Privacy-Oriented Origin Policy for Firefox

Privacy-Oriented Origin Policy is anew browser extension for the Firefox internet browser that blocks Firefox from sending Origin headers underneath sure circumstances.

To perceive what Privacy-Oriented Origin Policy does, it’s vital to grasp how the same-origin coverage and cross-origin useful resource sharing works.

The same-origin coverage is a safety mannequin that restricts entry to assets, e.g. JavaScript scripts, based mostly on the origin (made up of scheme, hostname, and port); that is carried out to stop cross-site scripting and cross-site request forgery assaults.

Cross-Origin Resource Sharing bypasses the same-origin coverage in order that different websites might request assets protected by the same-origin coverage.

privacy origin

When a browser makes a cross-origin useful resource request, it provides a reference to the HTTP header that features the origin that triggered the request. In different phrases: it tells the server the request is made to that you simply got here from a sure area, e.g.

Privacy-Oriented Origin Policy might modify these requests to dam the knowledge from being revealed to the location the CORS request is made to.

The extension comes with a number of modes of operation; the default mode, relaxed, depends on heuristics to find out whether or not it’s save to strip the origin header. Aggressive mode alternatively strips all origin headers. Both modes work on GET requests solely.

Relaxed mode will not take away the origin header if the request consists of cookies, authorization header, or username, password, question, or hash knowledge within the URL.

Some websites, typically people who use cross-origin useful resource requests for authentic functions, might break when the extension is used as requests might fail if the origin header shouldn’t be despatched with requests.

Privacy-Oriented Origin Policy comes with choices to whitelist domains. If you discover breakage, e.g. some website performance shouldn’t be out there when the extension strips the Origin header, then it’s possible you’ll add it to the whitelist to permit requests on that area.

origin filters

The settings offer you much more management over the method:

  • Change the worldwide mode (aggressive or relaxed).
  • Enable overrides, e.g. utilizing aggressive on sure websites or whitelisting websites.
  • Select sorts of requests, e.g. font or stylesheet, that you really want dealt with in relaxed mode like in aggressive mode.
  • Exclude root area matches, to permit requests between non-www and www domains that share the identical root, e.g. and
  • Exclude requests utilizing patterns.

Closing phrases and verdict

Privacy-Oriented Origin Policy is one other browser extension that makes an attempt to enhance person privateness by limiting built-in performance. It requires a little bit of trial and error to guarantee that important options do not break due to it.

Firefox customers who use uMatrix, uBlock Origin, NoScript or different content material blockers that may block third-party requests provide an alternate.

Now You: Do you employ privateness extensions?

Check Also

uMatrix development has ended – gHacks Tech News

Raymond Hill, recognized on-line as gorhill, has set the standing of the uMatrix GitHub repository …

Leave a Reply

Your email address will not be published. Required fields are marked *