Referrer header is a request header from where the traffic originated in a site. A referrer policy header controls which referrer information should be included with the request. This server has found that HTTP header specifies unsafe referrer policy. This application does not recognize the referrer policies. If there is no adequate prevention in place the URL and even sensitive information contained in the URL will be leaked to the cross site.The lack of Referrer Policy header might affect privacy of the users and sites itself.
Impact
The impact on the applications:-
- If there is no proper prevention, the URL itself and even sensitive information contained in the URL will be leaked to the cross-site.
- The lack of Referrer-Policy header might affect privacy of the users and site’s itself
Mitigation / Precaution
The following are the solution for the vulnerability:-
- It is recommended to set proper referrer policy.
- Try to implement a Referrer Policy by using the Referrer Policy response header or by declaring it in the meta tags.
Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.