48 lines
3.1 KiB
Nix
48 lines
3.1 KiB
Nix
|
{
|
||
|
|
/*** [SECTION 1600]: HEADERS / REFERERS
|
||
|
|
Only *cross domain* referers need controlling: leave 1601, 1602, 1605 and 1606 alone
|
||
|
|
---
|
||
|
|
Expect some breakage: Use an extension if you need precise control
|
||
|
|
---
|
||
|
|
full URI: https://example.com:8888/foo/bar.html?id=1234
|
||
|
|
scheme+host+port+path: https://example.com:8888/foo/bar.html
|
||
|
|
scheme+host+port: https://example.com:8888
|
||
|
|
---
|
||
|
|
[1] https://feeding.cloud.geek.nz/posts/tweaking-referrer-for-privacy-in-firefox/
|
||
|
|
***/
|
||
|
|
/* 1601: ALL: control when images/links send a referer
|
||
|
|
* 0=never, 1=send only when links are clicked, 2=for links and images (default) ***/
|
||
|
|
# // user_pref("network.http.sendRefererHeader", 2);
|
||
|
|
/* 1602: ALL: control the amount of information to send
|
||
|
|
* 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/
|
||
|
|
# // user_pref("network.http.referer.trimmingPolicy", 0);
|
||
|
|
/* 1603: CROSS ORIGIN: control when to send a referer
|
||
|
|
* 0=always (default), 1=only if base domains match, 2=only if hosts match
|
||
|
|
* [SETUP-WEB] Known to cause issues with older modems/routers and some sites e.g vimeo, icloud, instagram ***/
|
||
|
|
"network.http.referer.XOriginPolicy" = 2;
|
||
|
|
/* 1604: CROSS ORIGIN: control the amount of information to send [FF52+]
|
||
|
|
* 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/
|
||
|
|
"network.http.referer.XOriginTrimmingPolicy" = 2;
|
||
|
|
/* 1605: ALL: disable spoofing a referer
|
||
|
|
* [WARNING] Do not set this to true, as spoofing effectively disables the anti-CSRF
|
||
|
|
* (Cross-Site Request Forgery) protections that some sites may rely on ***/
|
||
|
|
# // user_pref("network.http.referer.spoofSource", false); // [DEFAULT: false]
|
||
|
|
/* 1606: ALL: set the default Referrer Policy [FF59+]
|
||
|
|
* 0=no-referer, 1=same-origin, 2=strict-origin-when-cross-origin, 3=no-referrer-when-downgrade
|
||
|
|
* [NOTE] This is only a default, it can be overridden by a site-controlled Referrer Policy
|
||
|
|
* [1] https://www.w3.org/TR/referrer-policy/
|
||
|
|
* [2] https://developer.mozilla.org/docs/Web/HTTP/Headers/Referrer-Policy
|
||
|
|
* [3] https://blog.mozilla.org/security/2018/01/31/preventing-data-leaks-by-stripping-path-information-in-http-referrers/
|
||
|
|
* [4] https://blog.mozilla.org/security/2021/03/22/firefox-87-trims-http-referrers-by-default-to-protect-user-privacy/ ***/
|
||
|
|
# // user_pref("network.http.referer.defaultPolicy", 2); // [DEFAULT: 2 FF87+]
|
||
|
|
# // user_pref("network.http.referer.defaultPolicy.pbmode", 2); // [DEFAULT: 2]
|
||
|
|
/* 1607: hide (not spoof) referrer when leaving a .onion domain [FF54+] [TOR]
|
||
|
|
* [NOTE] Firefox cannot access .onion sites by default: it is strongly recommended you just use Tor Browser
|
||
|
|
* [1] https://bugzilla.mozilla.org/1305144 ***/
|
||
|
|
# // user_pref("network.http.referer.hideOnionSource", true);
|
||
|
|
/* 1610: ALL: enable the DNT (Do Not Track) HTTP header
|
||
|
|
* [NOTE] DNT is enforced with Enhanced Tracking Protection regardless of this pref
|
||
|
|
* [SETTING] Privacy & Security>Enhanced Tracking Protection>Send websites a "Do Not Track" signal... ***/
|
||
|
|
"privacy.donottrackheader.enabled" = true;
|
||
|
|
}
|