Ability to neutralize HTTP referrer for enhanced privacy #99
Comments
|
Funny! Issues #99 and #100 were the next suggestions I intended to make ;-) Raymond, you're amazing! By implementing those enhancements HTTPSB will become an all-in-one solution which will make using a couple of other extensions superfluous. Great! However, I suggest that those features are disabled by default in order to avoid demanding too much from your users. I've been using the Firefox extension RefControl (http://www.stardrifter.org/refcontrol/) for years and Referer Control in Chrome for some months. What is said on the RefControl site: |
|
What I will provide will be as simple as possible, something basic but which does the job. I am considering the idea of nulling the referer field if both following conditions are fulfilled:
This way, the amount of code is minimal, the extra overhead to OnBeforeSendHeaders() is acceptable, and one single setting to add in the Settings page: "Remove referer information from request to non-whitelisted hostnames". Example: top page of Request URL: So with the feature, the referer would be nulled in the above case. |
|
Sounds good to me. It doesn't go as far as what I suggested from the RefControl example but I understand that this will be the easiest solution. |
|
Fixed in 34a237d. |
Re. privacy.
Because the Chrome API doesn't allow more than one extension to change the outgoing headers, and since HTTPSB must already potentially change the outgoing headers (to remove cookies), this means that using another extension to change the HTTP referrer alongside HTTPSB won't work. So HTTPSB must provide this feature, or else a user will have to forfeit one of the two extensions.
The text was updated successfully, but these errors were encountered: