-
Notifications
You must be signed in to change notification settings - Fork 53
TWA 0213
"Referrer-Policy specifies '${rp}', consider 'no-referrer'?"
In the message output the variable ${rp} is replaced by the value of Referrer-Policy received from the web server.
The web server sends the directive to the web browser in the Referrer-Policy item in the HTTP header. The directive controls the transmission of referrer information by the web browser in the next HTTP request.
The web browser sends referrer information according to this directive with the next requests based on the current web page. Hence the Referrer-Policy controls how much information from the current URL is passed though into the next HTTP request.
The Referrer-Policy value no-referrer directs the web browser to send nothing of the current URL in the next HTTP request.
Other Referrer-Policy values directs the web browser to (conditionals) send parts or the whole URL as referrer information in the next HTTP request. Hence the next web server could receive information which were designated to the current web server.
Set no-referrer as Referrer-Policy in the web server configuration.
For nginx: include line add_header Referrer-Policy "no-referrer"; in the server section of the configuration file.
For apache: include line Header set Referrer-Policy no-referrer in the configuration file.
Only use another Referrer-Policy configuration, if the web application needs the referrer information.