Developers of the Firefox browser want to better protect user privacy by limiting the amount of data contained in Referer headers.
The "meta referrer," as the new feature is dubbed, is aimed at stemming the ballooning amount of information many sites stuff into Referer headers, Mozilla Security and Privacy Engineer Sid Stamm wrote in a blog post published Wednesday. Referer headers started out as a way for website operators to know what external link users clicked on to arrive the page they are currently viewing. Over time, the information contained in such links has mushroomed and often includes usernames, site preferences, and other data that reveals personal information. Some sites have worked around this privacy invasion by erecting an elaborate set of redirects that strip some of that data out of Referer headers.
"This HTTP header has become quite problematic and not very useful, so we're working to make it better," Stamm wrote.
The "meta referrer" allows HTML documents to include a tag that specifies one or more referrer policies that change the way Firefox sends Referer headers. For instance, the tag will strip out path, query strings, and fragments. Other policies allow referrers to be suppressed entirely.
Word of the Mozilla move comes a day after the Associated Press reported that Healthcare.gov is quietly sending private companies zip codes and other personal data of millions of people signing up for health insurance. Other data transmitted in the Referer fields included income, whether a person smokes, and if a person is pregnant. Healthcare.gov sent the data to Google's data-analytics service, Twitter, Facebook and several online advertising providers.
The meta referrer is available in the current Firefox 36 beta version. It's not clear if the feature will be available in the release version of the browser. Even if meta referrer is included in the release version of Firefox, it likely won't have much affect unless Google and Microsoft embrace it in the Chrome and Internet Explorer browsers. The Do Not Track feature, for instance, remains unsupported in Chrome, but many Google properties fail to honor the request. Users of that browser can't make use of the feature unless they install an extension. The lack of across-the-board support by browser developers and many websites erodes the effectiveness of the measure. Mozilla's introduction of the meta referrer is a worthy experiment but ultimately may be little else unless it's adopted by other influential players.
reader comments
43