You know what the HTTP referer(yes, it is misspelled) header is, right?
It contains the website which you have used to arrive to a specific website/webserver.
Let’s exemplify this:
I’ve opened up google and made a query for “test query” and the second result was XML Query Test Suite. Opening that link made the following HTTP GET Request.
GET /2006/xquery-test-suite/PublicPagesStagingArea/ HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Thus, the website administrator is now aware of how I came to his/her website.
Well, this is supposed to be a good thing actually, as it allows web servers to combat against Cross-Site Request Forgery, but a malicious website could use these to track users on the WWW(ie. web) together with cookies. The transmission of these headers depend upon the browser client. Firefox allows us to just disable the transmission of this header via a configuration interface.
First, open up about:config and click on “I’ll be careful, I promise!” if you haven’t disabled warnings before.
Type “referer” in the Filter textbox and press enter; this should allow you to see the preference
network.http.sendRefererHeader. Double click and set it to 0.
There is also another preference called network.http.sendSecureXSiteReferer. If you want to send referer headers for http but not for https connections, then this is the key to modify. Set it to false, and the referer headers are not sent for https connections.
Having done these, you’ve reduced the possibility of websites to track you.