False positives are where ZAP raises alerts for things that are not really vulnerabilities. You should make sure that you understand the potential vulnerability being reported and manually test it before concluding that it is not a real vulnerability. Please report any false positives that you identify supplying as much information as you can, while obfuscating any sensitive information. New issues should just cover one scan rule and should include enough information for us to reproduce the p...
