: Bingbot access urls from paypal transactions (Solved) I log all transactions in the process of a paypal payment. If a user comes back from paypal, a unique token and PayerID is attached as

Posted in: #Authentication #Bing #Bingbot #Indexing

I log all transactions in the process of a paypal payment. If a user comes back from paypal, a unique token and PayerID is attached as GET query parameter by paypal.
Today I noticed that bingbot accesses those unique uri's after some users went through the payment process using IE Edge/11.
The column log_data2 captures GET parameters.

Everything is going over https, so there shouldn't be any referrer leaked to an outgoing page like mentioned here: How is Googlebot finding URLs that are only visible to authenticated users?.
I cannot imagine a scenario were bingbot/IE/Microsoft can legitimately access "private" url's to let bingbot indexing them. It could be some third party extension, but... Does anyone know something about that?

Needless to say, there is no information to access, after the token was used - but still...

TL;DR Bingbot visits non public pages after they got used once with IE. How can that be?

Edit: I don't think this question is an duplicate, because I can rule out that the referrer leaked over an outbound link since it's all over https. Also the redirect from paypal to us and the immediate redirect to clean the url doesn't allow user action - so what records the url and makes it available to bing and so far only bing?

Solution: I've found an answer. IE does indeed send the browsing history to Microsoft to "improve their services" (Windows Phone and IE on Desktop with Cortana)
Source: windows.microsoft.com/en-us/windows-10/edge-privacy-faq So this explains why the bingbot visits private pages.