Avatar for Username

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

This thread was archived. Please ask a new question if you need help.

Can one disable the HTTP referrer for only when one is going to a third-party domain?

user1251572
user1251572

I feel that the HTTP referrer is a breach of my privacy and I understand that some browsers for this very reason allow users to disable its sending. But as completely disabling it (as I know one can do in the about:config settings) breaks some websites. I would like to know if one can configure it so that it is only disabled for when you are going to a website which is a third-party one?

I am running Firefox 47.

I feel that the HTTP referrer is a breach of my privacy and I understand that some browsers for this very reason allow users to disable its sending. But as completely disabling it (as I know one can do in the about:config settings) breaks some websites. I would like to know if one can configure it so that it is only disabled for when you are going to a website which is a third-party one? I am running Firefox 47.

Modified by user1251572

Chosen solution

The Big Fat Fox said

But as completely disabling it (as I know one can do in the about:config settings) breaks some websites. I would like to know if one can configure it so that it is only disabled for when you are going to a website which is a third-party one?

There is a newer preference you could experiment with:

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful.

(2) In the search box above the list, type or paste referer and pause while the list is filtered

(3) Double-click the network.http.referer.XOriginPolicy preference and enter the desired value:

0 => no restrictions (default) 1 => base domain must match (send from a.example.com to b.example.com) 2 => full host name must match (only b.example.com to b.example.com)

So with the default setting, the referrer should be listed on the following page, but with 1 or 2 it should not:

https://www.jeffersonscher.com/res/jstest.php

Read this answer in context 👍 1

All Replies (4)

cor-el
cor-el
  • Moderator

There is also network.http.referer.spoofSource 

// false: use real referrer
// true: spoof with URI of the current request
bool userSpoofReferrerSource = gHttpHandler->SpoofReferrerSource();
jscher2000 - Support Volunteer
jscher2000 - Support Volunteer
  • Top 10 Contributor

Chosen Solution

The Big Fat Fox said

But as completely disabling it (as I know one can do in the about:config settings) breaks some websites. I would like to know if one can configure it so that it is only disabled for when you are going to a website which is a third-party one?

There is a newer preference you could experiment with:

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful.

(2) In the search box above the list, type or paste referer and pause while the list is filtered

(3) Double-click the network.http.referer.XOriginPolicy preference and enter the desired value:

0 => no restrictions (default) 1 => base domain must match (send from a.example.com to b.example.com) 2 => full host name must match (only b.example.com to b.example.com)

So with the default setting, the referrer should be listed on the following page, but with 1 or 2 it should not:

https://www.jeffersonscher.com/res/jstest.php

Modified by jscher2000 - Support Volunteer

user1251572
user1251572 Question owner

I have looked and the default value appears to actually be `0`... So should I just minus `1` from each of the values to get what I need and you listed or...?

jscher2000 - Support Volunteer
jscher2000 - Support Volunteer
  • Top 10 Contributor

Oops, yes, somehow I got everything off by one. I'll fix my post.