Firefox Tip: stop sending referer (sic) information when clicking on a link?

By Shaon, Gaea News Network
Friday, November 12, 2010

Next on our continuing series of Firefox Tips is when we are going to detail the procedure of how to stop sending the referer(sic) information when clicking on a link. First before everything seems Hebrew to you. HTTP is an application layer protocol which ensures the transfer of most web pages available on the Internet. So during any transfer hinged on the HTTP protocol it is possible that a request for a “Referer” be made. The Referers would communicate the the location of the page where the user initiated the request to the server.

It is then possible for the Servers to track the exact path of the request in details, back to the user. Moreover considering JavaScript the referer of the current page lays exposed in the DOM through the document.referrer. Thus such scripts running on the page where the request for the refer is being made may be made subject to the very same information that was sent in response to the Referer header request. It becomes easy for a malicious code to follow the path straight to the user. Thus exposing the end user to a multitude of vulnerabilities. Firefox customizable as it is includes an option to disable any such information sent via the refer header the document.referrer option present in the pref.js file of the Firefox installation.

We will now detail how changing the value of this option would change the way the referrer information is sent over the network. The option may have 3 values like 0,1 and 2. The default value is set at 2.


Stops sending the Referer header or set document.referrer.


Send the Referer header when clicking on a link. Also the the document.referrer is set for the following page.


Send the Referrer header as one clicks on a link or while loading an image. Also document.referrer is set to the following page. (Default)

This option has been checked to have effect in the following sites

Netscape (all versions since 6.1)
Mozilla Suite (all versions since 0.9)
Mozilla Phoenix (all versions)
Mozilla Firebird (all versions)
Mozilla Firefox (all versions)
SeaMonkey (all versions)
Camino (all versions)
Minimo (all versions)

But just before you rush to about.config to change the setting a stark remainder remains that by limiting or denying any referrer service many websites might stop working properly or if working at all. If you are bothered with your security on the big bad Internet feel free to change the values to 0. But the default option gives the most compatibility with websites. Do let us know what you have decided to do.

Filed under: Featured Article, Firefox

will not be displayed