Missing Referrer-Policy Security HTTP header
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
Description
This publicly exposed API endpoint was found responding with HTML or browser-rendered content and lacks the Referrer-Policy header. Setting this header prevents leaking sensitive URL data (tokens, IDs, parameters) if requests go to external domains.
Add the Referrer-Policy header to prevent leaking URL information if the content is rendered:
Example header values:
# If your site makes no use of referrer
Referrer-Policy: no-referrer
# Alternatively use this if referrer can be utilized by your app
Referrer-Policy: strict-origin-when-cross-origin