Firefox offers a security feature which you can restrict HTTP referer from being sent with varying granularity (docs). I disabled referer altogether through network.http.referer.defaultPolicy;0
. Most of the websites that I usually browse work just fine without referer. For website that do require (example), I created another profile with slightly less strict referer policies.
A website that had always worked without referer was GitHub, until 26 October 2019. At that time, I kept encountering HTTP Error 422 whenever I try to create a new pull request (the pull request in question). I later pinpointed the cause to be the referer policy after I managed to create pull request in another Firefox profile and Chromium, that do not have any referer policy in place. I ended up with duplicate pull requests in the process.
The referer policy I ended up is network.http.referer.defaultPolicy;1
(default is 3
) which restricts the referer to the same origin only. This config is compatible with every website I’ve encountered so far, including those that require referer. One thing to note is that website can set referer policy through Referrer-Policy response header. But a website can only set it to the same or more strict than browser’s. For this website, I set it no-referrer
, the strictest setting equivalent to network.http.referer.defaultPolicy;0
.