This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Limit cross-origin referers | network.http.referer.XOriginPolicy

  • 7 respostas
  • 0 have this problem
  • 1 view
  • Last reply by zeroknight

more options

Could anyone explain what exactly this setting does, what it means, what it is?

Could anyone explain what exactly this setting does, what it means, what it is?

Chosen solution

The link you open doesn't change. Sending a request includes a lot of extra data in the HTTP request headers and one of this data is the referrer (URL of the page with the link you clicked).

You can check out at the browserspy website how websites see your browser, see HTTP_REFERER

See also the Network Monitor.

Ler a resposta no contexto 👍 1

All Replies (7)

more options

See the comments in the source code.

0=always send, 1=send iff base domains match, 2=send iff hosts match.
more options

cor-el said

See the comments in the source code. 0=always send, 1=send iff base domains match, 2=send iff hosts match.

Thanks for that links, it's a useful source for sure. However while i now know the given values for the preference i still have absolutely no idea what it does.

more options

This is about sending the referrer when you open an external link on a webpage, so that website knows on what website you clicked this link, i.e. can track you. This pref allows to suppress the referrer in cross-site cases, so the website doesn't know where you came from.

more options

You're saying, i'm on a website, on this site i klick a link that connects me to another website, while this happens the link that goes to the target website might normally look like this example.com but since i didn't normally access it and instead accessed it from another site it now looks like this example.com/tracking-id-example. As a result the website i connected to knows from where i came (the previous website). Does this happen only when i klick on the link directly on the website or also if i use the open link in a new tab option? If i got anything wrong let me know. And thanks. Any downside of enabling this pref? dependin on the parameter?

more options

Chosen Solution

The link you open doesn't change. Sending a request includes a lot of extra data in the HTTP request headers and one of this data is the referrer (URL of the page with the link you clicked).

You can check out at the browserspy website how websites see your browser, see HTTP_REFERER

See also the Network Monitor.

cor-el modificouno o

more options

That's some really interesting stuff, thanks.

Sad that the browserspy website uses googleanalytics, is there a similar site that doesn't track you? The networkmonitor is also astonishing even when i mostly have no idea what im looking at. I copied the browserspy url and wiped all cookies/cache/history, reopened my browser and directly accessed the site but the http referer still shows the request came from support.mozilla.org but it didn't i accessed it directly. Coping text doesn't include data other than the text does it?! Then i wiped again everything and manually entered the url, still shows mozilla support as referer, why is that?

more options

Referrers are stored in the tab session, clearing history manually does not clear the session so the tab still remembers how you got there. This ensures the tab loads the same as it did originally, otherwise it could fail to load. Altering referrers can break sites since they are often used to combat hotlinking and bots.