Secure Flag Not Set


The application uses a cookie that is set without the Secure flag. The Secure flag is a cookie attribute that instructs browsers to not send the cookie over an insecure channel like HTTP. The Secure flag, which is accepted by all modern browsers, was officially defined in RFC 6265, which is the modern day standard for state management.

Custom Description


Risk Rating


How To Test

Sample Report Screenshots

Time Saving Tips

Testing Gotchas



Subscribe here in order to gain access to the AppSec Findings Database


Leave a Reply