Vulnerabilities/

Cookie without Secure Flag

Impact: Low

Description

The Secure cookie flag prevents the browser from sending the cookie over an unencrypted connection. A cookie with a Secure flag is sent to the server only with an encrypted request over the HTTPS protocol. Therefore it can’t easily be accessed by a man-in-the-middle attacker.

Recommendation

Set Secure flag for the cookie.

References

Last updated on February 15, 2021

Use SmartScanner Free version to test for this issue

Download