New Firefox update prevents accidental leak of sensitive data

News
By published

Referrer policy is enabled by default on Firefox 87

Privacy
(Image credit: Shutterstock / Valery Brozhinsky)

The newest version of the popular open source Firefox web browser ships with a stricter Referrer Policy that’ll help protect sensitive user information against accidental leaks.

Firefox 87, which will drop later today, will trim details that reveal identifying information about the user, from the HTTP referrer header.

"Unfortunately, the HTTP Referrer header often contains private user data: it can reveal which articles a user is reading on the referring website, or even include information on a user's account on a website," write Mozilla's Dimi Lee and Christoph Kerschbaumer in a blog post announcing the switch to the new policy.

TechRadar needs you!

We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.

>> Click here to start the survey in a new window<<

Evolving web

The developers explain that HTTP referrer headers contain details about the location that’s led visitors to the current website. While these are usually used for innocuous reasons such as analytics, the referrer headers often also include sensitive user information as well.

With the introduction of the Referral Policy HTTP header, websites could control what details about the visitors were passed on to the next one. But if a website didn’t have a referrer policy, browsers default to the ‘no-referrer-when-downgrade’ setting, which does trim details about the referrer when navigating to a less secure resource, but still transmits the full URL including path and query information of the source.

“The ‘no-referrer-when-downgrade’ policy is a relic of the past web,” argue the developers as they reveal that Firefox 87 will instead adopt a strict-origin-when-cross-origin’ setting that will completely remove any user sensitive information from the referral URL. 

The developers add that the new policy will be applicable to all navigational requests, redirected requests, and requests for sub-resource, such as image, style, and script, which they assert will lead to “a significantly more private browsing experience.”

Via: BleepingComputer

Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Read more
Home internet connection. A wlan router on desk with notebook in background.
Cloudflare admits security tool is blocking some challenger browsers
Fingerprint
Profit over privacy? Google gives advertisers more personal info in major ‘fingerprinting’ U-turn
Abstract illustration of a young woman looking at a smartphone, as large eyes peek through from her hair
Want to hit restart on your online presence? Here's 5 tools you need to stay truly private online
Woman using credit card whilst sitting at a desk with a laptop and mobile phone in view
Best web browser of 2025
A phone sitting on a laptop keyboard with the Microsoft Outlook logo on the screen.
Microsoft is changing the way logins work: here’s what that means for you
Abstract winter forest design with glowing pine trees on dark starry background
Season's cyber-cleanings: how to tidy up your digital footprint
Latest in Security
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Latest in News
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Hatch Restore 3 in Putty
You can finally start your day with The Office theme song, and I couldn't be more excited
Cassian Andor looking nervously over his shoulder in Andor season 2
New Andor season 2 trailer has got Star Wars fans asking the same question – and it includes an ominous call back to Rogue One's official teaser
Ncuti Gatwa as The Fifteenth Doctor in Doctor Who
Disney+ drops new trailer for Doctor Who season 2 that promises an epic adventure across time and space
23andMe
23andMe is bankrupt and about to sell your DNA, here's how to stop that from happening
More about security
An abstract image of digital security.

Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft

"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
AI hallucinations

We're already trusting AI with too much – I just hope AI hallucinations disappear before it's too late
See more latest
Most Popular
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Hatch Restore 3 in Putty
You can finally start your day with The Office theme song, and I couldn't be more excited
Dell Pro Max with GB300
HP and Dell's latest Nvidia powered PCs are likely to be some of the most expensive workstations ever launched
Shape of Russia filled with Russian flag-colored internet codes on a black hacking background
A new wave of blocks in Russia targets VPN apps and Cloudflare subnets
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Ncuti Gatwa as The Fifteenth Doctor in Doctor Who
Disney+ drops new trailer for Doctor Who season 2 that promises an epic adventure across time and space
Cassian Andor looking nervously over his shoulder in Andor season 2
New Andor season 2 trailer has got Star Wars fans asking the same question – and it includes an ominous call back to Rogue One's official teaser
23andMe
23andMe is bankrupt and about to sell your DNA, here's how to stop that from happening
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard