i'm researching the security implications of having one or both of the variables: "geo_country" and "geo_ip" as a "Set-Cookie" header of a webpage, returning either the public IP of the visitor or geo-location in lattitude and longtitude on an HTTP Response.
So far I couldn't find any resources on the internet that would give me a lead on the security aspect of using such headers.
I am concerned that these can lead to the compromise of the current location of a visitor of a webpage, when their connection get's listened to by a man in the middle (when for example they connect to a public internet connection hosted by a hacker). There might also be other security implications I'm unaware of as of now.
I appreciate any possible leads or insight on this topic.