{"id":2287,"date":"2018-01-31T07:11:14","date_gmt":"2018-01-31T15:11:14","guid":{"rendered":"https:\/\/blog.mozilla.org\/security\/?p=2287"},"modified":"2018-01-31T07:11:14","modified_gmt":"2018-01-31T15:11:14","slug":"preventing-data-leaks-by-stripping-path-information-in-http-referrers","status":"publish","type":"post","link":"https:\/\/blog.mozilla.org\/security\/2018\/01\/31\/preventing-data-leaks-by-stripping-path-information-in-http-referrers\/","title":{"rendered":"Preventing data leaks by stripping path information in HTTP Referrers"},"content":{"rendered":"<p>To help prevent third party data leakage while browsing privately, Firefox Private Browsing Mode will remove path information from referrers sent to third parties starting in Firefox 59.<\/p>\n<h2>Referrers can leak sensitive data<\/h2>\n<div id=\"attachment_2288\" style=\"width: 610px\" class=\"wp-caption alignnone\"><a href=\"https:\/\/www.eff.org\/files\/2015\/01\/20\/hc_gov_requests.png\" target=\"_blank\" rel=\"noopener\"><img aria-describedby=\"caption-attachment-2288\" decoding=\"async\" loading=\"lazy\" class=\"wp-image-2288 size-large\" src=\"https:\/\/blog.mozilla.org\/security\/files\/2018\/01\/hc_gov_requests-600x65.png\" alt=\"Screenshot of healthcare.gov requests. Source: EFF\" width=\"600\" height=\"65\" srcset=\"https:\/\/blog.mozilla.org\/security\/files\/2018\/01\/hc_gov_requests-600x65.png 600w, https:\/\/blog.mozilla.org\/security\/files\/2018\/01\/hc_gov_requests-252x27.png 252w, https:\/\/blog.mozilla.org\/security\/files\/2018\/01\/hc_gov_requests-768x83.png 768w, https:\/\/blog.mozilla.org\/security\/files\/2018\/01\/hc_gov_requests.png 1525w\" sizes=\"(max-width: 600px) 100vw, 600px\" \/><\/a><p id=\"caption-attachment-2288\" class=\"wp-caption-text\">An example of personal health data being sent to third parties from healthcare.gov. Source: <a href=\"https:\/\/www.eff.org\/deeplinks\/2015\/01\/healthcare.gov-sends-personal-data\">EFF<\/a><\/p><\/div>\n<p>When you click a link in your browser to navigate to a new site, the new site you visit receives the exact address of the site you came from through the so-called \u201cReferrer value\u201d. For example, if you came to this Mozilla Security Blog from reddit.com, the browser would send blog.mozilla.org this:<\/p>\n<p><code>Referer: https:\/\/www.reddit.com\/r\/privacy\/comments\/Preventing_data_leaks_by_stripping_path_information_in_HTTP_Referrers\/<\/code><\/p>\n<p>This leaks user data to websites, telling websites the exact page you were looking at when you clicked the link. To make things worse, browsers also send a referrer value when requesting sub-resources, like ads, or other social media snippets integrated in a modern web site. In other words, embedded content also knows exactly what page you are visiting<\/p>\n<p>Most sites log this data for operational and statistical purposes. Many sites also log this data to collect as much information about their users as possible. \u00a0They can then use that data for a variety of purposes, or even sell that data &#8211; e.g., for re-targeting.<\/p>\n<p>While the data above may not be a problem, consider this example:<\/p>\n<p><code>Referer: https:\/\/www.<br \/>\nhealthcare.gov\/see-plans\/85601\/results\/?county=04019&amp;age=40&amp;smoker=1&amp;pregnant=1&amp;zip=85601&amp;state=AZ&amp;income=35000<\/code><\/p>\n<p>EFF researchers discovered this<a href=\"https:\/\/www.eff.org\/deeplinks\/2015\/01\/healthcare.gov-sends-personal-data\"> leak of personal health data from healthcare.gov to DoubleClick<\/a>. As indicated, the referrer in this case leaks information about your age, your zip code, whether you are a smoker or not, and potentially even your income. Other companies (<a href=\"https:\/\/blogs.dropbox.com\/dropbox\/2014\/05\/web-vulnerability-affecting-shared-links\/\">link1<\/a>,<a href=\"https:\/\/www.facebook.com\/notes\/facebook-engineering\/protecting-privacy-with-referrers\/392382738919\"> link2<\/a>) have disclosed similar vulnerabilities and leaks.<\/p>\n<h2 role=\"note\">Private Browsing will strip paths in HTTP referrers<\/h2>\n<p><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-large wp-image-2289\" src=\"https:\/\/blog.mozilla.org\/security\/files\/2018\/01\/fx-pbm-600x488.png\" alt=\"Screenshot: Firefox Private Browsing window\" width=\"600\" height=\"488\" srcset=\"https:\/\/blog.mozilla.org\/security\/files\/2018\/01\/fx-pbm-600x488.png 600w, https:\/\/blog.mozilla.org\/security\/files\/2018\/01\/fx-pbm-252x205.png 252w, https:\/\/blog.mozilla.org\/security\/files\/2018\/01\/fx-pbm-768x624.png 768w, https:\/\/blog.mozilla.org\/security\/files\/2018\/01\/fx-pbm.png 1920w\" sizes=\"(max-width: 600px) 100vw, 600px\" \/><\/p>\n<p>To prevent this type of data leakage when Firefox users are browsing privately, we are changing the way Firefox sends referrers in Private Browsing Mode.<\/p>\n<p>Starting with Firefox 59, Private Browsing will remove path information from referrer values sent to third parties (i.e. technically, setting a Referrer Policy of <code>strict-origin-when-cross-origin<\/code>).<\/p>\n<p>In the previous examples, this setting would remove the path and query string data from the referrer values so that they are stripped down to:<\/p>\n<p><code>Referer: https:\/\/www.reddit.com\/<\/code><\/p>\n<p>and<\/p>\n<p><code>Referer: https:\/\/www.healthcare.gov\/<\/code><\/p>\n<p>This change prevents site authors from accidentally leaking user data to third parties when their users choose Private Browsing Mode. \u00a0We made this change only after first ensuring that this would have minimal to no effect on <a href=\"https:\/\/blog.mozilla.org\/data\/2018\/01\/26\/improving-privacy-without-breaking-the-web\/\">web usability<\/a>.<\/p>\n<h2>Other ways of controlling referrers<\/h2>\n<p>Vendors and authors continue to <a href=\"https:\/\/briansmith.org\/referrer-01\">propose changes to Referrers<\/a> to improve web privacy, security, and functionality.<\/p>\n<p>In 2014, the W3C Web Application Security Working Group started its<a href=\"https:\/\/www.w3.org\/TR\/referrer-policy\/\"> Referrer Policy<\/a> Recommendation. This Policy lets vendors and authors control referrer values. For example, it defines a secure-by-default <code>no-referrer-when-downgrade<\/code> policy for user agents, which does not send referrers to HTTP resources from an HTTPS page. In Firefox Regular and Private Browsing Mode, if a site specifically sets a more restrictive or more liberal Referrer Policy than the browser default, the browser will honor the websites request since the site author is intentionally changing the value.<\/p>\n<p>Users can also <a href=\"https:\/\/wiki.mozilla.org\/Security\/Referrer\">change their default referrer options in Firefox<\/a>. \u00a0These will override the browser\u2019s default Referrer Policy and override the site author\u2019s Referrer Policy, putting the users choice first.<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>To help prevent third party data leakage while browsing privately, Firefox Private Browsing Mode will remove path information from referrers sent to third parties starting in Firefox 59. Referrers can &hellip; <a class=\"go\" href=\"https:\/\/blog.mozilla.org\/security\/2018\/01\/31\/preventing-data-leaks-by-stripping-path-information-in-http-referrers\/\">Read more<\/a><\/p>\n","protected":false},"author":285,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[30,847],"tags":[],"coauthors":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Preventing data leaks by stripping path information in HTTP Referrers - Mozilla Security Blog<\/title>\n<meta name=\"description\" content=\"Starting in version 59, Firefox Private Browsing will remove path data from Referrers sent to third parties. This will help prevent accidentally leaking data to third parties.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.mozilla.org\/security\/2018\/01\/31\/preventing-data-leaks-by-stripping-path-information-in-http-referrers\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Luke Crouch\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2018\/01\/31\/preventing-data-leaks-by-stripping-path-information-in-http-referrers\/\",\"url\":\"https:\/\/blog.mozilla.org\/security\/2018\/01\/31\/preventing-data-leaks-by-stripping-path-information-in-http-referrers\/\",\"name\":\"Preventing data leaks by stripping path information in HTTP Referrers - Mozilla Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/2018\/01\/31\/preventing-data-leaks-by-stripping-path-information-in-http-referrers\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/2018\/01\/31\/preventing-data-leaks-by-stripping-path-information-in-http-referrers\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blog.mozilla.org\/security\/files\/2018\/01\/hc_gov_requests-600x65.png\",\"datePublished\":\"2018-01-31T15:11:14+00:00\",\"dateModified\":\"2018-01-31T15:11:14+00:00\",\"author\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/491692acd36de650165e25dd53c99954\"},\"description\":\"Starting in version 59, Firefox Private Browsing will remove path data from Referrers sent to third parties. This will help prevent accidentally leaking data to third parties.\",\"breadcrumb\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/2018\/01\/31\/preventing-data-leaks-by-stripping-path-information-in-http-referrers\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.mozilla.org\/security\/2018\/01\/31\/preventing-data-leaks-by-stripping-path-information-in-http-referrers\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2018\/01\/31\/preventing-data-leaks-by-stripping-path-information-in-http-referrers\/#primaryimage\",\"url\":\"https:\/\/blog.mozilla.org\/security\/files\/2018\/01\/hc_gov_requests.png\",\"contentUrl\":\"https:\/\/blog.mozilla.org\/security\/files\/2018\/01\/hc_gov_requests.png\",\"width\":1525,\"height\":165,\"caption\":\"An example of personal health data being sent to third parties from healthcare.gov. Source: EFF\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2018\/01\/31\/preventing-data-leaks-by-stripping-path-information-in-http-referrers\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.mozilla.org\/security\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Preventing data leaks by stripping path information in HTTP Referrers\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#website\",\"url\":\"https:\/\/blog.mozilla.org\/security\/\",\"name\":\"Mozilla Security Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.mozilla.org\/security\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/491692acd36de650165e25dd53c99954\",\"name\":\"Luke Crouch\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/image\/1b48bfd9be84cb33b2259056825f5338\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/ac76daf656edb21915fd4611edae2b2e?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/ac76daf656edb21915fd4611edae2b2e?s=96&d=identicon&r=g\",\"caption\":\"Luke Crouch\"},\"description\":\"Privacy Engineer\",\"sameAs\":[\"https:\/\/groovecoder.com\",\"https:\/\/x.com\/groovecoder\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Preventing data leaks by stripping path information in HTTP Referrers - Mozilla Security Blog","description":"Starting in version 59, Firefox Private Browsing will remove path data from Referrers sent to third parties. This will help prevent accidentally leaking data to third parties.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.mozilla.org\/security\/2018\/01\/31\/preventing-data-leaks-by-stripping-path-information-in-http-referrers\/","twitter_misc":{"Written by":"Luke Crouch","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/blog.mozilla.org\/security\/2018\/01\/31\/preventing-data-leaks-by-stripping-path-information-in-http-referrers\/","url":"https:\/\/blog.mozilla.org\/security\/2018\/01\/31\/preventing-data-leaks-by-stripping-path-information-in-http-referrers\/","name":"Preventing data leaks by stripping path information in HTTP Referrers - Mozilla Security Blog","isPartOf":{"@id":"https:\/\/blog.mozilla.org\/security\/#website"},"primaryImageOfPage":{"@id":"https:\/\/blog.mozilla.org\/security\/2018\/01\/31\/preventing-data-leaks-by-stripping-path-information-in-http-referrers\/#primaryimage"},"image":{"@id":"https:\/\/blog.mozilla.org\/security\/2018\/01\/31\/preventing-data-leaks-by-stripping-path-information-in-http-referrers\/#primaryimage"},"thumbnailUrl":"https:\/\/blog.mozilla.org\/security\/files\/2018\/01\/hc_gov_requests-600x65.png","datePublished":"2018-01-31T15:11:14+00:00","dateModified":"2018-01-31T15:11:14+00:00","author":{"@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/491692acd36de650165e25dd53c99954"},"description":"Starting in version 59, Firefox Private Browsing will remove path data from Referrers sent to third parties. This will help prevent accidentally leaking data to third parties.","breadcrumb":{"@id":"https:\/\/blog.mozilla.org\/security\/2018\/01\/31\/preventing-data-leaks-by-stripping-path-information-in-http-referrers\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.mozilla.org\/security\/2018\/01\/31\/preventing-data-leaks-by-stripping-path-information-in-http-referrers\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/security\/2018\/01\/31\/preventing-data-leaks-by-stripping-path-information-in-http-referrers\/#primaryimage","url":"https:\/\/blog.mozilla.org\/security\/files\/2018\/01\/hc_gov_requests.png","contentUrl":"https:\/\/blog.mozilla.org\/security\/files\/2018\/01\/hc_gov_requests.png","width":1525,"height":165,"caption":"An example of personal health data being sent to third parties from healthcare.gov. Source: EFF"},{"@type":"BreadcrumbList","@id":"https:\/\/blog.mozilla.org\/security\/2018\/01\/31\/preventing-data-leaks-by-stripping-path-information-in-http-referrers\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.mozilla.org\/security\/"},{"@type":"ListItem","position":2,"name":"Preventing data leaks by stripping path information in HTTP Referrers"}]},{"@type":"WebSite","@id":"https:\/\/blog.mozilla.org\/security\/#website","url":"https:\/\/blog.mozilla.org\/security\/","name":"Mozilla Security Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.mozilla.org\/security\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/491692acd36de650165e25dd53c99954","name":"Luke Crouch","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/image\/1b48bfd9be84cb33b2259056825f5338","url":"https:\/\/secure.gravatar.com\/avatar\/ac76daf656edb21915fd4611edae2b2e?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/ac76daf656edb21915fd4611edae2b2e?s=96&d=identicon&r=g","caption":"Luke Crouch"},"description":"Privacy Engineer","sameAs":["https:\/\/groovecoder.com","https:\/\/x.com\/groovecoder"]}]}},"_links":{"self":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts\/2287"}],"collection":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/users\/285"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/comments?post=2287"}],"version-history":[{"count":0,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts\/2287\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/media?parent=2287"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/categories?post=2287"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/tags?post=2287"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/coauthors?post=2287"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}