• [deleted]

  • Edited

Is there going to be any word on new Vanadium cross-origin referrer toggle? It links to Web browsing section, but it doesn't mention it. Disabling it probably breaks too much, but should one deviate from Vanadium defaults by truncating it to only the domain?

Just to make sure that I understand the technology behind referrers correctly: The site only gets referrer information if I have clicked a link on a previous site? If I enter the URL directly, the site doesn't get any referrer?

    4 months later

    [deleted]

    I have read the linked article, but must confess that I do not fully understand it. Currently my setting in Vanadium is "cross-origin referrer policy>Default."

    Do the other settings ( reduce cross-origin referrer / disable cross-origin referrer) offer any added value in terms of data protection without breaking too much?

      12 days later

      Murcielago
      I'm still interested in this topic and would like to push it again if that's OK. Could someone explain in simple terms what exactly the different settings in the Vanadium cross-origin referrer toggle do?

      I have been using Vanadium for some time and would like to understand the different configuration options of the browser as best I can.

      10 days later

      Hi, I have read the article linked in the comment below (above) and some other article and will try to outline my understanding of the various options. However, I am just an interested amateur, so this information may be completely misleading.

      The "Default" option says that the HTTP header Referer content in HTTP requests will be controlled either by the site itself, or by the Referrer-Policy header settings of the site, or by the browser (where the default setting as of 2021 is strict-origin-when-cross-origin).

      The "Reduce cross-origin referrer" option seems to enforce the strict-origin-when-cross-origin policy independently of the Referrer-Policy header setting (or in HTML, or through Javascript).

      And the "Disable cross-origin referrer" option seems to either remove the Referer header from HTTP requests completely, or fill it with a no-referrer value.

      Overall, it's a privacy option in the sense that when being redirected from one web page to another (either by clicking or automatically), thanks to this option we can control how much information about the original page (and our "position" on it) the next page receives.

      I would be grateful if someone could correct my conclusions.

      Related reading:
      https://developer.chrome.com/blog/referrer-policy-new-chrome-default/
      https://web.dev/articles/referrer-best-practices
      https://web.dev/articles/same-site-same-origin
      https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy

      3 months later