Download

Highest False Positives Last Month

  1. Documentation
  2. Statistics
  3. Highest False Positives Last Month

These were the alerts most frequently flagged as false positives using Alert Filters last month.

Note that this does not necessarily mean they are false positives, it could mean that the people using ZAP are not interested in these specific vulnerabilities.

Position Alert Status Rule Type
1 Information Disclosure - Suspicious Comments release Passive
2 Cross-Domain Misconfiguration release Passive
3 X-Content-Type-Options Header Missing release Passive
4 Session ID in URL Rewrite release Passive
5 Timestamp Disclosure release Passive
6 Content Security Policy (CSP) Header Not Set release Passive
7 Retrieved from Cache release Passive
8 Strict-Transport-Security Header release Passive
9 Cross-Domain JavaScript Source File Inclusion release Passive
10 Re-examine Cache-control Directives release Passive
11 Absence of Anti-CSRF Tokens release Passive
12 Anti-clickjacking Header release Passive
13 User Agent Fuzzer release Active
14 Cookie without SameSite Attribute release Passive
15 Modern Web Application release Passive
16 Loosely Scoped Cookie release Passive
17 CSP release Passive
18 Cookie No HttpOnly Flag release Passive
19 Sub Resource Integrity Attribute Missing beta Passive
20 Anti-CSRF Tokens Check beta Active