Cookie with SameSite Attribute None

Risk:
Low

Type:
Passive

CWE:
CWE-1275

Summary: A cookie has been set with its SameSite attribute set to “none”, which means that the cookie can be sent as a result of a ‘cross-site’ request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.

Solution: Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.

References: https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site

Latest Security News

Latest CVE List

Common Alerts

InformationalSession Management Response Identified
MediumCSP: script-src unsafe-inline
InformationalBase64 Disclosure
HighSource Code Disclosure - File Inclusion
HighRemote Code Execution - Shell Shock
HighSource Code Disclosure - CVE-2012-1823
InformationalInformation Disclosure - Sensitive Information in URL
MediumHTTP Parameter Override
HighPersonally Identifiable Information via WebSocket
LowServer Leaks Version Information via "Server" HTTP Response Header Field

Top CWE List

Free online web security scanner

Don't show website scan report rating on the leaderboard