cors-reflected-credsSekrd runs this check automatically on every scan that covers web application surface. Findings link back to this page so reviewers can validate the rule against the cited standards.
Disagree with how this rule fires on your site? Open a dispute from the finding card in your scan report — we review every ticket.