Referrer-Policy header cannot be recognized

OWASP 2013-A5 OWASP 2017-A6 WASC-20 CWE-200 ISO27001-A.14.2.5

Referrer header is a request header from where the traffic originated in a site. A referrer policy header controls which referrer information should be included with the request. This server has found that HTTP header specifies unsafe referrer policy. This application does not recognize the referrer policies. If there is no adequate prevention in place the URL and even sensitive information contained in the URL will be leaked to the cross site.The lack of Referrer Policy header might affect privacy of the users and sites itself.

Impact

The impact on the applications:-

  • If there is no proper prevention, the URL itself and even sensitive information contained in the URL will be leaked to the cross-site.
  • The lack of Referrer-Policy header might affect privacy of the users and site’s itself

Mitigation / Precaution

The following are the solution for the vulnerability:-

  • It is recommended to set proper referrer policy.
  • Try to implement a Referrer Policy by using the Referrer Policy response header or by declaring it in the meta tags.

Latest Articles