|Originally deployed in||0.55.18|
|Latest update deployed in||v1.1.20|
|Latest update includes||Removed known user tracking parameters from query strings|
|User controls||Site-specific and global controls for:
Brave classifies tracking domains using input from multiple lists:
Brave matches each outgoing request from the web browser against these lists (using various methods for achieving optimized performance), and if a match is made, the request is blocked.
https://www.google-analytics.com/analytics.js. This URL (and the entire domain, in fact), is listed in the EasyPrivacy list. Thus Brave blocks the request, preventing the browser from downloading the library and executing the Google Analytics tracking code in the web browser.
All third-party cookies are blocked by default.
document.cookie, expiration is set to a maximum of 7 days.
Example: The user visits a page that is running an A/B testing tool which stores the experiment details into a cookie named
For cookies set with the
Set-Cookie HTTP response header, expiration is set to a maximum of 6 months.
Cross-site referrers are spoofed in non-navigational HTTP requests.
Example: If the page on
https://domain.com/page requests a resource from
referer header in the HTTP requests will be set to the referred-to origin (
https://anotherdomain.com/) rather than the referred-from origin (
https://domain.com/) as is the typical behavior.
For top-level navigation, cross-site referrers are stripped entirely.
Example: When clicking a link from
referer header is removed from the request. Similarly, the
document.referrer will return an empty string once the user lands on
For same-site requests (both navigational and non-navigational), referrer has normal behavior.
Brave removes known tracker identifier parameters (
mc_eid) from URL strings. On top-level navigation (e.g. landing on a page with such parameters in the URL), the parameters are stripped out in a 307 internal redirect. On non-navigational HTTP requests, the parameter is stripped from the request URL.
Example: If the user types
https://www.domain.com/?fbclid=220.127.116.11 in the omnibox and presses enter, Brave strips the parameter in an internal redirect. Similarly, if the browser makes a request to
https://www.domain.com/tracking-pixel.gif?mc_eid=23456, Brave strips the parameter out of the request before it hits the target server.