25

I feel that the HTTP referrer is a violation of my privacy (the HTTP header field that identifies the webpage you just came from which was linked to the webpage you are going to) and I understand that some browsers allow for one to then disable it.

How can this be done in Firefox (currently version 47)? I am running Ubuntu GNOME 16.04 with GNOME 3.20.

Preferably I would like to have 3 options:

  • The ability to have it on for everything as is default
  • The ability to have it disabled only when the domain you have come from is third-party to the one you are going to
  • The ability to disable is completely even when just going to the sub-domain or another page of a website
Braiam
  • 67,791
  • 32
  • 179
  • 269

3 Answers3

27

In the URL bar of Firefox, go to about:config.

In the search box of the about:config page, enter the following:

Network.http.sendRefererHeader

Double click on Network.http.sendRefererHeader and change the value from 2 to 0 to disable the referrer header.

The following values are accepted:

0 – Disable referrer.

1 – Send the Referer header when clicking on a link, and set document.referrer for the following page.

2 – Send the Referer header when clicking on a link or loading an image (default).

Source

It should be noted that some websites such as google and tumblr include the referrer in the link URL rather than the header.

There is an addon which fixes this problem and removes the redirect from google results but it doesn't seem to work on google images (click here for more info).

There is also a newer option which might be of more interest to you called network.http.referer.XOriginPolicy. The options you can set for this are:

0 - No restrictions (default).

1 - Base domain must match (send from a.example.com to b.example.com).

2 - Full host name must match (only b.example.com to b.example.com).

Source

Community
  • 1
mchid
  • 43,546
  • 8
  • 97
  • 150
  • Please explain what the different values you could set it to would do. Also I have updated my question with a little extra, though if that's not possible through Firefox currently then that is fine. –  Jul 10 '16 at 20:53
  • Don't worry about the search engine thing by the way, for I use DuckDuckGo and have it set up so that it doesn't do anything like this. –  Jul 10 '16 at 21:02
  • 1
    And please do leave a comment pinging me every time you edit your answer so that I know you've updated it (that is when the edit is important enough for me to have another look at your answer). –  Jul 10 '16 at 21:15
  • @ParanoidPanda You may find this interesting: https://www.bestvpn.com/blog/8499/make-firefox-secure-using-aboutconfig/ – mchid Jul 10 '16 at 21:15
  • 1
    I found the information I was looking for and have edited your answer with it. –  Jul 11 '16 at 20:40
15

There are Firefox Addons that can accomplish this. They tend to make it easy to toggle on/off sending the referrer header, and do not require manual modification of Firefox's configuration. For example,

Smart Referer:

Send referers only when staying on the same domain.

You can whitelist domains with wildcards and configure other things, look in the preferences page of the addon in the addon manager.

https://addons.mozilla.org/en-US/firefox/addon/smart-referer/

Toggle Referrer:

This addon allows a user to toggle referers between 3 states:

Referer 0: Never send the Referer header or set document.referrer

Referer 1: Send the Referer header when clicking on a link, and set document.referrer for the following page

Referer 2: Send the Referer header when clicking on a link or loading an image, and set document.referrer for the following page. (Default)

https://addons.mozilla.org/en-US/firefox/addon/toggle-referer/

You can find even more by searching the Firefox Addons site for "refer" or "referrer".

Nick Weinberg
  • 4,596
3

The Firefox add-on RefControl allows you to set a global Referer behaviour, which can be overwritten for specific domains.

The behaviours are:

  • Normal (like Firefox works by default)
  • Block (send no Referer at all)
  • Replace (sends the root address of the current domain as Referer)
  • Specific (allows you to define a string yourself which should be sent as Referer)

For all these behaviours you can enable if they should work for all links or only for links to other domains.

(The last update is from 2014-12, but it still works fine with current Firefox versions.)

unor
  • 548
  • RefControl gives a maximum version of Firefox 37.0 and has been gone from MDN since May 2018: https://web.archive.org/web/20180515145047/https://addons.mozilla.org/en-US/firefox/addon/refcontrol/ – Nathaniel M. Beaver Jan 20 '21 at 14:44