Back to Introduction
Medium Risk
Wiki Entry
Missing Referrer-Policy Header
Your site doesn't set a Referrer-Policy header, which controls how much referrer information is sent when users navigate away from your site.
Why This Matters
Without a referrer policy, sensitive information in your URLs (like session tokens or user IDs) might be leaked to third-party sites when users click external links. This can expose private data.
How to Fix
Framework-specific solutions and general best practices
Add the Referrer-Policy header with a secure value like 'strict-origin-when-cross-origin' or 'no-referrer' for maximum privacy.
Quick Reference
Severity
Medium Risk
ID
missing_referrer_policyAI Assistant Prompt
Copy this prompt to ask an AI for help fixing this vulnerability:
Please fix the "Missing Referrer-Policy Header" security vulnerability in this web application. The issue is: Your site doesn't set a Referrer-Policy header, which controls how much referrer information is sent when users navigate away from your site. Make a plan and implement based on my project.