Referrer-Policy Header is Missing

Impact: Informational


The Referrer-Policy HTTP header controls how much referrer information (sent via the Referer header) should be included with requests. Mozilla The Referer (sic) header contains the address of the previous web page from which a link to the currently requested page was followed, which has lots of fairly innocent uses including analytics, logging, or optimized caching. However, there are more problematic uses such as tracking or stealing information, or even just side effects such as inadvertently leaking sensitive information. Mozilla


Configure your server to send the Referrer-Policy header for all pages with the value set to strict-origin-when-cross-origin. You can see references for other possible values.


Last updated on February 15, 2021

Use SmartScanner Free version to test for this issue