Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum will be discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Centre. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTRE DISCORD

Create new post

"Cross-domain Referer leakage" is reported despite referrerpolicy attribute

Tobias | Last updated: Sep 11, 2023 12:30PM UTC

Hello, an active scan on one of our applications reports a "Cross-domain Referer leakage". Taking a look at the response tab in Burpsuite, the following snippet is highlighted: <a class="info-box" target="_blank" referrerpolicy="no-referrer" href="https://moodle/"> Shouldn't the attribute "referrerpolicy" prevent this leak or did I miss something? We don't set the http-header value because we only want to prevent transmitting the referrer from specific links. Thanks for any hints in advance!

Syed, PortSwigger Agent | Last updated: Sep 12, 2023 09:08AM UTC

Hi Tobais, Yeah, looks like this one's a false positive. I will let the right people know about this. Thank you for sharing this.

Tobias | Last updated: Sep 12, 2023 10:03AM UTC

Thanks for checking this topic. Just keep me posted, if you know more about it or get feedback. Thanks :)

Syed, PortSwigger Agent | Last updated: Sep 12, 2023 10:44AM UTC

Will do. Thank you Tobias.

jungletsubasa | Last updated: Sep 11, 2024 01:19AM UTC

Hi guys related somehow query here https://forum.portswigger.net/thread/burp-pro-scanner-cross-domain-referer-leakage-bug-cecfb1a3?CategoryId=bug-reports Thank you!

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.