-
-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Current URL is disclosed to DuckDuckGo #343
Comments
Which browser are you using? I was under the impression most browsers send the origin when HTTPS is in use these days, not the current URL. I just checked the URL you mentioned in Chrome and didn’t reproduce the behaviour you describe; Chrome sent the origin, not the current URL. |
@JimDabell, the |
I see you were referring to this change in Chrome, not the |
Thanks for reporting. I agree we should add the |
When visiting https://plausible.io/plausible.io/sources, favicons are fetched from https://icons.duckduckgo.com, and the current page URL is sent to their servers in the
Referer
header, which could be undesirable when Plausible is self-hosted.The issue can be solved by setting the referrerpolicy attribute for image elements that point to other origins.
The text was updated successfully, but these errors were encountered: