Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Login to post

"Cross-domain Referer leakage" is reported despite referrerpolicy attribute

Tobias | Last updated: Sep 11, 2023 12:30PM UTC

Hello, an active scan on one of our applications reports a "Cross-domain Referer leakage". Taking a look at the response tab in Burpsuite, the following snippet is highlighted: <a class="info-box" target="_blank" referrerpolicy="no-referrer" href="https://moodle/"> Shouldn't the attribute "referrerpolicy" prevent this leak or did I miss something? We don't set the http-header value because we only want to prevent transmitting the referrer from specific links. Thanks for any hints in advance!

Syed, PortSwigger Agent | Last updated: Sep 12, 2023 09:08AM UTC

Hi Tobais, Yeah, looks like this one's a false positive. I will let the right people know about this. Thank you for sharing this.

Tobias | Last updated: Sep 12, 2023 10:03AM UTC

Thanks for checking this topic. Just keep me posted, if you know more about it or get feedback. Thanks :)

Syed, PortSwigger Agent | Last updated: Sep 12, 2023 10:44AM UTC

Will do. Thank you Tobias.

You need to Log in to post a reply. Or register here, for free.