Details
Alert ID 90005-6
Alert Type Passive
Status alpha
Risk Informational
CWE 352
WASC 9
Technologies Targeted All
Tags CWE-352
POLICY_PENTEST
SYSTEMIC
WSTG-V42-SESS-05
More Info Scan Rule Help

Summary

Allows to differentiate between requests for navigating between HTML pages and requests for loading resources like images, audio etc.

Solution

Sec-Fetch-Mode header must have one of the following values: cors, no-cors, navigate, same-origin, or websocket.

Other Info

References

Code

org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java