WebX Auditor

Referrer-Policy header present

A Referrer-Policy header stops the browser leaking full URLs (which can carry session tokens or internal paths) to third-party sites via the Referer header.

Security Mozilla Web Security: Referrer-Policy Advanced Security Audit
In short

No Referrer-Policy header — full URLs may leak to third-party sites. This check is fully automated — the scanner returns a definitive pass or fail.

How to fix it

Add a Referrer-Policy response header such as "strict-origin-when-cross-origin" or "no-referrer".

Standards this maps to

Frameworks that require this

Advanced Security Audit

Severity

info — an advisory improvement.

Scans this and 300+ other checks across accessibility, SEO, security & speed — first audit free.

Related checks

Contingency Management PlanData ProtectionSQL Injection ProtectionXSS Protection (CSP preferred over X-XSS-Protection)CSRF Token ValidationSecure File UploadInput ValidationTLS 1.2+ EnforcementSecurity Headers CSP and HSTSCookie Security Flags