Description

One or more cookies don't have the HttpOnly flag set. When a cookie is set with the HttpOnly flag, it instructs the browser that the cookie can only be accessed by the server and not by client-side scripts. This is an important security protection for session cookies.

Remediation

If possible, you should set the HttpOnly flag for these cookies.

Related Vulnerabilities

Cookies Not Marked as Secure

GraphQL Non-JSON Queries over POST: Potential CSRF Vulnerability

Redis Unauthorized Access Vulnerability

PHP enable_dl enabled

Consul API publicly exposed

Severity

Low

Classification

CWE-1004 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration