Get Started
- CodeAnt AI
- Control Center
- Pull Request Review
- IDE
- Compliance
- Anti-Patterns
- Code Governance
- Infrastructure Security Database
- Application Security Database
- Apex
- Bash
- C
- Clojure
- Cpp
- Csharp
- Dotnet-core
- Dotnet
- Jwt-dotnet
- Lang
- Audit
- Cookies
- Httponly-false
- Missing-httponly
- Missing-secure
- Secure-false
- Best practice
- Correctness
- Security
- Security
- Mongo
- Postgres
- Razor
- Dockerfile
- Elixir
- Fingerprints
- Generic
- Go
- Html
- Java
- Javascript
- Json
- Kotlin
- Ocaml
- Php
- Problem-based-packs
- Python
- Ruby
- Rust
- Scala
- Solidity
- Swift
- Terraform
- Typescript
- Yaml
Httponly-false
Httponly false
Detected a cookie where the HttpOnly
flag is either missing or disabled. The HttpOnly
cookie flag instructs the browser to forbid client-side JavaScript to read the cookie. If JavaScript interaction is required, you can ignore this finding. However, set the HttpOnly
flag to true
in all other cases.
Likelihood: LOW
Confidence: HIGH
CWE:
- CWE-1004: Sensitive Cookie Without ‘HttpOnly’ Flag
OWASP:
- A05:2021 - Security Misconfiguration