So isn't able to truely spoof referer or user-agent?

Hi, Mozilla developers and Firefox users.

I was working on a referer spoofing addon , but to find there is no way to truely do that. (this bug still not fixed) Since Firefox 69 document.referrer doesn’t follow HTTP request header’s “Referer”.

Client side’s read-only js object document.referrer always leak real origin, which is a privacy and security concern. Some addons are using tricks trying to spoof document.referrer but no true success.

Could you fix that bug please?

BTW, found on MDN navigator.userAgent is too a read-only js object that doesn’t follow HTTP header. Isn’t that making anti-fingerprinting meaningless for non-Windows Firefox users? (as well as TorBrowser, leaking real OS via js)