nodiscc
commented
4 months ago See also https://github.com/pyllyukko/user.js/issues/94#issuecomment-256515175
I was thinking that XOriginPolicy = 2 and XOriginTrimmingPolicy = 2 might be an appropriate default that will not break very much. People can comment out XOriginPolicy if they see breakage they can't live without.
I'm not entirely convinced that TrimmingPolicy does anything useful over XOriginTrimmingPolicy because you can't hide your query string from the server you're connecting to. They have all of your traffic in their access log and it's easy to link all of your page views together. They don't need the referrer to do any of that.
Same warning as for https://github.com/pyllyukko/user.js/pull/553, altering referers is a frequent cause for breakage on sites that rely on them (I didn't include the notice because it is already present twice in prefs above).
For a relaxed variant I recommend first relaxing
network.http.referer.trimmingPolicyto 1 then 0 (becausenetwork.http.referer.XOriginTrimmingPolicystill protects against sending full referers across origins), and in last resort relaxingnetwork.http.referer.XOriginTrimmingPolicy.Again, these prefs will break websites, but the notice is present.