01520: prevent hyperlink referrer tracking
Description: pmwiki should set rel="noreferrer" on all hyperlinks to stop tracking gnuzoo
I tend to agree, even though people could easily configure this by redefining $UrlLinkFmt
. Let me think about it.
REF The noreferrer
keyword for the rel attribute of the <a> element instructs the browser, when navigating to the target resource, to omit the Referer header and otherwise leak no referrer information. --Petko
What rel="noreferrer" Does
The rel="noreferrer" attribute prevents the browser from sending the referring page's URL to the linked website. It also disables the window.opener property for security.
Benefits of changing the default:
- Privacy: Users' browsing history is not shared with external sites.
- Security: Prevents external sites from manipulating the original page using window.opener.
Drawbacks of changing the default:
- Loss of referral data: External sites cannot see where visitors came from.
- May affect analytics, affiliate programs, or tracking traffic sources: Some tracking systems rely on referral data.
This can be easily added or removed by a wiki administrator by redefining $UrlLinkFmt
, but currently, it is not enabled. The feature request asks for it to be enabled by default.
A balanced approach is making it configurable (which it already is) but leaving it disabled by default, so administrators can enable it if they prioritize privacy.
That said, if the community leans toward privacy-first principles, enabling it by default makes sense.
What do you think? Should this change be made? --Petko
Firefox allows users to adjust this via
about:config network.http.sendRefererHeader
Normal setting is 2.
Setting it to 0 blocks referrers.
PmWiki can set a var like this so it would not matter what browser is being used. Best to adjust it at the server side rather than individual browsers IMHO. --gnuzoo
I agree with privacy-first principles, more and more today. --Luigi
I favour the balanced approach of making it configurable but leaving it disabled by default. I make extensive use of referrer links on several loosely connected sites. In particular, there is a single webmaster report form that does an (admittedly weak) check to be sure it was called from a relevant page. Neil Herber
I would prefer by default not to allow tracking and let those who do make adjustments to turn it on. --gnuzoo
I agree with Neil here. Configurable = yes, default = no. --kellerfrau