Description
The Referrer-Policy HTTP header controls the amount of referrer information (sent via the Referer header) included with requests. The Referer header contains the address of the previous web page from which a link to the currently requested page was followed. While it has many legitimate uses such as analytics and logging, it can also pose privacy and security risks if not handled properly.
Test for Referrer-Policy Header Vulnerability with SmartScanner
Donwload FREE!Recommendation
Configure your server to send the Referrer-Policy header for all pages with the value set to strict-origin-when-cross-origin. This policy ensures that the full URL is included as a referrer when navigating within the same origin, while only sending the origin when navigating from one origin to another. You can explore other possible values based on your specific requirements and security considerations.
References
Related Issues
- X-Frame-Options Header is Missing - Vulnerability
- ASP.NET Version Disclosure - Vulnerability
- Content Character Encoding is not Defined - Vulnerability
- Content-Security-Policy Header is Missing - Vulnerability
- Tags:
- HTTP Headers
- Privacy
- Application Misconfiguration