Referrer-Policy header unsafely

By
Jijith Rajan
Published on
05 Jun 2018
1 min read
Vulnerability

The referrer header is a request header from where the traffic originated in a site. A referrer policy header controls which referrer information should be included with the request. there are servers with HTTP header that specify unsafe referrer policy. The vulnerabilities may be due to the Cross-Origin using unsafe URL or referrer set to the origin. These vulnerabilities can result to origin leakage or URL leakages. Certain portions of URLs must not be included when sending a URL as the value of a Referrer header. In a URL fragment, username, and password components should be stripped from the URL before it’s sent out. Otherwise, an attacker can utilise these vulnerabilities to cause serious information leakages.

Impact

The following are the impacts for this vulnerability:-

  • If there is no proper prevention, the URL itself and even sensitive information contained in the URL will be leaked to the cross-site.
  • The lack of Referrer-Policy header might impact the privacy of the users and site’s itself

Mitigation / Precaution

Beagle recommends the following fixes:-

  • set a proper referrer policy
  • Try to implement a Referrer-Policy by using the Referrer-Policy response header or by declaring it in the meta tags.
  • Try to control referrer information over an HTML element.
Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Written by
Jijith Rajan
Jijith Rajan
Cyber Security Engineer
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
Find surface-level website security issues in under a minute
Free website security assessment
Experience the power of automated penetration testing & contextual reporting.