After submitting a vote, the voter gets redirected to the website of the Canton. As some of these websites use Google Analytics and other tracking tools, it's possible to identify voters by analyzing the HTTP referrer. The referrer URL is unique to that extent that it allows to distinguish between regular visitors of evote-ch.ch and voters who actually submitted a vote.
By setting the HTTP header Referrer-Policy to no-referrer (or strict-origin), this leak can be prevented.
After submitting a vote, the voter gets redirected to the website of the Canton. As some of these websites use Google Analytics and other tracking tools, it's possible to identify voters by analyzing the HTTP referrer. The referrer URL is unique to that extent that it allows to distinguish between regular visitors of evote-ch.ch and voters who actually submitted a vote.
By setting the HTTP header
Referrer-Policy
tono-referrer
(orstrict-origin
), this leak can be prevented.