ENXF NET
Administrator
Staff member
Administrator
Moderator
+Lifetime VIP+
S.V.I.P.S Member
S.V.I.P Member
V.I.P Member
Collaborate
Registered
- Joined
- Nov 13, 2018
- Messages
- 21,487
- Points
- 823
When accessing an external service like the IP information URL XenForo does perform a redirect to the target URL.
Depending on the used browser (version) and protocol (HTTP vs. HTTPS) this may leak the full URL of the page the service was accessed from.
The full URL may allow the service to draw conclusions relating the data (IP address, location, etc.) to a specific user at a specific time.
Suggested Mitigation
Add Response-Header
Read more
Continue reading...
Depending on the used browser (version) and protocol (HTTP vs. HTTPS) this may leak the full URL of the page the service was accessed from.
The full URL may allow the service to draw conclusions relating the data (IP address, location, etc.) to a specific user at a specific time.
Suggested Mitigation
Add Response-Header
Referrer-Policy: no-referrer when...Read more
Continue reading...