HTTPOnly "attribute and secure "attribute

Question

Hello everyone&nbsp;
The report of my scan shows us the following errors:
- "The cookie does not contain the" HTTPOnly "attribute."
- "The cookie does not contain the" secure "attribute."
I added the following irula that works very well:
when HTTP_RESPONSE {
foreach mycookie [HTTP :: cookie names] {
HTTP :: cookie secure $ mycookie enable
}
}&nbsp;
But when I try to write the script secure cookie + httponly:
when HTTP_RESPONSE {
foreach mycookie [HTTP :: cookie names] {
HTTP :: cookie secure $ mycookie enable
HTTP :: httponly cookie $ mycookie enable
}
}&nbsp;
I have an error, can you help me?&nbsp;

lee_sutcliffe · Answer

Hi, looks to be a typo, try this:
HTTP_RESPONSE { 
    foreach mycookie [HTTP::cookie names] { 
        HTTP::cookie secure $mycookie enable 
        HTTP::cookie httponly $mycookie enable 
        } 
}

srini_87152 · Answer

if you running 12.x version,default you have option enable these on cookie level.&nbsp;
Thx
Srini&nbsp;

Forum Discussion

HTTPOnly "attribute and secure "attribute

2 Replies

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

TLS handshake failure from BIG-IP to backend – Fatal Alert: Decode Error (Server SSL)

Failing over Virtual F5 VE to DR location using Zerto

Failing over of a Virtual F5 configuration to another location using Zerto restore process

F5 Networks F5CAB1 Exam - Need Help Regarding Prep

Username is not filled in EdgeClient in the Modern customization

Related Content

How to use rest api to get the "Availability" attribute value of virtual server member without knowing its pool name

Session Cookie Does Not Contain the "Secure" Attribute

Insert "samesite = none" attribute in an existing iRule

Cookie Does Not Contain The "secure" Attribute on ltm vip

The cookie does not contain the "HTTPOnly" attribute.

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS