StackHawk Documentation StackHawk Logo HawkDocs
vulnerabilities
10025

No results found

Try different keywords or check your spelling

Search documentation

Find guides, API references, and more

esc
Back to Index

Information Disclosure - Sensitive Information in HTTP Referrer Header

Reference
Plugin ID: 10025 CWE: 200 WASC: 13 Unknown Passive Information Disclosure

Remediation

  1. Remove sensitive data from URLs: Avoid including sensitive information like passwords, tokens, or personal data in URL parameters.
  2. Use POST requests: For sensitive operations, use POST requests with data in the request body rather than URL parameters.
  3. Configure referrer policy: Implement appropriate referrer policy headers to control what information is sent in the Referer header.
  4. Review parameter naming: Use generic parameter names that don't reveal sensitive information even if logged.

About

The HTTP Referer header is automatically sent by browsers when navigating from one page to another, potentially exposing sensitive information contained in URL parameters to third-party domains. This can violate privacy policies and compliance requirements.

Risks

High Sensitive information leakage through HTTP referrer headers can lead to privacy violations, compliance breaches (PCI DSS, HIPAA), session hijacking, and unauthorized access to sensitive data by third parties.

Your privacy settings

We use first and third party cookies to ensure that we give you the best experience on our website and in our products.

Privacy Policy