Missing secure options for cookie detected.
- Source: insecure_cookie.yml
To make sure cookies don't open your application up to exploits or unauthorized access, make sure to set security options appropriately.
secure values to
true to force cookies to only send over HTTPS.
- CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag
- CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
OWASP Top 10
Ready to take the next step? Join the Bearer Cloud waitlist.