3.2 Do Not Send Cross SSL/TLS Referrer Header

Information

This preference dictates whether Firefox will send the URL of the SSL/TLS-protected referring site to the referred SSL/TLS protected site.
The URL of the SSL-protected referring site may contain sensitive information. Preventing this URL from being sent mitigates the risk that the sensitive information will be disclosed.

Solution

Perform the following procedure:

* Open the mozilla.cfg file in the installation directory with a text editor

* Add the following lines to mozilla.cfg:

lockPref('network.http.sendSecureXSiteReferrer', false);

See Also

https://workbench.cisecurity.org/files/1158

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b.

Plugin: Windows

Control ID: c2c96cd57fb32df50de7deea42e5aff71404e0a6faec69adae3eb1b048cd117f