Mozzarella

Home

Auto Referer

Control HTTP referer to protect privacy and not break web.


Notice: Due to browser bug on javascript document.referrer on Firefox 69+ (1601496, 1601743) (also on Chrome), using a regular referer controlling addon you can get 70% of expected protection until they fix that bug.

So, we've implemented a workaround to improve protection to 85%. Please enable workaround in addon settings (Firefox only currently).

Referer policy:

  1. For webs' top frame (i.e. clicking link, navigating, redirecting etc.):

    1. If origin and target url have same domain, allow trimmed referer
    2. If origin and target url have different domain, no referer
  2. For in-page resources (images, videos, js, css etc.), allow trimmed referer (this is the key to not break most webs, also a balance between privacy and experience)
  3. Trim referer: Any referer should be no more than http(s)://domain-name:port/ (like Firefox's native about:config setting network.http.referer.trimmingPolicy = 2).
  4. Not allow referer that not starts with "http" or "https". (Please feedback if you find something broken due to this)
  5. No referer when downgrade from HTTPS/WSS to HTTP/WS
We believe that can protect privacy enough and won't break web.

document.referrer bug workaround
This addon doesn't use content script. Content script hiding document.referrer is not 100% reliable.
We use this workaround to kill document.referrer:
Cancel all cross-domain navigating requests and make freshnew ones, like directly hit (currently only implemented for GET method, other methods remain as is)


Fallback operation
If user find a web broken, user can temporary set this addon disabled via toolbar button for:
(above can be set as keyboard shortcuts)
there's showy toolbar button badge indicating disabling status.

Allowlist
Currently it has hard-coded allowlist.

Disclaimer
This open souce addon comes with no warranty. Use on you own risk!

Install