Missing Referrer-Policy Security HTTP header

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Description

This publicly exposed API endpoint was found responding with HTML or browser-rendered content and lacks the Referrer-Policy header. Setting this header prevents leaking sensitive URL data (tokens, IDs, parameters) if requests go to external domains.

Remediation

Add the Referrer-Policy header to prevent leaking URL information if the content is rendered:

Example header values:

# If your site makes no use of referrer
Referrer-Policy: no-referrer

# Alternatively use this if referrer can be utilized by your app
Referrer-Policy: strict-origin-when-cross-origin