Description

Referrer Policy controls behaviour of the Referer header, which indicates the origin or web page URL the request was made from. The web application uses insecure Referrer Policy configuration that may leak user's information to third-party sites.

Remediation

Consider setting Referrer-Policy header to 'strict-origin-when-cross-origin' or a stricter value

References

Referrer-Policy

Related Vulnerabilities

HTTP Strict Transport Security (HSTS) Errors and Warnings

Unprotected phpMyAdmin interface

TLS/SSL LOGJAM attack

Apache Cassandra Unauthorized Access Vulnerability

Apache REST RCE CVE-2018-11770

Severity

Info

Classification

CWE-16 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N

Tags

Configuration