Sec-Fetch-Site Header Has an Invalid Value

Docs > Alerts

Details
Alert ID	90005-5
Alert Type	Passive
Status	alpha
Risk	Informational
CWE	352
WASC	9
Technologies Targeted	All
Tags	CWE-352 WSTG-V42-SESS-05
More Info	Scan Rule Help

Summary

Specifies the relationship between request initiator’s origin and target’s origin.

Solution

Sec-Fetch-Site header must have one of the following values: same-origin, same-site, cross-origin, or none.

Other Info

References

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Site

Code

org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java