Your email address will not be published. Required fields are marked *