Screenshots:
OCR Results:
! Cookie without HttpOnly flag set
Issue: Cookie without HttpOnly flag set
Severity: Low
Confidence: Firm
Host: http://www.bugheist.com
Issue detail
11 instances of this issue were identified. The following cookie was received:
0 cs rftoke n
Issue background
If the HttpOnly attribute is set on a cookie, then the cookie‘s value cannot be read
or set by client—side JavaScript. This measure makes certain client—side attacks,
such as cross—site scripting, slightly harder to exploit by preventing them from
trivially capturing the cookie‘s value via an injected script.