Referrer-Policy controls how much information about the page a visitor is leaving gets sent to the NEXT site they click through to — without it, the full URL of your page (which can include sensitive query parameters like session tokens or search terms) can leak to every external link a visitor clicks.
Without this header, your full URL (including query parameters and tokens) is sent to every external site visitors click to. This can leak session data, user IDs, or sensitive paths.
The response header Referrer-Policy: strict-origin-when-cross-origin (or similarly restrictive) is present.
Fix it, then re-scan — the check confirms itself. No manual checkbox, the scan is the truth.
Run this check in H.I.V.E. →