Geeks for your information News Browsers News & Tips v
Firefox 87 to limit the referrer for all cross-origin requests
Firefox 87 to limit the referrer for all cross-origin requests
harlan4096 Offline
MalWare Zoo Team
*******
Posts: 16,161
Threads: 10,264
Thanks Received: 9,339 in 7,485 posts
Thanks Given: 10,303
Joined: 12 September 18
#1
Information  22 March 21, 14:45
Quote:
[Image: firefox-87-limits-referrer.jpeg]

Mozilla announced plans to trim the referrer that the Firefox web browse sends when requests are made for all cross-origin requests today to improve privacy.

Requests made by the web browser, e.g. to load a webpage, image, CSS stylesheet, or advertisement, includes the referrer. The referrer is usually the URL that users see in the browser's address bar.

Up until now, Firefox and most other browsers, trimmed the referrer only when requests were made from secure sites, e.g. those using HTTPS, to non-secure sites, e.g. those using HTTP.

The URL may provide information to the servers the requests are made to that go beyond the domain name of a site. It may reveal the article title or page a user accessed, and may also include sensitive information such as search queries.

From Firefox 87 on, Mozilla will trim the referrer automatically for all cross-origin requests, e.g. requests from Site A (example.com) to Site B (secondexample.com).

Site B does not known the exact page the request originated anymore from, and other information, such as search queries, are not leaked either anymore to the site.

Instead of submitting the entire referrer, e.g. only the domain name is submitted.  In technical terms, Firefox is moving from the referrer policy "no-referrer-when-downgrade" to "strict-origin-when-cross-origin".
 
Quote:Starting with Firefox 87, we set the default Referrer Policy to ‘strict-origin-when-cross-origin’ which will trim user sensitive information accessible in the URL. As illustrated in the example above, this new stricter referrer policy will not only trim information for requests going from HTTPS to HTTP, but will also trim path and query information for all cross-origin requests. With that update Firefox will apply the new default Referrer Policy to all navigational requests, redirected requests, and subresource (image, style, script) requests, thereby providing a significantly more private browsing experience.

The change is made silently in the background for all users of Firefox 87 or newer. Firefox 87 will be released on March 23, 2021 to the public.
...
Continue Reading
[-] The following 1 user says Thank You to harlan4096 for this post:
  • silversurfer
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
VeraCrypt developer claims that Microso...
Microsoft Account Te...harlan4096 — 10:57
Surfshark VPN : Award-winning VPN servi...
How can generative...jasonX — 09:58
Surfshark VPN : Award-winning VPN servi...
What is post-quant...jasonX — 09:50
Adobe Acrobat Reader DC 2026.001.21411
Adobe Acrobat Read...harlan4096 — 09:47
Acronis True Image 2021 Build 32010
It's been a while si...jasonX — 09:27

[-]
Birthdays
Today's Birthdays
avatar (38)urumahiz
Upcoming Birthdays
avatar (45)wapedDow
avatar (49)oapedDow
avatar (42)Sanchowogy
avatar (46)MeighGoask
avatar (44)techlignub
avatar (43)Stevenmam
avatar (50)onlinbah
avatar (50)fuspeukChark
avatar (44)werriewWaiNg
avatar (38)Freemanleo
avatar (43)cdoubapKit
avatar (38)lystraPonia
avatar (31)smith8395john
avatar (51)steakelask
avatar (45)Termoplenka
avatar (43)bycoPaist
avatar (49)pieloKat
avatar (43)ilyagNeexy
avatar (51)donitascene
avatar (51)Toligo
avatar (46)Rodneykak
avatar (49)tradeSmode
avatar (38)RobertUtelt

[-]
Online Staff
There are no staff members currently online.

>