Forum Discussion
AshuA_246482
Nov 29, 2017Nimbostratus
Another finding : cookie & requestVerificationToken is set without the HttpOnly Cookie parameter
question : How to set cookie & requestVerificationToken with the HttpOnly Cookie parameter on LTM running on 11.6 Risk : When a cross-site scripting vulnerability is present, an attacker may unnecessarily be able to retrieve sensitive information from cookies. Recommendation: Supply the HttpOnly cookie parameter when the server sets a cookie through Set-Cookie.