Missing secure options for cookie detected.
- Source: insecure_cookie.yml
To make sure cookies don't open your application up to exploits or unauthorized access, make sure to set security options appropriately.
secure values to
true to force cookies to only send over HTTPS.
- CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag
- CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
OWASP Top 10
To skip this rule during a scan, use the following flag
To run only this rule during a scan, use the following flag
Ready to take the next step? Learn more about Bearer Cloud.