rspec/rules/S5736/recommended.adoc

== Recommended Secure Coding Practices

Confidential information should not be set inside URLs (GET requests) of the application and a safe (ie: different from ``++unsafe-url++`` or ``++no-referrer-when-downgrade++``) https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy[referrer-Policy] header, to control how much information is included in the referer header, should be used.
	`== Recommended Secure Coding Practices`

	Confidential information should not be set inside URLs (GET requests) of the application and a safe (ie: different from ``++unsafe-url++`` or ``++no-referrer-when-downgrade++``) https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy[referrer-Policy] header, to control how much information is included in the referer header, should be used.