View Full Version : Disable Referrer Headers In Firefox
Do you want complete privacy? Don't let servers know even where you come from! Block referrers being sent to them simply and easily.
Every time you click on a link or submit a form, some headers are sent to the server in a GET or POST request. Every time you do that though, your browser sends some extra headers. One of them is the referrer - the address of the page where you clicked on that link (or submitted the form).
Why would you like to block the referrer? Well, everyone has his own personal reasons, better privacy being one of them.
There are more than one ways to block the referrer field though, easiest one though is by using the Web Developer toolbar for Firefox.
A
Download and install Web Developer toolbar.
http://img300.imageshack.us/img300/9323/284.png
B
1. Type “about:config” in the location bar, and press return.
2. In the filter box, type “referer” and press return. This should leave you with one preference, network.http.sendRefererHeader. This is probably set to 2.
3.Right click on network.http.sendRefererHeader and select “Modify”
http://img207.imageshack.us/img207/9323/284.png
4.In the dialog that appears type “0″ and press OK:
http://img207.imageshack.us/img207/4077/284e.png
This completely disables the referer header. This is normally what you want, though it may occasionally break a few sites that check the referer header to prevent deep linking or framing of its content. (It breaks WordPress, for example.)
If you run into problems, try setting sendRefererHeader to 1 instead. Setting it to 1 sends a referer header when following a link to another page, but not when loading images on the page. This will block most cross-site cookie tracking, but still allow WordPress and most other sites that depend on referers to function. Setting sendRefererHeader to 2 (the default) sends it when following links and when loading images on the page.
There’s also a boolean network.http.sendSecureXSiteReferer preference. If true, referer headers are sent for https the same as they are for http (i.e. controlled by network.http.sendRefererHeader). If false, referer headers are not sent for https connections. The default is true, and that’s probably OK; but if you like you can set this to false by toggling the value or just double click:
http://img220.imageshack.us/img220/9323/284.png
That’s it. You’re done. Taking these steps significantly reduces the ability of sites to track and profile you
Keep in mind though that by blocking the referrer field being sent to server may have some disadvantages though. It WILL trigger Leech Protection if it is enabled, preventing you from viewing some pages or only images/video depending on how it is configured on the server.As a conclusion, having the option of blocking the referrers can be a very useful thing in some circumstances, but I'd advice you only to use it when you REALLY need to in order for you to view websites without many avoidable headaches.
Does the "No-ref" option in the "Quick preference button" addon or the "No-referer" addon
also do that?
They seem to be easier.
Does the "No-ref" option in the "Quick preference button" addon or the "No-referer" addon
also do that?
They seem to be easier.
It oughta work too, but hey appreciate kazuya's work, his tutorial works 100% and you don't need to install any add-on for that. :wink2:
Although it's a bit hard to disable when no referers trigger anti-leech protection.
You could also use the HTTP Header Filter addon and set up a rule for "filter, Referer". It can then be toggled on and off with a single click. :smile:
If you're using Firefox go for RefControl (https://addons.mozilla.org/de/firefox/addon/953), it does the best job. :top:
Of course I didn't mean to diss Kazuyas post.
I only posted a question.
Thanks for the answers everyone.
I'll try the different addons and see which I like best.
If you're using Firefox go for RefControl (https://addons.mozilla.org/de/firefox/addon/953), it does the best job. :top:
In this addon ( Default for sites not listed: Block ) it should like this right ? or I must add some sites ?
Edit: my firefox now it's fly :eek:
If you're using Firefox go for RefControl (https://addons.mozilla.org/de/firefox/addon/953), it does the best job. :top:
I have blocked all sites?
What do you mean by that?
I think he means he's disabled referers for all sites. Careful with this, some pages and downloads won't work.
splicer is a fan of the "Forge" setting :biggrin:
Then only for SB-I
I tested this: Sniffing Browser History with NO Javascript! (http://www.making-the-web.com/misc/sites-you-visit/nojs/)
Works well
This is enough to be safe?
SB-I isn't on their list. Apply this tweak and visit YouTube, Google, Wikipedia, etc. If the scanner can't tell you've visited those sites, you're safe.
If you want to test if referers are fully disabled, go to IP.cc (http://www.ip.cc/), then click on "anonymity test".
Easiest and best way just to disable history.i mean you don't need it any way,if you find some interesting stuff on net you will bookmark it, if you are smart:tongue:
Disabling history by itself won't prevent sites from knowing where they've been linked to through HTTP referers. :tongue:
Sorry i meant about this css leak stuff:tongue:
Sniffing Browser History with NO Javascript! (http://www.making-the-web.com/misc/sites-you-visit/nojs/) What I must do here ? and after anonymity test on here IP.cc (http://www.ip.cc/) хow do I know it's disabled ?
Sniffing Browser History with NO Javascript! (http://www.making-the-web.com/misc/sites-you-visit/nojs/) What I must do here ?
Visit Google, YouTube or Wikipedia, then go to that page and let the scan finish. If it couldn't detect you visited those sites, you are safe, and don't need to do anything else.
and after anonymity test on here IP.cc (http://www.ip.cc/) хow do I know it's disabled ?
Scroll down and it should read:
HTTP_REFERER: n/a Good!
Refferer it's good but on scan I found every site I visited, maybe bcz my history is enabled and don't clean it.
Clear your history, then try again.
If I clean now my auto-complete history for nicknames + passwords will be deleted right ?
As far as I know, "Saved Passwords" are kept as a separate item.
How I can delete the history without other programs.
Go to Tools -> Clear Private Data, untick all boxes except "History", and click OK.
I'm using FF 3.5 http://img206.imagevenue.com/loc360/th_87738_asdwdsa_122_360lo.JPG (http://img206.imagevenue.com/img.php?image=87738_asdwdsa_122_360lo.JPG)
"Browsing and Download history" should do, then.
I cleared the history and on scan site shows me only youtube and google.
Then you haven't applied shoulder's tweak correctly. Recheck everything to see if it's the right folder and file.
Yes on it is on correct folder and file, I installed refcontrol addon, and set up about:config like kazuya says just my history is enabled.
Can you post the content of the userContent.css file?
Make sure you've added the line to userContent.css and NOT userContent-example.css.
After few restatrs on FF
Complete!
0 found
huh...
It's working after all, then. I have applied the tweak with History enabled, and the page can't know I visited Google.
Dark Knight
26.07.09, 22:36
well does The Google Chrome Incognito mode Safe From Css leak...?
You've gone incognito. Pages you view in this window won't appear in your browser history or search history, and they won't leave other traces, like cookies, on your computer after you close the incognito window. Any files you download or bookmarks you create will be preserved, however.
By not leaving cache, cookies or history traces, you could use it to browse SB-I, so yes.
I d/l RefControl, although when configuring do you add sites manually.
Also, sorry but I'm a noob (never came across something like this), but does this add-on disengage the transmission of your whereabouts, if so what is the point of running this program, mostly due to your personal security/privacy. Just interested in knowing, thanks.
Also, sorry but I'm a noob (never came across something like this), but does this add-on disengage the transmission of your whereabouts, if so what is the point of running this program, mostly due to your personal security/privacy. Just interested in knowing, thanks.
It won't conceal where you are from, it will only hide where you came from when you follow a given link. Websites works like this, when you click and follow a link, the browser reports where you are coming from as a referral. These tools and methods will disable this information sending.
Before splicer says it, lol :biggrin:
We have a dereferer installed, but if you want to be like, 200% sure, use this tweak.
Websites works like this, when you click and follow a link, the browser reports where you are coming from as a referral.
Exactly. To make sure it worked, go to IP.cc (http://www.ip.cc/) and click on "Anonymity test". Check if the line about referers says "N/A, Good!".
DarkSaibot v.1.3.10
31.07.09, 12:01
Just wanted to let you know that x264 use the same shit against us .
I have spoken with them and tell them that i have not read anything in the rulles about sb-i .
Stupid mothfucking no life dorks..virgin..trackers stuff.
Just wanted to let you know that x264 use the same shit against us .
Surprise surprise... "you're not wanted here, please leave"? :biggrin:
They're connected to other trackers using the CSS leak, so...
DarkSaibot v.1.3.10
31.07.09, 19:24
Surprise surprise... "you're not wanted here, please leave"? :biggrin:
They're connected to other trackers using the CSS leak, so...
Nop..only " say hello to the guys from sb-i"
and i tell him " wow..i have not readed in your rulles that is forbiden to visit other forums" after that " that multiple accounts "
never decided after all why have banned me..anyway..i'm very a very f**king bad day today and i'm tryng to now insult them to much..but are retards..and on other hands i'm getting sick with all those trackers with they dorks staff and security..like i have an account on ebay..and they don't have pirated staff.
I was sayd to my self that once i will enter on every dorks staff tracker and pretend that i'm from RIAA and MPAA,FBI or Interpoll and i will bring your shitty tracker down and ares them all.
and i tell him " wow..i have not readed in your rulles that is forbiden to visit other forums" after that " that multiple accounts "
They really ought to get their facts straight :rolleyes:
I was sayd to my self that once i will enter on every dorks staff tracker and pretend that i'm from RIAA and MPAA,FBI or Interpoll and i will bring your shitty tracker down and ares them all.
Last time someone pretended to be from the RIAA at a connected tracker he ended up being globally banned. LOL.
Come on man, don't be pissed of, you're above their level :)
DarkSaibot v.1.3.10
31.07.09, 20:54
They really ought to get their facts straight :rolleyes:
Maybe have banned me because i have a scar on my face..or im brunet..or because i have 2 hands and 2 legs..don't know..they don't
Last time someone pretended to be from the RIAA at a connected tracker he ended up being globally banned. LOL.
Don't care about global ban..have AOL and the best tracker ..fl.ro :biggrin:
Come on man, don't be pissed of, you're above their level :)
Nope..i'm not because of this..i'm more pissed that i lost on poker then because i have been banned on x264 :smile:
If you're using Firefox go for RefControl (https://addons.mozilla.org/de/firefox/addon/953), it does the best job. :top:
The Kazuya's tuto is very interesting. But for spoofing referer I like RefControl, too. The main reason Ilike RefControl so much is that this addon can be configured in such a way that, instead of sending no referrer, the actual referrer sent to, say, somesite.com, is "somesite.com" itself. I think it's a very secure and stealth configuration.
instead of sending no referrer, the actual referrer sent to, say, somesite.com, is "somesite.com" itself.
If you're talking about "Forge", I have just checked that out, and if you click a link from www.a.com to www.b.com, B will see:
Referer: http://www.b.com/
I think that unless you've visited B during your session, it looks a bit suspicious if a page refers you to itself out of nowhere, specially if there's no link to "/" on its homepage.
What I would do is blocking referers for third party requests, so that when clicking a link from A to B, to B it will look as if you had typed it in your address bar:
GET / HTTP/1.1
Host: www.b.com
...
Cookie: session=h87pw6
But when you browse B's pages, referers will be sent normally:
GET /login.php HTTP/1.1
Host: www.b.com
...
Referer: http://www.b.com/
Cookie: session=h87pw6
TheUnknown
11.09.09, 15:30
Careful, this can get you into trouble. Some sites don't like this and consider it a 'leeching' attack, so you'll have to enable it, go back and try again.
Yes, that can indeed happen. But with RefControl you can make it so that only specific sites see no referer headers or forged ones.
If you're talking about "Forge", I have just checked that out, and if you click a link from www.a.com to www.b.com, B will see:
Referer: http://www.b.com/
I think that unless you've visited B during your session, it looks a bit suspicious if a page refers you to itself out of nowhere, specially if there's no link to "/" on its homepage.
I agree. Moreover, on some site as... SourceForge (!) the download links are broken by "forging" the referer....
So, I agree with your "third party" trick. But why block ? Why not forge for third party ?
Because of the reason mentioned in that same quote :biggrin:
...unless you've visited B during your session, it looks a bit suspicious if a page refers you to itself out of nowhere, specially if there's no link to "/" on its homepage.
Source "Forge", I just got it... no problems with SF and disabled referers here, so you can just go for block.
Because of the reason mentioned in that same quote :biggrin:
You are right again... I had misinterpreted the Refcontrol's feature. Sometimes, after some hour, I had better to sleep.
Source "Forge", I just got it... no problems with SF and disabled referers here, so you can just go for block.
Indeed, after verification, it's the "forge" feature that breaks the downloads on SF, with and without "3rd party" enabled.
With one of these feature, I get (when eg trying to DL emule 0.49c):
The "eMule/0.49c/eMule0.49c-Sources.zip" file could not be found or is not available. Please select another file.
So, "forge" seems definitively be a bad option in RefControl. I will follow your advice (Block + 3rd party).
Wow, I didn't know tracker admins would go this deep attacking members' privacy just to ban them. Anyway, does if I create two separate profiles in firefox where one is used just for browsing the mentioned weird-scary trackers, would that be enough?
Wow, I didn't know tracker admins would go this deep attacking members' privacy just to ban them. Anyway, does if I create two separate profiles in firefox where one is used just for browsing the mentioned weird-scary trackers, would that be enough?
Yes, that should be enough. :top:
alpacino is right. :top: You can even run both profiles at the same time via a command-line parameter, for example:
"C:\Program Files\Mozilla Firefox\firefox.exe" -P "Trackers" -no-remote
Nice! Now, since what.cd was involved, is it true they can detect if you have been a member before? I mean, has anyone seen a case like that?
is it true they can detect if you have been a member before?
Not if you take the usual precautions. Using a different browser would also be nice.
How about records? Are your previous IPs and emails stored in the database?
Yes, they are:
http://www.sb-innovation.de/showthread.php?threadid=14576
Now that's bad news. haha! Guess there's no going back to What.
I find another option to block referrer,trough Firewall Outpost,go to settings,web control,customize.you can select between 3 options,allow,block or prompt
http://img269.imageshack.us/img269/3802/2710j.png
I think that blocks them for all apps, though.
well easy way for blocking for all apps:biggrin:
SB-I isn't on their list. Apply this tweak and visit YouTube, Google, Wikipedia, etc. If the scanner can't tell you've visited those sites, you're safe.
If you want to test if referers are fully disabled, go to IP.cc (http://www.ip.cc/), then click on "anonymity test".
Result:
You are using high-anonymous (elite) proxy (if you are using proxy). Click here to get more information about this proxy typ
is ok??? im using Mozilla portable from a year my header was set by himself to 0
any help i dont mi acc banned
pls help with this
google wiki and yahoo working for me wit value set to 0
12202
Result:
You are using high-anonymous (elite) proxy (if you are using proxy). Click here to get more information about this proxy typ
Click on "anonymity test" at the left, then scroll down and see what it says next to "HTTP_REFERER". If it's n/a, you're fine.
is fine! good thing mozilla portable using with no history and Tell web sites you do not want to be tracked (checked)
http://www.sb-innovation.de/attachment.php?attachmentid=12201
Just a quick note to all interested. I recently found a web page that allows a user to disable referring in Google Chrome. What you, the user, can do is try to alter Chrome's .exe itself. You can try to attempt to do this by editing Chrome's desktop shortcut's, it's, quick launch, and startmenu item. You will probably need to make the target line to include --no-referrers. The example that I came across had the same example provided here: "C:\Users\Username\AppData\Local\Google\Chrome\Appl ication\chrome.exe" --no-referrers
A Chrome extension that suppossedly does the same job is located here:
https://chrome.google.com/webstore/detail/dkpkjedlegmelkogpgamcaemgbanohip
I have no idea on the strength of this extension nor on the above info that I've supplied. I do hope that it works as I also use Chrome. Other than that, if there is anyone else that knows of other method that may be better than what I've supplied above, please do share. By the way, after you do this, you will see Google Chrome's old .exe listed as old_chrome.exe
i assume that option works on other platforms, too?
I'm not too sure, Instab. I wouldn't assume myself 100% but I can't see any reason why it would not. If Chrome's .exe can be modified on Windows, even with a different OS platform in place, I would tend to believe that even though all the libraries, file systems and arrangement of where things are stored are different along with the executable file formats being different and the notion of processes being also different between them all, that Chrome's executable file in Mac or Linux could be altered so as to get the benefit of disabling referrers. I don't run a Mac but I would be pretty interested in knowing if it could be altered so that referrers are disabled.
One thing that I think could also work, at least according to the website author listed in the below weblink, is to install this script in the Preferences section.
import json
import os
import time
# current prefs
pref_path = '{0}/.config/chromium/Default/Preferences'.format(os.getenv('HOME'))
prefs = open(pref_path, 'r+')
json_prefs = prefs.read()
# backup
old_prefs = open('{0}.{1}'.format(pref_path, time.time()), 'w')
old_prefs.write(json_prefs)
old_prefs.close()
# disable referrers
new_prefs = json.loads(json_prefs)
new_prefs['enable_referrers'] = False
new_json_prefs = json.dumps(new_prefs, sort_keys=True, indent=4)
# save
prefs.write(new_json_prefs)
prefs.close()
print 'DONE'
The link is from here:
http://http://darklaunch.com/2011/08/24/disable-a-referring-url-in-chrome-and-chromium
One other option would be to spoof referrer. You would have to install the Chrome extension called 'external noreferrer' found in the Chrome Web Store. Another Chrome extension to install that spoofs the referrer is called 'spoofy'. I have no idea on the actual effectiveness of either of these extensions but I can't see any reason to not give these extensions a try. But I am going to give these a try the next time I start up Chrome.
A third option to try ( myself too) is to install the Anonym.to Extension for Chrome. This last one at least allows the person browsing to navigate with some anonymity on the net.
A fourth option to try is to install a Chrome extension called KISS Privacy. The thing with this extension is that it is going to require some work on the user end first. You have to define what t to block yourself. This last one also cleans out your http referrer requests. Again, you would have to see how effective these are on your system with your setup as each of us have different set ups.
Powered by vBulletin® Version 4.2.5 Copyright © 2024 vBulletin Solutions, Inc. All rights reserved.