GitLab

Referer spoofing breaks browser navigation due to an interaction with our content policy. We could alter the content policy, but that would make the toggle model even less safe, because of Firefox API limitations. Basically the fix would increase the probability that some requests might leak through from one torbutton state to another.

I am kind of torn. On the one hand, since we're don't really support the toggle model, it might be fine to make it (more) insecure. However, I don't really think the referrer blocking feature is very useful, and I am planning on removing it in the next major release.. So to break it for this reason seems kind of silly.

Hence, let's hide the referer spoofing option, demoting it to an about:config pref only, to prevent people from breaking their TBBs with it.

We will remove the pref entirely in a future release.