[tbb-bugs] #30276 [Applications/Tor Browser]: The referer header should be spoofed in TBB

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Apr 23 22:27:12 UTC 2019


#30276: The referer header should be spoofed in TBB
------------------------------+------------------------------------------
 Reporter:  randomname213324  |          Owner:  tbb-team
     Type:  enhancement       |         Status:  new
 Priority:  Medium            |      Component:  Applications/Tor Browser
  Version:                    |       Severity:  Critical
 Keywords:                    |  Actual Points:
Parent ID:                    |         Points:
 Reviewer:                    |        Sponsor:
------------------------------+------------------------------------------
 Setting `network.http.referer.spoofSource` in about:config to true sends
 the target URL in the referer header. This shouldn't break any websites
 and it could only be enabled at the safer or safest security settings.

 This would stop websites from seeing what website you were previously on
 from the referer header.

 The referer can also be trimmed to reduce the amount of information sent.

 A list of all security/privacy related referer options can be found here
 https://wiki.mozilla.org/Security/Referrer

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30276>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list