[lucb1e]

What do you use to suppress the referer header?

For my job, I needed to know whether to dissuade a customer from using the referrer for CSRF protection. I looked for stats on how many people filter this but could find nothing at all. You're the first person I hear runs this in practice, so maybe I can find usage stats on the software you use. Secondarily, I'd be curious how often you run into trouble!

[seabass-labrax]

I block referrer headers on Firefox 102.15.1esr; although I use uBlock Origin, for the headers I just set 'network.http.sendRefererHeader' in about:config. There are very few occasions when things don't work. Perhaps once in a week's worth of browsing the Web I'll come across a Cloudflare site that doesn't like me, and these new OpenStreetMap tiles worked yesterday but don't today.

[bmicraft]

It's a feature of uMatrix that's enabled by default