πŸš€ Join our AI Wargame at Black Hat Asia and our Workshop + Wargame at NDC Sydney .

Improper Cookie SameSite Attribute

Cookie SameSite attribute restricts how cookies are sent to cross-domain requests. This is an effective measure against Cross Site Request Forgery (CSRF) attacks.

Remediation

Set SameSite=Strict for session cookies.

Metadata

  • Severity: informational
  • Slug: improper-cookie-samesite-attribute

CWEs

  • 1275: Sensitive Cookie with Improper SameSite Attribute
  • 352: Cross-Site Request Forgery (CSRF)

OWASP

  • A01:2021: Broken Access Control

Available Labs

Select a language to explore available labs for this vulnerability.

Try it yourself

Find, Hack and Fix Your First Vulnerability

Reading about security bugs is one thing β€” fixing one is how the skill sticks. Play a free challenge from the wargame, no setup required.