Launch Week Day 1: Announcing Security Design Review
Start for Free
UNKNOWN Go

Sensitive headers not cleared on cross-origin redirect in net/http

GO-2025-3751 · BIT-golang-2025-4673 · CVE-2025-4673

Published · Modified

Description

Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.

References

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes