What it is
Referrer-Policy is an HTTP response header that controls how much referrer information (the referring URL) is sent when users navigate or when resources are requested. Values range from no-referrer to unsafe-url.
Why it matters
Default referrer behavior can leak full URLs (including query params) to third-party sites. A sensible Referrer-Policy (e.g. strict-origin-when-cross-origin) reduces information leakage and improves privacy without breaking normal navigation.
How Barrion checks it
Barrion inspects the Referrer-Policy response header. We report when it is missing or when the value is overly permissive (e.g. unsafe-url). Passive header check only.
Configuration examples
add_header Referrer-Policy "strict-origin-when-cross-origin" always;Verify it
curl -sI https://example.com | grep -i referrer-policy