Password reset token leakage via referer

Hi Team, I have found that if user open the link of reset password and than click on any external links within the reset password page its leak password reset token in referer header. Steps to reproduce: 1.Open Password reset page from email. 2.Click on any social media link(on follow us section) 3.Intercept the request(I have used burp suite) 4.You can see the link for reset password in referrer ## Impact It allows the person who has control of particular site to change the user's password (CSRF attack), because this person knows reset password token of the user.