[參考網站](https://stackoverflow.com/questions/42717210/samesite-cookie-in-java-application) ```java HttpServletResponse res = this.getServletResponse(); res.setHeader( "Set-Cookie", "key=value; HttpOnly; SameSite=strict" ); ``` 再次掃描完後就沒有弱點了。