The latest update of the popular open source Firefox web browser has a more strict Referrer Policy, which will help protect sensitive user data from accidental leaks.
According to the developers, HTTP referrer headers provide information about the location from which users landed at the current website. Although referrer headers are often used for innocuous purposes such as analytics, they often often contain sensitive user information.
The Referral Policy HTTP header helped websites to monitor what information about their users was passed on to the next one. If a website doesn’t have a referrer policy, browsers switch to the ‘no-referrer-when-downgrade’ mode, which trims referrer details when browsing to a less protected resource but still sends the complete URL, including the source’s path and query information.
Instead, Firefox 87 will use a strict-origin-when-cross-origin mode, which will remove all user-sensitive data from the referral URL.
The new policy would apply to all navigational requests, redirected requests, and requests for sub-resources like graphic, theme, and script, according to the developers, leading to a more private surfing experience.