Starting from the next release of the Firefox web browser version, Mozilla has reported that it will implement a more privacy-focused default Referrer Policy in order to protect Firefox users’ data.
In Firefox 87, a stricter user privacy protection feature will be added to prevent the unintended leak of confidential user data.
When the Firefox browser has been updated, the accessible user-sensitive data, such as path and query string information, will be automatically trimmed from the Referrer URL.
HTTP Referrer headers are sent by browsers to websites to show which location referred a user to a website server.
While full URLs of referring documents are commonly sent in the HTTP Referrer header with other subresource requests, this may contain harmless information used for analytics and also private user data.
Mozilla’s Developer, Dimi Lee and Security Infrastructure Engineering Manager, Christoph Kerschbaumer said, “Unfortunately, the HTTP Referrer header often contains private user data: it can reveal which articles a user is reading on the referring website, or even include information on a user’s account on a website.”
Referrer policies act to protect this information, but if a website doesn’t specify one, it often defaults to “no-referrer-when-downgrade.” According to Firefox, this aspect still “sends the full URL including path and query information of the originating document as the referrer.”
As a result, in Firefox 87, the web browser’s Referrer Policy will default to “strict-origin-when-cross-origin,” which will remove confidential user data.
Mozilla Firefox said, “… this new stricter referrer policy will not only trim information for requests going from HTTPS to HTTP but will also trim path and query information for all cross-origin requests.”
“With that update, Firefox will apply the new default Referrer Policy to all navigational requests, redirected requests, and subresource (image, style, script) requests, thereby providing a significantly more private browsing experience,” the company explained.
Firefox users will only need to update to version 87 to get this additional privacy protection, which includes a new ‘strict-origin-when-cross-origin’ referrer-policy that removes all user’s private data from referrer URLs.
With the inclusion of Total Cookie Protection, Firefox 86, the previous stable version, gained a major privacy upgrade. By storing each site’s cookies in its own “cookie jar,” this privacy feature prohibits web trackers from keeping track of user’s online activities.
In Firefox 85, supercookie security has been introduced. It isolates caches and network links for each visited location, preventing hidden trackers from monitoring users through websites.