Cookie No HttpOnly Flag

Type: Passive Scan

Description

A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.

Solution

Ensure that the HttpOnly flag is set for all cookies.

References

Code

Last updated: 2020-04-30 16:12:39.623Z