The privacy-focused browser Mozilla Firefox has now introduced another feature to protect users. With the latest Firefox 87, Mozilla has released a new Referrer Policy that trims HTTP referrers. As announced, the new Firefox trims
Mozilla’s New Referrer Policy With Firefox 87
With the recently launched Firefox 87, Mozilla rolled out the new Referrer Policy to trim the HTTP Referrer header. This will protect the sensitive details of the users like path and query string from being shared with other websites.
Describing HTTP Referrer, Mozilla explains,
Browsers send the HTTP Referrer header… to signal to a website which location “referred” the user to that website’s server.
As explained in their blog post, browsers typically share full URLs to the websites in the HTTP Referrer header. This header not only includes users’ data that websites use for analytics, but also include precise details like the content a user reads or the account information.
Although, browsers already had a ‘no-referrer-when-downgrade’ policy to prevent sensitive data exposure over unsecured connections, such as when transiting from HTTPS to HTTP.
But, now that HTTPS-only is becoming a norm, Mozilla deemed it the right time to update the Referrer Policy. Thus, this is what they have implemented.
Starting with Firefox 87, we set the default Referrer Policy to ‘strict-origin-when-cross-origin’ which will trim user sensitive information accessible in the URL. As illustrated in the example above, this new stricter referrer policy will not only trim information for requests going from HTTPS to HTTP but will also trim path and query information for all cross-origin requests. With that update, Firefox will apply the new default Referrer Policy to all navigational requests, redirected requests, and subresource (image, style, script) requests, thereby providing a significantly more private browsing experience.
This change will automatically come into effect as soon as the Firefox browser receives the latest update. Therefore, users should ensure to check the Firefox browser running on their devices for updates.
SmartBlock and Security Fixes With Firefox 87
Aside from the HTTP Referrer Policy update in Firefox 87, Mozilla has introduced another worthy feature with Firefox 87 – SmartBlock.
As described in a separate post, this feature will ensure the smooth working of websites that exhibit broken functionalities upon enabling tracking protecting protection. Earlier, users had to select a low-level privacy setting to allow such websites to run with trackers.
But, with SmartBlock, the Firefox browser will “provide local stand-ins for blocked third-party tracking scripts”.
These stand-in scripts behave just enough like the original ones to make sure that the website works properly. They allow broken sites relying on the original scripts to load with their functionality intact.
The SmartBlock stand-ins are bundled with Firefox: no actual third-party content from the trackers are loaded at all, so there is no chance for them to track you this way. And, of course, the stand-ins themselves do not contain any code that would support tracking functionality.
Besides, Mozilla has also released some security patches addressing 2 high-severity, 4 moderate-severity, and 2 low-severity bugs.