@gopinath6 discovered that GitHub.com could leak sensitive information to trusted third-parties (ex. our CDN) through Referer headers when performing a password reset. We remediated this issue within modern browsers by adding support for the <meta name="referrer" content="origin"> tag on the password reset validation page.