A cookie was detected without setting the ‘HttpOnly’ flag. The ‘HttpOnly’ flag for cookies instructs the browser to forbid client-side scripts from reading the cookie. Set the ‘HttpOnly’ flag by calling ‘cookie.setHttpOnly(true);‘ Likelihood: LOW Confidence: HIGH CWE: - CWE-1004: Sensitive Cookie Without ‘HttpOnly’ Flag
OWASP: - A05:2021 - Security Misconfiguration