Fluid Attacks Database

Description

Detects when web pages are missing the Referrer-Policy HTTP security header. Without this header, sensitive URL information may be leaked when users navigate to other websites, potentially exposing internal paths, session tokens, or other sensitive data in the URL.

Weakness:

071 - Insecure or unset HTTP headers - Referrer-Policy

Category: Protocol Manipulation

Detection Strategy

• Checks only HTML responses from the web application

• Reports a vulnerability if the 'Referrer-Policy' header is missing from the HTTP response headers

• Ignores non-HTML responses (like images, JavaScript, CSS, etc.)

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.