Session Management Response Identified

Risk:
Informational

Type:
Passive

Summary: The given response has been identified as containing a session management token. The ‘Other Info’ field contains a set of header tokens that can be used in the Header Based Session Management Method. If the request is in a context which has a Session Management Method set to “Auto-Detect” then this rule will change the session management to use the tokens identified.

Solution: This is an informational alert rather than a vulnerability and so there is nothing to fix.

Other info: header:authorization

References: https://www.zaproxy.org/docs/desktop/addons/authentication-helper/session-mgmt-id

Free security scan for your website

Don't show website scan report rating on the leaderboard