Join us and the lead editor of IRL, Mozilla's multi-award-winning podcast, for a behind-the-scenes look at the pod and to contribute your ideas for the next season, themed: "AI and ME." Mark your calendar and join our Community Call on Wednesday, Aug 7, 17:00–17:45 UTC. See you there!

Avatar for Username

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Wo archive tread sia. Meɖekuku bia biabia yeye ne ehia kpeɖeŋu.

Firefox private browsing trims request referrer headers.

  • 1 ŋuɖoɖo
  • 1 masɔmasɔ sia le esi
  • 7 views
  • Nuɖoɖo mlɔetɔ philipp

matthew.was
matthew.was
more options

A site I develop for checks authenticity by checking a passed value confirming it it valid for a given referring url. The request has a referrer header which in regular windowed firefox is the full url of the requesting site. In private browsing mode the referrer header is only the host part of the url and does not contain the full path. It is the path that is commonly required to verify the site. Is this expected behaviour or a bug?

This has been confirmed both on macOS and Windows 10 using Firefox Quantum 61.0.

A site I develop for checks authenticity by checking a passed value confirming it it valid for a given referring url. The request has a referrer header which in regular windowed firefox is the full url of the requesting site. In private browsing mode the referrer header is only the host part of the url and does not contain the full path. It is the path that is commonly required to verify the site. Is this expected behaviour or a bug? This has been confirmed both on macOS and Windows 10 using Firefox Quantum 61.0.

All Replies (1)

philipp
philipp
  • Moderator
more options

hi, yes that appears to be the intended behaviour accoring to https://blog.mozilla.org/security/2018/01/31/preventing-data-leaks-by-stripping-path-information-in-http-referrers/