Privacy-Oriented Origin Policy

Privacy-Oriented Origin Policy is a **Firefox extension designed to significantly enhance your online privacy** by giving you control over how your browser sends `Origin` headers. These headers, part of the Cross-Origin Resource Sharing (CORS) mechanism, can inadvertently leak information about your browsing activity to third-party servers. This extension steps in to prevent such data leakage by selectively removing the `Origin` header from `GET` requests and associated preflight requests. The extension offers two primary modes of operation: * **Aggressive mode**: Removes the `Origin` header from all `GET` requests. While this offers maximum privacy, it might affect the functionality of some websites. You can use a whitelist to exempt trusted sites. * **Relaxed mode (default)**: Uses heuristics to identify `GET` requests that might carry credentials (like those with cookies or an `Authorization` header) and excludes them from modification. This mode balances privacy with website compatibility. When a request is altered, the extension not only removes the `Origin` header but also injects an `Access-Control-Allow-Origin: *` header into the server's response. This ensures the request can proceed without the original `Origin` information, effectively **shielding your browsing origin from unnecessary disclosure**. This process is carefully designed to be safe, primarily affecting `GET` requests and ensuring that requests with credentials are handled correctly to avoid security issues. Being an **open-source tool**, its code is available for review, promoting transparency and allowing users to verify its privacy-enhancing claims. While the extension aims to protect your privacy, it's important to note that the aggressive mode might require some configuration (like whitelisting sites) for optimal browsing experience. It provides a unique way to mitigate a specific tracking vector that other content blockers might not fully address, giving you **finer-grained control over your digital footprint**.