Missing Referrer-Policy Security HTTP header

Docs > Datadog Security > OOTB Rules > Missing Referrer-Policy Security HTTP header

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Description

This publicly exposed API endpoint was found responding with HTML or browser-rendered content and lacks the Referrer-Policy header. Setting this header prevents leaking sensitive URL data (tokens, IDs, parameters) if requests go to external domains.

Remediation

Add the Referrer-Policy header to prevent leaking URL information if the content is rendered:

Example header values:

# If your site makes no use of referrer
Referrer-Policy: no-referrer

# Alternatively use this if referrer can be utilized by your app
Referrer-Policy: strict-origin-when-cross-origin