Referer header: privacy and security concerns - Web security 编辑

There are privacy and security risks associated with the Referer HTTP header. This article describes them, and offers advice on mitigating those risks.

The referrer problem

The Referer (sic) header contains the address of the previous web page from which a link to the currently requested page was followed, which has lots of fairly innocent uses including analytics, logging, or optimized caching. However, there are more problematic uses such as tracking or stealing information, or even just side effects such as inadvertently leaking sensitive information.

For example, consider a "reset password" page with a social media link in a footer. If the link was followed, depending on how information was shared the social media site may receive the reset password URL and may still be able to use the shared information, potentially compromising a user's security.

By the same logic, an image hosted on a third party side but embedded in your page could result in sensitive information being leaked to the third party. Even if security is not compromised, the information may not be something the user wants shared.

How can we fix this?

Much of this risk can be mitigated by sensible design of applications. A sensible application would remove such risks by making password reset URLs only usable for a single use, or when combined with a unique user token, and transmitting sensitive data in different ways.

You should use POST rather than GET wherever possible, to avoid passing sensitive data to other locations via URLs.

You should always use HTTPS for your sites. This has many security advantages, including the fact that HTTPS sites will never transmit referer information to non-HTTPS sites. This is becoming less useful in this context now that most of the web is using HTTPS, but it is still a worthy consideration.

In addition, you should consider removing any third party content (e.g. social networking widgets embedded in <iframe>) from secure areas of your website, like password reset pages, payment forms, login areas, etc.

You can also mitigate such risks using:

  • The Referrer-Policy header on your server to control what information is sent through the Referer header. Again, a directive of no-referrer would omit the Referer header entirely.
  • The referrerpolicy attribute on HTML elements that are in danger of leaking such information (such as <img> and <a>). This can for example be set to no-referrer to stop the Referer header being sent altogether.
  • The rel attribute set to noreferrer on HTML elements that are in danger of leaking such information (such as <img> and <a>). See Link types and search for noreferrer for more information.
  • The Exit page technique.

Security-conscious server-side frameworks tend to have built in mitigations for such problems, for example:

Policy and requirements

It would make sense to write a set of security and privacy requirements for your project team(s) that specify usage of such features to mitigate the associated risks. You should enlist the help of a web security expert to write these requirements, and consider both user needs and welfare, as well as other issues like policy and regulation enforced by legislation such as the EU General Data Protection Regulation (GDPR).

See also

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。
列表为空,暂无数据

词条统计

浏览:70 次

字数:5616

最后编辑:6 年前

编辑次数:0 次

    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文