Why is HTTP_REFERER enabled?

I understand TBB aims to make everyone alike but HTTP_REFERER leaks all URLs you clicked from which is easy to track and correlate. Why is it disabled instead?

added component::applications/tor browser owner::tbb-team priority::medium resolution::not a bug status::closed type::defect labels

typos: Why not disable it instead?

While disabling HTTP_REFERER may be impractical due to some sites breaking, it would make sense to block it for links opened in new tabs. Most users likely expect that they won't be tracked to a new tab given the circuit isolation TBB has now.

Proposed patch for tor-browser to disable referer passing for links opened in new tabs:

--- a/browser/base/content/utilityOverlay.js
+++ b/browser/base/content/utilityOverlay.js
@@ -358,7 +358,7 @@ function openLinkIn(url, where, params) {
   case "tab":
     w.gBrowser.loadOneTab(url, {
       referrerURI: aReferrerURI,
-      referrerPolicy: aReferrerPolicy,
+      referrerPolicy: Components.interfaces.nsIHttpChannel.REFERRER_POLICY_NO_REFERRER,
       charset: aCharset,
       postData: aPostData,
       inBackground: loadInBackground,

Trac:
Username: someone_else

https://www.torproject.org/projects/torbrowser/design/ section 1. The Referer Header in the Deprecation Whitelist has the reasoning.

Trac:
Status: new to closed
Resolution: N/A to not a bug

closed

moved to tpo/applications/tor-browser#16919 (closed)