diff --git a/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationTargetUrlRequestHandler.java b/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationTargetUrlRequestHandler.java
index ac29baec94..f91140dd75 100644
--- a/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationTargetUrlRequestHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationTargetUrlRequestHandler.java
@@ -114,7 +114,10 @@ public abstract class AbstractAuthenticationTargetUrlRequestHandler {
 		}
 
 		String refererHeader = request.getHeader("Referer");
-		if (this.useReferer && StringUtils.hasText(refererHeader)) {
+		if (!StringUtils.hasText(refererHeader)) {
+			return this.defaultTargetUrl;
+		}
+		if (this.useReferer) {
 			trace("Using url %s from Referer header", refererHeader);
 			return refererHeader;
 		}
diff --git a/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationTargetUrlRequestHandlerTests.java b/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationTargetUrlRequestHandlerTests.java
index 8e434bf5ae..8b744dd250 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationTargetUrlRequestHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/AbstractAuthenticationTargetUrlRequestHandlerTests.java
@@ -114,6 +114,7 @@ public class AbstractAuthenticationTargetUrlRequestHandlerTests {
 		assertThatIllegalArgumentException().isThrownBy(() -> this.handler.setRedirectStrategy(null));
 	}
 
+	// gh-18805
 	@Test
 	void returnDefaultUrlIfUseRefererIsTrueAndRefererHeaderIsEmpty() {
 		this.handler.setUseReferer(true);