One or more cookies does have the Secure flag set, but it was set over an insecure connection. Although the Secure flag is an important security protection for session cookies, setting it over an insecure connection will prevent clients from sending the cookie back to the server. This is not a vulnerability, but an inconsistent configuration. As such, it does not have a direct impact on the security of the application, but may well affect its functionality.


Make the target accessible through a secure connection. If that is not possible, ensure that the application does not depend on the cookies with the Secure flag.

Related Vulnerabilities