Use sane about:config value: network.http.referer.trimmingPolicy = 2
While reading through various about:config security hardening guides, I found several bad default values for the Tor Browser:
- network.http.referer.trimmingPolicy = 2
- Send only the scheme, host, and port in the Referer header
- 0 = Send the full URL in the Referer header
- 1 = Send the URL without its query string in the Referer header
- 2 = Send only the scheme, host, and port in the Referer header
- Send only the scheme, host, and port in the Referer header
(This issue was split from https://trac.torproject.org/projects/tor/ticket/27059)
Trac:
Username: floweb