Is it a good idea from a security standpoint to disable Referer headers in the browser? What discomforts will you have to deal with?

Asked Nov 16 '19 at 15:32

Active Nov 16 '19 at 15:32

Viewed 150 times

So what kind of discomfort will you have to deal with?

Will it break websites?

Or is it just a win for privacy?

You can disable the Referer headers in Firefox like this:

    Open Firefox and type “about:config” in the address bar and press “Enter“.
    If prompted with a warning, select “I accept the risk!“
    Find the entry that says “network.http.sendRefererHeader” and double-click on it.
    Set the entry to one of the following as desired:
  0 – Disable referrer.

Other options are:

    1 – Send the Referer header when clicking on a link, and set document.referrer for the following page.
    2 – Send the Referer header when clicking on a link or loading an image.

According to this question the Referer headers can't be spoofed and sometimes may break anti-CSRF measures.

asked Nov 16 '19 at 15:32

Sir Muffington

1,536
2
11
23

Try it- some websites will certainly be broken. What security benefits do you want to gain? – multithr3at3d Nov 16 '19 at 17:18
@multithr3at3d Mainly privacy if that's possible from not sending your Referer. – Sir Muffington Nov 16 '19 at 19:29

Is it a good idea from a security standpoint to disable Referer headers in the browser? What discomforts will you have to deal with?

0 Answers0