Information Disclosure - Sensitive Information in HTTP Referrer Header
- Risk:
Informational
- Type:
- Passive
- CWE:
- CWE-200
- Summary
The HTTP header may have leaked a potentially sensitive parameter to another domain. This can violate PCI and most organizational compliance policies. You can configure the list of strings for this check to add or remove values specific to your environment.
- Solution
Do not pass sensitive information in URIs.
- Other info
- The URL in the HTTP referrer header field appears to contain US Social Security Number(s).
Oracle silently fixes zero-day exploit leaked by ShinyHunters
New FileFix attack uses cache smuggling to evade security software
North Korean Hackers Use EtherHiding to Hide Malware Inside Blockchain Smart Contracts
Another remotely exploitable Oracle EBS vulnerability requires your attention (CVE-2025-61884)
New Android Pixnapping attack steals MFA codes pixel-by-pixel
Researchers Uncover WatchGuard VPN Bug That Could Let Attackers Take Over Devices
Google ads for fake Homebrew, LogMeIn sites push infostealers
CVE-2025-54253 Adobe Experience Manager Forms Code Execution Vulnerability
CVE-2016-7836 SKYSEA Client View Improper Authentication Vulnerability
CVE-2025-6264 Rapid7 Velociraptor Incorrect Default Permissions Vulnerability
CVE-2025-59230 Microsoft Windows Improper Access Control Vulnerability
CVE-2025-24990 Microsoft Windows Untrusted Pointer Dereference Vulnerability
CVE-2025-47827 IGEL OS Use of a Key Past its Expiration Date Vulnerability
CVE-2025-27915 Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability
CVE-2025-61882 Oracle E-Business Suite Unspecified Vulnerability
CVE-2010-3765 Mozilla Multiple Products Remote Code Execution Vulnerability
InformationalRe-examine Cache-control Directives
InformationalImage Exposes Location or Privacy Data
MediumWeb Cache Deception
MediumCSP: Wildcard Directive
MediumBypassing 403
MediumX-Frame-Options Defined via META (Non-compliant with Spec)
Free online web security scanner