Comments on: Privacy Tip #3: Block Referer Headers in Firefox

By: Jeff A

Jeff A — Tue, 07 Jun 2011 16:18:50 +0000

Since this was the first result in my search for dealing with referers in Firefox, I though I'd add a link to the RefControl extension, which allows one to control which sites get referer headers and which don't. This was quite useful for me when a site I was using wouldn't work without referers. I was able to block them for all other sites, while allowing them just for that one.

By: Asha

Asha — Fri, 03 Dec 2010 15:26:52 +0000

Ideally firefox should be configurable such that referrer could be disabled for cross-domain conditions, but allowed for same-domain. Presumably this would not break wordpress and the like, while at the same time offering more privacy than the default situation.

By: Wilted buttercup, grey skies, and geek» Blog Archive » Disabling Referer Headers in Firefox

Mon, 22 Nov 2010 10:07:51 +0000

[...] followed instructions on the following blog post http://cafe.elharo.com/privacy/privacy-tip-3-block-referer-headers-in-firefox/ to configure my Firefox instance to not send the “referer [...]

By: Proxomitron rules

Proxomitron rules — Fri, 01 Oct 2010 04:28:20 +0000

so de-referrer knows where you've been... btw, wordpress's referrer lockout seems to be for wp admin only, not wp visitors. and, presumably you could fake referrer for that.

By: skippy

skippy — Fri, 20 Aug 2010 05:56:39 +0000

Thanks for that I was wondering how to turn that off in firefox. Sites don’t need to see what page I just came from.

By: SHiNKiROU Blog » HTTP Referer: How It Screwed Up

SHiNKiROU Blog » HTTP Referer: How It Screwed Up — Mon, 26 Jul 2010 02:23:33 +0000

[...] off referers on Firefox, go to about:config and change network.http.sendRefererHeader to 0. See http://cafe.elharo.com/privacy/privacy-tip-3-block-referer-headers-in-firefox/ for more [...]

By: corrector

corrector — Tue, 22 Jun 2010 20:03:13 +0000

“Since the x-referrer was believed to be bulletproof at the time”

The x-referrer header is for XMLHttpRequest NOT hyper-links, can be set to ANY value, and XMLHttpRequest can only access the SAME site.

So:
- there is no way he could jump from site A to site B with a “x-referrer”
- x-referrer can be set to any value by calling code, proves NOTHING
- the porn site and the political site would have to be the SAME SITE

So your story is simply preposterous. It is CLEARLY made-up.

Also, there is NO WAY the political opponent would be identified. AND OBVIOUSLY PORN SITES “USUALLY” DO NOT HAVE LINKS TO POLITICAL SITES.

Not only your fairytale story goes is TECHNICALLY IMPOSSIBLE, it goes against COMMON SENS.

Please don’t become yet another lame film fiction writer. The world has enough of these.

Thank you.

By: Keith Sarver

Keith Sarver — Fri, 02 Apr 2010 12:32:59 +0000

Thanks for this post. I’m having problems though.

I have no idea how, but my Firefox is now set to 0; I’ve never opened this before. Following these instructions, and changing to default 2 or 1 doesn’t help. The setting automatically changes back to 0. Anyone know what’s happening? I need to set it at least 1, for a site on which I’m working, the forum requires that the referer headers to be enabled; there are already errors in the forum online because of this.

I’m working on a Mac, with Firefox 3.6.2; Safari 4.0.5 doesn’t seem to cause a problem since the referer seems to be enabled.

Any help would be appreciated. TIA

By: Chloe

Chloe — Tue, 19 Jan 2010 09:02:28 +0000

Anything that can be done to stop website ops tracking and abusing information is a good thing. One particular blogger named Waldo Jaquith, who considers himself the bee’s knees in all things internetty, blogged that a certain political adversary who visited his site had arrived via an embarrassing adult website. He based this claim on the x-referrer information that most people tend to ignore and posted it in an attempt to embarrass the gentleman into silence. Since the x-referrer was believed to be bulletproof at the time, Waldo thought it was rock-solid and gleefully announced the info to his many adoring groupies with the result being that the guy’s reputation was sullied without a chance of rebuttal.
The bottom line is that anyone who says it’s not necessary to worry about needing to hide the referrer and taking other precautions against abuse is kidding themselves.

By: How to Fix MODx CSRF Error that Occurs in Firefox : Belafonte Code

How to Fix MODx CSRF Error that Occurs in Firefox : Belafonte Code — Mon, 28 Dec 2009 07:12:32 +0000

[...] some information about the different sendRefererHeader settings in the Firefox about:config from The Cafes that helps explain what’s going on here. Setting it to 1 sends a referer header when [...]