False positives are where ZAP raises alerts for things that are not really vulnerabilities. You should make sure that you understand the potential vulnerability being reported and manually test it before concluding that it is not a real vulnerability. Please report any false positives that you identify supplying as much information as you can, while obfuscating any sensitive information. New issues should just cover one scan rule and should include enough information for us to reproduce the p...| Frequently Asked Questions on ZAP
We are planning to add telemetry to ZAP - data that will tell us more about how ZAP is being used. This blog post explains why we are planning on doing this, what data we plan to collect, what data we will definitely not collect, the benefits you can expect, and how you will be able to opt out of it.| ZAP