CWE-200: Exposure of Sensitive Information to an Unauthorized Actor.
URL rewrite is used to track user session ID. The session ID may be disclosed via cross-site referer header. In addition, the session ID might be stored in browser history or server logs.
For secure content, put session ID in a cookie. To be even more secure consider using a combination of cookie and URL rewrite.
Run our expert website security checkup and get your tailored security recommendations to protect your website.
The page includes one or more script files from a third-party domain.
The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content.