If equally websites are on TLS, the ask for to web page B will consist of the full URL from web-site A from the referer parameter of the ask for. And admin from web page B can retrieve it with the log documents of server B.)Moreover, your passwords will also be exposed and probably logged which is one more reason to work with just one time password