Limit cross-origin referers | network.http.referer.XOriginPolicy
Could anyone explain what exactly this setting does, what it means, what it is?
Mafitar da aka zaɓa
The link you open doesn't change. Sending a request includes a lot of extra data in the HTTP request headers and one of this data is the referrer (URL of the page with the link you clicked).
You can check out at the browserspy website how websites see your browser, see HTTP_REFERER
See also the Network Monitor.
Karanta wannan amsa a matsayinta 👍 1All Replies (7)
See the comments in the source code.
0=always send, 1=send iff base domains match, 2=send iff hosts match.
cor-el said
See the comments in the source code. 0=always send, 1=send iff base domains match, 2=send iff hosts match.
Thanks for that links, it's a useful source for sure. However while i now know the given values for the preference i still have absolutely no idea what it does.
This is about sending the referrer when you open an external link on a webpage, so that website knows on what website you clicked this link, i.e. can track you. This pref allows to suppress the referrer in cross-site cases, so the website doesn't know where you came from.
You're saying, i'm on a website, on this site i klick a link that connects me to another website, while this happens the link that goes to the target website might normally look like this example.com but since i didn't normally access it and instead accessed it from another site it now looks like this example.com/tracking-id-example. As a result the website i connected to knows from where i came (the previous website). Does this happen only when i klick on the link directly on the website or also if i use the open link in a new tab option? If i got anything wrong let me know. And thanks. Any downside of enabling this pref? dependin on the parameter?
Zaɓi Mafita
The link you open doesn't change. Sending a request includes a lot of extra data in the HTTP request headers and one of this data is the referrer (URL of the page with the link you clicked).
You can check out at the browserspy website how websites see your browser, see HTTP_REFERER
See also the Network Monitor.
An gyara
That's some really interesting stuff, thanks.
Sad that the browserspy website uses googleanalytics, is there a similar site that doesn't track you? The networkmonitor is also astonishing even when i mostly have no idea what im looking at. I copied the browserspy url and wiped all cookies/cache/history, reopened my browser and directly accessed the site but the http referer still shows the request came from support.mozilla.org but it didn't i accessed it directly. Coping text doesn't include data other than the text does it?! Then i wiped again everything and manually entered the url, still shows mozilla support as referer, why is that?
Referrers are stored in the tab session, clearing history manually does not clear the session so the tab still remembers how you got there. This ensures the tab loads the same as it did originally, otherwise it could fail to load. Altering referrers can break sites since they are often used to combat hotlinking and bots.