Hi, Mozilla developers and Firefox users.
I was working on a referer spoofing addon , but to find there is no way to truely do that. (this bug still not fixed) Since Firefox 69 document.referrer
doesn’t follow HTTP request header’s “Referer”.
Client side’s read-only js object document.referrer
always leak real origin, which is a privacy and security concern. Some addons are using tricks trying to spoof document.referrer
but no true success.
Could you fix that bug please?
BTW, found on MDN navigator.userAgent is too a read-only js object that doesn’t follow HTTP header. Isn’t that making anti-fingerprinting meaningless for non-Windows Firefox users? (as well as TorBrowser, leaking real OS via js)