1
 min read

Cookie Without Secure Flag

A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.

Summary

A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.

Risk

Low

Solution

Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted channel. Ensure that the secure flag is set for cookies containing such sensitive information.

References

Secure Your Startup. Today.

We make your startup secure and compliant by implementing and managing the security controls your customers require.

Get Started