X
Tap here to go to the mobile version of the site.

Support Forum

Can one disable the HTTP referrer for only when one is going to a third-party domain?

Posted

I feel that the HTTP referrer is a breach of my privacy and I understand that some browsers for this very reason allow users to disable its sending. But as completely disabling it (as I know one can do in the about:config settings) breaks some websites. I would like to know if one can configure it so that it is only disabled for when you are going to a website which is a third-party one?

I am running Firefox 47.

I feel that the HTTP referrer is a breach of my privacy and I understand that some browsers for this very reason allow users to disable its sending. But as completely disabling it (as I know one can do in the about:config settings) breaks some websites. I would like to know if one can configure it so that it is only disabled for when you are going to a website which is a third-party one? I am running Firefox 47.

Modified by user1251572

Chosen solution

The Big Fat Fox said

But as completely disabling it (as I know one can do in the about:config settings) breaks some websites. I would like to know if one can configure it so that it is only disabled for when you are going to a website which is a third-party one?

There is a newer preference you could experiment with:

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful.

(2) In the search box above the list, type or paste referer and pause while the list is filtered

(3) Double-click the network.http.referer.XOriginPolicy preference and enter the desired value:

0 => no restrictions (default) 1 => base domain must match (send from a.example.com to b.example.com) 2 => full host name must match (only b.example.com to b.example.com)

So with the default setting, the referrer should be listed on the following page, but with 1 or 2 it should not:

https://www.jeffersonscher.com/res/jstest.php

Read this answer in context 1

Additional System Details

Installed Plug-ins

  • This plugin provides integration with GNOME Shell for live extension enabling and disabling. It can be used only by extensions.gnome.org

Application

  • User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:47.0) Gecko/20100101 Firefox/47.0

More Information

cor-el
  • Top 10 Contributor
  • Moderator
16709 solutions 151127 answers

There is also network.http.referer.spoofSource

// false: use real referrer
// true: spoof with URI of the current request
bool userSpoofReferrerSource = gHttpHandler->SpoofReferrerSource();
There is also network.http.referer.spoofSource *https://dxr.mozilla.org/mozilla-release/source/netwerk/protocol/http/HttpBaseChannel.cpp#1260 // false: use real referrer // true: spoof with URI of the current request bool userSpoofReferrerSource = gHttpHandler->SpoofReferrerSource();
jscher2000
  • Top 10 Contributor
7929 solutions 64729 answers

Chosen Solution

The Big Fat Fox said

But as completely disabling it (as I know one can do in the about:config settings) breaks some websites. I would like to know if one can configure it so that it is only disabled for when you are going to a website which is a third-party one?

There is a newer preference you could experiment with:

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful.

(2) In the search box above the list, type or paste referer and pause while the list is filtered

(3) Double-click the network.http.referer.XOriginPolicy preference and enter the desired value:

0 => no restrictions (default) 1 => base domain must match (send from a.example.com to b.example.com) 2 => full host name must match (only b.example.com to b.example.com)

So with the default setting, the referrer should be listed on the following page, but with 1 or 2 it should not:

https://www.jeffersonscher.com/res/jstest.php

''The Big Fat Fox [[#question-1130505|said]]'' <blockquote>But as completely disabling it (as I know one can do in the about:config settings) breaks some websites. I would like to know if one can configure it so that it is only disabled for when you are going to a website which is a third-party one?</blockquote> There is a newer preference you could experiment with: (1) In a new tab, type or paste '''about:config''' in the address bar and press Enter/Return. Click the button promising to be careful. (2) In the search box above the list, type or paste '''referer''' and pause while the list is filtered (3) Double-click the '''network.http.referer.XOriginPolicy''' preference and enter the desired value: '''0''' => no restrictions (default) '''1''' => base domain must match (send from a.example''.''com to b.example''.''com) '''2''' => full host name must match (only b.example''.''com to b.example''.''com) So with the default setting, the referrer should be listed on the following page, but with 1 or 2 it should not: https://www.jeffersonscher.com/res/jstest.php

Modified by jscher2000

Question owner

I have looked and the default value appears to actually be `0`... So should I just minus `1` from each of the values to get what I need and you listed or...?

I have looked and the default value appears to actually be `0`... So should I just minus `1` from each of the values to get what I need and you listed or...?
jscher2000
  • Top 10 Contributor
7929 solutions 64729 answers

Oops, yes, somehow I got everything off by one. I'll fix my post.

Oops, yes, somehow I got everything off by one. I'll fix my post.