Information Disclosure - Sensitive Information in HTTP Referrer Header
- Risk:
Informational
- Type:
- Passive
- CWE:
- CWE-200
- Summary
The HTTP header may have leaked a potentially sensitive parameter to another domain. This can violate PCI and most organizational compliance policies. You can configure the list of strings for this check to add or remove values specific to your environment.
- Solution
Do not pass sensitive information in URIs.
- Other info
- The URL in the HTTP referrer header field appears to contain US Social Security Number(s).
Free security scan for your website