P2 · MediumSecurity
Cookie missing HttpOnly
Cookie accessible to JavaScript
Code: cookie_missing_httponly
Why it matters
Cookie accessible to JavaScript. Browsers and users expect sites to be secure. Missing protections expose visitors to data theft, phishing, and loss of trust.
How to fix
Add HttpOnly flag to cookies
httpSet-Cookie: session=value; Secure; HttpOnly; SameSite=Strict; Path=/Related checks in Security
Run a free scan to check your site
Get a complete audit in under 2 minutes. No account required.
Start Free Scan