Use better technologies than URL redirection for referrer hiding

blobgo blobgo
Created: 1 year and 11 months ago
Currently you can enable to hide the referrer (& therefore the search query). However this is ugly as redirections need time and right-clicking on a search result won't give you the correct link and all in all it is a quite outdated behaviour.

And there are better modern an unobtrusive alternatives. To name them:
1. Use Content Security Policy (a thing I'd suggest you anyway) and include `referrer no-referrer;` there, which makes recent browsers to ignore the referrer.
2. Use a Referrer Policy: https://w3c.github.io/webappsec-referrer...
This can be done as a HTML meta tag (with good browser support) or a HTTP header (less browser support).

Personally I'd just suggest you to combine these two methods.

More information can be found on this test site: https://webbkoll.dataskydd.net/en

This forum has been archived

Thank you all for the many comments, questions and suggestions. Particular thanks go to user x.15a2 for constantly monitoring, replying and helping so many users here. To continue these discussions, please head over to the DuckDuckGo subreddit.


x.15a2
The redirect setting is actually defaulted to OFF now for most (modern) browsers (those that support the meta referrer tag.) The meta referrer tag solves the same privacy issues in a much more elegant way, you can read more about it here: https://blog.mozilla.org/security/2015/0...
posted by x.15a2 Community Leader1 year and 11 months ago Link
blobgo
Ah so you already support this tag?
In this case the setting is a bit misleading as it implies that referrer-stripping would not be done without this setting. Maybe you can change this a bit.

Also, to support more browsers, you may consider the CSP thing I explained.
posted by blobgo 1 year and 11 months ago Link