TWA 0805

TWA-0805

Message

cookie '${cookie_name}' has missing or empty 'SameSite' flag

In the message output the variable ${cookie_name} is replaced by the name of the cookie.

Explanation

A cookie was found in the HTTP response that has no SameSite attribute or the value of the SameSite attribute is empty.

The SameSite attribute defines in which HTTP requests the cookie should be sent from the web browser to the server. A restriction to a first-party context (value Strict) reduces the receiver of the cookie.

The web browser will handle a cookie without a SameSite attribute like a cookie with SameSite=Lax setting. A cookie with Lax setting will be sent in a third-party context also.

Remediation

Set the SameSite attribute on the cookie in your web application.

Set the value of the SameSite attribute to Strict in your web application, if the web application can work with this setting. Use the lax setting only if your web application needs the cookie in a third-party context.

See

Home
Codes
TWA-00YY
- TWA-0001
TWA-01YY
TWA-02YY
- TWA-0201
- TWA-0202
- TWA-0203
- TWA-0204
- TWA-0205
- TWA-0206
- TWA-0207
- TWA-0208
- TWA-0209
- TWA-0210
- TWA-0211
- TWA-0212
- TWA-0213
- TWA-0214
- TWA-0215
- TWA-0216
- TWA-0217
- TWA-0218
- TWA-0219
- TWA-0220
- TWA-0221
- TWA-0222
- TWA-0223
- TWA-0224
- TWA-0225
- TWA-0226
- TWA-0227
- TWA-0228
- TWA-0229
- TWA-0230
TWA-03YY
TWA-04YY
- TWA-0401
- TWA-0402
- TWA-0403
- TWA-0404
- TWA-0405
- TWA-0406
- TWA-0407
- TWA-0408
- TWA-0409
- TWA-0410
TWA-05YY
- TWA-0501
- TWA-0502
- TWA-0503
- TWA-0504
TWA-06YY
- TWA-0601
- TWA-0602
- TWA-0603
- TWA-0604
TWA-07YY
- TWA-0701
TWA-08YY
- TWA-0801
- TWA-0802
- TWA-0803
- TWA-0804
- TWA-0805
- TWA-0806
- TWA-0807
- TWA-0808
- TWA-0809
- TWA-0810
TWA-09YY
- TWA-0901

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

TWA 0805

TWA-0805

Message

Explanation

Remediation

See

Clone this wiki locally