ZAP – Sec-Fetch-Dest Header is Missing

Details
Alert ID	90005-3
Alert Type	Passive
Status	alpha
Risk	Informational
CWE	352
WASC	9
Technologies Targeted	All
Tags	CWE-352 WSTG-V42-SESS-05
More Info	Scan Rule Help

Summary

Specifies how and where the data would be used. For instance, if the value is audio, then the requested resource must be audio data and not any other type of resource.

Solution

Ensure that Sec-Fetch-Dest header is included in request headers.

Other Info

References

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Dest

Code

org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java