When you click on a hyperlink to visit a webpage, the URL of the webpage you came from is normally identified and recorded (in its ‘referer log’) by the new page. This information is automatically appended to the HTTP header field when requesting a new webpage, and is known as an HTTP Referer (originally a misspelling of referrer).
While generally a useful piece of information for visited websites, the information contained in a referrer can be abused to track website visitors across the internet, especially when combined with cookies and other tracking techniques. Search engines, in particular, are bad at giving away information in Referer Headings, as they often include the search terms used to find a web page.
Disabling Referer Headers in Firefox
In Firefox it is easy to prevent the browser sending referrer information when you click on a URL.
- Type ‘about:config’ in the URL bar, and hit enter (you may have to click though a, ‘I’ll be careful, I promise!’ warning)
- In the search bar type ‘network.http.sendRefererHeader’
- Double-click on the ‘network.http.sendRefererHeader’ preference when it comes up
- Enter an integer value of 0, 1, or 2 or in the dialog box, then hit OK and close the ‘about:config’ tab
The integer value you enter into step 4 determines how Firefox handles Referer Headings:
Value 0 – completely disables the Referer Header. This is probably what you want, but it does break some websites (most notably WordPress)
Value 1 – Sends a Referer header when clicking on a link, but not when loading images on a page. This should prevent most cross-site tracking using cookies, whilst also allowing sites that rely on Referer Headers (such as WP) to function properly
Value 2 – This is the default setting, and sends the Referrer Header.
See here for the official Mozilla documentation on this setting.
Those wanting more fine grained control can try using the Change Referer Button, and Referrer Control Firefox add-ons. Both allow you to easily toggle the ‘network.http.sendRefererHeader’ setting on and off, and to create blacklists/whitelists for websites.
Google Chrome does not allow you to turn off Referer Header in its settings, but the Referer Control extension is available from the Chrome Store.
Remember also that Referer Headers are only passed on when you click through a link. Cutting and pasting a web address into a browser’s URL bar, or typing it out manually, will also prevent any Referer Headers being sent to the visited website.