Firefox 87 will trim HTTP referrers by default. Firefox is a popular web browser. With the new Referrer Policy, Firefox will trim path and query string information from referrer headers. It will prevent websites to accidentally leak user data.
Referrer headers and Referrer Policy
Referrer information is mostly used for analytics, logging, or for optimizing caching. However, HTTP Referrer can also contain private user data and it can even reveal information on a user’s account on a website. If a website does not set any kind of referrer policy, then web browsers have traditionally defaulted to using a policy of ‘no-referrer-when-downgrade’.
This policy trims the referrer while navigating to a less secure destination but otherwise sends the full URL including path, and query information as the referrer. Firefox stated that this policy is a “relic of the past web” and causes leaking information in HTTP requests.
Starting with Firefox 87, the default Referrer Policy is changed to ‘strict-origin-when-cross-origin’ which will trim user-sensitive information. The new policy also trims path and query information for all cross-origin requests. The new default Policy will be applied to all navigational requests, redirected requests, and subresource.