Forum Discussion

Nimbostratus

Nov 29, 2017

cookie & requestVerificationToken is set without the HttpOnly Cookie parameter

Pen test finding below: How to set cookie & requestVerificationToken with the HttpOnly Cookie parameter on LTM running on 11.6 Risk : When a cross-site scripting vulnerability is present, an at...

application delivery

LTM

Chris_Grant

Employee

Nov 29, 2017

If you're not running ASM, you may need to look to your application, but if you're running ASM, we can help pretty easily: https://support.f5.com/csp/article/K11930

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

cookie & requestVerificationToken is set without the HttpOnly Cookie parameter

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

Changes to DO and AS3 GitHub - no longer monitored

[ASM] : SQL-INJ "end-quote UNION" - How to allow this signature to specific url/uri/parameter only

[ASM] - How to disable the SQL injection attack signatures

[ASM] : "Request length exceeds defined buffer size " - How to increase the limit ?

Help with SSH Virtual Server

Related Content

Brute Force protection for single parameter like OTP

Wildcard Parameter signature attack

Parameter Value - Regular Expression

AWAF Path Parameters with OPENAPI json file

How to add Httponly and Secure attributes to HTTP cookies (for 11.5.x)

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS