Why is brave a Http referer

Troubleshooting technical issues is much easier when both the user and support agent practice clear communication. For this reason, we have provided the template below for you to fill out with information about your issue. Please provide as much detail as possible so we can most efficiently resolve your problem.

Description of the issue:
Brave is an http_referer, where or how can I turn off this option. It defeats the purpose of using a VPN for privacy.
How can this issue be reproduced?

1Go to whoami.com or search “who is” under any search engine.
2.locate the website and select “Is your browser an http_referer”. Up comes all your device and connection information.
3.This information is given to every website that uses the “get” command or option.

Expected result:
Fix this, or assist me in stopping this.
Brave Version( check About Brave):
Version 1.5.5
Mobile Device details
Nokia 3.1 Android 9
Additional Information:

We actually fake the referrer information. See more here:


How is that? All the information given was correct, everything. My device, the connection I use, the servers I’m connected to, which is not related to http referer, but doesn’t brave somehow protect it’s users? I have screenshots to prove it. I’m reading the Brave documentation as we speak, as well as GitHub info. If I’m wrong, my mistake. But as to http referer, the information was correct.

Edit: As much as this aggravates me I’m also intrigued. Hopefully my research on GitHub will lead to a contribution to security and privacy.

So GitHub says, " * cross-site requests for iframes and sub-resources have their referrer set to be the origin of the requested resource

  • cross-site navigations have no referrer at all
  • same-site requests of all kinds have the same behavior as Chromium."

Yet that did not happen, I’m curious as to if this is a application based problem or a device issue (which is hard to process, given that it should be the browsers, as there’s no browser configuration I’m aware of on the device besides the original Chrome config). But, I’m currently researching both. I’ll keep you informed.

1 Like

Let me know if you have any other Q’s and I’d be happy to pass them along to the privacy and/or security teams.

Hey @Whyisthis,

Can I ask more specifically about what you saw within Github etc. that you felt did not agree with our policy of faking HTTP referrer data?

The privacy team would really like to dig into this – please let us know!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.