Forum Discussion

Icon for Nimbostratus rank

Nimbostratus

Nov 30, 2017

adding httponly flag in rule breaks the website

When i apply a irule on https-VIP to add httponly flag for all cookies, the site stop working. Any idea ? i_rule : when HTTP_RESPONSE { foreach mycookie [HTTP::cookie names] { HTTP::cookie http...

application delivery

Icon for Altocumulus rank

Altocumulus

Nov 30, 2017

The

HttpOnly

flag on a cookie means that the cookie is not visible to any JavaScript which runs in the browser. If setting it breaks your site, then that cookie must be used by scripts on the page.

Further reading: OWASP, MDN.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

Bram - January 2026 Featured Member

DevCentral News

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

Community Articles

application delivery

container ingress services

F5 Architecture Track Sessions - AppWorld 2026

DevCentral News

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5