Reject SI page requests with an invalid Referrer header value

[zenmonkeykstop]

Description

Instructions for use of the SI recommend that users start a session in Tor Browser by pasting (or typing, for onion names) the SI address into the address bar. Landing page guidelines reinforce this behaviour by requiring that the SI address not be treated as a hyperlink, but as plaintext.

Given this, if the SI is being used correctly, HTTP requests should either contain a blank/no Referrer header, or a Referrer header with a host part matching the request's Host header.

In order to enforce this behaviour, and also mitigate automated traffic following links to SecureDrop instances, the Referer header should be checked, and invalid requests should be redirected to a dead-end static page.

[zenmonkeykstop]

Deferred for now.

[eaon]

Added the UX label because although the idea is to mitigate issues around clearnet proxy use and automated crawling, etc, I think we should be very confident about being OK with the implications of potentially blocking access.

The downside would potentially involve sources being greeted with error messages in an already high-stress situation.