Firefox updates its Referrer policy to improve user privacy
The popular open-source browser will make an important change to the method used to send information about a user’s “requests” when they are browsing the web.
Mozilla Firefox may not command a dominant segment of the browser market share any longer but that hasn't stopped the non-profit company behind the open-source browser from adding several privacy-enhancing protections over the past few years. The upcoming version of Firefox will take this a step further by preventing user browsing from getting leaked while browsing online.
According to a report by ZDNet, the popular open-source browser will make an important change to the method used to send information about a user's “request” when browsing the web. The browser will reduce the information sent in the “referrer header” so that a site doesn't accidentally (or intentionally) leak out personal information.
By tightening up the referrer policy, Firefox will essentially limit the information that one site shares with the other regarding their previous location on the web. For example, loading a news article from a Google search result will allow the website to learn that a user came from Google, and help with understanding the kind of traffic and various sources.
Unfortunately, as Mozilla explains on its Security Blog, the HTTP Referrer header also contains private user information and it can reveal which articles a user is reading on the referring website -- or even include information on a user's account on a website.
That can also lead to user privacy leaking due to some sites lacking “referrer policies that could protect from such a loss of data. This is where Firefox steps in by “trimming” the information sent to the new site. According to Mozilla, the decision to update their default referrer policy was because the web was slowly starting to get HTTPS-only by default. This move towards HTTPS encryption is also largely thanks to another Mozilla supported project - Lets Encrypt.
"Today's web looks much different: the web is on a path to becoming HTTPS-only, and browsers are taking steps to curtail information leakage across websites. It is time we change our default Referrer Policy in line with these new goals,” the company stated in a blog post. The update to Firefox 87 is expected to roll out to users today.