/vulndb/Referer Leakage

The HTTP Referer header is used to store the URL of the page from which the user is coming from. Confidential information about the user may be leaked if it is stored in query parameters used by the application.

HTTP Referer header leaks may help an attacker to gather various kind of information about the user.

Solution

Ensure that sensitive information is not embedded in URLs.

Caveats

The very same leak mechanism is used by analytics software to understand which queries to search engines are used to access the web application.

References

http://en.wikipedia.org/wiki/HTTP_referer http://www.w3.org/2011/track-privacy/papers/Wills.pdf