Loading controls...
Control: Site headers must contain Referrer-Policy
Description
The Referrer Policy HTTP header sets the parameter for amount of information sent along with Referrer Header while making a request. Referrer policy is used to maintain the security and privacy of source account while fetching resources or performing navigation. This is done by modifying the algorithm used to populate Referrer Header.
Usage
Run the control in your terminal:
steampipe check net_insights.control.security_headers_referrer_policySnapshot and share results via Steampipe Cloud:
steampipe loginsteampipe check --share net_insights.control.security_headers_referrer_policyPlugins & Tables
Params
| Args | Name | Default | Description | Variable |
|---|---|---|---|---|
| $1 | website_urls | | Website URLs. |
SQL
with available_headers as ( select url, array_agg(header.key) from net_http_request, jsonb_each(response_headers) as header where url in ( select jsonb_array_elements_text(to_jsonb($1 :: text [ ])) ) group by url)select url as resource, case when array [ 'Referrer-Policy' ] < @ array_agg then 'ok' else 'alarm' end as status, case when array [ 'Referrer-Policy' ] < @ array_agg then url || ' contains required headers ''Referrer-Policy''.' else url || ' missing required headers ''Referrer-Policy''.' end as reasonfrom available_headers;