This article is a part of our Web Security Knowledge Base (back to index)
Why “Cookie No HttpOnly Flag” can be dangerous
How to fix “Cookie No HttpOnly Flag”
Make sure that your application always adds HttpOnly whenever it creates a cookie.
How does ScanRepeat report “Cookie No HttpOnly Flag”
ScanRepeat reports the list of urls which contain Set-Cookie response header without HttpOnly flag along with a description of the problem and a possible solution.
Would you like to test your application now against this problem? Sign up for our free trialScan Your Web App Now