Skip to content
GitLab
Projects Groups Topics Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • Trac Trac
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Issues 246
    • Issues 246
    • List
    • Boards
    • Service Desk
    • Milestones
  • Monitor
    • Monitor
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value stream
  • Wiki
    • Wiki
  • Activity
  • Create a new issue
  • Issue Boards
Collapse sidebar
  • Legacy
  • TracTrac
  • Issues
  • #9623
Closed (moved) (moved)
Open
Issue created Aug 29, 2013 by cypherpunks@cypherpunks

Referers being sent from hidden service websites

Currently, when browsing on a hidden service website, when you click on a clearnet/hidden service link it sends the current address as referer.

I think Tor Browser should behave for websites on .onion addresses the same as https:// websites on clearnet in certain cases.

Normally, when you click on a http link from a https website, it doesn't send any referer.

Tor Browser should at least use this same behavior of https for http hidden services (both are encrypted right?). No referers should be sent to clearnet or to other hidden services, this is unacceptable. I believe it shouldn't send referers for https links as well, so send nothing at all.

Other than a partial solution, I still believe using the smart referer is a better solution overall.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking