One or more cookies missing SameSite attribute

The SameSite attribute on a cookie controls whether that cookie is sent along when a visitor arrives at your site from another site. Without it, browsers apply a default rule, but explicit declaration is considered best practice for protecting against a type of attack called CSRF (Cross-Site Request Forgery). CSRF attacks trick a logged-in visitor into unknowingly submitting a form or taking an action on your site from a malicious external page. Explicitly setting SameSite=Strict or SameSite=Lax on your cookies closes this pathway. Ask your developer to add SameSite=Lax (or SameSite=Strict for sensitive cookies) to all cookies your site sets. This is a one-line change per cookie in your server configuration or application code.