Whenever you click on a link on a web page to open another one in the same browser, referrer information are sent to the linked site.
You can verify this for yourself by visiting our IP lookup script which reveals your current IP address and other information including the referer (it is a misspelling that is used in this way in the HTTP specification).
The referrer field was designed to provide the linked web property with information about where a user originated from.
Sites use referrer information for a variety of purposes. Analytics comes to mind but there are other purposes such as hotlinking protection or verification (if you don’t have the right referrer, you are not allowed access).
Some services add sensitive information to the referrer field. It became known recently that the Healthcare.gov includes personal data in the referrer. According to the news article, the site’s referrer may include information about a person’s age, income, zip code, smoking habit or pregnancy.
Mozilla announced yesterday that it added support for the so-called meta referrer tag to Firefox Beta which provides developers with options to control referrer information on their sites.
Reliance on developers to get it right (who did not in first place) is probably not the best option from a user perspective.
Internet users can control referrer information on their end, and this guide looks at how that is done in popular browsers such as Mozilla Firefox or Google Chrome.
Attention: Modifying the referrer may render some sites unusable. Some extensions below support whitelisting which you can use in this case to override the default behavior.
Mozilla Firefox
Firefox users have the widest range of options when it comes to controlling referer information in the browser.
- HeaderControlRevived provides you with options to control the referer, user-agent and accept-language on a per-site basis.
- Referer Control offers full control over referrer information in Firefox. It ships with basic rules that you can switch between (the default is to strip the referrer when third-party requests are made), and options to override the default behavior for select sites.
- Smart Referer is a Firefox add-on that only sends referer information on the same domain. It supports whitelists and different modes that give you more control over the process but it should work right out of the box for most users.
Besides through extensions, Firefox users can configure referrer information right on the browser’s about:config page as well.
network.http.sendRefererHeader
- 0 – never send the referring URL.
- 1 – send only when links are clicked.
- 2 – send for links and images (default).
network.http.referer.XOriginPolicy
- 0 – always send referrer (default).
- 1 – only send if base domains match.
- 2 – only send if hosts match.
network.http.referer.spoofSource
- false – send the referrer (default).
- true – spoof the referrer and use the target URI instead.
network.http.referer.trimmingPolicy
- 0 – send full URI (default).
- 1 – scheme, host, port and path.
- 2 – scheme, host and port.
Google Chrome
Google Chrome users can install browser extensions (which may also work in Opera and other Chromium-based browsers) to control referrer behavior.
- Referer Control for Google Chrome strips referrer information when third-party requests are made by default. It features customization options for individual sites and options to set a custom global referer or block referers outright.
- Request Header Hook allows you to set cookie, referer and user-agent policies for individual sites.
Online Services
You have several options to control referrer information without installing extensions or manipulating browser settings.
One of the easier options for links is to copy a link and paste it in a private browsing window or another browser to make a direct request.
Services like NullRefer can be used to replace the referrer so that it is not sent when you load sites on the Internet.
Now You: How do you handle referer information on your end?