The referrer header is a request header from where the traffic originated in a site. A referrer policy header controls which referrer information should be included with the request. there are servers with HTTP header that specify unsafe referrer policy. The vulnerabilities may be due to the Cross-Origin using unsafe URL or referrer set to the origin. These vulnerabilities can result to origin leakage or URL leakages. Certain portions of URLs must not be included when sending a URL as the value of a Referrer header. In a URL fragment, username, and password components should be stripped from the URL before it’s sent out. Otherwise, an attacker can utilise these vulnerabilities to cause serious information leakages.
The following are the impacts for this vulnerability:-
Beagle recommends the following fixes:-