Update alert pages

site/content/docs/alerts/90005-1.md

@@ -0,0 +1,20 @@
+---
+title: "Sec-Fetch-Site Header is Missing"
+alertid: 90005-1
+alertindex: 9000501
+alerttype: "Passive"
+alertcount: 8
+status: alpha
+type: alert
+risk: Informational
+solution: "Ensure that Sec-Fetch-Site header is included in request headers."
+references:
+   - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Site
+cwe: 352
+wasc: 9
+alerttags: 
+  - WSTG-v42-SESS-05
+code: https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrulesAlpha/src/main/java/org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java
+linktext: "org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java"
+---
+Specifies the relationship between request initiator's origin and target's origin.

site/content/docs/alerts/90005-2.md

@@ -0,0 +1,20 @@
+---
+title: "Sec-Fetch-Mode Header is Missing"
+alertid: 90005-2
+alertindex: 9000502
+alerttype: "Passive"
+alertcount: 8
+status: alpha
+type: alert
+risk: Informational
+solution: "Ensure that Sec-Fetch-Mode header is included in request headers."
+references:
+   - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Mode
+cwe: 352
+wasc: 9
+alerttags: 
+  - WSTG-v42-SESS-05
+code: https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrulesAlpha/src/main/java/org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java
+linktext: "org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java"
+---
+Allows to differentiate between requests for navigating between HTML pages and requests for loading resources like images, audio etc.

site/content/docs/alerts/90005-3.md

@@ -0,0 +1,20 @@
+---
+title: "Sec-Fetch-Dest Header is Missing"
+alertid: 90005-3
+alertindex: 9000503
+alerttype: "Passive"
+alertcount: 8
+status: alpha
+type: alert
+risk: Informational
+solution: "Ensure that Sec-Fetch-Dest header is included in request headers."
+references:
+   - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Dest
+cwe: 352
+wasc: 9
+alerttags: 
+  - WSTG-v42-SESS-05
+code: https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrulesAlpha/src/main/java/org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java
+linktext: "org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java"
+---
+Specifies how and where the data would be used. For instance, if the value is audio, then the requested resource must be audio data and not any other type of resource.

site/content/docs/alerts/90005-4.md

@@ -0,0 +1,20 @@
+---
+title: "Sec-Fetch-User Header is Missing"
+alertid: 90005-4
+alertindex: 9000504
+alerttype: "Passive"
+alertcount: 8
+status: alpha
+type: alert
+risk: Informational
+solution: "Ensure that Sec-Fetch-User header is included in user initiated requests."
+references:
+   - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-User
+cwe: 352
+wasc: 9
+alerttags: 
+  - WSTG-v42-SESS-05
+code: https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrulesAlpha/src/main/java/org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java
+linktext: "org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java"
+---
+Specifies if a navigation request was initiated by a user.

site/content/docs/alerts/90005-5.md

@@ -0,0 +1,20 @@
+---
+title: "Sec-Fetch-Site Header Has an Invalid Value"
+alertid: 90005-5
+alertindex: 9000505
+alerttype: "Passive"
+alertcount: 8
+status: alpha
+type: alert
+risk: Informational
+solution: "Sec-Fetch-Site header must have one of the following values: same-origin, same-site, cross-origin, or none."
+references:
+   - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Site
+cwe: 352
+wasc: 9
+alerttags: 
+  - WSTG-v42-SESS-05
+code: https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrulesAlpha/src/main/java/org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java
+linktext: "org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java"
+---
+Specifies the relationship between request initiator's origin and target's origin.

site/content/docs/alerts/90005-6.md

@@ -0,0 +1,20 @@
+---
+title: "Sec-Fetch-Mode Header Has an Invalid Value"
+alertid: 90005-6
+alertindex: 9000506
+alerttype: "Passive"
+alertcount: 8
+status: alpha
+type: alert
+risk: Informational
+solution: "Sec-Fetch-Mode header must have one of the following values: cors, no-cors, navigate, same-origin, or websocket."
+references:
+   - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Mode
+cwe: 352
+wasc: 9
+alerttags: 
+  - WSTG-v42-SESS-05
+code: https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrulesAlpha/src/main/java/org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java
+linktext: "org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java"
+---
+Allows to differentiate between requests for navigating between HTML pages and requests for loading resources like images, audio etc.

site/content/docs/alerts/90005-7.md

@@ -0,0 +1,20 @@
+---
+title: "Sec-Fetch-Dest Header Has an Invalid Value"
+alertid: 90005-7
+alertindex: 9000507
+alerttype: "Passive"
+alertcount: 8
+status: alpha
+type: alert
+risk: Informational
+solution: "Sec-Fetch-Dest header must have one of the following values: audio, audioworklet, document, embed, empty, font, frame, iframe, image, manifest, object, paintworklet, report, script, serviceworker, sharedworker, style, track, video, worker, xslt."
+references:
+   - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Dest
+cwe: 352
+wasc: 9
+alerttags: 
+  - WSTG-v42-SESS-05
+code: https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrulesAlpha/src/main/java/org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java
+linktext: "org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java"
+---
+Specifies how and where the data would be used. For instance, if the value is audio, then the requested resource must be audio data and not any other type of resource.

site/content/docs/alerts/90005-8.md

@@ -0,0 +1,20 @@
+---
+title: "Sec-Fetch-User Header Has an Invalid Value"
+alertid: 90005-8
+alertindex: 9000508
+alerttype: "Passive"
+alertcount: 8
+status: alpha
+type: alert
+risk: Informational
+solution: "Sec-Fetch-User header must have the value set to ?1."
+references:
+   - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-User
+cwe: 352
+wasc: 9
+alerttags: 
+  - WSTG-v42-SESS-05
+code: https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrulesAlpha/src/main/java/org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java
+linktext: "org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java"
+---
+Specifies if a navigation request was initiated by a user.

site/content/docs/alerts/90005.md

@@ -0,0 +1,35 @@
+---
+title: "Fetch Metadata Request Headers"
+alertid: 90005
+alertindex: 9000500
+alerttype: "Passive"
+status: alpha
+type: alertset
+alerts:
+   90005-1:
+      alertid: 90005-1
+      name: "Sec-Fetch-Site Header is Missing"
+   90005-2:
+      alertid: 90005-2
+      name: "Sec-Fetch-Mode Header is Missing"
+   90005-3:
+      alertid: 90005-3
+      name: "Sec-Fetch-Dest Header is Missing"
+   90005-4:
+      alertid: 90005-4
+      name: "Sec-Fetch-User Header is Missing"
+   90005-5:
+      alertid: 90005-5
+      name: "Sec-Fetch-Site Header Has an Invalid Value"
+   90005-6:
+      alertid: 90005-6
+      name: "Sec-Fetch-Mode Header Has an Invalid Value"
+   90005-7:
+      alertid: 90005-7
+      name: "Sec-Fetch-Dest Header Has an Invalid Value"
+   90005-8:
+      alertid: 90005-8
+      name: "Sec-Fetch-User Header Has an Invalid Value"
+code: https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrulesAlpha/src/main/java/org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java
+linktext: "org/zaproxy/zap/extension/pscanrulesAlpha/FetchMetadataRequestHeadersScanRule.java"
+---