Security/Tracking protection/Client implementation

From MozillaWiki
Jump to: navigation, search


List updates

Safe Browsing has existed in one form or another in Firefox since Firefox 2.0, for phishing and malware protection. These lists are used to cancel HTTP connections to phishing and malware (and now tracking) sites, and are updated every 45 minutes or less from the appropriate server.

Safe Browsing servers are now configurable per-list. In the example below, Firefox fetches the tracking protection list mozpub-track-digest256 from a Mozilla Safe Browsing server, and the existing phishing list from the Google Safe Browsing server.

A complete description of the protocol may be found in


List lookups

Safe Browsing lists are based on URLs. To save space, Safe Browsing supports a format that stores only the truncated SHA-256 hash of the URL. When a match is found, Firefox requests the complete hash from the appropriate server.


For each HTTP load, Firefox looks up multiple URL fragments based on This allows us to blocklist all subdomains of a tracking domain without enumerating each one.

List enforcement

Enforcement happens in nsChannelClassifier, which cancels the underlying channel with error NS_ERROR_TRACKING_URI if the resource being requested matches the blocklist.

In all cases, the DOM element loader calls NS_NewChannel after calling nsIContentPolicy.shouldLoad. This means that addons that implement shouldLoad (such as AdBlockPlus and Ghostery) get called before tracking protection.

Annotating the DOM

Each DOM element that creates an HTTP channel with NS_NewChannel also implements an nsIWebProgressListener. If the channel is cancelled, the associated DOM element is added to HTMLDocument.blockedTrackingNodes. The DOM element loaders that currently enable tracking protection include:

  • nsScriptLoader
  • nsImageLoadingContent
  • nsObjectLoadingContent
  • Loader (CSS)

The majority of this work was completed in and


See TrackingProtectionForFirefox#How_do_you_use_it.3F for screenshots of the frontend. The majority of this work was completed in bugs