Skip to main content

CodeAnt AI home page

Support
Dashboard
Dashboard

Start Here

What is CodeAnt?
Join Community

Setup

Github
GitHub Enterprise
Bitbucket
Bitbucket Data Center

Pull Request Review

Scan center

Integrations

IDE

CLI

Setup
Commands
Git Hooks

Rule Reference

Infrastructure Security Database

Resources

Taint-cookie-http-false

Taint cookie http false

taint-cookie-http-false

HttpOnly cookie flag is explicitly disabled. This will cause cookies to be transmitted over unencrypted HTTP connections which can allow theft of confidential user data such as session tokens.
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-1004: Sensitive Cookie Without ‘HttpOnly’ Flag
OWASP:
- A05:2021 - Security Misconfiguration

Search cookie secure false ini config Taint cookie secure false

⌘I

twitter linkedin