K
Kirby
Guest
When accessing an external service like the IP information URL XenForo does perform a redirect to the target URL.
Depending on the used browser (version) and protocol (HTTP vs. HTTPS) this may leak the full URL of the page the service was accessed from.
The full URL may allow the service to draw conclusions relating the data (IP address, location, etc.) to a specific user at a specific time.
Suggested Mitigation
Add Response-Header
Read more
Continue reading...
Depending on the used browser (version) and protocol (HTTP vs. HTTPS) this may leak the full URL of the page the service was accessed from.
The full URL may allow the service to draw conclusions relating the data (IP address, location, etc.) to a specific user at a specific time.
Suggested Mitigation
Add Response-Header
Referrer-Policy: no-referrer
when...Read more
Continue reading...