Referrer-Policy

The Referrer-Policy HTTP header controls how much referrer information is included in requests made from your site to other sites. Without it, browsers may leak full URLs (including paths and query strings containing tokens or sensitive data) to third-party sites. Setting it to strict-origin-when-cross-origin or no-referrer prevents information leakage while preserving useful analytics within your own origin. This is especially important when your URLs contain session IDs or sensitive identifiers.

Why it matters for your website

• 1Simple HTTP header with immediate security improvement at no performance cost
• 2Checked by automated security scanners and compliance tools
• 3Missing headers are flagged as medium-to-high severity findings