Forum Discussion

Nimbostratus

Oct 29, 2012

Sensitive Cookie Missing 'HTTPONLY' Attribute

We were recently dingged by an audit scan for "Sensitive Cookie Missing 'HTTPONLY' Attribute" not being set on several of our websites, which pretty much is spread accross several different VS in the...

Nimbostratus

Nov 02, 2012

Thanks!! I did find that the audit was running the scan against the URL so it caused it to return a 302 redirect response

and the redirect response was where the HTTPOnly attribrute was missing from. With the addition of the if/else clause this resloved the problem.

Thanks again,

Bob

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Sensitive Cookie Missing 'HTTPONLY' Attribute

Recent Discussions

ports are showing open on online scanning tool

self-directed requests fail because of no certificate

Decode ObjectSID from Base64-encode string

iRule - Url rewrite and header replace and pool selection not working

ip x-forwarding

Related Content

Mitigate OWASP LLM Security Risk: Sensitive Information Disclosure Using F5 NGINX App Protect

Deploy High-Availability and Latency-sensitive workloads with F5 Distributed Cloud

How to add Httponly and Secure attributes to HTTP cookies (for 11.5.x)

Lightboard Lessons: HTTP Cookie SameSite Attribute

Add SameSite attribute to APM Cookies

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS