For my web application, the login REST API will set new cookie named "csrfToken" in response header. And all subsequent REST API calls must add "csrfToken" in request header. How can I achieve this in ZAP? Must I use script?
I've checked Anti-CSRF Tokens add on, but only form param tokens are supported. Seemed it will not help in my case.