Referer Exposes Session ID
- Risk:
Medium
- Type:
- Passive
- CWE:
- CWE-200
- Summary
A hyperlink pointing to another host name was found. As session ID URL rewrite is used, it may be disclosed in referer header to external hosts.
- Solution
This is a risk if the session ID is sensitive and the hyperlink refers to an external or third party host. For secure content, put session ID in secured session cookie.
Free security scan for your website