The web server does not return a Referrer-Policy header. A Referrer-Policy header instructs the user's browser on whether or not it should pass on information to websites linked to from the web application about where the request originated. This can be useful, for example, for determining how users arrive on your website and which of your other sites they visit after they leave. The referrer policy should be audited carefully before deploying the web application in order to ensure that excessive information about the user's browsing habits is not leaked to other websites unintentionally, especially over unsecured connections. To disable referrer information completely, the Referrer-Policy header can be set to no-referrer. Alternatively, to enable referrer information only on the same origin, the value can be set to same-origin.
The web server does not return a Referrer-Policy header. A Referrer-Policy header instructs the user's browser on whether or not it should pass on information to websites linked to from the web application about where the request originated. This can be useful, for example, for determining how users arrive on your website and which of your other sites they visit after they leave. The referrer policy should be audited carefully before deploying the web application in order to ensure that excessive information about the user's browsing habits is not leaked to other websites unintentionally, especially over unsecured connections. To disable referrer information completely, the Referrer-Policy header can be set to no-referrer. Alternatively, to enable referrer information only on the same origin, the value can be set to same-origin.
Severity: Informational
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N
CVSS Score: 0.0
Recommendation: Return the Referrer-Policy HTTP header in application responses, containing an appropriate value.