Skip to content


Tweaking referer settings in Firefox (and Tor Browser)

I recently found a nice little summary of referrer-related settings in Firefox, which were modified heavily in Firefox 28. (NB: little history reminder, the settings names spell referer with just one r, as it was originally misspelled)

In about:config:

network.http.referer.XOriginPolicy
0 = always send,
1 = send if base domains match,
2 = send if hosts match

network.http.referer.spoofSource
false = send real referrer,
true = spoof referrer (use target URI as referrer)

network.http.referer.trimmingPolicy
0 = send full URI,
1 = scheme+host+port+path,
2 = scheme+host+port

Referrer processing is done in this order. So if XOriginPolicy is set to 2, then spoofSource and trimmingPolicy are useless if going from 1.mysite.com to 2.mysite.com, since no referrer is sent anyway.

The old setting, network.http.sendRefererHeader, is still there and can be used to completely disable referrer (by setting it to 0). Otherwise, to use the new settings described above, set it to 2 (default = always send referrer).

Note that even with the highest privacy & security settings, it seems that Tor Browser doesn’t touch those settings, so you’ll need to set them manually in Tor Browser too if you want to reduce referrer tracking.

Posted in Firefox, privacy.


One Response

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.

  1. bozo says

    // Controls whether we send HTTPS referres to other HTTPS sites.
    // By default this is enabled for compatibility (see bug 141641)
    pref(“network.http.sendSecureXSiteReferrer”, true);

    // Controls whether referrer attributes in <a>, , , and are honoured
    pref(“network.http.enablePerElementReferrer”, false);

    nice site
    need more greasemonkey scripts tho 😉



Some HTML is OK

or, reply to this post via trackback.

Sorry about the CAPTCHA that requires JS. If you really don't want to enable JS and still want to comment, you can send me your comment via e-mail and I'll post it for you.

Please solve the CAPTCHA below in order to fight spamWordPress CAPTCHA