From e18a85adb8de383304b1a16b98a2d502931cf3a2 Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Thu, 9 Mar 2017 04:43:13 +1300 Subject: [PATCH] 1600 header edits --- user.js | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/user.js b/user.js index 2858880..6a13466 100644 --- a/user.js +++ b/user.js @@ -661,11 +661,19 @@ user_pref("gfx.font_rendering.graphite.enabled", false); /*** 1600: HEADERS / REFERERS [SETUP] Except for DNT (Do Not Track), referers are best controlled by an extension. - We highly recommend that you block all referers, and then whitelist sites on a - granular, per domain level. That said, it is still important to set defaults. - full URI: https://example.com:8888/foo/bar.html?id=1234 - scheme+host+path+port: https://example.com:8888/foo/bar.html - scheme+host+port: https://example.com:8888 + It is important to realize that it is *cross domain* referers that need + controlling, and this is best handled by EITHER 1603 or 1604, not both. + + Option 1: Recommended: Use an extension to block all referers, and then whitelist + sites on a granular, per domain level. + Option 2: As per the settings below: Set XOriginPolicy (1603) to 1 (less breakage) + or 2 (more breakage) and leave XOriginTrimmingPolicy (1604) at default 0 + Option 3: Set XOriginPolicy (1603) to default 0 and set XOriginTrimmingPolicy (1604) to 2 + + full URI: https://example.com:8888/foo/bar.html?id=1234 + scheme+host+path+port: https://example.com:8888/foo/bar.html + scheme+host+port: https://example.com:8888 + #Required reading: https://feeding.cloud.geek.nz/posts/tweaking-referrer-for-privacy-in-firefox/ ***/ user_pref("ghacks_user.js.parrot", "1600 syntax error: the parrot rests in peace!");