Firefox 87 Boasts a New Referrer Policy to Better Protect User Data

MakeUseOf

By Joe Keeley

Published Mar 23, 2021

It's yet another step Mozilla has taken to improve the security of its web browser.

Firefox 87 releases today and brings with it a new feature that aims to protect your browsing when jumping between sites.

That's because Firefox now trims HTTP referrers by default, removing query string information from the headers and better protecting your data.

What Are Referrer Headers?

When you move from one website to another, the HTTP referrer header signals to the destination website what your source was.

Usually, the referrer header contains the full URL of the website you were on before.

Referrer headers are useful for website owners to know where their traffic is coming from, but can also be used for logging, optimized caching, and more.

Sometimes, a referrer header can contain private data. It might be what specific page of the website you were on, or more sensitive information like your email address.

What Is Firefox's New Referrer Policy?

As detailed on the Mozilla Security Blog, Firefox 87 comes with a new referrer policy. It's another step the browser is taking to protect user data, following the introduction of enhanced cookie protection in Firefox.

A referrer policy rolled out in browsers from 2016, but this was primarily aimed at protecting users when moving from an HTTPS site to HTTP. For HTTPS to HTTPS traffic, it was still common for the full referral URL to be sent across. Now, when HTTPS connections on the web are standard, that policy is outdated.

As such, Mozilla's new policy follows what it calls "strict-origin-when-cross-origin". This will remove user sensitive information that might be in a URL, like personalized parameters that appear at the end.

This will happen even when both the original and destination websites use a secure connection.

This policy is being applied to all movement within the browser, not just clicking external links. The blog post explains:

With that update Firefox will apply the new default Referrer Policy to all navigational requests, redirected requests, and subresource (image, style, script) requests, thereby providing a significantly more private browsing experience.

As a Firefox user, no action is required. Firefox 87 is rolling out to everyone today, so you will receive this feature in the regular browser update, and your browsing will immediately apply this new policy.

Firefox: The Browser for Privacy?

It's great that Firefox continues to improve its privacy, though it's arguably still not as secure as an anonymous web browser would be. Nevertheless, for the average user, receiving passive protection like this is a good step forward.