Which of the following statements on web applications security are true

Referer header validation is a method where the server checks the source of a request by examining the referer header, which indicates the URL of the page that made the request and is considered insecure.

Single Sign$-$On $($SSO$)$ reduces the overall security of an organization by centralizing authentication and making it easier for attackers to gain access to multiple systems.

Side channel attacks can only be performed on physical devices, not on virtual ones.

The Transport Layer Security $($TLS$)$ protocol is designed to provide secure communication between web browsers and web servers, preventing eavesdropping, tampering, or message forgery.