Make referer behavior consistent regardless of private browing mode status
Tor Browser's default referrer policy when in private browsing mode is strict-origin-when-cross-origin, but when private browsing mode is turned off its referrer policy is no-referrer-when-downgrade. This is governed by the
network.http.referer.defaultPolicy preferences, documented here.
This means that by default Tor Browser strips the path component from the referer header when making cross-origin requests. But if private browsing mode is turned off, it sends the complete URL instead.
User navigates to
https://example.org/page.html and the browser makes a request for an embedded image located at
This is undesirable because it makes it easy to passively detect TB users who have turned PBM off with nothing more than standard web server logs.
And although it is advised against, it is apparent from comments and discussions online that a number of users with relaxed security requirements turn off private browsing mode to take advantage of features such as the browser password manager and URL bar history suggestions.
For this reason, I think it would be good to remove this inonsistency. This can be accomplished by changing the default value of
network.http.referer.defaultPolicy to 2 so that it matches that of its PBM counterpart (
network.http.referer.defaultPolicy.pbmode). This would be in the interest of all TB users, not just those who turn off private browsing mode, because it increases uniformity.