- For this recipe, select Cookie without HttpOnly flag set under the Issues heading:
- Look at the Response tab of that message to validate the finding. We can clearly see the PHPSESSID cookie does not have the HttpOnly flag set. Therefore, we can change the severity from Low to High and the confidence level from Firm to Certain:
- Right-click the issue and change the severity to High by selecting Set severity | High:
- Right-click ...