
Protect your reset password tokens: UK Data Protection position on referers - fastmark
https://iconewsblog.wordpress.com/2015/09/16/does-your-website-have-a-leak/
======
fastmark
If you wish to use Reset Password tokens, then be sure to block referers
and/or not include any third party loaded assets (JavaScript, css, etc).

It's not just reset password tokens: beware any protected data, like PII
(emails, etc)!

