1
 min read

Cookie No HttpOnly Flag

A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript.

Summary

A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.

Risk

Low

Solution

Ensure that the HttpOnly flag is set for all cookies.

References

Scan and protect your web application from hackers

Run our automated penetration testing and vulnerability assessment to protect your web application from hackers.

Thank you for registering
Oops! Something went wrong.