Referrer-Policy Header is Missing

Description

The Referrer-Policy HTTP header controls how much referrer information (sent via the Referer header) should be included with requests. ^Mozilla The Referer (sic) header contains the address of the previous web page from which a link to the currently requested page was followed, which has lots of fairly innocent uses including analytics, logging, or optimized caching. However, there are more problematic uses such as tracking or stealing information, or even just side effects such as inadvertently leaking sensitive information. ^Mozilla

Recommendation

Configure your server to send the Referrer-Policy header for all pages with the value set to strict-origin-when-cross-origin. You can see references for other possible values.

References

• Mozilla: Referrer-Policy
• Mozilla: Referer header: privacy and security concerns