Details
Alert Id 10025
Alert Type Passive Scan Rule
Status release
Risk
CWE
WASC

Summary

The HTTP header may have leaked a potentially sensitive parameter to another domain. This can violate PCI and most organizational compliance policies. You can configure the list of strings for this check to add or remove values specific to your environment.

Solution

Do not pass sensitive information in URIs.

References

Code

org/zaproxy/zap/extension/pscanrules/InformationDisclosureReferrerScanRule.java