New Firefox update prevents accidental leak of sensitive data
Referrer policy is enabled by default on Firefox 87
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
The newest version of the popularopen sourceFirefoxweb browserships with a stricter Referrer Policy that’ll help protect sensitive user information against accidental leaks.
Firefox87, which will drop later today, will trim details that reveal identifying information about the user, from the HTTP referrer header.
“Unfortunately, the HTTP Referrer header often contains private user data: it can reveal which articles a user is reading on the referring website, or even include information on a user’s account on a website,” write Mozilla’s Dimi Lee and Christoph Kerschbaumer in a blog post announcing the switch to the new policy.
We’re looking at how our readers use VPN for a forthcoming in-depth report. We’d love to hear your thoughts in the survey below. It won’t take more than 60 seconds of your time.
Click here to start the survey in a new window«
Evolving web
The developers explain that HTTP referrer headers contain details about the location that’s led visitors to the current website. While these are usually used for innocuous reasons such asanalytics, the referrer headers often also include sensitive user information as well.
With the introduction of the Referral Policy HTTP header, websites could control what details about the visitors were passed on to the next one. But if a website didn’t have a referrer policy, browsers default to the ‘no-referrer-when-downgrade’ setting, which does trim details about the referrer when navigating to a less secure resource, but still transmits the full URL including path and query information of the source.
“The ‘no-referrer-when-downgrade’ policy is a relic of the past web,” argue the developers as they reveal that Firefox 87 will instead adopt a strict-origin-when-cross-origin’ setting that will completely remove any user sensitive information from the referral URL.
The developers add that the new policy will be applicable to all navigational requests, redirected requests, and requests for sub-resource, such as image, style, and script, which they assert will lead to “a significantly more private browsing experience.”
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Via:BleepingComputer
With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.
Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics
This new phishing strategy utilizes GitHub comments to distribute malware
Arcane season 2 finally gave us the huge Caitlyn and Vi moment we’ve been waiting for – and its creators say ‘we couldn’t have done it in season one’
