robots.thoughtbot.com
Is Your Site Leaking Password Reset Links?
When the user clicks that link, the application renders the password reset form inside the usual site layout, which may contain references to assets loaded from a trusted content delivery network (CDN) or an analytics package such as Segment.