A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript.
A cookie has been set without the HttpOnly flag, which means that the cookie can be accessed by JavaScript. If a malicious script can be run on this page then the cookie will be accessible and can be transmitted to another site. If this is a session cookie then session hijacking may be possible.
Low
Ensure that the HttpOnly flag is set for all cookies.
We make your startup secure and compliant by implementing and managing the security controls your customers require.