Cookie with Invalid SameSite Attribute
- Risk:
Low
- Type:
- Passive
- CWE:
- 1275
- Summary
- A cookie has been set with an invalid SameSite attribute value, which means that the cookie can be sent as a result of a ‘cross-site’ request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.
- Solution
- Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.