CodeAnt AI home pagelight logodark logo
  • Dashboard
  • Dashboard
  • Documentation
  • Demo Call with CEO
  • Blog
  • Slack
  • Get Started
    • CodeAnt AI
    • Setup
    • Control Center
    • Pull Request Review
    • IDE
    • Compliance
    • Anti-Patterns
    • Code Governance
    • Infrastructure Security Database
    • Application Security Database
      • Apex
      • Bash
      • C
      • Clojure
      • Cpp
      • Csharp
      • Dockerfile
      • Elixir
      • Fingerprints
      • Generic
      • Go
      • Html
      • Java
      • Javascript
      • Json
      • Kotlin
      • Ocaml
      • Php
        • Doctrine
        • Lang
          • Security
          • Security
            • Audit
            • Injection
            • Search-active-debug
            • Search-cookie-secure-false-ini-config
            • Taint-cookie-http-false
              • Taint cookie http false
            • Taint-cookie-secure-false
            • Taint-unsafe-echo-tag
            • Tainted-code-execution
            • Tainted-command-injection
            • Tainted-curl-injection
            • Tainted-path-traversal
            • Tainted-url-to-connection
            • Tainted-url-to-guzzle-client
            • Tainted-url-to-httpful
            • Tainted-user-input-in-php-script
            • Tainted-user-input-in-script
            • Xml-external-entities-unsafe-entity-loader
            • Xml-external-entities-unsafe-parser-flags
        • Laravel
        • Secrets
        • Symfony
        • Wordpress-plugins
      • Problem-based-packs
      • Python
      • Ruby
      • Rust
      • Scala
      • Solidity
      • Swift
      • Terraform
      • Typescript
      • Yaml
    Taint-cookie-http-false

    Taint cookie http false

    HttpOnly cookie flag is explicitly disabled. This will cause cookies to be transmitted over unencrypted HTTP connections which can allow theft of confidential user data such as session tokens.
    Likelihood: MEDIUM
    Confidence: MEDIUM
    CWE:
    - CWE-1004: Sensitive Cookie Without ‘HttpOnly’ Flag
    OWASP:
    - A05:2021 - Security Misconfiguration

    Search cookie secure false ini configTaint cookie secure false
    twitterlinkedin
    Powered by Mintlify
    Assistant
    Responses are generated using AI and may contain mistakes.