NO SAME SITE COOKIE

Feature Value
Type Detection / Protection
Risk Other
Covered by Agent

SameSite prevents the browser from sending this cookie along with cross-site requests. The main goal is to mitigate the risk of cross-origin information leakage. It also provides some protection against cross-site request forgery attacks. Possible values for the flag are lax or strict.
The strict value will prevent the cookie from being sent by the browser to the target site in all cross-site browsing context, even when following a regular link. For example, for a GitHub-like website this would mean that if a logged-in user follows a link to a private GitHub project posted on a corporate discussion forum or email, GitHub will not receive the session cookie and the user will not be able to access the project.

More information

How to solve it

If possible, activate sameSite flag and set it to Strict. It can only be done using addHeader()

response.addHeader("Set-Cookie", "foo=bar; SameSite=Strict");