Investigate vulnerability: Cookie without SameSite Attribute
Description:
A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.
- Severity: low
- Confidence: medium
Solution:
Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.
Identifiers:
Links:
Scanner:
- Name: OWASP Zed Attack Proxy (ZAP) and Browserker
- Type: dast
- Status: success
- Start Time: 2022-08-06T13:20:40
- End Time: 2022-08-06T13:24:27