Open gabyavra opened 8 months ago
Hi there, I also corroborate that issue. As an example, when performing well known phishing against o365 the phish does not work since Microsoft checks this value (among other integrity things) and performs a request to tell about that to a "watson" endpoind.
Is it possible to remove Referer and Origin headers? The phish url get leaked in this way.