Open lenazun opened 6 years ago
From Starchy:
I spotted some sites that aren't setting the Secure flag on their cookies, mostly session cookies. This isn't a huge problems since we're setting HSTS and redirecting HTTP to HTTPS, but it's a best practice we should implement when possible.
checkyourreps.org Set-Cookie: _check_your_reps_session=foo; path=/; HttpOnly
From Starchy:
I spotted some sites that aren't setting the Secure flag on their cookies, mostly session cookies. This isn't a huge problems since we're setting HSTS and redirecting HTTP to HTTPS, but it's a best practice we should implement when possible.
checkyourreps.org Set-Cookie: _check_your_reps_session=foo; path=/; HttpOnly