Enforce secure referrer policy [New in Security Center 1.3]

  • Release version: Yokohama
  • Updated January 30, 2025
  • 1 minute to read

    • Use the com.glide.security.referrerpolicy property to ensure that the Referrer-Policy HTTP header sends the appropriate level of data to each ServiceNow® page to prevent data leaks.

    When the com.glide.security.referrerpolicy property is set to default, it ensures that the Referrer-Policy HTTP header is managed with the appropriate level of information sent, specifically tailored for the ServiceNow AI Platform® request page. This prevents unauthorized data leaks that could be accessible from other parts of the full URL, such as the path and query string.

    More information

    Attribute Description
    Configuration name com.glide.security.referrerpolicy
    Configuration type System Properties (/sys_properties_list.do)
    Data type string
    Recommended value default
    Default value default
    Category Configuration
    Security risk
    • Severity score: 4.3
    • CVSS score: Medium
    • Security risk details: Ensure that the com.glide.security.referrerpolicy property is set to default to prevent leaks of unauthorized data.
    Dependencies and prerequisites None
    References Referrer-Policy
    Functional impact This property controls how much information is sent via the referrer header when a request is sent from a page:
    • default: Instance will take care of the referrer headers
    • same-origin: Send full referrer URL within the instance/same domain and no referrer to outside origin
    • origin: Send only the origin as a referrer inside and outside the origin
    • origin-when-cross-origin: Send full referrer URL within the instance/same domain and only the origin outside the origin