Firefox 87 will adopt a new referrer policy to protect privacy



Firefox developed by Mozilla has many features to protect user privacy, such

as blocking redirect trackers and anti-tracking feature 'State Partitioning'. Starting with Firefox 87, which will be released on March 23, 2021, the policy to reduce the information contained in the referrer will be enabled by default.

Firefox 87 trims HTTP Referrers by default to protect user privacy --Mozilla Security Blog
https://blog.mozilla.org/security/2021/03/22/firefox-87-trims-http-referrers-by-default-to-protect-user-privacy/

'Referer' is information that indicates 'which website link the user came from'. Firefox has so far adopted areferrer policy of 'no-referrer-when-downgrade' , which does not send the referrer only when navigating from the HTTPS page to the HTTP page, otherwise it sends the referrer. It was.



According to Mozilla, 'no-referrer-when-downgrade' had a certain privacy protection effect in the era when HTTPS was adopted only for pages that required encryption. However, at the time of writing,

many websites support HTTPS, which made it necessary to adopt different policies.

Therefore, from Firefox 87 scheduled to be released on March 23, 2021, ' strict-origin-when-cross-origin ' will be adopted as the referrer policy. Under this policy, referrers will still be sent when traveling within the same website, but only a portion of the referrer will be sent when traveling between different sites.



The figure that explains the change of the referrer policy prepared by Mozilla looks like this. When moving from a site with the URL 'https://example.com/path?query' to a different site, the policy 'no-referrer-when-downgrade' adopted up to Firefox 86 states that the referrer is 'https: // I was sending 'example.com/path?query'. However, the newly adopted 'strict-origin-when-cross-origin' sends 'https://example.com/' and only the domain part as a referrer.



Also, with 'strict-origin-when-cross-origin', the referrer will not be sent as before when navigating from an HTTPS page to an HTTP page. 'By adopting the new policy, we will be able to experience more privacy browsing,' Mozilla said.

In addition, the referrer policy is changed automatically when updating to firefox87, so the user does not need to set it.

in Software,   Security, Posted by log1o_hf