Php Insecure Referrer Policy
Description
Detects insecure Referrer-Policy header configurations in PHP applications that could leak sensitive information to external sites through browser referrer headers. An improper referrer policy may expose URLs, tokens or other sensitive data in the referrer header when users navigate away from the site.
Detection Strategy
• Identifies PHP header() function calls in the code
• Examines the first argument passed to header() to check if it sets a Referrer-Policy
• Flags header configurations that use insecure referrer policies like 'unsafe-url', empty values, or missing policies
• Reports vulnerabilities when header() calls set potentially dangerous referrer policy values that could leak sensitive data
Vulnerable code example
<?php
// Setting insecure Referrer-Policy that could leak sensitive URL data
header("Referrer-Policy: unsafe-url"); // Dangerous: sends full URL in all requests
// Another insecure pattern using variable
$policy = "Referrer-Policy: origin-when-cross-origin";
header($policy); // Unsafe: exposes full URL for same-origin requests
?>✅ Secure code example
<?php
// Set strict Referrer-Policy to prevent URL data leakage
header("Referrer-Policy: strict-origin-when-cross-origin"); // Safe: limits referrer to origin for cross-origin requests
// If using variable, maintain strict policy
$policy = "Referrer-Policy: strict-origin-when-cross-origin";
header($policy); // Safe: uses strict policy that protects URL data
?>Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.