85 reviews
  • Any novel privacy-enhancing add-on gets a thumbs up from me. Thanks!
  • I use this all the time. How is e10 compatibility coming along?
  • I like the fact the extension allows you to treat subdomains as different domains, and to configure how the referer should be set (same than URL or direct hit). The project is on GitHub: https://github.com/meh/smart-referer
  • I was using RefControl before but this one is better (more simple and just looks better). Plus this one works on Firefox Mobile unlike RefControl.
  • Not sure why everything online wants to spy on you nowadays...
  • Can't live without it!
    Thanks developer.
  • FlickR recently started preventing me logging in. Disabling Smart Referer resolved the issue. It's a shame, as it's been a reassuring add-on, but now unusable for me.
  • Since Firefox 28 there are three new items in about:config:

    network.http.referer.XOriginPolicy: 0=always send, 1=send if base domains match, 2=send if hosts match
    network.http.referer.spoofSource: false=real referer, true=spoof referer (use target URI as referer)
    network.http.referer.trimmingPolicy: 0=send full URI, 1=scheme+host+port+path, 2=scheme+host+port

    Referrer processing is done in this order. Thus, setting XOriginPolicy to 2 makes spoofSource and trimmingPolicy useless if going from a.example.com to b.example.com, since no referrer would be send anyway due to the XOriginPolicy.

    If using the three new I'd suggest to set the old network.http.sendRefererHeader to 2 (default, always send referrer).

    See https://bugzilla.mozilla.org/show_bug.cgi?id=822869
  • Just what I was looking for. The default whitelist is quite helpful too!
  • Not available for your platform. FF 25.0.1 (latest), Win8 (64)
    This is an essential function and should be widely available. Please make this compatible or point me in the direction of something that is.
    It's already available for that platform and version, something's wrong on your side.
  • Firefox should include this addon by default, it's simple and effective!!! Thank you for taking the time to make this! Five stars all the way!
    You're very welcome.
  • It works, but when I make a change to the preferences, it seems that I need to restart the browser before the changes can take effect.
    That shouldn't be the case at all, can you give me some ways to reproduce that behaviour?
  • I need my own local whitelist like in RefControl
    You already have a local whitelist, just put them in the Allow field in the addon's preferences page.
  • The automatic downloading of the whitelist without user intervention is ok for most but not all. Removing the link in the options stops the download. How can the whitelist.txt be an option or manually setup? Where is it stored? Is it deleted when the browser closes, and then needs to get downloaded again? Other than what is mentioned about the whitelist.txt, the addon works as mentioned.

    Reply: Ok, thanks!
    It's already an option, if you remove the link from the addon's preference page it won't be reinstated unless you write the URL of your whitelist in that box.

    It's not stored anywhere, it's just downloaded and set temporarily in the internal state of the addon, it gets downloaded every 24 hours or every time you enable the addon.
  • amazing! this should be integrated in firefox
  • A minimalistic add-on that does what it says on the tin. Excellent. My only suggestion would be to include an auto-updating rulelist to auto-whitelist major websites that, inevitably, have resulted (and will continue to result) in negative reviews here on AMO. It's important to have a custom whitelist field for fringe cases, but end-users really shouldn't have to whitelist things like disqus.com and api.solvemedia.com on their own.
    That does sound like a good idea, I'll think about how to approach it.

    Thanks for the positive review.
  • I've always said that security and privacy are a good thing... up until it interferes with your own access to content.

    3 stars for effort. The addon is a good idea in theory.

    This addon interferes with viewing content that is served from third-party hosting servers--both enterprise level, and discount alike), such as image hosting, flash media, and video streaming server hosting companies, to name a few, that won't serve the content without a receiving a referrer url from the site that is paying for the hosting to support their portal. This is typically to keep down bandwidth increases resulting from link proliferation due to other services (such as Google Search, for instance.)

    This add-on interferes with a lot of sites on the web.If you are multimedia oriented, and spend much of your time looking at video, image sites (like Wallbase.cc), or listening to streaming music, then this add-on is not for you.

    If you spend most of your time scanning news websites, reading articles, writing blogs, and doing research, then this add-on is probably a good idea for you, especially if your involved in controversy like 9/11 Truth, research into US banking and Wall Street frauds, and any other type of conspiracy or government cover-up studies.

    * Update: The developer brings up a good point... the addon apparently allows you to "white-list" sites. I didn't check for that. :)
    As any other privacy addon you have to whitelist what you want to happen, and you can do that with this addon too.

    It's like saying NoScript and RequestPolicy are bad because they break websites out of the box, you have to configure them, this is true for Smart Referer too.
  • I was wondering why a lot of video sites were giving me "video not found" or notices that I needed to visit the video site to play the video (even though I was already there). After I disabled this add-on I was able to view videos on those sites without any problems. Perhaps a whitelist function might be needed in future releases? It was only after I posted this initial review that I found out there were instruction s on preventing this problem on the add-ons home page.
    Yeah, it's on the preferences page of the addon in the addon manager.
  • After blocking tracking URLs and cookies, controlling information leakage through Referer headers is another important privacy measure. And this extension makes it pretty much install-and-forget!
  • Coming here from the "change referer button" add-on, and breathing a sigh of relief. Now I can have a whitelist so disqus actually works. And I can use my own referer, which is handy. The "dumb referer" used by Change Referer Button was causing websites to not load properly, unless turn off referer spoofing, which renders the tool useless.
  • Review Update: my only complaint against this addon was that it didn't offer a GUI, but since this has changed with version 0.0.8*, I have nothing to complain about thus far.

    Very nice addon, keep it up. :)

    *) For other users: The new version is still marked as experimental until it gets reviewed by Mozilla but can be had from "complete version history" link at the bottom of the page, if anyone is interested.

    [scraped]A simple/minimal GUI for...but nice addon nevertheless.[/scraped]
    I added an interface to change the settings, you'll find it in the preferences page in the addon manager.

    Although this means bumping the minimum version to Firefox 7.0.

    If you could bump the stars or add anything else you don't like after the new version is reviewed it would be nice.
  • Been using this for several months now, and I'd mostly forgotten about it. That's a good thing for an extension like this, in my opinion. I like the additional privacy, and a website I visit is blacklisted from a popular imagehost for silly reasons, which this bypasses. Somewhat ironically, I've noticed it breaks Github in addition to Disqus. Updating the whitelist results in both sites working fine now.Thanks for this useful, minimal add-on.

    RE Github: on the Github site the verify email address function wasn't working, and neither was the network graph (would just sit there with the loading animation), until I added it to the same whitelist as Disqus. So really just some minor things were acting strange.
    Thanks for the review.

    Just curious, where does it break GIthub? The gists on external websites or Github itself?
  • Great add-on! I'll tell you why; it is simple and "just works"! With the recently added white-list support (which i only have needed for disqus thus far) it is close to perfect for its purpose. One thing though, i wish the strict mode would be disabled per default because many bigger sites use content-servers on a sub-domain and if they require referrer then there will be problems. This way ppl trying it out won't just discard it right away because they run into problems with the default options. Also it would be nice with a link to a test page (test by subdomain, domain, and so on) that reports back what referrer it got, so you can see if it works or not, then you could check if you break it by typing in invalid white-list regular expressions and such..Thanks for a great add-on!

    Late update/reply to meh (Aug 1, 2013): I read the description of self-referrer -it seems to be appropriate as the default mode, which it is now. Regarding the test-page: I think the new, easier, white-list feature you now have available (wildcards, not reg-exp) is sufficient to weed out most errors. The rest should be test-able by checking the pages in the white-list (example: Disqus). Also I realized anyone can make their own test-page by posting a link to an HTTP header check page like http://xhaus.com/headers in some random forum, then just click the link to see the results! :)
    You know what? I agree with disabling strict mode by default.

    Do you think it would be worth to set as default "self" mode too? It uses as referer the URL you're going to.

    About the test page, I can provide a simple .php to put up locally, to test it I usually fill the /etc/hosts with the fake domains I want to test on and change the set of links on the .php page.

    Putting it online would be harder because it would require a local DNS server to do the required magic and I don't have the resources to get a VPS for it.

    Something I could do about it is a simple JS page on my website where you can test your whitelists against a set of domains.