Sec-Fetch-Dest Header Has an Invalid Value

Risk:
Informational

Type:
Passive

CWE:
CWE-352

Summary: Specifies how and where the data would be used. For instance, if the value is audio, then the requested resource must be audio data and not any other type of resource.

Solution: Sec-Fetch-Dest header must have one of the following values: audio, audioworklet, document, embed, empty, font, frame, iframe, image, manifest, object, paintworklet, report, script, serviceworker, sharedworker, style, track, video, worker, xslt.

References: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Dest

Free security scan for your website

Don't show website scan report rating on the leaderboard