PrivacyOriented Origin Policy for Firefox

first_imgPrivacy-Oriented Origin Policy for Firefox by Martin Brinkmann on January 19, 2019 in Firefox – Last Update: January 19, 2019 – 19 commentsPrivacy-Oriented Origin Policy is anew browser extension for the Firefox web browser that blocks Firefox from sending Origin headers under certain circumstances.To understand what Privacy-Oriented Origin Policy does, it is necessary to understand how the same-origin policy and cross-origin resource sharing works.The same-origin policy is a security model that restricts access to resources, e.g. JavaScript scripts, based on the origin (made up of scheme, hostname, and port); this is done to prevent cross-site scripting and cross-site request forgery attacks.Cross-Origin Resource Sharing bypasses the same-origin policy so that other sites may request resources protected by the same-origin policy.When a browser makes a cross-origin resource request, it adds a reference to the HTTP header that includes the origin that triggered the request. In other words: it tells the server the request is made to that you came from a certain domain, e.g. Origin Policy may modify these requests to block the information from being revealed to the site the CORS request is made to.The extension comes with several modes of operation; the default mode, relaxed, relies on heuristics to determine whether it is save to strip the origin header. Aggressive mode on the other hand strips all origin headers. Both modes work on GET requests only.Relaxed mode won’t remove the origin header if the request includes cookies, authorization header, or username, password, query, or hash data in the URL.Some sites, often those that use cross-origin resource requests for legitimate purposes, may break when the extension is used as requests may fail if the origin header is not sent with requests.Privacy-Oriented Origin Policy comes with options to whitelist domains. If you notice breakage, e.g. some site functionality is not available when the extension strips the Origin header, then you may add it to the whitelist to allow requests on that domain.The settings give you even more control over the process:Change the global mode (aggressive or relaxed).Enable overrides, e.g. using aggressive on certain sites or whitelisting sites.Select types of requests, e.g. font or stylesheet, that you want handled in relaxed mode like in aggressive mode.Exclude root domain matches, to allow requests between non-www and www domains that share the same root, e.g. and www.examplec.omExclude requests using patterns.Closing words and verdictPrivacy-Oriented Origin Policy is another browser extension that attempts to improve user privacy by restricting built-in functionality. It requires a bit of trial and error to make sure that essential features don’t break because of it.Firefox users who use uMatrix, uBlock Origin, NoScript or other content blockers that can block third-party requests offer an alternative.Now You: Do you use privacy extensions?Summary12345 Author Rating5 based on 5 votes Software Name Privacy-Oriented Origin PolicySoftware Category BrowserLanding Page Advertisementlast_img

Post A Comment

Your email address will not be published. Required fields are marked *