New Firefox update prevents accidental leak of sensitive data
Referrer policy is enabled by default on Firefox 87
The newest version of the popular open source Firefox web browser ships with a stricter Referrer Policy that’ll help protect sensitive user information against accidental leaks.
Firefox 87, which will drop later today, will trim details that reveal identifying information about the user, from the HTTP referrer header.
"Unfortunately, the HTTP Referrer header often contains private user data: it can reveal which articles a user is reading on the referring website, or even include information on a user's account on a website," write Mozilla's Dimi Lee and Christoph Kerschbaumer in a blog post announcing the switch to the new policy.
We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.
- Here’s our list of the best VPN services
- These are the best anonymous browsers
- We’ve also rounded up the best business VPN services
Evolving web
The developers explain that HTTP referrer headers contain details about the location that’s led visitors to the current website. While these are usually used for innocuous reasons such as analytics, the referrer headers often also include sensitive user information as well.
With the introduction of the Referral Policy HTTP header, websites could control what details about the visitors were passed on to the next one. But if a website didn’t have a referrer policy, browsers default to the ‘no-referrer-when-downgrade’ setting, which does trim details about the referrer when navigating to a less secure resource, but still transmits the full URL including path and query information of the source.
“The ‘no-referrer-when-downgrade’ policy is a relic of the past web,” argue the developers as they reveal that Firefox 87 will instead adopt a strict-origin-when-cross-origin’ setting that will completely remove any user sensitive information from the referral URL.
The developers add that the new policy will be applicable to all navigational requests, redirected requests, and requests for sub-resource, such as image, style, and script, which they assert will lead to “a significantly more private browsing experience.”
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
- We’ve also rounded up the best proxy providers
Via: BleepingComputer
With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.