1
 min read

Cookie Without Secure Flag

A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.

Summary

A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.

Risk

Low

Solution

Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted channel. Ensure that the secure flag is set for cookies containing such sensitive information.

References

Scan and protect your web application from hackers

Run our automated penetration testing and vulnerability assessment to protect your web application from hackers.

Thank you for registering
Oops! Something went wrong.