The referrer header is a request header from where the traffic originated in a site. A referrer policy header controls which referrer information should be included with the request. there are servers with HTTP header that specify unsafe referrer policy. The vulnerabilities may be due to the Cross-Origin using unsafe URL or referrer set to the origin. These vulnerabilities can result to origin leakage or URL leakages. Certain portions of URLs must not be included when sending a URL as the value of a Referrer header. In a URL fragment, username, and password components should be stripped from the URL before it’s sent out. Otherwise, an attacker can utilise these vulnerabilities to cause serious information leakages.
Impact
The following are the impacts for this vulnerability:-
- If there is no proper prevention, the URL itself and even sensitive information contained in the URL will be leaked to the cross-site.
- The lack of Referrer-Policy header might impact the privacy of the users and site’s itself
Mitigation / Precaution
Beagle recommends the following fixes:-
- set a proper referrer policy
- Try to implement a Referrer-Policy by using the Referrer-Policy response header or by declaring it in the meta tags.
- Try to control referrer information over an HTML element.
