Help Center> Web Application Firewall> FAQs> Protection Rule Configuration> Others> What Do I Do If a Scanner, such as AppScan, Detects that the Cookie Is Missing Secure or HttpOnly?
Updated on 2022-10-09 GMT+08:00

What Do I Do If a Scanner, such as AppScan, Detects that the Cookie Is Missing Secure or HttpOnly?

Cookies are inserted by back-end web servers and can be implemented through framework configuration or set-cookie. Secure and HttpOnly in cookies help defend against attacks, such as XSS attacks to obtain cookies, and help defend against cookie hijacking.

If the AppScan scanner detects that the customer site does not insert security configuration fields, such as HttpOnly and Secure, into the cookie of the scan request after scanning the website, it records them as security threats.

WAF does not provide such compliance functions. The website administrator needs to perform related security configuration at the backend.

Others FAQs

more