Missing User Warnings
Medium
- Confidence
- 97% confidence
- Finding
- The code appends the API token as a query parameter, which exposes the credential in URLs. Query strings are commonly logged by proxies, servers, browser history, monitoring tools, and error messages, increasing the chance of unintended credential disclosure even when HTTPS is used.
