Network.http.sendSecureXSiteReferrer
Background
HTTP is the application-layer protocol that most web pages are transferred with. As part of HTTP, requests can include a "Referer" (sic) header that tells the server which page the user was on that initiated the request. Servers use this information to track users' paths through the site and possibly provide additional features. The HTTP spec specifies that going from a secure (https) server to a non-secure (http) server should not result in a Referer header being sent, but does not define whether a Referer should be sent between two secure sites. This preferences controls that option.
Possible values and their effects
true
Send the Referer header when navigating from a https site to another https site. (Default)
false
Don't send the Referer header when navigating from a https site to another https site.
Caveats
- network.http.sendRefererHeader must be set to 1 or 2 for this preference to have an effect.
Recommended settings
Those concerned with privacy can set this to false, realizing that this may adversely affect some sites. Those wanting to ensure compatibility should leave it at the default.
First checked in
Has an effect in
- Netscape (all versions since 7.0)
- Mozilla Suite (all versions since 1.0 RC1)
- Mozilla Phoenix (all versions)
- Mozilla Firebird (all versions)
- Mozilla Firefox (all versions)
- SeaMonkey (all versions)
- Camino (all versions)
- Minimo (all versions)
Related bugs
- Bug 89995 - WRMB: http referrer from https should be supplied when target is same secure server
- Bug 128213 - Instead of an order form page I get an ecommerce security warning
- Bug 141641 - disabling cross-site HTTPS referrers breaks sites [was: when leaving https, should send host+port as referrer instead of no referer