From 'Firefox 87' a new referrer policy is adopted for privacy protection



Firefox, developed by Mozilla, has many functions to protect user privacy, such as

a function to block redirect trackers and a tracking prevention function `` State Partitioning ''. From 'Firefox 87', which is scheduled to be released on March 23, 2021, the policy to reduce the information contained in the referrer will be enabled as standard.

Firefox 87 trims HTTP Referrers by default to protect user privacy - Mozilla Security Blog
https://blog.mozilla.org/security/2021/03/22/firefox-87-trims-http-referrers-by-default-to-protect-user-privacy/

'Referrer' is information that indicates 'from which website link the user who visited the website came from.' Firefox used to have a 'no-referrer-when-downgrade'referrer policy , only not sending a referrer when navigating from an HTTPS page to an HTTP page, and sending a referrer otherwise. rice field.



According to Mozilla, 'no-referrer-when-downgrade' had a certain privacy protection effect in the era when HTTPS was adopted only for pages that required encryption. However, at the time of writing the article,

many websites supported HTTPS , so it was necessary to adopt a different policy.

Therefore, from Firefox 87, which is scheduled to be released on March 23, 2021, ' strict-origin-when-cross-origin ' will be adopted as a referrer policy. Under this policy, referrers will still be sent when navigating within the same website, but only part of the referrer will be sent when navigating between different sites.



A diagram explaining the change in the referrer policy prepared by Mozilla looks like this. When moving from a site with the URL 'https://example.com/path?query' to a different site, the policy 'no-referrer-when-downgrade' that was used until Firefox 86 uses 'https:// example.com/path?query'. However, with the newly adopted 'strict-origin-when-cross-origin', only the domain part such as 'https://example.com/' is sent as a referrer.



Also, with 'strict-origin-when-cross-origin', referrers are still not sent when moving from an HTTPS page to an HTTP page. Mozilla says, 'By adopting the new policy, you will be able to experience a more private browsing experience.'

In addition, since the referrer policy is changed automatically when updating to firefox87, the user does not need to set it.

in Software,   Security, Posted by log1o_hf