Details
Alert ID 90005-7
Alert Type Passive
Status alpha
Risk Informational
CWE 352
WASC 9
Technologies Targeted All
Tags CWE-352
WSTG-V42-SESS-05
More Info Scan Rule Help

Summary

Specifies how and where the data would be used. For instance, if the value is audio, then the requested resource must be audio data and not any other type of resource.

Solution

Sec-Fetch-Dest header must have one of the following values: audio, audioworklet, document, embed, empty, font, frame, iframe, image, manifest, object, paintworklet, report, script, serviceworker, sharedworker, style, track, video, worker, xslt.

Other Info

References

Code

org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java