As of Firefox 90 we intend to turn Fetch Metadata Request Headers on by default on all platforms. It has been developed behind the dom.security.secFetch.enabled preference. Chrome, Opera and Edge have already shipped this feature.
Bug to turn on by default: https://bugzilla.mozilla.org/show_bug.cgi?id=1695911
Fetch metadata request headers provide the server with additional information about where the request originated from, enabling it to ignore potentially malicious requests.