Pro EP 85 : How to avoid referencing to un-wanted sites in .NET Web ?
The ability of attackers to manipulate or exploit the referrer header largely depends on the specific vulnerabilities or weaknesses present in the web application or browser.
Here are a few potential attack scenarios related to the referrer header:
1/ Referrer Leakage
2/ Privacy Concerns
3/ Spoofing Referrer
4/ Cross-Site Request Forgery Attacks
To mitigate these risks, it’s recommended to set a Referrer-Policy that minimizes the amount of information shared in the referrer header.
Common policies include ‘no-referrer’ (no referrer information is sent) or ‘same-origin’ (referrer is sent for requests from the same origin).
Keep in mind that while adjusting the Referrer-Policy is a good practice, it’s just one aspect of a comprehensive web security strategy.
Other security measures, such as input validation, secure coding practices, and regular security audits, are essential for robust protection against various web-based attacks.
We can add this following code to avoid refer policy attacks :
𝚌𝚘𝚗𝚝𝚎𝚡𝚝.𝚁𝚎𝚜𝚙𝚘𝚗𝚜𝚎.𝙷𝚎𝚊𝚍𝚎𝚛𝚜.𝙰𝚍𝚍(“𝚁𝚎𝚏𝚎𝚛𝚛𝚎𝚛-𝙿𝚘𝚕𝚒𝚌𝚢”, “𝚗𝚘-𝚛𝚎𝚏𝚎𝚛𝚛𝚎𝚛”);
It sets the “Referrer-Policy” to “no-referrer”, which means that no referrer information will be sent in the HTTP header when navigating from one page to another.
Whenever you’re ready, there are 4 ways I can help you
- Subscribe to my Weekly .NET Newsletter of C#/.NET with 6000+ Software Engineers.
- Promote yourself to 7500+ subscribers by Sponsoring my Newsletter
- Download my eBook at Gum Road which contains 30+ .NET Tips (With 2800+ Downloads)
- To get 100+ free and paid resources for learning C# and .NET visit this GitHub Repository
