Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,408 questions
Web App 'HttpOnly' Cookie issue
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 9%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3E6%3C/text%3E%3C/svg%3E)
65952481
0
Reputation points
I scanned the linux web app using openvas scanner and found the Missing 'HttpOnly' Cookie Attribute (HTTP) vulnerability. How can I fix it?
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 70%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMC%3C/text%3E%3C/svg%3E)
Michael Cameron 587 Reputation points2024-05-27T15:19:05.81+00:00 You can set this on the App Gateway. If you are using an App Gateway with this set then some scans miss this (I can't recall the underlying reason but it was a problem with the scan not the security)
Not sure if that helps or not
Sign in to comment