Referrer-Policy Header is Missing

Impact: Informational


The Referrer-Policy HTTP header controls the amount of referrer information (sent via the Referer header) included with requests. The Referer header contains the address of the previous web page from which a link to the currently requested page was followed. While it has many legitimate uses such as analytics and logging, it can also pose privacy and security risks if not handled properly.


Configure your server to send the Referrer-Policy header for all pages with the value set to strict-origin-when-cross-origin. This policy ensures that the full URL is included as a referrer when navigating within the same origin, while only sending the origin when navigating from one origin to another. You can explore other possible values based on your specific requirements and security considerations.


Last updated on May 13, 2024

Use SmartScanner Free version to test for this issue