Firefox will adopt a new HTTP referrer strategy to protect user privacy

Mozilla announced that starting from the next version of its Firefox browser, it will introduce a more stringent HTTP referrer policy to protect the privacy of Firefox users.

Referrer is a key parameter in the http request header, which indicates the page from which the user initiated the request. However, the referrer header often contains the user’s private data, such as which articles the user reads on the referring website, and even the user’s account information on the website. Therefore, W3C officially proposed some candidate strategies Referrer Policy to standardize referrer content.

The referrer policy of the web is “no-referrer-when-downgrade” when sensitive web browsing was thought to occur over HTTPS connections and as such should not leak information in HTTP requests. However, as the current network is moving towards the full use of HTTPS, Mozilla believes that Firefox should adopt a stricter referrer strategy.
The new referrer policy is “strict-origin-when-cross-origin”, which not only cuts off request information from HTTPS to HTTP but also cuts off the path and query information of all cross-origin requests. Mozilla said that starting from version 87, Firefox will apply a new default referrer policy to all navigation requests, redirect requests, and sub-resources (image, style, script) requests to provide a more private browsing experience.