Mozilla has announced a significant change to how Firefox handles HTTP Referrers, in an effort to improve user privacy.
The HTTP Referrer is header information browsers send to the current website, informing it what website “referred” it. In other words, the current website knows the last website the browser came from.
In many cases, the referrer information is used in harmless ways, but it can be abused to gain access to private information. Because the referrer information includes the specific page a person was previously looking at, in can help a website better understand a visitor’s interests. It can also include a user’s account information from the website they came from.
Mozilla is now trimming the referrer information in an effort to better protect user privacy.
Starting with Firefox 87, we set the default Referrer Policy to ‘strict-origin-when-cross-origin’ which will trim user sensitive information accessible in the URL. As illustrated in the example above, this new stricter referrer policy will not only trim information for requests going from HTTPS to HTTP, but will also trim path and query information for all cross-origin requests. With that update Firefox will apply the new default Referrer Policy to all navigational requests, redirected requests, and subresource (image, style, script) requests, thereby providing a significantly more private browsing experience.
Mozilla’s announcement is a welcome one, as the company continues to be a leading advocate for user privacy.