Big Redirect Detected (Potential Sensitive Information Leak)

Why it can be dangerous and how to fix it

This article is a part of our Web Security Knowledge Base (back to index)

Why Big Redirect Detected (Potential Sensitive Information Leak) can be dangerous

This means that the server responds with a redirect which seems to provide a response larger than it is expected to be. This may indicate that although the server sent a redirect in a response it also attached a body content to it. The danger is that the body content may include sensitive information, personal data, etc. leaving the possibility of further attacks.

How to fix Big Redirect Detected (Potential Sensitive Information Leak)

Redirects should have very small or no content at all.

Verify that your redirects do not leak any sensitive information.

How does ScanRepeat report Big Redirect Detected (Potential Sensitive Information Leak)

ScanRepeat analyzes every HTTP response and for each redirect found, it checks if the size of its body content is larger than expected. It reports every occurrence of such a vulnerability providing its URL and response body length.

Would you like to test your application now against this problem? Sign up for our free trial

Scan Your Web App Now
Scan your application
for 14 days for free

No credit card is required. No commitment.

Sign Up Free