[mo3gut]

> Your browser then sends Referer: ...

While I don't doubt dataskydd's good intentions, their advice about referrers is a sign that we live in Clown World.

Yes, your browser's tendency to provide a referrer might well give away information you would prefer it didn't. Unfortunately for you, the browser vendors have chosen to provide browsers that do that.

In a parallel universe it would be obvious that this is a problem (among many) for the browser vendors to address. In Clown World, you are supposed to rely on each and every site providing a special response header.

[andersju]

Just a historical note that I found interesting - it was in fact obvious (to some) already 22 years ago. From RFC 1945 (HTTP/1.0), May 1996, 10.13 Referer [sic]:

"Note: Because the source of a link may be private information or may reveal an otherwise private information source, it is strongly recommended that the user be able to select whether or not the Referer field is sent. For example, a browser client could have a toggle switch for browsing openly/anonymously, which would respectively enable/disable the sending of Referer and From information."

(https://tools.ietf.org/html/rfc1945#section-10.13)

This recommendation was not followed in any meaningful way, but Referrer Policy (https://www.w3.org/TR/referrer-policy/), which supports a whole bunch of different policies and is very easy to implement (and now widely supported), at least makes things slightly better.

[bscphil]

It's not an either/or thing at all. The browsers are slowly trying to tighten policies on Referer, but it's a process because there are still some webpages that unfortunately rely on it being sent. (You can force it off, at least in Firefox, if you want to.) The point of this site header is so that sites that don't need Referer to be set can explicitly tell your browser that, protecting you from snooping third parties.

[lucideer]

> this is a problem (among many) for the browser vendors to address

I'm guessing the reason others are downvoting you is that Referer Policy is exactly that: it's the attempt of modern browsers to address this problem (a problem that yes, they did create, but the fact they're supporting Referer Policy at all at least shows that the problem was created out of incompetence rather than malice).