Change HTTP referer settings: Vivaldi

The HTTP referrer header can be very revealing in the context of online tracking. Learn how you can change the policy in Vivaldi to force the browser to include the minimum information in this header or even block it entierely.

Last modified
16th September 2020
Guide level
Guide Device
Content

What: the Referer (a misspelling of referrer) header contains the address of the previous web page from which a link to the currently requested page was followed. In more simple terms, the referer is the URL from which came a request received by a server. A good example is if you click a link on the page site.com/page to go to another-site.com/link, the HTTP Referer received by another-site.com/link will have the value site.com/page.

Why it's important: While the referer header can have begnign use for things such as analytics (knowing what journey a visitor took on a site), it can be very revealing in the context of online tracking. As we demonstrated in our research on mental health website and tracking, third parties loaded by a page (for example to display targeted ads) while receive the URL that you are visiting in the Referer header.

Example: a query sent to AdNexus, an AdTech company, containing the exact page being visited in the Referer

This provides a lot of information about your online activities and allow trackers to get a more comprehensive vision of your browsing habit and better profile you

What you can do: The HTTP Referer can follow different policies indicated either by the server or the browser. As a user, you can change the policy to force the browser to include the minimum information in this header or even block it entierely (although this might cause some problems).

Same request as above with the Referer blocked, AdNexus don't know which site we are visiting

Limits: The HTTP referer is only one way by which third parties can know what website you are visiting and there are many other tracking methods which are still efficient with this blocked. While you won't ever be able to block 100% of trackers, make sure you look at our other guides to harden your defenses

By default, Vivaldi's referer policy is set to upgrade-insecure

To change to strict origin;

  1. Open Vivaldi
  2. Type vivaldi://flags in the URL bar, and search for "referer"

OR 2. Click here: vivaldi://flags/#reduced-referrer-granularity 3. Change the dropdown from "Default" to "Enabled"