missing-httponly
missing-httponly
Detected a cookie where the
Likelihood: LOW
Confidence: HIGH
CWE:
- CWE-1004: Sensitive Cookie Without ‘HttpOnly’ Flag
OWASP:
- A05:2021 - Security Misconfiguration
HttpOnly flag is either missing or disabled. The HttpOnly cookie flag instructs the browser to forbid client-side JavaScript to read the cookie. If JavaScript interaction is required, you can ignore this finding. However, set the HttpOnly flag to true in all other cases.Likelihood: LOW
Confidence: HIGH
CWE:
- CWE-1004: Sensitive Cookie Without ‘HttpOnly’ Flag
OWASP:
- A05:2021 - Security Misconfiguration