Change HTTP referer settings: Firefox

The HTTP referrer header can be very revealing in the context of online tracking. Learn how you can change the policy in Firefox to force the browser to include the minimum information in this header or even block it entierely.

Last modified
9th December 2020
Guide level
Guide Browser
Guide Device
Content

What: the Referer (a misspelling of referrer) header contains the address of the previous web page from which a link to the currently requested page was followed. In more simple terms, the referer is the URL from which came a request received by a server. A good example is if you click a link on the page site.com/page to go to another-site.com/link, the HTTP Referer received by another-site.com/link will have the value site.com/page.

Why it's important: While the referer header can have begnign use for things such as analytics (knowing what journey a visitor took on a site), it can be very revealing in the context of online tracking. As we demonstrated in our research on mental health website and tracking, third parties loaded by a page (for example to display targeted ads) while receive the URL that you are visiting in the Referer header.

Example: a query sent to AdNexus, an AdTech company, containing the exact page being visited in the Referer

This provides a lot of information about your online activities and allow trackers to get a more comprehensive vision of your browsing habit and better profile you

What you can do: The HTTP Referer can follow different policies indicated either by the server or the browser. As a user, you can change the policy to force the browser to include the minimum information in this header or even block it entierely (although this might cause some problems).

Same request as above with the Referer blocked, AdNexus don't know which site we are visiting

Limits: The HTTP referer is only one way by which third parties can know what website you are visiting and there are many other tracking methods which are still efficient with this blocked. While you won't ever be able to block 100% of trackers, make sure you look at our other guides to harden your defenses

Change HTTP referrer settings in Firefox

  1. Open Firefox
  2. Type about:config in the URL bar
  3. Click Accept the Risks
Firefox about:config pages requires you to accept the risk before making any change
  1. Type "referer" in the search bar
  2. Change the values of these 4 keys to "1":
  • network.http.referer.defaultPolicy
  • network.http.referer.defaultPolicy.pbmode
  • network.http.referer.defaultPolicy.trackers
  • network.http.referer.defaultPolicy.trackers.pbmode

Done!

Found a mistake? An outdated screenshot? Think this could be improved? Check out our Github repository and contribute to help keep these guides up-to-date and useful!