EFForg · troy-lamerton · Sep 2, 2018 · Sep 2, 2018 · Sep 4, 2018 · Sep 5, 2018
diff --git a/src/_locales/en_US/messages.json b/src/_locales/en_US/messages.json
@@ -135,6 +135,10 @@
         "message": "Replace social widgets",
         "description": "Checkbox label on the general settings page"
     },
+    "options_spoof_referrer_checkbox": {
+        "message": "Spoof the Referrer header",
+        "description": "Checkbox label for spoofing referrer on the general settings page"
+    },
     "options_incognito_warning": {
         "message": "** Enabling learning in Private/Incognito windows may leave traces of your private browsing history on your computer. By default, Privacy Badger will block trackers it already knows about in Private/Incognito windows, but it won't learn about new trackers. You might want to enable this option if a lot of your browsing happens in Private/Incognito windows.",
         "description": "Detailed explanation shown under checkboxes on the general settings page"
@@ -509,4 +513,4 @@
             }
         }
     }
-}
+}
diff --git a/src/js/background.js b/src/js/background.js
@@ -478,7 +478,8 @@ Badger.prototype = {
     sendDNTSignal: true,
     showCounter: true,
     showTrackingDomains: false,
-    socialWidgetReplacementEnabled: true
+    socialWidgetReplacementEnabled: true,
+    spoofReferrerEnabled: true
   },
 
   /**
@@ -636,6 +637,10 @@ Badger.prototype = {
     return this.getSettings().getItem("socialWidgetReplacementEnabled");
   },
 
+  isSpoofReferrerEnabled: function() {
+    return this.getSettings().getItem("spoofReferrerEnabled");
+  },
+
   isDNTSignalEnabled: function() {
     return this.getSettings().getItem("sendDNTSignal");
   },

diff --git a/src/js/options.js b/src/js/options.js
@@ -107,6 +107,8 @@ function loadOptions() {
   $("#show_counter_checkbox").prop("checked", badger.showCounter());
   $("#replace_social_widgets_checkbox").on("click", updateSocialWidgetReplacement);
   $("#replace_social_widgets_checkbox").prop("checked", badger.isSocialWidgetReplacementEnabled());
+  $("#spoof_referrer_checkbox").on("click", updateSpoofReferrer);
+  $("#spoof_referrer_checkbox").prop("checked", badger.isSpoofReferrerEnabled());
   $("#enable_dnt_checkbox").on("click", updateDNTCheckboxClicked);
   $("#enable_dnt_checkbox").prop("checked", badger.isDNTSignalEnabled());
   $("#check_dnt_policy_checkbox").on("click", updateCheckingDNTPolicy);
@@ -330,6 +332,20 @@ function updateSocialWidgetReplacement() {
   });
 }
 
+/**
+ * Update setting for spoofing the referrer header of all 3rd party requests.
+ */
+function updateSpoofReferrer() {
+  const enabled = $("#spoof_referrer_checkbox").prop("checked");
+
+  chrome.runtime.sendMessage({
+    type: "updateSettings",
+    data: {
+      spoofReferrerEnabled: enabled
+    }
+  });
+}
+
 /**
  * Update DNT checkbox clicked
  */

diff --git a/src/js/webrequest.js b/src/js/webrequest.js
@@ -172,6 +172,23 @@ function onBeforeSendHeaders(details) {
     } else {
       return {};
     }
+
+  } else if (badger.isSpoofReferrerEnabled()) {
+    if (badger.isPrivacyBadgerEnabled(tabDomain) && badger.isPrivacyBadgerEnabled(requestDomain)) {
+      // spoof referer header for third party requests
+      const refererHeader = details.requestHeaders.find(header => header.name === "Referer");
+      if (refererHeader) {
+        if (details.method === "GET") {
+          // spoof referer value
+          const requestUrl = new URL(details.url);
+          refererHeader.value = requestUrl.origin;
+        } else {
+          // remove referer header from non-GET request
+          const refererHeaderIndex = details.requestHeaders.indexOf(refererHeader);
+          details.requestHeaders.splice(refererHeaderIndex, 1);
+        }
+      }
+    }
   }
 
   var requestAction = checkAction(tab_id, requestDomain, frame_id);

diff --git a/src/skin/options.html b/src/skin/options.html
@@ -150,6 +150,12 @@ <h1><span class="i18n_options_title"></span></h1>
           <span class="i18n_options_social_widgets_checkbox"></span>
         </label>
       </div>
+      <div class="checkbox">
+        <label>
+          <input type="checkbox" id="spoof_referrer_checkbox">
+          <span class="i18n_options_spoof_referrer_checkbox"></span>
+        </label>
+      </div>
       <div class="checkbox">
         <label>
           <input type="checkbox" id="enable_dnt_checkbox">