[Privacy] Disable transmission of the referer header in Firefox

You know what the HTTP referer(yes, it is misspelled) header is, right?

It contains the website which you have used to arrive to a specific website/webserver.

Let’s exemplify this:

I’ve opened up google and made a query for “test query” and the second result was XML Query Test Suite. Opening that link made the following HTTP GET Request.

GET /2006/xquery-test-suite/PublicPagesStagingArea/ HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Referer: http://www.google.se/url?sa=t&source=web&ct=res&cd=2&ved=0CCAQFjAB&url=http%3A%2F%2Fwww.w3.org%2FXML%2FQuery%2Ftest-suite%2F&rct=j&q=test+query&ei=FrnlS6-XNcv0OZrQ5NsN&usg=AFQjCNFau9El2Jt627yb7OPYqxhcaz8N2Q
Accept-Language: sv-SE
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: dev.w3.org

Thus, the website administrator is now aware of how I came to his/her website.

Well, this is supposed to be a good thing actually, as it allows web servers to combat against Cross-Site Request Forgery, but a malicious website could use these to track users on the WWW(ie. web) together with cookies. The transmission of these headers depend upon the browser client. Firefox allows us to just disable the transmission of this header via a configuration interface.

First, open up about:config and click on “I’ll be careful, I promise!” if you haven’t disabled warnings before.

Type “referer” in the Filter textbox and press enter; this should allow you to see the preference network.http.sendRefererHeader. Double click and set it to 0.

There is also another preference called network.http.sendSecureXSiteReferer. If you want to send referer headers for http but not for https connections, then this is the key to modify. Set it to false, and the referer headers are not sent for https connections.

Having done these, you’ve reduced the possibility of websites to track you.

Source: http://cafe.elharo.com/privacy/privacy-tip-3-block-referer-headers-in-firefox/

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: